def test_keybaseca_sign(self, test_config): # Stdout contains a useful message with open("/shared/keybaseca-sign.out") as f: assert "Provisioned new certificate" in f.read() # SSH with that certificate should just work for every team assert_contains_hash( test_config.expected_hash, run_command( f"ssh -q -o StrictHostKeyChecking=no -i " f"/shared/userkey user@sshd-prod 'sha1sum /etc/unique'"), ) assert_contains_hash( test_config.expected_hash, run_command( f"ssh -q -o StrictHostKeyChecking=no -i " f"/shared/userkey root@sshd-prod 'sha1sum /etc/unique'"), ) assert_contains_hash( test_config.expected_hash, run_command( f"ssh -q -o StrictHostKeyChecking=no -i " f"/shared/userkey user@sshd-staging 'sha1sum /etc/unique'"), ) assert_contains_hash( test_config.expected_hash, run_command( f"ssh -q -o StrictHostKeyChecking=no -i " f"/shared/userkey root@sshd-prod 'sha1sum /etc/unique'"), ) # Checking that it actually contains the correct principals assert get_principals("/shared/userkey-cert.pub") == set( test_config.subteams)
def tearDown(self): self.rods_session.assert_icommand( 'icd') # for home directory assumption self.rods_session.assert_icommand( ['ichmod', '-r', 'own', self.rods_session.username, '.']) self.rods_session.run_icommand([ 'imcoll', '-U', self.rods_session.home_collection + '/test/phypathreg' ]) self.rods_session.run_icommand( 'irm -rf test ruletest forphymv sub1 sub2 sub3 bagit rules bagit.tar /' + self.rods_session.zone_name + '/bundle/home/' + self.rods_session.username) self.rods_session.assert_icommand('iadmin rmresc testallrulesResc') self.rods_session.assert_icommand('iadmin rmuser devtestuser') self.rods_session.assert_icommand( 'iqdel -a') # remove all/any queued rules # cleanup mods in iRODS config dir lib.run_command('mv -f {0}/core.re.bckp {0}/core.re'.format( self.conf_dir, self.conf_dir)) lib.run_command('rm -f %s/*.test.re' % self.conf_dir) self.rods_session.__exit__() super(Test_AllRules, self).tearDown()
def test_kssh_spoofed_config(self, test_config): # Test that even when kssh is forced to run by a spoofed config, the CA bot ignores messages that are in the # wrong channel with outputs_audit_log(test_config, filename="/shared/ca.log", expected_number=0): client_config = json.dumps({ 'teamname': f"{test_config.subteam}.ssh", "channelname": "", "botname": test_config.bot_username }) run_command( f"echo '{client_config}' | keybase fs write /keybase/team/{test_config.subteam}.ssh/kssh-client.config" ) for s in [ 'user@sshd-staging', 'root@sshd-staging', 'user@sshd-prod', 'root@sshd-prod' ]: try: run_command_with_agent( f"""bin/kssh -q -o StrictHostKeyChecking=no {s} "sha1sum /etc/unique" """ ) assert False except subprocess.CalledProcessError as e: assert b"Failed to get a signed key from the CA: timed out while waiting for a response from the CA" in e.output
def test_configuration_schema_validation_from_file(self): schemas_git_dir = tempfile.mkdtemp(prefix='irods-test_configuration_schema_validation_from_file-git') with lib.directory_deleter(schemas_git_dir): schemas_repo = 'https://github.com/irods/irods_schema_configuration' lib.run_command(['git', 'clone', schemas_repo, schemas_git_dir]) schemas_branch = 'v3' lib.run_command(['git', 'checkout', schemas_branch], cwd=schemas_git_dir) schemas_deploy_dir = tempfile.mkdtemp(prefix='irods-test_configuration_schema_validation_from_file-schemas') with lib.directory_deleter(schemas_deploy_dir): lib.assert_command(['python', os.path.join(schemas_git_dir, 'deploy_schemas_locally.py'), '--output_directory_base', schemas_deploy_dir]) with lib.file_backed_up(os.path.join(lib.get_irods_config_dir(), 'server_config.json')) as server_config_filename: with open(server_config_filename) as f: server_config = json.load(f) server_config['schema_validation_base_uri'] = 'file://' + schemas_deploy_dir lib.update_json_file_from_dict(server_config_filename, server_config) irodsctl_fullpath = os.path.join(lib.get_irods_top_level_dir(), 'iRODS', 'irodsctl') if lib.is_jsonschema_installed(): expected_lines = ['Validating [{0}]... Success'.format(os.path.expanduser('~/.irods/irods_environment.json')), 'Validating [{0}/server_config.json]... Success'.format(lib.get_irods_config_dir()), 'Validating [{0}/VERSION.json]... Success'.format(lib.get_irods_top_level_dir()), 'Validating [{0}/hosts_config.json]... Success'.format(lib.get_irods_config_dir()), 'Validating [{0}/host_access_control_config.json]... Success'.format(lib.get_irods_config_dir())] if not configuration.TOPOLOGY_FROM_RESOURCE_SERVER: expected_lines.append('Validating [{0}/database_config.json]... Success'.format(lib.get_irods_config_dir())) lib.assert_command([irodsctl_fullpath, 'restart'], 'STDOUT_MULTILINE', expected_lines) else: lib.assert_command([irodsctl_fullpath, 'restart'], 'STDERR_SINGLELINE', 'jsonschema not installed', desired_rc=0)
def test_ping_pong_command(self, test_config): run_command(f"keybase chat send --channel ssh-provision \ {test_config.subteam}.ssh 'ping @{test_config.bot_username}'") time.sleep(5) recent_messages = run_command(f"keybase chat list-unread --since 1m") assert (b"pong @%s" % test_config.username.encode("utf-8")) in recent_messages
def pytest_sessionfinish(session, exitstatus): # Automatically run after all tests in order to ensure that no kssh-client config files stick around tc = TestConfig.getDefaultTestConfig() run_command(f"keybase fs rm /keybase/team/{tc.subteam}.ssh/kssh-client.config || true" ) run_command(f"keybase fs rm /keybase/team/{tc.subteam}.ssh.staging/kssh-client.config || true" ) run_command(f"keybase fs rm /keybase/team/{tc.subteam}.ssh.prod/kssh-client.config || true" ) run_command(f"keybase fs rm /keybase/team/{tc.subteam}.ssh.root_everywhere/kssh-client.config || true" ) run_command(f"keybase fs rm /keybase/team/{tc.subteam_secondary}/kssh-client.config || true" )
def test_kssh_alternate_binary(self, test_config): # Test it by creating another keybase binary earlier in the path and running kssh. This isn't a perfect test but it is # enough to smoketest it run_command("echo '#!/bin/bash' | sudo tee /usr/local/bin/keybase") run_command("sudo chmod +x /usr/local/bin/keybase") try: run_command("bin/kssh --set-keybase-binary /usr/bin/keybase") assert_contains_hash(test_config.expected_hash, run_command_with_agent("bin/kssh -q -o StrictHostKeyChecking=no user@sshd-staging 'sha1sum /etc/unique'")) run_command("bin/kssh --set-keybase-binary ''") finally: run_command("sudo rm /usr/local/bin/keybase")
def test_configuration_schema_validation_from_file(self): schemas_git_dir = tempfile.mkdtemp( prefix='irods-test_configuration_schema_validation_from_file-git') with lib.directory_deleter(schemas_git_dir): schemas_repo = 'https://github.com/irods/irods_schema_configuration' lib.run_command(['git', 'clone', schemas_repo, schemas_git_dir]) schemas_branch = 'v3' lib.run_command(['git', 'checkout', schemas_branch], cwd=schemas_git_dir) schemas_deploy_dir = tempfile.mkdtemp( prefix= 'irods-test_configuration_schema_validation_from_file-schemas') with lib.directory_deleter(schemas_deploy_dir): lib.assert_command([ 'python', os.path.join(schemas_git_dir, 'deploy_schemas_locally.py'), '--output_directory_base', schemas_deploy_dir ]) with lib.file_backed_up( os.path.join( lib.get_irods_config_dir(), 'server_config.json')) as server_config_filename: with open(server_config_filename) as f: server_config = json.load(f) server_config[ 'schema_validation_base_uri'] = 'file://' + schemas_deploy_dir lib.update_json_file_from_dict(server_config_filename, server_config) irodsctl_fullpath = os.path.join( lib.get_irods_top_level_dir(), 'iRODS', 'irodsctl') if lib.is_jsonschema_installed(): expected_lines = [ 'Validating [/var/lib/irods/.irods/irods_environment.json]... Success', 'Validating [/etc/irods/server_config.json]... Success', 'Validating [/var/lib/irods/VERSION.json]... Success', 'Validating [/etc/irods/hosts_config.json]... Success', 'Validating [/etc/irods/host_access_control_config.json]... Success' ] if not configuration.TOPOLOGY_FROM_RESOURCE_SERVER: expected_lines.append( 'Validating [/etc/irods/database_config.json]... Success' ) lib.assert_command([irodsctl_fullpath, 'restart'], 'STDOUT_MULTILINE', expected_lines) else: lib.assert_command([irodsctl_fullpath, 'restart'], 'STDERR_SINGLELINE', 'jsonschema not installed', desired_rc=0)
def test_ssl_iput_with_rods_env(self): lib.run_command('openssl genrsa -out server.key') lib.run_command('openssl req -batch -new -key server.key -out server.csr') lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365') lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json') with lib.file_backed_up(service_account_environment_file_path): server_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), } lib.update_json_file_from_dict(service_account_environment_file_path, server_update) client_update = { 'irods_client_server_policy': 'CS_NEG_REQUIRE', 'irods_ssl_verify_server': 'none', } session_env_backup = copy.deepcopy(self.admin.environment_file_contents) self.admin.environment_file_contents.update(client_update) filename = 'encryptedfile.txt' filepath = lib.create_local_testfile(filename) self.admin.assert_icommand(['iinit', self.admin.password]) self.admin.assert_icommand(['iput', filename]) self.admin.assert_icommand(['ils', '-L', filename], 'STDOUT', filename) self.admin.environment_file_contents = session_env_backup for f in ['server.key', 'server.csr', 'chain.pem', 'dhparams.pem']: os.unlink(f) lib.restart_irods_server()
def tearDown(self): self.rods_session.assert_icommand('icd') # for home directory assumption self.rods_session.assert_icommand(['ichmod', '-r', 'own', self.rods_session.username, '.']) self.rods_session.run_icommand(['imcoll', '-U', self.rods_session.home_collection + '/test/phypathreg']) self.rods_session.run_icommand('irm -rf test ruletest forphymv sub1 sub2 sub3 bagit rules bagit.tar /' + self.rods_session.zone_name + '/bundle/home/' + self.rods_session.username) self.rods_session.assert_icommand('iadmin rmresc testallrulesResc') self.rods_session.assert_icommand('iadmin rmuser devtestuser') self.rods_session.assert_icommand('iqdel -a') # remove all/any queued rules # cleanup mods in iRODS config dir lib.run_command('mv -f {0}/core.re.bckp {0}/core.re'.format(self.conf_dir, self.conf_dir)) lib.run_command('rm -f %s/*.test.re' % self.conf_dir) self.rods_session.__exit__() super(Test_AllRules, self).tearDown()
def test_irodsFs_bonnie(self): bonnie_locations = [ '/usr/local/sbin/bonnie++', '/usr/local/bin/bonnie++', '/usr/sbin/bonnie++', '/usr/bin/bonnie++', ] for l in bonnie_locations: if os.path.isfile(l): bonnie = l break else: assert False, 'bonnie++ binary not found' rc, out, err = lib.run_command( [bonnie, '-r', '1', '-c', '2', '-n', '10', '-d', self.mount_point]) formatted_output = '\n'.join([ 'rc [{0}]'.format(rc), 'stdout:\n{0}'.format(out), 'stderr:\n{0}'.format(err) ]) assert rc == 0, formatted_output assert '-Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--' in out, formatted_output assert '-Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--' in out, formatted_output
def test_get_null_perms__2833(self): base_name = 'test_dir_for_perms' local_dir = os.path.join(self.testing_tmp_dir, base_name) local_files = lib.make_large_local_tmp_dir(local_dir, 30, 10) self.admin.assert_icommand(['iput', '-r', local_dir]) rods_files = lib.ils_output_to_entries(self.admin.run_icommand(['ils', base_name])[1]) test_dir = 'test_get_null_perms__2833_dir' self.admin.assert_icommand(['ichmod','-r','null',self.admin.username,base_name]) self.admin.assert_icommand(['ichmod','read',self.admin.username,base_name+'/'+rods_files[-1]]) self.admin.assert_icommand(['iget','-r',base_name,test_dir],'STDERR_SINGLELINE','CAT_NO_ACCESS_PERMISSION') assert os.path.isfile(os.path.join(test_dir,'junk0029')) self.admin.assert_icommand(['ichmod','-r','own',self.admin.username,base_name]) lib.run_command(['rm','-rf',test_dir])
def interrupt_icommand(self, fullcmd, filename, filesize): ''' Runs an icommand, but does not let it complete. This function terminates the icommand once filename reaches (>=) filesize in bytes. Asserts that the icommand was successfully terminated early. ''' filename = os.path.abspath(filename) parameters = shlex.split(fullcmd) print "\n" print "INTERRUPTING iCMD" print "running icommand: " + self.username + "[" + fullcmd + "]" print " filename set to: [" + filename + "]" print " filesize set to: [" + str(filesize) + "] bytes" lib.write_to_log('server', ' --- interrupt icommand [{0}] --- \n'.format(fullcmd)) env = os.environ.copy() env['IRODS_ENVIRONMENT_FILE'] = self._environment_file_path env['IRODS_AUTHENTICATION_FILE'] = self._authentication_file_path self._write_environment_file() timeout = 30 begin = time.time() granularity = 0.005 p = subprocess.Popen(parameters, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env) while time.time() - begin < timeout and (not os.path.exists(filename) or os.stat(filename).st_size < filesize): time.sleep(granularity) if (time.time() - begin) >= timeout: print lib.run_command(['ls', '-l', os.path.dirname(filename)])[1] out, err = p.communicate() print out, err print self.run_icommand(['ils', '-l'])[1] assert False elif p.poll() is None: p.terminate() else: assert False return 0
def test_izonereport_and_validate(self): # bad URL self.admin.assert_icommand("izonereport > out.txt", use_unsafe_shell=True) rc, out, err = lib.run_command('python ../../iRODS/scripts/python/validate_json.py out.txt https://example.org/badurl') print "izonereport stdout: "+out print "izonereport stderr: "+err assert "WARNING: Validation Failed" in err, err assert "ValueError: No JSON object could be decoded" in err, err assert rc == 0, rc # good URL self.admin.assert_icommand("izonereport > out.txt", use_unsafe_shell=True) rc, out, err = lib.run_command('python ../../iRODS/scripts/python/validate_json.py out.txt https://schemas.irods.org/configuration/v2/zone_bundle.json') print "izonereport stdout: "+out print "izonereport stderr: "+err assert "Validating" in out, out assert "... Success" in out, out assert rc == 0, rc # cleanup os.remove('out.txt')
def test_authentication_PAM_with_server_params(self): lib.run_command('openssl genrsa -out server.key') lib.run_command('openssl req -batch -new -key server.key -out server.csr') lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365') lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json') with lib.file_backed_up(service_account_environment_file_path): server_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', } lib.update_json_file_from_dict(service_account_environment_file_path, server_update) client_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', 'irods_authentication_scheme': 'PaM', 'irods_client_server_policy': 'CS_NEG_REQUIRE', } auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents) self.auth_session.environment_file_contents.update(client_update) server_config_filename = lib.get_irods_config_dir() + '/server_config.json' with lib.file_backed_up(server_config_filename): server_config_update = { 'pam_password_length': 20, 'pam_no_extend': False, 'pam_password_min_time': 121, 'pam_password_max_time': 1209600, } lib.update_json_file_from_dict(server_config_filename, server_config_update) lib.restart_irods_server() # the test self.auth_session.assert_icommand(['iinit', self.auth_session.password]) self.auth_session.assert_icommand("icd") self.auth_session.assert_icommand("ils -L", 'STDOUT_SINGLELINE', "home") self.auth_session.environment_file_contents = auth_session_env_backup for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']: os.unlink(os.path.join(lib.get_irods_top_level_dir(), file)) lib.restart_irods_server()
def test_authentication_PAM_with_server_params(self): lib.run_command('openssl genrsa -out server.key') lib.run_command('openssl req -batch -new -key server.key -out server.csr') lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365') lib.run_command('openssl dhparam -2 -out dhparams.pem 1024') # normally 2048, but smaller size here for speed service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json') with lib.file_backed_up(service_account_environment_file_path): server_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', } lib.update_json_file_from_dict(service_account_environment_file_path, server_update) client_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', 'irods_authentication_scheme': 'PaM', 'irods_client_server_policy': 'CS_NEG_REQUIRE', } auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents) self.auth_session.environment_file_contents.update(client_update) server_config_filename = lib.get_irods_config_dir() + '/server_config.json' with lib.file_backed_up(server_config_filename): server_config_update = { 'pam_password_length': 20, 'pam_no_extend': False, 'pam_password_min_time': 121, 'pam_password_max_time': 1209600, } lib.update_json_file_from_dict(server_config_filename, server_config_update) lib.restart_irods_server() # the test self.auth_session.assert_icommand(['iinit', self.auth_session.password]) self.auth_session.assert_icommand("icd") self.auth_session.assert_icommand("ils -L", 'STDOUT_SINGLELINE', "home") self.auth_session.environment_file_contents = auth_session_env_backup for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']: os.unlink(os.path.join(lib.get_irods_top_level_dir(), file)) lib.restart_irods_server()
def test_irodsFs_bonnie(self): if os.path.isfile('/usr/sbin/bonnie++'): bonnie = '/usr/sbin/bonnie++' else: bonnie = '/usr/bin/bonnie++' rc, out, err = lib.run_command([bonnie, '-r', '1', '-c', '2', '-n', '10', '-d', self.mount_point]) formatted_output = '\n'.join(['rc [{0}]'.format(rc), 'stdout:\n{0}'.format(out), 'stderr:\n{0}'.format(err)]) assert rc == 0, formatted_output assert '-Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--' in out, formatted_output assert '-Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--' in out, formatted_output
def test_authentication_PAM_without_negotiation(self): lib.run_command('openssl genrsa -out server.key') lib.run_command('openssl req -batch -new -key server.key -out server.csr') lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365') lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json') with lib.file_backed_up(service_account_environment_file_path): server_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', } lib.update_json_file_from_dict(service_account_environment_file_path, server_update) client_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', 'irods_authentication_scheme': 'PaM', } # now the actual test auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents) self.auth_session.environment_file_contents.update(client_update) # server reboot to pick up new irodsEnv settings lib.restart_irods_server() # do the reauth self.auth_session.assert_icommand(['iinit', self.auth_session.password]) # connect and list some files self.auth_session.assert_icommand('icd') self.auth_session.assert_icommand('ils -L', 'STDOUT_SINGLELINE', 'home') # reset client environment to original self.auth_session.environment_file_contents = auth_session_env_backup # clean up for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']: os.unlink(os.path.join(lib.get_irods_top_level_dir(), file)) # server reboot to pick up new irodsEnv and server settings lib.restart_irods_server()
def test_authentication_PAM_without_negotiation(self): lib.run_command('openssl genrsa -out server.key') lib.run_command('openssl req -batch -new -key server.key -out server.csr') lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365') lib.run_command('openssl dhparam -2 -out dhparams.pem 1024') # normally 2048, but smaller size here for speed service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json') with lib.file_backed_up(service_account_environment_file_path): server_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', } lib.update_json_file_from_dict(service_account_environment_file_path, server_update) client_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', 'irods_authentication_scheme': 'PaM', } # now the actual test auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents) self.auth_session.environment_file_contents.update(client_update) # server reboot to pick up new irodsEnv settings lib.restart_irods_server() # do the reauth self.auth_session.assert_icommand(['iinit', self.auth_session.password]) # connect and list some files self.auth_session.assert_icommand('icd') self.auth_session.assert_icommand('ils -L', 'STDOUT_SINGLELINE', 'home') # reset client environment to original self.auth_session.environment_file_contents = auth_session_env_backup # clean up for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']: os.unlink(os.path.join(lib.get_irods_top_level_dir(), file)) # server reboot to pick up new irodsEnv and server settings lib.restart_irods_server()
def test_keybaseca_backup(self): # Test the keybaseca backup command by reading and verifying the private key stored in /shared/cakey.backup run_command("mkdir -p /tmp/ssh/") run_command("chown -R keybase:keybase /tmp/ssh/") with open('/shared/cakey.backup') as f: keyLines = [] add = False for line in f: if "----" in line and "PRIVATE" in line and "BEGIN" in line: add = True if add: keyLines.append(line.strip()) if "----" in line and "PRIVATE" in line and "END" in line: add = False key = '\n'.join(keyLines) + '\n' with open('/tmp/ssh/cakey', 'w+') as f: f.write(key) run_command("chmod 0600 /tmp/ssh/cakey") output = run_command("ssh-keygen -y -e -f /tmp/ssh/cakey") assert b"BEGIN SSH2 PUBLIC KEY" in output
def test_irm_rf_nested_coll(self): # test settings depth = 50 files_per_level = 5 file_size = 5 # make local nested dirs coll_name = "test_irm_r_nested_coll" local_dir = os.path.join(self.testing_tmp_dir, coll_name) local_dirs = lib.make_deep_local_tmp_dir(local_dir, depth, files_per_level, file_size) # iput dir self.user0.assert_icommand("iput -r {local_dir}".format(**locals()), "EMPTY") # force remove collection self.user0.assert_icommand("irm -rf {coll_name}".format(**locals()), "EMPTY") self.user0.assert_icommand("ils {coll_name}".format(**locals()), 'STDERR_SINGLELINE', "does not exist") # make sure no files are left in the vault user_vault_dir = os.path.join(lib.get_vault_session_path(self.user0), coll_name) cmd_out = lib.run_command('find {user_vault_dir} -type f'.format(**locals())) self.assertEqual(cmd_out[1], '')
def test_irodsFs_bonnie(self): bonnie_locations = ['/usr/local/sbin/bonnie++', '/usr/local/bin/bonnie++', '/usr/sbin/bonnie++', '/usr/bin/bonnie++', ] for l in bonnie_locations: if os.path.isfile(l): bonnie = l break else: assert False, 'bonnie++ binary not found' rc, out, err = lib.run_command([bonnie, '-r', '1', '-c', '2', '-n', '10', '-d', self.mount_point]) formatted_output = '\n'.join(['rc [{0}]'.format(rc), 'stdout:\n{0}'.format(out), 'stderr:\n{0}'.format(err)]) assert rc == 0, formatted_output assert '-Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--' in out, formatted_output assert '-Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--' in out, formatted_output
def run_icommand(self, *args, **kwargs): self._prepare_run_icommand(args[0], kwargs) return lib.run_command(*args, **kwargs)
def run_post_scripts(score, client, sl_storage, containername, configuration): score['post-scripts'] = normalize(score['post-scripts'], score) for script, args in score['post-scripts'].iteritems(): rc, stdout, stderr = lib.run_command([script]+args) score['post-scripts'][script] = {'rc': rc, 'stdout': stdout, 'stderr': stderr, 'args': args}
import os, sys from lib import PyTerm from lib import JobScanner from lib import print_help from lib import run_command APP_ROOT = os.getenv('APP_ROOT') #make sure always is set if APP_ROOT is None: PyTerm.error("Please export APP_ROOT!") sys.exit(1) if len(sys.argv) == 1: print_help() else: run_command(sys.argv[1], sys.argv[2:], APP_ROOT)