From 3a2ffd423340e6af07bf030da6ad8b8f989499e0 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Sat, 26 Aug 2023 10:23:31 -0600 Subject: [PATCH] Run tests as appropriate group Need to add "groupadd" and "groupdel" for Alpine. See: https://github.com/gliderlabs/docker-alpine/issues/326 --- doc/FAQ.md | 8 ++++---- docker/test/Dockerfile.fcgi | 3 +++ docker/test/Dockerfile.native | 5 ++++- example/main/Makefile.in | 4 ++++ test/config.sh.in | 3 +++ test/lib.sh | 34 +++++++++++++++++++++++----------- test/mem.sh | 4 +--- test/test_api.sh | 2 +- test/test_client.sh | 2 +- test/test_config_dump.sh | 4 ++-- test/test_helloworld.sh | 4 ++-- test/test_nacm_credentials.sh | 3 --- test/test_pagination_config.sh | 2 +- test/test_pagination_state.sh | 2 +- test/test_perf_state_only.sh | 2 +- test/test_sock.sh | 3 --- 16 files changed, 51 insertions(+), 34 deletions(-) diff --git a/doc/FAQ.md b/doc/FAQ.md index e665485f..d0df4b85 100644 --- a/doc/FAQ.md +++ b/doc/FAQ.md @@ -111,13 +111,13 @@ Add yourself and www-data, if you intend to use restconf. Using useradd and usermod: ``` sudo useradd clicon # - sudo usermod -a -G clicon + sudo usermod -a -G clicon $(whoami) sudo usermod -a -G clicon www-data ``` Using adduser (eg on busybox): ``` sudo adduser -D -H clicon - sudo adduser clicon + sudo adduser $(whoami) clicon ``` (you may have to restart shell) @@ -289,7 +289,7 @@ Clixon by default finds its configuration file at `/usr/local/etc/clixon.xml`. H Yes, when you start a clixon program, you can supply the `-o` option to modify the configuration specified in the configuration file. Options that are leafs are overriden, whereas options that are leaf-lists are added to. -Example, add the "usr/local/share/ietf" directory to the list of directories where yang files are searched for: +Example, add the "/usr/local/share/ietf" directory to the list of directories where yang files are searched for: ``` clixon_cli -o CLICON_YANG_DIR=/usr/local/share/ietf ``` @@ -670,4 +670,4 @@ translate { value IBM; } ``` -You can perform translation on any type, not only strings. \ No newline at end of file +You can perform translation on any type, not only strings. diff --git a/docker/test/Dockerfile.fcgi b/docker/test/Dockerfile.fcgi index 82522de3..bc084a7d 100644 --- a/docker/test/Dockerfile.fcgi +++ b/docker/test/Dockerfile.fcgi @@ -41,6 +41,9 @@ RUN apk add --update git make build-base gcc flex bison fcgi-dev curl-dev # For netsnmp RUN apk add --update net-snmp net-snmp-dev +# For groupadd/groupdel +RUN apk add --update shadow + # Checkout standard YANG models for tests (note >1G for full repo) RUN mkdir -p /usr/local/share/yang WORKDIR /usr/local/share/yang diff --git a/docker/test/Dockerfile.native b/docker/test/Dockerfile.native index e8dfc977..3e92c205 100644 --- a/docker/test/Dockerfile.native +++ b/docker/test/Dockerfile.native @@ -44,6 +44,9 @@ RUN apk add --update nghttp2 # For netsnmp RUN apk add --update net-snmp net-snmp-dev +# For groupadd/groupdel +RUN apk add --update shadow + # Checkout standard YANG models for tests (note >1G for full repo) RUN mkdir -p /usr/local/share/yang WORKDIR /usr/local/share/yang @@ -138,7 +141,7 @@ RUN apk add --update net-snmp net-snmp-tools RUN echo "master agentx" > /etc/snmp/snmpd.conf RUN echo "agentaddress 127.0.0.1" >> /etc/snmp/snmpd.conf RUN echo "rwcommunity public localhost" >> /etc/snmp/snmpd.conf -RUN echo "agentXSocket unix:/var/run/snmp.sock" >> /etc/snmp/snmpd.conf +RUN echo "agentxsocket unix:/var/run/snmp.sock" >> /etc/snmp/snmpd.conf RUN echo "agentxperms 777 777" >> /etc/snmp/snmpd.conf # Expose https port for restconf diff --git a/example/main/Makefile.in b/example/main/Makefile.in index 995a397a..2a364e69 100644 --- a/example/main/Makefile.in +++ b/example/main/Makefile.in @@ -169,6 +169,8 @@ distclean: clean rm -f Makefile *~ .depend install: $(YANGSPECS) $(CLISPECS) $(PLUGINS) $(APPNAME).xml + groupadd $(CLICON_GROUP) + useradd -M -s /usr/sbin/nologin -g $(CLICON_GROUP) $(CLICON_USER) install -d -m 0755 $(DESTDIR)$(sysconfdir) install -m 0644 $(APPNAME).xml $(DESTDIR)$(sysconfdir) # install -m 0644 $(APPNAME).xml $(DESTDIR)$(CLIXON_DEFAULT_CONFIG) @@ -195,6 +197,8 @@ uninstall: rm -rf $(DESTDIR)$(datarootdir)/$(APPNAME) rm -rf $(DESTDIR)$(localstatedir)/$(APPNAME) rm -rf $(DESTDIR)$(libdir)/$(APPNAME) + -userdel $(CLICON_USER) + -groupdel $(CLICON_GROUP) install-include: diff --git a/test/config.sh.in b/test/config.sh.in index 7dc36c64..1b28f6b4 100755 --- a/test/config.sh.in +++ b/test/config.sh.in @@ -67,6 +67,9 @@ TOP_SRCDIR=@top_srcdir@ # Clixon version CLIXON_VERSION=@CLIXON_VERSION@ +CLICON_USER=@CLICON_USER@ +CLICON_GROUP=@CLICON_GROUP@ + # Which XML symbol to add to top datastore config level # see also DATASTORE_TOP_SYMBOL DATASTORE_TOP="config" diff --git a/test/lib.sh b/test/lib.sh index 7fa7b758..f6b6f851 100755 --- a/test/lib.sh +++ b/test/lib.sh @@ -192,10 +192,23 @@ BUSER=clicon : ${clixon_backend:=clixon_backend} -: ${clixon_snmp:=$(type -p clixon_snmp)} +: ${clixon_util_socket:=clixon_util_socket} + +: ${clixon_snmp:=clixon_snmp} : ${clixon_snmp_pidfile:="/var/tmp/clixon_snmp.pid"} +: ${_ALREADY_HERE:=0} + +if [ -n "$CLICON_GROUP" ] && [ $_ALREADY_HERE -eq 0 ]; then + clixon_cli="sudo -g ${CLICON_GROUP} $clixon_cli" + clixon_netconf="sudo -g ${CLICON_GROUP} $clixon_netconf" + clixon_restconf="sudo -g ${CLICON_GROUP} $clixon_restconf" + clixon_snmp="sudo -g ${CLICON_GROUP} $clixon_snmp" + clixon_util_socket="sudo -g ${CLICON_GROUP} $clixon_util_socket" +fi +_ALREADY_HERE=1 + # Source the site-specific definitions for test script variables, if site.sh # exists. The variables defined in site.sh override any variables of the same # names in the environment in the current execution. @@ -214,7 +227,7 @@ if [ -f ./site.sh ]; then fi # Standard IETF RFC yang files. -if [ ! -z ${YANG_STANDARD_DIR} ]; then +if [ -n "${YANG_STANDARD_DIR}" ]; then : ${IETFRFC=$YANG_STANDARD_DIR/ietf/RFC} fi @@ -415,8 +428,7 @@ EOF # to reset to me if [ ! -G $dir ]; then u=$(whoami) - sudo chown $u $dir - sudo chgrp $u $dir + sudo chown $u:$u $dir fi # If you bring your own backend BE=0 (it is already started), the backend may @@ -451,7 +463,7 @@ function err(){ exit -1 #$testnr } -# Dont print diffs +# Don't print diffs function err1(){ echo -e "\e[31m\nError in Test$testnr [$testname]:" if [ $# -gt 0 ]; then @@ -563,7 +575,7 @@ function stop_backend(){ # Wait for restconf to stop sending 502 Bad Gateway function wait_backend(){ freq=$(chunked_framing "") - reply=$(echo "$freq" | $clixon_netconf -q1ef $cfg) + reply=$(echo "$freq" | $clixon_netconf -q1ef $cfg) # freply=$(chunked_framing "") # chunked_equal "$reply" "$freply" let i=0; @@ -583,9 +595,10 @@ function wait_backend(){ # Start restconf daemon # @see wait_restconf function start_restconf(){ + local clixon_restconf_="${clixon_restconf#sudo -g * }" # Start in background -# echo "sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $*" - sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $* /dev/null & +# echo "sudo -u $wwwstartuser $clixon_restconf_ $RCLOG -D $DBG $*" + sudo -u $wwwstartuser $clixon_restconf_ $RCLOG -D $DBG $* /dev/null & if [ $? -ne 0 ]; then err1 "expected 0" "$?" fi @@ -712,7 +725,6 @@ function endtest() unset clixon_util_json unset clixon_util_xml unset clixon_util_path - unset clixon_util_socket unset clixon_util_stream unset clixon_util_xpath unset clixon_util_xml @@ -1245,7 +1257,7 @@ challengePassword = test EOF # Generate CA cert - openssl req -new -x509 -days 1 -config $tmpdir/ca.cnf -keyout $cakey -out $cacert || err "Generate CA cert" + openssl req -batch -new -x509 -days 1 -config $tmpdir/ca.cnf -keyout $cakey -out $cacert || err "Generate CA cert" rm -rf $tmpdir } @@ -1291,7 +1303,7 @@ EOF openssl genpkey -algorithm RSA -out $srvkey || err "Generate server key" # Generate CSR (signing request) - openssl req -new -config $tmpdir/srv.cnf -key $srvkey -out $tmpdir/srv_csr.pem || err "Generate signing request" + openssl req -batch -new -config $tmpdir/srv.cnf -key $srvkey -out $tmpdir/srv_csr.pem || err "Generate signing request" # Sign server cert by CA openssl x509 -req -extfile $tmpdir/srv.cnf -days 1 -passin "pass:password" -in $tmpdir/srv_csr.pem -CA $cacert -CAkey $cakey -CAcreateserial -out $srvcert || err "Sign server cert" diff --git a/test/mem.sh b/test/mem.sh index 0ba79594..e7a1ee3b 100755 --- a/test/mem.sh +++ b/test/mem.sh @@ -40,8 +40,6 @@ function memonce(){ ;; 'restconf') valgrindtest=3 # This means restconf valgrind test - sudo chmod 660 $valgrindfile - sudo chown www-data $valgrindfile : ${DEMWAIT:=15} # valgrind backend needs some time to get up clixon_restconf="/usr/bin/valgrind --num-callers=50 --leak-check=full --show-leak-kinds=all --suppressions=./valgrind-clixon.supp --track-fds=yes --trace-children=no --child-silent-after-fork=yes --log-file=$valgrindfile clixon_restconf" @@ -92,7 +90,7 @@ function memonce(){ function println(){ str=$1 echo "$str" - length=$(echo "$str" | wc -c) + length=${#str} let i=1 while [ $i -lt $length ]; do echo -n "=" diff --git a/test/test_api.sh b/test/test_api.sh index 40671b9d..0b08dba6 100755 --- a/test/test_api.sh +++ b/test/test_api.sh @@ -220,7 +220,7 @@ new "test params: -s init -f $cfg" if [ $BE -ne 0 ]; then new "kill old backend" - sudo clixon_backend -zf $cfg + sudo $clixon_backend -zf $cfg if [ $? -ne 0 ]; then err fi diff --git a/test/test_client.sh b/test/test_client.sh index 22304274..85ce8ab2 100755 --- a/test/test_client.sh +++ b/test/test_client.sh @@ -165,7 +165,7 @@ new "Check entries" expectpart "$(curl $CURLOPTS -X GET $RCPROTO://localhost/restconf/data/clixon-client:table -H 'Accept: application/yang-data+xml')" 0 "HTTP/$HVER 200" "$XML" new "Run $app" -expectpart "$($app)" 0 '^42$' +expectpart "$(sudo -g ${CLICON_GROUP} $app)" 0 '^42$' if [ $RC -ne 0 ]; then new "Kill restconf daemon" diff --git a/test/test_config_dump.sh b/test/test_config_dump.sh index ad0b1ae6..57638ad3 100755 --- a/test/test_config_dump.sh +++ b/test/test_config_dump.sh @@ -62,13 +62,13 @@ new "cli xml" expectpart "$($clixon_cli -1 -f $cfg -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^' "$dir" "0" "" "kw-nokey" "orig" "cmdline" "extradir" --not-- "42" new "backend xml" -expectpart "$(sudo $clixon_backend -1 -f $cfg -s none -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^' "$dir" "0" "" "kw-nokey" "orig" "cmdline" "extradir" --not-- "42" +expectpart "$($clixon_backend -1 -f $cfg -s none -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^' "$dir" "0" "" "kw-nokey" "orig" "cmdline" "extradir" --not-- "42" new "netconf xml" expectpart "$($clixon_netconf -q -f $cfg -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^' "$dir" "0" "" "kw-nokey" "orig" "cmdline" "extradir" --not-- "42" new "restconf xml" -expectpart "$(sudo $clixon_restconf -f $cfg -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^' "$dir" "0" "" "kw-nokey" "orig" "cmdline" "extradir" --not-- "42" +expectpart "$($clixon_restconf -f $cfg -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^' "$dir" "0" "" "kw-nokey" "orig" "cmdline" "extradir" --not-- "42" new "cli json" expectpart "$($clixon_cli -1 -f $cfg -C json -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '"clixon-config:clixon-config": {' "\"CLICON_YANG_MAIN_DIR\": \"$dir\"," diff --git a/test/test_helloworld.sh b/test/test_helloworld.sh index e543ffe2..a70e713d 100755 --- a/test/test_helloworld.sh +++ b/test/test_helloworld.sh @@ -31,8 +31,8 @@ cat < $cfg $dir init false - clicon - www-data + ${CLICON_GROUP} + ${CLICON_USER} drop_perm true diff --git a/test/test_nacm_credentials.sh b/test/test_nacm_credentials.sh index db9e269f..ab8952b1 100755 --- a/test/test_nacm_credentials.sh +++ b/test/test_nacm_credentials.sh @@ -10,9 +10,6 @@ # Magic line must be first in script (see README.md) s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi -# Raw unit tester of backend unix socket. -: ${clixon_util_socket:=$(which clixon_util_socket)} - APPNAME=example # Common NACM scripts diff --git a/test/test_pagination_config.sh b/test/test_pagination_config.sh index 46a1413f..6f941bfe 100755 --- a/test/test_pagination_config.sh +++ b/test/test_pagination_config.sh @@ -160,7 +160,7 @@ wait_backend xpath="/es:members/es:member[es:member-id=\'bob\']/es:favorites/es:uint64-numbers" new "cli show pagination config using expect" -sudo="sudo -g ${CLICON_USER}" ## cheat +sudo="sudo -g ${CLICON_GROUP}" ## cheat clixon_cli_="${clixon_cli##$sudo }" clixon_cli="$clixon_cli_" $sudo --preserve-env=clixon_cli expect ./test_pagination_expect.exp "$cfg" "$xpath" "uint64-numbers 18" "uint64-numbers 19" if [ $? -ne 0 ]; then diff --git a/test/test_pagination_state.sh b/test/test_pagination_state.sh index 10f63e8a..c0193d43 100755 --- a/test/test_pagination_state.sh +++ b/test/test_pagination_state.sh @@ -164,7 +164,7 @@ if [ -n "$(type expect 2> /dev/null)" ]; then testrun_start "/es:audit-logs/es:audit-log" new "CLI scroll test using expect" - sudo="sudo -g ${CLICON_USER}" ## cheat + sudo="sudo -g ${CLICON_GROUP}" ## cheat clixon_cli_="${clixon_cli##$sudo }" clixon_cli="$clixon_cli_" $sudo --preserve-env=clixon_cli expect ./test_pagination_expect.exp "$cfg" "$xpath" bob3 bob4 if [ $? -ne 0 ]; then diff --git a/test/test_perf_state_only.sh b/test/test_perf_state_only.sh index be525860..8771ab5c 100755 --- a/test/test_perf_state_only.sh +++ b/test/test_perf_state_only.sh @@ -4,7 +4,7 @@ # Restconf/Netconf/CLI # Also added two layers a/b to get extra depth (som caching can break) # Alternative, run as: -# sudo clixon_backend -Fs init -f /var/tmp/./test_perf_state_only.sh/config.xml -- -siS /home/olof/tmp/state_100K.xml +# sudo $clixon_backend -Fs init -f /var/tmp/./test_perf_state_only.sh/config.xml -- -siS /home/olof/tmp/state_100K.xml # Magic line must be first in script (see README.md) s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi diff --git a/test/test_sock.sh b/test/test_sock.sh index 665ca45a..54799c79 100755 --- a/test/test_sock.sh +++ b/test/test_sock.sh @@ -5,9 +5,6 @@ # Magic line must be first in script (see README.md) s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi -# Raw unit tester of backend unix socket -: ${clixon_util_socket:=clixon_util_socket} - # # client <---> backend # ^ is unix, ipv4, ipv6 socket