Run tests as appropriate group

Need to add "groupadd" and "groupdel" for Alpine. See: https://github.com/gliderlabs/docker-alpine/issues/326
2023-08-26 10:23:31 -06:00 · 2023-08-26 10:23:31 -06:00 · 3a2ffd4233
commit 3a2ffd4233
parent 62401b72d0
16 changed files with 51 additions and 34 deletions
--- a/doc/FAQ.md
+++ b/doc/FAQ.md
@ -111,13 +111,13 @@ Add yourself and www-data, if you intend to use restconf.
 Using useradd and usermod:
 ```
  sudo useradd clicon # 
-  sudo usermod -a -G clicon <user>
+  sudo usermod -a -G clicon $(whoami)
  sudo usermod -a -G clicon www-data
 ```
 Using adduser (eg on busybox):
 ```
  sudo adduser -D -H clicon
-  sudo adduser <user> clicon
+  sudo adduser $(whoami) clicon
 ```
 (you may have to restart shell)

@ -289,7 +289,7 @@ Clixon by default finds its configuration file at `/usr/local/etc/clixon.xml`. H

 Yes, when you start a clixon program, you can supply the `-o` option to modify the configuration specified in the configuration file. Options that are leafs are overriden, whereas options that are leaf-lists are added to.

-Example, add the "usr/local/share/ietf" directory to the list of directories where yang files are searched for:
+Example, add the "/usr/local/share/ietf" directory to the list of directories where yang files are searched for:
 ```
  clixon_cli -o CLICON_YANG_DIR=/usr/local/share/ietf
 ```
@ -670,4 +670,4 @@ translate {
    value IBM;
 }
 ```
-You can perform translation on any type, not only strings.
+You can perform translation on any type, not only strings.
--- a/docker/test/Dockerfile.fcgi
+++ b/docker/test/Dockerfile.fcgi
@ -41,6 +41,9 @@ RUN apk add --update git make build-base gcc flex bison fcgi-dev curl-dev
 # For netsnmp
 RUN apk add --update net-snmp net-snmp-dev

+# For groupadd/groupdel
+RUN apk add --update shadow
+
 # Checkout standard YANG models for tests (note >1G for full repo)
 RUN mkdir -p /usr/local/share/yang
 WORKDIR /usr/local/share/yang
--- a/docker/test/Dockerfile.native
+++ b/docker/test/Dockerfile.native
@ -44,6 +44,9 @@ RUN apk add --update nghttp2
 # For netsnmp
 RUN apk add --update net-snmp net-snmp-dev

+# For groupadd/groupdel
+RUN apk add --update shadow
+
 # Checkout standard YANG models for tests (note >1G for full repo)
 RUN mkdir -p /usr/local/share/yang
 WORKDIR /usr/local/share/yang
@ -138,7 +141,7 @@ RUN apk add --update net-snmp net-snmp-tools
 RUN echo "master  agentx" > /etc/snmp/snmpd.conf
 RUN echo "agentaddress  127.0.0.1" >> /etc/snmp/snmpd.conf
 RUN echo "rwcommunity   public  localhost" >> /etc/snmp/snmpd.conf
-RUN echo "agentXSocket  unix:/var/run/snmp.sock" >> /etc/snmp/snmpd.conf
+RUN echo "agentxsocket  unix:/var/run/snmp.sock" >> /etc/snmp/snmpd.conf
 RUN echo "agentxperms   777 777" >> /etc/snmp/snmpd.conf

 # Expose https port for restconf
--- a/example/main/Makefile.in
+++ b/example/main/Makefile.in
@ -169,6 +169,8 @@ distclean: clean
 	rm -f Makefile *~ .depend

 install: $(YANGSPECS) $(CLISPECS) $(PLUGINS) $(APPNAME).xml
+	groupadd $(CLICON_GROUP)
+	useradd -M -s /usr/sbin/nologin -g $(CLICON_GROUP) $(CLICON_USER)
 	install -d -m 0755 $(DESTDIR)$(sysconfdir)
 	install -m 0644 $(APPNAME).xml $(DESTDIR)$(sysconfdir)
 #	install -m 0644 $(APPNAME).xml $(DESTDIR)$(CLIXON_DEFAULT_CONFIG)
@ -195,6 +197,8 @@ uninstall:
 	rm -rf $(DESTDIR)$(datarootdir)/$(APPNAME)
 	rm -rf $(DESTDIR)$(localstatedir)/$(APPNAME)
 	rm -rf $(DESTDIR)$(libdir)/$(APPNAME)
+	-userdel $(CLICON_USER)
+	-groupdel $(CLICON_GROUP)

 install-include:	

--- a/test/config.sh.in
+++ b/test/config.sh.in
@ -67,6 +67,9 @@ TOP_SRCDIR=@top_srcdir@
 # Clixon version
 CLIXON_VERSION=@CLIXON_VERSION@

+CLICON_USER=@CLICON_USER@
+CLICON_GROUP=@CLICON_GROUP@
+
 # Which XML symbol to add to top datastore config level
 # see also DATASTORE_TOP_SYMBOL
 DATASTORE_TOP="config"
--- a/test/lib.sh
+++ b/test/lib.sh
@ -192,10 +192,23 @@ BUSER=clicon

 : ${clixon_backend:=clixon_backend}

-: ${clixon_snmp:=$(type -p clixon_snmp)}
+: ${clixon_util_socket:=clixon_util_socket}
+
+: ${clixon_snmp:=clixon_snmp}

 : ${clixon_snmp_pidfile:="/var/tmp/clixon_snmp.pid"}

+: ${_ALREADY_HERE:=0}
+
+if [ -n "$CLICON_GROUP" ] && [ $_ALREADY_HERE -eq 0 ]; then
+    clixon_cli="sudo -g ${CLICON_GROUP} $clixon_cli"
+    clixon_netconf="sudo -g ${CLICON_GROUP} $clixon_netconf"
+    clixon_restconf="sudo -g ${CLICON_GROUP} $clixon_restconf"
+    clixon_snmp="sudo -g ${CLICON_GROUP} $clixon_snmp"
+    clixon_util_socket="sudo -g ${CLICON_GROUP} $clixon_util_socket"
+fi
+_ALREADY_HERE=1
+
 # Source the site-specific definitions for test script variables, if site.sh
 # exists. The variables defined in site.sh override any variables of the same
 # names in the environment in the current execution.
@ -214,7 +227,7 @@ if [ -f ./site.sh ]; then
 fi

 # Standard IETF RFC yang files. 
-if [ ! -z ${YANG_STANDARD_DIR} ]; then
+if [ -n "${YANG_STANDARD_DIR}" ]; then
    : ${IETFRFC=$YANG_STANDARD_DIR/ietf/RFC}
 fi

@ -415,8 +428,7 @@ EOF
 # to reset to me
 if [ ! -G $dir ]; then 
    u=$(whoami)
-    sudo chown $u $dir
-    sudo chgrp $u $dir
+    sudo chown $u:$u $dir
 fi

 # If you bring your own backend BE=0 (it is already started), the backend may
@ -451,7 +463,7 @@ function err(){
  exit -1 #$testnr
 }

-# Dont print diffs
+# Don't print diffs
 function err1(){
  echo -e "\e[31m\nError in Test$testnr [$testname]:"
  if [ $# -gt 0 ]; then 
@ -563,7 +575,7 @@ function stop_backend(){
 # Wait for restconf to stop sending  502 Bad Gateway
 function wait_backend(){
    freq=$(chunked_framing "<rpc $DEFAULTNS><ping $LIBNS/></rpc>")
-    reply=$(echo "$freq" | $clixon_netconf -q1ef $cfg) 
+    reply=$(echo "$freq" | $clixon_netconf -q1ef $cfg)
 #    freply=$(chunked_framing "<rpc-reply $DEFAULTNS><ok/></rpc-reply>")
 #    chunked_equal "$reply" "$freply"
    let i=0;
@ -583,9 +595,10 @@ function wait_backend(){
 # Start restconf daemon
 # @see wait_restconf
 function start_restconf(){
+    local clixon_restconf_="${clixon_restconf#sudo -g * }"
    # Start in background 
-#    echo "sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $*"
-    sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $* </dev/null &>/dev/null &
+#    echo "sudo -u $wwwstartuser $clixon_restconf_ $RCLOG -D $DBG $*"
+    sudo -u $wwwstartuser $clixon_restconf_ $RCLOG -D $DBG $* </dev/null &>/dev/null &
    if [ $? -ne 0 ]; then
        err1 "expected 0" "$?"
    fi
@ -712,7 +725,6 @@ function endtest()
    unset clixon_util_json
    unset clixon_util_xml
    unset clixon_util_path
-    unset clixon_util_socket
    unset clixon_util_stream
    unset clixon_util_xpath
    unset clixon_util_xml
@ -1245,7 +1257,7 @@ challengePassword      = test
 EOF

    # Generate CA cert
-    openssl req -new -x509 -days 1 -config $tmpdir/ca.cnf -keyout $cakey -out $cacert || err "Generate CA cert"
+    openssl req -batch -new -x509 -days 1 -config $tmpdir/ca.cnf -keyout $cakey -out $cacert || err "Generate CA cert"

    rm -rf $tmpdir
 }
@ -1291,7 +1303,7 @@ EOF
    openssl genpkey -algorithm RSA -out $srvkey  || err "Generate server key"

    # Generate CSR (signing request)
-    openssl req -new -config $tmpdir/srv.cnf -key $srvkey -out $tmpdir/srv_csr.pem || err "Generate signing request"
+    openssl req -batch -new -config $tmpdir/srv.cnf -key $srvkey -out $tmpdir/srv_csr.pem || err "Generate signing request"

    # Sign server cert by CA
    openssl x509 -req -extfile $tmpdir/srv.cnf -days 1 -passin "pass:password" -in $tmpdir/srv_csr.pem -CA $cacert -CAkey $cakey -CAcreateserial -out $srvcert || err "Sign server cert"
--- a/test/mem.sh
+++ b/test/mem.sh
@ -40,8 +40,6 @@ function memonce(){
            ;;
        'restconf')
            valgrindtest=3 # This means restconf valgrind test
-            sudo chmod 660 $valgrindfile
-            sudo chown www-data $valgrindfile
            : ${DEMWAIT:=15} # valgrind backend needs some time to get up 
            clixon_restconf="/usr/bin/valgrind --num-callers=50 --leak-check=full --show-leak-kinds=all --suppressions=./valgrind-clixon.supp --track-fds=yes --trace-children=no  --child-silent-after-fork=yes --log-file=$valgrindfile clixon_restconf"

@ -92,7 +90,7 @@ function memonce(){
 function println(){
    str=$1
    echo "$str"
-    length=$(echo "$str" | wc -c)
+    length=${#str}
    let i=1
    while [ $i -lt $length ]; do
        echo -n "="
--- a/test/test_api.sh
+++ b/test/test_api.sh
@ -220,7 +220,7 @@ new "test params: -s init -f $cfg"

 if [ $BE -ne 0 ]; then
    new "kill old backend"
-    sudo clixon_backend -zf $cfg
+    sudo $clixon_backend -zf $cfg
    if [ $? -ne 0 ]; then
        err
    fi
--- a/test/test_client.sh
+++ b/test/test_client.sh
@ -165,7 +165,7 @@ new "Check entries"
 expectpart "$(curl $CURLOPTS -X GET $RCPROTO://localhost/restconf/data/clixon-client:table -H 'Accept: application/yang-data+xml')" 0 "HTTP/$HVER 200" "$XML"

 new "Run $app"
-expectpart "$($app)" 0 '^42$'
+expectpart "$(sudo -g ${CLICON_GROUP} $app)" 0 '^42$'

 if [ $RC -ne 0 ]; then
    new "Kill restconf daemon"
--- a/test/test_config_dump.sh
+++ b/test/test_config_dump.sh
@ -62,13 +62,13 @@ new "cli xml"
 expectpart "$($clixon_cli -1 -f $cfg -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^<clixon-config xmlns="http://clicon.org/config">' "<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>" "<CLICON_MODULE_SET_ID>0</CLICON_MODULE_SET_ID>" "<autocli>" "<list-keyword-default>kw-nokey</list-keyword-default>" "<CLICON_FEATURE>orig</CLICON_FEATURE>" "<CLICON_FEATURE>cmdline</CLICON_FEATURE>" "<CLICON_FEATURE>extradir</CLICON_FEATURE>" --not-- "<CLICON_MODULE_SET_ID>42</CLICON_MODULE_SET_ID>"

 new "backend xml"
-expectpart "$(sudo $clixon_backend -1 -f $cfg -s none -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^<clixon-config xmlns="http://clicon.org/config">' "<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>" "<CLICON_MODULE_SET_ID>0</CLICON_MODULE_SET_ID>" "<autocli>" "<list-keyword-default>kw-nokey</list-keyword-default>" "<CLICON_FEATURE>orig</CLICON_FEATURE>" "<CLICON_FEATURE>cmdline</CLICON_FEATURE>" "<CLICON_FEATURE>extradir</CLICON_FEATURE>" --not-- "<CLICON_MODULE_SET_ID>42</CLICON_MODULE_SET_ID>"
+expectpart "$($clixon_backend -1 -f $cfg -s none -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^<clixon-config xmlns="http://clicon.org/config">' "<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>" "<CLICON_MODULE_SET_ID>0</CLICON_MODULE_SET_ID>" "<autocli>" "<list-keyword-default>kw-nokey</list-keyword-default>" "<CLICON_FEATURE>orig</CLICON_FEATURE>" "<CLICON_FEATURE>cmdline</CLICON_FEATURE>" "<CLICON_FEATURE>extradir</CLICON_FEATURE>" --not-- "<CLICON_MODULE_SET_ID>42</CLICON_MODULE_SET_ID>"

 new "netconf xml"
 expectpart "$($clixon_netconf -q -f $cfg -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^<clixon-config xmlns="http://clicon.org/config">' "<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>" "<CLICON_MODULE_SET_ID>0</CLICON_MODULE_SET_ID>" "<autocli>" "<list-keyword-default>kw-nokey</list-keyword-default>" "<CLICON_FEATURE>orig</CLICON_FEATURE>" "<CLICON_FEATURE>cmdline</CLICON_FEATURE>" "<CLICON_FEATURE>extradir</CLICON_FEATURE>" --not-- "<CLICON_MODULE_SET_ID>42</CLICON_MODULE_SET_ID>"

 new "restconf xml"
-expectpart "$(sudo $clixon_restconf -f $cfg -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^<clixon-config xmlns="http://clicon.org/config">' "<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>" "<CLICON_MODULE_SET_ID>0</CLICON_MODULE_SET_ID>" "<autocli>" "<list-keyword-default>kw-nokey</list-keyword-default>" "<CLICON_FEATURE>orig</CLICON_FEATURE>" "<CLICON_FEATURE>cmdline</CLICON_FEATURE>" "<CLICON_FEATURE>extradir</CLICON_FEATURE>" --not-- "<CLICON_MODULE_SET_ID>42</CLICON_MODULE_SET_ID>"
+expectpart "$($clixon_restconf -f $cfg -C xml -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '^<clixon-config xmlns="http://clicon.org/config">' "<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>" "<CLICON_MODULE_SET_ID>0</CLICON_MODULE_SET_ID>" "<autocli>" "<list-keyword-default>kw-nokey</list-keyword-default>" "<CLICON_FEATURE>orig</CLICON_FEATURE>" "<CLICON_FEATURE>cmdline</CLICON_FEATURE>" "<CLICON_FEATURE>extradir</CLICON_FEATURE>" --not-- "<CLICON_MODULE_SET_ID>42</CLICON_MODULE_SET_ID>"

 new "cli json"
 expectpart "$($clixon_cli -1 -f $cfg -C json -o CLICON_MODULE_SET=42 -o CLICON_FEATURE="cmdline")" 0 '"clixon-config:clixon-config": {' "\"CLICON_YANG_MAIN_DIR\": \"$dir\","
--- a/test/test_helloworld.sh
+++ b/test/test_helloworld.sh
@ -31,8 +31,8 @@ cat <<EOF > $cfg
  <CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR>
  <CLICON_STARTUP_MODE>init</CLICON_STARTUP_MODE>
  <CLICON_YANG_LIBRARY>false</CLICON_YANG_LIBRARY>
-  <CLICON_SOCK_GROUP>clicon</CLICON_SOCK_GROUP>
-  <CLICON_RESTCONF_USER>www-data</CLICON_RESTCONF_USER>
+  <CLICON_SOCK_GROUP>${CLICON_GROUP}</CLICON_SOCK_GROUP>
+  <CLICON_RESTCONF_USER>${CLICON_USER}</CLICON_RESTCONF_USER>
  <CLICON_RESTCONF_PRIVILEGES>drop_perm</CLICON_RESTCONF_PRIVILEGES>
  <CLICON_RESTCONF_HTTP2_PLAIN>true</CLICON_RESTCONF_HTTP2_PLAIN>
  <restconf>
--- a/test/test_nacm_credentials.sh
+++ b/test/test_nacm_credentials.sh
@ -10,9 +10,6 @@
 # Magic line must be first in script (see README.md)
 s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi

-# Raw unit tester of backend unix socket.
-: ${clixon_util_socket:=$(which clixon_util_socket)}
-
 APPNAME=example

 # Common NACM scripts
--- a/test/test_pagination_config.sh
+++ b/test/test_pagination_config.sh
@ -160,7 +160,7 @@ wait_backend

 xpath="/es:members/es:member[es:member-id=\'bob\']/es:favorites/es:uint64-numbers"
 new "cli show pagination config using expect"
-sudo="sudo -g ${CLICON_USER}"		## cheat
+sudo="sudo -g ${CLICON_GROUP}"		## cheat
 clixon_cli_="${clixon_cli##$sudo }"
 clixon_cli="$clixon_cli_" $sudo --preserve-env=clixon_cli expect ./test_pagination_expect.exp "$cfg" "$xpath" "uint64-numbers 18" "uint64-numbers 19"
 if [ $? -ne 0 ]; then
--- a/test/test_pagination_state.sh
+++ b/test/test_pagination_state.sh
@ -164,7 +164,7 @@ if [ -n "$(type expect 2> /dev/null)" ]; then
    testrun_start "/es:audit-logs/es:audit-log"
    
    new "CLI scroll test using expect"
-    sudo="sudo -g ${CLICON_USER}"		## cheat
+    sudo="sudo -g ${CLICON_GROUP}"		## cheat
    clixon_cli_="${clixon_cli##$sudo }"
    clixon_cli="$clixon_cli_" $sudo --preserve-env=clixon_cli expect ./test_pagination_expect.exp "$cfg" "$xpath" bob3 bob4
    if [ $? -ne 0 ]; then
--- a/test/test_perf_state_only.sh
+++ b/test/test_perf_state_only.sh
@ -4,7 +4,7 @@
 # Restconf/Netconf/CLI
 # Also added two layers a/b to get extra depth (som caching can break)
 # Alternative, run as:
-# sudo clixon_backend -Fs init -f /var/tmp/./test_perf_state_only.sh/config.xml -- -siS /home/olof/tmp/state_100K.xml
+# sudo $clixon_backend -Fs init -f /var/tmp/./test_perf_state_only.sh/config.xml -- -siS /home/olof/tmp/state_100K.xml

 # Magic line must be first in script (see README.md)
 s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
--- a/test/test_sock.sh
+++ b/test/test_sock.sh
@ -5,9 +5,6 @@
 # Magic line must be first in script (see README.md)
 s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi

-# Raw unit tester of backend unix socket
-: ${clixon_util_socket:=clixon_util_socket}
-
 #
 # client <---> backend
 #          ^ is unix, ipv4, ipv6 socket