diff --git a/.github/workflows/push_pr_main.yaml b/.github/workflows/push_pr_main.yaml index a741799..c37ad8e 100644 --- a/.github/workflows/push_pr_main.yaml +++ b/.github/workflows/push_pr_main.yaml @@ -34,7 +34,7 @@ jobs: uses: ./.github/actions/setup_helm - name: Install Helm unit test plugin - run: helm plugin install https://github.com/helm-unittest/helm-unittest.git + run: helm plugin install https://github.com/helm-unittest/helm-unittest.git --version 0.7.0 - name: Run unit tests run: bash run_tests.sh --unit diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3cf0194..78b84d4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -28,7 +28,7 @@ test Helm Charts: stage: test script: - helm dependency update - - helm plugin install https://github.com/helm-unittest/helm-unittest + - helm plugin install https://github.com/helm-unittest/helm-unittest --version 0.7.0 - bash run_tests.sh --unit integration Tests Helm Charts Mariadb: diff --git a/run_tests.sh b/run_tests.sh index d88a698..b6a3f41 100644 --- a/run_tests.sh +++ b/run_tests.sh @@ -10,92 +10,92 @@ RUN_ALL=true CLEAN_INTEGRATION_ASSETS=true function run_linter { - if [[ "$RUN_LINT" == "true" || "$RUN_ALL" == "true" ]]; then - helm lint . - fi + if [[ "$RUN_LINT" == "true" || "$RUN_ALL" == "true" ]]; then + helm lint . + fi } function run_unit_tests { - if [[ "$RUN_UNIT" == "true" || "$RUN_ALL" == "true" ]]; then - helm unittest --color . - fi + if [[ "$RUN_UNIT" == "true" || "$RUN_ALL" == "true" ]]; then + helm unittest --color . + fi } function run_integration_tests { - local database="$1" - if [[ "$RUN_INTEGRATION" == "true" || "$RUN_ALL" == "true" ]]; then - source tests/integration/fixtures/install_dependencies.sh - installDependencies - bash tests/integration/fixtures/create-cluster-with-passbolt.sh "$database" - "$HELM_BINARY" test --logs passbolt -n default - fi + local database="$1" + if [[ "$RUN_INTEGRATION" == "true" || "$RUN_ALL" == "true" ]]; then + source tests/integration/fixtures/install_dependencies.sh + installDependencies + bash tests/integration/fixtures/create-cluster-with-passbolt.sh "$database" + "$HELM_BINARY" test --logs passbolt -n default + fi } function clean_integration_assets { - if [[ "$RUN_INTEGRATION" == "true" ]] || [[ "$RUN_ALL" == "true" ]] && [[ "$CLEAN_INTEGRATION_ASSETS" == "true" ]]; then - echo Cleaning integration testing assets... - rm -f helm kubectl kind mkcerts passbolt - fi + if [[ "$RUN_INTEGRATION" == "true" ]] || [[ "$RUN_ALL" == "true" ]] && [[ "$CLEAN_INTEGRATION_ASSETS" == "true" ]]; then + echo Cleaning integration testing assets... + rm -f helm kubectl kind mkcerts passbolt + fi } function showHelp { - echo "Run the available tests for passbolt helm charts" - echo - echo "Syntax: $0 [options]" - echo "$0 with no arguments will run all of the available tests." - echo - echo "options:" - echo "-h|--help Show this message." - echo "-l|--lint Run helm lint." - echo "-u|--unit Run helm unittest tests." - echo "-i|--integration Run integration tests." - echo "-d|--database [option] Database to run integration tests to [mariadb|postgresql]." - echo "-no-clean Skip cleaning step." - echo - exit 0 + echo "Run the available tests for passbolt helm charts" + echo + echo "Syntax: $0 [options]" + echo "$0 with no arguments will run all of the available tests." + echo + echo "options:" + echo "-h|--help Show this message." + echo "-l|--lint Run helm lint." + echo "-u|--unit Run helm unittest tests." + echo "-i|--integration Run integration tests." + echo "-d|--database [option] Database to run integration tests to [mariadb|postgresql]." + echo "-no-clean Skip cleaning step." + echo + exit 0 } function run_all { - run_linter - run_unit_tests - run_integration_tests "$DATABASE_ENGINGE" - clean_integration_assets + run_linter + run_unit_tests + run_integration_tests "$DATABASE_ENGINGE" + clean_integration_assets } while [[ $# -gt 0 ]]; do - case $1 in - -h | --help) - showHelp - ;; - -l | --lint) - RUN_ALL=false - RUN_LINT=true - shift - ;; - -u | --unit) - RUN_ALL=false - RUN_UNIT=true - shift - ;; - -i | --integration) - RUN_ALL=false - RUN_INTEGRATION=true - shift - ;; - -d | --database) - shift - DATABASE_ENGINGE=$1 - shift - ;; - --no-clean) - CLEAN_INTEGRATION_ASSETS=false - shift - ;; - *) - echo "Unknown argurment $1" - shift - ;; - esac + case $1 in + -h | --help) + showHelp + ;; + -l | --lint) + RUN_ALL=false + RUN_LINT=true + shift + ;; + -u | --unit) + RUN_ALL=false + RUN_UNIT=true + shift + ;; + -i | --integration) + RUN_ALL=false + RUN_INTEGRATION=true + shift + ;; + -d | --database) + shift + DATABASE_ENGINGE=$1 + shift + ;; + --no-clean) + CLEAN_INTEGRATION_ASSETS=false + shift + ;; + *) + echo "Unknown argurment $1" + shift + ;; + esac done run_all diff --git a/templates/tests/integration-tests-runner.yaml b/templates/tests/integration-tests-runner.yaml index a47ab4f..43165f9 100644 --- a/templates/tests/integration-tests-runner.yaml +++ b/templates/tests/integration-tests-runner.yaml @@ -9,14 +9,15 @@ spec: #serviceAccountName: -sa-common containers: - name: tests - image: alpine - command: ["/bin/sh"] + image: debian:stable-slim + command: ["/bin/bash"] args: - -c - | set -e - apk update && apk add -U curl bash jq gpg gpg-agent + apt-get update && apt-get install -y curl jq gpg gpg-agent cd + sleep 10 bash /tests/run_tests.sh env: - name: TESTS_DEBUG diff --git a/tests/deployment_redis_sidecar_test.yaml b/tests/deployment_redis_sidecar_test.yaml index 73b8dae..04a66f8 100644 --- a/tests/deployment_redis_sidecar_test.yaml +++ b/tests/deployment_redis_sidecar_test.yaml @@ -25,6 +25,7 @@ tests: subPath: haproxy.cfg name: sec-redis-proxy readOnly: true + any: true - it: should have only one redis sidecar and mount its configuration templates: @@ -59,12 +60,12 @@ tests: app.cache.redis.enabled: false app.cache.redis.sentinelProxy.enabled: false asserts: - - contains: + - notContains: path: spec.template.spec.volumes content: + name: sec-redis-proxy secret: secretName: test-passbolt-sec-redis-proxy - count: 0 any: true - it: should contain a volumes section @@ -81,6 +82,7 @@ tests: - contains: path: spec.template.spec.volumes content: + name: sec-redis-proxy secret: secretName: test-passbolt-sec-redis-proxy count: 1 diff --git a/tests/integration/fixtures/create-cluster-with-passbolt.sh b/tests/integration/fixtures/create-cluster-with-passbolt.sh index 7a0a54f..e858a21 100644 --- a/tests/integration/fixtures/create-cluster-with-passbolt.sh +++ b/tests/integration/fixtures/create-cluster-with-passbolt.sh @@ -5,24 +5,24 @@ set -eo pipefail DATABASE_ENGINE="${1:-mariadb}" KIND_CLUSTER_CONFIG_FILE="tests/integration/fixtures/kind-config.yaml" -HELM_TESTING_VALUES="tests/integration/fixtures/testing-$DATABASE_ENGINE.yaml" +HELM_TESTING_VALUES="tests/integration/fixtures/testing-${DATABASE_ENGINE}.yaml" KIND_CLUSTER_NAME="charts-passbolt-integration" K8S_LOCAL_TLS_SECRET="local-tls-secret" SSL_KEY_PATH="/tmp/ssl.key" SSL_CERT_PATH="/tmp/ssl.crt" function createKindCluster { - echo "Creating kind cluster: $KIND_CLUSTER_NAME" - "$KIND_BINARY" create cluster --config "$KIND_CLUSTER_CONFIG_FILE" --name "$KIND_CLUSTER_NAME" + echo "Creating kind cluster: ${KIND_CLUSTER_NAME}" + "${KIND_BINARY}" create cluster --config "${KIND_CLUSTER_CONFIG_FILE}" --name "${KIND_CLUSTER_NAME}" } function installNginxIngress { - "$KUBECTL_BINARY" apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml - "$KUBECTL_BINARY" rollout status deployment ingress-nginx-controller --timeout=120s -n ingress-nginx + "${KUBECTL_BINARY}" apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml + "${KUBECTL_BINARY}" rollout status deployment ingress-nginx-controller --timeout=120s -n ingress-nginx } function http_port { - if [ "$ROOTLESS" == true ]; then + if [ "${ROOTLESS}" == true ]; then echo 8080 else echo 80 @@ -30,7 +30,7 @@ function http_port { } function https_port { - if [ "$ROOTLESS" == true ]; then + if [ "${ROOTLESS}" == true ]; then echo 4433 else echo 443 @@ -39,10 +39,10 @@ function https_port { function image_tag { tag="$(awk -F ' ' '/^ tag:/ {print $2}' values.yaml)" - if [ "$ROOTLESS" == true ]; then - echo "$tag"-non-root + if [ "${ROOTLESS}" == true ]; then + echo "${tag}"-non-root else - echo "$tag" + echo "${tag}" fi } @@ -52,75 +52,75 @@ function upgradePassboltChart { local fingerprint="" local jwt_private_key="" local jwt_public_key="" - private_key=$(kubectl get secret passbolt-sec-gpg --namespace default -o jsonpath="{.data.serverkey_private\.asc}")  ✔ │ 56m 0s  + private_key=$(kubectl get secret passbolt-sec-gpg --namespace default -o jsonpath="{.data.serverkey_private\.asc}") public_key=$(kubectl get secret passbolt-sec-gpg --namespace default -o jsonpath="{.data.serverkey\.asc}") fingerprint=$(kubectl exec deploy/passbolt-depl-srv -c passbolt-depl-srv -- grep PASSBOLT_GPG_SERVER_KEY_FINGERPRINT /etc/environment | awk -F= '{gsub(/"/, ""); print $2}') jwt_private_key=$(kubectl get secret passbolt-sec-jwt --namespace default -o jsonpath="{.data.jwt\.key}") jwt_public_key=$(kubectl get secret passbolt-sec-jwt --namespace default -o jsonpath="{.data.jwt\.pem}") - "$HELM_BINARY" upgrade -i passbolt . \ - -f "$HELM_TESTING_VALUES" \ + "${HELM_BINARY}" upgrade -i passbolt . \ + -f "${HELM_TESTING_VALUES}" \ -n default \ - --set integrationTests.debug="$DEBUG" \ - --set integrationTests.rootless="$ROOTLESS" \ + --set integrationTests.debug="${DEBUG}" \ + --set integrationTests.rootless="${ROOTLESS}" \ --set app.image.tag="$(image_tag)" \ - --set gpgServerKeyPrivate="$private_key" \ - --set gpgServerKeyPublic="$public_key" \ - --set passboltEnv.secret.PASSBOLT_GPG_SERVER_KEY_FINGERPRINT="$fingerprint" \ - --set jwtServerPrivate="$jwt_private_key" \ - --set jwtServerPublic="$jwt_public_key" \ + --set gpgServerKeyPrivate="${private_key}" \ + --set gpgServerKeyPublic="${public_key}" \ + --set passboltEnv.secret.PASSBOLT_GPG_SERVER_KEY_FINGERPRINT="${fingerprint}" \ + --set jwtServerPrivate="${jwt_private_key}" \ + --set jwtServerPublic="${jwt_public_key}" \ --set service.ports.https.targetPort="$(https_port)" \ --set service.ports.http.targetPort="$(http_port)" } function installPassboltChart { - if [[ ! -z "$GITLAB_CI" || ! -z "$GITHUB_WORKFLOW" ]]; then - "$HELM_BINARY" repo add bitnami https://charts.bitnami.com/bitnami - "$HELM_BINARY" repo add passbolt-library https://download.passbolt.com/charts/passbolt-library - "$HELM_BINARY" dependency build + if [[ -n "${GITLAB_CI}" || -n "${GITHUB_WORKFLOW}" ]]; then + "${HELM_BINARY}" repo add bitnami https://charts.bitnami.com/bitnami + "${HELM_BINARY}" repo add passbolt-library https://download.passbolt.com/charts/passbolt-library + "${HELM_BINARY}" dependency build fi - if "$HELM_BINARY" status passbolt; then + if "${HELM_BINARY}" status passbolt; then upgradePassboltChart else - "$HELM_BINARY" install passbolt . -f $HELM_TESTING_VALUES -n default \ + "${HELM_BINARY}" install passbolt . -f "${HELM_TESTING_VALUES}" -n default \ --set service.ports.https.targetPort="$(https_port)" \ --set service.ports.http.targetPort="$(http_port)" \ --set app.image.tag="$(image_tag)" \ - --set integrationTests.debug="$DEBUG" \ - --set integrationTests.rootless="$ROOTLESS" + --set integrationTests.debug="${DEBUG}" \ + --set integrationTests.rootless="${ROOTLESS}" fi - "$KUBECTL_BINARY" rollout status deployment passbolt-depl-srv --timeout=120s -n default + "${KUBECTL_BINARY}" rollout status deployment passbolt-depl-srv --timeout=120s -n default } function createAndInstallSSLCertificates { - local domain="${1-passbolt.local}" - local ssl_key_path="$SSL_KEY_PATH" - local ssl_cert_path="$SSL_CERT_PATH" - "$MKCERT_BINARY" -install - "$MKCERT_BINARY" -cert-file "$ssl_cert_path" -key-file "$ssl_key_path" "$domain" - "$KUBECTL_BINARY" create secret generic mkcert-ca \ - --from-file=rootCA-key.pem=$("$MKCERT_BINARY" -CAROOT)/rootCA-key.pem \ - --from-file=rootCA.pem=$("$MKCERT_BINARY" -CAROOT)/rootCA.pem \ + local domain="passbolt.local" + local ssl_key_path="${SSL_KEY_PATH}" + local ssl_cert_path="${SSL_CERT_PATH}" + "${MKCERT_BINARY}" -install + "${MKCERT_BINARY}" -cert-file "${ssl_cert_path}" -key-file "${ssl_key_path}" "${domain}" + "${KUBECTL_BINARY}" create secret generic mkcert-ca \ + --from-file=rootCA-key.pem="$(${MKCERT_BINARY} -CAROOT)"/rootCA-key.pem \ + --from-file=rootCA.pem="$(${MKCERT_BINARY} -CAROOT)"/rootCA.pem \ -n default } function createSecretWithTLS { - local secret_name="$K8S_LOCAL_TLS_SECRET" - local ssl_key_path="$SSL_KEY_PATH" - local ssl_cert_path="$SSL_CERT_PATH" - if "$KUBECTL_BINARY" get secret $secret_name -n default &>/dev/null; then - "$KUBECTL_BINARY" delete secret $secret_name -n default + local secret_name="${K8S_LOCAL_TLS_SECRET}" + local ssl_key_path="${SSL_KEY_PATH}" + local ssl_cert_path="${SSL_CERT_PATH}" + if "${KUBECTL_BINARY}" get secret ${secret_name} -n default &>/dev/null; then + "${KUBECTL_BINARY}" delete secret ${secret_name} -n default fi - "$KUBECTL_BINARY" create secret tls $secret_name --cert="$ssl_cert_path" --key="$ssl_key_path" -n default + "${KUBECTL_BINARY}" create secret tls ${secret_name} --cert="${ssl_cert_path}" --key="${ssl_key_path}" -n default } function createInfraAndInstallPassboltChart { - if ! "$KUBECTL_BINARY" config view -o jsonpath='{.contexts[*].name}' | grep -q "$KIND_CLUSTER_NAME"; then + if ! "${KUBECTL_BINARY}" config view -o jsonpath='{.contexts[*].name}' | grep -q "${KIND_CLUSTER_NAME}"; then createKindCluster createAndInstallSSLCertificates createSecretWithTLS installNginxIngress installPassboltChart else - echo "Cluster $KIND_CLUSTER_NAME already exists" + echo "Cluster ${KIND_CLUSTER_NAME} already exists" fi } diff --git a/tests/integration/fixtures/gpg.sh b/tests/integration/fixtures/gpg.sh index 7eb80cc..dab4d06 100644 --- a/tests/integration/fixtures/gpg.sh +++ b/tests/integration/fixtures/gpg.sh @@ -1,14 +1,14 @@ #!/bin/bash function createGPGKey { - keysize=3072 - email="$1" - _log Creating user gpg key... - gpg --homedir ${TMPGNUPGHOME} --batch --no-tty --gen-key 2>/dev/null </dev/null <secret-"$email".asc - gpg --homedir ${TMPGNUPGHOME} --armor --export ${email} >public-"$email".asc - _log Gpg key created and exported + gpg --passphrase "${PASSPHRASE}" --batch --pinentry-mode=loopback --armor --homedir "${TMPGNUPGHOME}" --export-secret-keys "${email}" >"secret-${email}.asc" + gpg --homedir "${TMPGNUPGHOME}" --armor --export "${email}" >"public-${email}.asc" + _log Gpg key created and exported } diff --git a/tests/integration/fixtures/install_dependencies.sh b/tests/integration/fixtures/install_dependencies.sh index a43727f..2cd55e3 100644 --- a/tests/integration/fixtures/install_dependencies.sh +++ b/tests/integration/fixtures/install_dependencies.sh @@ -13,75 +13,75 @@ SSL_KEY_PATH="/tmp/ssl.key" SSL_CERT_PATH="/tmp/ssl.crt" function getKubectl { - local path="./kubectl" - if ! command -v "$KUBECTL_BINARY" >/dev/null && [ ! -f "$path" ]; then - curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256" - echo "$(cat kubectl.sha256) kubectl" | sha256sum -c - chmod +x kubectl - KUBECTL_BINARY="./kubectl" - fi + local path="./kubectl" + if ! command -v "${KUBECTL_BINARY}" >/dev/null && [ ! -f "${path}" ]; then + curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256" + echo "$(cat kubectl.sha256) kubectl" | sha256sum -c + chmod +x kubectl + KUBECTL_BINARY="./kubectl" + fi } function getKind { - local path="./kind" - if ! command -v "$KIND_BINARY" >/dev/null && [ ! -f "$path" ]; then - curl -sLo ./kind-linux-amd64 "https://kind.sigs.k8s.io/dl/$KIND_VERSION/kind-linux-amd64" - curl -sLo ./kind-sha256sum "https://github.com/kubernetes-sigs/kind/releases/download/$KIND_VERSION/kind-linux-amd64.sha256sum" - sha256sum -c kind-sha256sum - mv kind-linux-amd64 kind && chmod +x kind && rm kind-sha256sum - KIND_BINARY="./kind" - fi + local path="./kind" + if ! command -v "${KIND_BINARY}" >/dev/null && [ ! -f "${path}" ]; then + curl -sLo ./kind-linux-amd64 "https://kind.sigs.k8s.io/dl/${KIND_VERSION}/kind-linux-amd64" + curl -sLo ./kind-sha256sum "https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64.sha256sum" + sha256sum -c kind-sha256sum + mv kind-linux-amd64 kind && chmod +x kind && rm kind-sha256sum + KIND_BINARY="./kind" + fi } function getHelm { - local path="./helm" - if ! command -v "$HELM_BINARY" >/dev/null && [ ! -f "$path" ]; then - curl -sL "https://get.helm.sh/helm-$HELM_VERSION-linux-amd64.tar.gz" >helm-"$HELM_VERSION"-linux-amd64.tar.gz - curl -sL "https://get.helm.sh/helm-$HELM_VERSION-linux-amd64.tar.gz.sha256sum" >helm.sha256sum - sha256sum -c helm.sha256sum - tar -xvf helm-"$HELM_VERSION"-linux-amd64.tar.gz linux-amd64/helm && mv linux-amd64/helm . && rm -rf linux-amd64 helm-"$HELM_VERSION"-linux-amd64.tar.gz helm.sha256sum - HELM_BINARY="./helm" - fi + local path="./helm" + if ! command -v "${HELM_BINARY}" >/dev/null && [ ! -f "${path}" ]; then + curl -sL "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" >helm-"${HELM_VERSION}"-linux-amd64.tar.gz + curl -sL "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz.sha256sum" >helm.sha256sum + sha256sum -c helm.sha256sum + tar -xvf helm-"${HELM_VERSION}"-linux-amd64.tar.gz linux-amd64/helm && mv linux-amd64/helm . && rm -rf linux-amd64 helm-"${HELM_VERSION}"-linux-amd64.tar.gz helm.sha256sum + HELM_BINARY="./helm" + fi } function getMkcert { - local path="./mkcert" - if ! command -v "$MKCERT_BINARY" >/dev/null && [ ! -f "$path" ]; then - echo "Installing mkcert..." - curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64" - chmod +x mkcert-v*-linux-amd64 - mv mkcert-v*-linux-amd64 mkcert - MKCERT_BINARY="./mkcert" - fi + local path="./mkcert" + if ! command -v "${MKCERT_BINARY}" >/dev/null && [ ! -f "${path}" ]; then + echo "Installing mkcert..." + curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64" + chmod +x mkcert-v*-linux-amd64 + mv mkcert-v*-linux-amd64 mkcert + MKCERT_BINARY="./mkcert" + fi } function getPassboltGoCli { - local path="./passbolt" - if ! command -v "$PASSBOLT_CLI_BINARY" >/dev/null && [ ! -f "$path" ]; then - local version="$PASSBOLT_CLI_VERSION" - curl -sL "https://github.com/passbolt/go-passbolt-cli/releases/download/v${version}/go-passbolt-cli_${version}_linux_amd64.tar.gz" >go-passbolt-cli_"${version}"_linux_amd64.tar.gz - curl -sL "https://github.com/passbolt/go-passbolt-cli/releases/download/v${version}/checksums.txt" | grep "${version}_linux_amd64.tar.gz" >cli.sha256sum - sha256sum -c cli.sha256sum - tar -xvf go-passbolt-cli_"${version}"_linux_amd64.tar.gz passbolt >/dev/null && rm cli.sha256sum go-passbolt-cli_"${version}"_linux_amd64.tar.gz - PASSBOLT_CLI_BINARY="./passbolt" - fi + local path="./passbolt" + if ! command -v "${PASSBOLT_CLI_BINARY}" >/dev/null && [ ! -f "${path}" ]; then + local version="${PASSBOLT_CLI_VERSION}" + curl -sL "https://github.com/passbolt/go-passbolt-cli/releases/download/v${version}/go-passbolt-cli_${version}_linux_amd64.tar.gz" >go-passbolt-cli_"${version}"_linux_amd64.tar.gz + curl -sL "https://github.com/passbolt/go-passbolt-cli/releases/download/v${version}/checksums.txt" | grep "${version}_linux_amd64.tar.gz" >cli.sha256sum + sha256sum -c cli.sha256sum + tar -xvf go-passbolt-cli_"${version}"_linux_amd64.tar.gz passbolt >/dev/null && rm cli.sha256sum go-passbolt-cli_"${version}"_linux_amd64.tar.gz + PASSBOLT_CLI_BINARY="./passbolt" + fi } function addHostsEntry { - echo "Adding hosts entry to ingress cluster ip..." - echo "$("$KUBECTL_BINARY" get service/ingress-nginx-controller -o jsonpath='{.spec.clusterIP}' -n ingress-nginx) $PASSBOLT_FQDN" >>/etc/hosts + echo "Adding hosts entry to ingress cluster ip..." + echo "$("${KUBECTL_BINARY}" get service/ingress-nginx-controller -o jsonpath='{.spec.clusterIP}' -n ingress-nginx) ${PASSBOLT_FQDN}" >>/etc/hosts } function installDependencies { - getKind - getKubectl - getHelm - getMkcert - getPassboltGoCli - export KUBECTL_BINARY="$KUBECTL_BINARY" - export HELM_BINARY="$HELM_BINARY" - export MKCERT_BINARY="$MKCERT_BINARY" - export PASSBOLT_CLI_BINARY="$PASSBOLT_CLI_BINARY" - export KIND_BINARY="$KIND_BINARY" + getKind + getKubectl + getHelm + getMkcert + getPassboltGoCli + export KUBECTL_BINARY="${KUBECTL_BINARY}" + export HELM_BINARY="${HELM_BINARY}" + export MKCERT_BINARY="${MKCERT_BINARY}" + export PASSBOLT_CLI_BINARY="${PASSBOLT_CLI_BINARY}" + export KIND_BINARY="${KIND_BINARY}" } diff --git a/tests/integration/fixtures/log.sh b/tests/integration/fixtures/log.sh index cfec37c..91b97da 100644 --- a/tests/integration/fixtures/log.sh +++ b/tests/integration/fixtures/log.sh @@ -2,14 +2,14 @@ # Prints debug logs if TESTS_DEBUG is true function _echo { - if [ "$TESTS_DEBUG" == true ]; then - printf '[DEBUG]: %s\n' "${DEBUG_MESSAGES[@]}" - fi - DEBUG_MESSAGES=() + if [ "${TESTS_DEBUG}" == true ]; then + printf '[DEBUG]: %s\n' "${DEBUG_MESSAGES[@]}" + fi + DEBUG_MESSAGES=() } # Appends debug logs to a variable function _log { - local message="$@" - DEBUG_MESSAGES+=("${message[*]}") + local message="$*" + DEBUG_MESSAGES+=("${message[*]}") } diff --git a/tests/integration/fixtures/passbolt.sh b/tests/integration/fixtures/passbolt.sh index 464fa21..c8ae10f 100644 --- a/tests/integration/fixtures/passbolt.sh +++ b/tests/integration/fixtures/passbolt.sh @@ -1,20 +1,21 @@ #!/bin/bash function registerPassboltUser { - local firstname=$1 - local lastname=$2 - local email=$3 + local firstname=${1} + local lastname=${2} + local email=${3} + # This string must remain with single quotes as it is used as a command in line 12/14 local register_command='bin/cake passbolt register_user -u $0 -f $1 -l $2 -r admin' #local command_as_root="su -c "$register_command" -- $email $firstname $lastname -s /bin/bash www-data" #local command_as_www="bash -c "$register_command" -- $email $firstname $lastname" - if [ "$ROOTLESS" == true ]; then - registration=$("$KUBECTL_BINARY" exec -it deployment/passbolt-depl-srv -n default -- bash -c "$register_command" $email $firstname $lastname 2>/dev/null) + if [ "${ROOTLESS}" == true ]; then + registration=$("${KUBECTL_BINARY}" exec -it deployment/passbolt-depl-srv -n default -- bash -c "${register_command}" "${email}" "${firstname}" "${lastname}" 2>/dev/null) else - registration=$("$KUBECTL_BINARY" exec -it deployment/passbolt-depl-srv -n default -- su www-data -c "$register_command" $email $firstname $lastname -s /bin/bash 2>/dev/null) + registration=$("${KUBECTL_BINARY}" exec -it deployment/passbolt-depl-srv -n default -- su www-data -c "${register_command}" "${email}" "${firstname}" "${lastname}" -s /bin/bash 2>/dev/null) fi - _log "$registration" + _log "${registration}" regex='(https?)://[-[:alnum:]\+&@#/%?=~_|!:,.;]*[-[:alnum:]\+&@#/%=~_|]' - if [[ $registration =~ $regex ]]; then + if [[ ${registration} =~ ${regex} ]]; then _log User created on database else _log User creation failed @@ -23,7 +24,7 @@ function registerPassboltUser { user_uuid=$(echo "${registration}" | grep -Eo "(http|https)://[a-zA-Z0-9./?=_%:-]*" | cut -d/ -f6) user_token=$(echo "${registration}" | grep -Eo "(http|https)://[a-zA-Z0-9./?=_%:-]*" | cut -d/ -f7) - createGPGKey "$email" + createGPGKey "${email}" _log Registering user on passbolt api... curl -s "https://${PASSBOLT_FQDN}/setup/complete/${user_uuid}" \ @@ -32,56 +33,56 @@ function registerPassboltUser { -H "content-type: application/json" \ --data-raw "{\"authenticationtoken\":{\"token\":\"${user_token}\"},\"gpgkey\":{\"armored_key\":\"$(awk '{printf "%s\\n", $0}' public-${email}.asc)\"}}" \ --compressed >/dev/null - _log User "$email" succesfully registered + _log User "${email}" succesfully registered # Fixes an issue on the CI, where user with this key isn't found. sleep 10 } function configurePassbolt { - local id=$1 + local id=${1} _log Configuring passbolt cli... - _log $PASSBOLT_CLI_BINARY configure --serverAddress "https://${PASSBOLT_FQDN}" --userPassword "$PASSPHRASE" --userPrivateKeyFile "secret-${id}.asc" - $PASSBOLT_CLI_BINARY configure --serverAddress "https://${PASSBOLT_FQDN}" --userPassword "$PASSPHRASE" --userPrivateKeyFile "secret-${id}.asc" + _log "${PASSBOLT_CLI_BINARY}" configure --serverAddress "https://${PASSBOLT_FQDN}" --userPassword "${PASSPHRASE}" --userPrivateKeyFile "secret-${id}.asc" + ${PASSBOLT_CLI_BINARY} configure --serverAddress "https://${PASSBOLT_FQDN}" --userPassword "${PASSPHRASE}" --userPrivateKeyFile "secret-${id}.asc" _log passbolt cli configured } function createPassword { - local name="$1" - local secret="$2" - _log $PASSBOLT_CLI_BINARY create resource --name "${name}" --password "$secret" -j - $PASSBOLT_CLI_BINARY create resource --name "${name}" --password "$secret" -j + local name="${1}" + local secret="${2}" + _log "${PASSBOLT_CLI_BINARY}" create resource --name "${name}" --password "${secret}" -j + ${PASSBOLT_CLI_BINARY} create resource --name "${name}" --password "${secret}" -j } function createPasswordInFolder { - local name="$1" - local secret="$2" - local folder="$3" - _log $PASSBOLT_CLI_BINARY create resource --name "${name}" --password "$secret" -f "$folder" -j - $PASSBOLT_CLI_BINARY create resource --name "${name}" --password "$secret" -f "$folder" -j + local name="${1}" + local secret="${2}" + local folder="${3}" + _log "${PASSBOLT_CLI_BINARY}" create resource --name "${name}" --password "${secret}" -f "${folder}" -j + ${PASSBOLT_CLI_BINARY} create resource --name "${name}" --password "${secret}" -f "${folder}" -j } function createFolder { - local name="$1" - _log $PASSBOLT_CLI_BINARY create folder --name "${name}" -j - $PASSBOLT_CLI_BINARY create folder --name "${name}" -j + local name="${1}" + _log "${PASSBOLT_CLI_BINARY}" create folder --name "${name}" -j + ${PASSBOLT_CLI_BINARY} create folder --name "${name}" -j } function sharePassword { - local id=$1 - local user_id=$2 - local type="$3" - _log $PASSBOLT_CLI_BINARY share resource --id "$id" --user "$user_id" --type "$type" - $PASSBOLT_CLI_BINARY share resource --id "$id" --user "$user_id" --type "$type" + local id=${1} + local user_id=${2} + local type="${3}" + _log "${PASSBOLT_CLI_BINARY}" share resource --id "${id}" --user "${user_id}" --type "${type}" + ${PASSBOLT_CLI_BINARY} share resource --id "${id}" --user "${user_id}" --type "${type}" } function getUserIdByUsername { - local username="$1" - _log $PASSBOLT_CLI_BINARY list user --filter "Username == \"$username\"" -j | jq -r .[0].id - $PASSBOLT_CLI_BINARY list user --filter "Username == \"$username\"" -j | jq -r .[0].id + local username="${1}" + _log "${PASSBOLT_CLI_BINARY}" list user --filter "Username == \"${username}\"" -j | jq -r .[0].id + ${PASSBOLT_CLI_BINARY} list user --filter "Username == \"${username}\"" -j | jq -r .[0].id } function getPasswordSecretById { - local id="$1" - _log "$PASSBOLT_CLI_BINARY" get resource --id "$id" -j | jq -r .password - "$PASSBOLT_CLI_BINARY" get resource --id "$id" -j | jq -r .password + local id="${1}" + _log "${PASSBOLT_CLI_BINARY}" get resource --id "${id}" -j | jq -r .password + "${PASSBOLT_CLI_BINARY}" get resource --id "${id}" -j | jq -r .password } diff --git a/tests/integration/run_integration_tests.sh b/tests/integration/run_integration_tests.sh index e7880b7..59409e2 100644 --- a/tests/integration/run_integration_tests.sh +++ b/tests/integration/run_integration_tests.sh @@ -2,13 +2,13 @@ set -eo pipefail -SPECS_DIR=$(dirname "$0") +SPECS_DIR=$(dirname "${0}") -source "$SPECS_DIR"/fixtures/gpg.sh -source "$SPECS_DIR"/fixtures/passbolt.sh -source "$SPECS_DIR"/fixtures/log.sh -source "$SPECS_DIR"/fixtures/install_dependencies.sh -source <(cat "$SPECS_DIR"/tests/*_test.sh) +source "${SPECS_DIR}"/fixtures/gpg.sh +source "${SPECS_DIR}"/fixtures/passbolt.sh +source "${SPECS_DIR}"/fixtures/log.sh +source "${SPECS_DIR}"/fixtures/install_dependencies.sh +source <(cat "${SPECS_DIR}"/tests/*_test.sh) TMPGNUPGHOME=$(mktemp -d) PASSPHRASE="strong-passphrase" @@ -19,28 +19,28 @@ LASTNAME="Doe" declare -a DEBUG_MESSAGES function testRunner { - name="$(echo $* | cut -d : -f 1)" - description="$(echo $* | cut -d : -f 2)" + name="$(echo "$@" | cut -d : -f 1)" + description="$(echo "$@" | cut -d : -f 2)" green_text="\033[0;32m" red_text="\033[0;31m" reset="\033[0m" - log_file="/tmp/$name-integration-tests.log" - if $name &>${log_file}; then + log_file="/tmp/${name}-integration-tests.log" + if ${name} &>"${log_file}"; then _echo - echo -e "${green_text}[PASS] $description${reset}" + echo -e "${green_text}[PASS] ${description}${reset}" else _echo - echo -e "${red_text}[FAIL] $description${reset}" - cat "$log_file" + echo -e "${red_text}[FAIL] ${description}${reset}" + cat "${log_file}" return 1 fi } installDependencies echo Waiting for redis to be ready... -"$KUBECTL_BINARY" wait pod -l app.kubernetes.io/name=redis --for=condition=Ready +"${KUBECTL_BINARY}" wait pod -l app.kubernetes.io/name=redis --for=condition=Ready # install CA from secret values -CAROOT=/mkcert "$MKCERT_BINARY" -install +CAROOT=/mkcert "${MKCERT_BINARY}" -install addHostsEntry list=( @@ -51,7 +51,7 @@ list=( ) failed=false for name in "${list[@]}"; do - if ! testRunner "$name"; then + if ! testRunner "${name}"; then failed=true fi done diff --git a/tests/integration/tests/create_and_decrypt_test.sh b/tests/integration/tests/create_and_decrypt_test.sh index d7eebbd..ac0de73 100644 --- a/tests/integration/tests/create_and_decrypt_test.sh +++ b/tests/integration/tests/create_and_decrypt_test.sh @@ -2,16 +2,17 @@ function testCreateAndDecryptPassword { local value="password-example" - local test_id="$(date +'%s')" + local test_id= + test_id="$(date +'%s')" local username="email${test_id}@domain.tld" - _log Running "$test_id" test - registerPassboltUser $FIRSTNAME $LASTNAME "${username}" "$test_id" + _log Running "${test_id}" test + registerPassboltUser "${FIRSTNAME}" "${LASTNAME}" "${username}" "${test_id}" configurePassbolt "${username}" - password=$(createPassword "${test_id}" "${value}" "$test_id") - result=$("$PASSBOLT_CLI_BINARY" get resource --id $(echo $password | jq -r .id) -j | jq -r .password) - if [[ "$value" != "$result" ]]; then - >&2 echo "Expected \"$value\", got \"$result\"" + password=$(createPassword "${test_id}" "${value}" "${test_id}") + result=$("${PASSBOLT_CLI_BINARY}" get resource --id "$(echo "${password}" | jq -r .id)" -j | jq -r .password) + if [[ "${value}" != "${result}" ]]; then + >&2 echo "Expected \"${value}\", got \"${result}\"" return 1 fi - _log Test "$test_id" ran succesfully + _log Test "${test_id}" ran succesfully } diff --git a/tests/integration/tests/create_and_fill_folder_test.sh b/tests/integration/tests/create_and_fill_folder_test.sh index c8e8418..53f3508 100644 --- a/tests/integration/tests/create_and_fill_folder_test.sh +++ b/tests/integration/tests/create_and_fill_folder_test.sh @@ -1,34 +1,35 @@ #!/bin/bash function createAndFillFolder { - local name="$1" - local test_id="$2" - local passwords_count="$3" + local name="${1}" + local test_id="${2}" + local passwords_count="${3}" - _log Creating "$name" folder... - folder="$(createFolder "${test_id}")" - _log "$name" folder created - folder_id="$(echo ${folder} | jq -r .id)" - for index in $(seq 1 $passwords_count); do - createPasswordInFolder "password$index" "secret$index" "${folder_id}" - done + _log Creating "${name}" folder... + folder="$(createFolder "${test_id}")" + _log "${name}" folder created + folder_id="$(echo "${folder}" | jq -r .id)" + for index in $(seq 1 "${passwords_count}"); do + createPasswordInFolder "password${index}" "secret${index}" "${folder_id}" + done } function testCreateAndFillFolder { - local name="test-folder" - local test_id="$(date +'%s')" - local username="email${test_id}@domain.tld" - local passwords_count="3" - _log Running "$test_id" test - registerPassboltUser $FIRSTNAME $LASTNAME "${username}" "$test_id" - configurePassbolt "${username}" - createAndFillFolder "${test_id}" "${test_id}" "${passwords_count}" - _log "$PASSBOLT_CLI_BINARY" list resource --filter "FolderParentID == \"${folder_id}\"" -j - resources=$("$PASSBOLT_CLI_BINARY" list resource --filter "FolderParentID == \"${folder_id}\"" -j) - _log "Resources in ${folder_id} folder: \n$resources" - resources_count="$(echo ${resources} | jq -r 'length')" - if [ "$resources_count" != 3 ]; then - >&2 echo "Expected 3 resources in ${test_id} folder, got $resources_count" - return 1 - fi + local name="test-folder" + local test_id="" + test_id="$(date +'%s')" + local username="email${test_id}@domain.tld" + local passwords_count="3" + _log Running "${test_id}" test + registerPassboltUser "${FIRSTNAME}" "${LASTNAME}" "${username}" "${test_id}" + configurePassbolt "${username}" + createAndFillFolder "${test_id}" "${test_id}" "${passwords_count}" + _log "${PASSBOLT_CLI_BINARY}" list resource --filter "FolderParentID == \"${folder_id}\"" -j + resources=$("${PASSBOLT_CLI_BINARY}" list resource --filter "FolderParentID == \"${folder_id}\"" -j) + _log "Resources in ${folder_id} folder: \n${resources}" + resources_count="$(echo "${resources}" | jq -r 'length')" + if [ "${resources_count}" != 3 ]; then + >&2 echo "Expected 3 resources in ${test_id} folder, got ${resources_count}" + return 1 + fi } diff --git a/tests/integration/tests/create_and_remove_password_test.sh b/tests/integration/tests/create_and_remove_password_test.sh index 3718365..ba09f79 100644 --- a/tests/integration/tests/create_and_remove_password_test.sh +++ b/tests/integration/tests/create_and_remove_password_test.sh @@ -1,19 +1,20 @@ #!/bin/bash function testCreateAndRemovePassword { - local value="to-be-removed" - local description="It should create and remove a password" - local test_id="$(date +'%s')" - local username="email${test_id}@domain.tld" - _log Running "$test_id" test - registerPassboltUser $FIRSTNAME $LASTNAME "${username}" "$test_id" - configurePassbolt "${username}" - id=$(createPassword "$test_id" "${value}" "$test_id") - "$PASSBOLT_CLI_BINARY" delete resource --id $(echo $id | jq -r .id) - if [[ $? -ne 0 ]]; then - >&2 echo "Failed to delete the password!" - return 1 - fi - echo "$description" - _log Test "$test_id" ran succesfully + local value="to-be-removed" + local description="It should create and remove a password" + local test_id= + test_id="$(date +'%s')" + local username="email${test_id}@domain.tld" + _log Running "${test_id}" test + registerPassboltUser "${FIRSTNAME}" "${LASTNAME}" "${username}" "${test_id}" + configurePassbolt "${username}" + id=$(createPassword "${test_id}" "${value}" "${test_id}") + "${PASSBOLT_CLI_BINARY}" delete resource --id "$(echo "${id}" | jq -r .id)" + if [[ $? -ne 0 ]]; then + >&2 echo "Failed to delete the password!" + return 1 + fi + echo "${description}" + _log Test "${test_id}" ran succesfully } diff --git a/tests/integration/tests/create_share_and_decrypt_password_test.sh b/tests/integration/tests/create_share_and_decrypt_password_test.sh index 67869ef..064e2c3 100644 --- a/tests/integration/tests/create_share_and_decrypt_password_test.sh +++ b/tests/integration/tests/create_share_and_decrypt_password_test.sh @@ -1,24 +1,27 @@ #!/bin/bash function testCreateShareAndDecryptPassword { - local value="password-example" - local test_id="$(date +'%s')" - local source_username="source-${test_id}@domain.tld" - local destination_username="destination-${test_id}@domain.tld" - local logs - _log Running "$test_id" test - registerPassboltUser $FIRSTNAME $LASTNAME "${source_username}" - registerPassboltUser $FIRSTNAME $LASTNAME "${destination_username}" - local destination_user_id=$(getUserIdByUsername "${destination_username}") - configurePassbolt "${source_username}" - local id=$(createPassword "${test_id}" "${value}" "$test_id") - sharePassword "$(echo $id | jq -r .id)" "$destination_user_id" "15" - configurePassbolt "${destination_username}" - local result=$(getPasswordSecretById $(echo $id | jq -r .id)) - if [[ "$value" != "$result" ]]; then - >&2 echo "Expected \"$value\", got \"$result\"" - return 1 - fi - _log Test "$test_id" ran succesfully + local value="password-example" + local test_id= + test_id="$(date +'%s')" + local source_username="source-${test_id}@domain.tld" + local destination_username="destination-${test_id}@domain.tld" + _log Running "${test_id}" test + registerPassboltUser "${FIRSTNAME}" "${LASTNAME}" "${source_username}" + registerPassboltUser "${FIRSTNAME}" "${LASTNAME}" "${destination_username}" + local destination_user_id= + destination_user_id=$(getUserIdByUsername "${destination_username}") + configurePassbolt "${source_username}" + local id= + id=$(createPassword "${test_id}" "${value}" "${test_id}") + sharePassword "$(echo "${id}" | jq -r .id)" "${destination_user_id}" "15" + configurePassbolt "${destination_username}" + local result= + result=$(getPasswordSecretById "$(echo "${id}" | jq -r .id)") + if [[ "${value}" != "${result}" ]]; then + >&2 echo "Expected \"${value}\", got \"${result}\"" + return 1 + fi + _log Test "${test_id}" ran succesfully }