[lxc-devel] [lxd/master] Add pki tests
stgraber on Github
lxc-bot at linuxcontainers.org
Fri Dec 2 23:12:09 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161202/e00d8cb5/attachment.bin>
-------------- next part --------------
From f41f44b5e9c5fab82b08cb7bff1e475da7c6da80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 2 Dec 2016 18:03:20 -0500
Subject: [PATCH 1/2] Log daemon version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/daemon.go | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lxd/daemon.go b/lxd/daemon.go
index f0debc8..6009929 100644
--- a/lxd/daemon.go
+++ b/lxd/daemon.go
@@ -576,13 +576,13 @@ func (d *Daemon) Init() error {
/* Print welcome message */
if d.MockMode {
- shared.LogInfo("LXD is starting in mock mode",
+ shared.LogInfo(fmt.Sprintf("LXD %s is starting in mock mode", shared.Version),
log.Ctx{"path": shared.VarPath("")})
} else if d.SetupMode {
- shared.LogInfo("LXD is starting in setup mode",
+ shared.LogInfo(fmt.Sprintf("LXD %s is starting in setup mode", shared.Version),
log.Ctx{"path": shared.VarPath("")})
} else {
- shared.LogInfo("LXD is starting in normal mode",
+ shared.LogInfo(fmt.Sprintf("LXD %s is starting in normal mode", shared.Version),
log.Ctx{"path": shared.VarPath("")})
}
From a2065d1f29c58630e2b2ec1404bb46b8841bbe8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 2 Dec 2016 18:03:36 -0500
Subject: [PATCH 2/2] tests: Add pki test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
test/main.sh | 4 ++++
test/suites/pki.sh | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
create mode 100644 test/suites/pki.sh
diff --git a/test/main.sh b/test/main.sh
index 44bd337..51371d6 100755
--- a/test/main.sh
+++ b/test/main.sh
@@ -494,6 +494,10 @@ echo "==> TEST: template"
TEST_CURRENT=test_template
test_template
+echo "==> TEST: pki"
+TEST_CURRENT=test_pki
+test_pki
+
echo "==> TEST: devlxd"
TEST_CURRENT=test_devlxd
test_devlxd
diff --git a/test/suites/pki.sh b/test/suites/pki.sh
new file mode 100644
index 0000000..f81c1f0
--- /dev/null
+++ b/test/suites/pki.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+test_pki() {
+ if [ ! -d "/usr/share/easy-rsa/" ]; then
+ echo "==> SKIP: The pki test requires easy-rsa to be installed"
+ return
+ fi
+
+ # Setup the PKI
+ cp -R /usr/share/easy-rsa "${TEST_DIR}/pki"
+ (
+ set -e
+ cd "${TEST_DIR}/pki"
+ ls
+ # shellcheck disable=SC1091
+ . ./vars
+ ./clean-all
+ ./pkitool --initca
+ ./pkitool --server 127.0.0.1
+ ./pkitool lxd-client
+ )
+
+ # Setup the daemon
+ LXD5_DIR=$(mktemp -d -p "${TEST_DIR}" XXX)
+ chmod +x "${LXD5_DIR}"
+ cat "${TEST_DIR}/pki/keys/127.0.0.1.crt" "${TEST_DIR}/pki/keys/ca.crt" > "${LXD5_DIR}/server.crt"
+ cp "${TEST_DIR}/pki/keys/127.0.0.1.key" "${LXD5_DIR}/server.key"
+ cp "${TEST_DIR}/pki/keys/ca.crt" "${LXD5_DIR}/server.ca"
+ spawn_lxd "${LXD5_DIR}"
+ LXD5_ADDR=$(cat "${LXD5_DIR}/lxd.addr")
+
+ # Setup the client
+ LXC5_DIR=$(mktemp -d -p "${TEST_DIR}" XXX)
+ cp "${TEST_DIR}/pki/keys/lxd-client.crt" "${LXC5_DIR}/client.crt"
+ cp "${TEST_DIR}/pki/keys/lxd-client.key" "${LXC5_DIR}/client.key"
+ cp "${TEST_DIR}/pki/keys/ca.crt" "${LXC5_DIR}/client.ca"
+
+ # Confirm that a valid client certificate works
+ (
+ set -e
+ export LXD_CONF=${LXC5_DIR}
+ lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --password=foo
+ lxc_remote info pki-lxd:
+ )
+
+ # Confirm that a normal, non-PKI certificate doesn't
+ ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --password=foo
+
+ kill_lxd "${LXD5_DIR}"
+}
More information about the lxc-devel
mailing list