[lxc-devel] [lxd/master] Add pki tests

stgraber on Github lxc-bot at linuxcontainers.org
Fri Dec 2 23:12:09 UTC 2016


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161202/e00d8cb5/attachment.bin>
-------------- next part --------------
From f41f44b5e9c5fab82b08cb7bff1e475da7c6da80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 2 Dec 2016 18:03:20 -0500
Subject: [PATCH 1/2] Log daemon version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/daemon.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lxd/daemon.go b/lxd/daemon.go
index f0debc8..6009929 100644
--- a/lxd/daemon.go
+++ b/lxd/daemon.go
@@ -576,13 +576,13 @@ func (d *Daemon) Init() error {
 
 	/* Print welcome message */
 	if d.MockMode {
-		shared.LogInfo("LXD is starting in mock mode",
+		shared.LogInfo(fmt.Sprintf("LXD %s is starting in mock mode", shared.Version),
 			log.Ctx{"path": shared.VarPath("")})
 	} else if d.SetupMode {
-		shared.LogInfo("LXD is starting in setup mode",
+		shared.LogInfo(fmt.Sprintf("LXD %s is starting in setup mode", shared.Version),
 			log.Ctx{"path": shared.VarPath("")})
 	} else {
-		shared.LogInfo("LXD is starting in normal mode",
+		shared.LogInfo(fmt.Sprintf("LXD %s is starting in normal mode", shared.Version),
 			log.Ctx{"path": shared.VarPath("")})
 	}
 

From a2065d1f29c58630e2b2ec1404bb46b8841bbe8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 2 Dec 2016 18:03:36 -0500
Subject: [PATCH 2/2] tests: Add pki test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 test/main.sh       |  4 ++++
 test/suites/pki.sh | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 test/suites/pki.sh

diff --git a/test/main.sh b/test/main.sh
index 44bd337..51371d6 100755
--- a/test/main.sh
+++ b/test/main.sh
@@ -494,6 +494,10 @@ echo "==> TEST: template"
 TEST_CURRENT=test_template
 test_template
 
+echo "==> TEST: pki"
+TEST_CURRENT=test_pki
+test_pki
+
 echo "==> TEST: devlxd"
 TEST_CURRENT=test_devlxd
 test_devlxd
diff --git a/test/suites/pki.sh b/test/suites/pki.sh
new file mode 100644
index 0000000..f81c1f0
--- /dev/null
+++ b/test/suites/pki.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+test_pki() {
+  if [ ! -d "/usr/share/easy-rsa/" ]; then
+    echo "==> SKIP: The pki test requires easy-rsa to be installed"
+    return
+  fi
+
+  # Setup the PKI
+  cp -R /usr/share/easy-rsa "${TEST_DIR}/pki"
+  (
+    set -e
+    cd "${TEST_DIR}/pki"
+    ls
+    # shellcheck disable=SC1091
+    . ./vars
+    ./clean-all
+    ./pkitool --initca
+    ./pkitool --server 127.0.0.1
+    ./pkitool lxd-client
+  )
+
+  # Setup the daemon
+  LXD5_DIR=$(mktemp -d -p "${TEST_DIR}" XXX)
+  chmod +x "${LXD5_DIR}"
+  cat "${TEST_DIR}/pki/keys/127.0.0.1.crt" "${TEST_DIR}/pki/keys/ca.crt" > "${LXD5_DIR}/server.crt"
+  cp "${TEST_DIR}/pki/keys/127.0.0.1.key" "${LXD5_DIR}/server.key"
+  cp "${TEST_DIR}/pki/keys/ca.crt" "${LXD5_DIR}/server.ca"
+  spawn_lxd "${LXD5_DIR}"
+  LXD5_ADDR=$(cat "${LXD5_DIR}/lxd.addr")
+
+  # Setup the client
+  LXC5_DIR=$(mktemp -d -p "${TEST_DIR}" XXX)
+  cp "${TEST_DIR}/pki/keys/lxd-client.crt" "${LXC5_DIR}/client.crt"
+  cp "${TEST_DIR}/pki/keys/lxd-client.key" "${LXC5_DIR}/client.key"
+  cp "${TEST_DIR}/pki/keys/ca.crt" "${LXC5_DIR}/client.ca"
+
+  # Confirm that a valid client certificate works
+  (
+    set -e
+    export LXD_CONF=${LXC5_DIR}
+    lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --password=foo
+    lxc_remote info pki-lxd:
+  )
+
+  # Confirm that a normal, non-PKI certificate doesn't
+  ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --password=foo
+
+  kill_lxd "${LXD5_DIR}"
+}


More information about the lxc-devel mailing list