#1 Add CI tests using the standard test interface
Merged 3 years ago by jjelen. Opened 3 years ago by bgoncalv.
rpms/ bgoncalv/cyrus-sasl cyrus-sasl-tests  into  master

@@ -0,0 +1,69 @@ 

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Makefile of /CoreOS/cyrus-sasl/Sanity/sanity-ldapdb-plugin

+ #   Description: The ldapdb auxprop plugin provides access to credentials stored in an LDAP server.

+ #   Author: David Spurek <dspurek@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2012 Red Hat, Inc. All rights reserved.

+ #

+ #   This copyrighted material is made available to anyone wishing

+ #   to use, modify, copy, or redistribute it subject to the terms

+ #   and conditions of the GNU General Public License version 2.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE. See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public

+ #   License along with this program; if not, write to the Free

+ #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,

+ #   Boston, MA 02110-1301, USA.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ export TEST=/CoreOS/cyrus-sasl/Sanity/sanity-ldapdb-plugin

+ export TESTVERSION=1.0

+ 

+ BUILT_FILES=

+ 

+ FILES=$(METADATA) runtest.sh Makefile PURPOSE

+ 

+ .PHONY: all install download clean

+ 

+ run: $(FILES) build

+ 	./runtest.sh

+ 

+ build: $(BUILT_FILES)

+ 	test -x runtest.sh || chmod a+x runtest.sh

+ 

+ clean:

+ 	rm -f *~ $(BUILT_FILES)

+ 

+ 

+ include /usr/share/rhts/lib/rhts-make.include

+ 

+ $(METADATA): Makefile

+ 	@echo "Owner:           David Spurek <dspurek@redhat.com>" > $(METADATA)

+ 	@echo "Name:            $(TEST)" >> $(METADATA)

+ 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)

+ 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)

+ 	@echo "Description:     The ldapdb auxprop plugin provides access to credentials stored in an LDAP server." >> $(METADATA)

+ 	@echo "Type:            Sanity" >> $(METADATA)

+ 	@echo "TestTime:        15m" >> $(METADATA)

+ 	@echo "RunFor:          cyrus-sasl" >> $(METADATA)

+ 	@echo "Requires:        cyrus-sasl" >> $(METADATA)

+ 	@echo "Requires:        cyrus-sasl-md5" >> $(METADATA)

+ 	@echo "Requires:        cyrus-sasl-ldap" >> $(METADATA)

+ 	@echo "Requires:        cyrus-sasl-plain cyrus-sasl-devel" >> $(METADATA)

+ 	@echo "Requires:        expect" >> $(METADATA)

+ 	@echo "Requires:        openldap-servers" >> $(METADATA)

+ 	@echo "Requires:        openldap-clients" >> $(METADATA)

+ 	@echo "Priority:        Normal" >> $(METADATA)

+ 	@echo "License:         GPLv2" >> $(METADATA)

+ 	@echo "Confidential:    no" >> $(METADATA)

+ 	@echo "Destructive:     no" >> $(METADATA)

+ 

+ 	rhts-lint $(METADATA)

@@ -0,0 +1,3 @@ 

+ PURPOSE of /CoreOS/cyrus-sasl/Sanity/sanity-ldapdb-plugin

+ Description: The ldapdb auxprop plugin provides access to credentials stored in an LDAP server.

+ Author: David Spurek <dspurek@redhat.com>

@@ -0,0 +1,249 @@ 

+ #!/bin/bash

+ # vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   runtest.sh of /CoreOS/cyrus-sasl/Sanity/sanity-ldapdb-plugin

+ #   Description: The ldapdb auxprop plugin provides access to credentials stored in an LDAP server.

+ #   Author: David Spurek <dspurek@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2012 Red Hat, Inc. All rights reserved.

+ #

+ #   This copyrighted material is made available to anyone wishing

+ #   to use, modify, copy, or redistribute it subject to the terms

+ #   and conditions of the GNU General Public License version 2.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE. See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public

+ #   License along with this program; if not, write to the Free

+ #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,

+ #   Boston, MA 02110-1301, USA.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ # Include Beaker environment

+ . /usr/bin/rhts-environment.sh || exit 1

+ . /usr/share/beakerlib/beakerlib.sh || exit 1

+ 

+ PACKAGE="cyrus-sasl"

+ 

+ PACKAGES=( "cyrus-sasl"       \

+            "cyrus-sasl-devel" \

+            "cyrus-sasl-ldap"  \

+            "cyrus-sasl-plain" \

+            "expect"           \

+            "pam"              \

+            "openldap"         \

+            "openldap-clients" \

+            "openldap-servers" \

+            "cyrus-sasl-md5"   )

+ 

+ # else branch is also relevant for Fedora

+ if rlIsRHEL '<6'; then

+     SERVICE_LDAP=ldap

+ else

+     SERVICE_LDAP=slapd

+ fi

+ 

+ ldapdb_id="sasluser"

+ ldapdb_pw="x"

+ 

+ SASL_PASSWORD="x"

+ SASL_USER="test"

+ 

+ if [ "`uname -i`" = "i386" ]; then

+     LIBDIR=/usr/lib

+ else

+     LIBDIR=/usr/lib64

+ fi

+ rlIsRHEL 5 && [ "`uname -i`" = "ia64" ] &&  LIBDIR=/usr/lib

+ 

+ function slapd_conf {

+ cat >/etc/openldap/slapd.conf<<'EOF'

+ include         /etc/openldap/schema/core.schema

+ include         /etc/openldap/schema/cosine.schema

+ include         /etc/openldap/schema/inetorgperson.schema

+ include         /etc/openldap/schema/nis.schema

+ 

+ allow bind_v2

+ 

+ pidfile         /var/run/openldap/slapd.pid

+ argsfile        /var/run/openldap/slapd.args

+ 

+ database        bdb

+ suffix          "dc=my-domain,dc=com"

+ rootdn          "uid=admin,dc=my-domain,dc=com"

+ rootpw          x

+ 

+ directory       /var/lib/ldap

+ 

+ password-hash   {CLEARTEXT}

+ 

+ authz-policy to

+ authz-regexp

+         uid=(.*),cn=.*,cn=auth

+         "ldap:///dc=my-domain,dc=com??sub?(uid=$1)"

+ 

+ index objectClass                       eq,pres

+ index ou,cn,mail,surname,givenname      eq,pres,sub

+ index uidNumber,gidNumber,loginShell    eq,pres

+ index uid,memberUid                     eq,pres,sub

+ index nisMapName,nisMapEntry            eq,pres,sub

+ 

+ access to * by * write

+ access to * by * read

+ access to * by * auth

+ 

+ EOF

+ return $?

+ }

+ 

+ function data_ldif {

+ cat >data.ldif<<EOF

+ dn: dc=my-domain,dc=com

+ objectclass: top

+ objectclass: domain

+ dc: my-domain

+ 

+ dn: ou=Admins,dc=my-domain,dc=com

+ objectclass: top

+ objectclass: organizationalUnit

+ ou: Admins

+ 

+ dn: uid=$ldapdb_id,ou=People,dc=my-domain,dc=com

+ objectClass: person

+ objectClass: inetOrgPerson

+ userPassword: $ldapdb_pw

+ uid: $ldapdb_id

+ cn: $ldapdb_id

+ sn: $ldapdb_id

+ authzTo: ldap:///ou=People,dc=my-domain,dc=com??sub?(&(objectclass=inetOrgPerson)(uid=*))

+ 

+ dn: ou=People,dc=my-domain,dc=com

+ objectclass: top

+ objectclass: organizationalUnit

+ ou: People

+ 

+ dn: uid=$SASL_USER,ou=People,dc=my-domain,dc=com

+ objectClass: person

+ objectClass: inetOrgPerson

+ userPassword: x

+ uid: $SASL_USER

+ cn: $SASL_USER

+ sn: $SASL_USER

+ EOF

+ return $?

+ }

+ 

+ function sasl_client {

+ expect <<EOF

+ set timeout 30

+ spawn sasl2-sample-client -p 8000 -s rcmd -m PLAIN localhost

+ expect {

+     timeout {exit 1}

+     eof {exit 2}

+     -nocase "please enter an authentication id:" { puts $1 ; send "$1\r"}

+ }

+ expect {

+     timeout {exit 3}

+     eof {exit 4}

+     -nocase "please enter an authorization id:" { puts $1 ; send "$1\r"}

+ }

+ expect {

+     timeout {exit 5}

+     eof {exit 6}

+     -nocase "Password:" { puts $2 ; send "$2\r"}

+ }

+ expect {

+     timeout {exit 8}

+     -nocase "successful authentication" { expect eof  ; exit 0}

+     -nocase "authentication failed" {exit 9}

+ }

+ expect eof

+ exit 0

+ EOF

+ }

+ 

+ # ldapdb configuration for services, in this test for sasl2-sample-server

+ # configuration may be for smtpd.conf,imapd.conf instead of sample.conf

+ function smtpd_ldapdb {

+ cat >$LIBDIR/sasl2/sample.conf<<EOF

+ pwcheck_method: auxprop

+ auxprop_plugin: ldapdb

+ mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

+ ldapdb_uri: ldap://localhost

+ ldapdb_id: $ldapdb_id

+ ldapdb_pw: $ldapdb_pw

+ ldapdb_mech: DIGEST-MD5

+ EOF

+ return $?

+ }

+ 

+ 

+ rlJournalStart

+     rlPhaseStartSetup

+         for P in ${PACKAGES[@]}; do rlCheckRpm $P || rlDie "Package $P is missing"; done

+         rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"

+         rlRun "pushd $TmpDir"

+ 

+         rlFileBackup --clean "$LIBDIR/sasl2/sample.conf"

+         rlFileBackup --clean "/etc/sasldb2"

+ 

+         rlRun "smtpd_ldapdb" 0

+ 

+         rlServiceStop $SERVICE_LDAP

+ 

+         # Back-up.

+         rlFileBackup --clean /var/run/openldap

+         rlFileBackup --clean /var/lib/ldap && rm -rf /var/lib/ldap/*

+         rlFileBackup --clean /etc/openldap/

+ 

+         rlRun "slapd_conf" 0

+         rlRun "cat /etc/openldap/slapd.conf" 0

+         if rlIsRHEL '>=6' || rlIsFedora '>=14'; then

+             rm -rf /etc/openldap/slapd.d/*

+             slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/

+         fi

+ 

+         rlRun "data_ldif" 0

+         rlRun "slapadd -l data.ldif" 0

+ 

+         chown -R ldap:ldap /var/lib/ldap/* && chmod -R a+rx /etc/openldap/

+ 

+         rlRun "restorecon -vvRF /etc/openldap/"

+         rlRun "service $SERVICE_LDAP start && sleep 10" 0

+ 

+     rlPhaseEnd

+ 

+     rlPhaseStartTest

+         rlRun "ldapsearch -LLL -H ldap://localhost -s base  -b '' -x supportedSASLMechanisms" 0

+         rlRun "ldapsearch -H ldap://localhost -x -b 'dc=my-domain,dc=com' '(objectclass=*)'" 0 "Check ldap entries without SASL"

+ 

+         # this two ldapwhoami commands may be used for testing purposes

+         #        rlRun "ldapwhoami -U $ldapdb_id -Y digest-md5" 0

+         #        rlRun "ldapwhoami -U $ldapdb_id -X u:test@localhost -Y digest-md5" 0

+ 

+         # sasl sample server uses ldap sasluser as sasl bind id

+         # then try search user passed to sample client in ldap database

+         rlRun "sasl2-sample-server -p 8000 -s rcmd -m PLAIN &>sample_server.log &" 0

+         SASL_PID=`pgrep -f "sasl2-sample-server -p 8000 -s rcmd -m PLAIN"`

+         rlRun "sasl_client $SASL_USER ${SASL_PASSWORD}" 0

+         rlRun "sasl_client baduser ${SASL_PASSWORD}" 9

+         rlRun "kill $SASL_PID" 0 ; sleep 5

+         rlRun "cat sample_server.log" 0

+     rlPhaseEnd

+ 

+     rlPhaseStartCleanup

+         rlRun "service $SERVICE_LDAP stop && sleep 10" 0

+         rlFileRestore

+         rlServiceRestore $SERVICE_LDAP

+         rlRun "popd"

+         rlRun "rm -r $TmpDir" 0 "Removing tmp directory"

+     rlPhaseEnd

+ rlJournalPrintText

+ rlJournalEnd

file added
+18
@@ -0,0 +1,18 @@ 

+ ---

+ # This first play always runs on the local staging system

+ - hosts: localhost

+   roles:

+   - role: standard-test-beakerlib

+     tags:

+     - classic

+     tests:

+     - sanity-ldapdb-plugin

+     required_packages:

+     - cyrus-sasl

+     - cyrus-sasl-md5

+     - cyrus-sasl-ldap

+     - cyrus-sasl-plain

+     - cyrus-sasl-devel

+     - expect

+     - openldap-servers

+     - openldap-clients

Adds tests according to the CI wiki [0] specifically the standard test interface in the spec [1].

The playbook includes Tier1 level test cases that have been tested in the following contexts and is passing reliably: Atomic Host, Docker, and Classic.
Test logs are stored in the Artifacts directory.

The following steps are used to execute the tests using the standard test interface:

  • Atomic
    sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS=../atomic.qcow2 TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags atomic tests.yml

  • Docker
    sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS=docker:docker.io/library/fedora:26 TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags container tests.yml

  • Classic
    sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS="" TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags classic tests.yml

[0] https://fedoraproject.org/wiki/CI
[1] https://fedoraproject.org/wiki/Changes/InvokingTests

Test Logs: (If you you would like a pointer to the complete log, I can include that as well)

  • Atomic

    test does not run on atomic

  • Docker

    test does not run on docker

  • Classic

    <snip>
    ==> default: TASK [standard-test-beakerlib : Execute beakerlib tests] ***
    ==> default: changed: [localhost] => (item=sanity-ldapdb-plugin)
    ==> default:
    ==> default: TASK [standard-test-beakerlib : Make the master test summary log artifact] *
    ==> default: changed: [localhost] => (item=sanity-ldapdb-plugin)
    ==> default:
    ==> default: TASK [standard-test-beakerlib : Pull out the logs]
    *****
    ==> default: changed: [localhost]
    ==> default:
    ==> default: TASK [standard-test-beakerlib : Check the results]
    *****
    ==> default: changed: [localhost]
    ==> default:
    ==> default: PLAY RECAP
    *********
    **
    ==> default: localhost : ok=15 changed=12 unreachable=0 failed=0
    ==> default: ++ '[' 0 -ne 0 ']'
    ==> default: ++ cat /root/cyrus-sasl/artifacts/test.log
    ==> default: PASS sanity-ldapdb-plugin

The first part says

is passing reliably: Atomic Host, Docker, and Classic.

but the second one says

Atomic

test does not run on atomic

Docker

test does not run on docker

So what part is right? How hard is it to make it working?

I'm sorry, the first part is an standard request that I'm using for all PR request that Im creating with the explanation how to run the tests for each environment (I can edit it to make more sense on cyrus-sasl case). The test results is for cyrus-sasl, and the tests for it do not run on docker nor on atomic.
The problem for atomic is we are not able to install package on atomic images and not all required packages are shipped with it.
For docker the problem is that we need LDAP service running, but it is not possible to use systemctl to start services in docker.

Pull-Request has been merged by jjelen

3 years ago