1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
#!/bin/sh
# PCP QA Test No. 1875
# Exercise pmseries & pmproxy with key server authentication
#
# Copyright (c) 2021 Red Hat. All Rights Reserved.
#
seq=`basename $0`
echo "QA output created by $seq"
# get standard environment, filters and checks
. ./common.product
. ./common.filter
. ./common.check
. ./common.keys
_check_series
key_server_version_major=`$key_server --version | sed -E 's/.*v=([0-9]).*/\1/g'`
[ $key_server_version_major -ge 6 ] || _notrun "Key server version too old (this test requires v6+)"
_cleanup()
{
cd $here
echo "_cleanup ..." >>$seq_full
$PCP_PS_PROG $PCP_PS_ALL_FLAGS | grep "$key_server[ ]" >>$seq_full
echo "pmproxy_pid=$pmproxy_pid key_server_pid=$key_server_pid" >>$seq_full
[ -n "$pmproxy_pid" ] && $signal -s TERM $pmproxy_pid
[ -n "$key_server_pid" ] && $signal -s TERM $key_server_pid
$PCP_PS_PROG $PCP_PS_ALL_FLAGS | grep "$key_server[ ]" >>$seq_full
$sudo rm -rf $tmp $tmp.*
}
status=0 # success is the default!
signal=$PCP_BINADM_DIR/pmsignal
username=`id -u -n`
trap "_cleanup; exit \$status" 0 1 2 3 15
# real QA test starts here
echo "Start key server with password auth ..."
key_server_port=`_find_free_port`
$key_server --port $key_server_port --save "" --requirepass 'top$secret' > $tmp.keys 2>&1 &
key_server_pid=$!
pmsleep 0.125
echo
echo "=== password auth enabled, no password provided" | tee -a $seq_full
cat <<EOF > $tmp.conf
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq_full | grep -o "Cannot connect"
echo
echo "=== password auth enabled, wrong password provided" | tee -a $seq_full
cat <<EOF > $tmp.conf
[pmseries]
enabled = true
auth.password = topsecret
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq_full | grep -o "Cannot connect"
echo
echo "=== password auth enabled, correct password provided" | tee -a $seq_full
cat <<EOF > $tmp.conf
[pmseries]
enabled = true
auth.password = top\$secret
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq_full | grep -o "Cannot connect" || echo OK
echo
echo "=== password auth enabled, correct password provided (pmproxy)" | tee -a $seq_full
pmproxyport=`_find_free_port`
pmproxy -f -U $username -x $tmp.err -l $tmp.pmproxy.log -p $pmproxyport -r $key_server_port -t -c $tmp.conf &
pmproxy_pid=$!
# check pmproxy has started and is available for requests
pmcd_wait -h localhost@localhost:$pmproxyport -v -t 5sec
grep -o "Key server slots, schema version setup" $tmp.pmproxy.log
$signal -s TERM $pmproxy_pid
echo
echo "Stop key server with password auth ..."
$signal -s TERM $key_server_pid
echo "Start key server with ACL auth ..."
key_server_port=`_find_free_port`
$key_server --port $key_server_port --save "" --user alice on '>top$secret' '~*' '+@all' --user default off > $tmp.keys 2>&1 &
key_server_pid=$!
pmsleep 0.125
echo
echo "=== ACL auth enabled, no username/password provided" | tee -a $seq_full
cat <<EOF > $tmp.conf
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq_full | grep -o "Cannot connect"
echo
echo "=== ACL auth enabled, unknown username provided" | tee -a $seq_full
cat <<EOF > $tmp.conf
[pmseries]
enabled = true
auth.username = max
auth.password = topsecret
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq_full | grep -o "Cannot connect"
echo
echo "=== ACL auth enabled, correct username, wrong password provided" | tee -a $seq_full
cat <<EOF > $tmp.conf
[pmseries]
enabled = true
auth.username = alice
auth.password = topsecret
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq_full | grep -o "Cannot connect"
echo
echo "=== ACL auth enabled, correct username and password provided" | tee -a $seq_full
cat <<EOF > $tmp.conf
[pmseries]
enabled = true
auth.username = alice
auth.password = top\$secret
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq_full | grep -o "Cannot connect" || echo OK
echo
echo "=== ACL auth enabled, correct username and password provided (pmproxy)" | tee -a $seq_full
pmproxyport=`_find_free_port`
pmproxy -f -U $username -x $tmp.err -l $tmp.pmproxy.log -p $pmproxyport -r $key_server_port -t -c $tmp.conf &
pmproxy_pid=$!
# check pmproxy has started and is available for requests
pmcd_wait -h localhost@localhost:$pmproxyport -v -t 5sec
grep -o "Key server slots, schema version setup" $tmp.pmproxy.log
# success, all done
exit
|
