tests: add post-clightning extra tests to scenarios

This commit is contained in:
Jonas Nick 2020-08-02 22:02:09 +00:00
parent 5fa0602a18
commit 5c0170c6b8
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
3 changed files with 51 additions and 47 deletions

View File

@ -25,12 +25,17 @@ def web_index():
assert_matches("curl -L localhost/store", "tshirt") assert_matches("curl -L localhost/store", "tshirt")
def post_clightning():
pass
extra_tests = { extra_tests = {
"electrs": electrs, "electrs": electrs,
"spark-wallet": spark_wallet, "spark-wallet": spark_wallet,
"lightning-charge": lightning_charge, "lightning-charge": lightning_charge,
"nanopos": nanopos, "nanopos": nanopos,
"web-index": web_index, "web-index": web_index,
"post-clightning": post_clightning,
} }
run_tests(extra_tests) run_tests(extra_tests)

View File

@ -113,6 +113,8 @@ def run_tests(extra_tests):
) )
assert_no_failure("bitcoind-import-banlist") assert_no_failure("bitcoind-import-banlist")
extra_tests.pop("post-clightning")()
### Test lnd ### Test lnd
stopped_services = "nanopos lightning-charge spark-wallet clightning" stopped_services = "nanopos lightning-charge spark-wallet clightning"
@ -131,9 +133,5 @@ def run_tests(extra_tests):
log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting")
) )
### Stop lnd and restart clightning
succeed("systemctl stop lnd")
succeed("systemctl start " + stopped_services)
### Check that all extra_tests have been run ### Check that all extra_tests have been run
assert len(extra_tests) == 0 assert len(extra_tests) == 0

View File

@ -10,7 +10,7 @@ nanopos_ip = "169.254.1.19"
recurringdonations_ip = "169.254.1.20" recurringdonations_ip = "169.254.1.20"
nginx_ip = "169.254.1.21" nginx_ip = "169.254.1.21"
## electrs
def electrs(): def electrs():
machine.wait_until_succeeds( machine.wait_until_succeeds(
"ip netns exec nb-electrs nc -z localhost 4224" "ip netns exec nb-electrs nc -z localhost 4224"
@ -46,33 +46,22 @@ def web_index():
assert_matches("ip netns exec nb-nginx curl -L localhost/store", "tshirt") assert_matches("ip netns exec nb-nginx curl -L localhost/store", "tshirt")
extra_tests = { def post_clightning():
"electrs": electrs, ping_bitcoind = "ip netns exec nb-bitcoind ping -c 1 -w 1"
"spark-wallet": spark_wallet, ping_nanopos = "ip netns exec nb-nanopos ping -c 1 -w 1"
"lightning-charge": lightning_charge,
"nanopos": nanopos,
"web-index": web_index,
}
run_tests(extra_tests) # Positive ping tests (non-exhaustive)
machine.succeed(
### Security tests
ping_bitcoind = "ip netns exec nb-bitcoind ping -c 1 -w 1"
ping_nanopos = "ip netns exec nb-nanopos ping -c 1 -w 1"
# Positive ping tests (non-exhaustive)
machine.succeed(
"%s %s &&" % (ping_bitcoind, bitcoind_ip) "%s %s &&" % (ping_bitcoind, bitcoind_ip)
+ "%s %s &&" % (ping_bitcoind, clightning_ip) + "%s %s &&" % (ping_bitcoind, clightning_ip)
+ "%s %s &&" % (ping_bitcoind, liquidd_ip) + "%s %s &&" % (ping_bitcoind, liquidd_ip)
+ "%s %s &&" % (ping_nanopos, lightningcharge_ip) + "%s %s &&" % (ping_nanopos, lightningcharge_ip)
+ "%s %s &&" % (ping_nanopos, nanopos_ip) + "%s %s &&" % (ping_nanopos, nanopos_ip)
+ "%s %s" % (ping_nanopos, nginx_ip) + "%s %s" % (ping_nanopos, nginx_ip)
) )
# Negative ping tests (non-exhaustive) # Negative ping tests (non-exhaustive)
machine.fail( machine.fail(
"%s %s ||" % (ping_bitcoind, sparkwallet_ip) "%s %s ||" % (ping_bitcoind, sparkwallet_ip)
+ "%s %s ||" % (ping_bitcoind, lightningcharge_ip) + "%s %s ||" % (ping_bitcoind, lightningcharge_ip)
+ "%s %s ||" % (ping_bitcoind, nanopos_ip) + "%s %s ||" % (ping_bitcoind, nanopos_ip)
@ -85,15 +74,27 @@ machine.fail(
+ "%s %s ||" % (ping_nanopos, electrs_ip) + "%s %s ||" % (ping_nanopos, electrs_ip)
+ "%s %s ||" % (ping_nanopos, sparkwallet_ip) + "%s %s ||" % (ping_nanopos, sparkwallet_ip)
+ "%s %s" % (ping_nanopos, recurringdonations_ip) + "%s %s" % (ping_nanopos, recurringdonations_ip)
) )
# test that netns-exec can't be run for unauthorized namespace # test that netns-exec can't be run for unauthorized namespace
machine.fail("netns-exec nb-electrs ip a") machine.fail("netns-exec nb-electrs ip a")
# test that netns-exec drops capabilities # test that netns-exec drops capabilities
assert_matches_exactly( assert_matches_exactly(
"su operator -c 'netns-exec nb-bitcoind capsh --print | grep Current '", "Current: =\n" "su operator -c 'netns-exec nb-bitcoind capsh --print | grep Current '", "Current: =\n"
) )
# test that netns-exec can not be executed by users that are not operator # test that netns-exec can not be executed by users that are not operator
machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a") machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a")
extra_tests = {
"electrs": electrs,
"spark-wallet": spark_wallet,
"lightning-charge": lightning_charge,
"nanopos": nanopos,
"web-index": web_index,
"post-clightning": post_clightning,
}
run_tests(extra_tests)