tests: add post-clightning extra tests to scenarios

This commit is contained in:
Jonas Nick 2020-08-02 22:02:09 +00:00
parent 5fa0602a18
commit 5c0170c6b8
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
3 changed files with 51 additions and 47 deletions

View File

@ -25,12 +25,17 @@ def web_index():
assert_matches("curl -L localhost/store", "tshirt") assert_matches("curl -L localhost/store", "tshirt")
def post_clightning():
pass
extra_tests = { extra_tests = {
"electrs": electrs, "electrs": electrs,
"spark-wallet": spark_wallet, "spark-wallet": spark_wallet,
"lightning-charge": lightning_charge, "lightning-charge": lightning_charge,
"nanopos": nanopos, "nanopos": nanopos,
"web-index": web_index, "web-index": web_index,
"post-clightning": post_clightning,
} }
run_tests(extra_tests) run_tests(extra_tests)

View File

@ -113,6 +113,8 @@ def run_tests(extra_tests):
) )
assert_no_failure("bitcoind-import-banlist") assert_no_failure("bitcoind-import-banlist")
extra_tests.pop("post-clightning")()
### Test lnd ### Test lnd
stopped_services = "nanopos lightning-charge spark-wallet clightning" stopped_services = "nanopos lightning-charge spark-wallet clightning"
@ -131,9 +133,5 @@ def run_tests(extra_tests):
log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting")
) )
### Stop lnd and restart clightning
succeed("systemctl stop lnd")
succeed("systemctl start " + stopped_services)
### Check that all extra_tests have been run ### Check that all extra_tests have been run
assert len(extra_tests) == 0 assert len(extra_tests) == 0

View File

@ -10,7 +10,7 @@ nanopos_ip = "169.254.1.19"
recurringdonations_ip = "169.254.1.20" recurringdonations_ip = "169.254.1.20"
nginx_ip = "169.254.1.21" nginx_ip = "169.254.1.21"
## electrs
def electrs(): def electrs():
machine.wait_until_succeeds( machine.wait_until_succeeds(
"ip netns exec nb-electrs nc -z localhost 4224" "ip netns exec nb-electrs nc -z localhost 4224"
@ -46,54 +46,55 @@ def web_index():
assert_matches("ip netns exec nb-nginx curl -L localhost/store", "tshirt") assert_matches("ip netns exec nb-nginx curl -L localhost/store", "tshirt")
def post_clightning():
ping_bitcoind = "ip netns exec nb-bitcoind ping -c 1 -w 1"
ping_nanopos = "ip netns exec nb-nanopos ping -c 1 -w 1"
# Positive ping tests (non-exhaustive)
machine.succeed(
"%s %s &&" % (ping_bitcoind, bitcoind_ip)
+ "%s %s &&" % (ping_bitcoind, clightning_ip)
+ "%s %s &&" % (ping_bitcoind, liquidd_ip)
+ "%s %s &&" % (ping_nanopos, lightningcharge_ip)
+ "%s %s &&" % (ping_nanopos, nanopos_ip)
+ "%s %s" % (ping_nanopos, nginx_ip)
)
# Negative ping tests (non-exhaustive)
machine.fail(
"%s %s ||" % (ping_bitcoind, sparkwallet_ip)
+ "%s %s ||" % (ping_bitcoind, lightningcharge_ip)
+ "%s %s ||" % (ping_bitcoind, nanopos_ip)
+ "%s %s ||" % (ping_bitcoind, recurringdonations_ip)
+ "%s %s ||" % (ping_bitcoind, nginx_ip)
+ "%s %s ||" % (ping_nanopos, bitcoind_ip)
+ "%s %s ||" % (ping_nanopos, clightning_ip)
+ "%s %s ||" % (ping_nanopos, lnd_ip)
+ "%s %s ||" % (ping_nanopos, liquidd_ip)
+ "%s %s ||" % (ping_nanopos, electrs_ip)
+ "%s %s ||" % (ping_nanopos, sparkwallet_ip)
+ "%s %s" % (ping_nanopos, recurringdonations_ip)
)
# test that netns-exec can't be run for unauthorized namespace
machine.fail("netns-exec nb-electrs ip a")
# test that netns-exec drops capabilities
assert_matches_exactly(
"su operator -c 'netns-exec nb-bitcoind capsh --print | grep Current '", "Current: =\n"
)
# test that netns-exec can not be executed by users that are not operator
machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a")
extra_tests = { extra_tests = {
"electrs": electrs, "electrs": electrs,
"spark-wallet": spark_wallet, "spark-wallet": spark_wallet,
"lightning-charge": lightning_charge, "lightning-charge": lightning_charge,
"nanopos": nanopos, "nanopos": nanopos,
"web-index": web_index, "web-index": web_index,
"post-clightning": post_clightning,
} }
run_tests(extra_tests) run_tests(extra_tests)
### Security tests
ping_bitcoind = "ip netns exec nb-bitcoind ping -c 1 -w 1"
ping_nanopos = "ip netns exec nb-nanopos ping -c 1 -w 1"
# Positive ping tests (non-exhaustive)
machine.succeed(
"%s %s &&" % (ping_bitcoind, bitcoind_ip)
+ "%s %s &&" % (ping_bitcoind, clightning_ip)
+ "%s %s &&" % (ping_bitcoind, liquidd_ip)
+ "%s %s &&" % (ping_nanopos, lightningcharge_ip)
+ "%s %s &&" % (ping_nanopos, nanopos_ip)
+ "%s %s" % (ping_nanopos, nginx_ip)
)
# Negative ping tests (non-exhaustive)
machine.fail(
"%s %s ||" % (ping_bitcoind, sparkwallet_ip)
+ "%s %s ||" % (ping_bitcoind, lightningcharge_ip)
+ "%s %s ||" % (ping_bitcoind, nanopos_ip)
+ "%s %s ||" % (ping_bitcoind, recurringdonations_ip)
+ "%s %s ||" % (ping_bitcoind, nginx_ip)
+ "%s %s ||" % (ping_nanopos, bitcoind_ip)
+ "%s %s ||" % (ping_nanopos, clightning_ip)
+ "%s %s ||" % (ping_nanopos, lnd_ip)
+ "%s %s ||" % (ping_nanopos, liquidd_ip)
+ "%s %s ||" % (ping_nanopos, electrs_ip)
+ "%s %s ||" % (ping_nanopos, sparkwallet_ip)
+ "%s %s" % (ping_nanopos, recurringdonations_ip)
)
# test that netns-exec can't be run for unauthorized namespace
machine.fail("netns-exec nb-electrs ip a")
# test that netns-exec drops capabilities
assert_matches_exactly(
"su operator -c 'netns-exec nb-bitcoind capsh --print | grep Current '", "Current: =\n"
)
# test that netns-exec can not be executed by users that are not operator
machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a")