diff --git a/test/scenarios/default.py b/test/scenarios/default.py index 09aaaa2..59427d8 100644 --- a/test/scenarios/default.py +++ b/test/scenarios/default.py @@ -1,3 +1,5 @@ +run_tests() + ## electrs # the main test body stops electrs succeed("systemctl start electrs") @@ -5,10 +7,12 @@ machine.wait_for_open_port(4224) # prometeus metrics provider ## spark-wallet machine.wait_for_open_port(9737) +spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] assert_matches(f"curl -s {spark_auth}@localhost:9737", "Spark") ## lightning-charge machine.wait_for_open_port(9112) +charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] assert_matches(f"curl -s api-token:{charge_auth}@localhost:9112/info | jq", '"id"') ## nanopos diff --git a/test/scenarios/lib.py b/test/scenarios/lib.py index 7e8dc6c..7d7e777 100644 --- a/test/scenarios/lib.py +++ b/test/scenarios/lib.py @@ -35,96 +35,96 @@ if "is_interactive" in vars(): ### Tests -assert_running("setup-secrets") -# Unused secrets should be inaccessible -succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') -assert_running("bitcoind") -machine.wait_until_succeeds("bitcoin-cli getnetworkinfo") -assert_matches("su operator -c 'bitcoin-cli getnetworkinfo' | jq", '"version"') -# Test RPC Whitelist -machine.wait_until_succeeds("su operator -c 'bitcoin-cli help'") -# Restating rpcuser & rpcpassword overrides privileged credentials -machine.fail( - "bitcoin-cli -rpcuser=publicrpc -rpcpassword=$(cat /secrets/bitcoin-rpcpassword-public) help" -) -machine.wait_until_succeeds( - log_has_string("bitcoind", "RPC User publicrpc not allowed to call method help") -) +def run_tests(): + assert_running("setup-secrets") + # Unused secrets should be inaccessible + succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') -assert_running("electrs") -# Check RPC connection to bitcoind -machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) -assert_running("nginx") -# Stop electrs from spamming the test log with 'wait for bitcoind sync' messages -succeed("systemctl stop electrs") + assert_running("bitcoind") + machine.wait_until_succeeds("bitcoin-cli getnetworkinfo") + assert_matches("su operator -c 'bitcoin-cli getnetworkinfo' | jq", '"version"') + # Test RPC Whitelist + machine.wait_until_succeeds("su operator -c 'bitcoin-cli help'") + # Restating rpcuser & rpcpassword overrides privileged credentials + machine.fail( + "bitcoin-cli -rpcuser=publicrpc -rpcpassword=$(cat /secrets/bitcoin-rpcpassword-public) help" + ) + machine.wait_until_succeeds( + log_has_string("bitcoind", "RPC User publicrpc not allowed to call method help") + ) -assert_running("liquidd") -machine.wait_until_succeeds("elements-cli getnetworkinfo") -assert_matches("su operator -c 'elements-cli getnetworkinfo' | jq", '"version"') -succeed("su operator -c 'liquidswap-cli --help'") + assert_running("electrs") + # Check RPC connection to bitcoind + machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) + assert_running("nginx") + # Stop electrs from spamming the test log with 'wait for bitcoind sync' messages + succeed("systemctl stop electrs") -assert_running("clightning") -assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') + assert_running("liquidd") + machine.wait_until_succeeds("elements-cli getnetworkinfo") + assert_matches("su operator -c 'elements-cli getnetworkinfo' | jq", '"version"') + succeed("su operator -c 'liquidswap-cli --help'") -assert_running("spark-wallet") -spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] + assert_running("clightning") + assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') -assert_running("lightning-charge") -charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] + assert_running("spark-wallet") -assert_running("nanopos") + assert_running("lightning-charge") -assert_running("onion-chef") + assert_running("nanopos") -# FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due -# to incomplete unit dependencies. -# 'create-web-index' implicitly tests 'nodeinfo'. -machine.wait_for_unit("create-web-index") + assert_running("onion-chef") -machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) -assert_no_failure("bitcoind-import-banlist") + # FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due + # to incomplete unit dependencies. + # 'create-web-index' implicitly tests 'nodeinfo'. + machine.wait_for_unit("create-web-index") -# test that `systemctl status` can't leak credentials -assert_matches( - "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", - "Failed to dump process list for 'clightning.service', ignoring: Access denied", -) -machine.succeed("grep -Fq hidepid=2 /proc/mounts") + machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) + assert_no_failure("bitcoind-import-banlist") -### Additional tests + # test that `systemctl status` can't leak credentials + assert_matches( + "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", + "Failed to dump process list for 'clightning.service', ignoring: Access denied", + ) + machine.succeed("grep -Fq hidepid=2 /proc/mounts") -# Current time in µs -pre_restart = succeed("date +%s.%6N").rstrip() + ### Additional tests -# Sanity-check system by restarting all services -succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") + # Current time in µs + pre_restart = succeed("date +%s.%6N").rstrip() -# Now that the bitcoind restart triggered a banlist import restart, check that -# re-importing already banned addresses works -machine.wait_until_succeeds( - log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") -) -assert_no_failure("bitcoind-import-banlist") + # Sanity-check system by restarting all services + succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") -### Test lnd + # Now that the bitcoind restart triggered a banlist import restart, check that + # re-importing already banned addresses works + machine.wait_until_succeeds( + log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") + ) + assert_no_failure("bitcoind-import-banlist") -stopped_services = "nanopos lightning-charge spark-wallet clightning" -succeed("systemctl stop " + stopped_services) -succeed("systemctl start lnd") -assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') -assert_no_failure("lnd") + ### Test lnd -### Test loopd + stopped_services = "nanopos lightning-charge spark-wallet clightning" + succeed("systemctl stop " + stopped_services) + succeed("systemctl start lnd") + assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') + assert_no_failure("lnd") -succeed("systemctl start lightning-loop") -assert_matches("su operator -c 'loop --version'", "version") -# Check that lightning-loop fails with the right error, making sure -# lightning-loop can connect to lnd -machine.wait_until_succeeds( - log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") -) + ### Test loopd -### Stop lnd and restart clightning -succeed("systemctl stop lnd") -succeed("systemctl start " + stopped_services) + succeed("systemctl start lightning-loop") + assert_matches("su operator -c 'loop --version'", "version") + # Check that lightning-loop fails with the right error, making sure + # lightning-loop can connect to lnd + machine.wait_until_succeeds( + log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") + ) + + ### Stop lnd and restart clightning + succeed("systemctl stop lnd") + succeed("systemctl start " + stopped_services) diff --git a/test/scenarios/withnetns.py b/test/scenarios/withnetns.py index d2f102f..6ab7721 100644 --- a/test/scenarios/withnetns.py +++ b/test/scenarios/withnetns.py @@ -1,3 +1,5 @@ +run_tests() + # netns IP addresses bitcoind_ip = "169.254.1.12" clightning_ip = "169.254.1.13" @@ -19,12 +21,14 @@ machine.wait_until_succeeds( ## spark-wallet machine.wait_until_succeeds("ip netns exec nb-spark-wallet nc -z %s 9737" % sparkwallet_ip) +spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] assert_matches( f"ip netns exec nb-spark-wallet curl -s {spark_auth}@%s:9737" % sparkwallet_ip, "Spark" ) ## lightning-charge machine.wait_until_succeeds("ip netns exec nb-nanopos nc -z %s 9112" % lightningcharge_ip) +charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] assert_matches( f"ip netns exec nb-nanopos curl -s api-token:{charge_auth}@%s:9112/info | jq" % lightningcharge_ip,