tests: move common code of scenarios python scripts to the top

This commit is contained in:
Jonas Nick 2020-08-02 20:59:11 +00:00
parent 0baeb2acce
commit e13c532dbf
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
2 changed files with 114 additions and 79 deletions

View File

@ -18,7 +18,6 @@ machine.wait_until_succeeds(
) )
assert_running("electrs") assert_running("electrs")
machine.wait_for_open_port(4224) # prometeus metrics provider
# Check RPC connection to bitcoind # Check RPC connection to bitcoind
machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo"))
assert_running("nginx") assert_running("nginx")
@ -35,17 +34,11 @@ assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"')
assert_running("spark-wallet") assert_running("spark-wallet")
spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1]
machine.wait_for_open_port(9737)
assert_matches(f"curl -s {spark_auth}@localhost:9737", "Spark")
assert_running("lightning-charge") assert_running("lightning-charge")
charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1]
machine.wait_for_open_port(9112)
assert_matches(f"curl -s api-token:{charge_auth}@localhost:9112/info | jq", '"id"')
assert_running("nanopos") assert_running("nanopos")
machine.wait_for_open_port(9116)
assert_matches("curl localhost:9116", "tshirt")
assert_running("onion-chef") assert_running("onion-chef")
@ -53,9 +46,6 @@ assert_running("onion-chef")
# to incomplete unit dependencies. # to incomplete unit dependencies.
# 'create-web-index' implicitly tests 'nodeinfo'. # 'create-web-index' implicitly tests 'nodeinfo'.
machine.wait_for_unit("create-web-index") machine.wait_for_unit("create-web-index")
machine.wait_for_open_port(80)
assert_matches("curl localhost", "nix-bitcoin")
assert_matches("curl -L localhost/store", "tshirt")
machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist"))
assert_no_failure("bitcoind-import-banlist") assert_no_failure("bitcoind-import-banlist")
@ -84,7 +74,8 @@ assert_no_failure("bitcoind-import-banlist")
### Test lnd ### Test lnd
succeed("systemctl stop nanopos lightning-charge spark-wallet clightning") stopped_services = "nanopos lightning-charge spark-wallet clightning"
succeed("systemctl stop " + stopped_services)
succeed("systemctl start lnd") succeed("systemctl start lnd")
assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') assert_matches("su operator -c 'lncli getinfo' | jq", '"version"')
assert_no_failure("lnd") assert_no_failure("lnd")
@ -98,3 +89,29 @@ assert_matches("su operator -c 'loop --version'", "version")
machine.wait_until_succeeds( machine.wait_until_succeeds(
log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting")
) )
### Stop lnd and restart clightning
succeed("systemctl stop lnd")
succeed("systemctl start " + stopped_services)
## electrs
# the main test body stops electrs
succeed("systemctl start electrs")
machine.wait_for_open_port(4224) # prometeus metrics provider
## spark-wallet
machine.wait_for_open_port(9737)
assert_matches(f"curl -s {spark_auth}@localhost:9737", "Spark")
## lightning-charge
machine.wait_for_open_port(9112)
assert_matches(f"curl -s api-token:{charge_auth}@localhost:9112/info | jq", '"id"')
## nanopos
machine.wait_for_open_port(9116)
assert_matches("curl localhost:9116", "tshirt")
## web index
machine.wait_for_open_port(80)
assert_matches("curl localhost", "nix-bitcoin")
assert_matches("curl -L localhost/store", "tshirt")

View File

@ -1,15 +1,3 @@
# netns IP addresses
bitcoind_ip = "169.254.1.12"
clightning_ip = "169.254.1.13"
lnd_ip = "169.254.1.14"
liquidd_ip = "169.254.1.15"
electrs_ip = "169.254.1.16"
sparkwallet_ip = "169.254.1.17"
lightningcharge_ip = "169.254.1.18"
nanopos_ip = "169.254.1.19"
recurringdonations_ip = "169.254.1.20"
nginx_ip = "169.254.1.21"
### Tests ### Tests
assert_running("setup-secrets") assert_running("setup-secrets")
@ -30,9 +18,6 @@ machine.wait_until_succeeds(
) )
assert_running("electrs") assert_running("electrs")
machine.wait_until_succeeds(
"ip netns exec nb-electrs nc -z localhost 4224"
) # prometeus metrics provider
# Check RPC connection to bitcoind # Check RPC connection to bitcoind
machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo"))
assert_running("nginx") assert_running("nginx")
@ -49,23 +34,11 @@ assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"')
assert_running("spark-wallet") assert_running("spark-wallet")
spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1]
machine.wait_until_succeeds("ip netns exec nb-spark-wallet nc -z %s 9737" % sparkwallet_ip)
assert_matches(
f"ip netns exec nb-spark-wallet curl -s {spark_auth}@%s:9737" % sparkwallet_ip, "Spark"
)
assert_running("lightning-charge") assert_running("lightning-charge")
charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1]
machine.wait_until_succeeds("ip netns exec nb-nanopos nc -z %s 9112" % lightningcharge_ip)
assert_matches(
f"ip netns exec nb-nanopos curl -s api-token:{charge_auth}@%s:9112/info | jq"
% lightningcharge_ip,
'"id"',
)
assert_running("nanopos") assert_running("nanopos")
machine.wait_until_succeeds("ip netns exec nb-lightning-charge nc -z %s 9116" % nanopos_ip)
assert_matches("ip netns exec nb-lightning-charge curl %s:9116" % nanopos_ip, "tshirt")
assert_running("onion-chef") assert_running("onion-chef")
@ -73,12 +46,96 @@ assert_running("onion-chef")
# to incomplete unit dependencies. # to incomplete unit dependencies.
# 'create-web-index' implicitly tests 'nodeinfo'. # 'create-web-index' implicitly tests 'nodeinfo'.
machine.wait_for_unit("create-web-index") machine.wait_for_unit("create-web-index")
machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist"))
assert_no_failure("bitcoind-import-banlist")
# test that `systemctl status` can't leak credentials
assert_matches(
"sudo -u electrs systemctl status clightning 2>&1 >/dev/null",
"Failed to dump process list for 'clightning.service', ignoring: Access denied",
)
machine.succeed("grep -Fq hidepid=2 /proc/mounts")
### Additional tests
# Current time in µs
pre_restart = succeed("date +%s.%6N").rstrip()
# Sanity-check system by restarting all services
succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd")
# Now that the bitcoind restart triggered a banlist import restart, check that
# re-importing already banned addresses works
machine.wait_until_succeeds(
log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist")
)
assert_no_failure("bitcoind-import-banlist")
### Test lnd
stopped_services = "nanopos lightning-charge spark-wallet clightning"
succeed("systemctl stop " + stopped_services)
succeed("systemctl start lnd")
assert_matches("su operator -c 'lncli getinfo' | jq", '"version"')
assert_no_failure("lnd")
### Test loopd
succeed("systemctl start lightning-loop")
assert_matches("su operator -c 'loop --version'", "version")
# Check that lightning-loop fails with the right error, making sure
# lightning-loop can connect to lnd
machine.wait_until_succeeds(
log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting")
)
### Stop lnd and restart clightning
succeed("systemctl stop lnd")
succeed("systemctl start " + stopped_services)
# netns IP addresses
bitcoind_ip = "169.254.1.12"
clightning_ip = "169.254.1.13"
lnd_ip = "169.254.1.14"
liquidd_ip = "169.254.1.15"
electrs_ip = "169.254.1.16"
sparkwallet_ip = "169.254.1.17"
lightningcharge_ip = "169.254.1.18"
nanopos_ip = "169.254.1.19"
recurringdonations_ip = "169.254.1.20"
nginx_ip = "169.254.1.21"
## electrs
# the main test body stops electrs
succeed("systemctl start electrs")
machine.wait_until_succeeds(
"ip netns exec nb-electrs nc -z localhost 4224"
) # prometeus metrics provider
## spark-wallet
machine.wait_until_succeeds("ip netns exec nb-spark-wallet nc -z %s 9737" % sparkwallet_ip)
assert_matches(
f"ip netns exec nb-spark-wallet curl -s {spark_auth}@%s:9737" % sparkwallet_ip, "Spark"
)
## lightning-charge
machine.wait_until_succeeds("ip netns exec nb-nanopos nc -z %s 9112" % lightningcharge_ip)
assert_matches(
f"ip netns exec nb-nanopos curl -s api-token:{charge_auth}@%s:9112/info | jq"
% lightningcharge_ip,
'"id"',
)
## nanopos
machine.wait_until_succeeds("ip netns exec nb-lightning-charge nc -z %s 9116" % nanopos_ip)
assert_matches("ip netns exec nb-lightning-charge curl %s:9116" % nanopos_ip, "tshirt")
## webindex
machine.wait_until_succeeds("ip netns exec nb-nginx nc -z localhost 80") machine.wait_until_succeeds("ip netns exec nb-nginx nc -z localhost 80")
assert_matches("ip netns exec nb-nginx curl localhost", "nix-bitcoin") assert_matches("ip netns exec nb-nginx curl localhost", "nix-bitcoin")
assert_matches("ip netns exec nb-nginx curl -L localhost/store", "tshirt") assert_matches("ip netns exec nb-nginx curl -L localhost/store", "tshirt")
machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist"))
assert_no_failure("bitcoind-import-banlist")
### Security tests ### Security tests
@ -121,42 +178,3 @@ assert_matches_exactly(
# test that netns-exec can not be executed by users that are not operator # test that netns-exec can not be executed by users that are not operator
machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a") machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a")
# test that `systemctl status` can't leak credentials
assert_matches(
"sudo -u electrs systemctl status clightning 2>&1 >/dev/null",
"Failed to dump process list for 'clightning.service', ignoring: Access denied",
)
machine.succeed("grep -Fq hidepid=2 /proc/mounts")
### Additional tests
# Current time in µs
pre_restart = succeed("date +%s.%6N").rstrip()
# Sanity-check system by restarting all services
succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd")
# Now that the bitcoind restart triggered a banlist import restart, check that
# re-importing already banned addresses works
machine.wait_until_succeeds(
log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist")
)
assert_no_failure("bitcoind-import-banlist")
### Test lnd
succeed("systemctl stop nanopos lightning-charge spark-wallet clightning")
succeed("systemctl start lnd")
assert_matches("su operator -c 'lncli getinfo' | jq", '"version"')
assert_no_failure("lnd")
### Test loopd
succeed("systemctl start lightning-loop")
assert_matches("su operator -c 'loop --version'", "version")
# Check that lightning-loop fails with the right error, making sure
# lightning-loop can connect to lnd
machine.wait_until_succeeds(
log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting")
)