Skip to content

Commit

Permalink
chore: tests: ensure test modules don't pollute the caller's env
Browse files Browse the repository at this point in the history
  • Loading branch information
speed47 committed Jul 20, 2023
1 parent 58c29c9 commit eef10c1
Show file tree
Hide file tree
Showing 11 changed files with 54 additions and 16 deletions.
15 changes: 13 additions & 2 deletions tests/functional/launch_tests_on_instance.sh
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,9 @@ fi
randomstr=randomstr_pUuGXu3tfhi5WII4_randomstr

mytmpdir=$(mktemp -d -t bastiontest.XXXXXX)
trap 'echo CLEANING UP ; rm -rf "$mytmpdir" ; exit 255' EXIT
tmp_a=$(mktemp -t bastiontest.XXXXXX)
tmp_b=$(mktemp -t bastiontest.XXXXXX)
trap 'echo CLEANING UP ; rm -rf "$mytmpdir" ; rm -f "$tmp_a" "$tmp_b" ; exit 255' EXIT
account0key1file="$mytmpdir/account0key1file"
account1key1file="$mytmpdir/account1key1file"
account1key2file="$mytmpdir/account1key2file"
Expand Down Expand Up @@ -553,7 +555,7 @@ configchg()
success configchange $r0 perl -pe "$*" -i "$opt_remote_etc_bastion/bastion.conf"
}

onfigsetquoted()
configsetquoted()
{
success configset $r0 perl -pe 's=^\\\\x22'"$1"'\\\\x22.+=\\\\x22'"$1"'\\\\x22:\\\\x22'"$2"'\\\\x22,=' -i "$opt_remote_etc_bastion/bastion.conf"
}
Expand All @@ -569,6 +571,11 @@ sshclientconfigchg()
success sshclientconfigchange $r0 perl -pe "$*" -i /etc/ssh/ssh_config
}

dump_vars_and_funcs()
{
set | grep -v -E '^(testno|section|code_warn_exclude|LINES|COLUMNS|PIPESTATUS|_|BASH_LINENO|basename|case|json|name|tmpscript|grepit)='
}

runtests()
{
modulename=main
Expand Down Expand Up @@ -603,12 +610,16 @@ runtests()
echo "### RUNNING MODULE $modulename"

# as this is a loop, we do the check in a reversed way, see any included module for more info:
dump_vars_and_funcs > "$tmp_a"
# shellcheck disable=SC1090
source "$module" || true
dump_vars_and_funcs > "$tmp_b"

# put the backed up configuration back after each module, just in case the module modified it
modulename=main
success configrestore $r0 "dd if=$opt_remote_etc_bastion/bastion.conf.bak.$now of=$opt_remote_etc_bastion/bastion.conf"
# verify that the env hasn't been modified
success check_env_after_module diff -u "$tmp_a" "$tmp_b"
done
}

Expand Down
1 change: 1 addition & 0 deletions tests/functional/tests.d/300-activeness.sh
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,4 @@ testsuite_activeness()
}

testsuite_activeness
unset -f testsuite_activeness
2 changes: 2 additions & 0 deletions tests/functional/tests.d/310-realm.sh
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ testsuite_realm()
retvalshouldbe 106
json .error_message "Realm accounts can't execute this plugin, use --osh help to get the allowed plugin list" .error_code KO_RESTRICTED_COMMAND
done
unset plugin

grant accountAddPersonalAccess

Expand Down Expand Up @@ -119,6 +120,7 @@ testsuite_realm()
fi
done
done
unset role acc
plgfail add_support_account_as_member $a0 --osh groupAddMember --group $group1 --account realm_$realm_shared_account

# add account1 as member
Expand Down
1 change: 1 addition & 0 deletions tests/functional/tests.d/320-base.sh
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,4 @@ testsuite_base()
}

testsuite_base
unset -f testsuite_base
6 changes: 4 additions & 2 deletions tests/functional/tests.d/325-accountinfo.sh
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@ testsuite_accountinfo()
# create a third account with a ttl
local ttl_account_created_at
ttl_account_created_at=$(date +%s)
success a0_create_a3 $a0 --osh accountCreate --always-active --account $account3 --uid $uid3 --public-key "\"$(cat $account3key1file.pub)\"" --ttl 30s
local ttl_account_seconds
ttl_account_seconds=55
success a0_create_a3 $a0 --osh accountCreate --always-active --account $account3 --uid $uid3 --public-key "\"$(cat $account3key1file.pub)\"" --ttl ${ttl_account_seconds}s
json .error_code OK .command accountCreate .value null

revoke accountCreate
Expand Down Expand Up @@ -141,7 +143,7 @@ EOS

# sleep to ensure TTL has expired. add 2 seconds to be extra-sure and avoid int-rounding errors
local sleep_for
sleep_for=$(( 30 - ( $(date +%s) - ttl_account_created_at ) + 2 ))
sleep_for=$(( ttl_account_seconds - ( $(date +%s) - ttl_account_created_at ) + 2 ))
if [ "$COUNTONLY" != 1 ] && [ $sleep_for -gt 0 ]; then
sleep $sleep_for
fi
Expand Down
27 changes: 16 additions & 11 deletions tests/functional/tests.d/330-selfkeys.sh
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ EOS
.value.keys[0].size 256
EOS
)
local account1key1fp
account1key1fp=$(get_json | $jq '.value.keys[0].fingerprint')

ignorecodewarn "possible deadlock"
Expand Down Expand Up @@ -217,6 +218,7 @@ EOS
contain "look like an SSH public key"
json .command selfAddIngressKey .error_code KO_NOT_A_KEY .value null

local b64 FP_TYPE fpdsa
b64='AAAAB3NzaC1kc3MAAACBAPOCqEho94k9fEArLgR1kuNTMo52aozaw1jr7sKLTjt3BZslvt3zl264THsIN4XeuI6noiD7QwCO3PSMUsPnrlreQEGff8f97IE+LpH7rZQB7kSM50PGk0QfS1qpVnWbsi5NAvV3ib12gErtXg/YiJfx0x+lWaZTMkaFUdwpyaEXAAAAFQCOng3YNx+KK38h6675jJD78k6bpwAAAIEA2Y/3CZHgzIIBtddVssfLBv3196SAbYMA/eDmsbTM9dyhWdAGPc36/sfveITpbQ2kZYvR4S1pstQ4ZNMM3cdD6GHy+CkDXYEH7SbEa60jEaIue3OK4FhtBLSs4n7sIzNYgRm8hoXYNM4jpC+zf1dpUqIZd1d742JPFJAk07vnj2AAAACAWWpKTEg9ArdpkkvX6FC5lxq7uhVN1uo7+5TBCE8C31fXppHfp9M2FvL2hubbIRYJ+QNDzU+f0UYJr2Nv1v3tyG8LJ2942B9ym+TYb6SzMJ20jWW5v+wfSXuwaPLIAWYFLIbUCp/pv+BnQKAXrVLIsM+iWj6amB/2NrZH5q0j/8k='
script dsa $a1 -osh selfAddIngressKey "<<< \"ssh-dss $b64 test@dsa\""
retvalshouldbe 100
Expand Down Expand Up @@ -259,9 +261,9 @@ EOS
) \
.value.key.line "ssh-dss $b64 test@dsaduplicate" \
.value.key.prefix ""
unset b64

b64='AAAAB3NzaC1yc2EAAAADAQABAAAAgQDNbJemAKF6u4xZtbbkHtQeXeh9EvsYgBdUlnES1oBSS/ICKU7lcUrW4UvUpYLQ0+N1f0XaYfGO01BnEPwJDYJngkybh1Qwo6IbCBySpIFJG7ToK4M1U2arALGelwgoVP3AE+HoLjSH9W0ZisBvWtiyCekBWnzf+kD5hLkblPXYkQ=='
local fp1024
fp1024="SHA256:tHu5MD2vgUWxduQUnXqtHaRCCbez7CB9hOvD7zMZu/U"
[ "$FP_TYPE" = md5 ] && fp1024="65:94:cc:f1:5d:29:6e:11:70:44:ce:a8:61:df:25:0a"
script rsa1024 $a1 -osh selfAddIngressKey "<<< \"ssh-rsa $b64 test@rsa1024\""
Expand All @@ -280,9 +282,9 @@ EOS
) \
.value.key.line "ssh-rsa $b64 test@rsa1024" \
.value.key.prefix ""
unset b64

b64='AAAAB3NzaC1yc2EAAAADAQABAAABAQDUcjtSpPwY9kdBtmfAURXEIwvUnfJ41acboaNyXU0Vv9C0hg6DNemm8FjDC4xp9AtQgKc8Sq2VGrUXIMO/xxD8LA9u3DjwWLYAzoBYGzKZ9p7QynoeEAa/Fpv811LmSJMVw1NPDahMrv1mVR4vXrU5Z/S4VkIEY19DnO0TlpciWPC9ePLhcF/MIb2dwzRlWaKm0JRw8D/V3aPbacyZL1zO+Gdk8an95DZ7T8KbxDdLxf6pLLWbtdMxZKnTQeAJGW7JXsf6ybmHgOqHTI3gWfydbRe0bHBcqORT21resFcqqyqKrKjGedWYqDraAi3k8G+U0T8RwDGMJpC2EFDk7c0H'
local fp2048
fp2048="SHA256:ZdeU0HZyYoqz+ysPxoZ5cUX8eDIV4PIn7s0oDipqUnI"
[ "$FP_TYPE" = md5 ] && fp2048="a0:cf:72:54:59:b5:61:26:37:5f:98:14:83:c7:d3:8f"
script rsa2048 $a1 -osh selfAddIngressKey "<<< \"ssh-rsa $b64 test@rsa2048\""
Expand All @@ -301,9 +303,9 @@ EOS
) \
.value.key.line "ssh-rsa $b64 test@rsa2048" \
.value.key.prefix ""
unset b64

b64='AAAAB3NzaC1yc2EAAAADAQABAAACAQDC6clamfZUjOfWR9T5TG/QbN8lTDwdJXPmKXa7P4F9+QKDRoKfcRn0hTW4LeTsBlbnPoeolRPNuhjW/l1Sv1MLCVqzwUljbbvAZ4QBAMhXIFy0Z2i2zE/jpi2oC7J7+/2sHtznW0mxQppcb6pMWLRNuU4p85l+XZanzbQoR+7aEdvjn1eTYa/jkAJwMCS+HO3F9nVkV7EyVYXoPYEDya/mrdgLcZktSuE42zD9TVpBXlW5pONeuo2q0h7soJp1VhJwwO1/VXPmz7JfvFhFrHit+Bh+RJeTOrLRG1kE/5DZoLbOiXpBzG08bbyQQS17DynHk2afMrbqQx3tV6a/TqCF0LJTaNPDTKmYinsremHXxKpzStNkJ7UArgfipoUk20QyPJX3P5T0JF1LLu8rfE6GpqB7CVgYDjPIKcfiG5o+gKrwYrLkyDaEKkhdD0KSAZ5HmL/Z4t/3aDYUK96/IiYE49PI6rsuD5RRCASv8U68v2Kk14X7MmR7mZxJZ2oRMtPftS/Z+nvoStyUQF5LBOTKlrJd5PTjC6OlMG85qLmYjbDViUK/b/KtdwgQPhupzsHIq3hAaSvudjMWqbOQ/YlwwOxqAC7EVe9nv6cZTyBHIq2AINlNRqL1f6hzxrL6oBAMAvirNYI8/B/8yYGYwbNdTTNIZOXxWqHW8OIeA+QgMQ=='
local fp4096
fp4096="SHA256:esuEP68vVxW7uJd1jxUXfmMj0Hk3my/Lv181K/XFlfY"
[ "$FP_TYPE" = md5 ] && fp4096="84:0a:ae:13:62:1e:c4:bc:d7:2b:b4:d4:fe:c8:6d:0a"
script rsa4096 $a1 -osh selfAddIngressKey "<<< \"ssh-rsa $b64 test@rsa4096\""
Expand Down Expand Up @@ -339,9 +341,9 @@ EOS
) \
.value.key.line "ssh-rsa $b64 test@rsa4096duplicate" \
.value.key.prefix ""
unset b64

b64='AAAAB3NzaC1yc2EAAAADAQABAAAEAQD2anHdMJgmE87uinVQjvg1BgsiLZm8Ra6b0xknf6IGd/ZK3FHq5FxBAHUtubqAsM5DyKgf9DtG+MIb43Zv3ECXWppPcplyM5B0L4Y/QVlPf6cgL6gug4ct6XiK1Ck+CH9kc5tkEdk10GV89teTBhq9xXw0tcVkoMwrc9mNGb7OVG6RQRROk+LzoWYiIMUPRW0gYRBxQnliBqQmlbs5lZbWbFhsjBJPSEeY2h0OEtoEItZyM6om2IwI2o9D8QzgoL8KbYEknuBS5zJIkT82HRBxKvttjaZakiEoT3Ir82YavFgwHpkA4N6Gz6IAyWofcB+qp2p0Wi1VILim07gXdWOmVbX/WN6NsY4g05V2FQVqECIR/dHwePkzA0DvHLbeY720nm6YV2v29i5imd1jOzgFPFDSQ12HL0JyHw0Cl8XH/1DpGYTIG1hXgCxi6wAtKKEg/hYaEvAA5Jl/GtVOWbRT9dZ0FNQyfvfPeM64+SBWVHeAIKpyr+Gpq81JbYDcUlm566ukwfUi1cif87ZU4MQZKIYJet1FDkEnOi8n20jeZH6EgCWROdPtXYHohT6u6g3JC4MEUl1V7fr2CXAP/XMQfjz31UycZjtI9/76YIF0N6NORSQ/eN0MY1kCvFaDahkaJwp98t6UxUMfTtDf1IImWWatWMB+viNhH5gi26ar3zWeBXRlwuUmz7t64qmwgywc7qYtGCfWAxuMhVS88rbnGSj/Dcw6dJFJu1+5ysYY7Z4tgbShFeOioFIf9hg/j1+Ouubcjs2wZELjfXr9KHCwoDINvn+wVDn/02V7OYxeP/a8UxECKPRL6qa1JfIKYlx9w8Kt0TDSAEOc5P+rsZFfTYeUro7V/gv9gXxI/GuWkCQOexaeDGqo9+QVtlxInWrjd+vXAzEs977oSkNmRD9Ev7pSTZSEHd9bYvoMB2dzJgeYwl9YsQ7mLNMLX/du/q7s7L8qvS4thHi68XmypFUtrq0g6K2ybodgdjUEd2IGuLDdqDw2EmXN9yXu/giVd0/XKx4eRf82OK6UAjr2ZSvBQE7CQN+HsvKrnS+V4xd758BWIjR78PUGIR0tNt8pZmpE7mbluWcBTPkPalSna5l4bigtJkKKjrKHELhsVr6LtBjMy+VVOBworsaqFXwDzj0a39vRwEcfuY7YPe12hrNI9zjq/3exr1GaK4YDa/mojsfxoyKgNaoOarIAX0RRBLqmJt3lTyAkvnxe23CVPAjNcOx/m1HjqbbxJ+GWXpOHvh3RXIZbvyAKYrgM3YydGaDGfMjgmWUHeYFcydfyRuNoCXKl0fCgduQAdjpyyUSFLvdeI4HEfVsWF4AUn7A4IwUmh2kcQ56naHABgpIbf+8V'
local fp8192
fp8192="SHA256:nQl/AkakKTV25MKXZQpEBAEECq2BKLBqrRICR0YBn8s"
[ "$FP_TYPE" = md5 ] && fp8192="cd:26:73:ff:7e:b5:72:d7:7d:d5:dd:da:d7:c0:8d:35"
script rsa8192 $a1 -osh selfAddIngressKey "<<< \"ssh-rsa $b64 test@rsa8192\""
Expand All @@ -360,9 +362,9 @@ EOS
) \
.value.key.line "ssh-rsa $b64 test@rsa8192" \
.value.key.prefix ""
unset b64

b64='AAAAB3NzaC1yc2EAAAADAQABAAAIAQDyGaS7u6eW9Zd363u8XFDxn8Bz5tvPM7pAjI401xETUnEQ+f4Gyp+68EJFFiKo64AN+V8jCR0vY1CIe/za6yau+b88dg5HxwN922FKeudhpIX5qOE98U0Q3KMWQVsCcFDGHcb8M5RthOswylsYQvFNooWxGyEDeNQnb7zpwPPTz02wisv962zxZuvlFtz+K76dgHSPb/sRS7/gdYkuCa+w/FRTfUu7Xf2gZ49pQJa6O6R0nGvoq7vP4UNtfF3aVRta5lv3z1jRrJwExVmJYLFgIVsR72SvzZIyMePaawb1cMiMzsO2+e5TK8ozIK5e5PoP4CFvBeif7IiK/rmhW4CUT83vX76cAt4MdVkLT4ah1ZRbnNq+8YieAYMb5gkShcCpTew/6mDUTGQs4zgByoPeOpBl3ggXTDHG2nZP7HJL/rSAUGD8KN/lMhINgiISlq7ZJnEZwvgv2azI1xu6wGYYa4qOkVxSNO0nfVDCzPAU+gye5GOHWGvOhGvVdM29EEZ4TEg07XVlHjwxEHzv0XaUA65c4500ROKTWbx1XIIiJZmritlyOIGA6ekuw9c0iU4hDFUBdW8WwvCjqSTCdLRRWvcIjznazB3azuBSX9UqjoCmrAKcRL/L9mhF+Q7/k1ntbBZMbu7JC3VrnrW13djlF8Ix5ke05h4IZxyDHOtTWPUsDWv5MhGaV5UO3phkgAD4pQOOqjWqn0/746tAqdpehOo3B45nh+kfaUlJv6SWgvYd/erOMubn3Givh/cT2Jy89C8UNL8/Jz72sTOA4bU7ul2pcXwN2j3ltQSEgVZE2yMCe18oBiSv9wnk0x2D4OK0AQcQNgD9wMmaKutl7DtHRw0exuMr7yYttsAb+oE+EifRZlPXgWXN8EK6u5WJrb+7sDC/zzkIk8XaREZjFO4dTADdeCIeE4i74pj/uw29U75ZG3AauU/Nxri9Mg4/k/ZRGl1cNyQ6cUlnNHSDtnGtXOaq0Zmn3pMVAOLdOh4UhVPW+rByHDkvbsu11mPo8xi9nh5X3hYr1jrwS0gqfnB5kpX5P8jiwkf6MUDwHlcRjTJmIta3oaw6Meyh69GRTb6pURGyurSSp7+WIYBCrwsgk54Y4ABAGmBUVlWlYRDGddSeZsX1yG+CBqaTtlUpTcvFFwzDonuzT6CymFf5RT5gnTenWaJpGrB3wxVQX6IxC2g6g9vlKuVnaRGnQ780ks157FFly+yW0VwTBJlppse1ZAM+pTI/5+b1a22rA7utnb38syCAs/Bto8qfeOg1UwCYraXEypkKnGiOxKSw+hPtEDuyoHBGuYi1AxVkEVXn9YlYrToF6JoGb392GG0F/wAGNp9VyXCKkghxo2kXMExj4s0AGzhqa3yqWesMYUqffTbxKSUdLpdQ12hSButmuc8YsiMyTI804NlfSm62aa7R5AS6FICJh0sU0lWOyiMPlYg0EAo2wCBId+k0fJ21bswJ7eof5Tea52tWG687b9GsOtNZZvFdU8tBXASTUaBHZkhsfMyT6jKzvm+FHykwebePeZHtOD3oBq4wWGx+IsCn9gb5Djp8Plp8k1fPKOXVa/2V5biVx3B7Bvs84VVGsHIeBv6hmLQCw/PiuSItnF9T6uxQL0FImGhRz3Kz/dEVYXS+1KW/VuE565p6F3LFjHrtqligIjDHXlWSF4v45LmaaD4v2WBEnZD2VsniwD7RFt/GftAyFMMqv9KgrBL9mUMqcL5bOLYjFbBy3jgegiNvIW0jlOv0aDUxqTbdNq7ghfTmho/P90D2JO0SLx40T4OrsaYEOCb2B5336rT2UqTNsIWDu1861dzEs3NaiqHLnF9NhWDLCaUO28JKW5+PT+YRHpv/wYMyDq/RRifjWpP9j+S74BA4KKiS5ZhomCQZi4uza2kX3OeMObzreVoXpnd080/tdaOb1pXawYXjWu+KyBLsX+FqefuBOhXiL92fRUNc0Zajt1ou5wgayTMeVHkrbCNmgMD6zSLmEeI5A5/a0TVVPzuaVDj6r/Bnbx+VcOeyVnKtIfKg5OBaE52HHE92BO3R/RjyFhBA+tam69hZMxI284AHLxP3JNhEP4VHd/c4k9oOGRc3l8izjMf72fPmj3tMHB/ex1JVzZGF40R/jJrTS6dJMB/mJPf8v5d1IBStL91jahV7rI5vc7nfEZUcKuIoGHD2StVTSaTLGjgqeM6orUsXgxNy3OToCObdEH6idvpxbrNWAahO2E02n52B/kH+idsPHxxNBoCbkPpAhD8udOWxU8NDGUSH0SqIu538NIeI8vol5+bF51emY/aSVNJNKlS4moroCJNo5QfF5y5kbx6sL2MEC04gUVG4IvURoviVAn6299AEdDHL+ahxJzCyD3Gc1FG5RgzPpYH4Dqi/gT01BEoBtF1Em8NEzZtFVj0tTdc+4kZdlBhcBQR/bsfpaYvehC+LuL5YMiWxLKA/XS9GZbB02EtY57osVZAVxqttrqsMdy68pWWDaLJ5mNQRS5eM+YWKJjmteN3hFeE1Sefqd/m6ELEN/XZ9v+Zyf6S2Z2VfTMEUsTVeDU4HUnUGe5PEioYtiA7nH9Ga+dFBbI31H0vQexx3iPBsRAJt53SR1u7RMGUFSlVG5ezHEOY+tQxx9VqSf3QPfeqzfqkJpAroNTtN5FKVNLb8rLhouzIQfUEdJOX7esoncyxpMw1bEdnuz/KEZAHcxHnpaKJ8Hp7a5RJ1BhzYePC+Ww=='
local fp16384
fp16384="SHA256:xexcqmW+ZCLf5ulEQvVoldakfEJMcD51myTuxQbkgIA"
[ "$FP_TYPE" = md5 ] && fp16384="fc:67:ee:6d:0e:d4:19:46:38:8f:2c:6b:e1:e8:07:f3"
script rsa16384 $a1 -osh selfAddIngressKey "<<< \"ssh-rsa $b64 test@rsa16384\""
Expand All @@ -381,9 +383,9 @@ EOS
) \
.value.key.line "ssh-rsa $b64 test@rsa16384" \
.value.key.prefix ""
unset b64

b64='AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBezrCa6RsyyWnHDypyGZ4/72UsiLaDmJ+A04vVuxO0XsjrhX52Q7zkz5NOA2VccAFJCLwN9h/+LLrIxM6FK64k='
local fpe256
fpe256="SHA256:7jAGgQXAu4DfrL5cpa1Gh5gDJjwLDGLr0Ahc5TwTPOA"
[ "$FP_TYPE" = md5 ] && fpe256="4d:35:52:9f:0f:c7:54:68:7e:57:c5:10:32:54:da:bc"
script ecdsa256 $a1 -osh selfAddIngressKey "<<< \"ecdsa-sha2-nistp256 $b64 test@ecdsa256\""
Expand Down Expand Up @@ -419,9 +421,9 @@ EOS
) \
.value.key.line "ecdsa-sha2-nistp256 $b64 test@ecdsa256duplicate" \
.value.key.prefix ""
unset b64

b64='AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBICjCWYk5lCOX/977vdlDqcuF1ZWb4cX8cZuskRCSJBwMaCBHKvSwxzcbVdS++4MAaCsQisDSgwAhK6KcbjwitKAiSUWmRhIxFrPQojrfrDlw20bgFqc/RGiSykMTbL1jg=='
local fpe384
fpe384="SHA256:P2NDAsOb6ZelE6dwCdqnnSaw/KVXhXMgFWI/pwNF2z0"
[ "$FP_TYPE" = md5 ] && fpe384="4d:e3:e3:c2:13:79:69:e9:f7:3d:4f:18:21:d3:1b:ef"
script ecdsa384 $a1 -osh selfAddIngressKey "<<< \"ecdsa-sha2-nistp384 $b64 test@ecdsa384\""
Expand All @@ -440,9 +442,9 @@ EOS
) \
.value.key.line "ecdsa-sha2-nistp384 $b64 test@ecdsa384" \
.value.key.prefix ""
unset b64

b64='AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADaVbKH5FN1Dcb/jXbb4Xa1UM/l4qVKFSHQKo1o0Zk/T9eHt+vpgvMUnbyZpawktdBgF4ScnPvO7qzgM+fgy62LYACbExQvYLcrYTK+h6TxISptpCFNli4XjjW88YhL7qGmZDlezZTUCHDZryVato7Fzfe66mqZcT6aMWO+Lyr5RLc4uw=='
local fpe521
fpe521="SHA256:qK+FmUoa7OBqzyiuH+hp974f/pt8L9SWTsjzId2I4/w"
[ "$FP_TYPE" = md5 ] && fpe521="2d:af:3a:b1:b7:9f:74:71:f9:8e:3f:85:03:f8:4e:c0"
script ecdsa521 $a1 -osh selfAddIngressKey "<<< \"ecdsa-sha2-nistp521 $b64 test@ecdsa521\""
Expand All @@ -461,11 +463,12 @@ EOS
) \
.value.key.line "ecdsa-sha2-nistp521 $b64 test@ecdsa521" \
.value.key.prefix ""
unset b64

b64='AAAAC3NzaC1lZDI1NTE5AAAAIB+fS15BtjxBL338aMGMZus6OuPYP1Ix1yKY1RRCa5VB'
local fped
fped="SHA256:DFITA8tNfJknq6a/xbro1SxTLTWn/vwZkEROk4IB2LM"
[ "$FP_TYPE" = md5 ] && fped="d7:92:5b:77:8b:69:03:cb:e7:5a:11:76:d1:a6:ea:e4"
local fplist
fplist="$fp4096 $fp8192 $fp16384 $fpe256 $fpe384 $fpe521"
script ed25519 $a1 -osh selfAddIngressKey "<<< \"ssh-ed25519 $b64 test@ed25519\""
if [ "${capabilities[ed25519]}" = "1" ] ; then
Expand Down Expand Up @@ -514,6 +517,7 @@ EOS

success afteradd $a1 -osh selfListIngressKeys
account1key1fp=""
local account1key2fp
account1key2fp=""
for i in {0..20}
do
Expand All @@ -522,7 +526,7 @@ EOS
grep -qF "$tmpline" $account1key1file.pub && account1key1fp=$(get_json | $jq ".value.keys[$i].fingerprint")
grep -qF "$tmpline" $account1key2file.pub && account1key2fp=$(get_json | $jq ".value.keys[$i].fingerprint")
done
unset tmpline
unset tmpline i
json .command selfListIngressKeys .error_code OK .value.account $account1

script key1 grep -Eq "'^SHA256:|([0-9a-f]{2}:){7}'" "<<<" "$account1key1fp"
Expand All @@ -537,7 +541,7 @@ EOS
contain "successfully deleted"
json .command selfDelIngressKey .error_code OK
done
unset fplist
unset fp

success afterdel $a1 -osh selfListIngressKeys
json $(cat <<EOS
Expand Down Expand Up @@ -614,3 +618,4 @@ EOS

testsuite_selfkeys
unset -f _ingress_from_test
unset -f testsuite_selfkeys
5 changes: 5 additions & 0 deletions tests/functional/tests.d/340-selfaccesses.sh
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ testsuite_selfaccesses()
revoke accountDelete
grant accountCreate

unset i

# create account1
success accountCreate $a0 --osh accountCreate --always-active --account $account1 --uid $uid1 --public-key "\"$(cat $account1key1file.pub)\""
json .error_code OK .command accountCreate .value null
Expand Down Expand Up @@ -171,6 +173,7 @@ testsuite_selfaccesses()
# forcekey

success for_force_key $a0 --osh selfListEgressKeys
local account0key1fp
account0key1fp=$(get_json | $jq '.value|keys[0]')

success forcekey $a0 --osh selfAddPersonalAccess -h 127.7.7.7 -u $shellaccount -p 22 --force --force-key "$account0key1fp"
Expand Down Expand Up @@ -206,6 +209,7 @@ testsuite_selfaccesses()
unset tmpb64
fi
done
unset proto

# scp

Expand Down Expand Up @@ -575,3 +579,4 @@ testsuite_selfaccesses()
}

testsuite_selfaccesses
unset -f testsuite_selfaccesses
3 changes: 3 additions & 0 deletions tests/functional/tests.d/341-selfaccesses-force-password.sh
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ testsuite_selfaccesses_force_password()
json .error_code OK .command accountCreate
revoke accountCreate

local target gen_pass_plugin list_pass_plugin add_access_plugin del_access_plugin password_switch password_base_path
if [ $mode = "personal" ]
then
# in personal mode, we manipulate account1's own personal accesses to connect to account4
Expand Down Expand Up @@ -147,6 +148,7 @@ testsuite_selfaccesses_force_password()
# fetch checksums for a1|g1's second and third egress passwords
success ${mode}_listpass $a0 --osh $list_pass_plugin $target
json .error_code OK .command $list_pass_plugin
local password2_sha256 password3_sha256
password2_sha256=$(get_json | jq -r '.value[1].hashes.sha256crypt')
password3_sha256=$(get_json | jq -r '.value[2].hashes.sha256crypt')

Expand Down Expand Up @@ -240,3 +242,4 @@ testsuite_selfaccesses_force_password()
}

testsuite_selfaccesses_force_password
unset -f testsuite_selfaccesses_force_password
5 changes: 4 additions & 1 deletion tests/functional/tests.d/350-groups.sh
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ testsuite_groups()
.value.public_key.family RSA
EOS
)
local key0fp
key0fp=$(get_json | $jq .value.fingerprint)
# new state: g1[a1(ow,gk,acl,member)]

Expand Down Expand Up @@ -141,7 +142,7 @@ EOS
# now that we have several keys, take the opportunity to test force-key

plgfail a1_add_access_force_key_and_pwd_g1 $a1 --osh groupAddServer --host 127.1.2.3 --user-any --port-any --force --force-password '$1$2$3456' --force-key "$key1fp" --group $group1
.error_code ERR_CONFLICTING_PARAMETERS
json .error_code ERR_INCOMPATIBLE_PARAMETERS

success a1_add_access_force_key_g1 $a1 --osh groupAddServer --host 127.1.2.3 --user-any --port-any --force --force-key "$key1fp" --group $group1

Expand Down Expand Up @@ -735,6 +736,7 @@ EOS

success a0_add_personal_access_to_a3_works $a0 --osh accountAddPersonalAccess --account $account3 --host 77.66.55.4 --user-any --port-any

local todo_inc todo_port todo_ip todo_user
(( todo_inc=1 ))
for todo_port in --port-any "--port 33"
do
Expand Down Expand Up @@ -1256,3 +1258,4 @@ EOS
}

testsuite_groups
unset -f testsuite_groups
1 change: 1 addition & 0 deletions tests/functional/tests.d/360-plugins.sh
Original file line number Diff line number Diff line change
Expand Up @@ -96,3 +96,4 @@ EOS
}

testsuite_plugins
unset -f testsuite_plugins
4 changes: 4 additions & 0 deletions tests/functional/tests.d/370-mfa.sh
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,11 @@ testsuite_mfa()
run a4_setup_pass_step1of2 $a4f --osh selfMFASetupPassword --yes
retvalshouldbe 124
contain 'enter this:'
local a4_password_tmp
a4_password_tmp=$(get_stdout | grep -Eo 'enter this: [a-zA-Z0-9_-]+' | sed -e 's/enter this: //')

# setup our password, step2
local a4_password
a4_password=']BkL>3x#T)g~~B#rLv^!T2&N'
script a4_setup_pass_step2of2 "echo 'set timeout 30; \
spawn $a4 --osh selfMFASetupPassword --yes; \
Expand Down Expand Up @@ -351,6 +353,7 @@ testsuite_mfa()
contain 'Multi-Factor Authentication enabled, an additional authentication factor is required (password).'
contain REGEX 'Password:|Password for'

local a4_totp_code_1
a4_totp_code_1=$(get_stdout | grep -A1 'Your emergency scratch codes are:' | tail -n1 | tr -d '[:space:]')
#a4_totp_code_2=$(get_stdout | grep -A2 'Your emergency scratch codes are:' | tail -n1 | tr -d '[:space:]')
#a4_totp_code_3=$(get_stdout | grep -A3 'Your emergency scratch codes are:' | tail -n1 | tr -d '[:space:]')
Expand Down Expand Up @@ -554,3 +557,4 @@ testsuite_mfa()
}

testsuite_mfa
unset -f testsuite_mfa

0 comments on commit eef10c1

Please sign in to comment.