From 3d2b3661563d4887d25f5ff1f5b57f27aca973b6 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sun, 2 Aug 2020 21:12:45 +0000 Subject: [PATCH] tests: move common code in tests to lib --- test/scenarios/default.py | 96 ------------------------------------- test/scenarios/lib.py | 96 +++++++++++++++++++++++++++++++++++++ test/scenarios/withnetns.py | 96 ------------------------------------- 3 files changed, 96 insertions(+), 192 deletions(-) diff --git a/test/scenarios/default.py b/test/scenarios/default.py index 7de4c0a..09aaaa2 100644 --- a/test/scenarios/default.py +++ b/test/scenarios/default.py @@ -1,99 +1,3 @@ -### Tests - -assert_running("setup-secrets") -# Unused secrets should be inaccessible -succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') - -assert_running("bitcoind") -machine.wait_until_succeeds("bitcoin-cli getnetworkinfo") -assert_matches("su operator -c 'bitcoin-cli getnetworkinfo' | jq", '"version"') -# Test RPC Whitelist -machine.wait_until_succeeds("su operator -c 'bitcoin-cli help'") -# Restating rpcuser & rpcpassword overrides privileged credentials -machine.fail( - "bitcoin-cli -rpcuser=publicrpc -rpcpassword=$(cat /secrets/bitcoin-rpcpassword-public) help" -) -machine.wait_until_succeeds( - log_has_string("bitcoind", "RPC User publicrpc not allowed to call method help") -) - -assert_running("electrs") -# Check RPC connection to bitcoind -machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) -assert_running("nginx") -# Stop electrs from spamming the test log with 'wait for bitcoind sync' messages -succeed("systemctl stop electrs") - -assert_running("liquidd") -machine.wait_until_succeeds("elements-cli getnetworkinfo") -assert_matches("su operator -c 'elements-cli getnetworkinfo' | jq", '"version"') -succeed("su operator -c 'liquidswap-cli --help'") - -assert_running("clightning") -assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') - -assert_running("spark-wallet") -spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] - -assert_running("lightning-charge") -charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] - -assert_running("nanopos") - -assert_running("onion-chef") - -# FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due -# to incomplete unit dependencies. -# 'create-web-index' implicitly tests 'nodeinfo'. -machine.wait_for_unit("create-web-index") - -machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) -assert_no_failure("bitcoind-import-banlist") - -# test that `systemctl status` can't leak credentials -assert_matches( - "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", - "Failed to dump process list for 'clightning.service', ignoring: Access denied", -) -machine.succeed("grep -Fq hidepid=2 /proc/mounts") - -### Additional tests - -# Current time in µs -pre_restart = succeed("date +%s.%6N").rstrip() - -# Sanity-check system by restarting all services -succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") - -# Now that the bitcoind restart triggered a banlist import restart, check that -# re-importing already banned addresses works -machine.wait_until_succeeds( - log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") -) -assert_no_failure("bitcoind-import-banlist") - -### Test lnd - -stopped_services = "nanopos lightning-charge spark-wallet clightning" -succeed("systemctl stop " + stopped_services) -succeed("systemctl start lnd") -assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') -assert_no_failure("lnd") - -### Test loopd - -succeed("systemctl start lightning-loop") -assert_matches("su operator -c 'loop --version'", "version") -# Check that lightning-loop fails with the right error, making sure -# lightning-loop can connect to lnd -machine.wait_until_succeeds( - log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") -) - -### Stop lnd and restart clightning -succeed("systemctl stop lnd") -succeed("systemctl start " + stopped_services) - ## electrs # the main test body stops electrs succeed("systemctl start electrs") diff --git a/test/scenarios/lib.py b/test/scenarios/lib.py index 6fe4487..7e8dc6c 100644 --- a/test/scenarios/lib.py +++ b/test/scenarios/lib.py @@ -32,3 +32,99 @@ def assert_running(unit): # Don't execute the following test suite when this script is running in interactive mode if "is_interactive" in vars(): raise Exception() + +### Tests + +assert_running("setup-secrets") +# Unused secrets should be inaccessible +succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') + +assert_running("bitcoind") +machine.wait_until_succeeds("bitcoin-cli getnetworkinfo") +assert_matches("su operator -c 'bitcoin-cli getnetworkinfo' | jq", '"version"') +# Test RPC Whitelist +machine.wait_until_succeeds("su operator -c 'bitcoin-cli help'") +# Restating rpcuser & rpcpassword overrides privileged credentials +machine.fail( + "bitcoin-cli -rpcuser=publicrpc -rpcpassword=$(cat /secrets/bitcoin-rpcpassword-public) help" +) +machine.wait_until_succeeds( + log_has_string("bitcoind", "RPC User publicrpc not allowed to call method help") +) + +assert_running("electrs") +# Check RPC connection to bitcoind +machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) +assert_running("nginx") +# Stop electrs from spamming the test log with 'wait for bitcoind sync' messages +succeed("systemctl stop electrs") + +assert_running("liquidd") +machine.wait_until_succeeds("elements-cli getnetworkinfo") +assert_matches("su operator -c 'elements-cli getnetworkinfo' | jq", '"version"') +succeed("su operator -c 'liquidswap-cli --help'") + +assert_running("clightning") +assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') + +assert_running("spark-wallet") +spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] + +assert_running("lightning-charge") +charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] + +assert_running("nanopos") + +assert_running("onion-chef") + +# FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due +# to incomplete unit dependencies. +# 'create-web-index' implicitly tests 'nodeinfo'. +machine.wait_for_unit("create-web-index") + +machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) +assert_no_failure("bitcoind-import-banlist") + +# test that `systemctl status` can't leak credentials +assert_matches( + "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", + "Failed to dump process list for 'clightning.service', ignoring: Access denied", +) +machine.succeed("grep -Fq hidepid=2 /proc/mounts") + +### Additional tests + +# Current time in µs +pre_restart = succeed("date +%s.%6N").rstrip() + +# Sanity-check system by restarting all services +succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") + +# Now that the bitcoind restart triggered a banlist import restart, check that +# re-importing already banned addresses works +machine.wait_until_succeeds( + log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") +) +assert_no_failure("bitcoind-import-banlist") + +### Test lnd + +stopped_services = "nanopos lightning-charge spark-wallet clightning" +succeed("systemctl stop " + stopped_services) +succeed("systemctl start lnd") +assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') +assert_no_failure("lnd") + +### Test loopd + +succeed("systemctl start lightning-loop") +assert_matches("su operator -c 'loop --version'", "version") +# Check that lightning-loop fails with the right error, making sure +# lightning-loop can connect to lnd +machine.wait_until_succeeds( + log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") +) + +### Stop lnd and restart clightning +succeed("systemctl stop lnd") +succeed("systemctl start " + stopped_services) diff --git a/test/scenarios/withnetns.py b/test/scenarios/withnetns.py index 0cf8e64..d2f102f 100644 --- a/test/scenarios/withnetns.py +++ b/test/scenarios/withnetns.py @@ -1,99 +1,3 @@ -### Tests - -assert_running("setup-secrets") -# Unused secrets should be inaccessible -succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') - -assert_running("bitcoind") -machine.wait_until_succeeds("bitcoin-cli getnetworkinfo") -assert_matches("su operator -c 'bitcoin-cli getnetworkinfo' | jq", '"version"') -# Test RPC Whitelist -machine.wait_until_succeeds("su operator -c 'bitcoin-cli help'") -# Restating rpcuser & rpcpassword overrides privileged credentials -machine.fail( - "bitcoin-cli -rpcuser=publicrpc -rpcpassword=$(cat /secrets/bitcoin-rpcpassword-public) help" -) -machine.wait_until_succeeds( - log_has_string("bitcoind", "RPC User publicrpc not allowed to call method help") -) - -assert_running("electrs") -# Check RPC connection to bitcoind -machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) -assert_running("nginx") -# Stop electrs from spamming the test log with 'wait for bitcoind sync' messages -succeed("systemctl stop electrs") - -assert_running("liquidd") -machine.wait_until_succeeds("elements-cli getnetworkinfo") -assert_matches("su operator -c 'elements-cli getnetworkinfo' | jq", '"version"') -succeed("su operator -c 'liquidswap-cli --help'") - -assert_running("clightning") -assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') - -assert_running("spark-wallet") -spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] - -assert_running("lightning-charge") -charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] - -assert_running("nanopos") - -assert_running("onion-chef") - -# FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due -# to incomplete unit dependencies. -# 'create-web-index' implicitly tests 'nodeinfo'. -machine.wait_for_unit("create-web-index") - -machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) -assert_no_failure("bitcoind-import-banlist") - -# test that `systemctl status` can't leak credentials -assert_matches( - "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", - "Failed to dump process list for 'clightning.service', ignoring: Access denied", -) -machine.succeed("grep -Fq hidepid=2 /proc/mounts") - -### Additional tests - -# Current time in µs -pre_restart = succeed("date +%s.%6N").rstrip() - -# Sanity-check system by restarting all services -succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") - -# Now that the bitcoind restart triggered a banlist import restart, check that -# re-importing already banned addresses works -machine.wait_until_succeeds( - log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") -) -assert_no_failure("bitcoind-import-banlist") - -### Test lnd - -stopped_services = "nanopos lightning-charge spark-wallet clightning" -succeed("systemctl stop " + stopped_services) -succeed("systemctl start lnd") -assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') -assert_no_failure("lnd") - -### Test loopd - -succeed("systemctl start lightning-loop") -assert_matches("su operator -c 'loop --version'", "version") -# Check that lightning-loop fails with the right error, making sure -# lightning-loop can connect to lnd -machine.wait_until_succeeds( - log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") -) - -### Stop lnd and restart clightning -succeed("systemctl stop lnd") -succeed("systemctl start " + stopped_services) - # netns IP addresses bitcoind_ip = "169.254.1.12" clightning_ip = "169.254.1.13"