diff options
| author | Lars Wirzenius <liw@liw.fi> | 2013-10-06 10:15:36 +0100 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2013-10-06 10:15:36 +0100 |
| commit | 6b695644b0c514e736af88bf70b1a0838dd6c46e (patch) | |
| tree | 65c4aa71473f93fd1819c43a8ca90ebbe89e9a5b /git.liw.fi.yarn | |
| parent | 7adcf9315cf08217a1a5948258c0c2cd58b2d7d7 (diff) | |
| download | liw-gitano-acl-test-suite-6b695644b0c514e736af88bf70b1a0838dd6c46e.tar.gz | |
Start test suite over from scratch
Remove static test key for test user.
Diffstat (limited to 'git.liw.fi.yarn')
| -rw-r--r-- | git.liw.fi.yarn | 234 |
1 files changed, 56 insertions, 178 deletions
diff --git a/git.liw.fi.yarn b/git.liw.fi.yarn index 7b592ce..c04b26b 100644 --- a/git.liw.fi.yarn +++ b/git.liw.fi.yarn @@ -1,207 +1,85 @@ Test suite for ACL on git.liw.fi ================================ -FIXME: alice.key should be genreated by test suite, not stored in git -FIXME: alice/ and liw/ should be cleaned up +Introduction +------------ This is a test suite for my Gitano ACL setup on git.liw.fi. It is run -against either the real or a test instance of the setup. +against either the real or a test instance of the setup. It requires +the person running it to have admin access on the Gitano instance, +so the tests can create and remove users and repositories. -Fundamental concepts: +Pre-requisites +-------------- -* liw is my user account -* alice and bob are test accounts -* foo, private/foo and alice/foo are test repositories +Yarn must be run with `--env` used to set the environment variables +`GITANO` and `GITHOST`. `GITANO` must be the Unix user for the +Gitano instance (typically `git`), and `GITHOST` must be the address +of the host (IP address or domain name). -Here's a scenario for verifying that I can create and remove -users and accounts. +The person running this test suite must be able to log in to the +Gitano instance using their normal ssh key. In other words, +`ssh "$GITANO@$GITHOST" whoami` must work. - SCENARIO git.liw.fi gitano ruleset testing +See the `check` script for details on how to invoke yarn for this test +suite. - GIVEN user alice does not exist - AND user bob does not exist - AND repository private/foo does not exist - AND repository foo does not exist - AND repository alice/foo does not exist +The test suite will create a user called `tstusr`, and remove it +after the test suite. The user may get created and removed multiple +times. If the user existed beforehand, it will be removed. -I need to be able to create a user. +User creation +------------- - WHEN liw creates user alice - THEN user alice exists +The admin must be able to create and remove a user. -However, nobody else should be able to do that. - - WHEN alice attempts to create user bob - THEN gitano gives an error matching "You may not perform site administration" - -I should be able to create a private repository. I should see it, -and be able to clone it over ssh, but not over git. Others should -not be able to see or clone it. Private repositories are those -under the private/ prefix. - - WHEN liw creates repository private/foo - THEN liw cannot clone private/foo using git - AND liw can clone private/foo using ssh - AND liw can see private/foo - AND alice cannot clone private/foo using git - AND alice cannot clone private/foo using ssh - AND alice cannot see private/foo - AND cgit does not allow viewing private/foo - -I should be able to change the private repository. Others can't, since -they can't clone it. (FIXME: What happens if it was public, but now -isn't?) - - WHEN liw creates master branch in private/foo - AND liw makes change in cloned private/foo in master - THEN liw can push master in private/foo - -I should be able to create a public repository, and see it and coone -it over both git and ssh. So should others. - - WHEN liw creates repository foo - THEN liw can see foo - AND liw can clone foo using git - AND liw can clone foo using ssh - AND alice can see foo - AND alice can clone foo using git - AND alice can clone foo using ssh - AND cgit allows viewing foo - -I should be able to change the master branch. - - WHEN liw creates master branch in foo - AND liw makes change in cloned foo in master - THEN liw can push master in foo - -Others mustn't be able to push a change to master. - - WHEN alice makes change in cloned foo in master - AND alice attempts to push master in foo - THEN gitano gives an error matching "FIXME" - -However, they can create a branch prefixed by their username -and a slash, and push that. - - WHEN alice creates branch alice/branch in foo - AND alice makes change in cloned foo in alice/branch - THEN alice can push alice/branch in foo - -Others mustn't be able to create repositories. I'm not running -a general git hosting service. - - WHEN alice attempts to create repository alice/bar - THEN gitano gives an error matching "FIXME" - -Some cleanup at the end. - - FINALLY remove user alice - AND remove user bob - AND remove repository foo - AND remove repository private/foo - AND remove repository alice/foo + SCENARIO admin can create and remove a user + ASSUMING no tstusr user exists on server + GIVEN an ssh key for tstusr + WHEN admin creates user tstusr + THEN user tstusr exists + FINALLY remove user tstusr on server Implementations --------------- - IMPLEMENTS THEN user (\S+) exists - gitano liw user | grep "^$MATCH_1:" +Verify that there are no test related users on the server. If there +is, something's gone wrong in a previous run, and things should be +cleaned up manually. Or another run of the test suite is going on, and +we shouldn't interfere with that. - IMPLEMENTS GIVEN user (\S+) does not exist - if gitano liw user | grep "^$MATCH_1:" - then - die "User $MATCH_1 seems to exist" - fi +We split up the various assumptions so the implementation code +doesn't make assumptions on user names, etc. - IMPLEMENTS GIVEN repository (\S+) does not exist - if gitano liw ls | awk -v "r=$MATCH_1" '$NF == r' | grep . + IMPLEMENTS ASSUMING no (\S+) user exists on server + if user_exists "$MATCH_1" then - die "Repo $MATCH_1 seems to exist already" + die "User $MATCH_1 exists on server, but shouldn't" fi + +Create an ssh key for a user. This is generated for a scenario, +then discarded. - IMPLEMENTS WHEN (\S+) creates user (\S+) - gitano "$MATCH_1" user add "$MATCH_2" "$MATCH_2" "$MATCH_2@example.com" - gitano "$MATCH_1" as "$MATCH_2" sshkey add default < "$MATCH_2.key.pub" - - IMPLEMENTS WHEN (\S+) attempts to create user (\S+) - attempt gitano "$MATCH_1" \ - user add "$MATCH_2" "$MATCH_2" "$MATCH_2@example.com" - - IMPLEMENTS THEN gitano gives an error matching "(.*)"$ - cat "$DATADIR/attempt.stderr" - grep "$MATCH_1" "$DATADIR/attempt.stderr" - - IMPLEMENTS WHEN (\S+) creates repository (\S+) - gitano "$MATCH_1" create "$MATCH_2" - - IMPLEMENTS THEN (\S+) cannot clone (\S+) using git - if clone_using_git "$MATCH_1" "$MATCH_2" - then - die "Clone of $MATCH using git succeeded unexpectedly" - fi - - IMPLEMENTS THEN (\S+) cannot clone (\S+) using ssh - if clone_using_ssh "$MATCH_1" "$MATCH_2" - then - die "Clone of $MATCH_2 using ssh succeeded unexpectedly" - fi - - IMPLEMENTS THEN (\S+) can clone (\S+) using git - clone_using_git "$MATCH_1" "$MATCH_2" - - IMPLEMENTS THEN (\S+) can clone (\S+) using ssh - clone_using_ssh "$MATCH_1" "$MATCH_2" - - IMPLEMENTS THEN (\S+) can see (\S+) - gitano "$MATCH_1" ls | awk -v "r=$MATCH_2" '$NF == r' | grep . - - IMPLEMENTS THEN (\S+) cannot see (\S+) - if gitano "$MATCH_1" ls | awk -v "r=$MATCH_2" '$NF == r' | grep . - then - die "User $MATCH_1 can see repo $MATCH_2 unexpectedly" - fi - - IMPLEMENTS THEN cgit allows viewing (\S+) - true - - IMPLEMENTS THEN cgit does not allow viewing (\S+) - true - - IMPLEMENTS WHEN (\S+) creates master branch in (\S+) - cd "$MATCH_1/$MATCH_2" - touch foo.txt - git add foo.txt - git commit -m initial - - IMPLEMENTS WHEN (\S+) makes change in cloned (\S+) in (\S+) - cd "$MATCH_1/$MATCH_2" - git checkout "$MATCH_3" - date > foo.txt - git add foo.txt - git commit -m change - - IMPLEMENTS THEN (\S+) can push (\S+) in (\S+) - true + IMPLEMENTS GIVEN an ssh key for (\S+) + ssh-keygen -f "$DATADIR/$MATCH_1.key" -N '' + +Create a user on the server. Only an admin should be able to do +this, but anyone can try. Note that since we only care about +usernames, we invent the real name and e-mail address. - IMPLEMENTS WHEN (\S+) attempts to push (\S+) in (\S+) - true + IMPLEMENTS WHEN (\S+) creates user (\S+) + run_gitano_as "$MATCH_1" user add "$MATCH_2" name foo@example.com - IMPLEMENTS WHEN (\S+) creates branch (\S+) in (\S+) - true +Verify a user exists on the server. - IMPLEMENTS WHEN (\S+) attempts to create repository (\S+) - attempt gitano "$MATCH_1" create "$MATCH_2" + IMPLEMENTS THEN user (\S+) exists + user_exists "$MATCH_1" - IMPLEMENTS FINALLY remove user (\S+) - if gitano liw user del "$MATCH_1" 2> "$DATADIR/temp" - then - gitano liw user del "$MATCH_1" \ - $(awk '{ s = $2 } END { print s }' "$DATADIR/temp") - fi +Clean up user. - IMPLEMENTS FINALLY remove repository (\S+) - if gitano liw destroy "$MATCH_1" 2> "$DATADIR/temp" + IMPLEMENTS FINALLY remove user (\S+) on server + if run_gitano_as admin user del "$MATCH_1" 2> "$DATADIR/temp" then - gitano liw destroy "$MATCH_1" \ - $(awk '{ s = $2 } END { print s }' "$DATADIR/temp") + run_gitano_as admin user del "$MATCH_1" \ + $(awk '{ s = $2 } END { print s }' "$DATADIR/temp") fi |