diff options
| -rw-r--r-- | alice.key | 27 | ||||
| -rw-r--r-- | alice.key.pub | 1 | ||||
| -rwxr-xr-x | check | 4 | ||||
| -rw-r--r-- | git.liw.fi.sh | 59 | ||||
| -rw-r--r-- | git.liw.fi.yarn | 234 |
5 files changed, 78 insertions, 247 deletions
diff --git a/alice.key b/alice.key deleted file mode 100644 index 37b9e0e..0000000 --- a/alice.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA1Spi3T/xDpwC4BlrbhlPI22kIo54F5mclY1DAVfZ32N4aLyF -Q2AJH0BWgzfnjpiqWTGLT0dwQA9Er+Opypmsyl/AWrQzhVnLp7Q/2gj/LGAc9BWN -ztg8mC5I2B13D9hOH8CUrJfusfyJRXdWvm5R4zU5UsJ7EzKdimu4cqQAWqpoT1H5 -NyGiiHqjUj4L2da5bdKKDdN+r6GBJVwNzwVZ10fShGOMYQIUucOcqwFMlSipfJ4e -U+4yQr22cQaTRysgAWTdjw0B4Mi0Tii2TJ0LM9Zt/cCHQ64G8c0qor963YXJoBJ8 -YoV0x2uKP7ATtizk59t2HTOPES+kK87aWDaPvQIDAQABAoIBAFBuJc+FiNcSVqNn -8/ke45VikUPYrcd51nM3Ucj39OUtCwm52C6L1eVMyVfJiD1trRjqcL4BHoGNQUV8 -iVxAj8nsRw/yXl46e3VTtaP3MRD1UvdmCpO5U2O4UxP4SixYWWHxsCdPTGkr+D+V -v80qowsv0elAKGAeAQNxka7v4pJSeSShMSmn2n8Ac9dCB05JjrY/5pVDbuvLk57J -8K1lNHmBP0DorBhvJFayEeEfIZfl/rPfxbnnkFobcFI20df7DalMaZ4fzexRh1zq -SPcnI0QF1fffEmSWrHc0NGMTBRChDws7rw2rnn63sVMZ4WM0EBUmgfIZuxi2Wm7+ -Y5UlzAECgYEA/LLmo9zztC2yxhJzYtbfVVsXQOKBZazxCHu4foxa+E6eT7DIaoJp -WfDErSvPXFeLrY4iwZi1RbilNPCvIbcSWptT63QUmQ1yu3iRAF0tC9TmubOcrJ/b -qyx5MRx3uBEs5/dJGMhhnz77SjO5zJU4/4n64X6NxqTMJ80qfjrk9l0CgYEA1/NG -QJ4VCrD3ii7Ap1oV0Tu+DTxxm/Vpf+0p0XD8BfJywimTNmXPV5Z9z75LVh7kDyBw -VJj2ZTFFs3d9Fc89EjYsk+lYhdphnJZ3REo1Vc2oIE/ipoHv1PXFfDlDSYKn5Wy2 -kKSMOne6NX/g3RCp0eQlFTwNa83aof942iGxqOECgYAtFgpaoDiHJEQqXO5jay0L -wKXkeMVXi8Sxm8luIsK0XOqYE1We00fSuUeOEiv8MM6GF78RxZpKJ0iqqmrE3DIV -InOVpe9q42BeHIPaicVYwBKufWJt1lPONbAl2AtwNvhJJvDO0CnCzOzu702uN82k -oky14OuQzqRyUYPMY9uoLQKBgAgefWWwi9n7DVOErnmcSXW0aVDWFO9oKq9Em23k -cZVHqEjkh0RkT4dbgR9uaCa0wp5O+eo0Vg836wb0Vx+ayxEEOGjXPRzLOSBKB/Hp -WFgBg3CzkDHycLHxC5vAC2eYIffePn7xsNQB7F5WkH2/QqNBkKNbvqVu9+lfUYvh -+GwBAoGBAJV8sTl/vsrMEOZ/vBXSjsyT5ymMZRNBW5PNhfzy7IvhXxXbatQk7/Zz -/VyihqJaIujjmEefeyMMrwTeh0vXmQSp3E7WfdFtgFgxuOaXPaqpLCOBIisYf9eP -jLnvX6YzAhxAYkbNwvmeP6eVlhAf01mkiq9ohwCZVCx8bZoeAW+M ------END RSA PRIVATE KEY----- diff --git a/alice.key.pub b/alice.key.pub deleted file mode 100644 index eb93ea7..0000000 --- a/alice.key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVKmLdP/EOnALgGWtuGU8jbaQijngXmZyVjUMBV9nfY3hovIVDYAkfQFaDN+eOmKpZMYtPR3BAD0Sv46nKmazKX8BatDOFWcuntD/aCP8sYBz0FY3O2DyYLkjYHXcP2E4fwJSsl+6x/IlFd1a+blHjNTlSwnsTMp2Ka7hypABaqmhPUfk3IaKIeqNSPgvZ1rlt0ooN036voYElXA3PBVnXR9KEY4xhAhS5w5yrAUyVKKl8nh5T7jJCvbZxBpNHKyABZN2PDQHgyLROKLZMnQsz1m39wIdDrgbxzSqiv3rdhcmgEnxihXTHa4o/sBO2LOTn23YdM48RL6QrztpYNo+9 liw@havelock @@ -2,8 +2,8 @@ set -eu -yarn --verbose \ - --env GITANO=git@testgit2 \ +yarn --verbose --log yarn.log \ + --env GITANO=git \ --env GITHOST=testgit2 \ --env "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" \ -s git.liw.fi.sh git.liw.fi.yarn diff --git a/git.liw.fi.sh b/git.liw.fi.sh index 6f1163c..f4245f1 100644 --- a/git.liw.fi.sh +++ b/git.liw.fi.sh @@ -1,14 +1,7 @@ -gitano() -{ - local keyname="$1" - shift - if [ "$keyname" = "liw" ] - then - ssh "$GITANO" "$@" - else - SSH_AUTH_SOCK= ssh -F "ssh.conf" -i "$keyname.key" "$GITANO" "$@" - fi -} +# Shell library for running git.liw.fi ACL tests. + + +# This is handy for giving an error message and aborting. die() { @@ -16,40 +9,28 @@ die() exit 1 } -attempt() -{ - if "$@" > "$DATADIR/attempt.stdout" 2> "$DATADIR/attempt.stderr" - then - echo 0 > "$DATADIR/attempt.exit" - else - echo $? > "$DATADIR/attempt.exit" - fi -} -clone_using_git() +# Run gitano on the server using a desired ssh key. The key is +# either the admin key (i.e., they key of whoever invoked the +# test suite), or a test key we've created in $DATADIR. + +run_gitano_as() { - local dir="$1/$2" - local url="git://$GITHOST/$2" - rm -rf "$dir" - mkdir -p "$dir" - if [ "$1" = liw ] + local keyname="$1" + shift + if [ "$keyname" = "admin" ] then - git clone "$url" "$dir" + ssh "$GITANO@$GITHOST" "$@" else - SSH_AUTH_SOCK= git clone "$url" "$dir" + SSH_AUTH_SOCK= ssh -F "ssh.conf" -i "$DATADIR/$keyname.key" \ + "$GITANO@GITHOST" "$@" fi } -clone_using_ssh() + +# Does a user exist on the server? + +user_exists() { - local dir="$1/$2" - local url="ssh://$GITANO/$2" - rm -rf "$dir" - mkdir -p "$dir" - if [ "$1" = liw ] - then - git clone "$url" "$dir" - else - PATH="$SRCDIR:$PATH" git clone "$url" "$dir" - fi + ssh "$GITANO@$GITHOST" user | grep "^$1:" } diff --git a/git.liw.fi.yarn b/git.liw.fi.yarn index 7b592ce..c04b26b 100644 --- a/git.liw.fi.yarn +++ b/git.liw.fi.yarn @@ -1,207 +1,85 @@ Test suite for ACL on git.liw.fi ================================ -FIXME: alice.key should be genreated by test suite, not stored in git -FIXME: alice/ and liw/ should be cleaned up +Introduction +------------ This is a test suite for my Gitano ACL setup on git.liw.fi. It is run -against either the real or a test instance of the setup. +against either the real or a test instance of the setup. It requires +the person running it to have admin access on the Gitano instance, +so the tests can create and remove users and repositories. -Fundamental concepts: +Pre-requisites +-------------- -* liw is my user account -* alice and bob are test accounts -* foo, private/foo and alice/foo are test repositories +Yarn must be run with `--env` used to set the environment variables +`GITANO` and `GITHOST`. `GITANO` must be the Unix user for the +Gitano instance (typically `git`), and `GITHOST` must be the address +of the host (IP address or domain name). -Here's a scenario for verifying that I can create and remove -users and accounts. +The person running this test suite must be able to log in to the +Gitano instance using their normal ssh key. In other words, +`ssh "$GITANO@$GITHOST" whoami` must work. - SCENARIO git.liw.fi gitano ruleset testing +See the `check` script for details on how to invoke yarn for this test +suite. - GIVEN user alice does not exist - AND user bob does not exist - AND repository private/foo does not exist - AND repository foo does not exist - AND repository alice/foo does not exist +The test suite will create a user called `tstusr`, and remove it +after the test suite. The user may get created and removed multiple +times. If the user existed beforehand, it will be removed. -I need to be able to create a user. +User creation +------------- - WHEN liw creates user alice - THEN user alice exists +The admin must be able to create and remove a user. -However, nobody else should be able to do that. - - WHEN alice attempts to create user bob - THEN gitano gives an error matching "You may not perform site administration" - -I should be able to create a private repository. I should see it, -and be able to clone it over ssh, but not over git. Others should -not be able to see or clone it. Private repositories are those -under the private/ prefix. - - WHEN liw creates repository private/foo - THEN liw cannot clone private/foo using git - AND liw can clone private/foo using ssh - AND liw can see private/foo - AND alice cannot clone private/foo using git - AND alice cannot clone private/foo using ssh - AND alice cannot see private/foo - AND cgit does not allow viewing private/foo - -I should be able to change the private repository. Others can't, since -they can't clone it. (FIXME: What happens if it was public, but now -isn't?) - - WHEN liw creates master branch in private/foo - AND liw makes change in cloned private/foo in master - THEN liw can push master in private/foo - -I should be able to create a public repository, and see it and coone -it over both git and ssh. So should others. - - WHEN liw creates repository foo - THEN liw can see foo - AND liw can clone foo using git - AND liw can clone foo using ssh - AND alice can see foo - AND alice can clone foo using git - AND alice can clone foo using ssh - AND cgit allows viewing foo - -I should be able to change the master branch. - - WHEN liw creates master branch in foo - AND liw makes change in cloned foo in master - THEN liw can push master in foo - -Others mustn't be able to push a change to master. - - WHEN alice makes change in cloned foo in master - AND alice attempts to push master in foo - THEN gitano gives an error matching "FIXME" - -However, they can create a branch prefixed by their username -and a slash, and push that. - - WHEN alice creates branch alice/branch in foo - AND alice makes change in cloned foo in alice/branch - THEN alice can push alice/branch in foo - -Others mustn't be able to create repositories. I'm not running -a general git hosting service. - - WHEN alice attempts to create repository alice/bar - THEN gitano gives an error matching "FIXME" - -Some cleanup at the end. - - FINALLY remove user alice - AND remove user bob - AND remove repository foo - AND remove repository private/foo - AND remove repository alice/foo + SCENARIO admin can create and remove a user + ASSUMING no tstusr user exists on server + GIVEN an ssh key for tstusr + WHEN admin creates user tstusr + THEN user tstusr exists + FINALLY remove user tstusr on server Implementations --------------- - IMPLEMENTS THEN user (\S+) exists - gitano liw user | grep "^$MATCH_1:" +Verify that there are no test related users on the server. If there +is, something's gone wrong in a previous run, and things should be +cleaned up manually. Or another run of the test suite is going on, and +we shouldn't interfere with that. - IMPLEMENTS GIVEN user (\S+) does not exist - if gitano liw user | grep "^$MATCH_1:" - then - die "User $MATCH_1 seems to exist" - fi +We split up the various assumptions so the implementation code +doesn't make assumptions on user names, etc. - IMPLEMENTS GIVEN repository (\S+) does not exist - if gitano liw ls | awk -v "r=$MATCH_1" '$NF == r' | grep . + IMPLEMENTS ASSUMING no (\S+) user exists on server + if user_exists "$MATCH_1" then - die "Repo $MATCH_1 seems to exist already" + die "User $MATCH_1 exists on server, but shouldn't" fi + +Create an ssh key for a user. This is generated for a scenario, +then discarded. - IMPLEMENTS WHEN (\S+) creates user (\S+) - gitano "$MATCH_1" user add "$MATCH_2" "$MATCH_2" "$MATCH_2@example.com" - gitano "$MATCH_1" as "$MATCH_2" sshkey add default < "$MATCH_2.key.pub" - - IMPLEMENTS WHEN (\S+) attempts to create user (\S+) - attempt gitano "$MATCH_1" \ - user add "$MATCH_2" "$MATCH_2" "$MATCH_2@example.com" - - IMPLEMENTS THEN gitano gives an error matching "(.*)"$ - cat "$DATADIR/attempt.stderr" - grep "$MATCH_1" "$DATADIR/attempt.stderr" - - IMPLEMENTS WHEN (\S+) creates repository (\S+) - gitano "$MATCH_1" create "$MATCH_2" - - IMPLEMENTS THEN (\S+) cannot clone (\S+) using git - if clone_using_git "$MATCH_1" "$MATCH_2" - then - die "Clone of $MATCH using git succeeded unexpectedly" - fi - - IMPLEMENTS THEN (\S+) cannot clone (\S+) using ssh - if clone_using_ssh "$MATCH_1" "$MATCH_2" - then - die "Clone of $MATCH_2 using ssh succeeded unexpectedly" - fi - - IMPLEMENTS THEN (\S+) can clone (\S+) using git - clone_using_git "$MATCH_1" "$MATCH_2" - - IMPLEMENTS THEN (\S+) can clone (\S+) using ssh - clone_using_ssh "$MATCH_1" "$MATCH_2" - - IMPLEMENTS THEN (\S+) can see (\S+) - gitano "$MATCH_1" ls | awk -v "r=$MATCH_2" '$NF == r' | grep . - - IMPLEMENTS THEN (\S+) cannot see (\S+) - if gitano "$MATCH_1" ls | awk -v "r=$MATCH_2" '$NF == r' | grep . - then - die "User $MATCH_1 can see repo $MATCH_2 unexpectedly" - fi - - IMPLEMENTS THEN cgit allows viewing (\S+) - true - - IMPLEMENTS THEN cgit does not allow viewing (\S+) - true - - IMPLEMENTS WHEN (\S+) creates master branch in (\S+) - cd "$MATCH_1/$MATCH_2" - touch foo.txt - git add foo.txt - git commit -m initial - - IMPLEMENTS WHEN (\S+) makes change in cloned (\S+) in (\S+) - cd "$MATCH_1/$MATCH_2" - git checkout "$MATCH_3" - date > foo.txt - git add foo.txt - git commit -m change - - IMPLEMENTS THEN (\S+) can push (\S+) in (\S+) - true + IMPLEMENTS GIVEN an ssh key for (\S+) + ssh-keygen -f "$DATADIR/$MATCH_1.key" -N '' + +Create a user on the server. Only an admin should be able to do +this, but anyone can try. Note that since we only care about +usernames, we invent the real name and e-mail address. - IMPLEMENTS WHEN (\S+) attempts to push (\S+) in (\S+) - true + IMPLEMENTS WHEN (\S+) creates user (\S+) + run_gitano_as "$MATCH_1" user add "$MATCH_2" name foo@example.com - IMPLEMENTS WHEN (\S+) creates branch (\S+) in (\S+) - true +Verify a user exists on the server. - IMPLEMENTS WHEN (\S+) attempts to create repository (\S+) - attempt gitano "$MATCH_1" create "$MATCH_2" + IMPLEMENTS THEN user (\S+) exists + user_exists "$MATCH_1" - IMPLEMENTS FINALLY remove user (\S+) - if gitano liw user del "$MATCH_1" 2> "$DATADIR/temp" - then - gitano liw user del "$MATCH_1" \ - $(awk '{ s = $2 } END { print s }' "$DATADIR/temp") - fi +Clean up user. - IMPLEMENTS FINALLY remove repository (\S+) - if gitano liw destroy "$MATCH_1" 2> "$DATADIR/temp" + IMPLEMENTS FINALLY remove user (\S+) on server + if run_gitano_as admin user del "$MATCH_1" 2> "$DATADIR/temp" then - gitano liw destroy "$MATCH_1" \ - $(awk '{ s = $2 } END { print s }' "$DATADIR/temp") + run_gitano_as admin user del "$MATCH_1" \ + $(awk '{ s = $2 } END { print s }' "$DATADIR/temp") fi |