// SPDX-License-Identifier: GPL-3.0-or-later // Copyright (C) 2021-2024 Simon Ruderich package main_test import ( "fmt" "net" "os" "os/exec" "regexp" "runtime" "strings" "testing" "time" ft "ruderich.org/simon/safcm/remote/sync/filetest" "ruderich.org/simon/safcm/testutil" ) func TestSyncSshEndToEnd(t *testing.T) { cwd, err := os.Getwd() if err != nil { t.Fatal(err) } defer os.Chdir(cwd) //nolint:errcheck var suffix string // Needs different options in sshd_config if runtime.GOOS == "openbsd" { suffix = ".openbsd" } sshDir := cwd + "/testdata/ssh" sshCmd := exec.Command("/usr/sbin/sshd", "-D", // stay in foreground "-e", // write messages to stderr instead of syslog "-f", sshDir+"/sshd/sshd_config"+suffix, "-h", sshDir+"/sshd/ssh_host_key", "-o", "AuthorizedKeysFile="+sshDir+"/ssh/authorized_keys", ) sshCmd.Stderr = os.Stderr err = sshCmd.Start() if err != nil { t.Fatal(err) } defer sshCmd.Process.Kill() //nolint:errcheck // Wait until SSH server is ready (up to 30 seconds) for i := 0; i < 30; i++ { conn, err := net.Dial("tcp", "127.0.0.1:29327") if err == nil { conn.Close() break } time.Sleep(time.Second) } err = os.Chdir(sshDir + "/project") if err != nil { t.Fatal(err) } ft.CreateDirectoryExists("no-changes.example.org", 0755) ft.CreateDirectoryExists("no-changes.example.org/files", 0755) ft.CreateDirectoryExists("no-changes.example.org/files/etc", 0755) ft.CreateDirectoryExists("no-changes.example.org/files/tmp", 0755) noChangePermissions := ` /: 0755 root root /etc: 0755 root root /tmp: 1777 root root ` if runtime.GOOS == "openbsd" || runtime.GOOS == "freebsd" { noChangePermissions = ` /: 0755 root wheel /etc: 0755 root wheel /tmp: 1777 root wheel ` } ft.CreateFile("no-changes.example.org/permissions.yaml", noChangePermissions, 0644) skipUnlessCiRun := len(os.Getenv("SAFCM_CI_RUN")) == 0 tests := []struct { name string skip bool remove bool args []string exp string expErr error }{ { "no settings", false, true, []string{"no-settings.example.org"}, `[info] [no-settings.example.org] remote helper upload in progress [info] [no-settings.example.org] no changes `, nil, }, { "no settings (no helper upload)", false, false, []string{"no-settings.example.org"}, `[info] [no-settings.example.org] no changes `, nil, }, { "no settings (error)", false, true, []string{"-log", "error", "no-settings.example.org"}, ``, nil, }, { "no settings (verbose)", false, true, []string{"-log", "verbose", "no-settings.example.org"}, `[info] [no-settings.example.org] remote helper upload in progress [verbose] [no-settings.example.org] host groups: all no-settings.example.org [verbose] [no-settings.example.org] host group priorities (descending): no-settings.example.org [info] [no-settings.example.org] no changes `, nil, }, { "no settings (debug2)", false, true, []string{"-log", "debug2", "no-settings.example.org"}, `[info] [no-settings.example.org] remote helper upload in progress [verbose] [no-settings.example.org] host groups: all no-settings.example.org [verbose] [no-settings.example.org] host group priorities (descending): no-settings.example.org [info] [no-settings.example.org] no changes `, nil, }, // NOTE: We use -n on regular runs to prevent changing // anything important on the host when running as root! { "no changes (dry-run)", false, true, []string{"-n", "no-changes.example.org"}, `[info] [no-changes.example.org] remote helper upload in progress [info] [no-changes.example.org] no changes `, nil, }, { "no changes (dry-run, debug2)", false, true, []string{"-n", "-log", "debug2", "no-changes.example.org"}, `[info] [no-changes.example.org] remote helper upload in progress [verbose] [no-changes.example.org] host groups: all no-changes.example.org [verbose] [no-changes.example.org] host group priorities (descending): no-changes.example.org [debug] [no-changes.example.org] files: "/" (no-changes.example.org): unchanged [debug] [no-changes.example.org] files: "/etc" (no-changes.example.org): unchanged [debug] [no-changes.example.org] files: "/tmp" (no-changes.example.org): unchanged [info] [no-changes.example.org] no changes `, nil, }, { "no changes", skipUnlessCiRun, true, []string{"no-changes.example.org"}, `[info] [no-changes.example.org] remote helper upload in progress [info] [no-changes.example.org] no changes `, nil, }, { "no changes (debug2)", skipUnlessCiRun, true, []string{"-log", "debug2", "no-changes.example.org"}, `[info] [no-changes.example.org] remote helper upload in progress [verbose] [no-changes.example.org] host groups: all no-changes.example.org [verbose] [no-changes.example.org] host group priorities (descending): no-changes.example.org [debug] [no-changes.example.org] files: "/" (no-changes.example.org): unchanged [debug] [no-changes.example.org] files: "/etc" (no-changes.example.org): unchanged [debug] [no-changes.example.org] files: "/tmp" (no-changes.example.org): unchanged [info] [no-changes.example.org] no changes `, nil, }, { "no effect commands (dry-run)", false, true, []string{"-n", "no-effect-commands.example.org"}, `[info] [no-effect-commands.example.org] remote helper upload in progress [info] [no-effect-commands.example.org] will execute 2 command(s): (dry-run) "echo this is a command" "true" `, nil, }, { "no effect commands (dry-run)", false, true, []string{"-n", "-log", "debug2", "no-effect-commands.example.org"}, `[info] [no-effect-commands.example.org] remote helper upload in progress [verbose] [no-effect-commands.example.org] host groups: all no-effect-commands.example.org [verbose] [no-effect-commands.example.org] host group priorities (descending): no-effect-commands.example.org [info] [no-effect-commands.example.org] will execute 2 command(s): (dry-run) "echo this is a command" "true" `, nil, }, { "no effect commands", false, true, []string{"no-effect-commands.example.org"}, `[info] [no-effect-commands.example.org] remote helper upload in progress [info] [no-effect-commands.example.org] executed 2 command(s): "echo this is a command": > this is a command "true" `, nil, }, { "no effect commands (debug2)", false, true, []string{"-log", "debug2", "no-effect-commands.example.org"}, `[info] [no-effect-commands.example.org] remote helper upload in progress [verbose] [no-effect-commands.example.org] host groups: all no-effect-commands.example.org [verbose] [no-effect-commands.example.org] host group priorities (descending): no-effect-commands.example.org [verbose] [no-effect-commands.example.org] commands: running "/bin/sh" "-c" "echo this is a command" (no-effect-commands.example.org) [debug2] [no-effect-commands.example.org] commands: command output: this is a command [verbose] [no-effect-commands.example.org] commands: running "/bin/sh" "-c" "true" (no-effect-commands.example.org) [info] [no-effect-commands.example.org] executed 2 command(s): "echo this is a command": > this is a command "true" `, nil, }, { "no effect commands failing (dry-run)", false, true, []string{"-n", "no-effect-commands-failing.example.org"}, `[info] [no-effect-commands-failing.example.org] remote helper upload in progress [info] [no-effect-commands-failing.example.org] will execute 2 command(s): (dry-run) "echo this is a command" "echo failing; false" `, nil, }, { "no effect commands failing (dry-run)", false, true, []string{"-n", "-log", "debug2", "no-effect-commands-failing.example.org"}, `[info] [no-effect-commands-failing.example.org] remote helper upload in progress [verbose] [no-effect-commands-failing.example.org] host groups: all no-effect-commands-failing.example.org [verbose] [no-effect-commands-failing.example.org] host group priorities (descending): no-effect-commands-failing.example.org [info] [no-effect-commands-failing.example.org] will execute 2 command(s): (dry-run) "echo this is a command" "echo failing; false" `, nil, }, { "no effect commands failing", false, true, []string{"no-effect-commands-failing.example.org"}, `[info] [no-effect-commands-failing.example.org] remote helper upload in progress [info] [no-effect-commands-failing.example.org] executed 2 command(s): "echo this is a command": > this is a command "echo failing; false", failed: "exit status 1": > failing [error] [no-effect-commands-failing.example.org] commands: "echo failing; false" failed: exit status 1 `, fmt.Errorf("exit status 1"), }, { "no effect commands failing (debug2)", false, true, []string{"-log", "debug2", "no-effect-commands-failing.example.org"}, `[info] [no-effect-commands-failing.example.org] remote helper upload in progress [verbose] [no-effect-commands-failing.example.org] host groups: all no-effect-commands-failing.example.org [verbose] [no-effect-commands-failing.example.org] host group priorities (descending): no-effect-commands-failing.example.org [verbose] [no-effect-commands-failing.example.org] commands: running "/bin/sh" "-c" "echo this is a command" (no-effect-commands-failing.example.org) [debug2] [no-effect-commands-failing.example.org] commands: command output: this is a command [verbose] [no-effect-commands-failing.example.org] commands: running "/bin/sh" "-c" "echo failing; false" (no-effect-commands-failing.example.org) [debug2] [no-effect-commands-failing.example.org] commands: command output: failing [info] [no-effect-commands-failing.example.org] executed 2 command(s): "echo this is a command": > this is a command "echo failing; false", failed: "exit status 1": > failing [error] [no-effect-commands-failing.example.org] commands: "echo failing; false" failed: exit status 1 `, fmt.Errorf("exit status 1"), }, } remotePath := fmt.Sprintf("/tmp/safcm-remote-%d", os.Getuid()) logRegexp := regexp.MustCompile(`^\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2} `) detectedRegexp := regexp.MustCompile(`detected_\S+`) t.Run("error before connection is established", func(t *testing.T) { // Fake $PATH so safcm cannot find the `ssh` binary. path := os.Getenv("PATH") os.Setenv("PATH", "") defer os.Setenv("PATH", path) cmd := exec.Command("../../../../../safcm", "sync", "-n", "no-settings.example.org") _, err := cmd.CombinedOutput() if err == nil { t.Errorf("err = nil") } }) for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { if tc.remove { os.Remove(remotePath) } args := append([]string{"sync", "-sshconfig", sshDir + "/ssh/ssh_config", }, tc.args...) cmd := exec.Command("../../../../../safcm", args...) out, err := cmd.CombinedOutput() var tmp []string for _, x := range strings.Split(string(out), "\n") { // Strip parts which change on each run (LOG) // or depending on the system (DET) x = logRegexp.ReplaceAllString(x, "") x = detectedRegexp.ReplaceAllString(x, "") tmp = append(tmp, x) } res := strings.Join(tmp, "\n") testutil.AssertEqual(t, "res", res, tc.exp) testutil.AssertErrorEqual(t, "err", err, tc.expErr) }) } os.Remove(remotePath) }