CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'feature/docker-tests' into 'develop' 

Fix docker tests

See merge request passbolt/passbolt_docker!127
This commit is contained in:
Diego Lendoiro 2021-02-22 15:04:46 +00:00
parent 4e366a9888 4cbb992c47
commit 9300736e7a
6 changed files with 50 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -32,3 +32,5 @@ conf/*.key
src src
.ruby-version .ruby-version
.bundle

47
Gemfile.lock
View File

@ -1,45 +1,45 @@
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
coderay (1.1.2) coderay (1.1.3)
diff-lcs (1.3) diff-lcs (1.4.4)
docker-api (1.34.2) docker-api (2.0.0)
excon (>= 0.47.0) excon (>= 0.47.0)
multi_json multi_json
excon (0.73.0) excon (0.79.0)
method_source (1.0.0) method_source (1.0.0)
multi_json (1.14.1) multi_json (1.15.0)
net-scp (2.0.0) net-scp (3.0.0)
net-ssh (>= 2.6.5, < 6.0.0) net-ssh (>= 2.6.5, < 7.0.0)
net-ssh (5.2.0) net-ssh (6.1.0)
net-telnet (0.1.1) net-telnet (0.1.1)
pry (0.13.1) pry (0.14.0)
coderay (~> 1.1) coderay (~> 1.1)
method_source (~> 1.0) method_source (~> 1.0)
rake (13.0.1) rake (13.0.3)
rspec (3.9.0) rspec (3.10.0)
rspec-core (~> 3.9.0) rspec-core (~> 3.10.0)
rspec-expectations (~> 3.9.0) rspec-expectations (~> 3.10.0)
rspec-mocks (~> 3.9.0) rspec-mocks (~> 3.10.0)
rspec-core (3.9.1) rspec-core (3.10.1)
rspec-support (~> 3.9.1) rspec-support (~> 3.10.0)
rspec-expectations (3.9.1) rspec-expectations (3.10.1)
diff-lcs (>= 1.2.0, < 2.0) diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.9.0) rspec-support (~> 3.10.0)
rspec-its (1.3.0) rspec-its (1.3.0)
rspec-core (>= 3.0.0) rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0) rspec-expectations (>= 3.0.0)
rspec-mocks (3.9.1) rspec-mocks (3.10.2)
diff-lcs (>= 1.2.0, < 2.0) diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.9.0) rspec-support (~> 3.10.0)
rspec-support (3.9.2) rspec-support (3.10.2)
serverspec (2.41.5) serverspec (2.41.5)
multi_json multi_json
rspec (~> 3.0) rspec (~> 3.0)
rspec-its rspec-its
specinfra (~> 2.72) specinfra (~> 2.72)
sfl (2.3) sfl (2.3)
specinfra (2.82.15) specinfra (2.82.23)
net-scp net-scp
net-ssh (>= 2.7) net-ssh (>= 2.7)
net-telnet (= 0.1.1) net-telnet (= 0.1.1)
@ -47,6 +47,7 @@ GEM
PLATFORMS PLATFORMS
ruby ruby
x86_64-linux
DEPENDENCIES DEPENDENCIES
docker-api docker-api
@ -55,4 +56,4 @@ DEPENDENCIES
serverspec serverspec
BUNDLED WITH BUNDLED WITH
1.17.2 2.2.6

7
debian/Dockerfile vendored
View File

@ -11,11 +11,6 @@ ARG PASSBOLT_DISTRO="buster"
ARG PASSBOLT_COMPONENT="stable" ARG PASSBOLT_COMPONENT="stable"
ARG PASSBOLT_PKG=passbolt-ce-server ARG PASSBOLT_PKG=passbolt-ce-server
ARG PASSBOLT_REPO_URL="https://download.passbolt.com/ce/debian"
ARG PASSBOLT_DISTRO="buster"
ARG PASSBOLT_COMPONENT="stable"
ARG PASSBOLT_PKG=passbolt-ce-server
RUN apt-get update \ RUN apt-get update \
&& DEBIAN_FRONTEND=non-interactive apt-get -y install \ && DEBIAN_FRONTEND=non-interactive apt-get -y install \
ca-certificates \ ca-certificates \
@ -27,6 +22,7 @@ RUN apt-get update \
nginx \ nginx \
$PASSBOLT_PKG \ $PASSBOLT_PKG \
supervisor \ supervisor \
curl \
&& rm /etc/nginx/sites-enabled/default \ && rm /etc/nginx/sites-enabled/default \
&& mkdir /run/php \ && mkdir /run/php \
&& cp /usr/share/passbolt/examples/nginx-passbolt-ssl.conf /etc/nginx/snippets/passbolt-ssl.conf \ && cp /usr/share/passbolt/examples/nginx-passbolt-ssl.conf /etc/nginx/snippets/passbolt-ssl.conf \
@ -36,6 +32,7 @@ RUN apt-get update \
&& sed -i 's,__CERT_PATH__,/etc/ssl/certs/certificate.crt;,' /etc/nginx/snippets/passbolt-ssl.conf \ && sed -i 's,__CERT_PATH__,/etc/ssl/certs/certificate.crt;,' /etc/nginx/snippets/passbolt-ssl.conf \
&& sed -i 's,__KEY_PATH__,/etc/ssl/certs/certificate.key;,' /etc/nginx/snippets/passbolt-ssl.conf \ && sed -i 's,__KEY_PATH__,/etc/ssl/certs/certificate.key;,' /etc/nginx/snippets/passbolt-ssl.conf \
&& sed -i 's,www-data.*$,www-data exec /bin/bash -c ". /etc/environment \&\& $PASSBOLT_BASE_DIR/bin/cron",' /etc/cron.d/$PASSBOLT_PKG \ && sed -i 's,www-data.*$,www-data exec /bin/bash -c ". /etc/environment \&\& $PASSBOLT_BASE_DIR/bin/cron",' /etc/cron.d/$PASSBOLT_PKG \
&& sed -i 's/# server_tokens/server_tokens/' /etc/nginx/nginx.conf \
&& ln -sf /dev/stdout /var/log/nginx/passbolt-access.log \ && ln -sf /dev/stdout /var/log/nginx/passbolt-access.log \
&& ln -sf /dev/stderr /var/log/nginx/passbolt-error.log \ && ln -sf /dev/stderr /var/log/nginx/passbolt-error.log \
&& ln -sf /dev/stderr /var/log/passbolt/error.log \ && ln -sf /dev/stderr /var/log/passbolt/error.log \

39
spec/docker_image/image_spec.rb
View File

@ -8,30 +8,29 @@ describe 'Dockerfile' do
'DATASOURCES_DEFAULT_PASSWORD' => 'P4ssb0lt', 'DATASOURCES_DEFAULT_PASSWORD' => 'P4ssb0lt',
'DATASOURCES_DEFAULT_USERNAME' => 'passbolt', 'DATASOURCES_DEFAULT_USERNAME' => 'passbolt',
'DATASOURCES_DEFAULT_DATABASE' => 'passbolt', 'DATASOURCES_DEFAULT_DATABASE' => 'passbolt',
'PASSBOLT_GPG_KEYRING' => '/var/lib/nginx/.gnupg' 'PASSBOLT_GPG_KEYRING' => '/var/lib/passbolt/.gnupg'
} }
@image = Docker::Image.build_from_dir(ROOT_DOCKERFILES) @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => 'debian/Dockerfile' })
set :docker_image, @image.id set :docker_image, @image.id
set :docker_container_create_options, { 'Cmd' => '/bin/sh' } set :docker_container_create_options, { 'Cmd' => '/bin/sh' }
end end
let(:nginx_conf) { '/etc/nginx/nginx.conf' } let(:nginx_conf) { '/etc/nginx/nginx.conf' }
let(:php_conf) { '/usr/local/etc/php-fpm.d/expose.conf' } let(:php_conf) { '/etc/php/7.3/fpm/php.ini' }
let(:site_conf) { '/etc/nginx/conf.d/default.conf' } let(:site_conf) { '/etc/nginx/sites-enabled/nginx-passbolt.conf' }
let(:supervisor_conf) do let(:supervisor_conf) do
[ '/etc/supervisor/conf.d/nginx.conf', [ '/etc/supervisor/conf.d/nginx.conf',
'/etc/supervisor/conf.d/php.conf', '/etc/supervisor/conf.d/php.conf',
'/etc/supervisor/conf.d/cron.conf' ] '/etc/supervisor/conf.d/cron.conf' ]
end end
let(:passbolt_home) { '/var/www/passbolt' } let(:passbolt_home) { '/usr/share/php/passbolt' }
let(:passbolt_tmp) { '/var/www/passbolt/tmp' } let(:passbolt_tmp) { '/var/lib/passbolt/tmp' }
let(:passbolt_image) { '/var/www/passbolt/webroot/img/public' } let(:passbolt_image) { "#{passbolt_home}/webroot/img/public" }
let(:passbolt_owner) { 'www-data' } let(:passbolt_owner) { 'www-data' }
let(:exposed_ports) { [ '80', '443' ] } let(:exposed_ports) { [ '80', '443' ] }
let(:composer) { '/usr/local/bin/composer'}
let(:php_extensions) { [ let(:php_extensions) { [
'curl', 'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'xsl', 'phar', 'gd', 'intl', 'json', 'mysqlnd', 'xsl', 'phar',
'posix', 'xml', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql' 'posix', 'xml', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql'
] } ] }
let(:wait_for) { '/usr/bin/wait-for.sh' } let(:wait_for) { '/usr/bin/wait-for.sh' }
@ -44,12 +43,6 @@ describe 'Dockerfile' do
end end
end end
describe 'php composer' do
it 'is not installed' do
expect(file(composer)).to_not exist
end
end
describe 'supervisor' do describe 'supervisor' do
it 'is installed' do it 'is installed' do
expect(package('supervisor')).to be_installed expect(package('supervisor')).to be_installed
@ -62,12 +55,6 @@ describe 'Dockerfile' do
end end
end end
describe 'mariadb-client' do
it 'is installed' do
expect(package('mariadb-client')).to be_installed
end
end
describe 'wait-for' do describe 'wait-for' do
it 'is installed' do it 'is installed' do
expect(file(wait_for)).to exist and be_executable expect(file(wait_for)).to exist and be_executable
@ -82,17 +69,17 @@ describe 'Dockerfile' do
end end
it 'must be owned by correct user' do it 'must be owned by correct user' do
expect(file(passbolt_home)).to be_owned_by(passbolt_owner) expect(file(passbolt_home)).to be_owned_by('root')
expect(file(passbolt_tmp)).to be_owned_by(passbolt_owner) expect(file(passbolt_tmp)).to be_owned_by(passbolt_owner)
expect(file(passbolt_image)).to be_owned_by(passbolt_owner) expect(file(passbolt_image)).to be_owned_by(passbolt_owner)
end end
it 'must have the correct permissions on tmp' do it 'must have the correct permissions on tmp' do
expect(file(passbolt_tmp)).to be_mode('775') expect(file(passbolt_tmp)).to be_mode('755')
end end
it 'must have the correct permissions on img' do it 'must have the correct permissions on img' do
expect(file(passbolt_image)).to be_mode('775') expect(file(passbolt_image)).to be_mode('755')
end end
end end
@ -102,7 +89,7 @@ describe 'Dockerfile' do
end end
it 'does not expose php version' do it 'does not expose php version' do
expect(file(php_conf).content).to match(/^php_flag\[expose_php\]\s+=\s+off$/) expect(file(php_conf).content).to match(/^expose_php\s+=\s+Off$/)
end end
end end
@ -126,7 +113,7 @@ describe 'Dockerfile' do
end end
it 'points to the correct root folder' do it 'points to the correct root folder' do
expect(file(site_conf).content).to match 'root /var/www/passbolt/webroot' expect(file(site_conf).content).to match "root #{passbolt_home}/webroot"
end end
it 'has server tokens off' do it 'has server tokens off' do

32
spec/docker_runtime/runtime_spec.rb
View File

@ -24,7 +24,7 @@ describe 'passbolt_api service' do
sleep 1 sleep 1
end end
@image = Docker::Image.build_from_dir(ROOT_DOCKERFILES) @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => 'debian/Dockerfile' })
@container = Docker::Container.create( @container = Docker::Container.create(
'Env' => [ 'Env' => [
"DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}", "DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}",
@ -54,10 +54,6 @@ describe 'passbolt_api service' do
it 'is running supervised' do it 'is running supervised' do
expect(service('php-fpm')).to be_running.under('supervisor') expect(service('php-fpm')).to be_running.under('supervisor')
end end
it 'has its port open' do
expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp')
end
end end
describe 'email cron' do describe 'email cron' do
@ -86,28 +82,8 @@ describe 'passbolt_api service' do
end end
end end
describe 'passbolt serverkey unaccessible' do describe 'can not access outside webroot' do
let(:uri) { '/config/gpg/serverkey.asc' } let(:uri) { '/vendor/autoload.php' }
it "returns 404" do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt serverkey private unaccessible' do
let(:uri) { '/config/gpg/serverkey_private.asc' }
it 'returns 404' do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt conf unaccessible' do
let(:uri) { '/config/app.php' }
it 'returns 404' do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt tmp folder is unaccessible' do
let(:uri) { '/tmp/cache/database/empty' }
it 'returns 404' do it 'returns 404' do
expect(command(curl).stdout).to eq '404' expect(command(curl).stdout).to eq '404'
end end
@ -120,7 +96,7 @@ describe 'passbolt_api service' do
end end
it 'hides nginx version' do it 'hides nginx version' do
expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/) expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx$/)
end end
end end

34
spec/docker_runtime_no_envs/runtime_no_envs_spec.rb
View File

@ -24,13 +24,13 @@ describe 'passbolt_api service' do
sleep 1 sleep 1
end end
@image = Docker::Image.build_from_dir(ROOT_DOCKERFILES) @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => 'debian/Dockerfile' })
@container = Docker::Container.create( @container = Docker::Container.create(
'Env' => [ 'Env' => [
"DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}", "DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}",
], ],
'Binds' => [ "#{FIXTURES_PATH + '/passbolt.php'}:/var/www/passbolt/config/passbolt.php" ], 'Binds' => [ "#{FIXTURES_PATH + '/passbolt.php'}:/etc/passbolt/passbolt.php" ],
'Image' => @image.id) 'Image' => @image.id)
@container.start @container.start
@ -53,10 +53,6 @@ describe 'passbolt_api service' do
it 'is running supervised' do it 'is running supervised' do
expect(service('php-fpm')).to be_running.under('supervisor') expect(service('php-fpm')).to be_running.under('supervisor')
end end
it 'has its port open' do
expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp')
end
end end
describe 'email cron' do describe 'email cron' do
@ -85,28 +81,8 @@ describe 'passbolt_api service' do
end end
end end
describe 'passbolt serverkey unaccessible' do describe 'can not access outside webroot' do
let(:uri) { '/config/gpg/serverkey.asc' } let(:uri) { '/vendor/autoload.php' }
it "returns 404" do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt serverkey private unaccessible' do
let(:uri) { '/config/gpg/serverkey_private.asc' }
it 'returns 404' do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt conf unaccessible' do
let(:uri) { '/config/app.php' }
it 'returns 404' do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt tmp folder is unaccessible' do
let(:uri) { '/tmp/cache/database/empty' }
it 'returns 404' do it 'returns 404' do
expect(command(curl).stdout).to eq '404' expect(command(curl).stdout).to eq '404'
end end
@ -119,7 +95,7 @@ describe 'passbolt_api service' do
end end
it 'hides nginx version' do it 'hides nginx version' do
expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/) expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx$/)
end end
end end