Главная Обзор Помощь
Вход
SMusatov
/
netdata
зеркало из https://github.com/netdata/netdata.git
1
0
Ответвить 0
Файлы Вики
Ветка: master
Ветки Метки
netdata
/
tests
/
acls
/
acl.sh.in

acl.sh.in 4.8 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. #!/bin/bash -x
    2. 

  2. # SPDX-License-Identifier: GPL-3.0-or-later
    3. 

  3. 

  4. BASICURL="http://127.0.0.1"
    5. 

  5. BASICURLS="https://127.0.0.1"
    6. 

  6. 

  7. NETDATA_VARLIB_DIR="/var/lib/netdata"
    8. 

  8. RED='\033[0;31m'
    9. 

  9. GREEN='\033[0;32m'
    10. 

  10. YELLOW='\033[0;43m'
    11. 

  11. NOCOLOR='\033[0m'
    12. 

  12. 

  13. #change the previous acl file and with a new 
    14. 

  14. #and store it on a new file
    15. 

  15. change_file(){
    16. 

  16.     sed "s/$1/$2/g" netdata.cfg > "$4"
    17. 

  17. }
    18. 

  18. 

  19. NETDATAPID=""
    20. 

  20. 

  21. change_ssl_file(){
    22. 

  22.     KEYROW="ssl key = $3/key.pem"
    23. 

  23.     CERTROW="ssl certificate = $3/cert.pem"
    24. 

  24.     sed "s@ssl key =@$KEYROW@g" netdata.ssl.cfg > tmp
    25. 

  25.     sed "s@ssl certificate =@$CERTROW@g" tmp > tmp2
    26. 

  26.     sed "s/$1/$2/g" tmp2 > "$4"
    27. 

  27. }
    28. 

  28. 

  29. run_acl_tests() {
    30. 

  30.     #Give a time for netdata start properly
    31. 

  31.     sleep 2
    32. 

  32. 

  33.     curl -v -k --tls-max 1.2 --create-dirs -o index.html "$2" 2> log_index.txt
    34. 

  34.     curl -v -k --tls-max 1.2 --create-dirs -o netdata.txt "$2/netdata.conf" 2> log_nc.txt
    35. 

  35.     curl -v -k --tls-max 1.2 --create-dirs -o badge.csv "$2/api/v1/badge.svg?chart=cpu.cpu0_interrupts" 2> log_badge.txt
    36. 

  36.     curl -v -k --tls-max 1.2 --create-dirs -o info.txt "$2/api/v1/info" 2> log_info.txt
    37. 

  37.     curl -H "X-Auth-Token: $1" -v -k --tls-max 1.2 --create-dirs -o health.csv "$2/api/v1/manage/health?cmd=LIST" 2> log_health.txt
    38. 

  38. 

  39.     TOT=$(grep -c "HTTP/1.1 301" log_*.txt | cut -d: -f2| grep -c 1)
    40. 

  40.     if [ "$TOT" -ne "$4" ]; then
    41. 

  41.         echo -e "${RED}I got a wrong number of redirects($TOT) when SSL is activated, It was expected $4 ${NOCOLOR}"
    42. 

  42.         rm log_* netdata.conf.test* netdata.txt health.csv index.html badge.csv tmp* key.pem cert.pem info.txt
    43. 

  43.         kill $NETDATAPID
    44. 

  44.         exit 1
    45. 

  45.     elif [ "$TOT" -eq "$4" ] && [ "$4" -ne "0" ]; then
    46. 

  46.         echo -e "${YELLOW}I got the correct number of redirects($4) when SSL is activated and I try to access with HTTP. ${NOCOLOR}"
    47. 

  47.         return
    48. 

  48.     fi
    49. 

  49. 

  50.     TOT=$(grep -c "HTTP/1.1 200 OK" log_* | cut -d: -f2| grep -c 1)
    51. 

  51.     if [ "$TOT" -ne "$3" ]; then
    52. 

  52.         echo -e "${RED}I got a wrong number of \"200 OK\" from the queries, it was expected $3. ${NOCOLOR}"
    53. 

  53.         kill $NETDATAPID
    54. 

  54.         rm log_* netdata.conf.test* netdata.txt health.csv index.html badge.csv tmp* key.pem cert.pem info.txt
    55. 

  55.         exit 1
    56. 

  56.     fi
    57. 

  57. 

  58.     echo -e "${GREEN}ACLs were applied correctly ${NOCOLOR}"
    59. 

  59. }
    60. 

  60. 

  61. CONF=$(grep "bind" netdata.cfg)
    62. 

  62. MUSER=$(grep run netdata.cfg | cut -d= -f2|sed 's/^[ \t]*//')
    63. 

  63. 

  64. openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -sha512 -subj "/C=US/ST=Denied/L=Somewhere/O=Dis/CN=www.example.com" -keyout key.pem  -out cert.pem
    65. 

  65. chown "$MUSER" key.pem cert.pem
    66. 

  66. CWD=$(pwd)
    67. 

  67. 

  68. if [ -f "${NETDATA_VARLIB_DIR}/netdata.api.key" ] ;then
    69. 

  69.     read -r TOKEN < "${NETDATA_VARLIB_DIR}/netdata.api.key"
    70. 

  70. else
    71. 

  71.     TOKEN="NULL"
    72. 

  72. fi
    73. 

  73. 

  74. change_file "$CONF" "    bind to = *" "$CWD" "netdata.conf.test0"
    75. 

  75. netdata -c "netdata.conf.test0" -D &
    76. 

  76. NETDATAPID=$!
    77. 

  77. run_acl_tests $TOKEN "$BASICURL:19999" 5 0
    78. 

  78. kill $NETDATAPID
    79. 

  79. 

  80. change_ssl_file "$CONF" "    bind to = *=dashboard|registry|badges|management|netdata.conf *:20000=dashboard|registry|badges|management *:20001=dashboard|registry|netdata.conf^SSL=optional *:20002=dashboard|registry" "$CWD" "netdata.conf.test1"
    81. 

  81. netdata -c "netdata.conf.test1" -D &
    82. 

  82. NETDATAPID=$!
    83. 

  83. run_acl_tests $TOKEN "$BASICURL:19999" 5 5
    84. 

  84. run_acl_tests $TOKEN "$BASICURLS:19999" 5 0
    85. 

  85. 

  86. run_acl_tests $TOKEN "$BASICURL:20000" 4 5
    87. 

  87. run_acl_tests $TOKEN "$BASICURLS:20000" 4 0
    88. 

  88. 

  89. run_acl_tests $TOKEN "$BASICURL:20001" 4 0
    90. 

  90. run_acl_tests $TOKEN "$BASICURLS:20001" 4 0
    91. 

  91. 

  92. run_acl_tests $TOKEN "$BASICURL:20002" 3 5 
    93. 

  93. run_acl_tests $TOKEN "$BASICURLS:20002" 3 0 
    94. 

  94. kill $NETDATAPID
    95. 

  95. 

  96. change_ssl_file "$CONF" "    bind to = *=dashboard|registry|badges|management|netdata.conf *:20000=dashboard|registry|badges|management *:20001=dashboard|registry|netdata.conf^SSL=force *:20002=dashboard|registry" "$CWD" "netdata.conf.test2"
    97. 

  97. netdata -c "netdata.conf.test2" -D &
    98. 

  98. NETDATAPID=$!
    99. 

  99. run_acl_tests $TOKEN "$BASICURL:19999" 5 5
    100. 

  100. run_acl_tests $TOKEN "$BASICURLS:19999" 5 0
    101. 

  101. 

  102. run_acl_tests $TOKEN "$BASICURL:20000" 4 5
    103. 

  103. run_acl_tests $TOKEN "$BASICURLS:20000" 4 0
    104. 

  104. 

  105. run_acl_tests $TOKEN "$BASICURL:20001" 4 5
    106. 

  106. run_acl_tests $TOKEN "$BASICURLS:20001" 4 0
    107. 

  107. 

  108. run_acl_tests $TOKEN "$BASICURL:20002" 3 5 
    109. 

  109. run_acl_tests $TOKEN "$BASICURLS:20002" 3 0 
    110. 

  110. kill $NETDATAPID
    111. 

  111. 

  112. change_ssl_file "$CONF" "    bind to = *=dashboard|registry|badges|management|netdata.conf *:20000=dashboard|registry|badges|management^SSL=optional *:20001=dashboard|registry|netdata.conf^SSL=force" "$CWD" "netdata.conf.test3"
    113. 

  113. netdata -c "netdata.conf.test3" -D &
    114. 

  114. NETDATAPID=$!
    115. 

  115. run_acl_tests $TOKEN "$BASICURL:19999" 5 5
    116. 

  116. run_acl_tests $TOKEN "$BASICURLS:19999" 5 0
    117. 

  117. 

  118. run_acl_tests $TOKEN "$BASICURL:20000" 4 0
    119. 

  119. run_acl_tests $TOKEN "$BASICURLS:20000" 4 0
    120. 

  120. 

  121. run_acl_tests $TOKEN "$BASICURL:20001" 4 5
    122. 

  122. run_acl_tests $TOKEN "$BASICURLS:20001" 4 0
    123. 

  123. kill $NETDATAPID
    124. 

  124. 

  125. rm log_* netdata.conf.test* netdata.txt health.csv index.html badge.csv tmp* key.pem cert.pem info.txt
    126. 

  126. echo "All the tests were successful ${NOCOLOR}"
    127.