archive/netdata_netdata
0
0
Fork 0
mirror of https://github.com/netdata/netdata.git synced 2025-04-07 06:45:39 +00:00
Code Issues Projects Releases Wiki Activity
netdata_netdata/tests/acls/acl.sh.in
thiagoftsm 2f7962c9e1 Fix parsing SSL ACL along with others () 
* sslstream: ACL parser

It was noticed in the issue 6457 that the some ACLs were not parsing
correctly when they were along SSL acl, this commit fixes this'

* sslstream: remove comments

This commit removes the comments that were present while I was testing the code

* sslstream: Tests

This commit adds ACL tests to check the Netdata response to them

* sslstream: Tests

Fix the extension to upload the files

* sslstream: more tests

In this commit I am bringing more tests, including the ssl tests'

* sslstream: leading space

Remove leading space from variable that was creating problem with shellcheck

* sslstream: glob

Remove special character from script

* sslstream: Makefile

The Makefile diretives were pointed to wrong files

* sslstream: Missing stream encrypt

This commit solves the problem of the stream not be encrypted, but
it is not the final solution, because the parser made is incomplete.

* sslstream: Finish encrypt channel

This commit brings the step that I was missing, the complete encryptation
in the communication between Master and Slave

* sslstream: Fix argument in script

After the latest tests, it was verified that two arguments given to a function
inside the script were not correct, with this PR I am fixing this!

* sslstream: Fix argument in info

Instead to call a function to deliver an integer I was passing a size_t value.
Only cmake showed this, but not in my clion! :/

* sslstream: Fix redirect

When we were having different SSL configuration, the system were not applying
the option for all

* sslstream: Update documentation

Our documentation was not clear about the rules according our code
so I am updating the text to explain for the users

* sslstream: Adjust script

With this last commit, I am adjusting the tests to avoid false positive

* sslstream: Missing elif

The previous commit had a missing elif in the shell script

* sslstream: Split ports

Before this commit Netdata was having SSL as a global option, now it has as a real ACL.

* sslstream: reduce context

The stream variable will not be affected in the master side, it is only necessary
on the slave side, so I am reducing the context of it

* sslstream: Force SSL

When the user has certificate and he does not set any SSL flag, it is necessary
to append the SSL=force flag

* sslstream: Default flag

It is necessary to have a default flag when the SSL flags are not SET

* sslstream: remove comments

Remove comments from the scrip

* sslstream: moving flag

It is better the flag to be set inside socket instead everytime there is a new connection

* sslstream: documentation

Fix a sentence in the web/server/README.md
2019-07-25 18:43:04 +02:00

119 lines
4.6 KiB
Bash
Raw Blame History

#!/bin/bash -x
# SPDX-License-Identifier: GPL-3.0-or-later
BASICURL="http://127.0.0.1"
BASICURLS="https://127.0.0.1"
NETDATA_VARLIB_DIR="/var/lib/netdata"
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;43m'
#change the previous acl file and with a new
#and store it on a new file
change_file(){
sed "s/$1/$2/g" netdata.cfg > "$4"
}
change_ssl_file(){
KEYROW="ssl key = $3/key.pem"
CERTROW="ssl certificate = $3/cert.pem"
sed "s@ssl key =@$KEYROW@g" netdata.ssl.cfg > tmp
sed "s@ssl certificate =@$CERTROW@g" tmp > tmp2
sed "s/$1/$2/g" tmp2 > "$4"
}
run_acl_tests() {
#Give a time for netdata start properly
sleep 2
curl -v -k --tls-max 1.2 --create-dirs -o index.html "$2" 2> log_index.txt
curl -v -k --tls-max 1.2 --create-dirs -o netdata.txt "$2/netdata.conf" 2> log_nc.txt
curl -v -k --tls-max 1.2 --create-dirs -o badge.csv "$2/api/v1/badge.svg?chart=cpu.cpu0_interrupts" 2> log_badge.txt
curl -v -k --tls-max 1.2 --create-dirs -o info.txt "$2/api/v1/info" 2> log_info.txt
curl -H "X-Auth-Token: $1" -v -k --tls-max 1.2 --create-dirs -o health.csv "$2/api/v1/manage/health?cmd=LIST" 2> log_health.txt
TOT=$(grep -c "HTTP/1.1 301" log_*.txt | cut -d: -f2| grep -c 1)
if [ "$TOT" -ne "$4" ]; then
echo -e "${RED}I got a wrong number of redirects($TOT) when SSL is activated, It was expected $4"
rm log_* netdata.conf.test* netdata.txt health.csv index.html badge.csv tmp* key.pem cert.pem info.txt
killall netdata
exit 1
elif [ "$TOT" -eq "$4" ] && [ "$4" -ne "0" ]; then
echo -e "${YELLOW}I got the correct number of redirects($4) when SSL is activated and I try to access with HTTP."
return
fi
TOT=$(grep -c "HTTP/1.1 200 OK" log_* | cut -d: -f2| grep -c 1)
if [ "$TOT" -ne "$3" ]; then
echo -e "${RED}I got a wrong number of \"200 OK\" from the queries, it was expected $3."
killall netdata
rm log_* netdata.conf.test* netdata.txt health.csv index.html badge.csv tmp* key.pem cert.pem info.txt
exit 1
fi
echo -e "${GREEN}ACLs were applied correctly"
}
CONF=$(grep "bind" netdata.cfg)
MUSER=$(grep run netdata.cfg | cut -d= -f2|sed 's/^[ \t]*//')
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -sha512 -subj "/C=US/ST=Denied/L=Somewhere/O=Dis/CN=www.example.com" -keyout key.pem -out cert.pem
chown "$MUSER" key.pem cert.pem
CWD=$(pwd)
if [ -f "${NETDATA_VARLIB_DIR}/netdata.api.key" ] ;then
read -r TOKEN < "${NETDATA_VARLIB_DIR}/netdata.api.key"
else
TOKEN="NULL"
fi
change_file "$CONF" " bind to = *" "$CWD" "netdata.conf.test0"
netdata -c "netdata.conf.test0"
run_acl_tests $TOKEN "$BASICURL:19999" 5 0
killall netdata
change_ssl_file "$CONF" " bind to = *=dashboard|registry|badges|management|netdata.conf *:20000=dashboard|registry|badges|management *:20001=dashboard|registry|netdata.conf^SSL=optional *:20002=dashboard|registry" "$CWD" "netdata.conf.test1"
netdata -c "netdata.conf.test1"
run_acl_tests $TOKEN "$BASICURL:19999" 5 5
run_acl_tests $TOKEN "$BASICURLS:19999" 5 0
run_acl_tests $TOKEN "$BASICURL:20000" 4 5
run_acl_tests $TOKEN "$BASICURLS:20000" 4 0
run_acl_tests $TOKEN "$BASICURL:20001" 4 0
run_acl_tests $TOKEN "$BASICURLS:20001" 4 0
run_acl_tests $TOKEN "$BASICURL:20002" 3 5
run_acl_tests $TOKEN "$BASICURLS:20002" 3 0
killall netdata
change_ssl_file "$CONF" " bind to = *=dashboard|registry|badges|management|netdata.conf *:20000=dashboard|registry|badges|management *:20001=dashboard|registry|netdata.conf^SSL=force *:20002=dashboard|registry" "$CWD" "netdata.conf.test2"
netdata -c "netdata.conf.test2"
run_acl_tests $TOKEN "$BASICURL:19999" 5 5
run_acl_tests $TOKEN "$BASICURLS:19999" 5 0
run_acl_tests $TOKEN "$BASICURL:20000" 4 5
run_acl_tests $TOKEN "$BASICURLS:20000" 4 0
run_acl_tests $TOKEN "$BASICURL:20001" 4 5
run_acl_tests $TOKEN "$BASICURLS:20001" 4 0
run_acl_tests $TOKEN "$BASICURL:20002" 3 5
run_acl_tests $TOKEN "$BASICURLS:20002" 3 0
killall netdata
change_ssl_file "$CONF" " bind to = *=dashboard|registry|badges|management|netdata.conf *:20000=dashboard|registry|badges|management^SSL=optional *:20001=dashboard|registry|netdata.conf^SSL=force" "$CWD" "netdata.conf.test3"
netdata -c "netdata.conf.test3"
run_acl_tests $TOKEN "$BASICURL:19999" 5 5
run_acl_tests $TOKEN "$BASICURLS:19999" 5 0
run_acl_tests $TOKEN "$BASICURL:20000" 4 0
run_acl_tests $TOKEN "$BASICURLS:20000" 4 0
run_acl_tests $TOKEN "$BASICURL:20001" 4 5
run_acl_tests $TOKEN "$BASICURLS:20001" 4 0
killall netdata
rm log_* netdata.conf.test* netdata.txt health.csv index.html badge.csv tmp* key.pem cert.pem info.txt
echo "All the tests were successful"
Reference in a new issue View git blame Copy permalink