1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
17 "git.arvados.org/arvados.git/lib/dispatchcloud/test"
18 "golang.org/x/crypto/ssh"
19 check "gopkg.in/check.v1"
22 // Gocheck boilerplate
23 func Test(t *testing.T) {
27 var _ = check.Suite(&ExecutorSuite{})
29 type testTarget struct {
33 func (*testTarget) VerifyHostKey(ssh.PublicKey, *ssh.Client) error {
37 // Address returns the wrapped SSHService's host, with the port
38 // stripped. This ensures the executor won't work until
39 // SetTargetPort() is called -- see (*testTarget)Port().
40 func (tt *testTarget) Address() string {
41 h, _, err := net.SplitHostPort(tt.SSHService.Address())
48 func (tt *testTarget) Port() string {
49 _, p, err := net.SplitHostPort(tt.SSHService.Address())
56 type mitmTarget struct {
60 func (*mitmTarget) VerifyHostKey(key ssh.PublicKey, client *ssh.Client) error {
61 return fmt.Errorf("host key failed verification: %#v", key)
64 type ExecutorSuite struct{}
66 func (s *ExecutorSuite) TestBadHostKey(c *check.C) {
67 _, hostpriv := test.LoadTestKey(c, "../test/sshkey_vm")
68 clientpub, clientpriv := test.LoadTestKey(c, "../test/sshkey_dispatch")
69 target := &mitmTarget{
70 SSHService: test.SSHService{
71 Exec: func(map[string]string, string, io.Reader, io.Writer, io.Writer) uint32 {
72 c.Error("Target Exec func called even though host key verification failed")
76 AuthorizedUser: "username",
77 AuthorizedKeys: []ssh.PublicKey{clientpub},
82 c.Check(err, check.IsNil)
83 c.Logf("target address %q", target.Address())
87 exr.SetSigners(clientpriv)
89 _, _, err = exr.Execute(nil, "true", nil)
90 c.Check(err, check.ErrorMatches, "host key failed verification: .*")
93 func (s *ExecutorSuite) TestExecute(c *check.C) {
94 command := `foo 'bar' "baz"`
95 stdinData := "foobar\nbaz\n"
96 _, hostpriv := test.LoadTestKey(c, "../test/sshkey_vm")
97 clientpub, clientpriv := test.LoadTestKey(c, "../test/sshkey_dispatch")
98 for _, exitcode := range []int{0, 1, 2} {
99 target := &testTarget{
100 SSHService: test.SSHService{
101 Exec: func(env map[string]string, cmd string, stdin io.Reader, stdout, stderr io.Writer) uint32 {
102 c.Check(env["TESTVAR"], check.Equals, "test value")
103 c.Check(cmd, check.Equals, command)
104 var wg sync.WaitGroup
107 io.WriteString(stdout, "stdout\n")
111 io.WriteString(stderr, "stderr\n")
114 buf, err := ioutil.ReadAll(stdin)
116 c.Check(err, check.IsNil)
120 _, err = stdout.Write(buf)
121 c.Check(err, check.IsNil)
122 return uint32(exitcode)
125 AuthorizedUser: "username",
126 AuthorizedKeys: []ssh.PublicKey{clientpub},
129 err := target.Start()
130 c.Check(err, check.IsNil)
131 c.Logf("target address %q", target.Address())
135 exr.SetSigners(clientpriv)
137 // Use the default target port (ssh). Execute will
138 // return a connection error or an authentication
139 // error, depending on whether the test host is
140 // running an SSH server.
141 _, _, err = exr.Execute(nil, command, nil)
142 c.Check(err, check.ErrorMatches, `.*(unable to authenticate|connection refused).*`)
144 // Use a bogus target port. Execute will return a
146 exr.SetTargetPort("0")
147 _, _, err = exr.Execute(nil, command, nil)
148 c.Check(err, check.ErrorMatches, `.*connection refused.*`)
150 // Use the test server's listening port.
151 exr.SetTargetPort(target.Port())
153 done := make(chan bool)
155 stdout, stderr, err := exr.Execute(map[string]string{"TESTVAR": "test value"}, command, bytes.NewBufferString(stdinData))
157 c.Check(err, check.IsNil)
159 c.Check(err, check.NotNil)
160 err, ok := err.(*ssh.ExitError)
161 c.Assert(ok, check.Equals, true)
162 c.Check(err.ExitStatus(), check.Equals, exitcode)
164 c.Check(stdout, check.DeepEquals, []byte("stdout\n"+stdinData))
165 c.Check(stderr, check.DeepEquals, []byte("stderr\n"))
169 timeout := time.NewTimer(time.Second)
projects / arvados.git / blob