X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f8daac938f766732ade005aaf8ac239dce1f697f..95e5ccacf6c1193b313fa90a6d39baafa2ba67d8:/sdk/pam/Dockerfile

diff --git a/sdk/pam/Dockerfile b/sdk/pam/Dockerfile
index c5e83f8462..ff450d818e 100644
--- a/sdk/pam/Dockerfile
+++ b/sdk/pam/Dockerfile
@@ -1,10 +1,27 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# These tests assume you have a real API server running on the docker host.
+#
+# Build the test container:
+#   First, replace 3000 below with your api server's port number if necessary.
+#   host$ python setup.py sdist rotate --keep=1 --match .tar.gz
+#   host$ docker build --tag=arvados/pam_test .
+#
+# Automated integration test:
+#   host$ docker run -it --add-host zzzzz.arvadosapi.com:"$(hostname -I |awk '{print $1}')" arvados/pam_test
+# You should see "=== OK ===", followed by a Perl stack trace due to a
+# yet-unidentified pam_python.so bug.
+#
 # Manual integration test:
-# 0. python setup.py sdist rotate --keep=1 --match .tar.gz
-# 1. docker build -name arvados:pam_test .
-# 2. docker run -it arvados:pam_test
-# 3. container# edit /etc/pam.d/login  # set api host and shell VM name
-# 4. container# useradd testusername
-# 5. container# login                  # enter username and token
+#   host$ docker run -it --add-host zzzzz.arvadosapi.com:"$(hostname -I |awk '{print $1}')" arvados/pam_test bash -c 'rsyslogd & tail -F /var/log/auth.log & sleep 1 & bash'
+#   container# login
+#   login: active
+#   Arvados API token: 3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi
+# You should now be logged in to the "active" shell account in the
+# container. You should also see arvados_pam log entries in
+# /var/log/auth.log (and in your terminal, thanks to "tail -F").
 
 FROM debian:wheezy
 RUN apt-get update
@@ -12,9 +29,28 @@ RUN apt-get -qy dist-upgrade
 RUN apt-get -qy install python python-virtualenv libpam-python rsyslog
 # Packages required by pycurl, ciso8601
 RUN apt-get -qy install libcurl4-gnutls-dev python2.7-dev
+
+# for jessie (which also has other snags)
+# RUN apt-get -qy install python-pip libgnutls28-dev
+
 RUN pip install --upgrade setuptools
 RUN pip install python-pam
 ADD dist /dist
 RUN pip install /dist/arvados-pam-*.tar.gz
+
+# Configure and enable the module (hopefully vendor packages will offer a neater way)
+RUN perl -pi -e 's{api.example}{zzzzz.arvadosapi.com:3000}; s{shell\.example}{testvm2.shell insecure};' /usr/share/pam-configs/arvados
 RUN DEBIAN_FRONTEND=noninteractive pam-auth-update arvados --remove unix
-CMD rsyslogd & tail -F /var/log/auth.log & bash
+
+# Add a user account matching the fixture
+RUN useradd -ms /bin/bash active
+
+# Test with python (SIGSEGV during tests)
+#ADD . /pam
+#WORKDIR /pam
+#CMD rsyslogd & tail -F /var/log/auth.log & python setup.py test --test-suite integration_tests
+
+# Test with perl (SIGSEGV when program exits)
+RUN apt-get install -qy libauthen-pam-perl
+ADD tests/integration_test.pl /integration_test.pl
+CMD rsyslogd & tail -F /var/log/auth.log & sleep 1 && /integration_test.pl