precondition checks for ssl key and cert

Author: angelo-v

Makefile

@@ -25,4 +25,4 @@ stop: ## stop the solid-server docker container
 attach: ## execute a shell in the running solid-server docker container
 	docker exec -it solid-server sh
 
-.PHONY: test build inspect run attach
+.PHONY: test build inspect run attach

src/checks.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+echo "checking preconditions..."
+
 checks_failed=0
 
 check_failed()
@@ -14,7 +16,6 @@ check_if_writable()
   dir=$1
   if [ -d "${dir}" ]; then
     if [ -w "${dir}" ]; then
-      ls -lah ${dir};
       echo "✓ ${dir} is accessible by $(whoami)"
     else
       echo "✗ ${dir} not writable by $(whoami)"
@@ -23,11 +24,35 @@ check_if_writable()
   fi
 }
 
+check_if_file_readable()
+{
+  # checks if the given dir is writable, if it exists
+  # it's ok if the dir does not exist at all, because it will be created
+  # during solid server startup then and have the correct permissions
+  file=$1
+  if [ -e "${file}" ]; then
+    if [ -r "${file}" ]; then
+      echo "✓ ${file} is accessible by $(whoami)"
+    else
+      echo "✗ ${file} not readable by $(whoami)"
+      check_failed
+    fi
+  else
+    echo "✗ ${file} does not exist"
+    check_failed
+  fi
+}
+
 check_if_writable "${SOLID_HOME}/config"
 check_if_writable "${SOLID_HOME}/data"
 check_if_writable "${SOLID_HOME}/.db"
+check_if_file_readable "${SOLID_SSL_KEY}"
+check_if_file_readable "${SOLID_SSL_CERT}"
 
 if [ "$checks_failed" -gt 0 ]; then
   echo "Finished: ERROR"
   exit 1
+else
+  echo "Finished: SUCCESS"
+  exit 0;
 fi

src/create-temporary-cert.sh

@@ -12,6 +12,3 @@ openssl req -nodes -x509 -days 3 -newkey rsa:2048 \
 	-keyout ./$NAME.key \
 	-out ./$NAME.crt \
 	-subj "/O=$NAME/OU=$NAME/CN=$NAME"
-
-echo "Finished: SUCCESS"
-exit 0;

src/entrypoint.sh

@@ -2,8 +2,7 @@
 
 set -e
 
-./checks.sh
-
 ./create-temporary-cert.sh ${TEMPORARY_CERT_NAME}
+./checks.sh
 
 solid "$@"

test/test_non_accessible_key_cert.py

@@ -0,0 +1,36 @@
+# coding=utf-8
+import docker
+import pytest
+import time
+
+import os
+
+testinfra_hosts = ['docker://test_container']
+
+
+@pytest.fixture(scope="module", autouse=True)
+def container(client, image):
+  container = client.containers.run(
+      image.id,
+      name="test_container",
+      environment=[
+        # just using to files that exist but are not readable by node
+        "SOLID_SSL_KEY=/root",
+        "SOLID_SSL_CERT=/etc/shadow"
+      ],
+      detach=True,
+      tty=True
+  )
+  # give the solid process some seconds to create the directory structure before making assertions
+  time.sleep(2)
+  yield container
+  container.remove(force=True)
+
+
+def test_container_fails_with_errors(container):
+  assert container.status == "created"
+  logs = container.logs()
+  assert "✗ /root not readable by node" in logs
+  assert "✗ /etc/shadow not readable by node" in logs
+  assert "Finished: ERROR" in logs
+  assert not "Finished: SUCCESS" in logs

test/test_precondition_checks.py

@@ -17,8 +17,8 @@ def container(client, image):
         'missing_config': {'bind': '/opt/solid/config'}
       },
       environment=[
-        "SOLID_SERVER_KEY=/missing/key",
-        "SOLID_SERVER_CERT=/missing/cert"
+        "SOLID_SSL_KEY=/missing/key",
+        "SOLID_SSL_CERT=/missing/cert"
       ],
       detach=True,
       tty=True
@@ -35,5 +35,7 @@ def test_container_fails_with_errors(container):
   assert "✗ /opt/solid/config not writable by node" in logs
   assert "✗ /opt/solid/data not writable by node" in logs
   assert "✗ /opt/solid/.db not writable by node" in logs
+  assert "✗ /missing/key does not exist" in logs
+  assert "✗ /missing/cert does not exist" in logs
   assert "Finished: ERROR" in logs
   assert not "Finished: SUCCESS" in logs