github.com/containers/podman/v4@v4.9.4/contrib/cirrus/lib.sh.t (about) 1 #!/bin/bash 2 # 3 # tests for lib.sh 4 # 5 6 # To ensure consistent sorting 7 export LC_ALL=C 8 9 ############################################################################### 10 # BEGIN code to define a clean safe environment 11 12 # Envariables which we should keep; anything else, we toss. 13 declare -a keep_env_list=(IFS HOME PATH SECRET_ENV_RE 14 PASSTHROUGH_ENV_EXACT 15 PASSTHROUGH_ENV_ATSTART 16 PASSTHROUGH_ENV_ANYWHERE 17 PASSTHROUGH_ENV_RE 18 TMPDIR tmpdir keep_env rc_file testnum_file) 19 declare -A keep_env 20 for i in "${keep_env_list[@]}"; do 21 keep_env[$i]=1 22 done 23 24 # END code to define a clean safe environment 25 ############################################################################### 26 # BEGIN test scaffolding 27 28 tmpdir=$(mktemp --tmpdir --directory lib-sh-tests.XXXXXXX) 29 # shellcheck disable=SC2154 30 trap 'status=$?; rm -rf $tmpdir;exit $status' 0 31 32 # Needed by lib.sh, but we don't actually need anything in it 33 touch "$tmpdir"/common_lib.sh 34 35 # Iterator and return code. Because some tests run in subshells (to avoid 36 # namespace pollution), variables aren't preserved. Use files to track them. 37 testnum_file=$tmpdir/testnum 38 rc_file=$tmpdir/rc 39 40 echo 0 >"$testnum_file" 41 echo 0 >"$rc_file" 42 43 # Helper function: runs passthrough_envars(), compares against expectations 44 function check_passthrough { 45 testnum=$(< "$testnum_file") 46 testnum=$((testnum + 1)) 47 echo $testnum > "$testnum_file" 48 49 # shellcheck disable=SC2046,SC2005,SC2116 50 actual="$(echo $(passthrough_envars))" 51 52 if [[ "$actual" = "$1" ]]; then 53 # Multi-level echo flattens newlines, makes success messages readable 54 # shellcheck disable=SC2046,SC2005,SC2116 55 echo $(echo "ok $testnum $2") 56 else 57 echo "not ok $testnum $2" 58 echo "# expected: $1" 59 echo "# actual: $actual" 60 echo 1 >| "$rc_file" 61 fi 62 } 63 64 # END test scaffolding 65 ############################################################################### 66 67 # vars and a function needed by lib.sh 68 # shellcheck disable=SC2034 69 { 70 AUTOMATION_LIB_PATH=$tmpdir 71 CIRRUS_BASE_SHA=x 72 CIRRUS_TAG=x 73 function warn() { 74 : 75 } 76 # shellcheck disable=all 77 source $(dirname "$0")/lib.sh 78 } 79 80 # Our environment is now super-polluted. Clean it up, preserving critical env. 81 while read -r v;do 82 if [[ -z "${keep_env[$v]}" ]]; then 83 unset "$v" 2>/dev/null 84 fi 85 done < <(compgen -A variable) 86 87 # begin actual tests 88 89 check_passthrough "" "with empty environment" 90 91 # 92 # Now set all sorts of secrets, which should be excluded 93 # 94 # shellcheck disable=SC2034 95 { 96 ACCOUNT_ABC=1 97 ABC_ACCOUNT=1 98 ABC_ACCOUNT_DEF=1 99 GCEFOO=1 100 GCPBAR=1 101 SSH123=1 102 NOTSSH=1 103 SSH=1 104 PASSWORD=1 105 MYSECRET=1 106 SECRET2=1 107 TOKEN=1 108 check_passthrough "" "secrets are filtered" 109 } 110 111 # These are passed through only when they match EXACTLY. 112 readarray -d '|' -t pt_exact <<<"$PASSTHROUGH_ENV_EXACT" 113 # shellcheck disable=SC2048 114 for s in ${pt_exact[*]}; do 115 # Run inside a subshell, to avoid cluttering environment 116 ( 117 eval "${s}=1" # This is the only one that should be passed 118 eval "a${s}=1" 119 eval "${s}z=1" 120 eval "YYY_${s}_YYY=1" 121 eval "ZZZ_${s}=1" 122 eval "${s}_ZZZ=1" 123 124 # Only the exact match should be passed 125 check_passthrough "$s" "exact match only: $s" 126 ) 127 done 128 129 # These are passed through only when they match AT THE BEGINNING. 130 # 131 # Also, we run this _entire_ test inside a subshell, cluttering the 132 # environment, so we're testing that passthrough_envars can handle 133 # and return long lists of unrelated matches. Kind of a pointless 134 # test, there's not really any imaginable way that could fail. 135 ( 136 # Inside the subshell. Start with null expectations. 137 expect= 138 139 # WARNING! $PASSTHROUGH_ENV_ATSTART must be in alphabetical order, 140 # because passthrough_envars always returns a sorted list and (see 141 # subshell comments above) we're incrementally adding to our env. 142 readarray -d '|' -t pt_atstart <<<"$PASSTHROUGH_ENV_ATSTART" 143 # shellcheck disable=SC2048 144 for s in ${pt_atstart[*]}; do 145 eval "${s}=1" 146 eval "${s}123=1" 147 eval "NOPE_${s}=1" 148 eval "NOR_${s}_EITHER=1" 149 150 if [[ -n "$expect" ]]; then 151 expect+=" " 152 fi 153 expect+="$s ${s}123" 154 155 check_passthrough "$expect" "at start only: $s" 156 done 157 ) 158 159 # These are passed through if they match ANYWHERE IN THE NAME 160 readarray -d '|' -t pt_anywhere <<<"$PASSTHROUGH_ENV_ANYWHERE" 161 # shellcheck disable=SC2048 162 for s in ${pt_anywhere[*]}; do 163 ( 164 eval "${s}=1" 165 eval "${s}z=1" 166 eval "z${s}=1" 167 eval "z${s}z=1" 168 169 check_passthrough "${s} ${s}z z${s} z${s}z" "anywhere: $s" 170 ) 171 done 172 173 # And, to guard against null runs of the above loops, hardcoded tests of each: 174 # shellcheck disable=SC2034 175 ( 176 CI=1 177 CI_FOO=1 178 CIRRUS_BAR=1 179 GOPATH=gopath 180 GOPATH_NOT=not 181 ROOTLESS_USER=rootless 182 ZZZ_NAME=1 183 184 check_passthrough "CI CIRRUS_BAR CI_FOO GOPATH ROOTLESS_USER ZZZ_NAME" \ 185 "final handcrafted sanity check" 186 ) 187 188 # Final check 189 check_passthrough "" "Environment remains unpolluted at end" 190 191 # Done 192 # shellcheck disable=all 193 exit $(<"$rc_file")