github.com/hyperledger/fabric-ca@v2.0.0-alpha.0.20201120210307-7b4f34729db1+incompatible/scripts/fvt/postgres_test.sh (about)

     1  #!/bin/bash
     2  #
     3  # Copyright IBM Corp. All Rights Reserved.
     4  #
     5  # SPDX-License-Identifier: Apache-2.0
     6  #
     7  
     8  TESTCASE="postgres"
     9  FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
    10  FABRIC_CAEXEC="$FABRIC_CA/bin/fabric-ca"
    11  SCRIPTDIR="$FABRIC_CA/scripts/fvt"
    12  . $SCRIPTDIR/fabric-ca_utils
    13  RC=0
    14  
    15  export FABRIC_CA_SERVER_HOME="/tmp/$TESTCASE"
    16  
    17  PGSQLSERVERCONFIG="$FABRIC_CA_SERVER_HOME/pgsqlserverconfig.yaml"
    18  SERVERLOG="$FABRIC_CA_SERVER_HOME/serverlog.txt"
    19  MSP="$FABRIC_CA_SERVER_HOME/msp"
    20  SERVERCERT="$FABRIC_CA_SERVER_HOME/fabric-ca-cert.pem"
    21  DBNAME="fabric_ca"
    22  
    23  function cleanup {
    24      rm $SERVERCERT
    25      rm -rf $MSP
    26      rm $SERVERLOG
    27  }
    28  
    29  function configureDB {
    30      psql -c "CREATE USER testuser WITH PASSWORD 'testuserpw' LOGIN"
    31      psql -c "CREATE DATABASE testdb"
    32      psql -d testdb -c "DROP DATABASE $DBNAME"
    33      psql -d testdb -c "DROP DATABASE postgres"
    34  }
    35  
    36  function resetDB {
    37      psql -d testdb -c "ALTER DATABASE template1_temp RENAME TO template1"
    38      psql -d testdb -c "CREATE DATABASE $DBNAME"
    39      psql -d testdb -c "CREATE DATABASE postgres"
    40      psql -d testdb -c "ALTER USER testuser WITH NOCREATEDB"
    41  }
    42  
    43  function genConfig {
    44     mkdir -p $FABRIC_CA_SERVER_HOME
    45     cat > $PGSQLSERVERCONFIG <<EOF
    46  debug: true
    47  
    48  db:
    49    type: postgres
    50    datasource: host=localhost port=$POSTGRES_PORT user=testuser password=testuserpw dbname=fabric_ca
    51  
    52  tls:
    53    enabled: true
    54    certfile: $TLS_SERVERCERT
    55    keyfile: $TLS_SERVERKEY
    56  
    57  registry:
    58    # Maximum number of times a password/secret can be reused for enrollment
    59    # (default: -1, which means there is no limit)
    60    maxenrollments: -1
    61  
    62    # Contains identity information which is used when LDAP is disabled
    63    identities:
    64       - name: a
    65         pass: b
    66         type: client
    67         affiliation: ""
    68         maxenrollments: -1
    69         attrs:
    70            hf.Registrar.Roles: "client,user,peer,validator,auditor"
    71            hf.Registrar.DelegateRoles: "client,user,validator,auditor"
    72            hf.Revoker: true
    73            hf.IntermediateCA: true
    74  
    75  affiliations:
    76     org1:
    77        - department1
    78        - department2
    79     org2:
    80        - department1
    81  EOF
    82  }
    83  
    84  genConfig
    85  cleanup
    86  configureDB
    87  
    88  # TEST 1: Database user does not have permission to create DB and also
    89  # no database exists with the same name as user
    90  $SCRIPTDIR/fabric-ca_setup.sh -S -X -g $PGSQLSERVERCONFIG 2>&1 | tee $SERVERLOG &
    91  pollFabricCa "" "" $CA_DEFAULT_PORT
    92  $SCRIPTDIR/fabric-ca_setup.sh -K
    93  grep "pq: permission denied to create database" $SERVERLOG &> /dev/null
    94  if [ $? != 0 ]; then
    95      ErrorMsg "'testuser' should not have been able to create database, does not have permissions"
    96  fi
    97  
    98  # TEST 2: There are no database to establish a connection, an error is expected
    99  # Three database are tried, the database specified in connection string, postgres,
   100  # and template1
   101  psql -d testdb -c "ALTER DATABASE template1 RENAME TO template1_temp"
   102  $SCRIPTDIR/fabric-ca_setup.sh -S -X -g $PGSQLSERVERCONFIG 2>&1 | tee $SERVERLOG &
   103  pollFabricCa "" "" $CA_DEFAULT_PORT
   104  grep "Please create one of these database before continuing" $SERVERLOG &> /dev/null
   105  if [ $? != 0 ]; then
   106      ErrorMsg "None of the database expected exist, should have thrown an error in the logs"
   107  fi
   108  
   109  # TEST 3: User has permissions to create DB and at least of the expected database
   110  # exists, should successfully initialize database now
   111  psql -d testdb -c "ALTER DATABASE template1_temp RENAME TO template1"
   112  psql -d testdb -c "ALTER USER testuser WITH CREATEDB"
   113  
   114  # Enroll should try to reinitialize the DB before processing enroll request and should succeed
   115  enroll a b 2>&1 | grep "Stored client certificate"
   116  if [ $? != 0 ]; then
   117      ErrorMsg "Enroll request should have passed"
   118  fi
   119  
   120  $SCRIPTDIR/fabric-ca_setup.sh -K
   121  grep "Initialized postgres database" $SERVERLOG &> /dev/null
   122  if [ $? != 0 ]; then
   123      ErrorMsg "Postgres database should have been successfully initialized"
   124  fi
   125  
   126  resetDB
   127  CleanUp $RC
   128  exit $RC