github.com/turbot/steampipe@v1.7.0-rc.0.0.20240517123944-7cef272d4458/tests/acceptance/test_files/ssl.bats

github.com/turbot/steampipe@v1.7.0-rc.0.0.20240517123944-7cef272d4458/tests/acceptance/test_files/ssl.bats (about)

     1  load "$LIB_BATS_ASSERT/load.bash"
     2  load "$LIB_BATS_SUPPORT/load.bash"
     3  
     4  @test "expiry year of root.crt should be 9999 and server.crt should be 3yrs from now" {
     5    current_year=$(date +"%Y")
     6    steampipe service start
     7  
     8    run openssl x509 -enddate -noout -in $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/root.crt
     9    echo $output
    10    # check enddate
    11    assert_output --partial "notAfter=Dec 31 23:59:59 9999 GMT"
    12  
    13    server_expiry=$((current_year + 3))
    14    echo $server_expiry
    15  
    16    run openssl x509 -enddate -noout -in $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/server.crt
    17    echo $output
    18    # check enddate
    19    assert_output --partial "$server_expiry"
    20  }
    21  
    22  @test "restarting service should not rotate root and server certificates" {
    23    steampipe service start
    24  
    25    # save file hash
    26    run cksum $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/root.crt
    27    id_root=$(echo $output | awk '{print $1}')
    28    echo $id_root
    29  
    30    # save file hash
    31    run cksum $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/server.crt
    32    id_server=$(echo $output | awk '{print $1}')
    33    echo $id_server
    34  
    35    steampipe service restart
    36    
    37    # check file hash after restart
    38    run cksum $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/root.crt
    39    id_root_new=$(echo $output | awk '{print $1}')
    40    echo $id_root_new
    41    assert_equal $id_root $id_root_new
    42  
    43    # check file hash after restart
    44    run cksum $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/server.crt
    45    id_server_new=$(echo $output | awk '{print $1}')
    46    echo $id_server_new
    47  
    48    # both hashes should be same - which means file did not get regenerated/rotated
    49    assert_equal $id_server $id_server_new
    50  
    51  }
    52  
    53  @test "deleting root certificate, service start should regenerate server and root certs" {
    54    # save file hash
    55    run cksum $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/server.crt
    56    id_server=$(echo $output | awk '{print $1}')
    57    echo $id_server
    58  
    59    # delete root certificate
    60    rm -f $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/root.crt
    61  
    62    steampipe service start
    63  
    64    # save new file hash
    65    run cksum $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/server.crt
    66    id_server_new=$(echo $output | awk '{print $1}')
    67    echo $id_server_new
    68  
    69    # old and new file hashes should not be equal - deleting root certificate would regenerate/
    70    # rotate server certificates too
    71    if [[ "$id_server" == "$id_server_new" ]]; then
    72      flag=1
    73    else
    74      flag=0
    75    fi
    76    assert_equal "$flag" "0"
    77  }
    78  
    79  @test "adding an encrypted private key should work fine and service should start successfully" {
    80    run openssl genrsa -aes256 -out $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/server.key -passout pass:steampipe -traditional 2048 
    81    
    82    run openssl req -key $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/server.key -passin pass:steampipe -new -x509 -out $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/server.crt -subj "/CN=steampipe.io"
    83  
    84    steampipe service start --database-ssl-password steampipe
    85  }
    86  
    87  function teardown() {
    88    steampipe service stop --force
    89  }