tdi 0.1.0

data/README.md

@@ -0,0 +1,46 @@
+# TDI
+
+Test Driven Infrastructure acceptance helpers for validating your deployed
+infrastructure and external dependencies.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'tdi'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install tdi
+
+## Usage
+
+    $ tdi -h
+
+Usage:
+
+    tdi [options] test_plan_file
+
+Examples:
+
+    tdi tdi.json
+    tdi --plan admin tdi.json
+    tdi --plan admin::acl tdi.json
+    tdi -p admin::acl,admin::file tdi.json
+    tdi --nofail tdi.json
+    tdi --shred tdi.json
+    tdi -v tdi.json
+    tdi -vv tdi.json
+    tdi -vvv tdi.json
+
+Options:
+
+    -n, --nofail       No fail mode.
+    -p, --plan         Test plan list.
+    -s, --shred        Wipe out the test plan, leaving no trace behind.
+    -v, --verbose      Verbose mode.
+    -h, --help         Display this help message.

data/Rakefile

@@ -0,0 +1 @@
+require 'bundler/gem_tasks'

data/bin/tdi

@@ -0,0 +1,167 @@
+#!/usr/bin/env ruby
+
+# == TDI
+#
+# Run test plans against the infrastructure, performing tasks such as validating
+# for:
+# - Network access (ACL).
+# - File/directory RO/RW access (Local/NFS).
+# - SSH session capability (Private/Public key pair based auth).
+# - HTTP request/response.
+# TODO: - Successful execution of an arbitrary command.
+# TODO: - DNS resolution.
+#
+# === Authors
+#
+# Rogério Carvalho Schneider <rogerio.schneider@corp.globo.com>
+# Leonardo Martins de Lima <leonardo.martins@corp.globo.com>
+# Diogo Kiss <diogokiss@corp.globo.com>
+# Francisco Corrêa <francisco@corp.globo.com>
+#
+# === Copyright
+#
+# Copyright (C) 2013-2014 Globo.com
+
+##############
+## REQUIRES ##
+##############
+
+require 'slop'
+require 'json'
+require 'colorize'
+require_relative '../lib/planner'
+require_relative '../lib/runner'
+
+###############
+## CONSTANTS ##
+###############
+
+UNMERGEABLE_KEY_LIST = %w(desc inherits notest)
+UNTESTABLE_ROLE_LIST = %w(global common)
+
+#############
+## HELPERS ##
+#############
+
+# Autoload any helper file inside helper's directory.
+BIN_DIR = File.dirname(File.expand_path(__FILE__))
+Dir["#{BIN_DIR}/../helper/*.rb"].each do |filename|
+  filename.sub!(/\.rb$/, '')
+  require filename
+end
+
+##########
+## MAIN ##
+##########
+
+def main(opts)
+  # Test plan input file.
+  filename = ARGV[0]
+
+  # Wrong number of command line arguments.
+  if filename.nil? and not opts.help?
+    puts opts
+    exit 1
+  end
+
+  # It is not an error to ask for help.
+  exit 0 if opts.help?
+
+  # Validation.
+  validate_args(opts)
+
+  # Start.
+  if opts[:verbose] > 0
+    puts "Using \"#{filename}\" as test plan input file.".cyan
+    puts
+  end
+
+  # Parse input file.
+  original_plan = JSON.parse(open(filename).read)
+
+  # Print input file.
+  if opts[:verbose] > 2
+    original_plan.each_pair do |role_name, role_content|
+      puts "Found role: #{role_name}".cyan
+      puts 'Role content:'.cyan
+      puts "* #{role_content}".yellow
+      puts
+    end
+  end
+
+  # Plan.
+  plan = planner(opts, original_plan)
+
+  # Print test plan.
+  if opts[:verbose] > 0
+    puts "Test plan built from \"#{filename}\":".cyan
+    puts JSON.pretty_generate(plan).yellow
+    puts
+  end
+
+  # Run tests.
+  runner(opts, filename, plan)
+end
+
+# Arguments validation.
+def validate_args(opts)
+  puts 'Validating arguments...'.cyan if opts[:verbose] > 1
+
+  if opts.plan?
+    if opts[:plan].nil?
+      puts 'ERR: When using test plan filter you must inform at least one test plan name.'.light_magenta
+      exit 1
+    end
+
+    opts[:plan].each do |plan_name|
+      unless /^\w+(::\w+)?$/.match(plan_name)
+        puts "ERR: Invalid test plan filter \"#{plan_name}\". Must match pattern \"role\" or \"role::plan\".".light_magenta
+        exit 1
+      end
+    end
+  end
+
+  if opts[:verbose] > 1
+    puts 'Validating arguments... done.'.green
+    puts
+  end
+end
+
+# Command line options.
+begin
+  opts = Slop.parse(:help => true, :strict => true) do
+    banner <<-EOS
+Usage:
+
+    tdi [options] test_plan_file
+
+Examples:
+
+    tdi tdi.json
+    tdi --plan admin tdi.json
+    tdi --plan admin::acl tdi.json
+    tdi -p admin::acl,admin::file tdi.json
+    tdi --nofail tdi.json
+    tdi --shred tdi.json
+    tdi -v tdi.json
+    tdi -vv tdi.json
+    tdi -vvv tdi.json
+
+Options:
+EOS
+    on :n, :nofail, 'No fail mode.'
+    on :p, :plan, 'Test plan list.', :as => Array, :argument => :optional
+    on :s, :shred, 'Wipe out the test plan, leaving no trace behind.'
+    on :v, :verbose, 'Verbose mode.', :as => :count
+  end
+rescue
+  puts 'ERR: Invalid option. Try -h or --help for help.'.light_magenta
+  exit 1
+end
+
+begin
+  exit main(opts)
+rescue => e
+  puts "ERR: #{e.message}".light_magenta
+  exit 1
+end

data/helper/acl.rb

@@ -0,0 +1,38 @@
+require 'socket'
+require 'timeout'
+require 'etc'
+
+class TDIPlan < TDI
+  def acl(plan)
+    plan.select { |key, val|
+      val.is_a?(Hash)
+    }.each_pair do |case_name, case_content|
+      # Parse.
+      host          = case_name
+      ports         = [case_content['port']].flatten
+      timeout_limit = case_content['timeout'].nil? ? 1 : case_content['timeout'].to_i
+
+      # User.
+      user = Etc.getpwuid(Process.euid).name
+
+      # ACL.
+      ports.each do |port|
+        begin
+          timeout(timeout_limit) do
+            begin
+              sock = TCPSocket.open(host, port)
+              sock.close
+              success "ACL (#{user}): #{host}:#{port}"
+            rescue Errno::ECONNREFUSED
+              warning "ACL (#{user}): #{host}:#{port}"
+            rescue Errno::ECONNRESET, Errno::ETIMEDOUT
+              failure "ACL (#{user}): Connection Refused #{host}:#{port}"
+            end
+          end
+        rescue Timeout::Error
+          failure "ACL (#{user}): Timed out (#{timeout_limit}s) #{host}:#{port}"
+        end
+      end
+    end
+  end
+end

data/helper/file.rb

@@ -0,0 +1,97 @@
+require 'fileutils'
+require 'etc'
+
+class TDIPlan < TDI
+  def file(plan)
+    plan.select { |key, val|
+      val.is_a?(Hash)
+    }.each_pair do |case_name, case_content|
+      # Parse.
+      path = case_name
+      user = case_content['user']
+      perm = case_content['perm']
+      type = case_content['type']
+      location = case_content['location']
+
+      # Flag.
+      @flag_success = true
+
+      # Privileged user.
+      begin
+        Process.euid = 0
+      rescue => e
+        puts "ERR: Must run as root to change user credentials #{e}).".light_magenta
+        exit 1
+      end
+
+      # Change credentials to local user.
+      begin
+        Process.euid = Etc.getpwnam(user).uid
+      rescue => e
+        puts "ERR: User \"#{user}\" not found (#{e}).".light_magenta
+        exit 1
+      end
+
+      # Apply the test to a
+      def testPerm filename, perm, type
+        # Perm.
+        begin
+          FileUtils.touch(filename)
+          @flag_success = false if perm.eql?('ro')
+        rescue
+          @flag_success = false if perm.eql?('rw')
+        ensure
+          # Cleanup, if type is directory (remove tempfile).
+          FileUtils.rm(filename) if type.eql?('directory') rescue nil
+        end
+      end
+
+      # Type.
+      case type
+      when 'directory'
+        # Path.
+        filename = "#{path}/#{ENV['HOSTNAME']}.rw"
+        testPerm filename, perm, type
+      when 'file'
+        # Path.
+        filename = path
+        testPerm filename, perm, type
+      when 'link'
+          @flag_success = File.symlink?(path)
+          @flag_success = File.exist?(path) if @flag_success
+      else
+        puts "ERR: Invalid file plan format \"#{type}\". Type must be \"directory\", \"file\" or \"link\".".light_magenta
+        exit 1
+      end
+
+      # Location.
+      unless type.eql?('directory')
+        df_path = File.dirname(path)
+      else
+        df_path = path
+      end
+      fs_location_query_cmd = "df -P #{df_path} | tail -n 1 | awk '{print $1}'"
+      device = `#{fs_location_query_cmd}`
+
+      case location
+      when 'local'
+        @flag_success = false if device.include?(':')
+      when 'nfs'
+        @flag_success = false unless device.include?(':')
+      else
+        puts "ERR: Invalid file plan format \"#{location}\". Location must be \"local\" or \"nfs\".".light_magenta
+        exit 1
+      end
+
+      # Verdict.
+      if @flag_success
+        success "FILE (#{user}): #{path} => #{perm} #{type} #{location}"
+      else
+        failure "FILE (#{user}): #{path} => #{perm} #{type} #{location}"
+      end
+    end
+
+    # Change credentials back to privileged user.
+    Process.euid = 0
+  end
+end

data/helper/http.rb

@@ -0,0 +1,104 @@
+require 'net/http'
+require "net/https"
+require 'timeout'
+require 'etc'
+require 'uri'
+
+class TDIPlan < TDI
+
+  def _parse(uri,params)
+
+    # Normalizing
+    if not uri =~ /^https?:\/\//
+        uri = 'http://' + uri.to_s
+    end
+
+    # URI
+    _uri = URI(uri)
+    ssl  = _uri.scheme.eql?("https")
+    host = _uri.host
+    port = _uri.port
+    path = _uri.path.empty? ? '/' : _uri.path
+
+    # Params
+    code = params['code'].nil? ? 200 : params['code'].to_i
+    match = params['match']
+    timeout_limit = params['timeout'].nil? ? 2 : params['timeout'].to_i
+
+    if not params['proxy'].nil?
+        proxy_addr, proxy_port = params['proxy'].split(/:/)
+        proxy_port = 3128 unless not proxy_port.nil?
+    end
+
+    return host, port, path, proxy_addr, proxy_port, code, match, ssl, timeout_limit
+    
+  end
+
+  def http(plan)
+    plan.select { |key, val|
+      val.is_a?(Hash)
+    }.each_pair do |case_name,case_content|
+
+      host, port, path, proxy_addr, proxy_port, code, match, ssl, timeout_limit = _parse(case_name,case_content)
+
+      # User.
+      user = Etc.getpwuid(Process.euid).name
+     
+      response = nil
+
+      if not proxy_addr.nil? and not proxy_port.nil?
+
+        http = Net::HTTP::Proxy(proxy_addr, proxy_port)
+
+        begin
+          timeout(timeout_limit) do
+            begin
+              http.start(host,port,:use_ssl => ssl, :verify_mode => OpenSSL::SSL::VERIFY_NONE) { |http|
+                response = http.get(path)
+              }
+            rescue Errno::ECONNREFUSED, Errno::ECONNRESET
+              warning "HTTP (#{user}): #{case_name} - Connection reset or refused."
+            end
+          end
+        rescue Timeout::Error
+          failure "HTTP (#{user}): #{case_name} - Timed out (#{timeout_limit}s)."
+        end
+        
+      else
+
+        http = Net::HTTP.new(host, port)
+
+        if ssl
+            http.use_ssl = true
+            http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        end 
+
+        begin        
+          timeout(timeout_limit) do
+            begin
+              http.start() { |http|
+                response = http.get(path)
+              }
+            rescue Errno::ECONNREFUSED, Errno::ECONNRESET
+              warning "HTTP (#{user}): #{case_name} - Connection reset or refused."
+            end
+          end
+        rescue Timeout::Error
+          failure "HTTP (#{user}): #{case_name} - Timed out."
+        end
+        
+      end
+
+      if not response.nil?
+          if not match.nil? and not response.body.chomp.include?(match.chomp)
+            failure "HTTP (#{user}): #{case_name} - Expected string '#{match.chomp}'."
+          elsif not code.nil? and (response.code.to_i != code)
+            failure "HTTP (#{user}): #{case_name} - Expected HTTP #{code}."
+          else
+            success "HTTP (#{user}): #{case_name}"
+          end
+      end
+      
+    end
+  end
+end