jprdonnelly/steampipe
1
0
Fork 0
mirror of https://github.com/turbot/steampipe.git synced 2025-12-19 09:58:53 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
2fa696b2dbcc9abd5a3b70c0fb6dd83606de6195
steampipe/tests/acceptance/test_files/ssl.bats
Puskar Basu 2fa696b2db Update embedded postgresql version to 14.19 (#4671)
2025-10-29 22:00:25 +05:30

91 lines
2.8 KiB
Bash
Raw Blame History

load "$LIB_BATS_ASSERT/load.bash"
load "$LIB_BATS_SUPPORT/load.bash"
@test "expiry year of root.crt should be 9999 and server.crt should be 3yrs from now" {
current_year=$(date +"%Y")
steampipe service start
run openssl x509 -enddate -noout -in $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/root.crt
echo $output
# check enddate
assert_output --partial "notAfter=Dec 31 23:59:59 9999 GMT"
server_expiry=$((current_year + 3))
echo $server_expiry
run openssl x509 -enddate -noout -in $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/server.crt
echo $output
# check enddate
assert_output --partial "$server_expiry"
}
@test "restarting service should not rotate root and server certificates" {
steampipe service start
# save file hash
run cksum $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/root.crt
id_root=$(echo $output | awk '{print $1}')
echo $id_root
# save file hash
run cksum $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/server.crt
id_server=$(echo $output | awk '{print $1}')
echo $id_server
steampipe service restart
# check file hash after restart
run cksum $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/root.crt
id_root_new=$(echo $output | awk '{print $1}')
echo $id_root_new
assert_equal $id_root $id_root_new
# check file hash after restart
run cksum $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/server.crt
id_server_new=$(echo $output | awk '{print $1}')
echo $id_server_new
# both hashes should be same - which means file did not get regenerated/rotated
assert_equal $id_server $id_server_new
}
@test "deleting root certificate, service start should regenerate server and root certs" {
# save file hash
run cksum $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/server.crt
id_server=$(echo $output | awk '{print $1}')
echo $id_server
# delete root certificate
rm -f $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/root.crt
steampipe service start
# save new file hash
run cksum $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/server.crt
id_server_new=$(echo $output | awk '{print $1}')
echo $id_server_new
# old and new file hashes should not be equal - deleting root certificate would regenerate/
# rotate server certificates too
if [[ "$id_server" == "$id_server_new" ]]; then
flag=1
else
flag=0
fi
assert_equal "$flag" "0"
}
@test "adding an encrypted private key should work fine and service should start successfully" {
skip "TODO update test and enable later"
run openssl genrsa -aes256 -out $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/server.key -passout pass:steampipe -traditional 2048
run openssl req -key $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/server.key -passin pass:steampipe -new -x509 -out $STEAMPIPE_INSTALL_DIR/db/14.19.0/data/server.crt -subj "/CN=steampipe.io"
steampipe service start --database-password steampipe
}
function teardown() {
steampipe service stop --force
}
Reference in New Issue View Git Blame Copy Permalink