Replace shell script based testing with bats-core

.github/workflows/build.yml

@@ -33,67 +33,13 @@ jobs:
       with:
         go-version-file: camblet/go.mod
 
-    - name: Install/setup prerequisites
+    - name: Run camblet tests using bats-core
       working-directory: camblet-driver
       run: |
-        make setup-vm
-        sudo apt install openssl
-
-    - name: Build with DKMS
-      working-directory: camblet-driver
-      run: |
-        TEST_TAG=0.0.0
-        sudo cp -r . /usr/src/camblet-$TEST_TAG/
-        sudo dkms add -m camblet -v $TEST_TAG
-        if sudo dkms build -m camblet -v $TEST_TAG; then
-          echo "DKMS build succeeded"
-        else
-          echo "DKMS build failed"
-          cat /var/lib/dkms/camblet/$TEST_TAG/build/make.log
-          exit 1
-        fi
-        sudo dkms install -m camblet -v $TEST_TAG
-
-    - name: Build Camblet CLI
-      working-directory: camblet
-      run: |
-        echo "checking out '${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}' branch"
-        git checkout ${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} || echo "branch not found"
-        make build
-        sudo mkdir -p /etc/camblet
-        sudo cp -a camblet.d/policies /etc/camblet/
-        sudo cp -a camblet.d/services /etc/camblet/
-        sudo cp config.yaml /etc/camblet/config.yaml
-        sudo cp build/camblet /usr/local/bin/
-
-    - name: Run the kernel module with kTLS
-      working-directory: camblet-driver 
-      run: |
-        sudo modprobe tls
-        sudo modprobe camblet dyndbg==_ ktls_available=1
-        sudo dmesg -T
+        make tests
 
     # - name: Setup upterm session
     #   uses: lhotari/action-upterm@v1
     #   with:
     #     ## limits ssh access and adds the ssh public key for the user which triggered the workflow
     #     limit-access-to-actor: true
-
-    - name: Run smoke test with kTLS
-      uses: ./camblet-driver/.github/actions/smoketest
-      timeout-minutes: 1
-
-    - name: Remove kernel module with kTLS
-      working-directory: camblet-driver
-      run: sudo rmmod camblet
-
-    - name: Run the kernel module with bearSSL
-      working-directory: camblet-driver 
-      run: |
-        sudo rmmod tls
-        sudo modprobe camblet dyndbg==_ ktls_available=0
-        sudo dmesg -T
-
-    - name: Run smoke test with bearSSL
-      uses: ./camblet-driver/.github/actions/smoketest
-      timeout-minutes: 1

.gitmodules

@@ -6,3 +6,12 @@
 	path = third-party/BearSSL
 	url = https://github.com/bonifaido/BearSSL.git
 	branch = linux-kernel
+[submodule "test/bats"]
+	path = test/bats
+	url = https://github.com/bats-core/bats-core.git
+[submodule "test/test_helper/bats-support"]
+	path = test/test_helper/bats-support
+	url = https://github.com/bats-core/bats-support.git
+[submodule "test/test_helper/bats-assert"]
+	path = test/test_helper/bats-assert
+	url = https://github.com/bats-core/bats-assert.git

Makefile

@@ -160,7 +160,7 @@ _install_opa:
 _install_wasm_target:
 ifndef GITHUB_ACTION
 	sudo curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-	sudo ln -s $$HOME/.cargo/bin/* /usr/bin/
+	sudo ln -f -s $$HOME/.cargo/bin/* /usr/bin/
 	rustup default stable
 	rustup target add wasm32-unknown-unknown
 	sudo rustup default stable
@@ -241,3 +241,6 @@ endif
 
 minigun:
 	for i in `seq 1 100`; do curl \-4 -s localhost:8000/tls.c > /dev/null; echo $$?; done
+
+tests:
+	./test/bats/bin/bats test/

README.md

@@ -293,3 +293,11 @@ The package can be installed with the following command:
 ```bash
 sudo dnf install ../camblet-driver-0.7.1-1.noarch.rpm
 ```
+
+## Testing
+
+We are using [bats-core](https://bats-core.readthedocs.io/en/stable/index.html) for running our tests.
+
+```bash
+make tests
+```

test/ktls.bats

@@ -0,0 +1,68 @@
+ktls_in_use=true;
+
+load 'test_helper/bats-support/load.bash'
+load 'test_helper/bats-assert/load.bash'
+load 'test_helper/common.bash'
+
+@test "Test if the ktls enabled kernel modul is in use" {
+    run cat /sys/module/camblet/parameters/ktls_available
+    assert_output 'Y'
+}
+
+@test "Test a normal directory listing with wget" {
+    wget -d http://localhost:8000/ -O /dev/null
+}
+
+@test "Test downloading and uploading 2MB file with curl" {
+    head -c 2M </dev/urandom > bigfile.o
+    curl -v -o /tmp/bigfile_downloaded.o http://localhost:8000/bigfile.o
+    curl -v -F "bigfile_downloaded.o=@/tmp/bigfile_downloaded.o" http://localhost:8000/upload
+    diff bigfile.o bigfile_downloaded.o
+}
+
+@test "Test bearSSL with non-bearSSL compatibility" {
+    echo "testing with curl using default cipher..."
+    curl -k -v https://localhost:7000/
+    echo "testing with curl using AES_GCM_128 cipher..."
+    curl -k -v --ciphers ECDHE-RSA-AES128-GCM-SHA256 https://localhost:7000/
+    echo "testing with curl using AES_GCM_256 cipher..."
+    curl -k -v --ciphers ECDHE-RSA-AES256-GCM-SHA384 https://localhost:7000/
+    echo "testing with curl using CHACHA_POLY cipher..."
+    curl -k -v --ciphers ECDHE-RSA-CHACHA20-POLY1305 https://localhost:7000/
+    echo "testing with wget..."
+    wget --no-check-certificate https://localhost:7000/ -O/dev/null
+}
+
+@test "Test openssl client connect to python with various ciphers" {
+    echo -e "GET / HTTP/1.1\r\n\r\n" | openssl s_client -connect 127.0.0.1:7000
+    echo "Test openssl client connect to python with ECDHE-RSA-CHACHA20-POLY1305 cipher"
+    echo -e "GET / HTTP/1.1\r\n\r\n" | openssl s_client -cipher ECDHE-RSA-CHACHA20-POLY1305 -connect 127.0.0.1:7000
+}
+
+@test "Test file-server under load using curl" {
+    echo "response" > testfile
+    echo -e "    100 0\n    100 response" > test.output
+    for i in `seq 1 100`; do curl -s localhost:8000/testfile; echo $?; done |sort|uniq -c|diff - test.output
+}
+
+@test "Test sendfile with NGiNX under load using curl" {
+    echo -e "    100 0" > test.output
+    for i in `seq 1 100`; do curl -s -o/dev/null localhost:8080; echo $?; done |sort|uniq -c|diff - test.output
+}
+
+@test "Test sendfile with NGiNX under load using wget" {
+    echo -e "    100 0" > test.output
+    for i in `seq 1 100`; do wget -q -O/dev/null localhost:8080; echo $?; done |sort|uniq -c|diff - test.output
+}
+
+@test "Test sockopt on file-server with TLS" {
+    ./sockopt
+}
+
+@test "Test passthrough ALPN on file-server with TLS" {
+    python3 test/passthrough.py
+}
+
+@test "Test various recv flag parameters" {
+    ./flags
+}

test/non-ktls.bats

@@ -0,0 +1,68 @@
+ktls_in_use=false;
+
+load 'test_helper/bats-support/load.bash'
+load 'test_helper/bats-assert/load.bash'
+load 'test_helper/common.bash'
+
+@test "Test if the non-ktls enabled kernel modul is in use" {
+    run cat /sys/module/camblet/parameters/ktls_available
+    assert_output 'N'
+}
+
+@test "Test a normal directory listing with wget" {
+    wget -d http://localhost:8000/ -O /dev/null
+}
+
+@test "Test downloading and uploading 2MB file with curl" {
+    head -c 2M </dev/urandom > bigfile.o
+    curl -v -o /tmp/bigfile_downloaded.o http://localhost:8000/bigfile.o
+    curl -v -F "bigfile_downloaded.o=@/tmp/bigfile_downloaded.o" http://localhost:8000/upload
+    diff bigfile.o bigfile_downloaded.o
+}
+
+@test "Test bearSSL with non-bearSSL compatibility" {
+    echo "testing with curl using default cipher..."
+    curl -k -v https://localhost:7000/
+    echo "testing with curl using AES_GCM_128 cipher..."
+    curl -k -v --ciphers ECDHE-RSA-AES128-GCM-SHA256 https://localhost:7000/
+    echo "testing with curl using AES_GCM_256 cipher..."
+    curl -k -v --ciphers ECDHE-RSA-AES256-GCM-SHA384 https://localhost:7000/
+    echo "testing with curl using CHACHA_POLY cipher..."
+    curl -k -v --ciphers ECDHE-RSA-CHACHA20-POLY1305 https://localhost:7000/
+    echo "testing with wget..."
+    wget --no-check-certificate https://localhost:7000/ -O/dev/null
+}
+
+@test "Test openssl client connect to python with various ciphers" {
+    echo -e "GET / HTTP/1.1\r\n\r\n" | openssl s_client -connect 127.0.0.1:7000
+    echo "Test openssl client connect to python with ECDHE-RSA-CHACHA20-POLY1305 cipher"
+    echo -e "GET / HTTP/1.1\r\n\r\n" | openssl s_client -cipher ECDHE-RSA-CHACHA20-POLY1305 -connect 127.0.0.1:7000
+}
+
+@test "Test file-server under load using curl" {
+    echo "response" > testfile
+    echo -e "    100 0\n    100 response" > test.output
+    for i in `seq 1 100`; do curl -s localhost:8000/testfile; echo $?; done |sort|uniq -c|diff - test.output
+}
+
+@test "Test sendfile with NGiNX under load using curl" {
+    echo -e "    100 0" > test.output
+    for i in `seq 1 100`; do curl -s -o/dev/null localhost:8080; echo $?; done |sort|uniq -c|diff - test.output
+}
+
+@test "Test sendfile with NGiNX under load using wget" {
+    echo -e "    100 0" > test.output
+    for i in `seq 1 100`; do wget -q -O/dev/null localhost:8080; echo $?; done |sort|uniq -c|diff - test.output
+}
+
+@test "Test sockopt on file-server with TLS" {
+    ./sockopt
+}
+
+@test "Test passthrough ALPN on file-server with TLS" {
+    python3 test/passthrough.py
+}
+
+@test "Test various recv flag parameters" {
+    ./flags
+}

test/setup_suite.bash

@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+
+# Runs only once in the beginning of the suite
+setup_suite() {
+    _install_setup_prerequisits
+    _build_and_install_camblet_with_dkms
+    _build_and_install_camblet_cli
+    _build_go_file_server
+    _build_sockopt
+    _build_flags
+}
+
+_install_setup_prerequisits() {
+    make setup-vm
+    sudo apt install openssl -y
+    if [[ -z "${GITHUB_ACTION}" ]]; then
+        sudo apt install docker.io -y
+    fi
+}
+
+_build_and_install_camblet_with_dkms() {
+    TEST_TAG=0.0.0
+    sudo cp -r . /usr/src/camblet-$TEST_TAG/
+    sudo dkms add -m camblet -v $TEST_TAG
+    if sudo dkms build -m camblet -v $TEST_TAG; then
+        echo "DKMS build succeeded"
+    else
+        echo "DKMS build failed"
+        cat /var/lib/dkms/camblet/$TEST_TAG/build/make.log
+        exit 1
+    fi
+    sudo dkms install -m camblet -v $TEST_TAG
+}
+
+_build_and_install_camblet_cli() {
+    if [[ "${GITHUB_ACTION}" ]]; then
+        echo "checking out '${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}' branch"
+        git checkout ${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} || echo "branch not found"
+    fi
+    cd ../camblet
+    make build
+    sudo mkdir -p /etc/camblet
+    sudo cp -a camblet.d/policies /etc/camblet/
+    sudo cp -a camblet.d/services /etc/camblet/
+    sudo cp config.yaml /etc/camblet/config.yaml
+    sudo cp build/camblet /usr/local/bin/
+    cd ../camblet-driver
+}
+
+_build_go_file_server() {
+    echo "building go file server"
+    go build test/file-server.go
+}
+
+_build_sockopt() {
+    gcc -o sockopt test/sockopt.c
+}
+
+_build_flags() {
+    gcc -o flags test/recvflags.c
+}
+
+# Runs only once in the end of the suite
+teardown_suite() {
+    _teardown_file_server_build
+    _teardown_flags
+    _teardown_sockopt
+    sudo dkms remove camblet/$TEST_TAG
+    sudo rm -rf /usr/src/camblet-$TEST_TAG/
+}
+
+_teardown_file_server_build() {
+    rm file-server
+}
+
+_teardown_sockopt() {
+    rm sockopt
+}
+
+_teardown_flags() {
+    rm flags
+}