TTF/laboratori-cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: remove unnecessary TDD test files from lab01, keep only final verification

Browse Source
This commit is contained in:
Luca Sacchi Ricciardi
2026-04-09 12:37:07 +02:00
parent a246d7cbfc
commit be8720db6a
6 changed files with 1 additions and 594 deletions
Download Patch File Download Diff File Expand all files Collapse all files
labs/lab-01-iam/tests/03-non-root-test.sh
-161
View File
@@ -1,161 +0,0 @@
#!/bin/bash
# Test: Non-root container execution (INF-01 requirement)
# Phase: RED - This test will fail initially (no containers exist)
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Helper function for incrementing counters that works with set -e
inc_pass() { ((pass_count++)) || true; }
inc_fail() { ((fail_count++)) || true; }
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
pass_count=0
fail_count=0
# Container name to test
CONTAINER_NAME="lab01-test-container"
test_non_root_dockerfile_exists() {
local dockerfile="$PROJECT_ROOT/labs/lab-01-iam/Dockerfile.test"
if [ -f "$dockerfile" ]; then
echo -e "${GREEN}PASS${NC}: Test Dockerfile exists"
inc_pass
return 0
else
echo -e "${YELLOW}SKIP${NC}: Test Dockerfile not created yet (expected in RED phase)"
inc_pass
return 0
fi
}
test_container_runs_as_non_root() {
# Check if container exists
if ! docker ps -a --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
echo -e "${YELLOW}SKIP${NC}: Container ${CONTAINER_NAME} does not exist yet (expected in RED phase)"
inc_pass
return 0
fi
# Check if container is running
if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
echo -e "${YELLOW}SKIP${NC}: Container ${CONTAINER_NAME} not running"
inc_pass
return 0
fi
# Method 1: docker exec whoami
local actual_user=$(docker exec "${CONTAINER_NAME}" whoami 2>/dev/null || echo "unknown")
if [ "$actual_user" = "root" ]; then
echo -e "${RED}FAIL${NC}: Container running as root (whoami)"
inc_fail
return 1
elif [ "$actual_user" = "unknown" ]; then
echo -e "${YELLOW}SKIP${NC}: Cannot determine user (container not running or no exec)"
inc_pass
return 0
else
echo -e "${GREEN}PASS${NC}: Container running as non-root user: $actual_user"
inc_pass
return 0
fi
}
test_container_user_configured() {
if ! docker ps -a --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
echo -e "${YELLOW}SKIP${NC}: Container not created yet"
inc_pass
return 0
fi
# Method 2: docker inspect for User field
local user_config=$(docker inspect --format='{{.Config.User}}' "${CONTAINER_NAME}" 2>/dev/null || echo "")
if [ -z "$user_config" ]; then
# Check compose file for user directive (may override Dockerfile)
if [ -f "$PROJECT_ROOT/labs/lab-01-iam/docker-compose.yml" ]; then
if grep -q "user:" $PROJECT_ROOT/labs/lab-01-iam/docker-compose.yml; then
echo -e "${GREEN}PASS${NC}: User directive found in docker-compose.yml"
inc_pass
return 0
fi
fi
echo -e "${YELLOW}WARN${NC}: No User directive found in Dockerfile or compose"
inc_pass
return 0
else
echo -e "${GREEN}PASS${NC}: User configured in container: $user_config"
inc_pass
return 0
fi
}
test_no_container_runs_as_root() {
# INF-01 requirement: NO container should run as root
cd "$PROJECT_ROOT/labs/lab-01-iam"
local compose_file="docker-compose.yml"
if [ ! -f "$compose_file" ]; then
echo -e "${YELLOW}SKIP${NC}: docker-compose.yml not created yet"
inc_pass
return 0
fi
# Get all services from compose file
local services=$(docker compose -f "$compose_file" ps --services 2>/dev/null || echo "")
if [ -z "$services" ]; then
echo -e "${YELLOW}SKIP${NC}: No services defined yet"
inc_pass
return 0
fi
local root_containers=0
while IFS= read -r service; do
if [ -n "$service" ]; then
local container_name=$(docker compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
if [ -n "$container_name" ]; then
local user=$(docker exec "$container_name" whoami 2>/dev/null || echo "unknown")
if [ "$user" = "root" ]; then
echo -e "${RED}FAIL${NC}: Service $service running as root"
((root_containers++)) || true
fi
fi
fi
done <<< "$services"
if [ $root_containers -gt 0 ]; then
echo -e "${RED}FAIL${NC}: $root_containers container(s) running as root (INF-01 violation)"
inc_fail
return 1
else
echo -e "${GREEN}PASS${NC}: No containers running as root (INF-01 satisfied)"
inc_pass
return 0
fi
}
# Run all tests
echo "Running non-root container tests (INF-01)..."
echo "============================================"
test_non_root_dockerfile_exists
test_container_runs_as_non_root
test_container_user_configured
test_no_container_runs_as_root
echo "============================================"
echo "Tests passed: $pass_count"
echo "Tests failed: $fail_count"
if [ $fail_count -gt 0 ]; then
exit 1
fi
exit 0
labs/lab-01-iam/tests/04-verify-infrastructure.sh
-163
View File
@@ -1,163 +0,0 @@
#!/bin/bash
# Infrastructure Verification: Lab 01
# Verifies that docker-compose.yml and Dockerfile satisfy all requirements
# This is the GREEN phase check - tests should pass after infrastructure implementation
set -euo pipefail
# Helper function for incrementing counters that works with set -e
inc_pass() { ((pass_count++)) || true; }
inc_fail() { ((fail_count++)) || true; }
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
TEST_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# TEST_DIR is labs/lab-01-iam/tests, so .. gives us labs/lab-01-iam
LAB_DIR="$(cd "$TEST_DIR/.." && pwd)"
PROJECT_ROOT="$(cd "$LAB_DIR/../.." && pwd)"
cd "$LAB_DIR"
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Lab 01 Infrastructure Verification${NC}"
echo -e "${BLUE}GREEN Phase Check${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
pass_count=0
fail_count=0
# Test 1: docker-compose.yml is valid
echo -e "${BLUE}[1/6] Checking docker-compose.yml syntax...${NC}"
if docker compose config >/dev/null 2>&1; then
echo -e " ${GREEN}${NC} docker-compose.yml is valid YAML"
inc_pass
else
echo -e " ${RED}${NC} docker-compose.yml has syntax errors"
inc_fail
fi
echo ""
# Test 2: Dockerfile exists and is readable
echo -e "${BLUE}[2/6] Checking Dockerfile...${NC}"
if [ -f "Dockerfile" ]; then
echo -e " ${GREEN}${NC} Dockerfile exists"
# Check for USER directive
if grep -q "^USER" Dockerfile; then
user_line=$(grep "^USER" Dockerfile)
echo -e " ${GREEN}${NC} USER directive found: $user_line"
inc_pass
else
echo -e " ${RED}${NC} No USER directive found in Dockerfile"
inc_fail
fi
else
echo -e " ${RED}${NC} Dockerfile not found"
inc_fail
fi
echo ""
# Test 3: docker-compose.yml has user directive
echo -e "${BLUE}[3/6] Checking docker-compose.yml user directive...${NC}"
if grep -q "user:" docker-compose.yml; then
user_value=$(grep "user:" docker-compose.yml | head -1 | sed 's/.*user: *//' | tr -d '"')
echo -e " ${GREEN}${NC} user directive found: $user_value"
# Verify it's not root (0:0)
if [[ "$user_value" != *"0:0"* ]] && [[ "$user_value" != *"root"* ]]; then
echo -e " ${GREEN}${NC} User is not root (INF-01 compliant)"
inc_pass
else
echo -e " ${RED}${NC} User is root (INF-01 violation)"
inc_fail
fi
else
echo -e " ${RED}${NC} No user directive in docker-compose.yml"
inc_fail
fi
echo ""
# Test 4: Build Docker image
echo -e "${BLUE}[4/6] Building Docker image...${NC}"
if docker build -t lab01-non-root -q . >/dev/null 2>&1; then
echo -e " ${GREEN}${NC} Docker image built successfully"
inc_pass
else
echo -e " ${RED}${NC} Docker image build failed"
inc_fail
fi
echo ""
# Test 5: Verify container runs as non-root
echo -e "${BLUE}[5/6] Verifying non-root execution...${NC}"
if docker run --rm lab01-non-root whoami 2>/dev/null | grep -q "labuser"; then
echo -e " ${GREEN}${NC} Container runs as non-root user (labuser)"
inc_pass
else
echo -e " ${RED}${NC} Container not running as labuser"
inc_fail
fi
echo ""
# Test 6: Verify docker compose service
echo -e "${BLUE}[6/6] Verifying docker compose service...${NC}"
# Start container in detached mode
if docker compose up -d >/dev/null 2>&1; then
echo -e " ${GREEN}${NC} docker compose service started"
# Wait for container to be ready
sleep 3
# Check container is running
if docker ps --format "{{.Names}}" | grep -q "^lab01-iam-test$"; then
echo -e " ${GREEN}${NC} Container is running"
# Verify user
actual_user=$(docker exec lab01-iam-test whoami 2>/dev/null || echo "unknown")
if [ "$actual_user" = "labuser" ]; then
echo -e " ${GREEN}${NC} docker compose container runs as non-root"
inc_pass
else
echo -e " ${RED}${NC} docker compose container running as $actual_user (expected labuser)"
inc_fail
fi
else
echo -e " ${RED}${NC} Container not running"
inc_fail
fi
# Cleanup
docker compose down --volumes >/dev/null 2>&1
else
echo -e " ${RED}${NC} Failed to start docker compose service"
inc_fail
fi
echo ""
# Summary
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Verification Summary${NC}"
echo -e "${BLUE}========================================${NC}"
echo "Passed: $pass_count/6"
echo "Failed: $fail_count/6"
echo ""
if [ $fail_count -eq 0 ]; then
echo -e "${GREEN}All checks passed!${NC}"
echo -e "${GREEN}GREEN phase complete - infrastructure satisfies tests${NC}"
echo ""
echo "Next: Run full test suite"
echo " bash labs/lab-01-iam/tests/run-all-tests.sh"
echo -e "${BLUE}========================================${NC}"
exit 0
else
echo -e "${RED}Some checks failed${NC}"
echo -e "${RED}Infrastructure needs fixes before tests will pass${NC}"
echo -e "${BLUE}========================================${NC}"
exit 1
fi
labs/lab-01-iam/tests/run-all-tests.sh
-73
View File
@@ -1,73 +0,0 @@
#!/bin/bash
# Test Suite Runner: Lab 01 - IAM & Sicurezza
# Runs all tests in sequence and provides summary
# Usage: bash labs/lab-01-iam/tests/run-all-tests.sh
set -euo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[0;34m'
NC='\033[0m'
TEST_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$TEST_DIR/../.." && pwd)"
cd "$PROJECT_ROOT"
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Lab 01 Test Suite${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
# Array of test files in order
declare -a tests=(
"$TEST_DIR/test-01-user-creation.sh"
"$TEST_DIR/test-02-docker-access.sh"
"$TEST_DIR/03-non-root-test.sh"
)
total_tests=${#tests[@]}
passed_tests=0
failed_tests=0
for i in "${!tests[@]}"; do
test_num=$((i + 1))
test_file="${tests[$i]}"
test_name=$(basename "$test_file")
echo -e "${BLUE}[$test_num/$total_tests] Running $test_name...${NC}"
if bash "$test_file"; then
echo -e "${GREEN}✓ PASSED${NC}"
echo ""
((passed_tests++)) || true
else
echo -e "${RED}✗ FAILED${NC}"
echo ""
((failed_tests++)) || true
# Fail-fast: stop on first failure
break
fi
done
# Summary
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Test Suite Summary${NC}"
echo -e "${BLUE}========================================${NC}"
echo "Passed: $passed_tests/$total_tests"
echo "Failed: $failed_tests/$total_tests"
echo ""
if [ $failed_tests -eq 0 ]; then
echo -e "${GREEN}All tests passed!${NC}"
echo ""
echo "Run final verification:"
echo " bash labs/lab-01-iam/tests/99-final-verification.sh"
echo -e "${BLUE}========================================${NC}"
exit 0
else
echo -e "${RED}Some tests failed${NC}"
echo -e "${BLUE}========================================${NC}"
exit 1
fi
labs/lab-01-iam/tests/test-01-user-creation.sh
-89
View File
@@ -1,89 +0,0 @@
#!/bin/bash
# Test: Linux user creation and Docker group membership
# Phase: GREEN - Tests pass after tutorial completion
set -euo pipefail
# Helper function for incrementing counters that works with set -e
inc_pass() { ((pass_count++)) || true; }
inc_fail() { ((fail_count++)) || true; }
# Color output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
pass_count=0
fail_count=0
test_user_exists() {
local user="lab01_student"
if id "$user" &>/dev/null; then
echo -e "${GREEN}PASS${NC}: User $user exists"
inc_pass
return 0
fi
echo -e "${RED}FAIL${NC}: User $user does not exist"
inc_fail
return 1
}
test_user_with_docker_group() {
local user="lab01_student"
# If user doesn't exist, fail this test
if ! id "$user" &>/dev/null; then
echo -e "${RED}FAIL${NC}: User $user does not exist"
inc_fail
return 1
fi
# Check if user is in docker group
if groups "$user" 2>/dev/null | grep -q docker; then
echo -e "${GREEN}PASS${NC}: User $user is in docker group"
inc_pass
return 0
fi
echo -e "${RED}FAIL${NC}: User $user is not in docker group"
inc_fail
return 1
}
test_docker_access_granted() {
local user="lab01_student"
# If user doesn't exist, fail this test
if ! id "$user" &>/dev/null; then
echo -e "${RED}FAIL${NC}: Test user does not exist"
inc_fail
return 1
fi
# Test that user can access docker socket
if sudo -u "$user" docker ps &>/dev/null; then
echo -e "${GREEN}PASS${NC}: Docker access granted for $user"
inc_pass
return 0
fi
echo -e "${RED}FAIL${NC}: Docker access denied for $user"
inc_fail
return 1
}
# Run all tests
echo "Running user creation tests..."
echo "================================"
test_user_exists
test_user_with_docker_group
test_docker_access_granted
echo "================================"
echo "Tests passed: $pass_count"
echo "Tests failed: $fail_count"
if [ $fail_count -gt 0 ]; then
exit 1
fi
exit 0
labs/lab-01-iam/tests/test-02-docker-access.sh
-92
View File
@@ -1,92 +0,0 @@
#!/bin/bash
# Test: Docker socket access control via group membership
# Phase: RED - This test will fail initially (no users configured)
set -euo pipefail
# Helper function for incrementing counters that works with set -e
inc_pass() { ((pass_count++)) || true; }
inc_fail() { ((fail_count++)) || true; }
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
pass_count=0
fail_count=0
test_socket_permissions() {
local socket="/var/run/docker.sock"
local perms=$(stat -c "%a" "$socket" 2>/dev/null || echo "000")
# Socket should be 660 or stricter (no world-readable/writable)
if [ "$perms" = "660" ] || [ "$perms" = "600" ]; then
echo -e "${GREEN}PASS${NC}: Docker socket permissions are $perms"
inc_pass
return 0
else
echo -e "${YELLOW}WARN${NC}: Docker socket permissions are $perms (expected 660)"
inc_pass
return 0
fi
}
test_docker_group_exists() {
if getent group docker >/dev/null 2>&1; then
echo -e "${GREEN}PASS${NC}: Docker group exists"
inc_pass
return 0
else
echo -e "${RED}FAIL${NC}: Docker group does not exist"
inc_fail
return 1
fi
}
test_user_can_add_to_docker_group() {
local user="lab01_student"
# This test verifies the MECHANISM, not that it's done yet
# usermod may be in /usr/sbin which might not be in PATH
if command -v usermod >/dev/null 2>&1 || [ -x /usr/sbin/usermod ]; then
echo -e "${GREEN}PASS${NC}: usermod command available for group management"
inc_pass
return 0
else
echo -e "${RED}FAIL${NC}: usermod command not available"
inc_fail
return 1
fi
}
test_docker_accessible_by_group() {
# Check that docker group members can access the socket
local socket_group=$(stat -c "%G" /var/run/docker.sock 2>/dev/null || echo "unknown")
if [ "$socket_group" = "docker" ]; then
echo -e "${GREEN}PASS${NC}: Docker socket owned by docker group"
inc_pass
return 0
else
echo -e "${YELLOW}WARN${NC}: Docker socket owned by $socket_group (expected docker)"
inc_pass
return 0
fi
}
# Run all tests
echo "Running Docker access control tests..."
echo "======================================"
test_socket_permissions
test_docker_group_exists
test_user_can_add_to_docker_group
test_docker_accessible_by_group
echo "======================================"
echo "Tests passed: $pass_count"
echo "Tests failed: $fail_count"
if [ $fail_count -gt 0 ]; then
exit 1
fi
exit 0