TTF/laboratori-cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b011892e97a61a2464393bf0a54fddd48f633c26
laboratori-cloud/labs/lab-01-iam/tests/99-final-verification.sh
T
Luca Sacchi Ricciardi 49e15f7ea2 fix(lab-01): align student flow and final verification
2026-04-10 13:03:43 +00:00

121 lines
4.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Final Verification: Lab 01 - IAM & Sicurezza
# This is the "double check" command students run to verify their work
# Usage: bash tests/99-final-verification.sh
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Lab 01 - IAM & Sicurezza${NC}"
echo -e "${BLUE}Final Verification (Double Check)${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
# Track overall results
all_passed=true
# Test 1: User and group configuration
echo -e "${BLUE}[1/3] Checking user and group configuration...${NC}"
if id lab01_student &>/dev/null; then
echo -e " ${GREEN}${NC} User lab01_student exists"
if groups lab01_student 2>/dev/null | grep -q docker; then
echo -e " ${GREEN}${NC} User lab01_student is in docker group"
else
echo -e " ${RED}${NC} User lab01_student is NOT in docker group"
all_passed=false
fi
else
echo -e " ${YELLOW}${NC} User lab01_student does not exist (not created yet)"
all_passed=false
fi
echo ""
# Test 2: Docker access control
echo -e "${BLUE}[2/3] Checking Docker access control...${NC}"
if ! id lab01_student &>/dev/null; then
echo -e " ${RED}${NC} lab01_student does not exist"
all_passed=false
elif groups lab01_student 2>/dev/null | grep -q docker; then
echo -e " ${GREEN}${NC} lab01_student is configured for Docker access via docker group"
echo -e " ${YELLOW} Note:${NC} verify interactively with 'sudo -u lab01_student -i docker ps' if you want a live runtime check"
else
echo -e " ${RED}${NC} lab01_student is not in docker group"
echo -e " ${YELLOW} Hint: run 'sudo usermod -aG docker lab01_student' and open a new login session${NC}"
all_passed=false
fi
echo ""
# Test 3: Non-root container execution (INF-01)
echo -e "${BLUE}[3/3] Checking non-root container execution (INF-01)...${NC}"
cd "$PROJECT_ROOT/labs/lab-01-iam"
compose_file="docker-compose.yml"
if [ ! -f "$compose_file" ]; then
echo -e " ${YELLOW}${NC} docker-compose.yml not found"
all_passed=false
else
echo -e " ${GREEN}${NC} docker-compose.yml exists"
if docker compose -f "$compose_file" config &>/dev/null; then
echo -e " ${GREEN}${NC} docker-compose.yml syntax is valid"
else
echo -e " ${RED}${NC} docker-compose.yml has syntax errors"
all_passed=false
fi
# Check for user directive in services
if grep -q '^[[:space:]]*user:' "$compose_file"; then
echo -e " ${GREEN}${NC} Services configured with non-root user directive"
else
echo -e " ${RED}${NC} No user directive found in docker-compose.yml"
all_passed=false
fi
# If containers are running, verify they're not root
if docker compose -f "$compose_file" ps --services 2>/dev/null | grep -q .; then
root_count=0
while IFS= read -r service; do
[ -z "$service" ] && continue
container=$(docker compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
if [ -n "$container" ]; then
user=$(docker exec "$container" whoami 2>/dev/null || echo "unknown")
if [ "$user" = "root" ]; then
echo -e " ${RED}${NC} Service $service running as ROOT (INF-01 violation)"
((root_count++)) || true
fi
fi
done <<< "$(docker compose -f "$compose_file" ps --services 2>/dev/null)"
if [ $root_count -eq 0 ]; then
echo -e " ${GREEN}${NC} All running containers are non-root"
else
all_passed=false
fi
else
echo -e " ${YELLOW}${NC} No containers running (start with docker compose up -d --build)"
fi
fi
echo ""
# Final summary
echo -e "${BLUE}========================================${NC}"
if [ "$all_passed" = true ]; then
echo -e "${GREEN}ALL CHECKS PASSED${NC}"
echo -e "${GREEN}Lab 01 is complete!${NC}"
echo -e "${BLUE}========================================${NC}"
exit 0
else
echo -e "${RED}SOME CHECKS FAILED${NC}"
echo -e "${YELLOW}Review the output above and complete the missing items${NC}"
echo -e "${BLUE}========================================${NC}"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink