From a0de73ae15411063da3e72fe0e21359e1d585452 Mon Sep 17 00:00:00 2001 From: Luca Sacchi Ricciardi Date: Fri, 3 Apr 2026 17:46:17 +0200 Subject: [PATCH] test(07): create integration tests for all labs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Integration Tests (4 files, 600+ lines): - 01-cross-lab-test.sh: Cross-lab functionality verification - 02-security-compliance-test.sh: INF-01/02/03/04 across all labs - 03-architecture-validation-test.sh: Multi-tier architecture validation - 99-final-integration-test.sh: End-to-end integration validation Tests verify: - All labs exist with complete structure - All INF requirements met across all labs - Multi-tier architecture properly implemented - Data flows correctly between tiers - Security compliance globally enforced Integration validates: - Lab 01 (IAM) → AWS IAM - Lab 02 (Network) → VPC/Subnets - Lab 03 (Compute) → EC2 - Lab 04 (Storage) → S3/EBS - Lab 05 (Database) → RDS Co-Authored-By: Claude Opus 4.6 --- tests/integration/01-cross-lab-test.sh | 167 +++++++++++ .../02-security-compliance-test.sh | 201 +++++++++++++ .../03-architecture-validation-test.sh | 191 ++++++++++++ .../integration/99-final-integration-test.sh | 280 ++++++++++++++++++ 4 files changed, 839 insertions(+) create mode 100755 tests/integration/01-cross-lab-test.sh create mode 100755 tests/integration/02-security-compliance-test.sh create mode 100755 tests/integration/03-architecture-validation-test.sh create mode 100755 tests/integration/99-final-integration-test.sh diff --git a/tests/integration/01-cross-lab-test.sh b/tests/integration/01-cross-lab-test.sh new file mode 100755 index 0000000..cb722f1 --- /dev/null +++ b/tests/integration/01-cross-lab-test.sh @@ -0,0 +1,167 @@ +#!/bin/bash +# Integration Test 01: Cross-Lab Functionality +# Verifica che tutti i lab lavorino insieme correttamente + +set -euo pipefail + +# Colori +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +pass_count=0 +fail_count=0 +skip_count=0 + +inc_pass() { ((pass_count++)) || true; } +inc_fail() { ((fail_count++)) || true; } +inc_skip() { ((skip_count++)) || true; } + +echo "==========================================" +echo "Integration Test 01: Cross-Lab Functionality" +echo "==========================================" +echo "" + +# Verifica che tutti i lab esistano +echo "[TEST] Verifica esistenza lab directories..." +labs=("lab-01-iam" "lab-02-network" "lab-03-compute" "lab-04-storage" "lab-05-database") +for lab in "${labs[@]}"; do + if [ -d "labs/$lab" ]; then + echo -e " ${GREEN}✓${NC} $lab" + inc_pass + else + echo -e " ${RED}✗${NC} $lab NON TROVATO" + inc_fail + fi +done +echo "" + +# Verifica docker-compose.yml per ogni lab +echo "[TEST] Verifica docker-compose.yml per ogni lab..." +for lab in "${labs[@]}"; do + compose_file="labs/$lab/docker-compose.yml" + if [ -f "$compose_file" ]; then + echo -e " ${GREEN}✓${NC} $lab/docker-compose.yml" + inc_pass + else + echo -e " ${YELLOW}⊘${NC} $lab/docker-compose.yml (opzionale)" + inc_skip + fi +done +echo "" + +# Verifica che i test esistano per ogni lab +echo "[TEST] Verifica test scripts per ogni lab..." +for lab in "${labs[@]}"; do + test_dir="labs/$lab/tests" + if [ -d "$test_dir" ]; then + test_count=$(ls "$test_dir"/*.sh 2>/dev/null | wc -l) + if [ $test_count -gt 0 ]; then + echo -e " ${GREEN}✓${NC} $lab/tests ($test_count scripts)" + inc_pass + else + echo -e " ${YELLOW}⊘${NC} $lab/tests (vuoto)" + inc_skip + fi + else + echo -e " ${RED}✗${NC} $lab/tests NON TROVATO" + inc_fail + fi +done +echo "" + +# Verifica documentazione per ogni lab +echo "[TEST] Verifica documentazione Diátaxis per ogni lab..." +for lab in "${labs[@]}"; do + doc_types=("tutorial" "how-to-guides" "reference" "explanation") + all_docs=true + for doc_type in "${doc_types[@]}"; do + if [ ! -d "labs/$lab/$doc_type" ]; then + all_docs=false + break + fi + done + + if $all_docs; then + echo -e " ${GREEN}✓${NC} $lab (Diátaxis completo)" + inc_pass + else + echo -e " ${YELLOW}⊘${NC} $lab (documentazione parziale)" + inc_skip + fi +done +echo "" + +# Test deploy multi-tier (usando Lab 05 come reference) +echo "[TEST] Verifica architettura multi-tier..." +if [ -f "labs/lab-05-database/docker-compose.yml" ]; then + cd labs/lab-05-database + + # Verifica servizi multi-tier + if grep -q "app:" docker-compose.yml && grep -q "db:" docker-compose.yml; then + echo -e " ${GREEN}✓${NC} Architettura multi-tier configurata (app → db)" + inc_pass + + # Verifica app può connettersi al database + if docker ps --format '{{{{Names}}}}' | grep -q "lab05-app" && \ + docker ps --format '{{{{Names}}}}' | grep -q "lab05-db"; then + + echo -n " [TEST] Verifica connessione app → database... " + if docker exec lab05-app psql -h db -U lab05_user -d lab05_db -c "SELECT 1;" &>/dev/null; then + echo -e "${GREEN}PASS${NC}" + inc_pass + else + echo -e "${YELLOW}SKIP${NC} (database non pronto)" + inc_skip + fi + else + echo -e " ${YELLOW}⊘${NC} Container non in esecuzione" + inc_skip + fi + else + echo -e " ${RED}✗${NC} Architettura multi-tier NON configurata" + inc_fail + fi + + cd - > /dev/null +else + echo -e " ${YELLOW}⊘${NC} Lab 05 non trovato" + inc_skip +fi +echo "" + +# Verifica integrità volumi (Lab 04 e 05) +echo "[TEST] Verifica integrità volumi (Lab 04 + 05)..." +volume_count=$(docker volume ls --format '{{{{.Name}}}}' | grep -E "lab04|minio|lab05|db-data" | wc -l) +if [ $volume_count -gt 0 ]; then + echo -e " ${GREEN}✓${NC} Trovati $volume_count volumi persistenti" + inc_pass +else + echo -e " ${YELLOW}⊘${NC} Nessun volume trovato (lab non avviati)" + inc_skip +fi +echo "" + +# Verifica reti isolate (Lab 02 e 05) +echo "[TEST] Verifica reti private isolate..." +private_networks=$(docker network ls --format '{{{{.Name}}}}' | grep -E "private|vpc-private" | wc -l) +if [ $private_networks -gt 0 ]; then + echo -e " ${GREEN}✓${NC} Trovate $private_networks reti private" + inc_pass +else + echo -e " ${YELLOW}⊘${NC} Nessuna rete privata trovata" + inc_skip +fi +echo "" + +echo "==========================================" +echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP" +echo "==========================================" + +if [ $fail_count -gt 0 ]; then + exit 1 +fi + +exit 0 diff --git a/tests/integration/02-security-compliance-test.sh b/tests/integration/02-security-compliance-test.sh new file mode 100755 index 0000000..169300f --- /dev/null +++ b/tests/integration/02-security-compliance-test.sh @@ -0,0 +1,201 @@ +#!/bin/bash +# Integration Test 02: Security Compliance +# Verifica INF-01, INF-02, INF-03, INF-04 su TUTTI i lab + +set -euo pipefail + +# Colori +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +pass_count=0 +fail_count=0 +skip_count=0 + +inc_pass() { ((pass_count++)) || true; } +inc_fail() { ((fail_count++)) || true; } +inc_skip() { ((skip_count++)) || true; } + +echo "==========================================" +echo "Integration Test 02: Security Compliance" +echo "==========================================" +echo "" + +# Array di tutti i lab con docker-compose +labs_with_compose=("lab-03-compute" "lab-04-storage" "lab-05-database") + +echo "=== INF-01: Nessun container gira come root ===" +echo "" + +for lab in "${labs_with_compose[@]}"; do + compose_file="labs/$lab/docker-compose.yml" + if [ ! -f "$compose_file" ]; then + continue + fi + + echo -n "[TEST] $lab - non-root containers... " + + # Verifica che non ci sia 'user: root' o simili + if grep -q "user: root" "$compose_file"; then + echo -e "${RED}FAIL${NC} (user: root trovato)" + inc_fail + # PostgreSQL official image non gira come root + elif grep -q "image: postgres" "$compose_file"; then + echo -e "${GREEN}PASS${NC} (PostgreSQL non gira come root)" + inc_pass + # Alpine images default to root, ma i nostri Dockerfile creano utenti + elif grep -q "adduser\|addgroup" "$compose_file" 2>/dev/null || \ + [ -f "labs/$lab/Dockerfile" ] && grep -q "adduser\|addgroup" "labs/$lab/Dockerfile"; then + echo -e "${GREEN}PASS${NC} (utente non-root configurato)" + inc_pass + else + echo -e "${YELLOW}WARN${NC} (impossibile verificare automaticamente)" + inc_skip + fi +done + +echo "" +echo "=== INF-02: Reti private non espongono porte sull'host ===" +echo "" + +labs_with_private=("lab-02-network" "lab-05-database") + +for lab in "${labs_with_private[@]}"; do + compose_file="labs/$lab/docker-compose.yml" + if [ ! -f "$compose_file" ]; then + continue + fi + + echo -n "[TEST] $lab - private network ports... " + + # Cerca database o servizi in rete privata + if grep -A 20 "db:" "$compose_file" | grep -q "ports:"; then + # Se ci sono porte, verifica che siano 127.0.0.1 + if grep -A 20 "db:" "$compose_file" | grep -A 5 "ports:" | grep -q "127.0.0.1"; then + echo -e "${YELLOW}WARN${NC} (porta su 127.0.0.1 - RDS non expone porte)" + inc_skip + else + echo -e "${RED}FAIL${NC} (porta esposta su host)" + inc_fail + fi + else + echo -e "${GREEN}PASS${NC} (nessuna porta esposta)" + inc_pass + fi +done + +echo "" +echo "=== INF-03: Tutti i container hanno limiti risorse ===" +echo "" + +for lab in "${labs_with_compose[@]}"; do + compose_file="labs/$lab/docker-compose.yml" + if [ ! -f "$compose_file" ]; then + continue + fi + + echo -n "[TEST] $lab - resource limits... " + + # Verifica deploy.resources per ogni servizio + services=$(grep "^ [a-z]*:" "$compose_file" | grep -v "^ #" | sed 's/://g' | grep -v "^networks\|^volumes") + all_limited=true + + for service in $services; do + if grep -A 30 "^ $service:" "$compose_file" | grep -q "deploy:"; then + if grep -A 30 "^ $service:" "$compose_file" | grep -A 10 "deploy:" | grep -q "cpus:" && \ + grep -A 30 "^ $service:" "$compose_file" | grep -A 10 "deploy:" | grep -q "memory:"; then + : # service has limits + else + all_limited=false + break + fi + else + all_limited=false + break + fi + done + + if $all_limited; then + echo -e "${GREEN}PASS${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC} (alcuni servizi senza limiti)" + inc_fail + fi +done + +echo "" +echo "=== INF-04: Dati persistenti in volumi nominativi ===" +echo "" + +labs_with_volumes=("lab-04-storage" "lab-05-database") + +for lab in "${labs_with_volumes[@]}"; do + compose_file="labs/$lab/docker-compose.yml" + if [ ! -f "$compose_file" ]; then + continue + fi + + echo -n "[TEST] $lab - named volumes... " + + # Verifica sezioni volumes definita + if grep -q "^volumes:" "$compose_file"; then + # Verifica che i volumi usino driver local + if grep -A 10 "^volumes:" "$compose_file" | grep -q "driver: local"; then + echo -e "${GREEN}PASS${NC}" + inc_pass + else + echo -e "${YELLOW}WARN${NC} (volumi definiti ma driver non verificato)" + inc_skip + fi + else + echo -e "${RED}FAIL${NC} (nessun volume definito)" + inc_fail + fi +done + +echo "" +echo "=== Verifica Container in Esecuzione ===" +echo "" + +running_containers=$(docker ps --format '{{{{Names}}}}' | grep -E "lab0[1-5]" | wc -l) +echo -n "[TEST] Container in esecuzione... " +if [ $running_containers -gt 0 ]; then + echo -e "${GREEN}PASS${NC} ($running_containers container)" + inc_pass + + # Verifica non-root per container in esecuzione + echo "" + echo "[TEST] Verifica non-root per container in esecuzione..." + for container in $(docker ps --format '{{{{Names}}}}' | grep -E "lab0[1-5]"); do + container_user=$(docker exec $container whoami 2>/dev/null || echo "unknown") + echo -n " $container: utente=$container_user... " + if [ "$container_user" != "root" ]; then + echo -e "${GREEN}OK${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + fi + done +else + echo -e "${YELLOW}SKIP${NC} (nessun container in esecuzione)" + inc_skip +fi + +echo "" +echo "==========================================" +echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP" +echo "==========================================" + +if [ $fail_count -gt 0 ]; then + echo "" + echo -e "${RED}✗ SECURITY COMPLIANCE FAIL${NC}" + echo "Risolvere le violazioni INF prima di procedere" + exit 1 +fi + +exit 0 diff --git a/tests/integration/03-architecture-validation-test.sh b/tests/integration/03-architecture-validation-test.sh new file mode 100755 index 0000000..bb5b190 --- /dev/null +++ b/tests/integration/03-architecture-validation-test.sh @@ -0,0 +1,191 @@ +#!/bin/bash +# Integration Test 03: Architecture Validation +# Verifica architettura multi-tier corretta + +set -euo pipefail + +# Colori +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' + +pass_count=0 +fail_count=0 +skip_count=0 + +inc_pass() { ((pass_count++)) || true; } +inc_fail() { ((fail_count++)) || true; } +inc_skip() { ((skip_count++)) || true; } + +echo "==========================================" +echo "Integration Test 03: Architecture Validation" +echo "==========================================" +echo "" + +# Verifica architettura Lab 05 (multi-tier completa) +echo "[TEST] Verifica architettura Lab 05 (multi-tier)..." + +if [ -f "labs/lab-05-database/docker-compose.yml" ]; then + cd labs/lab-05-database + + # Verifica presenza servizi key + echo -n " Servizio 'app' presente... " + if grep -q "^ app:" docker-compose.yml; then + echo -e "${GREEN}PASS${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + fi + + echo -n " Servizio 'db' presente... " + if grep -q "^ db:" docker-compose.yml; then + echo -e "${GREEN}PASS${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + fi + + # Verifica networking corretto + echo "" + echo "[TEST] Verifica networking multi-tier..." + + echo -n " App in multi-home (public + private)... " + if grep -A 15 "^ app:" docker-compose.yml | grep -q "vpc-public" && \ + grep -A 15 "^ app:" docker-compose.yml | grep -q "vpc-private"; then + echo -e "${GREEN}PASS${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + fi + + echo -n " Database solo in private network... " + if grep -A 15 "^ db:" docker-compose.yml | grep -q "vpc-private" && \ + ! grep -A 15 "^ db:" docker-compose.yml | grep -q "vpc-public"; then + echo -e "${GREEN}PASS${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + fi + + # Verifica dipendenze + echo "" + echo "[TEST] Verifica dipendenze servizi..." + + echo -n " App depends on db... " + if grep -A 20 "^ app:" docker-compose.yml | grep -q "depends_on:" && \ + grep -A 25 "^ app:" docker-compose.yml | grep -A 5 "depends_on:" | grep -q "db:"; then + echo -e "${GREEN}PASS${NC}" + inc_pass + else + echo -e "${YELLOW}WARN${NC} (nessuna dipendenza configurata)" + inc_skip + fi + + # Verifica resource allocation per tier + echo "" + echo "[TEST] Verifica allocazione risorse per tier..." + + echo -n " Database ha più risorse di app... " + app_mem=$(grep -A 30 "^ app:" docker-compose.yml | grep "memory:" | sed 's/.*memory: //' | sed 's/[^0-9MG]//g') + db_mem=$(grep -A 30 "^ db:" docker-compose.yml | grep "memory:" | sed 's/.*memory: //' | sed 's/[^0-9MG]//g') + + if [ -n "$app_mem" ] && [ -n "$db_mem" ]; then + # Confronta (semplificato - assumes G) + if [ "${db_mem%G}" -ge "${app_mem%G}" ]; then + echo -e "${GREEN}PASS${NC} (app: ${app_mem}, db: ${db_mem})" + inc_pass + else + echo -e "${RED}FAIL${NC} (db dovrebbe avere più risorse)" + inc_fail + fi + else + echo -e "${YELLOW}SKIP${NC} (impossibile confrontare)" + inc_skip + fi + + cd - > /dev/null +else + echo -e "${YELLOW}SKIP${NC} (Lab 05 non trovato)" + inc_skip +fi + +echo "" +echo "=== Verifica segregazione rete ===" + +# Verifica che reti private siano isolate +private_networks=$(docker network ls --format '{{{{.Name}}}}' | grep "private" | grep -v "bridge" || true) + +if [ -n "$private_networks" ]; then + echo -n "[TEST] Reti private hanno flag internal... " + internal_count=0 + for network in $private_networks; do + if docker network inspect "$network" --format '{{.Internal}}' | grep -q "true"; then + ((internal_count++)) || true + fi + done + + if [ $internal_count -gt 0 ]; then + echo -e "${GREEN}PASS${NC} ($internal_count/$( + echo "$private_networks" | wc -w + ) reti isolate)" + inc_pass + else + echo -e "${YELLOW}WARN${NC} (nessuna rete isolata)" + inc_skip + fi +else + echo -e "${YELLOW}SKIP${NC} (nessuna rete privata trovata)" + inc_skip +fi + +echo "" +echo "=== Verifica data flow ===" + +# Verifica che i dati possano fluire attraverso i tier +if docker ps --format '{{{{Names}}}}' | grep -q "lab05-app" && \ + docker ps --format '{{{{Names}}}}' | grep -q "lab05-db"; then + + echo "[TEST] Verifica flusso dati app → db..." + + echo -n " App può scrivere nel database... " + if docker exec lab05-app psql -h db -U lab05_user -d lab05_db -c " + CREATE TABLE IF NOT EXISTS flow_test (id SERIAL, data TEXT); + INSERT INTO flow_test (data) VALUES ('test'); + " &>/dev/null; then + echo -e "${GREEN}PASS${NC}" + inc_pass + + echo -n " App può leggere dal database... " + if docker exec lab05-app psql -h db -U lab05_user -d lab05_db -t -c " + SELECT COUNT(*) FROM flow_test; + " &>/dev/null | grep -q "[1-9]"; then + echo -e "${GREEN}PASS${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + fi + else + echo -e "${RED}FAIL${NC}" + inc_fail + fi +else + echo -e "${YELLOW}SKIP${NC} (container non in esecuzione)" + inc_skip +fi + +echo "" +echo "==========================================" +echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP" +echo "==========================================" + +if [ $fail_count -gt 0 ]; then + exit 1 +fi + +exit 0 diff --git a/tests/integration/99-final-integration-test.sh b/tests/integration/99-final-integration-test.sh new file mode 100755 index 0000000..da77554 --- /dev/null +++ b/tests/integration/99-final-integration-test.sh @@ -0,0 +1,280 @@ +#!/bin/bash +# Integration Test 99: Final Integration Validation +# Verifica finale end-to-end di tutta l'architettura + +set -euo pipefail + +# Colori +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +pass_count=0 +fail_count=0 +skip_count=0 + +inc_pass() { ((pass_count++)) || true; } +inc_fail() { ((fail_count++)) || true; } +inc_skip() { ((skip_count++)) || true; } + +echo "==========================================" +echo "Final Integration Validation" +echo "Verifica completa: Laboratori Cloud" +echo "==========================================" +echo "" + +echo "Questo test verifica che TUTTI i lab siano:" +echo " ✓ Completati e funzionanti" +echo " ✓ Conformi ai requisiti INF-01/02/03/04" +echo " ✓ Integrati in architettura coerente" +echo "" + +# Verifica struttura lab +echo "=== VERIFICA STRUTTURA LAB ===" + +labs=("lab-01-iam" "lab-02-network" "lab-03-compute" "lab-04-storage" "lab-05-database") + +for lab in "${labs[@]}"; do + echo -n "[CHECK] $lab esiste... " + if [ -d "labs/$lab" ]; then + echo -e "${GREEN}OK${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + fi + + # Verifica docker-compose + echo -n "[CHECK] $lab/docker-compose.yml... " + if [ -f "labs/$lab/docker-compose.yml" ]; then + echo -e "${GREEN}OK${NC}" + inc_pass + else + echo -e "${YELLOW}WARN${NC}" + inc_skip + fi + + # Verifica test + echo -n "[CHECK] $lab/tests/... " + if [ -d "labs/$lab/tests" ] && [ "$(ls labs/$lab/tests/*.sh 2>/dev/null | wc -l)" -gt 0 ]; then + echo -e "${GREEN}OK${NC}" + inc_pass + else + echo -e "${YELLOW}WARN${NC}" + inc_skip + fi + + # Verifica documentazione + echo -n "[CHECK] $lab documentazione Diátaxis... " + doc_ok=true + for doc_type in tutorial how-to-guides reference explanation; do + if [ ! -d "labs/$lab/$doc_type" ]; then + doc_ok=false + break + fi + done + + if $doc_ok; then + echo -e "${GREEN}OK${NC}" + inc_pass + else + echo -e "${YELLOW}WARN${NC}" + inc_skip + fi +done + +echo "" +echo "=== VERIFICA INF REQUISITS ===" + +echo "" +echo "INF-01: Nessun container gira come root" +echo "---------------------------------------" + +labs_with_containers=("lab-03-compute" "lab-04-storage" "lab-05-database") +inf01_pass=true + +for lab in "${labs_with_containers[@]}"; do + compose_file="labs/$lab/docker-compose.yml" + if [ ! -f "$compose_file" ]; then + continue + fi + + echo -n "[CHECK] $lab... " + + # Verifica image ufficiali che non girano come root + if grep -q "image: postgres" "$compose_file"; then + echo -e "${GREEN}OK${NC} (PostgreSQL non gira come root)" + inc_pass + elif grep -q "user:" "$compose_file" && ! grep -q "user: root" "$compose_file"; then + echo -e "${GREEN}OK${NC} (utente configurato)" + inc_pass + else + echo -e "${YELLOW}WARN${NC} (impossibile verificare automaticamente)" + inc_skip + inf01_pass=false + fi +done + +echo "" +echo "INF-02: Reti private non espongono porte" +echo "---------------------------------------" + +labs_private=("lab-02-network" "lab-05-database") +inf02_pass=true + +for lab in "${labs_private[@]}"; do + compose_file="labs/$lab/docker-compose.yml" + if [ ! -f "$compose_file" ]; then + continue + fi + + echo -n "[CHECK] $lab... " + + if grep -A 20 "db:" "$compose_file" | grep -q "ports:"; then + if grep -A 20 "db:" "$compose_file" | grep -A 5 "ports:" | grep -q "127.0.0.1"; then + echo -e "${YELLOW}WARN${NC} (127.0.0.1 - RDS non expone porte)" + inc_skip + else + echo -e "${RED}FAIL${NC}" + inc_fail + inf02_pass=false + fi + else + echo -e "${GREEN}OK${NC}" + inc_pass + fi +done + +echo "" +echo "INF-03: Tutti i container hanno limiti risorse" +echo "----------------------------------------------" + +inf03_pass=true + +for lab in "${labs_with_containers[@]}"; do + compose_file="labs/$lab/docker-compose.yml" + if [ ! -f "$compose_file" ]; then + continue + fi + + echo -n "[CHECK] $lab... " + + # Verifica che ci siano deploy.resources + if grep -q "deploy:" "$compose_file" && \ + grep -A 100 "deploy:" "$compose_file" | grep -q "cpus:" && \ + grep -A 100 "deploy:" "$compose_file" | grep -q "memory:"; then + echo -e "${GREEN}OK${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + inf03_pass=false + fi +done + +echo "" +echo "INF-04: Dati persistenti in volumi nominativi" +echo "---------------------------------------------" + +labs_volumes=("lab-04-storage" "lab-05-database") +inf04_pass=true + +for lab in "${labs_volumes[@]}"; do + compose_file="labs/$lab/docker-compose.yml" + if [ ! -f "$compose_file" ]; then + continue + fi + + echo -n "[CHECK] $lab... " + + if grep -q "^volumes:" "$compose_file" && \ + grep -q "driver: local" "$compose_file"; then + echo -e "${GREEN}OK${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + inf04_pass=false + fi +done + +echo "" +echo "=== VERIFICA INTEGRAZIONE ===" + +# Verifica che Lab 05 rappresenti l'integrazione completa +if [ -f "labs/lab-05-database/docker-compose.yml" ]; then + echo "[CHECK] Verifica architettura Lab 05..." + + cd labs/lab-05-database + + echo -n " Multi-tier configurata... " + if grep -q "^ app:" docker-compose.yml && grep -q "^ db:" docker-compose.yml; then + echo -e "${GREEN}OK${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + fi + + echo -n " Networking corretto... " + if grep -A 15 "^ app:" docker-compose.yml | grep -q "vpc-public" && \ + grep -A 15 "^ app:" docker-compose.yml | grep -q "vpc-private" && \ + grep -A 15 "^ db:" docker-compose.yml | grep -q "vpc-private"; then + echo -e "${GREEN}OK${NC}" + inc_pass + else + echo -e "${RED}FAIL${NC}" + inc_fail + fi + + cd - > /dev/null +fi + +echo "" +echo "==========================================" +echo "RISULTATO FINALE INTEGRAZIONE" +echo "==========================================" +echo "Test PASS: $pass_count" +echo "Test FAIL: $fail_count" +echo "Test SKIP: $skip_count" +echo "==========================================" + +# Verifica globale INF compliance +echo "" +echo "INF Compliance Summary:" +echo " INF-01 (Non-root): $([ "$inf01_pass" = true ] && echo "✓ PASS" || echo "⊘ UNKNOWN")" +echo " INF-02 (No host ports): $([ "$inf02_pass" = true ] && echo "✓ PASS" || echo "✗ FAIL")" +echo " INF-03 (Resource limits): $([ "$inf03_pass" = true ] && echo "✓ PASS" || echo "✗ FAIL")" +echo " INF-04 (Named volumes): $([ "$inf04_pass" = true ] && echo "✓ PASS" || echo "✗ FAIL")" + +echo "" + +if [ $fail_count -eq 0 ]; then + echo -e "${GREEN}==========================================${NC}" + echo -e "${GREEN}✓ INTEGRAZIONE COMPLETATA CON SUCCESSO${NC}" + echo -e "${GREEN}==========================================${NC}" + echo "" + echo "Tutti i lab sono:" + echo " ✓ Completati" + echo " ✓ Documentati" + echo " ✓ Testati" + echo " ✓ Integrati" + echo "" + echo "Parallelismi con AWS Cloud:" + echo " Lab 01 (IAM) → AWS IAM" + echo " Lab 02 (Network) → VPC/Subnets" + echo " Lab 03 (Compute) → EC2" + echo " Lab 04 (Storage) → S3/EBS" + echo " Lab 05 (Database) → RDS" + echo "" + exit 0 +else + echo -e "${RED}==========================================${NC}" + echo -e "${RED}✗ INTEGRAZIONE CON ERRORI${NC}" + echo -e "${RED}==========================================${NC}" + echo "" + echo "Risolvere i problemi e ripetere" + exit 1 +fi