#!/bin/sh
# PCP QA Test No. 1875
# Exercise pmseries & pmproxy with key server authentication
#
# Copyright (c) 2021 Red Hat.  All Rights Reserved.
#

seq=`basename $0`
echo "QA output created by $seq"

# get standard environment, filters and checks
. ./common.product
. ./common.filter
. ./common.check
. ./common.keys

_check_series
key_server_version_major=`$key_server --version | sed -E 's/.*v=([0-9]).*/\1/g'`
[ $key_server_version_major -ge 6 ] || _notrun "Key server version too old (this test requires v6+)"

_cleanup()
{
    cd $here
    echo "_cleanup ..." >>$seq.full
    $PCP_PS_PROG $PCP_PS_ALL_FLAGS | grep "$key_server[ ]" >>$seq.full
    echo "pmproxy_pid=$pmproxy_pid key_server_pid=$key_server_pid" >>$seq.full
    [ -n "$pmproxy_pid" ] && $signal -s TERM $pmproxy_pid
    [ -n "$key_server_pid" ] && $signal -s TERM $key_server_pid
    $PCP_PS_PROG $PCP_PS_ALL_FLAGS | grep "$key_server[ ]" >>$seq.full
    $sudo rm -rf $tmp $tmp.*
}

status=0	# success is the default!
signal=$PCP_BINADM_DIR/pmsignal

username=`id -u -n`

$sudo rm -rf $tmp $tmp.* $seq.full
trap "_cleanup; exit \$status" 0 1 2 3 15


# real QA test starts here
echo "Start key server with password auth ..."
key_server_port=`_find_free_port`
$key_server --port $key_server_port --save "" --requirepass 'top$secret' > $tmp.keys 2>&1 &
key_server_pid=$!
pmsleep 0.125

echo
echo "=== password auth enabled, no password provided" | tee -a $seq.full
cat <<EOF > $tmp.conf
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq.full | grep -o "Cannot connect"

echo
echo "=== password auth enabled, wrong password provided" | tee -a $seq.full
cat <<EOF > $tmp.conf
[pmseries]
enabled = true
auth.password = topsecret
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq.full| grep -o "Cannot connect"

echo
echo "=== password auth enabled, correct password provided" | tee -a $seq.full
cat <<EOF > $tmp.conf
[pmseries]
enabled = true
auth.password = top\$secret
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq.full| grep -o "Cannot connect" || echo OK

echo
echo "=== password auth enabled, correct password provided (pmproxy)" | tee -a $seq.full
pmproxyport=`_find_free_port`
pmproxy -f -U $username -x $tmp.err -l $tmp.pmproxy.log -p $pmproxyport -r $key_server_port -t -c $tmp.conf &
pmproxy_pid=$!
# check pmproxy has started and is available for requests
pmcd_wait -h localhost@localhost:$pmproxyport -v -t 5sec
grep -o "Key server slots, schema version setup" $tmp.pmproxy.log
$signal -s TERM $pmproxy_pid


echo
echo "Stop key server with password auth ..."
$signal -s TERM $key_server_pid


echo "Start key server with ACL auth ..."
key_server_port=`_find_free_port`
$key_server --port $key_server_port --save "" --user alice on '>top$secret' '~*' '+@all' --user default off > $tmp.keys 2>&1 &
key_server_pid=$!
pmsleep 0.125

echo
echo "=== ACL auth enabled, no username/password provided" | tee -a $seq.full
cat <<EOF > $tmp.conf
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq.full | grep -o "Cannot connect"

echo
echo "=== ACL auth enabled, unknown username provided" | tee -a $seq.full
cat <<EOF > $tmp.conf
[pmseries]
enabled = true
auth.username = max
auth.password = topsecret
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq.full| grep -o "Cannot connect"

echo
echo "=== ACL auth enabled, correct username, wrong password provided" | tee -a $seq.full
cat <<EOF > $tmp.conf
[pmseries]
enabled = true
auth.username = alice
auth.password = topsecret
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq.full| grep -o "Cannot connect"

echo
echo "=== ACL auth enabled, correct username and password provided" | tee -a $seq.full
cat <<EOF > $tmp.conf
[pmseries]
enabled = true
auth.username = alice
auth.password = top\$secret
EOF
pmseries -p $key_server_port -c $tmp.conf disk.dev.read 2>&1 | tee -a $seq.full| grep -o "Cannot connect" || echo OK

echo
echo "=== ACL auth enabled, correct username and password provided (pmproxy)" | tee -a $seq.full
pmproxyport=`_find_free_port`
pmproxy -f -U $username -x $tmp.err -l $tmp.pmproxy.log -p $pmproxyport -r $key_server_port -t -c $tmp.conf &
pmproxy_pid=$!
# check pmproxy has started and is available for requests
pmcd_wait -h localhost@localhost:$pmproxyport -v -t 5sec
grep -o "Key server slots, schema version setup" $tmp.pmproxy.log


# success, all done
exit
