mirror of
https://github.com/tomav/docker-mailserver.git
synced 2024-07-07 08:31:20 +02:00
88767f7cc8
* tests(refactor): Make test cases for opendkim keysizes DRY - These all do roughly the same logic that can be split into two separate methods. - `_should_generate_dkim_key()` covers a bit more logic as it can be leveraged to handle other test cases that also perform the same logic. - The `config/opendkim/` doesn't seem necessary for tests. Only the first few test cases here are testing against it, so we can conditionally make that available. `process_check_restart.bats` also depended on it to run OpenDKIM successfully, but this was due to the `setup-stack.sh` config defaults failing to find an "empty" file forcing `supervisord` to constantly restart the process.. - With this, there we inverse the default opendkim config, so we don't have to mount unique / empty subfolders for each test case, followed by copying over the two extra configs. * tests(refactor): DRY up more test cases All the remaining test cases but the last one were refactored here for a clean commit diff. The last test case will be refactored in the following commit. Plenty of repeated logic spread across these test cases, now condensed into shared methods. * tests(refactor): Make final test case DRY * chore: Migrate to new testing helpers * chore: Revise test case descriptions * tests(refactor): Improve and simplify assertions * tests(refactor): Use common container setup instead of `docker run` - As the majority of test cases are only running `open-dkim` helper, we don't actually have to wait for a full container setup. So an alternative container start is called. - Also improves assertions a bit more instead of just counting lines. - Some test cases don't bind mount all of `/tmp/docker-mailserver` contents, thus don't raise permission errors on subsequent test runs. - Instead of `rm -f` on some config files, have opted to mount them read-only instead, or alternatively mount an anonymous empty volume instead. - Collapsed the first three test cases into one, thus no `setup_file()` necessary. - Shift the `_wait_for_finished_setup_in_container()` method into `_common_container_setup()` instead since nothing else is using `_common_container_start()` yet, this allows for avoiding the wait. * tests(refactor): Collapse dkim key size test cases into single test case This makes these tests a bit more DRY, and enhances the raised quality issue with these tests. Now not only is the domain checked in the generated DNS dkim record, but we also verify the key size is corrected in the public and private keys via openssl. * chore: Revise container names * chore: Swap order of test case 1 and 2 * tests(refactor): Assert generated log output - `__should_have_tables_trustedhosts_for_domain` shifted in each test case to just after generating the domains keys. - Asserts `open-dkim` logs instead of just counting them. - Added checks for domains that should not be present in a test case. - Additional coverage and notes about the alias from vhost `@localdomain.com` - Single assert statement with switch statement as all are using common args. * chore: Minor changes * tests(refactor): Share `find` logic in helpers and tests * tests(fix): Listing file content does not need to match line order The order printed from local system vs CI differed causing the CI to fail. The order of lines is irrelevant so `--index` is not required. Additionally correct the prefix of the called method to be only one `_` now that it's a `common.bash` helper method. * chore: Collapse custom DKIM selector test into custom DKIM domain test These cover the same test logic for the most part, the first domain could also be testing the custom selector. `special_use_folders.bats` + `mailbox_format_dbox` can assert lines instead, removing the need for `--partial`. * Apply suggestions from code review Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com> * chore: Split switch statement method into wrapper methods --------- Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
280 lines
10 KiB
Bash
280 lines
10 KiB
Bash
load "${REPOSITORY_ROOT}/test/helper/common"
|
|
load "${REPOSITORY_ROOT}/test/helper/setup"
|
|
|
|
BATS_TEST_NAME_PREFIX='[OpenDKIM] '
|
|
CONTAINER1_NAME='dms-test_opendkim_key-sizes'
|
|
CONTAINER2_NAME='dms-test_opendkim_with-config-volume'
|
|
CONTAINER3_NAME='dms-test_opendkim_without-config-volume'
|
|
CONTAINER4_NAME='dms-test_opendkim_without-accounts'
|
|
CONTAINER5_NAME='dms-test_opendkim_without-virtual'
|
|
CONTAINER6_NAME='dms-test_opendkim_with-args'
|
|
|
|
function teardown() { _default_teardown ; }
|
|
|
|
# TODO: Neither of these are too important, but might be worth covering:
|
|
# - May want to also add test cases for log: 'No entries found, no keys to make'
|
|
# - May want to also do a redundant 2nd run for matching no log output? (Bad UX?)
|
|
|
|
@test "should support creating keys of different sizes" {
|
|
export CONTAINER_NAME=${CONTAINER2_NAME}
|
|
|
|
__init_container_without_waiting
|
|
|
|
# The default size created should be 4096-bit:
|
|
__should_support_creating_key_of_size
|
|
# Explicit sizes:
|
|
__should_support_creating_key_of_size '4096'
|
|
__should_support_creating_key_of_size '2048'
|
|
__should_support_creating_key_of_size '1024'
|
|
}
|
|
|
|
# NOTE: This pre-generated opendkim config was before the alias `localdomain2.com`
|
|
# was present or supported by open-dkim? (when sourcing domains from generated vhost entries)
|
|
@test "providing config volume should setup /etc/opendkim" {
|
|
export CONTAINER_NAME=${CONTAINER1_NAME}
|
|
|
|
_init_with_defaults
|
|
mv "${TEST_TMP_CONFIG}/example-opendkim/" "${TEST_TMP_CONFIG}/opendkim/"
|
|
_common_container_setup
|
|
|
|
_run_in_container cat '/etc/opendkim/KeyTable'
|
|
assert_success
|
|
__assert_has_entry_in_keytable 'localhost.localdomain'
|
|
__assert_has_entry_in_keytable 'otherdomain.tld'
|
|
_should_output_number_of_lines 2
|
|
|
|
_should_have_content_in_directory '/etc/opendkim/keys/'
|
|
assert_output --partial 'localhost.localdomain'
|
|
assert_output --partial 'otherdomain.tld'
|
|
_should_output_number_of_lines 2
|
|
|
|
# /etc/opendkim.conf should contain nameservers copied from /etc/resolv.conf
|
|
_run_in_container grep -E \
|
|
'^Nameservers ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' \
|
|
/etc/opendkim.conf
|
|
assert_success
|
|
}
|
|
|
|
# No default config supplied to /tmp/docker-mailserver/opendkim
|
|
# Generating key should create keys and tables + TrustedHosts files:
|
|
@test "should create keys and config files (with defaults)" {
|
|
export CONTAINER_NAME=${CONTAINER3_NAME}
|
|
|
|
__init_container_without_waiting
|
|
|
|
__should_generate_dkim_key 6
|
|
__assert_outputs_common_dkim_logs
|
|
|
|
__should_have_tables_trustedhosts_for_domain
|
|
|
|
__should_have_key_for_domain 'localhost.localdomain'
|
|
__should_have_key_for_domain 'localdomain2.com'
|
|
__should_have_key_for_domain 'otherdomain.tld'
|
|
}
|
|
|
|
@test "should create keys and config files (without postfix-accounts.cf)" {
|
|
export CONTAINER_NAME=${CONTAINER4_NAME}
|
|
|
|
# Only mount single config file (postfix-virtual.cf):
|
|
__init_container_without_waiting "${PWD}/test/config/postfix-virtual.cf:/tmp/docker-mailserver/postfix-virtual.cf:ro"
|
|
|
|
__should_generate_dkim_key 5
|
|
__assert_outputs_common_dkim_logs
|
|
|
|
__should_have_tables_trustedhosts_for_domain
|
|
|
|
__should_have_key_for_domain 'localhost.localdomain'
|
|
__should_have_key_for_domain 'localdomain2.com'
|
|
# NOTE: This would only be present if supplying the default postfix-accounts.cf:
|
|
__should_not_have_key_for_domain 'otherdomain.tld'
|
|
}
|
|
|
|
@test "should create keys and config files (without postfix-virtual.cf)" {
|
|
export CONTAINER_NAME=${CONTAINER5_NAME}
|
|
|
|
# Only mount single config file (postfix-accounts.cf):
|
|
__init_container_without_waiting "${PWD}/test/config/postfix-accounts.cf:/tmp/docker-mailserver/postfix-accounts.cf:ro"
|
|
|
|
__should_generate_dkim_key 5
|
|
__assert_outputs_common_dkim_logs
|
|
|
|
__should_have_tables_trustedhosts_for_domain
|
|
|
|
__should_have_key_for_domain 'localhost.localdomain'
|
|
__should_have_key_for_domain 'otherdomain.tld'
|
|
# NOTE: This would only be present if supplying the default postfix-virtual.cf:
|
|
__should_not_have_key_for_domain 'localdomain2.com'
|
|
}
|
|
|
|
@test "should create keys and config files (with custom domains and selector)" {
|
|
export CONTAINER_NAME=${CONTAINER6_NAME}
|
|
|
|
# Create without config volume (creates an empty anonymous volume instead):
|
|
__init_container_without_waiting '/tmp/docker-mailserver'
|
|
|
|
# generate first key (with a custom selector)
|
|
__should_generate_dkim_key 4 '2048' 'domain1.tld' 'mailer'
|
|
__assert_outputs_common_dkim_logs
|
|
# generate two additional keys different to the previous one
|
|
__should_generate_dkim_key 2 '2048' 'domain2.tld,domain3.tld'
|
|
__assert_logged_dkim_creation 'domain2.tld'
|
|
__assert_logged_dkim_creation 'domain3.tld'
|
|
# generate an additional key whilst providing already existing domains
|
|
__should_generate_dkim_key 1 '2048' 'domain3.tld,domain4.tld'
|
|
__assert_logged_dkim_creation 'domain4.tld'
|
|
|
|
__should_have_tables_trustedhosts_for_domain
|
|
|
|
__should_have_key_for_domain 'domain1.tld' 'mailer'
|
|
__should_have_key_for_domain 'domain2.tld'
|
|
__should_have_key_for_domain 'domain3.tld'
|
|
__should_have_key_for_domain 'domain4.tld'
|
|
# This would be created by default (from vhost) if no domain was given to open-dkim:
|
|
__should_not_have_key_for_domain 'localhost.localdomain'
|
|
# Without the default account configs, neither of these should be present:
|
|
__should_not_have_key_for_domain 'otherdomain.tld'
|
|
__should_not_have_key_for_domain 'localdomain2.com'
|
|
|
|
_run_in_container cat "/tmp/docker-mailserver/opendkim/KeyTable"
|
|
__assert_has_entry_in_keytable 'domain1.tld' 'mailer'
|
|
__assert_has_entry_in_keytable 'domain2.tld'
|
|
__assert_has_entry_in_keytable 'domain3.tld'
|
|
__assert_has_entry_in_keytable 'domain4.tld'
|
|
_should_output_number_of_lines 4
|
|
|
|
_run_in_container cat "/tmp/docker-mailserver/opendkim/SigningTable"
|
|
__assert_has_entry_in_signingtable 'domain1.tld' 'mailer'
|
|
__assert_has_entry_in_signingtable 'domain2.tld'
|
|
__assert_has_entry_in_signingtable 'domain3.tld'
|
|
__assert_has_entry_in_signingtable 'domain4.tld'
|
|
_should_output_number_of_lines 4
|
|
}
|
|
|
|
function __init_container_without_waiting {
|
|
_init_with_defaults
|
|
# Override the default config volume:
|
|
[[ -n ${1} ]] && TEST_CONFIG_VOLUME="${1}"
|
|
_common_container_create
|
|
_common_container_start
|
|
}
|
|
|
|
function __assert_has_entry_in_keytable() {
|
|
local EXPECTED_DOMAIN=${1}
|
|
local EXPECTED_SELECTOR=${2:-mail}
|
|
|
|
# EXAMPLE: mail._domainkey.domain1.tld domain1.tld:mail:/etc/opendkim/keys/domain1.tld/mail.private
|
|
assert_output --partial "${EXPECTED_SELECTOR}._domainkey.${EXPECTED_DOMAIN} ${EXPECTED_DOMAIN}:${EXPECTED_SELECTOR}:/etc/opendkim/keys/${EXPECTED_DOMAIN}/${EXPECTED_SELECTOR}.private"
|
|
}
|
|
|
|
function __assert_has_entry_in_signingtable() {
|
|
local EXPECTED_DOMAIN=${1}
|
|
local EXPECTED_SELECTOR=${2:-mail}
|
|
|
|
# EXAMPLE: *@domain1.tld mail._domainkey.domain1.tld
|
|
assert_output --partial "*@${EXPECTED_DOMAIN} ${EXPECTED_SELECTOR}._domainkey.${EXPECTED_DOMAIN}"
|
|
}
|
|
|
|
function __assert_logged_dkim_creation() {
|
|
local EXPECTED_DOMAIN=${1}
|
|
local EXPECTED_SELECTOR=${2:-mail}
|
|
|
|
assert_output --partial "Creating DKIM private key '/tmp/docker-mailserver/opendkim/keys/${EXPECTED_DOMAIN}/${EXPECTED_SELECTOR}.private'"
|
|
}
|
|
|
|
function __assert_outputs_common_dkim_logs() {
|
|
refute_output --partial 'No entries found, no keys to make'
|
|
assert_output --partial 'Creating DKIM KeyTable'
|
|
assert_output --partial 'Creating DKIM SigningTable'
|
|
assert_output --partial 'Creating DKIM TrustedHosts'
|
|
}
|
|
|
|
function __should_support_creating_key_of_size() {
|
|
local EXPECTED_KEYSIZE=${1:-}
|
|
|
|
__should_generate_dkim_key 6 "${EXPECTED_KEYSIZE}"
|
|
__assert_outputs_common_dkim_logs
|
|
__assert_logged_dkim_creation 'localdomain2.com'
|
|
__assert_logged_dkim_creation 'localhost.localdomain'
|
|
__assert_logged_dkim_creation 'otherdomain.tld'
|
|
|
|
__should_have_expected_files "${EXPECTED_KEYSIZE:-4096}"
|
|
_run_in_container rm -r /tmp/docker-mailserver/opendkim
|
|
}
|
|
|
|
function __should_generate_dkim_key() {
|
|
local EXPECTED_LINES=${1}
|
|
local ARG_KEYSIZE=${2:-}
|
|
local ARG_DOMAINS=${3:-}
|
|
local ARG_SELECTOR=${4:-}
|
|
|
|
local DKIM_CMD='open-dkim'
|
|
[[ -n ${ARG_KEYSIZE} ]] && DKIM_CMD+=" keysize ${ARG_KEYSIZE}"
|
|
[[ -n ${ARG_DOMAINS} ]] && DKIM_CMD+=" domain '${ARG_DOMAINS}'"
|
|
[[ -n ${ARG_SELECTOR} ]] && DKIM_CMD+=" selector '${ARG_SELECTOR}'"
|
|
|
|
_run_in_container_bash "${DKIM_CMD}"
|
|
|
|
assert_success
|
|
_should_output_number_of_lines "${EXPECTED_LINES}"
|
|
}
|
|
|
|
function __should_have_expected_files() {
|
|
local EXPECTED_KEYSIZE=${1:?Keysize must be provided}
|
|
local DKIM_DOMAIN='localhost.localdomain'
|
|
local TARGET_DIR="/tmp/docker-mailserver/opendkim/keys/${DKIM_DOMAIN}"
|
|
|
|
# DKIM private key for signing, parse it to verify private key size is correct:
|
|
_run_in_container_bash "openssl rsa -in '${TARGET_DIR}/mail.private' -noout -text"
|
|
assert_success
|
|
assert_line --index 0 "RSA Private-Key: (${EXPECTED_KEYSIZE} bit, 2 primes)"
|
|
|
|
# DKIM record, extract public key (base64 encoded, potentially multi-line)
|
|
# - tail to exclude first line,
|
|
# - then sed to extract values within quoted lines, then remove `p=` from the start,
|
|
# - and finally echo to concatenate all lines into single string
|
|
# Next decode and parse it with openssl to verify public-key key size is correct:
|
|
_run_in_container_bash "echo \$( \
|
|
tail -n +2 '${TARGET_DIR}/mail.txt' \
|
|
| sed -nE -e 's/.*\"(.*)\".*/\1/p' \
|
|
| sed -e 's/^p=//' \
|
|
) | openssl enc -base64 -d | openssl pkey -inform DER -pubin -noout -text
|
|
"
|
|
assert_success
|
|
assert_line --index 0 "RSA Public-Key: (${EXPECTED_KEYSIZE} bit)"
|
|
|
|
# Contents is for expected DKIM_DOMAIN and selector (mail):
|
|
_run_in_container cat "${TARGET_DIR}/mail.txt"
|
|
assert_output --regexp "; ----- DKIM key mail for ${DKIM_DOMAIN}$"
|
|
}
|
|
|
|
function __should_have_key_for_domain() {
|
|
local KEY_DOMAIN=${1}
|
|
local KEY_SELECTOR=${2:-mail}
|
|
|
|
_should_have_content_in_directory "/tmp/docker-mailserver/opendkim/keys/${KEY_DOMAIN}"
|
|
|
|
assert_success
|
|
assert_line "${KEY_SELECTOR}.private"
|
|
assert_line "${KEY_SELECTOR}.txt"
|
|
_should_output_number_of_lines 2
|
|
}
|
|
|
|
function __should_not_have_key_for_domain() {
|
|
local KEY_DOMAIN=${1:?Domain must be provided}
|
|
local KEY_SELECTOR=${2:-mail}
|
|
local TARGET_DIR="/tmp/docker-mailserver/opendkim/keys/${KEY_DOMAIN}"
|
|
|
|
_run_in_container_bash "[[ -d ${TARGET_DIR} ]]"
|
|
assert_failure
|
|
}
|
|
|
|
function __should_have_tables_trustedhosts_for_domain() {
|
|
_should_have_content_in_directory '/tmp/docker-mailserver/opendkim'
|
|
|
|
assert_success
|
|
assert_line 'keys'
|
|
assert_line 'KeyTable'
|
|
assert_line 'SigningTable'
|
|
assert_line 'TrustedHosts'
|
|
}
|