clan-core/pkgs/clan-cli/tests/sshd.py

import os
import shutil
import subprocess
import time
from pathlib import Path
from sys import platform
from tempfile import TemporaryDirectory
from typing import TYPE_CHECKING, Iterator

import pytest

if TYPE_CHECKING:
    from command import Command
    from ports import PortFunction


class Sshd:
    def __init__(self, port: int, proc: subprocess.Popen[str], key: str) -> None:
        self.port = port
        self.proc = proc
        self.key = key


class SshdConfig:
    def __init__(
        self, path: Path, login_shell: Path, key: str, preload_lib: Path
    ) -> None:
        self.path = path
        self.login_shell = login_shell
        self.key = key
        self.preload_lib = preload_lib


@pytest.fixture(scope="session")
def sshd_config(project_root: Path, test_root: Path) -> Iterator[SshdConfig]:
    # FIXME, if any parent of `project_root` is world-writable than sshd will refuse it.
    with TemporaryDirectory(dir=project_root) as _dir:
        dir = Path(_dir)
        host_key = dir / "host_ssh_host_ed25519_key"
        subprocess.run(
            [
                "ssh-keygen",
                "-t",
                "ed25519",
                "-f",
                host_key,
                "-N",
                "",
            ],
            check=True,
        )

        sshd_config = dir / "sshd_config"
        sshd_config.write_text(
            f"""
        HostKey {host_key}
        LogLevel DEBUG3
        # In the nix build sandbox we don't get any meaningful PATH after login
        MaxStartups 64:30:256
        AuthorizedKeysFile {host_key}.pub
        AcceptEnv REALPATH
        PasswordAuthentication no
        """
        )
        login_shell = dir / "shell"

        bash = shutil.which("bash")
        path = os.environ["PATH"]
        assert bash is not None

        login_shell.write_text(
            f"""#!{bash}
if [[ -f /etc/profile ]]; then
  source /etc/profile
fi
if [[ -n "$REALPATH" ]]; then
   export PATH="$REALPATH:${path}"
else
   export PATH="${path}"
fi
exec {bash} -l "${{@}}"
        """
        )
        login_shell.chmod(0o755)

        lib_path = None
        assert (
            platform == "linux"
        ), "we do not support the ld_preload trick on non-linux just now"

        # This enforces a login shell by overriding the login shell of `getpwnam(3)`
        lib_path = dir / "libgetpwnam-preload.so"
        subprocess.run(
            [
                os.environ.get("CC", "cc"),
                "-shared",
                "-o",
                lib_path,
                str(test_root / "getpwnam-preload.c"),
            ],
            check=True,
        )

        yield SshdConfig(sshd_config, login_shell, str(host_key), lib_path)


@pytest.fixture
def sshd(
    sshd_config: SshdConfig,
    command: "Command",
    unused_tcp_port: "PortFunction",
    monkeypatch: pytest.MonkeyPatch,
) -> Iterator[Sshd]:
    import subprocess

    port = unused_tcp_port()
    sshd = shutil.which("sshd")
    assert sshd is not None, "no sshd binary found"
    env = {}
    env = dict(
        LD_PRELOAD=str(sshd_config.preload_lib),
        LOGIN_SHELL=str(sshd_config.login_shell),
    )
    proc = command.run(
        [sshd, "-f", str(sshd_config.path), "-D", "-p", str(port)], extra_env=env
    )
    monkeypatch.delenv("SSH_AUTH_SOCK", raising=False)
    while True:
        print(sshd_config.path)
        if (
            subprocess.run(
                [
                    "ssh",
                    "-o",
                    "StrictHostKeyChecking=no",
                    "-o",
                    "UserKnownHostsFile=/dev/null",
                    "-i",
                    sshd_config.key,
                    "localhost",
                    "-p",
                    str(port),
                    "true",
                ],
            ).returncode
            == 0
        ):
            yield Sshd(port, proc, sshd_config.key)
            return
        else:
            rc = proc.poll()
            if rc is not None:
                raise Exception(f"sshd processes was terminated with {rc}")
            time.sleep(0.1)
add test for remote ssh commands 2023-08-09 14:38:08 +00:00			`import os`
			`import shutil`
			`import subprocess`
			`import time`
			`from pathlib import Path`
			`from sys import platform`
			`from tempfile import TemporaryDirectory`
clan-cli: add update command 2023-08-10 10:30:52 +00:00			`from typing import TYPE_CHECKING, Iterator`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00
			`import pytest`
clan-cli/sshd: fix pytest warnings 2023-08-10 13:35:38 +00:00
			`if TYPE_CHECKING:`
			`from command import Command`
tests: rewrite port allocation function 2023-08-27 07:34:36 +00:00			`from ports import PortFunction`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00

			`class Sshd:`
			`def __init__(self, port: int, proc: subprocess.Popen[str], key: str) -> None:`
			`self.port = port`
			`self.proc = proc`
			`self.key = key`


			`class SshdConfig:`
clan-cli: add update command 2023-08-10 10:30:52 +00:00			`def __init__(`
			`self, path: Path, login_shell: Path, key: str, preload_lib: Path`
			`) -> None:`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00			`self.path = path`
clan-cli: add update command 2023-08-10 10:30:52 +00:00			`self.login_shell = login_shell`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00			`self.key = key`
			`self.preload_lib = preload_lib`


			`@pytest.fixture(scope="session")`
			`def sshd_config(project_root: Path, test_root: Path) -> Iterator[SshdConfig]:`
			# FIXME, if any parent of `project_root` is world-writable than sshd will refuse it.
			`with TemporaryDirectory(dir=project_root) as _dir:`
			`dir = Path(_dir)`
			`host_key = dir / "host_ssh_host_ed25519_key"`
			`subprocess.run(`
			`[`
			`"ssh-keygen",`
			`"-t",`
			`"ed25519",`
			`"-f",`
			`host_key,`
			`"-N",`
			`"",`
			`],`
			`check=True,`
			`)`

			`sshd_config = dir / "sshd_config"`
			`sshd_config.write_text(`
			`f"""`
			`HostKey {host_key}`
			`LogLevel DEBUG3`
			`# In the nix build sandbox we don't get any meaningful PATH after login`
			`MaxStartups 64:30:256`
			`AuthorizedKeysFile {host_key}.pub`
clan-cli: add update command 2023-08-10 10:30:52 +00:00			`AcceptEnv REALPATH`
fix impure tests 2023-09-21 15:17:48 +00:00			`PasswordAuthentication no`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00			`"""`
			`)`
clan-cli: add update command 2023-08-10 10:30:52 +00:00			`login_shell = dir / "shell"`

			`bash = shutil.which("bash")`
			`path = os.environ["PATH"]`
			`assert bash is not None`

			`login_shell.write_text(`
			`f"""#!{bash}`
			`if [[ -f /etc/profile ]]; then`
			`source /etc/profile`
			`fi`
			`if [[ -n "$REALPATH" ]]; then`
			`export PATH="$REALPATH:${path}"`
			`else`
			`export PATH="${path}"`
			`fi`
			`exec {bash} -l "${{@}}"`
			`"""`
			`)`
			`login_shell.chmod(0o755)`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00
			`lib_path = None`
clan-cli: add update command 2023-08-10 10:30:52 +00:00			`assert (`
			`platform == "linux"`
			`), "we do not support the ld_preload trick on non-linux just now"`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00
clan-cli: add update command 2023-08-10 10:30:52 +00:00			# This enforces a login shell by overriding the login shell of `getpwnam(3)`
			`lib_path = dir / "libgetpwnam-preload.so"`
			`subprocess.run(`
			`[`
			`os.environ.get("CC", "cc"),`
			`"-shared",`
			`"-o",`
			`lib_path,`
			`str(test_root / "getpwnam-preload.c"),`
			`],`
			`check=True,`
			`)`

			`yield SshdConfig(sshd_config, login_shell, str(host_key), lib_path)`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00

			`@pytest.fixture`
tests: rewrite port allocation function 2023-08-27 07:34:36 +00:00			`def sshd(`
impure-tests: migrate bash to pytest and fix stuff 2023-09-22 16:32:09 +00:00			`sshd_config: SshdConfig,`
			`command: "Command",`
			`unused_tcp_port: "PortFunction",`
			`monkeypatch: pytest.MonkeyPatch,`
tests: rewrite port allocation function 2023-08-27 07:34:36 +00:00			`) -> Iterator[Sshd]:`
			`import subprocess`

			`port = unused_tcp_port()`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00			`sshd = shutil.which("sshd")`
			`assert sshd is not None, "no sshd binary found"`
			`env = {}`
clan-cli: add update command 2023-08-10 10:30:52 +00:00			`env = dict(`
			`LD_PRELOAD=str(sshd_config.preload_lib),`
			`LOGIN_SHELL=str(sshd_config.login_shell),`
			`)`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00			`proc = command.run(`
clan-cli: add update command 2023-08-10 10:30:52 +00:00			`[sshd, "-f", str(sshd_config.path), "-D", "-p", str(port)], extra_env=env`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00			`)`
impure-tests: migrate bash to pytest and fix stuff 2023-09-22 16:32:09 +00:00			`monkeypatch.delenv("SSH_AUTH_SOCK", raising=False)`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00			`while True:`
fix impure tests 2023-09-21 15:17:48 +00:00			`print(sshd_config.path)`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00			`if (`
			`subprocess.run(`
			`[`
			`"ssh",`
			`"-o",`
			`"StrictHostKeyChecking=no",`
			`"-o",`
			`"UserKnownHostsFile=/dev/null",`
			`"-i",`
			`sshd_config.key,`
			`"localhost",`
			`"-p",`
			`str(port),`
			`"true",`
fix impure tests 2023-09-21 15:17:48 +00:00			`],`
add test for remote ssh commands 2023-08-09 14:38:08 +00:00			`).returncode`
			`== 0`
			`):`
			`yield Sshd(port, proc, sshd_config.key)`
			`return`
			`else:`
			`rc = proc.poll()`
			`if rc is not None:`
			`raise Exception(f"sshd processes was terminated with {rc}")`
			`time.sleep(0.1)`