load 'test_helper/common' export IMAGE_NAME CONTAINER_NAME TEST_FILE IMAGE_NAME="${NAME:?Image name must be set}" CONTAINER_NAME='open-dkim' TEST_FILE='OpenDKIM :: ' # WHY IS THIS CONTAINER EVEN CREATED WHEN MOST TESTS DO NOT USE IT? function setup_file { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . "${CONTAINER_NAME}")" docker run -d \ --name "${CONTAINER_NAME}" \ --cap-add=SYS_PTRACE \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -v "${PWD}/test/test-files":/tmp/docker-mailserver-test:ro \ -e DEFAULT_RELAY_HOST=default.relay.host.invalid:25 \ -e PERMIT_DOCKER=host \ -e DMS_DEBUG=0 \ -h mail.my-domain.com \ -t "${IMAGE_NAME}" wait_for_finished_setup_in_container "${CONTAINER_NAME}" } function teardown_file { docker rm -f "${CONTAINER_NAME}" } # ----------------------------------------------- # --- Actual Tests ------------------------------ # ----------------------------------------------- @test "${TEST_FILE}/etc/opendkim/KeyTable should contain 2 entries" { run docker exec "${CONTAINER_NAME}" /bin/bash -c "cat /etc/opendkim/KeyTable | wc -l" assert_success assert_output 2 } # TODO piping ls into grep ... @test "${TEST_FILE}/etc/opendkim/keys/ should contain 2 entries" { run docker exec "${CONTAINER_NAME}" /bin/bash -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l" assert_success assert_output 2 } @test "${TEST_FILE}/etc/opendkim.conf contains nameservers copied from /etc/resolv.conf" { run docker exec "${CONTAINER_NAME}" /bin/bash -c \ "grep -E '^Nameservers ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' \ /etc/opendkim.conf" assert_success } # this set of tests is of low quality. WHAT? <- DELETE AFTER REWRITE # It does not test the RSA-Key size properly via openssl or similar WHAT??? <- DELETE AFTER REWRITE # Instead it tests the file-size (here 861) - which may differ with a different domain names WWHHHHHHAAAT??? <- DELETE AFTER REWRITE # TODO Needs complete re-write @test "${TEST_FILE}generator creates default keys size" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)" # Prepare default key size 4096 rm -rf "${PRIVATE_CONFIG}/keyDefault" mkdir -p "${PRIVATE_CONFIG}/keyDefault" run docker run --rm \ -v "${PRIVATE_CONFIG}/keyDefault/":/tmp/docker-mailserver/ \ -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l' assert_success assert_output 6 run docker run --rm \ -v "${PRIVATE_CONFIG}/keyDefault/opendkim":/etc/opendkim \ "${IMAGE_NAME}" \ /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' assert_success assert_output 861 } # this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar <- DELETE AFTER REWRITE # Instead it tests the file-size (here 861) - which may differ with a different domain names <- DELETE AFTER REWRITE # TODO Needs complete re-write @test "${TEST_FILE}generator creates key size 4096" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)" rm -rf "${PRIVATE_CONFIG}/key4096" mkdir -p "${PRIVATE_CONFIG}/config/key4096" run docker run --rm \ -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \ -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 4096 | wc -l' assert_success assert_output 6 run docker run --rm \ -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \ "${IMAGE_NAME}" \ /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' assert_success assert_output 861 } # Instead it tests the file-size (here 511) - which may differ with a different domain names <- DELETE AFTER REWRITE # This test may be re-used as a global test to provide better test coverage. <- DELETE AFTER REWRITE # TODO Needs complete re-write @test "${TEST_FILE}generator creates key size 2048" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_2048)" rm -rf "${PRIVATE_CONFIG}/key2048" mkdir -p "${PRIVATE_CONFIG}/config/key2048" run docker run --rm \ -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \ -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 | wc -l' assert_success assert_output 6 run docker run --rm \ -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \ "${IMAGE_NAME}" \ /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' assert_success assert_output 511 } # this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar <- DELETE AFTER REWRITE # Instead it tests the file-size (here 329) - which may differ with a different domain names <- DELETE AFTER REWRITE # TODO Needs complete re-write @test "${TEST_FILE}generator creates key size 1024" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_1024)" rm -rf "${PRIVATE_CONFIG}/key1024" mkdir -p "${PRIVATE_CONFIG}/key1024" run docker run --rm \ -v "${PRIVATE_CONFIG}/key1024/":/tmp/docker-mailserver/ \ -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 1024 | wc -l' assert_success assert_output 6 run docker run --rm \ -v "${PRIVATE_CONFIG}/key1024/opendkim":/etc/opendkim \ "${IMAGE_NAME}" \ /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' assert_success assert_output 329 } @test "${TEST_FILE}generator creates keys, tables and TrustedHosts" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . mail_dkim_generator_creates_keys_tables_TrustedHosts)" rm -rf "${PRIVATE_CONFIG}/empty" mkdir -p "${PRIVATE_CONFIG}/empty" run docker run --rm \ -v "${PRIVATE_CONFIG}/empty/":/tmp/docker-mailserver/ \ -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l' assert_success assert_output 6 # check keys for localhost.localdomain run docker run --rm \ -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' assert_success assert_output 2 # check keys for otherdomain.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' assert_success assert_output 2 # check presence of tables and TrustedHosts run docker run --rm \ -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" assert_success assert_output 4 } @test "${TEST_FILE}generator creates keys, tables and TrustedHosts without postfix-accounts.cf" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . )" rm -rf "${PRIVATE_CONFIG}/without-accounts" mkdir -p "${PRIVATE_CONFIG}/without-accounts" run docker run --rm \ -v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \ -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l' assert_success assert_output 5 # check keys for localhost.localdomain run docker run --rm \ -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' assert_success assert_output 2 # check keys for otherdomain.tld # run docker run --rm \ # -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \ # "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' # assert_success # [ "${output}" -eq 0 ] # check presence of tables and TrustedHosts run docker run --rm \ -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" assert_success assert_output 4 } @test "${TEST_FILE}generator creates keys, tables and TrustedHosts without postfix-virtual.cf" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")" rm -rf "${PRIVATE_CONFIG}/without-virtual" mkdir -p "${PRIVATE_CONFIG}/without-virtual" run docker run --rm \ -v "${PRIVATE_CONFIG}/without-virtual/":/tmp/docker-mailserver/ \ -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l' assert_success assert_output 5 # check keys for localhost.localdomain run docker run --rm \ -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' assert_success assert_output 2 # check keys for otherdomain.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' assert_success assert_output 2 # check presence of tables and TrustedHosts run docker run --rm \ -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" assert_success assert_output 4 } @test "${TEST_FILE}generator creates keys, tables and TrustedHosts using manual provided domain name" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")" rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain" # generate first key run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain domain1.tld | wc -l' assert_success assert_output 4 # generate two additional keys different to the previous one run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain "domain2.tld,domain3.tld" | wc -l' assert_success assert_output 2 # generate an additional key whilst providing already existing domains run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain "domain3.tld,domain4.tld" | wc -l' assert_success assert_output 1 # check keys for domain1.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l' assert_success assert_output 2 # check keys for domain2.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l' assert_success assert_output 2 # check keys for domain3.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l' assert_success assert_output 2 # check keys for domain4.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l' assert_success assert_output 2 # check presence of tables and TrustedHosts run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l" assert_success assert_output 4 # check valid entries actually present in KeyTable run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c \ "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l" assert_success assert_output 4 # check valid entries actually present in SigningTable run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ "${IMAGE_NAME}" /bin/bash -c \ "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l" assert_success assert_output 4 } @test "${TEST_FILE}generator creates keys, tables and TrustedHosts using manual provided selector name" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")" rm -rf "${PRIVATE_CONFIG}/with-selector" && mkdir -p "${PRIVATE_CONFIG}/with-selector" # Generate first key run docker run --rm \ -v "${PRIVATE_CONFIG}/with-selector/":/tmp/docker-mailserver/ \ "${IMAGE_NAME:?}" /bin/sh -c "open-dkim keysize 2048 domain 'domain1.tld' selector mailer| wc -l" assert_success assert_output 4 # Check keys for domain1.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \ "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l' assert_success assert_output 2 # Check key names with selector for domain1.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \ "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim/keys/domain1.tld | grep -E 'mailer.private|mailer.txt' | wc -l" assert_success assert_output 2 # Check presence of tables and TrustedHosts run docker run --rm \ -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \ "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l" assert_success assert_output 4 # Check valid entries actually present in KeyTable run docker run --rm \ -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \ "${IMAGE_NAME:?}" /bin/sh -c \ "grep 'domain1.tld' /etc/opendkim/KeyTable | wc -l" assert_success assert_output 1 # Check valid entries actually present in SigningTable run docker run --rm \ -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \ "${IMAGE_NAME:?}" /bin/sh -c \ "grep 'domain1.tld' /etc/opendkim/SigningTable | wc -l" assert_success assert_output 1 }