From d1d8740e0462460699b60698c7049f95be6c382a Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Wed, 20 Mar 2019 19:48:41 +0100
Subject: [PATCH] update travis-ci tests

---
 .travis.yml                               | 71 ++++++++++++++---------
 install.sh                                | 11 +++-
 roles/ssh_tunneling/tasks/main.yml        |  4 +-
 roles/strongswan/tasks/client_configs.yml |  2 +-
 tests/cloud-init.sh                       | 17 ++++++
 5 files changed, 71 insertions(+), 34 deletions(-)
 create mode 100755 tests/cloud-init.sh

diff --git a/.travis.yml b/.travis.yml
index 47a58a95..7a2c67d8 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,15 +1,11 @@
 ---
 language: python
 python: "2.7"
-sudo: required
-dist: trusty
+dist: xenial
 
 services:
   - docker
 
-matrix:
-  fast_finish: true
-
 addons:
   apt:
     sources:
@@ -41,35 +37,52 @@ before_cache:
   - sudo tar cf $HOME/lxc/cache.tar /var/lib/lxd/images/
   - sudo chown $USER. $HOME/lxc/cache.tar
 
-env:
-  - LXC_NAME=docker LXC_DISTRO=ubuntu LXC_RELEASE=18.04
+matrix:
+  fast_finish: true
+  include:
+    - stage: Test
+      name: local deployment from docker
+      script:
+        - docker build -t travis/algo .
+        - sudo tar xf $HOME/lxc/cache.tar -C / || echo "Didn't extract cache."
+        - sudo cp -f tests/lxd-bridge /etc/default/lxd-bridge
+        - ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
+        - echo -e "#cloud-config\nssh_authorized_keys:\n - $(cat ~/.ssh/id_rsa.pub)" | sudo lxc profile set default user.user-data -
+        - sudo service lxd restart
+        - sudo lxc launch ubuntu:18.04 algo
+        - until host algo.lxd 10.0.8.1 -t A; do sleep 3; done
+        - export LXC_IP="$(dig algo.lxd @10.0.8.1 +short)"
+        - pip install -r requirements.txt
+        - pip install ansible-lint
+        - gem install awesome_bot
+        - ansible-playbook --version
+        - tree . -L 2
+        - ansible-playbook main.yml --syntax-check
+        - ./tests/local-deploy.sh
+        - ./tests/update-users.sh
 
-before_install:
-  - test "${LXC_NAME}" != "docker" && sudo modprobe wireguard || docker build -t travis/algo .
+    - stage: Test
+      name: cloud-init deployment
+      script:
+        - sudo tar xf $HOME/lxc/cache.tar -C / || echo "Didn't extract cache."
+        - sudo cp -f tests/lxd-bridge /etc/default/lxd-bridge
+        - sudo service lxd restart
+        - bash tests/cloud-init.sh | sudo lxc profile set default user.user-data -
+        - sudo lxc profile show default
+        - sudo lxc launch ubuntu:18.04 algo
+        - until sudo lxc exec algo -- test -f /var/log/cloud-init-output.log; do echo 'Log file not found, Sleep for 3 seconds'; sleep 3; done
+        - ( sudo lxc exec algo -- tail -f /var/log/cloud-init-output.log & )
+        - |
+          until sudo lxc exec algo -- test -f /var/lib/cloud/data/result.json; do
+            echo 'Cloud init is not finished. Sleep for 30 seconds';
+            sleep 30;
+          done
+        - sudo lxc exec algo -- test -f /opt/algo/configs/localhost/.config.yml
 
-install:
-  - sudo tar xf $HOME/lxc/cache.tar -C / || echo "Didn't extract cache."
-  - ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
-  - chmod 0644 ~/.ssh/config
-  - echo -e "#cloud-config\nssh_authorized_keys:\n - $(cat ~/.ssh/id_rsa.pub)" | sudo lxc profile set default user.user-data -
-  - sudo cp -f tests/lxd-bridge /etc/default/lxd-bridge
-  - sudo service lxd restart
-  - sudo lxc launch ${LXC_DISTRO}:${LXC_RELEASE} ${LXC_NAME}
-  - until host ${LXC_NAME}.lxd 10.0.8.1 -t A; do sleep 3; done
-  - export LXC_IP="$(dig ${LXC_NAME}.lxd @10.0.8.1 +short)"
-  - pip install -r requirements.txt
-  - pip install ansible-lint
-  - gem install awesome_bot
-  - ansible-playbook --version
-  - tree . -L 2
-
-script:
+# script:
   # - awesome_bot --allow-dupe --skip-save-results *.md docs/*.md --white-list paypal.com,do.co,microsoft.com,https://github.com/trailofbits/algo/archive/master.zip,https://github.com/trailofbits/algo/issues/new
 # - shellcheck algo
 # - ansible-lint main.yml users.yml deploy_client.yml
-  - ansible-playbook main.yml --syntax-check
-  - ./tests/local-deploy.sh
-  - ./tests/update-users.sh
 
 notifications:
   email: false
diff --git a/install.sh b/install.sh
index 987588a2..248f3784 100644
--- a/install.sh
+++ b/install.sh
@@ -12,6 +12,10 @@ LOCAL_DNS="${7:-${LOCAL_DNS:-false}}"
 SSH_TUNNELING="${8:-${SSH_TUNNELING:-false}}"
 ENDPOINT="${9:-${ENDPOINT:-localhost}}"
 USERS="${10:-${USERS:-user1}}"
+REPO_SLUG="${11:-${REPO_SLUG:-trailofbits/algo}}"
+REPO_BRANCH="${12:-${REPO_BRANCH:-master}}"
+EXTRA_VARS="${13:-${EXTRA_VARS:-placeholder=null}}"
+ANSIBLE_EXTRA_ARGS="${14:-${ANSIBLE_EXTRA_ARGS}}"
 
 cd /opt/
 
@@ -32,9 +36,11 @@ installRequirements() {
 }
 
 getAlgo() {
-  [ ! -d "algo" ] && git clone https://github.com/trailofbits/algo algo
+  [ ! -d "algo" ] && git clone https://github.com/${REPO_SLUG} algo
   cd algo
 
+  git checkout ${REPO_BRANCH}
+
   python -m virtualenv --python=`which python2` .venv
   . .venv/bin/activate
   python -m pip install -U pip virtualenv
@@ -95,7 +101,8 @@ deployAlgo() {
     -e users=$(echo "$USERS" | jq -Rc 'split(",")') \
     -e server=localhost \
     -e ssh_user=root \
-    --skip-tags debug |
+    -e "${EXTRA_VARS}" \
+    --skip-tags debug ${ANSIBLE_EXTRA_ARGS} |
       tee /var/log/algo.log
 }
 
diff --git a/roles/ssh_tunneling/tasks/main.yml b/roles/ssh_tunneling/tasks/main.yml
index c52840f6..df292c5d 100644
--- a/roles/ssh_tunneling/tasks/main.yml
+++ b/roles/ssh_tunneling/tasks/main.yml
@@ -64,7 +64,7 @@
             passphrase: "{{ p12_export_password }}"
             cipher: aes256
             force: false
-          no_log: true
+          # no_log: true
           when: not item.stat.exists
           with_items: "{{ privatekey.results }}"
           register: openssl_privatekey
@@ -76,7 +76,7 @@
             privatekey_passphrase: "{{ p12_export_password }}"
             format: OpenSSH
             force: true
-          no_log: true
+          # no_log: true
           when: item.changed
           with_items: "{{ openssl_privatekey.results }}"
 
diff --git a/roles/strongswan/tasks/client_configs.yml b/roles/strongswan/tasks/client_configs.yml
index de4ff0f8..e0578d8b 100644
--- a/roles/strongswan/tasks/client_configs.yml
+++ b/roles/strongswan/tasks/client_configs.yml
@@ -18,7 +18,7 @@
   with_together:
     - "{{ users }}"
     - "{{ PayloadContent.results }}"
-  no_log: True
+  # no_log: True
 
 - name: Build the client ipsec config file
   template:
diff --git a/tests/cloud-init.sh b/tests/cloud-init.sh
new file mode 100755
index 00000000..2d95c995
--- /dev/null
+++ b/tests/cloud-init.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+echo "#!/bin/bash
+export METHOD=local
+export ONDEMAND_CELLULAR=true
+export ONDEMAND_WIFI=true
+export ONDEMAND_WIFI_EXCLUDE=test1,test2
+export WINDOWS=true
+export STORE_CAKEY=true
+export LOCAL_DNS=true
+export ENDPOINT=algo.lxc
+export USERS=user1,user2
+export EXTRA_VARS='install_headers=false tests=true apparmor_enabled=false'
+export ANSIBLE_EXTRA_ARGS='--skip-tags apparmor'
+export REPO_SLUG=${TRAVIS_PULL_REQUEST_SLUG:-${TRAVIS_REPO_SLUG:-trailofbits/algo}}
+export REPO_BRANCH=${TRAVIS_PULL_REQUEST_BRANCH:-${TRAVIS_BRANCH:-master}}
+
+curl -s https://raw.githubusercontent.com/${TRAVIS_PULL_REQUEST_SLUG:-${TRAVIS_REPO_SLUG}}/${TRAVIS_PULL_REQUEST_BRANCH:-${TRAVIS_BRANCH}}/install.sh | sudo -E bash -x"