diff --git a/codebuild/samples/connect-linux.sh b/codebuild/samples/connect-linux.sh new file mode 100755 index 00000000..5cecd2b9 --- /dev/null +++ b/codebuild/samples/connect-linux.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +set -e +set -o pipefail + +env + +pushd $CODEBUILD_SRC_DIR/samples/ + +ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g') + +echo "Basic Connect test" +python3 basic_connect.py --endpoint $ENDPOINT --key /tmp/privatekey.pem --cert /tmp/certificate.pem + +echo "Websocket Connect test" +python3 websocket_connect.py --endpoint $ENDPOINT --signing_region us-east-1 + +popd diff --git a/codebuild/samples/custom-auth-linux.sh b/codebuild/samples/custom-auth-linux.sh new file mode 100755 index 00000000..6fc7c2a2 --- /dev/null +++ b/codebuild/samples/custom-auth-linux.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e +set -o pipefail + +env + +pushd $CODEBUILD_SRC_DIR/samples/ + +ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g') +AUTH_NAME=$(aws secretsmanager get-secret-value --secret-id "ci/CustomAuthorizer/name" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g') +AUTH_PASSWORD=$(aws secretsmanager get-secret-value --secret-id "ci/CustomAuthorizer/password" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g') + +echo "Custom Authorizer test" +python3 custom_authorizer_connect.py --endpoint $ENDPOINT --custom_auth_authorizer_name $AUTH_NAME --custom_auth_password $AUTH_PASSWORD + +popd diff --git a/codebuild/samples/linux-smoke-tests.yml b/codebuild/samples/linux-smoke-tests.yml index 7fec9b56..0c931f61 100644 --- a/codebuild/samples/linux-smoke-tests.yml +++ b/codebuild/samples/linux-smoke-tests.yml @@ -1,3 +1,6 @@ +# Assumes are running using the Ubuntu Codebuild standard image +# NOTE: This script assumes that the AWS CLI-V2 is pre-installed! +# - AWS CLI-V2 is a requirement to run this script. version: 0.2 phases: install: @@ -5,11 +8,19 @@ phases: - add-apt-repository ppa:ubuntu-toolchain-r/test - apt-get update -y - apt-get install python3 softhsm -y + - echo "\nBuild version data:" + - echo "\nPython Version:"; python3 --version + - echo "\nSoftHSM (PKCS11) version:"; softhsm2-util --version + - echo "\n" build: commands: - echo Build started on `date` - $CODEBUILD_SRC_DIR/codebuild/samples/setup-linux.sh + - $CODEBUILD_SRC_DIR/codebuild/samples/connect-linux.sh + - $CODEBUILD_SRC_DIR/codebuild/samples/custom-auth-linux.sh + - $CODEBUILD_SRC_DIR/codebuild/samples/pkcs11-connect-linux.sh - $CODEBUILD_SRC_DIR/codebuild/samples/pubsub-linux.sh + - $CODEBUILD_SRC_DIR/codebuild/samples/shadow-linux.sh post_build: commands: - echo Build completed on `date` diff --git a/codebuild/samples/pkcs11-connect-linux.sh b/codebuild/samples/pkcs11-connect-linux.sh new file mode 100755 index 00000000..48c2d0c9 --- /dev/null +++ b/codebuild/samples/pkcs11-connect-linux.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +set -e +set -o pipefail + +pushd $CODEBUILD_SRC_DIR/samples/ + +ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g') + +# from hereon commands are echoed. don't leak secrets +set -x + +softhsm2-util --version + +# SoftHSM2's default tokendir path might be invalid on this machine +# so set up a conf file that specifies a known good tokendir path +mkdir -p /tmp/tokens +export SOFTHSM2_CONF=/tmp/softhsm2.conf +echo "directories.tokendir = /tmp/tokens" > /tmp/softhsm2.conf + +# create token +softhsm2-util --init-token --free --label my-token --pin 0000 --so-pin 0000 + +# add private key to token (must be in PKCS#8 format) +openssl pkcs8 -topk8 -in /tmp/privatekey.pem -out /tmp/privatekey.p8.pem -nocrypt +softhsm2-util --import /tmp/privatekey.p8.pem --token my-token --label my-key --id BEEFCAFE --pin 0000 + +# run sample +python3 pkcs11_connect.py --endpoint $ENDPOINT --cert /tmp/certificate.pem --pkcs11_lib /usr/lib/softhsm/libsofthsm2.so --pin 0000 --token_label my-token --key_label my-key + +popd diff --git a/codebuild/samples/pubsub-linux.sh b/codebuild/samples/pubsub-linux.sh index 18e44ad5..c7b5d797 100755 --- a/codebuild/samples/pubsub-linux.sh +++ b/codebuild/samples/pubsub-linux.sh @@ -1,12 +1,13 @@ #!/bin/bash set -e +set -o pipefail env pushd $CODEBUILD_SRC_DIR/samples/ -ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "unit-test/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g') +ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g') echo "PubSub test" python3 pubsub.py --endpoint $ENDPOINT --key /tmp/privatekey.pem --cert /tmp/certificate.pem diff --git a/codebuild/samples/setup-linux.sh b/codebuild/samples/setup-linux.sh index b8047940..b04450fd 100755 --- a/codebuild/samples/setup-linux.sh +++ b/codebuild/samples/setup-linux.sh @@ -1,6 +1,7 @@ #!/bin/bash set -e +set -o pipefail env @@ -10,5 +11,6 @@ cd $CODEBUILD_SRC_DIR ulimit -c unlimited python3 -m pip install . -cert=$(aws secretsmanager get-secret-value --secret-id "unit-test/certificate" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem -key=$(aws secretsmanager get-secret-value --secret-id "unit-test/privatekey" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem +cert=$(aws secretsmanager get-secret-value --secret-id "ci/CodeBuild/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem +key=$(aws secretsmanager get-secret-value --secret-id "ci/CodeBuild/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem +key_p8=$(aws secretsmanager get-secret-value --secret-id "ci/CodeBuild/keyp8" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key_p8" > /tmp/privatekey_p8.pem diff --git a/codebuild/samples/shadow-linux.sh b/codebuild/samples/shadow-linux.sh new file mode 100755 index 00000000..1fc1b54f --- /dev/null +++ b/codebuild/samples/shadow-linux.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -e +set -o pipefail + +env + +pushd $CODEBUILD_SRC_DIR/samples/ + +ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g') + +echo "Shadow test" +python3 shadow.py --endpoint $ENDPOINT --key /tmp/privatekey.pem --cert /tmp/certificate.pem --thing_name CI_CodeBuild_Thing --is_ci true + +popd