#! /bin/sh
# PCP QA Test No. 660
# checks basic pmwebd functionality
#
# Copyright (c) 2013-2014 Red Hat, Inc.  All Rights Reserved.
#
seq=`basename $0`
echo "QA output created by $seq"

. ./common.webapi

which curl >/dev/null 2>&1 || _notrun "No curl binary installed"
# nb: wget dispreferred because of its processing of .. relative links,
# so it's harder to stress pmwebd's base-directory-escaping logic

pyscript=src/test_webapi.py
python $pyscript --version 2>/dev/null || _notrun "python/modules missing"

$sudo rm -fr $tmp.dir
$sudo rm -f $tmp.*
rm -f $seq.full

signal=$PCP_BINADM_DIR/pmsignal
status=1	# failure is the default!
username=`id -u -n`

_cleanup()
{
    $sudo rm -fr $tmp.dir
    $sudo rm -f $tmp.*
    $sudo $signal -a pmwebd >/dev/null 2>&1
    $sudo $PCP_RC_DIR/pmwebd restart >/dev/null 2>&1
}
trap "_cleanup; exit \$status" 0 1 2 3 15

$sudo $PCP_RC_DIR/pmwebd stop >/dev/null 2>&1
$sudo $signal -a pmwebd >/dev/null 2>&1

webargs="-U $username"

echo | tee -a $seq.full
echo "=== 1. pmwebd default startup  ===" | tee -a $seq.full
$PCP_BINADM_DIR/pmwebd $webargs -l $tmp.out -v -t10 &
echo "pid=$!" >>$seq.full
sleep 2		# let it start up

if [ -f $tmp.out ]
then
    cat $tmp.out >>$seq.full
else
    echo "Arrgh ... pmwebd failed to start, $tmp.out not created"
    $PCP_PS_PROG $PCP_PS_ALL_FLAGS | egrep '[P]ID|[p]mwebd'
    exit
fi
curl -s -S "http://localhost:44323/pmapi/context?local=ANYTHING" \
| tee -a $seq.full \
| awk '{print $2}'
echo >>$seq.full

if [ ! -f /etc/hosts ]
then
    echo "Arrgh ... cannot find /etc/hosts to determine IPv6 localhost name"
    exit
fi
ipv6local=''
for sniff in localhost6 ip6-localhost
do
    if sed -e '/^#/d' -e 's/$/ /' /etc/hosts | grep -q "[ 	]$sniff "
    then
	ipv6local=$sniff
	break
    fi
done
if [ -z "$ipv6local" ]
then
    echo "Arrgh ... cannot determine IPv6 localhost name from /etc/hosts"
    exit
fi
echo "ipv6local=$ipv6local" >>$seq.full

rm -f $seq.out
if grep -q IPv6 $tmp.out; then
    curl -s -S "http://$ipv6local:44323/pmapi/context?local=ANYTHING" \
    | tee -a $seq.full \
    | awk '{print $2}'
    echo >>$seq.full
    # ipv6 + ipv4
    ln $seq.out.46 $seq.out
else
    # ipv4 only
    ln $seq.out.4 $seq.out
fi
# NB: we don't anticipate an ipv6-only host

echo | tee -a $seq.full
echo "=== 2. pmwebd exercise via python ===" | tee -a $seq.full
# pmwebd still running in default mode
if grep -q IPv4 $tmp.out; then
    python $pyscript --host localhost | _webapi_response_filter
fi
if grep -q IPv6 $tmp.out; then
    python $pyscript --host "$ipv6local" | _webapi_response_filter
fi

echo | tee -a $seq.full
echo "=== 3. pmwebd security constraints, file service ===" | tee -a $seq.full
$sudo $signal -a pmwebd >/dev/null 2>&1
sleep 2		# let it shutdown

cat $tmp.out >> $seq.full
$PCP_BINADM_DIR/pmwebd $webargs -R `pwd` -c 2222 -L -h localhost -N -vv -l $tmp.out >$tmp.err 2>&1 &
sleep 2		# let it start up
cat $tmp.err >> $seq.full

# should fail due to -N
curl -s -S "http://localhost:44323/pmapi/context?local=anything" | _webapi_response_filter
echo

# should fail due to nonexistent context#
curl -s -S "http://localhost:44323/pmapi/2225/_fetch" | _webapi_response_filter
echo

# should fail with a different error (insufficient elements; ie pmFetch failed) 
# NB: the curl -v part reports http headers too, for ACAO presence assertion
curl -s -v -S "http://localhost:44323/pmapi/2222/_fetch?names=" 2>&1 | _webapi_response_filter
echo

# should fail with a different error (insufficient elements; ie pmFetch failed) 
curl -s -S "http://localhost:44323/pmapi/2223/_fetch?pmids=" | _webapi_response_filter
echo

# filter for responses from newer microhttpd libraries, where
# symlink paths are rewritten (with verbose diagnostics that
# indicate this, also).
# Note: the request below must still generate a 400 response.
_symlink_response_filter()
{
    sed \
	-e 's,/../../etc/passwd,/etc/passwd,g' \
	-e '/Rebuilt URL to:.*\/etc\/passwd/d' \
    #end
}

# should fail due to suspicious pmresapi path name
curl -s -v -S "http://localhost:44323/../../etc/passwd" 2>&1 | _webapi_response_filter | _symlink_response_filter

echo
# should fail due to non-enablement of graphite
curl -s -v -S "http://localhost:44323/graphite/render?target=*" 2>&1 | _webapi_response_filter
echo

# should pass, feed this very script
curl -s -S "http://localhost:44323/$seq" > $tmp.out2
diff $tmp.out2 $0 && echo file service ok

cat $tmp.out >> $seq.full

status=0
exit
