features/commands/generate_keys.root_worker.featureRunning behat features/commands/generate_keys.root_worker.feature results in:
@rugged @commands @generate-keys @root-worker
Feature: Command to generate keys for Rugged TUF on the root worker.
In order to sign and validate TUF metadata
As an administrator
I need to generate encryption keypairs on the root worker.
Background:
Given I reset Rugged
And I run "sudo sudo -u rugged ls /var/rugged/signing_keys/targets"
And I should not get:
"""
targets
"""
And I run "sudo sudo -u rugged ls /var/rugged/verification_keys/targets"
And I should not get:
"""
targets.pub
"""
Scenario: Generate keypair on the root worker.
When I run the Rugged command "rugged --debug generate-keys --role targets"
Then I should get:
"""
Generating 'targets' keypair for 'targets' role.
Signing key: /var/rugged/signing_keys/targets/targets
Verification key: /var/rugged/verification_keys/targets/targets.pub
"""
When I try to run "sudo sudo -u nobody ls /var/rugged/signing_keys"
Then I should get:
"""
Permission denied
"""
When I run "sudo ls /var/rugged/signing_keys/targets"
Then I should get:
"""
targets
"""
When I try to run "sudo sudo -u nobody ls /var/rugged/verification_keys/targets"
Then I should get:
"""
Permission denied
"""
When I run "sudo ls /var/rugged/verification_keys/targets"
Then I should get:
"""
targets.pub
"""
Scenario: Don't inadvertently overwrite existing keys on the root worker.
Given I run the Rugged command "rugged generate-keys --role targets"
And I record a reference hash of "/var/rugged/verification_keys/targets/targets.pub"
When I fail to run the Rugged command "rugged generate-keys --role targets"
Then I should get:
"""
warning: verification key already exists at '/var/rugged/verification_keys/targets/targets.pub'.
error: Key (targets) already exists for role 'targets'.
error: Use --force to overwrite it.
"""
And file "/var/rugged/verification_keys/targets/targets.pub" has not changed
When I run the Rugged command "rugged generate-keys --role targets --force"
Then I should get:
"""
warning: verification key already exists at '/var/rugged/verification_keys/targets/targets.pub'.
Overwriting existing keys since --force flag option was provided.
Generating 'targets' keypair for 'targets' role.
"""
And file "/var/rugged/verification_keys/targets/targets.pub" has changed
Scenario: Generate keypairs for all roles by default on the root worker.
When I run the Rugged command "rugged generate-keys"
Then I should get:
"""
Generating 'root' keypair for 'root' role.
Generating 'root1' keypair for 'root' role.
Generating 'snapshot' keypair for 'snapshot' role.
Generating 'targets' keypair for 'targets' role.
Generating 'timestamp' keypair for 'timestamp' role.
"""
When I run "sudo ls /var/rugged/signing_keys/root"
Then I should get:
"""
root
root1
"""
When I run "sudo ls /var/rugged/verification_keys/root"
Then I should get:
"""
root.pub
root1.pub
"""
Scenario: Provide useful error and debugging messages when key generation fails on the root worker.
Given I run "sudo chmod 000 /var/rugged/signing_keys/targets"
And I run "sudo chmod 000 /var/rugged/verification_keys/targets"
When I fail to run the Rugged command "rugged --debug generate-keys --role targets"
Then I should not get:
"""
Signing key: /var/rugged/signing_keys/targets/targets
Verification key: /var/rugged/verification_keys/targets/targets.pub
"""
And I should get:
"""
Generating 'targets' keypair for 'targets' role.
Signing key: Failed to generate signing key.
Verification key: Failed to generate verification key.
"""
When I run the Rugged command "rugged logs --worker=root-worker --limit=0"
Then I should get:
"""
Received 'generate_keypair' task.
Generating 'targets' keypair for 'targets' role.
Generating keypair at /tmp/
Copying signing key to /var/rugged/signing_keys/targets/targets.
PermissionError thrown in generate_keypair: [Errno 13] Permission denied: '/var/rugged/signing_keys/targets/targets'
"""
4 scenarios (4 passed)
51 steps (51 passed)