#!/bin/bash

set -u

exec </dev/null

trap 'exit 1' INT

echo "S.H.I.E.L.D. API TESTS"

echo "======================"

echo

PATH=${PWD}:${PWD}/bin:${PATH}

WORKDIR=${PWD}/tmp/t

DATA_DIRECTORY=${WORKDIR}/var/

SHIELD_DAEMON_HOST=127.0.0.1

SHIELD_DAEMON_PORT=8282

SHIELD_DAEMON_ADDR="$SHIELD_DAEMON_HOST:$SHIELD_DAEMON_PORT"

SHIELD_AGENT_HOST=127.0.0.1

SHIELD_AGENT_PORT=5441

SHIELD_AGENT_ADDR="$SHIELD_AGENT_HOST:$SHIELD_AGENT_PORT"

SHIELD_USER=initio

SHIELD_PASS=sekrit

SHIELD_NAME="T.E.S.T. S.H.I.E.L.D."

SHIELD_MASTER_PASSWORD="master-chief-117"

rm -rf ${WORKDIR}

mkdir -p ${WORKDIR}/{etc,var,data,config}

# TEST HARNESS APPARATUS {{{

export PATH SHIELD_NAME

cleanup () {

if [[ -n "$(jobs -p)" ]]; then

kill $(jobs -p) 2>/dev/null

fi

}

trap "cleanup >&2" EXIT QUIT INT TERM

spin_vault() {

if [[ ! -f ${PWD}/bin/vault ]]; then

VAULT_VERSION=1.9.0

echo "... retrieving vault $VAULT_VERSION form the web..."

case "${OSTYPE}" in

(*darwin*)

case "$(uname -m)" in

(x86_64)

curl -C - -sLo ${WORKDIR}/vault.zip https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_darwin_amd64.zip

;;

(arm64)

curl -C - -sLo ${WORKDIR}/vault.zip https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_darwin_arm64.zip

;;

(*)

echo >&2 "Architecture is neither x86_64 nor arm64, and the vault command was not found. bailing..."; exit 1

;;

esac

;;

(*linux*) curl -C - -sLo ${WORKDIR}/vault.zip https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip ;;

(*) echo >&2 "unable to determine OSTYPE, and the vault command was not found. bailing..."; exit 1 ;;

esac

pushd $WORKDIR

rm -f vault

unzip vault.zip

popd

mv $WORKDIR/vault ${PWD}/bin/vault

fi

cat >${WORKDIR}/etc/vault.conf <<EOF

storage "inmem" {}

disable_mlock = true

listener "tcp" {

address = "127.0.0.1:8219"

tls_disable = true

}

EOF

set -e

echo ">> Setting up a local (loopback) Vault"

export PATH=$PATH:$WORKDIR

${PWD}/bin/vault version

${PWD}/bin/vault server -config ${WORKDIR}/etc/vault.conf 2>&1 &

set +e

}

spin_shieldd() {

ssh-keygen -m PEM -t rsa -f ${WORKDIR}/config/shieldd_key -N '' >/dev/null

rm ${WORKDIR}/config/shieldd_key.pub

legacy_ssh_key=$(cat ${WORKDIR}/config/shieldd_key | sed -e 's/^/ /')

cat >${WORKDIR}/etc/shieldd.conf <<EOF

---

debug: true

data-dir: ${DATA_DIRECTORY}

web-root: ./web/htdocs

plugin_paths:

- ${PWD}

vault:

address: http://127.0.0.1:8219

scheduler:

fast-loop: 60

slow-loop: 3600

api:

bind: ${SHIELD_DAEMON_ADDR}

failsafe:

username: ${SHIELD_USER}

password: ${SHIELD_PASS}

legacy-agents:

enabled: yes

private-key: |

${legacy_ssh_key}

auth:

- identifier: public-github

backend: github

name: Github

properties:

client_id: KJSEHRKJWEHRKJHWER

client_secret: KLJWREKJWELKRJWLER

# use default github_endpoint

- identifier: corp-github

backend: github

name: Corporate Github

properties:

client_id: FOO

client_secret: BAR

github_endpoint: https://git.corporate.internal

EOF

set -e

echo ">> Setting up SHIELD schema"

./shield-schema -d "${DATA_DIRECTORY}/shield.db"

echo

echo ">> RUNNING SHIELDD"

./shieldd -c ${WORKDIR}/etc/shieldd.conf --log-level debug &

echo

echo ">> WAITING FOR SHIELD CORE TO COME ONLINE"

n=60

while ! curl -Ls --fail http://${SHIELD_DAEMON_ADDR}/v2/info; do

if [[ $n -eq 0 ]]; then

echo >&2 "SHIELD core did not spin up within 60s; aborting"

echo >&2 "---[ vault log ]-------------------------------------------"

cat >&2 ${WORKDIR}/vault.log || true

echo >&2

echo >&2 "---[ agent log ]-------------------------------------------"

cat >&2 ${WORKDIR}/agent.log || true

echo >&2

echo >&2 "---[ shieldd log ]-----------------------------------------"

cat >&2 ${WORKDIR}/core.log || true

echo >&2 "-----------------------------------------------------------"

echo >&2

exit 4;

fi

sleep 1

n=$(( n - 1 ))

done

echo ">> INITIALIZING SHIELD CORE"

curl -sL -XPOST http://${SHIELD_DAEMON_ADDR}/v2/init -H Content-type:application/json -d '{"master":"'$SHIELD_MASTER_PASSWORD'"}'

echo ">> UNLOCKING SHIELD CORE"

curl -sL -XPOST http://${SHIELD_DAEMON_ADDR}/v2/unlock -H Content-type:application/json -d '{"master":"'$SHIELD_MASTER_PASSWORD'"}'

set +e

}

spin_agent() {

ssh-keygen -m PEM -t rsa -f ${WORKDIR}/var/shield-agent_key -N '' >/dev/null

rm ${WORKDIR}/var/shield-agent_key.pub

curl -Lsk -XGET http://${SHIELD_DAEMON_ADDR}/v1/meta/pubkey >> ${WORKDIR}/var/authorized_keys

cat >${WORKDIR}/etc/shield-agent.conf <<EOF

---

authorized_keys_file: ${WORKDIR}/var/authorized_keys

host_key_file: ${WORKDIR}/var/shield-agent_key

listen_address: ${SHIELD_AGENT_ADDR}

plugin_paths:

- ${PWD}

name: t-api-agent

registration:

url: http://${SHIELD_DAEMON_ADDR}

interval: 15

EOF

set -e

./shield-agent -c ${WORKDIR}/etc/shield-agent.conf --log-level debug &

set +e

}

CONTEXT=""

context() {

CONTEXT=$1

}

pass() {

local msg=$1

echo -e "\033[1;32m[ OK ]\033[0m $msg" | tee -a $WORKDIR/summary

}

fail() {

local msg=$1

echo -e "\033[1;31m[FAIL]\033[0m $msg" | tee -a $WORKDIR/summary

}

nocolor() {

sed -e 's,'$(printf "\x1b")'\[[0-9;]*m,,g'

}

done_testing() {

echo

if [[ ! -f $WORKDIR/summary ]]; then

echo "NO TESTS RUN"

exit 2

fi

tests=$(wc -l $WORKDIR/summary | awk '{print $1}')

fails=$(nocolor <$WORKDIR/summary | grep '^\[FAIL\] ' | wc -l | awk '{print $1}')

if [[ $fails == 0 ]]; then

echo "ALL $tests TESTS PASS"

exit 0

else

echo "$fails/$tests TESTS FAILED"

echo

nocolor <$WORKDIR/summary | grep '^\[FAIL\] ' | sed -e 's/^/ /'

exit 1

fi

}

TESTS=""

testing() {

[[ -z "$TESTS" ]] && return 0

grep -iq " -$1 " <<<" $TESTS " && return 1

grep -iq " $1 " <<<" $TESTS " && return 0

grep -iq " all " <<<" $TESTS " && return 0

return 1

}

while [[ $# -ne 0 ]]; do

TESTS="$TESTS $1 "

shift

done

echo "running: ${TESTS:-(all tests)}" | sed -e 's/ */ /'

# }}}

spin_vault 2>&1 > ${WORKDIR}/vault.log

spin_shieldd 2>&1 > ${WORKDIR}/core.log

spin_agent 2>&1 > ${WORKDIR}/agent.log

# try "A Suite of Tests" {{{

try() {

CONTEXT=""

echo

echo ">> $*:"

}

# }}}

# (run some tests) 2>&1 | indent {{{

indent() {

sed -e 's/^/ /'

}

# }}}

# errors file | indent {{{

errors() {

echo -e "\033[1;31m"

cat $1

echo -e "\033[0m"

}

# }}}

# ok $? "what should have happened..." {{{

ok() {

local rc=$1

local msg=$2

if [[ $rc == 0 ]]; then

pass "$msg"

else

fail "$msg"

fi

}

# }}}

# notok $? "what should have happened..." {{{

notok() {

local rc=$1

local msg=$2

if [[ $rc != 0 ]]; then

pass "$msg"

else

fail "$msg"

fi

}

# }}}

# is $got $expected "why it should have been that way..." {{{

is() {

local got=$1

local want=$2

local msg=${3:-}

if [[ -z "$msg" ]]; then

msg="'${got}' should equal '${want}'"

fi

if [[ "$got" != "$want" ]]; then

fail "$msg"

echo " got '${got}'"

echo " wanted '${want}'"

echo

return

fi

pass "$msg"

}

# }}}

# isnt $got $expected "why it should not have been that way..." {{{

isnt(){

local got=$1

local want=$2

local msg=${3:-}

if [[ -z "$msg" ]]; then

msg="'${got}' should NOT equal '${want}'"

fi

if [[ "$got" == "$want" ]]; then

fail "$msg"

echo " got '${got}'"

echo " wanted pretty much anything else."

echo

return

fi

pass "$msg"

}

# }}}

# httpstat $method $url "some optional JSON data, probably" {{{

httpstat() {

local method=$1

local url=$2

local body=${3:-}

opts="-X$method"

if [[ ${method} == "HEAD" ]]; then

opts="-I"

fi

if [[ -n "${body}" ]]; then

opts="$opts --data-binary ${body} -H Content-type:application/json"

fi

curl -s -o /dev/null -w '%{http_code}' $opts -H "X-Shield-Session: $SHIELD_API_TOKEN" $url 2>/dev/null

}

# }}}

ping() {

curl -s -o /dev/null -w '%{http_code}' "http://$SHIELD_DAEMON_ADDR/v2/info" 2>/dev/null

}

# create $type $name <<<$JSON {{{

create() {

local type=$1

local name=$2

run create-$type

mkdir -p $WORKDIR/data/$type

jq -r '.uuid' < $WORKDIR/out > $WORKDIR/data/$type/$name

isnt "$(uuidof $type "$name")" "" \

"$type '$name' should have a valid (non-empty) UUID"

}

# }}}

# update $type $name <<<$JSON {{{

update() {

local type=$1

local name=$2

run edit-$type $(uuidof $type "$name")

}

# }}}

# uuidof $type $name {{{

uuidof() {

shield $1 --exact "$2" | jq -r .uuid

}

# }}}

# pick $name {{{

pick() {

local name=$1

jq -r '.[] | select(.'"${INDEX_BY:-name}"' == "'$name'") | .' < $WORKDIR/out > $WORKDIR/out.tmp

mv $WORKDIR/out.tmp $WORKDIR/out

}

# }}}

# attr $name $want "optionally, why $name should be $want" {{{

attr() {

local attr=$1

local expect=$2

local what=${3:-$CONTEXT}

is "$(jq -r ".$attr // empty" < $WORKDIR/out)" \

"$expect" \

"'$attr' was present when we asked for $what"

}

# }}}

# hasattr $name "optionally, why $name should be present" {{{

hasattr() {

local attr=$1

local what=${2:-$CONTEXT}

isnt "$(jq -r ".$attr // empty" < $WORKDIR/out)" \

"" \

"'$attr' was not present when we asked for $what"

}

# }}}

# run command --plus --arg u ments {{{

run() {

shield --yes "$@" >$WORKDIR/out 2>$WORKDIR/err

rc=$?

ok $rc "\`shield $*' should succeed"

if [[ $rc != 0 ]]; then

errors $WORKDIR/err | indent

fi

}

# }}}

# runerr command --plus --arg u ments {{{

runerr() {

shield --yes "$@" > $WORKDIR/out

notok $? "\`shield $*' should not succeed"

}

# }}}

# none "why the last list retrieved should be empty" {{{

none() {

local why=$1

is "$(cat $WORKDIR/out)" "[]" "$why"

}

# }}}

# some "why the list retrieved should not be empty" {{{

some() {

local why=$1

isnt "$(cat $WORKDIR/out)" "[]" "$why"

}

# }}}

# include $type $name "optional description of the list" {{{

includes() {

local type=$1

local name=$2

local list=${3:-$CONTEXT}

if [[ "$(uuidof $type "$name")" == "" ]]; then

fail "$type '$name' is not a thing. this is a bug in the test"

return

fi

if [[ "$(jq -r '.'"${INDEX_WHAT:-}"' // empty' < $WORKDIR/out)" = "" ]]; then

fail "$type '$name' should show up in the list of $list"

else

is "$(jq -r '.'"${INDEX_WHAT:-}"'[] | select(.'"${INDEX_BY:-name}"' == "'"$name"'") | .uuid' < $WORKDIR/out)" \

"$(uuidof $type "$name")" \

"$type '$name' should show up in the list of $list"

fi

}

# }}}

# excludes $type $name "optional description of the list" {{{

excludes() {

local type=$1

local name=$2

local list=${3:-$CONTEXT}

if [[ "$(uuidof $type "$name")" == "" ]]; then

fail "$type '$name' is not a thing. this is a bug in the test"

return

fi

if [[ "$(jq -r '.'"${INDEX_WHAT:-}"' // empty' < $WORKDIR/out)" = "" ]]; then

pass "$type '$name' should NOT show up in the list of $list"

else

is "$(jq -r '.'"${INDEX_WHAT:-}"'[] | select(.'"${INDEX_BY:-name}"' == "'"$name"'") | .uuid' < $WORKDIR/out)" \

"" \

"$type '$name' should NOT show up in the list of $list"

fi

}

# }}}

# isrole $user $role {{{

isrole() {

user=$1

role=$2

is "$(jq -r '.members[] | select(.account == "'"$user"'") | .role' < $WORKDIR/out)" \

"$role" \

"$user should have the $role role $CONTEXT"

}

# }}}

# cannot_delete $type $name "optionally, why you shouldn't be able to delete it" {{{

cannot_delete() {

local type=$1

local name=$2

local why=${3:-$CONTEXT}

! shield delete-$type "$name" &> $WORKDIR/out

rc=$?

ok $rc "Should not be allowed to delete $type '$name': $why"

if [[ $rc -ne 0 ]]; then

errors $WORKDIR/out | indent

fi

run $type $(uuidof $type "$name")

attr name "$name" "$type '$name' should be unaffected by failed DELETE attempt"

}

# }}}

# can_delete $type $name "optionally, why you should be able to delete it" {{{

can_delete() {

local type=$1

local name=$2

local why=${3:-$CONTEXT}

shield --exact --yes delete-$type "$name" > $WORKDIR/out 2> $WORKDIR/err

rc=$?

ok $rc "Should be allowed to delete $type '$name': $why"

if [[ $rc -ne 0 ]]; then

errors $WORKDIR/err | indent

fi

shield --exact $type "$name" >$WORKDIR/out 2>/dev/null

rc=$?

notok $rc "$type '$name' should not be retrievable after successful delete attempt"

if [[ $rc -eq 0 ]]; then

errors $WORKDIR/out | indent

fi

}

# }}}

# pause job $name {{{

pause() {

local type=$1

local name=$2

if [[ $type != "job" ]]; then

echo >&2 "Attempted to pause a $type (must be a job)"

exit 77

fi

context "pausing job '$name'"

run pause-job "$(uuidof $type "$name")"

run $type "$(uuidof $type "$name")"

context "paused job ($name)"

attr paused true

}

# }}}

# unpause job $name {{{

unpause() {

local type=$1

local name=$2

if [[ $type != "job" ]]; then

echo >&2 "Attempted to unpause a $type (must be a job)"

exit 77

fi

context "unpausing job '$name'"

run unpause-job "$(uuidof $type "$name")"

run $type "$(uuidof $type "$name")"

context "unpaused job ($name)"

attr paused '' # jq returns false as empty

}

# }}}

export SHIELD_CLI_CONFIG="$WORKDIR/etc/.shield"

export SHIELD_JSON_MODE=yes

export SHIELD_BATCH_MODE=yes

export SHIELD_CORE=test

export SHIELD_TENANT="Stark Enterprises"

try "Setting up our test SHIELD instance" # {{{

(

shield api "$SHIELD_CORE" http://${SHIELD_DAEMON_ADDR}

shield login --username "$SHIELD_USER" --password "$SHIELD_PASS"

shield status --global | jq -r .

is "$(ping)" "200" "/v2/info should ping ok"

is "$(curl -Ls http://${SHIELD_DAEMON_ADDR}/v1/meta/pubkey)" \

"$(ssh-keygen -yf $WORKDIR/config/shieldd_key)" \

"/v1/meta/pubkey gives out the daemon PUBLIC key"

run create-tenant \

--name "Stark Enterprises"

run create-user \

--name "Tony Stark" \

--username tony \

--password J.A.R.V.I.S. \

--system-role admin

run invite --tenant 'Stark Enterprises' --role admin tony

run create-user \

--name J.A.R.V.I.S. \

--username jarvis \

--password T.O.N.Y.

run invite --tenant 'Stark Enterprises' --role operator jarvis

run create-tenant \

--name "Wayne Industries"

run create-user \

--name "Bruce Wayne" \

--username bruce \

--password by-day \

run invite --tenant 'Wayne Industries' --role operator bruce

run create-user \

--name Batman \

--username batman \

--password by-knight

run invite --role admin batman

run login --username tony --password J.A.R.V.I.S.

) 2>&1 | indent

# }}}

try "Checking that initial database is empty" # {{{

(run targets ; none "Initial targets list should be empty"

run stores ; none "Initial stores list should be empty"

run jobs ; none "Initial jobs list should be empty"

run users ; some "Initial users list should have the failsafe user"

run tenants ; some "Initial tenants list shouldn't be empty"

run auth-tokens ; none "Initial tokens list should be empty"

) 2>&1 | indent

#}}}

try "Creating testing objects" # {{{

(

run create-target \

--name redis-shared \

--summary "Shared Redis services for CF" \

--agent "$SHIELD_AGENT_ADDR" \

--plugin redis \

--data host=127.0.0.1 \

--data bgsave=BGSAVE

run create-target \

--name s3 \

--summary "Amazon S3 Blobstore" \

--agent "$SHIELD_AGENT_ADDR" \

--plugin s3

run create-target \

--name shield \

--summary "SHIELD itself" \

--agent "$SHIELD_AGENT_ADDR" \

--plugin postgres

run create-store \

--name filesies \

--summary "A filesystem store" \

--agent "$SHIELD_AGENT_ADDR" \

--plugin fs \

--data dir=/path/to/data \

--data tar=bsdtar

run create-store \

--name s3 \

--summary "Amazon S3 Archival Storage" \

--agent "$SHIELD_AGENT_ADDR" \

--plugin s3

run create-store \

--name shield \

--summary SHIELD-FS \

--agent "$SHIELD_AGENT_ADDR" \

--plugin fs

run create-job \

--name redis-daily-to-fs \

--summary "Daily Backups of Redis to the local fs" \

--exact \

--target redis-shared \

--store filesies \

--schedule "daily at 11:24pm" \

--retain 8 \

--retries 2 \

--paused

run create-job \

--name shield-itself \

--summary "Backing up SHIELDs database, via SHIELD..." \

--exact \

--target shield \

--store shield \

--schedule "tuesdays at 11am" \

--retain 100 \

--retries 3

) 2>&1 | indent

# }}}

if testing tokens; then

try "Creating an auth-token" # {{{

(run create-auth-token "test1"

context 'a newly-created token'

attr name "test1"

hasattr session

run auth-tokens

is "$(jq -r '.[] | select(.name == "test1") | .name' < $WORKDIR/out)" \

"test1" \

"token 'test1' should show up in the list of auth-tokens"

) 2>&1 | indent

# }}}

try "Revoking an auth-token" # {{{

(run revoke-auth-token "test1"

run auth-tokens

isnt "$(jq -r '.[] | select(.name == "test1") | .name' < $WORKDIR/out)" \

"test1" \

"token 'test1' should not show up in the list of auth-tokens (post-revocation)"

) 2>&1 | indent

# }}}

fi

if testing tenant; then

try "Finding a single tenant" # {{{

(run tenant "Stark Enterprises"

context 'a single tenant'

attr name "Stark Enterprises"

) 2>&1 | indent

# }}}

try "Listing tenants" # {{{

(run tenants

context 'all tenants'

includes tenant 'Stark Enterprises'

includes tenant 'Wayne Industries'

run tenants stark

context 'tenants matching *stark*'

includes tenant 'Stark Enterprises'

excludes tenant 'Wayne Industries'

) 2>&1 | indent

# }}}

try "Running through tenant lifecycle" # {{{

(run create-tenant \

--name my-new-tenant

run tenant my-new-tenant

context 'a newly-created tenant'

attr name my-new-tenant

run update-tenant my-new-tenant \

--name my-updated-tenant

run tenant my-updated-tenant

context 'a newly-renamed tenant'

attr name my-updated-tenant

) 2>&1 | indent

# }}}

try "Testing tenancy memberships" # {{{

(INDEX_WHAT=members

INDEX_BY=account

run create-tenant --name tenant3

run tenant tenant3

context 'members for tenant with no members'

excludes user tony

run invite --tenant tenant3 --role operator tony jarvis

run tenant tenant3

context 'members after inviting tony and jarvis as operators'

includes user tony

includes user jarvis

context 'after inviting tony and jarvis as operators'

isrole tony operator

isrole jarvis operator

run invite --tenant tenant3 --role engineer jarvis

run tenant tenant3

context 'members after re-inviting jarvis as an engineer'

includes user tony

includes user jarvis

context 'after re-inviting jarvis as an engineer'

isrole tony operator

isrole jarvis engineer

run banish --tenant tenant3 tony

run tenant tenant3

context 'members after banishing tony'

excludes user tony

includes user jarvis

context 'after banishing tony'

isrole jarvis engineer

run banish --tenant tenant3 tony

run tenant tenant3

context 'members after banishing tony (a second time)'

excludes user tony

includes user jarvis

context 'after banishing tony (a second time)'

isrole jarvis engineer

) 2>&1 | indent

# }}}

fi

if testing user; then

try "Finding a single user" # {{{

(run user jarvis

context 'a single non-system user'

attr name J.A.R.V.I.S.

attr account jarvis

attr sysrole ''

run user tony

context 'a single system user'

attr name 'Tony Stark'

attr account tony

attr sysrole admin

) 2>&1 | indent

# }}}

try "Listing users" # {{{

(INDEX_BY=account

run users

context 'all users'

includes user tony

includes user jarvis

pick tony

context 'the tony account (in all users)'

attr name 'Tony Stark'

attr account tony

attr sysrole admin

run users --fuzzy a

context 'users with account "*a*"'

excludes user tony

includes user jarvis

run users --fuzzy xyzzy

none 'no users with account "*xyzzy*"'

run users --with-system-role admin

context 'users with system-level admin rights'

includes user tony

excludes user jarvis

) 2>&1 | indent

# }}}

try "Running through user lifecycle" # {{{

(run create-user \

--name my-new-user \

--username user42 \

--password temp-password

run user user42

context 'a newly-created user'

attr name my-new-user

attr account user42

attr sysrole ''

run update-user user42 \

--name my-updated-user

run user user42

context 'a newly-updated user'

attr name my-updated-user

attr account user42

attr sysrole ''

run update-user user42 \

--system-role engineer

run user user42

context 'a newly-updated user'

attr name my-updated-user

attr account user42

attr sysrole engineer

run logout

run login --username user42 --password temp-password

(echo temp-password ; sleep 0.1

echo new-password ; sleep 0.1

echo new-password ; sleep 0.1

) | run passwd --no-batch

run logout

run login --username user42 --password new-password

run logout

run login --username tony --password J.A.R.V.I.S.

context 'users can always be deleted'

can_delete user user42

) 2>&1 | indent

# }}}

fi

if testing target; then

try "Finding a single target" # {{{

(run target s3

context 'a single target'

attr name s3

attr summary 'Amazon S3 Blobstore'

attr agent "$SHIELD_AGENT_ADDR"

attr plugin s3

) 2>&1 | indent

# }}}

try "Listing targets" # {{{

(run targets

context 'all targets'

includes target s3

includes target redis-shared

pick s3

attr name s3

attr summary 'Amazon S3 Blobstore'

attr agent "$SHIELD_AGENT_ADDR"

attr plugin s3

run targets redis-shared

context 'targets named "redis-shared"'

excludes target s3

includes target redis-shared

run targets --fuzzy redis

context 'targets named "*redis*"'

excludes target s3

includes target redis-shared

run targets s

context 'targets named "*s*"'

includes target s3

includes target redis-shared

run targets xyzzy

none 'no targets are named "*xyzzy*"'

run targets --used

context 'used targets'

excludes target s3

includes target redis-shared

run targets --unused

context 'unused targets'

includes target s3

excludes target redis-shared

run targets --with-plugin redis

context 'targets using the "redis" plugin'

excludes target s3

includes target redis-shared

run targets --with-plugin enoent

none "Should find no results for bogus target plugin search"

run targets --with-plugin redis --unused

none "No targets matched unused && plugin=redis"

run targets --with-plugin redis --used

context 'used targets using the "redis" plugin'

excludes target s3

includes target redis-shared

) 2>&1 | indent

# }}}

try "Running through target lifecycle" # {{{

(run create-target \

--name my-new-target \

--summary 'A target suitable for editing' \

--agent "$SHIELD_AGENT_ADDR" \

--plugin fs \

--data dir=/path/to/data

run target --exact my-new-target

context 'a newly-created target'

attr name my-new-target

attr summary 'A target suitable for editing'

attr agent "$SHIELD_AGENT_ADDR"

attr plugin fs

attr config.dir /path/to/data

run update-target my-new-target \

--name my-updated-target \

--summary 'A New Summary' \

--data dir=/new/path

run target --exact my-updated-target

context 'a newly-updated target'

attr name my-updated-target

attr summary 'A New Summary'