From cf47a92034a868cf5aff51d20f61855aca91e0bc Mon Sep 17 00:00:00 2001 From: Josh Usiskin Date: Tue, 13 Apr 2021 14:22:16 +0000 Subject: [PATCH] test(integ): add test for RCS process owner --- .../bastion/testing/RQ-query-rcs-user.sh | 20 ++++++++++++++ .../test/deadline_02_renderQueue.test.ts | 27 +++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 integ/components/deadline/deadline_02_renderQueue/scripts/bastion/testing/RQ-query-rcs-user.sh diff --git a/integ/components/deadline/deadline_02_renderQueue/scripts/bastion/testing/RQ-query-rcs-user.sh b/integ/components/deadline/deadline_02_renderQueue/scripts/bastion/testing/RQ-query-rcs-user.sh new file mode 100644 index 000000000..15f86eae9 --- /dev/null +++ b/integ/components/deadline/deadline_02_renderQueue/scripts/bastion/testing/RQ-query-rcs-user.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Script to return the username for the process running the RCS as reported by Deadline +# +# Input: +# None +# Output: +# Non-zero return code on failure. +# Outputs the username of the process that the Deadline RCS is running as + + +set -euo pipefail + +DEADLINE="/opt/Thinkbox/Deadline10/bin" + +# Fetch repository.ini from the Deadline repo +$DEADLINE/deadlinecommand -json GetProxyServerInfos | jq -e -r '.result[]|select(.Stat == 1 and .Type == "Remote")|.User' diff --git a/integ/components/deadline/deadline_02_renderQueue/test/deadline_02_renderQueue.test.ts b/integ/components/deadline/deadline_02_renderQueue/test/deadline_02_renderQueue.test.ts index 69e924ea3..d1558b2e1 100644 --- a/integ/components/deadline/deadline_02_renderQueue/test/deadline_02_renderQueue.test.ts +++ b/integ/components/deadline/deadline_02_renderQueue/test/deadline_02_renderQueue.test.ts @@ -230,5 +230,32 @@ describe.each(testCases)('Deadline RenderQueue tests (%s)', (_, id) => { expect(responseCode).toEqual(0); }); }); + + test(`RQ-${id}-5: RCS not running as root`, async () => { + /********************************************************************************************************** + * TestID: RQ-5 + * Description: Confirm that RCS process is not running as the root user + * Input: The user owning the RCS process as reported by deadlinecommand + * Expected result: Response code 0, i.e. the script execution was successful and Deadline accepted the job + **********************************************************************************************************/ + var params = { + DocumentName: 'AWS-RunShellScript', + Comment: 'Execute Test Script RQ-query-rcs-user.sh', + InstanceIds: [bastionId], + Parameters: { + commands: [ + 'sudo -i', + 'su - ec2-user >/dev/null', + 'cd ~ec2-user', + './testScripts/RQ-query-rcs-user.sh', + ], + }, + }; + return awaitSsmCommand(bastionId, params).then( response => { + const user = response.output; + expect(user).not.toHaveLength(0); + expect(user).not.toEqual('root'); + }); + }); }); });