Merge pull request #2 from testainers/dev

Version 0.0.2.
testainers · Apr 25, 2024 · d47c3a7 · d47c3a7
2 parents 022bda9 + 5062278
commit d47c3a7
Show file tree

Hide file tree

Showing 6 changed files with 293 additions and 13 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -9,7 +9,7 @@ jobs:
   tests:
     name: Tests
     runs-on: ubuntu-latest
-    timeout-minutes: 20
+    timeout-minutes: 5
     strategy:
       matrix:
         alpine:

diff --git a/README.md b/README.md
@@ -31,7 +31,14 @@ Obrigado pelo seu apoio contínuo!
 
 ## Environment Variables
 
-*TODO*
+| Variable              | Options         | Default |
+|-----------------------|-----------------|---------|
+| SNMP_V3_USER          | --              | --      |
+| SNMP_V3_USER_TYPE     | rouser - rwuser | rouser  |
+| SNMP_V3_AUTH_PROTOCOL | MD5 - SHA       | SHA     |
+| SNMP_V3_AUTH_PWD      | --              | --      |
+| SNMP_V3_PRIV_PROTOCOL | DES - AES       | AES     |
+| SNMP_V3_PRIV_PWD      | --              | --      |
 
 ## How to Use
 

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -2,5 +2,65 @@
 
 echo "ENTRYPOINT"
 
+create_user() {
+  echo "Creating SNMPv3 user $SNMP_V3_USER with NO auth and NO priv"
+
+  echo "$SNMP_V3_USER_TYPE $SNMP_V3_USER" >'/usr/share/snmp/snmpd.conf'
+}
+
+create_user_auth() {
+  echo "Creating SNMPv3 user $SNMP_V3_USER with auth $SNMP_V3_AUTH_PROTOCOL and NO priv"
+
+  echo "createUser $SNMP_V3_USER $SNMP_V3_AUTH_PROTOCOL \"$SNMP_V3_AUTH_PWD\"" \
+    >'/var/lib/net-snmp/snmpd.conf'
+
+  echo "$SNMP_V3_USER_TYPE $SNMP_V3_USER" >'/usr/share/snmp/snmpd.conf'
+}
+
+create_user_auth_priv() {
+  echo "Creating SNMPv3 user $SNMP_V3_USER with auth $SNMP_V3_AUTH_PROTOCOL and priv $SNMP_V3_PRIV_PROTOCOL"
+
+  echo "createUser $SNMP_V3_USER $SNMP_V3_AUTH_PROTOCOL \"$SNMP_V3_AUTH_PWD\" $SNMP_V3_PRIV_PROTOCOL \"$SNMP_V3_PRIV_PWD\"" \
+    >'/var/lib/net-snmp/snmpd.conf'
+
+  echo "$SNMP_V3_USER_TYPE $SNMP_V3_USER priv" >'/usr/share/snmp/snmpd.conf'
+}
+
+if [ -z "$SNMP_V3_USER_TYPE" ]; then
+  SNMP_V3_USER_TYPE="rouser"
+fi
+
+if [ "$SNMP_V3_USER_TYPE" != "rwuser" ] && [ "$SNMP_V3_USER_TYPE" != "rouser" ]; then
+  echo "SNMP_V3_USER_TYPE is not correct"
+  echo "Updating from '$SNMP_V3_USER_TYPE' to 'rouser'"
+  SNMP_V3_USER_TYPE="rouser"
+fi
+
+if [ -z "$SNMP_V3_AUTH_PROTOCOL" ]; then
+  SNMP_V3_AUTH_PROTOCOL="SHA"
+fi
+
+if [ -z "$SNMP_V3_PRIV_PROTOCOL" ]; then
+  SNMP_V3_PRIV_PROTOCOL="AES"
+fi
+
+if [ -n "$SNMP_V3_USER" ]; then
+  if [ -n "$SNMP_V3_AUTH_PWD" ]; then
+    if [ -n "$SNMP_V3_PRIV_PWD" ]; then
+      create_user_auth_priv
+    else
+      echo "SNMP_V3_PRIV_PWD is not set"
+      create_user_auth
+    fi
+  else
+    echo "SNMP_V3_AUTH_PWD is not set"
+    create_user
+  fi
+else
+  echo "SNMP_V3_USER is not set"
+  echo "User not created"
+fi
+
 ### Start snmpd.
-/usr/sbin/snmpd -f -Lo -C -c /etc/snmp/snmpd.conf
+# /usr/sbin/snmpd -f -Lo -C -c /etc/snmp/snmpd.conf
+/usr/sbin/snmpd -f -Lo
diff --git a/etc/snmp/snmpd.conf b/etc/snmp/snmpd.conf
@@ -49,16 +49,18 @@ view   systemonly  included   .1.3.6.1.2.1.25.1
                                                  #  Full access from the local host
 #rocommunity public  localhost
                                                  #  Default access to basic system info
- rocommunity public  default    -V systemonly
+#rocommunity public  default    -V systemonly
 
                                                  #  Full access from an example network
                                                  #     Adjust this network address to match your local
                                                  #     settings, change the community string,
                                                  #     and check the 'agentAddress' setting above
 #rocommunity secret  10.0.0.0/16
 
+rocommunity public  default
+
                                                  #  Full read-only access for SNMPv3
- rouser   authOnlyUser
+#rouser   authOnlyUser
                                                  #  Full write access for encrypted requests
                                                  #     Remember to activate the 'createUser' lines above
 #rwuser   authPrivUser   priv

diff --git a/test.sh b/test.sh
@@ -1,15 +1,226 @@
 #! /bin/bash
-set -e
-set -x
 
-docker build . --no-cache -t snmpd-container-test
+# set -e
+# set -x
 
-docker run --rm --name snmpd -p 5161:161/udp -d snmpd-container-test
+CODE=0
+
+# Name of the image
+IMAGE_NAME="snmpd-container-test"
+
+# Name of the container
+CONTAINER_NAME="snmpd"
+
+# Host bind address
+HOST="localhost"
+
+# Host bind port
+PORT=5161
+
+# OID for snmpwalk
+WALK=".1.3.6.1.2.1.1"
+
+# OID for snmpget and snmpgetnext
+GET=".1.3.6.1.2.1.1.6.0"
+
+###############
+# Build Image #
+###############
+
+docker build . --no-cache -t "$IMAGE_NAME"
+
+SNMP_V3_USER="testainers"
+
+###########
+# SNMPv2c #
+###########
+
+echo "SNMPv2c"
+docker run --rm --name "$CONTAINER_NAME" -p "$PORT:161/udp" -d "$IMAGE_NAME"
+sleep 2
+
+# SNMPv2c - Walk
+echo "SNMPv2c - Walk"
+snmpwalk -v 2c -c public "$HOST:$PORT" "$WALK" >/dev/null 2>&1
+
+if [ $? -ne 0 ]; then
+  echo "Error: SNMPv2c Walk"
+  CODE=10
+fi
+
+# SNMPv2c - Get
+echo "SNMPv2c - Get"
+RESULT=$(snmpget -v2c -c public -Ovq "$HOST:$PORT" "$GET" | tr -d '"')
+
+if [ "$RESULT" != "At flying circus" ]; then
+  echo "Error: $RESULT"
+  CODE=11
+fi
+
+# SNMPv2c - GetNext
+echo "SNMPv2c - GetNext"
+RESULT=$(snmpgetnext -v2c -c public -Ovq "$HOST:$PORT" "$GET")
+
+if [ "$RESULT" != "72" ]; then
+  echo "Error: $RESULT"
+  CODE=12
+fi
+
+# SNMPv3 - Get - Need to fail
+echo "SNMPv3 - Get"
+snmpget -v3 -Ovq -u "$SNMP_V3_USER" -l noAuthNoPriv \
+  "$HOST:$PORT" "$GET" >/dev/null 2>&1
+
+if [ $? -eq 0 ]; then
+  echo "Error: $RESULT"
+  CODE=13
+fi
+
+# Stop Container
+echo "Stop Container"
+docker stop -t 1 "$CONTAINER_NAME"
+sleep 2
+
+##############################
+# SNMPv3 NO auth and NO priv #
+##############################
+
+# TODO: Add test for SNMPv3 with noAuthNoPriv
+
+################################
+# SNMPv3 with auth and NO priv #
+################################
+
+SNMP_V3_AUTH_PROTOCOL="SHA"
+# SNMP_V3_AUTH_PWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 12 | head -n 1)
+SNMP_V3_AUTH_PWD="a1b2c3d4e5f6"
+
+echo "SNMPv3 with auth and NO priv"
+docker run --rm --name "$CONTAINER_NAME" -p "$PORT:161/udp" -d \
+  -e SNMP_V3_USER=$SNMP_V3_USER \
+  -e SNMP_V3_AUTH_PROTOCOL=$SNMP_V3_AUTH_PROTOCOL \
+  -e SNMP_V3_AUTH_PWD=$SNMP_V3_AUTH_PWD \
+  "$IMAGE_NAME"
+sleep 2
+
+# SNMPv3 - Walk
+echo "SNMPv3 - Walk"
+snmpwalk -v3 -On -u "$SNMP_V3_USER" \
+  -l authNoPriv \
+  -a "$SNMP_V3_AUTH_PROTOCOL" \
+  -A "$SNMP_V3_AUTH_PWD" \
+  "$HOST:$PORT" "$WALK" >/dev/null 2>&1
+
+if [ $? -ne 0 ]; then
+  echo "Error: SNMPv3 Walk"
+  CODE=30
+fi
+
+# SNMPv3 - Get
+echo "SNMPv3 - Get"
+RESULT=$(snmpget -v3 -Ovq -u "$SNMP_V3_USER" \
+  -l authNoPriv \
+  -a "$SNMP_V3_AUTH_PROTOCOL" \
+  -A "$SNMP_V3_AUTH_PWD" \
+  "$HOST:$PORT" "$GET" | tr -d '"')
+
+if [ "$RESULT" != "At flying circus" ]; then
+  echo "Error: $RESULT"
+  CODE=31
+fi
+
+# SNMPv3 - GetNext
+echo "SNMPv3 - GetNext"
+RESULT=$(snmpgetnext -v3 -Ovq -u "$SNMP_V3_USER" \
+  -l authNoPriv \
+  -a "$SNMP_V3_AUTH_PROTOCOL" \
+  -A "$SNMP_V3_AUTH_PWD" \
+  "$HOST:$PORT" "$GET")
+
+if [ "$RESULT" != "72" ]; then
+  echo "Error: $RESULT"
+  CODE=32
+fi
+
+# Stop Container
+echo "Stop Container"
+docker stop -t 1 "$CONTAINER_NAME"
+
+sleep 2
+
+#####################################
+# SNMPv3 with auth and with privacy #
+#####################################
+
+SNMP_V3_PRIV_PROTOCOL="AES"
+# SNMP_V3_PRIV_PWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 12 | head -n 1)
+SNMP_V3_PRIV_PWD="f6e5d4c3b2a1"
+
+echo "SNMPv3 with auth and with privacy"
+docker run --rm --name "$CONTAINER_NAME" -p "$PORT:161/udp" -d \
+  -e SNMP_V3_USER=$SNMP_V3_USER \
+  -e SNMP_V3_AUTH_PROTOCOL=$SNMP_V3_AUTH_PROTOCOL \
+  -e SNMP_V3_AUTH_PWD=$SNMP_V3_AUTH_PWD \
+  -e SNMP_V3_PRIV_PROTOCOL=$SNMP_V3_PRIV_PROTOCOL \
+  -e SNMP_V3_PRIV_PWD=$SNMP_V3_PRIV_PWD \
+  "$IMAGE_NAME"
+sleep 2
+
+# SNMPv3 - Walk
+echo "SNMPv3 - Walk"
+snmpwalk -v3 -On -u "$SNMP_V3_USER" \
+  -l authPriv \
+  -a "$SNMP_V3_AUTH_PROTOCOL" \
+  -A "$SNMP_V3_AUTH_PWD" \
+  -x "$SNMP_V3_PRIV_PROTOCOL" \
+  -X "$SNMP_V3_PRIV_PWD" \
+  "$HOST:$PORT" "$WALK" >/dev/null 2>&1
+
+if [ $? -ne 0 ]; then
+  echo "Error: SNMPv3 Walk"
+  CODE=40
+fi
+
+# SNMPv3 - Get
+echo "SNMPv3 - Get"
+RESULT=$(snmpget -v3 -Ovq -u "$SNMP_V3_USER" \
+  -l authPriv \
+  -a "$SNMP_V3_AUTH_PROTOCOL" \
+  -A "$SNMP_V3_AUTH_PWD" \
+  -x "$SNMP_V3_PRIV_PROTOCOL" \
+  -X "$SNMP_V3_PRIV_PWD" \
+  "$HOST:$PORT" "$GET" | tr -d '"')
+
+if [ "$RESULT" != "At flying circus" ]; then
+  echo "Error: $RESULT"
+  CODE=41
+fi
+
+# SNMPv3 - GetNext
+echo "SNMPv3 - GetNext"
+RESULT=$(snmpgetnext -v3 -Ovq -u "$SNMP_V3_USER" \
+  -l authPriv \
+  -a "$SNMP_V3_AUTH_PROTOCOL" \
+  -A "$SNMP_V3_AUTH_PWD" \
+  -x "$SNMP_V3_PRIV_PROTOCOL" \
+  -X "$SNMP_V3_PRIV_PWD" \
+  "$HOST:$PORT" "$GET")
+
+if [ "$RESULT" != "72" ]; then
+  echo "Error: $RESULT"
+  CODE=42
+fi
+
+# Stop container
+echo "Stop Container"
+docker stop -t 1 "$CONTAINER_NAME"
 
 sleep 2
 
-snmpwalk -v 2c -c public localhost:5161 .
+################
+# Remove Image #
+################
 
-docker stop -t 1 snmpd
+docker image rm "$IMAGE_NAME"
 
-docker image rm snmpd-container-test
+exit $CODE
diff --git a/version.yaml b/version.yaml
@@ -1 +1 @@
-version: 0.0.1
+version: 0.0.2