PR#2: Add CI tests using the standard test interface - rpms/pam

rpms / pam

#2 Add CI tests using the standard test interface

Merged 6 years ago by tmraz. Opened 6 years ago by sturivny.

git://fedorapeople.org/~sturivny/pam tests into master

Add CI tests using the standard test interface

Serhii Turivny • 6 years ago

4dc6ede

tests/Test-coverage-for-TTY-auditing/Makefile

file added

+71

		`@@ -0,0 +1,71 @@`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Makefile of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing`
		`+ # Description: Test for Test coverage for TTY auditing`
		`+ # Author: Dalibor Pospisil <dapospis@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2012 Red Hat, Inc. All rights reserved.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ export TEST=/CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing`
		`+ export TESTVERSION=1.0`
		`+`
		`+ BUILT_FILES=`
		`+`
		`+ FILES=$(METADATA) runtest.sh Makefile PURPOSE`
		`+`
		`+ .PHONY: all install download clean`
		`+`
		`+ run: $(FILES) build`
		`+ ./runtest.sh`
		`+`
		`+ build: $(BUILT_FILES)`
		`+ @test -x runtest.sh \|\| chmod a+x runtest.sh`
		`+ @if [ -e /usr/share/beakerlib/plugins/try-check-final.sh ]; then \`
		`+ /usr/share/beakerlib/plugins/try-check-final.sh verify_plugin; \`
		`+ elif [ -e /mnt/tests/CoreOS/beaker/plugin-tcf/try-check-final.sh ]; then \`
		`+ /mnt/tests/CoreOS/beaker/plugin-tcf/try-check-final.sh verify_plugin; \`
		`+ elif [ -e /mnt/qa/scratch/dapospis/try-check-final.sh ]; then \`
		`+ /mnt/qa/scratch/dapospis/try-check-final.sh verify_plugin; \`
		`+ fi;`
		`+`
		`+ clean:`
		`+ rm -f *~ $(BUILT_FILES)`
		`+`
		`+`
		`+ include /usr/share/rhts/lib/rhts-make.include`
		`+`
		`+ $(METADATA): Makefile`
		`+ @echo "Owner: Dalibor Pospisil <dapospis@redhat.com>" > $(METADATA)`
		`+ @echo "Name: $(TEST)" >> $(METADATA)`
		`+ @echo "TestVersion: $(TESTVERSION)" >> $(METADATA)`
		`+ @echo "RhtsRequires: test(/CoreOS/beaker/plugin-tcf)" >> $(METADATA)`
		`+ @echo "Path: $(TEST_DIR)" >> $(METADATA)`
		`+ @echo "Description: Test for Test coverage for TTY auditing" >> $(METADATA)`
		`+ @echo "Type: Sanity" >> $(METADATA)`
		`+ @echo "TestTime: 5m" >> $(METADATA)`
		`+ @echo "RunFor: pam" >> $(METADATA)`
		`+ @echo "Requires: pam /usr/bin/bc /usr/bin/expect /usr/bin/pcregrep" >> $(METADATA)`
		`+ @echo "Priority: Normal" >> $(METADATA)`
		`+ @echo "License: GPLv2" >> $(METADATA)`
		`+ @echo "Confidential: no" >> $(METADATA)`
		`+ @echo "Destructive: no" >> $(METADATA)`
		`+`
		`+ rhts-lint $(METADATA)`

tests/Test-coverage-for-TTY-auditing/PURPOSE

file added

		`@@ -0,0 +1,4 @@`
		`+ PURPOSE of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing`
		`+ Description: Test for Test coverage for TTY auditing`
		`+ Author: Dalibor Pospisil <dapospis@redhat.com>`
		`+ Bug summary: Test coverage for TTY auditing`

tests/Test-coverage-for-TTY-auditing/runtest.sh

file added

+119

		`@@ -0,0 +1,119 @@`
		`+ #!/bin/bash`
		`+ # vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # runtest.sh of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing`
		`+ # Description: Test for Test coverage for TTY auditing`
		`+ # Author: Dalibor Pospisil <dapospis@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2012 Red Hat, Inc. All rights reserved.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ # Include Beaker environment`
		`+ . /usr/bin/rhts-environment.sh`
		`+ . /usr/lib/beakerlib/beakerlib.sh`
		`+`
		`+ PACKAGES="pam"`
		`+ BINARIES="pcregrep expect bc"`
		`+`
		`+ rlJournalStart &&{`
		`+ rlPhaseStartSetup &&{`
		`+ rlTry "Setup phase" && {`
		`+ for PACKAGE in $PACKAGES; do`
		`+ rlAssertRpm $PACKAGE`
		`+ done`
		`+ for BINARY in $BINARIES; do`
		`+ rlRun "which $BINARY" 0 "Check presence of $BINARY"`
		`+ done`
		`+ rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"`
		`+ rlRun "pushd $TmpDir"`
		`+ rlFileBackup --clean /etc/pam.d/`
		`+ rlRun "echo 'session required pam_tty_audit.so disable=* enable=root' >>/etc/pam.d/system-auth"`
		`+ rlRun "cat /etc/pam.d/system-auth"`
		`+ rlFin; }`
		`+ rlPhaseEnd;}`
		`+`
		`+ rlPhaseStartTest &&{`
		`+ rlTry "Test phase" && {`
		`+ rlTry "backup audit.log" &&{`
		`+ cat /var/log/audit/audit.log >./audit.log`
		`+ rlFin; }`
		`+ unalias su >& /dev/null`
		`+ rlTry "su root, bc some expressions" &&{`
		`+ expect <<EOF`
		`+ set env(TERM) vt100`
		`+ set timeout 5`
		`+ spawn su -l root`
		`+ expect {`
		`+ timeout { exit 2 }`
		`+ eof { exit 1 }`
		`+ "#" { send -- "bc\r" }`
		`+ }`
		`+ expect -re "For details type .warranty.." { send -- "1+1\r" }`
		`+ expect {`
		`+ timeout { exit 2 }`
		`+ eof { exit 1 }`
		`+ "2" { send -- "10^2\r" }`
		`+ }`
		`+ expect {`
		`+ timeout { exit 2 }`
		`+ eof { exit 1 }`
		`+ "100" { send -- "\033\[A\033\[A\r" }`
		`+ }`
		`+ expect {`
		`+ timeout { exit 2 }`
		`+ eof { exit 1 }`
		`+ "2" { send -- "quit\r" }`
		`+ }`
		`+ expect {`
		`+ timeout { exit 2 }`
		`+ eof { exit 1 }`
		`+ "#" { send -- "exit\r" }`
		`+ }`
		`+ expect {`
		`+ timeout { exit 2 }`
		`+ eof { exit 0 }`
		`+ }`
		`+ EOF`
		`+ rlFin; }`
		`+ rlTry &&{`
		`+ rlLog "wait 3s"`
		`+ sleep 3s`
		`+ rlFin; }`
		`+ rlRun "diff ./audit.log /var/log/audit/audit.log \| grep '>' \| sed -e 's/> //' \| tee ./log" 0-255`
		`+ rlChk "check that audit.log contains what it should" &&{`
		`+ aureport --tty -ts recent -if ./log \|tee log.txt`
		`+ rlRun "pcregrep -M 'bc \"1\+1\",(<ret>\|<nl>)(\n\|\r)?.\"10\^2\",(<ret>\|<nl>)(\r\|\n)?.<up>,<up>,(<ret>\|<nl>)' log.txt"`
		`+ rlFin; }`
		`+ rlFin; }`
		`+ #PS1="[test] " bash`
		`+ rlPhaseEnd;}`
		`+`
		`+ rlPhaseStartCleanup &&{`
		`+ rlChk "Cleanup phase" && {`
		`+ rlFileRestore`
		`+ rlRun "popd"`
		`+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"`
		`+ rlFin; }`
		`+ rlTCFcheckFinal`
		`+ rlPhaseEnd;}`
		`+`
		`+ rlJournalPrintText`
		`+ rlJournalEnd;}`

tests/pam_unix/Makefile

file added

+70

		`@@ -0,0 +1,70 @@`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Makefile of /CoreOS/pam/Sanity/pam_unix`
		`+ # Description: Test for module pam_unix`
		`+ # Author: David Spurek <dspurek@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2012 Red Hat, Inc. All rights reserved.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ export TEST=/CoreOS/pam/Sanity/pam_unix`
		`+ export TESTVERSION=1.0`
		`+`
		`+ BUILT_FILES=`
		`+`
		`+ FILES=$(METADATA) runtest.sh Makefile PURPOSE`
		`+`
		`+ .PHONY: all install download clean`
		`+`
		`+ run: $(FILES) build`
		`+ ./runtest.sh`
		`+`
		`+ build: $(BUILT_FILES)`
		`+ test -x runtest.sh \|\| chmod a+x runtest.sh`
		`+`
		`+ clean:`
		`+ rm -f *~ $(BUILT_FILES)`
		`+`
		`+`
		`+ include /usr/share/rhts/lib/rhts-make.include`
		`+`
		`+ $(METADATA): Makefile`
		`+ @echo "Owner: David Spurek <dspurek@redhat.com>" > $(METADATA)`
		`+ @echo "Name: $(TEST)" >> $(METADATA)`
		`+ @echo "TestVersion: $(TESTVERSION)" >> $(METADATA)`
		`+ @echo "Path: $(TEST_DIR)" >> $(METADATA)`
		`+ @echo "Description: Test for module pam_unix" >> $(METADATA)`
		`+ @echo "Type: Sanity" >> $(METADATA)`
		`+ @echo "TestTime: 15m" >> $(METADATA)`
		`+ @echo "RunFor: pam" >> $(METADATA)`
		`+ @echo "RhtsRequires: library(distribution/ConditionalPhases)" >> $(METADATA)`
		`+ @echo "RhtsRequires: library(distribution/dpcommon)" >> $(METADATA)`
		`+ @echo "RhtsRequires: library(distribution/testUser)" >> $(METADATA)`
		`+ @echo "RhtsRequires: library(openssh/basic)" >> $(METADATA)`
		`+ @echo "RhtsRequires: library(pam/basic)" >> $(METADATA)`
		`+ @echo "Requires: pam" >> $(METADATA)`
		`+ @echo "Requires: expect" >> $(METADATA)`
		`+ @echo "Requires: openssh-server openssh-clients" >> $(METADATA)`
		`+ @echo "Priority: Normal" >> $(METADATA)`
		`+ @echo "License: GPLv2" >> $(METADATA)`
		`+ @echo "Confidential: no" >> $(METADATA)`
		`+ @echo "Destructive: no" >> $(METADATA)`
		`+`
		`+ rhts-lint $(METADATA)`

tests/pam_unix/PURPOSE

file added

		`@@ -0,0 +1,3 @@`
		`+ PURPOSE of /CoreOS/pam/Sanity/pam_unix`
		`+ Description: Test for module pam_unix`
		`+ Author: David Spurek <dspurek@redhat.com>`

tests/pam_unix/runtest.sh

file added

+174

		`@@ -0,0 +1,174 @@`
		`+ #!/bin/bash`
		`+ # vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # runtest.sh of /CoreOS/pam/Sanity/pam_unix`
		`+ # Description: Test for module pam_unix`
		`+ # Author: David Spurek <dspurek@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2012 Red Hat, Inc. All rights reserved.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ # Include Beaker environment`
		`+ . /usr/bin/rhts-environment.sh`
		`+ . /usr/share/beakerlib/beakerlib.sh`
		`+`
		`+ PACKAGE="pam"`
		`+`
		`+ PACKAGES=( "pam" "expect" )`
		`+`
		`+ _PASSWORD1="jf@#Faffo"`
		`+ _PASSWORD2="0m4nchU!!F"`
		`+`
		`+ function do_passwd {`
		`+ expect <<EOF`
		`+ set timeout 5`
		`+ spawn -noecho su $1 -c passwd`
		`+ expect {`
		`+ timeout {puts timeout; exit 1}`
		`+ eof {exit 2}`
		`+ -nocase "(current)*password" { puts "$2"; send -- "$2\r"}`
		`+ }`
		`+ expect {`
		`+ timeout {puts timeout; exit 1}`
		`+ eof {exit 3}`
		`+ -nocase "new*password" { puts "$3"; send -- "$3\r"}`
		`+ }`
		`+ expect {`
		`+ timeout {puts timeout; exit 1}`
		`+ eof {exit 4}`
		`+ -nocase "has been already used" { puts "exit 6" ; exit 6}`
		`+ -nocase "retype*password" { puts "$3"; send -- "$3\r"}`
		`+ }`
		`+ expect {`
		`+ timeout {exit 5}`
		`+ -nocase "has been already used" { puts "exit 6" ; exit 6}`
		`+ eof`
		`+ }`
		`+ puts "end"`
		`+ EOF`
		`+ }`
		`+`
		`+`
		`+ rlJournalStart && {`
		`+ rlPhaseStartSetup && {`
		`+ tcfTry "Setup phase" && {`
		`+ tcfRun "rlCheckMakefileRequires"`
		`+ rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"`
		`+ CleanupRegister "rlRun 'rm -r $TmpDir' 0 'Removing tmp directory'"`
		`+ CleanupRegister 'rlRun "popd"'`
		`+ rlRun "pushd $TmpDir"`
		`+ CleanupRegister 'rlRun "pamCleanup"'`
		`+ rlRun "pamSetup"`
		`+ CleanupRegister 'rlRun "rlFileRestore"'`
		`+ rlFileBackup "/etc/security/opasswd" && >/etc/security/opasswd`
		`+ tcfFin; }`
		`+ rlPhaseEnd; }`
		`+`
		`+ tcfTry "Tests" --no-assert && {`
		`+ tcfChk && {`
		`+ rlPhaseStartTest "test option remember" && {`
		`+ tcfChk "setup" && {`
		`+ CleanupRegister --mark 'rlRun "testUserCleanup"'`
		`+ rlRun "testUserSetup 2"`
		`+ PWA=( ':3533tjh^397:~21081^p@w!~18374_0' ':4273tjh^397:~3709^p@w!~19467_1' ':31388tjh^397:~32486^p@w!~12258_2' ':10233tjh^397:~620^p@w!~19779_3' ':26151tjh^397:~8077^p@w!~29968_4' ':26593tjh^397:~4665^p@w!~16428_5' ':23163tjh^397:~16784^p@w!~4822_6' ':4065tjh^397:~14355^p@w!~4119_7' ':16312tjh^397:~30577^p@w!~26223_8' )`
		`+ rlRun "echo ${PWA[0]} \| passwd --stdin ${testUser[1]}"`
		`+ CleanupRegister 'rlRun "pamRestoreFiles"'`
		`+ rlRun "pamBackupFiles"`
		`+ #rlRun "sed -i -e 's/^password\s\+sufficient\s\+pam_unix.so/\0 remember=5/' $sys_auth"`
		`+ rlRun "pamReplaceServiceModuleRule su password pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) remember=5'"`
		`+ #rlRun "cat $sys_auth"`
		`+ rlRun "pamGetServiceRules --prefix su password"`
		`+ tcfFin; }`
		`+`
		`+ tcfTry "test remember option" && {`
		`+ NEWPW=${PWA[0]}`
		+ for i in `seq 6`; do
		`+ rlLog "change passwrd #$i"`
		`+ OLDPW=$NEWPW; NEWPW=${PWA[$i]}`
		`+ rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0`
		`+ done`
		`+`
		`+ rlLog "change passwrd #$i"`
		`+ rlLog "Try change to password that have been alredy used (should fail)"`
		`+ OLDPW=$NEWPW;`
		`+ rlRun "do_passwd ${testUser[1]} ${OLDPW} ${PWA[1]}" 6`
		`+`
		`+ for i in 7 8 1; do`
		`+ rlLog "change passwrd #$i"`
		`+ OLDPW=$NEWPW; NEWPW=${PWA[$i]}`
		`+ rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0`
		`+ done`
		`+ tcfFin; }`
		`+`
		`+ tcfTry "test vhange the password to a previous password of test1" && {`
		`+ # change the password to a previous password of test1, the password change should be allowed.`
		`+ rlLog "Change the password to a previous password of test1, the password change should be allowed"`
		`+ echo ${PWA[0]} \| passwd --stdin $testUser`
		`+ rlRun "do_passwd $testUser ${PWA[0]} ${PWA[5]}" 0`
		`+ tcfFin; }`
		`+`
		`+ tcfChk "cleanup" && {`
		`+ CleanupDo --mark`
		`+ tcfFin; }`
		`+ rlPhaseEnd; }; :`
		`+ tcfFin; }`
		`+`
		`+ # Run the test for >=RHEL-6.9 and >=RHEL-7.3 and <>RHEL(Fedora)`
		`+ ! rlIsRHEL '<6.9' && { ! rlIsRHEL '<7.3' \|\| rlIsRHEL 6; } && tcfChk && {`
		`+ rlPhaseStartTest "test option no_pass_expiry" && {`
		`+ tcfChk "setup" && {`
		`+ CleanupRegister --mark 'rlRun "testUserCleanup"'`
		`+ rlRun "testUserSetup"`
		`+ CleanupRegister 'rlRun "sshCleanup"'`
		`+ rlRun "sshSetup"`
		`+ rlRun "sshKeyGen"`
		`+ rlRun "sshCopyID --user $testUser --password $testUserPasswd"`
		`+ CleanupRegister 'rlRun "sshdRestore"'`
		`+ rlRun "sshdStart"`
		`+ CleanupRegister 'rlRun "pamRestoreFiles"'`
		`+ rlRun "pamBackupFiles"`
		`+ rlRun "pamGetServiceRules --prefix su account"`
		`+ tcfFin; }`
		`+`
		`+ tcfTry "test" && {`
		`+ rlRun "sshRun --user $testUser --key 'id'"`
		`+ rlRun "chage -d 0 $testUser"`
		`+ rlRun "sshRun --user $testUser --key 'id'" 1-255`
		`+ rlRun "pamReplaceServiceModuleRule sshd account pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) no_pass_expiry'"`
		`+ rlRun "pamGetServiceRules --prefix sshd account"`
		`+ rlRun "sshRun --user $testUser --key 'id'"`
		`+ tcfFin; }`
		`+`
		`+ tcfChk "cleanup" && {`
		`+ CleanupDo --mark`
		`+ tcfFin; }`
		`+ rlPhaseEnd; }; :`
		`+ tcfFin; }; :`
		`+ tcfFin; }`
		`+`
		`+ rlPhaseStartCleanup && {`
		`+ tcfChk "Cleanup phase" && {`
		`+ CleanupDo`
		`+ tcfFin; }`
		`+ tcfCheckFinal`
		`+ rlPhaseEnd; }`
		`+ rlJournalPrintText`
		`+ rlJournalEnd; }`

tests/tests.yml

file added

+33

		`@@ -0,0 +1,33 @@`
		`+ ---`
		`+ # Tests that run in classic context`
		`+ - hosts: localhost`
		`+ roles:`
		`+ - role: standard-test-beakerlib`
		`+ tags:`
		`+ - classic`
		`+ tests:`
		`+ - pam_unix`
		`+ - Test-coverage-for-TTY-auditing`
		`+ required_packages:`
		`+ - bc`
		`+ - expect`
		`+ - findutils # beakerlib needs find command`
		`+ - openssh-clients`
		`+ - openssh-server`
		`+ - pam`
		`+ - pcre-tools`
		`+`
		`+ # Tests that run in container context`
		`+ - hosts: localhost`
		`+ roles:`
		`+ - role: standard-test-beakerlib`
		`+ tags:`
		`+ - container`
		`+ tests:`
		`+ - Test-coverage-for-TTY-auditing`
		`+ required_packages:`
		`+ - bc`
		`+ - expect`
		`+ - findutils # beakerlib needs find command`
		`+ - pam`
		`+ - pcre-tools`

no initial comment

sturivny commented 6 years ago

Justification

Adds tests according to the CI wiki specifically the standard test interface in the spec.

The playbook includes Tier1 level test cases that have been tested in the following contexts and is passing reliably: Classic and Container. Test logs are stored in the artifacts directory.

The following steps are used to execute the tests using the standard test interface:

Test enveronment

Make sure you have installed packages from the spec

$ rpm -q ansible python2-dnf libselinux-python standard-test-roles
ansible-2.3.2.0-1.fc26.noarch
python2-dnf-2.6.3-11.fc26.noarch
libselinux-python-2.6-7.fc26.x86_64
standard-test-roles-2.4-1.fc26.noarch

Run tests for Classic

$ export TEST_SUBJECTS=
$ sudo ansible-playbook --tags classic tests.yml

Snip of the example test run:

TASK [standard-test-beakerlib : Check the results] ************************************
changed: [localhost]
PLAY RECAP ****************************************************************************
localhost                  : ok=15   changed=9    unreachable=0    failed=0

Run tests for Container

$ export TEST_SUBJECTS=docker:docker.io/library/fedora:26
$ sudo ansible-playbook --tags=container tests.yml

Snip of the example test run:

TASK [standard-test-beakerlib : Check the results] ****************************************************************************************
changed: [ed021fcff70ff478a2bc76f8d7ca81405b234dd81ade8105d0c4b60928e0164d]

PLAY RECAP *****************************************************************************
ed021fcff70ff478a2bc76f8d7ca81405b234dd81ade8105d0c4b60928e0164d : ok=15   changed=11   unreachable=0    failed=0

Notes

Tests will be enabled in CI, yet gating is currently disabled, so nothing will change. Tests will run on each dist-git commit, they are not triggered on koji builds and if you are using FMN, it should notify you of failures normally.

The RH QE maintainer contact in case you have questions: ksrot @redhat.com
The idea is that these tests become yours just as you're maintaining the package, there will of course be people around if you have questions or troubles.