Add CI tests using the standard test interface

Adds tests according to the CI wiki [0] specifically the standard test interface in the spec [1]. [0] https://fedoraproject.org/wiki/CI [1] https://fedoraproject.org/wiki/Changes/InvokingTests
2017-10-04 17:57:38 +03:00 · 2017-10-04 17:57:38 +03:00 · 4dc6ede4b5
parent 64bde25a45
commit 4dc6ede4b5
7 changed files with 474 additions and 0 deletions
--- a/tests/Test-coverage-for-TTY-auditing/Makefile
+++ b/tests/Test-coverage-for-TTY-auditing/Makefile
@ -0,0 +1,71 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing
+#   Description: Test for Test coverage for TTY auditing
+#   Author: Dalibor Pospisil <dapospis@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2012 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+export TEST=/CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	@test -x runtest.sh || chmod a+x runtest.sh
+	@if [ -e /usr/share/beakerlib/plugins/try-check-final.sh ]; then \
+	  /usr/share/beakerlib/plugins/try-check-final.sh verify_plugin; \
+	elif [ -e /mnt/tests/CoreOS/beaker/plugin-tcf/try-check-final.sh ]; then \
+	  /mnt/tests/CoreOS/beaker/plugin-tcf/try-check-final.sh verify_plugin; \
+	elif [ -e /mnt/qa/scratch/dapospis/try-check-final.sh ]; then \
+	  /mnt/qa/scratch/dapospis/try-check-final.sh verify_plugin; \
+	fi;
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+
+include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           Dalibor Pospisil <dapospis@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "RhtsRequires:    test(/CoreOS/beaker/plugin-tcf)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     Test for Test coverage for TTY auditing" >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        5m" >> $(METADATA)
+	@echo "RunFor:          pam" >> $(METADATA)
+	@echo "Requires:        pam /usr/bin/bc /usr/bin/expect /usr/bin/pcregrep" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+
+	rhts-lint $(METADATA)
--- a/tests/Test-coverage-for-TTY-auditing/PURPOSE
+++ b/tests/Test-coverage-for-TTY-auditing/PURPOSE
@ -0,0 +1,4 @@
+PURPOSE of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing
+Description: Test for Test coverage for TTY auditing
+Author: Dalibor Pospisil <dapospis@redhat.com>
+Bug summary: Test coverage for TTY auditing
--- a/tests/Test-coverage-for-TTY-auditing/runtest.sh
+++ b/tests/Test-coverage-for-TTY-auditing/runtest.sh
@ -0,0 +1,119 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing
+#   Description: Test for Test coverage for TTY auditing
+#   Author: Dalibor Pospisil <dapospis@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2012 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/bin/rhts-environment.sh
+. /usr/lib/beakerlib/beakerlib.sh
+
+PACKAGES="pam"
+BINARIES="pcregrep expect bc"
+
+rlJournalStart &&{
+  rlPhaseStartSetup &&{
+    rlTry "Setup phase" && {
+      for PACKAGE in $PACKAGES; do
+        rlAssertRpm $PACKAGE
+      done
+      for BINARY in $BINARIES; do
+        rlRun "which $BINARY" 0 "Check presence of $BINARY"
+      done
+      rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+      rlRun "pushd $TmpDir"
+      rlFileBackup --clean /etc/pam.d/
+      rlRun "echo 'session   required pam_tty_audit.so disable=* enable=root' >>/etc/pam.d/system-auth"
+      rlRun "cat /etc/pam.d/system-auth"
+    rlFin; }
+  rlPhaseEnd;}
+
+  rlPhaseStartTest &&{
+    rlTry "Test phase" && {
+      rlTry "backup audit.log" &&{
+        cat /var/log/audit/audit.log >./audit.log
+      rlFin; }
+      unalias su >& /dev/null
+      rlTry "su root, bc some expressions" &&{
+        expect <<EOF
+          set env(TERM) vt100
+          set timeout 5
+          spawn su -l root
+          expect {
+            timeout { exit 2 }
+            eof { exit 1 }
+            "#" { send -- "bc\r" }
+          }
+          expect -re "For details type .warranty.." { send -- "1+1\r" }
+          expect {
+            timeout { exit 2 }
+            eof { exit 1 }
+            "2" { send -- "10^2\r" }
+          }
+          expect {
+            timeout { exit 2 }
+            eof { exit 1 }
+            "100" { send -- "\033\[A\033\[A\r" }
+          }
+          expect {
+            timeout { exit 2 }
+            eof { exit 1 }
+            "2" { send -- "quit\r" }
+          }
+          expect {
+            timeout { exit 2 }
+            eof { exit 1 }
+            "#" { send -- "exit\r" }
+          }
+          expect {
+            timeout { exit 2 }
+            eof { exit 0 }
+          }
+EOF
+      rlFin; }
+      rlTry &&{
+        rlLog "wait 3s"
+        sleep 3s
+      rlFin; }
+      rlRun "diff ./audit.log /var/log/audit/audit.log | grep '>' | sed -e 's/> //' | tee ./log" 0-255
+      rlChk "check that audit.log contains what it should" &&{
+        aureport --tty -ts recent -if ./log |tee log.txt
+        rlRun "pcregrep -M 'bc \"1\+1\",(<ret>|<nl>)(\n|\r)?.*\"10\^2\",(<ret>|<nl>)(\r|\n)?.*<up>,<up>,(<ret>|<nl>)' log.txt"
+      rlFin; }
+    rlFin; }
+    #PS1="[test] " bash
+  rlPhaseEnd;}
+
+  rlPhaseStartCleanup &&{
+    rlChk "Cleanup phase" && {
+      rlFileRestore
+      rlRun "popd"
+      rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+    rlFin; }
+    rlTCFcheckFinal
+  rlPhaseEnd;}
+
+  rlJournalPrintText
+rlJournalEnd;}
--- a/tests/pam_unix/Makefile
+++ b/tests/pam_unix/Makefile
@ -0,0 +1,70 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /CoreOS/pam/Sanity/pam_unix
+#   Description: Test for module pam_unix
+#   Author: David Spurek <dspurek@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2012 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+export TEST=/CoreOS/pam/Sanity/pam_unix
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+
+include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           David Spurek <dspurek@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     Test for module pam_unix" >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        15m" >> $(METADATA)
+	@echo "RunFor:          pam" >> $(METADATA)
+	@echo "RhtsRequires:    library(distribution/ConditionalPhases)" >> $(METADATA)
+	@echo "RhtsRequires:    library(distribution/dpcommon)" >> $(METADATA)
+	@echo "RhtsRequires:    library(distribution/testUser)" >> $(METADATA)
+	@echo "RhtsRequires:    library(openssh/basic)" >> $(METADATA)
+	@echo "RhtsRequires:    library(pam/basic)" >> $(METADATA)
+	@echo "Requires:        pam" >> $(METADATA)
+	@echo "Requires:        expect" >> $(METADATA)
+	@echo "Requires:        openssh-server openssh-clients" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+
+	rhts-lint $(METADATA)
--- a/tests/pam_unix/PURPOSE
+++ b/tests/pam_unix/PURPOSE
@ -0,0 +1,3 @@
+PURPOSE of /CoreOS/pam/Sanity/pam_unix
+Description: Test for module pam_unix
+Author: David Spurek <dspurek@redhat.com>
--- a/tests/pam_unix/runtest.sh
+++ b/tests/pam_unix/runtest.sh
@ -0,0 +1,174 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/pam/Sanity/pam_unix
+#   Description: Test for module pam_unix
+#   Author: David Spurek <dspurek@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2012 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+
+PACKAGE="pam"
+
+PACKAGES=( "pam" "expect" )
+
+_PASSWORD1="jf@#Faffo"
+_PASSWORD2="0m4nchU!!F"
+
+function do_passwd {
+expect <<EOF
+set timeout 5
+spawn -noecho su $1 -c passwd
+expect {
+    timeout {puts timeout; exit 1}
+    eof {exit 2}
+    -nocase "(current)*password" { puts "$2"; send -- "$2\r"}
+}
+expect {
+    timeout {puts timeout; exit 1}
+    eof {exit 3}
+    -nocase "new*password" { puts "$3"; send -- "$3\r"}
+}
+expect {
+    timeout {puts timeout; exit 1}
+    eof {exit 4}
+    -nocase "has been already used" { puts "exit 6" ; exit 6}
+    -nocase "retype*password" { puts "$3"; send -- "$3\r"}
+}
+expect {
+    timeout {exit 5}
+    -nocase "has been already used" { puts "exit 6" ; exit 6}
+    eof
+}
+puts "end"
+EOF
+}
+
+
+rlJournalStart && {
+  rlPhaseStartSetup && {
+    tcfTry "Setup phase" && {
+      tcfRun "rlCheckMakefileRequires"
+      rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+      CleanupRegister "rlRun 'rm -r $TmpDir' 0 'Removing tmp directory'"
+      CleanupRegister 'rlRun "popd"'
+      rlRun "pushd $TmpDir"
+      CleanupRegister 'rlRun "pamCleanup"'
+      rlRun "pamSetup"
+      CleanupRegister 'rlRun "rlFileRestore"'
+      rlFileBackup "/etc/security/opasswd" && >/etc/security/opasswd
+    tcfFin; }
+  rlPhaseEnd; }
+
+  tcfTry "Tests" --no-assert && {
+    tcfChk && {
+     rlPhaseStartTest "test option remember" && {
+      tcfChk "setup" && {
+        CleanupRegister --mark 'rlRun "testUserCleanup"'
+        rlRun "testUserSetup 2"
+        PWA=( ':3533tjh^397*:~21081^*p@w!~18374_0' ':4273tjh^397*:~3709^*p@w!~19467_1' ':31388tjh^397*:~32486^*p@w!~12258_2' ':10233tjh^397*:~620^*p@w!~19779_3' ':26151tjh^397*:~8077^*p@w!~29968_4' ':26593tjh^397*:~4665^*p@w!~16428_5' ':23163tjh^397*:~16784^*p@w!~4822_6' ':4065tjh^397*:~14355^*p@w!~4119_7' ':16312tjh^397*:~30577^*p@w!~26223_8' )
+        rlRun "echo ${PWA[0]} | passwd --stdin ${testUser[1]}"
+        CleanupRegister 'rlRun "pamRestoreFiles"'
+        rlRun "pamBackupFiles"
+        #rlRun "sed -i -e 's/^password\s\+sufficient\s\+pam_unix.so/\0 remember=5/' $sys_auth"
+        rlRun "pamReplaceServiceModuleRule su password pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) remember=5'"
+        #rlRun "cat $sys_auth"
+        rlRun "pamGetServiceRules --prefix su password"
+      tcfFin; }
+
+      tcfTry "test remember option" && {
+        NEWPW=${PWA[0]}
+        for i in `seq 6`; do
+          rlLog "change passwrd #$i"
+          OLDPW=$NEWPW; NEWPW=${PWA[$i]}
+          rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0
+        done
+
+        rlLog "change passwrd #$i"
+        rlLog "Try change to password that have been alredy used (should fail)"
+        OLDPW=$NEWPW;
+        rlRun "do_passwd ${testUser[1]} ${OLDPW} ${PWA[1]}" 6
+
+        for i in 7 8 1; do
+          rlLog "change passwrd #$i"
+          OLDPW=$NEWPW; NEWPW=${PWA[$i]}
+          rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0
+        done
+      tcfFin; }
+
+      tcfTry "test vhange the password to a previous password of test1" && {
+        # change the password to a previous password of test1, the password change should be allowed.
+        rlLog "Change the password to a previous password of test1, the password change should be allowed"
+        echo ${PWA[0]} | passwd --stdin $testUser
+        rlRun "do_passwd $testUser ${PWA[0]} ${PWA[5]}" 0
+      tcfFin; }
+
+      tcfChk "cleanup" && {
+        CleanupDo --mark
+      tcfFin; }
+     rlPhaseEnd; }; :
+    tcfFin; }
+
+    # Run the test for >=RHEL-6.9 and >=RHEL-7.3 and <>RHEL(Fedora)
+    ! rlIsRHEL '<6.9' && { ! rlIsRHEL '<7.3' || rlIsRHEL 6; } && tcfChk && {
+     rlPhaseStartTest "test option no_pass_expiry" && {
+      tcfChk "setup" && {
+        CleanupRegister --mark 'rlRun "testUserCleanup"'
+        rlRun "testUserSetup"
+        CleanupRegister 'rlRun "sshCleanup"'
+        rlRun "sshSetup"
+        rlRun "sshKeyGen"
+        rlRun "sshCopyID --user $testUser --password $testUserPasswd"
+        CleanupRegister 'rlRun "sshdRestore"'
+        rlRun "sshdStart"
+        CleanupRegister 'rlRun "pamRestoreFiles"'
+        rlRun "pamBackupFiles"
+        rlRun "pamGetServiceRules --prefix su account"
+      tcfFin; }
+
+      tcfTry "test" && {
+        rlRun "sshRun --user $testUser --key 'id'"
+        rlRun "chage -d 0 $testUser"
+        rlRun "sshRun --user $testUser --key 'id'" 1-255
+        rlRun "pamReplaceServiceModuleRule sshd account pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) no_pass_expiry'"
+        rlRun "pamGetServiceRules --prefix sshd account"
+        rlRun "sshRun --user $testUser --key 'id'"
+      tcfFin; }
+
+      tcfChk "cleanup" && {
+        CleanupDo --mark
+      tcfFin; }
+     rlPhaseEnd; }; :
+    tcfFin; }; :
+  tcfFin; }
+
+  rlPhaseStartCleanup && {
+    tcfChk "Cleanup phase" && {
+      CleanupDo
+    tcfFin; }
+    tcfCheckFinal
+  rlPhaseEnd; }
+  rlJournalPrintText
+rlJournalEnd; }
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -0,0 +1,33 @@
+---
+# Tests that run in classic context
+- hosts: localhost
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    tests:
+    - pam_unix
+    - Test-coverage-for-TTY-auditing
+    required_packages:
+    - bc
+    - expect
+    - findutils         # beakerlib needs find command
+    - openssh-clients
+    - openssh-server
+    - pam
+    - pcre-tools
+
+# Tests that run in container context
+- hosts: localhost
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - container
+    tests:
+    - Test-coverage-for-TTY-auditing
+    required_packages:
+    - bc
+    - expect
+    - findutils         # beakerlib needs find command
+    - pam
+    - pcre-tools