rpms/pam
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Add CI tests using the standard test interface

Browse Source 
Adds tests according to the CI wiki [0] specifically the standard test interface in the spec [1].

[0] https://fedoraproject.org/wiki/CI
[1] https://fedoraproject.org/wiki/Changes/InvokingTests
This commit is contained in:
Serhii Turivny 2017-10-04 17:57:38 +03:00
parent 64bde25a45
commit 4dc6ede4b5
7 changed files with 474 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
tests/Test-coverage-for-TTY-auditing/Makefile Normal file
View File

@ -0,0 +1,71 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing
# Description: Test for Test coverage for TTY auditing
# Author: Dalibor Pospisil <dapospis@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2012 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
@test -x runtest.sh || chmod a+x runtest.sh
@if [ -e /usr/share/beakerlib/plugins/try-check-final.sh ]; then \
/usr/share/beakerlib/plugins/try-check-final.sh verify_plugin; \
elif [ -e /mnt/tests/CoreOS/beaker/plugin-tcf/try-check-final.sh ]; then \
/mnt/tests/CoreOS/beaker/plugin-tcf/try-check-final.sh verify_plugin; \
elif [ -e /mnt/qa/scratch/dapospis/try-check-final.sh ]; then \
/mnt/qa/scratch/dapospis/try-check-final.sh verify_plugin; \
fi;
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Dalibor Pospisil <dapospis@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "RhtsRequires: test(/CoreOS/beaker/plugin-tcf)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test for Test coverage for TTY auditing" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: pam" >> $(METADATA)
@echo "Requires: pam /usr/bin/bc /usr/bin/expect /usr/bin/pcregrep" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
rhts-lint $(METADATA)

4
tests/Test-coverage-for-TTY-auditing/PURPOSE Normal file
View File

@ -0,0 +1,4 @@
PURPOSE of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing
Description: Test for Test coverage for TTY auditing
Author: Dalibor Pospisil <dapospis@redhat.com>
Bug summary: Test coverage for TTY auditing

119
tests/Test-coverage-for-TTY-auditing/runtest.sh Normal file
View File

@ -0,0 +1,119 @@
#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing
# Description: Test for Test coverage for TTY auditing
# Author: Dalibor Pospisil <dapospis@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2012 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh
. /usr/lib/beakerlib/beakerlib.sh
PACKAGES="pam"
BINARIES="pcregrep expect bc"
rlJournalStart &&{
rlPhaseStartSetup &&{
rlTry "Setup phase" && {
for PACKAGE in $PACKAGES; do
rlAssertRpm $PACKAGE
done
for BINARY in $BINARIES; do
rlRun "which $BINARY" 0 "Check presence of $BINARY"
done
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlFileBackup --clean /etc/pam.d/
rlRun "echo 'session required pam_tty_audit.so disable=* enable=root' >>/etc/pam.d/system-auth"
rlRun "cat /etc/pam.d/system-auth"
rlFin; }
rlPhaseEnd;}
rlPhaseStartTest &&{
rlTry "Test phase" && {
rlTry "backup audit.log" &&{
cat /var/log/audit/audit.log >./audit.log
rlFin; }
unalias su >& /dev/null
rlTry "su root, bc some expressions" &&{
expect <<EOF
set env(TERM) vt100
set timeout 5
spawn su -l root
expect {
timeout { exit 2 }
eof { exit 1 }
"#" { send -- "bc\r" }
}
expect -re "For details type .warranty.." { send -- "1+1\r" }
expect {
timeout { exit 2 }
eof { exit 1 }
"2" { send -- "10^2\r" }
}
expect {
timeout { exit 2 }
eof { exit 1 }
"100" { send -- "\033\[A\033\[A\r" }
}
expect {
timeout { exit 2 }
eof { exit 1 }
"2" { send -- "quit\r" }
}
expect {
timeout { exit 2 }
eof { exit 1 }
"#" { send -- "exit\r" }
}
expect {
timeout { exit 2 }
eof { exit 0 }
}
EOF
rlFin; }
rlTry &&{
rlLog "wait 3s"
sleep 3s
rlFin; }
rlRun "diff ./audit.log /var/log/audit/audit.log | grep '>' | sed -e 's/> //' | tee ./log" 0-255
rlChk "check that audit.log contains what it should" &&{
aureport --tty -ts recent -if ./log |tee log.txt
rlRun "pcregrep -M 'bc \"1\+1\",(<ret>|<nl>)(\n|\r)?.*\"10\^2\",(<ret>|<nl>)(\r|\n)?.*<up>,<up>,(<ret>|<nl>)' log.txt"
rlFin; }
rlFin; }
#PS1="[test] " bash
rlPhaseEnd;}
rlPhaseStartCleanup &&{
rlChk "Cleanup phase" && {
rlFileRestore
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlFin; }
rlTCFcheckFinal
rlPhaseEnd;}
rlJournalPrintText
rlJournalEnd;}

70
tests/pam_unix/Makefile Normal file
View File

@ -0,0 +1,70 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/pam/Sanity/pam_unix
# Description: Test for module pam_unix
# Author: David Spurek <dspurek@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2012 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/pam/Sanity/pam_unix
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: David Spurek <dspurek@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test for module pam_unix" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 15m" >> $(METADATA)
@echo "RunFor: pam" >> $(METADATA)
@echo "RhtsRequires: library(distribution/ConditionalPhases)" >> $(METADATA)
@echo "RhtsRequires: library(distribution/dpcommon)" >> $(METADATA)
@echo "RhtsRequires: library(distribution/testUser)" >> $(METADATA)
@echo "RhtsRequires: library(openssh/basic)" >> $(METADATA)
@echo "RhtsRequires: library(pam/basic)" >> $(METADATA)
@echo "Requires: pam" >> $(METADATA)
@echo "Requires: expect" >> $(METADATA)
@echo "Requires: openssh-server openssh-clients" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/pam_unix/PURPOSE Normal file
View File

@ -0,0 +1,3 @@
PURPOSE of /CoreOS/pam/Sanity/pam_unix
Description: Test for module pam_unix
Author: David Spurek <dspurek@redhat.com>

174
tests/pam_unix/runtest.sh Normal file
View File

@ -0,0 +1,174 @@
#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/pam/Sanity/pam_unix
# Description: Test for module pam_unix
# Author: David Spurek <dspurek@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2012 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh
. /usr/share/beakerlib/beakerlib.sh
PACKAGE="pam"
PACKAGES=( "pam" "expect" )
_PASSWORD1="jf@#Faffo"
_PASSWORD2="0m4nchU!!F"
function do_passwd {
expect <<EOF
set timeout 5
spawn -noecho su $1 -c passwd
expect {
timeout {puts timeout; exit 1}
eof {exit 2}
-nocase "(current)*password" { puts "$2"; send -- "$2\r"}
}
expect {
timeout {puts timeout; exit 1}
eof {exit 3}
-nocase "new*password" { puts "$3"; send -- "$3\r"}
}
expect {
timeout {puts timeout; exit 1}
eof {exit 4}
-nocase "has been already used" { puts "exit 6" ; exit 6}
-nocase "retype*password" { puts "$3"; send -- "$3\r"}
}
expect {
timeout {exit 5}
-nocase "has been already used" { puts "exit 6" ; exit 6}
eof
}
puts "end"
EOF
}
rlJournalStart && {
rlPhaseStartSetup && {
tcfTry "Setup phase" && {
tcfRun "rlCheckMakefileRequires"
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
CleanupRegister "rlRun 'rm -r $TmpDir' 0 'Removing tmp directory'"
CleanupRegister 'rlRun "popd"'
rlRun "pushd $TmpDir"
CleanupRegister 'rlRun "pamCleanup"'
rlRun "pamSetup"
CleanupRegister 'rlRun "rlFileRestore"'
rlFileBackup "/etc/security/opasswd" && >/etc/security/opasswd
tcfFin; }
rlPhaseEnd; }
tcfTry "Tests" --no-assert && {
tcfChk && {
rlPhaseStartTest "test option remember" && {
tcfChk "setup" && {
CleanupRegister --mark 'rlRun "testUserCleanup"'
rlRun "testUserSetup 2"
PWA=( ':3533tjh^397*:~21081^*p@w!~18374_0' ':4273tjh^397*:~3709^*p@w!~19467_1' ':31388tjh^397*:~32486^*p@w!~12258_2' ':10233tjh^397*:~620^*p@w!~19779_3' ':26151tjh^397*:~8077^*p@w!~29968_4' ':26593tjh^397*:~4665^*p@w!~16428_5' ':23163tjh^397*:~16784^*p@w!~4822_6' ':4065tjh^397*:~14355^*p@w!~4119_7' ':16312tjh^397*:~30577^*p@w!~26223_8' )
rlRun "echo ${PWA[0]} | passwd --stdin ${testUser[1]}"
CleanupRegister 'rlRun "pamRestoreFiles"'
rlRun "pamBackupFiles"
#rlRun "sed -i -e 's/^password\s\+sufficient\s\+pam_unix.so/\0 remember=5/' $sys_auth"
rlRun "pamReplaceServiceModuleRule su password pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) remember=5'"
#rlRun "cat $sys_auth"
rlRun "pamGetServiceRules --prefix su password"
tcfFin; }
tcfTry "test remember option" && {
NEWPW=${PWA[0]}
for i in `seq 6`; do
rlLog "change passwrd #$i"
OLDPW=$NEWPW; NEWPW=${PWA[$i]}
rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0
done
rlLog "change passwrd #$i"
rlLog "Try change to password that have been alredy used (should fail)"
OLDPW=$NEWPW;
rlRun "do_passwd ${testUser[1]} ${OLDPW} ${PWA[1]}" 6
for i in 7 8 1; do
rlLog "change passwrd #$i"
OLDPW=$NEWPW; NEWPW=${PWA[$i]}
rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0
done
tcfFin; }
tcfTry "test vhange the password to a previous password of test1" && {
# change the password to a previous password of test1, the password change should be allowed.
rlLog "Change the password to a previous password of test1, the password change should be allowed"
echo ${PWA[0]} | passwd --stdin $testUser
rlRun "do_passwd $testUser ${PWA[0]} ${PWA[5]}" 0
tcfFin; }
tcfChk "cleanup" && {
CleanupDo --mark
tcfFin; }
rlPhaseEnd; }; :
tcfFin; }
# Run the test for >=RHEL-6.9 and >=RHEL-7.3 and <>RHEL(Fedora)
! rlIsRHEL '<6.9' && { ! rlIsRHEL '<7.3' || rlIsRHEL 6; } && tcfChk && {
rlPhaseStartTest "test option no_pass_expiry" && {
tcfChk "setup" && {
CleanupRegister --mark 'rlRun "testUserCleanup"'
rlRun "testUserSetup"
CleanupRegister 'rlRun "sshCleanup"'
rlRun "sshSetup"
rlRun "sshKeyGen"
rlRun "sshCopyID --user $testUser --password $testUserPasswd"
CleanupRegister 'rlRun "sshdRestore"'
rlRun "sshdStart"
CleanupRegister 'rlRun "pamRestoreFiles"'
rlRun "pamBackupFiles"
rlRun "pamGetServiceRules --prefix su account"
tcfFin; }
tcfTry "test" && {
rlRun "sshRun --user $testUser --key 'id'"
rlRun "chage -d 0 $testUser"
rlRun "sshRun --user $testUser --key 'id'" 1-255
rlRun "pamReplaceServiceModuleRule sshd account pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) no_pass_expiry'"
rlRun "pamGetServiceRules --prefix sshd account"
rlRun "sshRun --user $testUser --key 'id'"
tcfFin; }
tcfChk "cleanup" && {
CleanupDo --mark
tcfFin; }
rlPhaseEnd; }; :
tcfFin; }; :
tcfFin; }
rlPhaseStartCleanup && {
tcfChk "Cleanup phase" && {
CleanupDo
tcfFin; }
tcfCheckFinal
rlPhaseEnd; }
rlJournalPrintText
rlJournalEnd; }

33
tests/tests.yml Normal file
View File

@ -0,0 +1,33 @@
---
# Tests that run in classic context
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
tests:
- pam_unix
- Test-coverage-for-TTY-auditing
required_packages:
- bc
- expect
- findutils # beakerlib needs find command
- openssh-clients
- openssh-server
- pam
- pcre-tools
# Tests that run in container context
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- container
tests:
- Test-coverage-for-TTY-auditing
required_packages:
- bc
- expect
- findutils # beakerlib needs find command
- pam
- pcre-tools