test(integration): initial version of integration tests manager

pkg/integration/scenario.go

@@ -0,0 +1,128 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+// TODO:
+// - Finish templating
+// - Provide a large selection of resources: files, disks, http server... for automatic test on them
+// - Expand support for interactive program (stdin and Control-D)
+// - Properlly log the test result
+// - Dbus integration
+
+package integration
+
+import (
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/arduino/go-paths-helper"
+	"github.com/roddhjav/apparmor.d/pkg/logging"
+	"golang.org/x/exp/slices"
+)
+
+// Scenario represents of a list of tests for a given program
+type (
+	Scenario struct {
+		Name         string            `yaml:"name"`
+		Profiled     bool              `yaml:"profiled"`  // The program is profiled in apparmor.d
+		Root         bool              `yaml:"root"`      // Run the test as user or as root
+		Dependencies []string          `yaml:"require"`   // Packages required for the tests to run "$(pacman -Qqo Scenario.Name)"
+		Arguments    map[string]string `yaml:"arguments"` // Arguments to pass to the program. Sepicific to this scenario
+		Tests        []Test            `yaml:"tests"`
+	}
+	Test struct {
+		Description string   `yaml:"dsc"`
+		Command     string   `yaml:"cmd"`
+		Stdin       []string `yaml:"stdin"`
+	}
+)
+
+func NewScenario() *Scenario {
+	return &Scenario{
+		Name:         "",
+		Profiled:     false,
+		Root:         false,
+		Dependencies: []string{},
+		Arguments:    map[string]string{},
+		Tests:        []Test{},
+	}
+}
+
+// HasProfile returns true if the program in the scenario is profiled in apparmor.d
+func (s *Scenario) hasProfile(profiles paths.PathList) bool {
+	for _, path := range profiles {
+		if s.Name == path.Base() {
+			return true
+		}
+	}
+	return false
+}
+
+func (s *Scenario) installed() bool {
+	if _, err := exec.LookPath(s.Name); err != nil {
+		return false
+	}
+	return true
+}
+
+func (s *Scenario) resolve(in string) string {
+	res := in
+	for key, value := range s.Arguments {
+		res = strings.ReplaceAll(res, "{{"+key+"}}", value)
+	}
+	return res
+}
+
+// mergeArguments merge the arguments of the scenario with the global arguments
+// Scenarios arguments have priority over global arguments
+func (s *Scenario) mergeArguments(args map[string]string) {
+	for key, value := range args {
+		s.Arguments[key] = value
+	}
+}
+
+// Run the scenarios tests
+func (s *Scenario) Run(dryRun bool) (ran int, nb int, err error) {
+	nb = 0
+	if s.Profiled && s.installed() {
+		if slices.Contains(Ignore, s.Name) {
+			return 0, nb, err
+		}
+		logging.Step("%s", s.Name)
+		s.mergeArguments(Arguments)
+		for _, test := range s.Tests {
+			cmd := s.resolve(test.Command)
+			if !strings.Contains(cmd, "{{") {
+				nb++
+				if dryRun {
+					logging.Bullet(cmd)
+				} else {
+					cmdErr := s.run(cmd, strings.Join(test.Stdin, "\n"))
+					if cmdErr != nil {
+						// TODO: log the error
+						logging.Error("%v", cmdErr)
+					} else {
+						logging.Success(cmd)
+					}
+				}
+			}
+		}
+		return 1, nb, err
+	}
+	return 0, nb, err
+}
+
+func (s *Scenario) run(cmdline string, in string) error {
+	// Running the command in a shell ensure it does not run confined under the sudo profile.
+	// The shell is run unconfined and therefore the cmdline can be confined without no-new-privs issue.
+	sufix := " &" // TODO: we need a goroutine here
+	cmd := exec.Command("sh", "-c", cmdline+sufix)
+	if s.Root {
+		cmd = exec.Command("sudo", "sh", "-c", cmdline+sufix)
+	}
+	cmd.Stdin = strings.NewReader(in)
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	return cmd.Run()
+}

pkg/integration/suite.go

@@ -0,0 +1,79 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package integration
+
+import (
+	"strings"
+
+	"github.com/arduino/go-paths-helper"
+	"github.com/roddhjav/apparmor.d/pkg/logs"
+	"gopkg.in/yaml.v2"
+)
+
+// TestSuite is the apparmod.d integration tests to run
+type TestSuite struct {
+	Scenarios []Scenario        // List of scenarios to run
+	Ignore    []string          // Do not run some scenarios
+	Arguments map[string]string // Common arguments used across all scenarios
+}
+
+// NewScenarios returns a new list of scenarios
+func NewTestSuite() *TestSuite {
+	return &TestSuite{
+		Scenarios: []Scenario{},
+		Ignore:    []string{},
+		Arguments: map[string]string{},
+	}
+}
+
+// Write export the list of scenarios to a file
+func (t *TestSuite) Write(path *paths.Path) error {
+	jsonString, err := yaml.Marshal(&t.Scenarios)
+	if err != nil {
+		return err
+	}
+
+	path = path.Clean()
+	file, err := path.Create()
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	// Cleanup a bit
+	res := string(jsonString)
+	res = strings.Replace(res, "- name:", "\n- name:", -1)
+	_, err = file.WriteString("---\n" + res)
+	return err
+}
+
+// ReadScenarios import the scenarios from a file
+func (t *TestSuite) ReadScenarios(path *paths.Path) error {
+	content, _ := path.ReadFile()
+	return yaml.Unmarshal(content, &t.Scenarios)
+}
+
+// ReadSettings import the common argument and ignore list from a file
+func (t *TestSuite) ReadSettings(path *paths.Path) error {
+	type temp struct {
+		Arguments map[string]string `yaml:"args"`
+		Ignore    []string          `yaml:"ignore"`
+	}
+	tmp := temp{}
+	content, _ := path.ReadFile()
+	if err := yaml.Unmarshal(content, &tmp); err != nil {
+		return err
+	}
+	t.Arguments = tmp.Arguments
+	t.Ignore = tmp.Ignore
+	return nil
+}
+
+// Results returns a sum up of the apparmor logs raised by the scenarios
+func (t *TestSuite) Results() string {
+	file, _ := logs.GetAuditLogs(logs.LogFiles[0])
+	aaLogs := logs.NewApparmorLogs(file, "")
+	return aaLogs.String()
+}

pkg/integration/tldr.go

@@ -0,0 +1,100 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package integration
+
+import (
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/arduino/go-paths-helper"
+	"github.com/pkg/errors"
+	"github.com/roddhjav/apparmor.d/pkg/util"
+)
+
+var (
+	Ignore    []string          // Do not run some scenarios
+	Arguments map[string]string // Common arguments used across all scenarios
+)
+
+type Tldr struct {
+	Url    string      // Tldr download url
+	Dir    *paths.Path // Tldr cache directory
+	Ignore []string    // List of ignored software
+}
+
+func NewTldr(dir *paths.Path) Tldr {
+	return Tldr{
+		Url: "https://github.com/tldr-pages/tldr/archive/refs/heads/main.tar.gz",
+		Dir: dir,
+	}
+}
+
+// Download and extract the tldr pages into the cache directory
+func (t Tldr) Download() error {
+	gzPath := t.Dir.Parent().Join("tldr.tar.gz")
+	if !gzPath.Exist() {
+		resp, err := http.Get(t.Url)
+		if err != nil {
+			return errors.Wrapf(err, "downloading %s", t.Url)
+		}
+		defer resp.Body.Close()
+
+		out, err := gzPath.Create()
+		if err != nil {
+			return err
+		}
+		defer out.Close()
+
+		if _, err := io.Copy(out, resp.Body); err != nil {
+			return err
+		}
+	}
+
+	pages := []string{"tldr-main/pages/linux", "tldr-main/pages/common"}
+	if err := util.ExtratTo(gzPath, t.Dir, pages); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Parse the tldr pages and return a list of scenarios
+func (t Tldr) Parse(profiles paths.PathList) (*TestSuite, error) {
+	testSuite := NewTestSuite()
+	files, _ := t.Dir.ReadDirRecursiveFiltered(nil, paths.FilterOutDirectories())
+	for _, path := range files {
+		content, err := path.ReadFile()
+		if err != nil {
+			return nil, err
+		}
+		raw := string(content)
+		scenario := &Scenario{
+			Name:      strings.TrimSuffix(path.Base(), ".md"),
+			Profiled:  false,
+			Root:      false,
+			Arguments: map[string]string{},
+			Tests:     []Test{},
+		}
+		scenario.Profiled = scenario.hasProfile(profiles)
+		if strings.Contains(raw, "sudo") {
+			scenario.Root = true
+		}
+		rawTests := strings.Split(raw, "\n-")[1:]
+		for _, test := range rawTests {
+			res := strings.Split(test, "\n")
+			dsc := strings.ReplaceAll(strings.Trim(res[0], " "), ":", "")
+			cmd := strings.Trim(strings.Trim(res[2], "`"), " ")
+			if scenario.Root {
+				cmd = strings.ReplaceAll(cmd, "sudo ", "")
+			}
+			scenario.Tests = append(scenario.Tests, Test{
+				Description: dsc,
+				Command:     cmd,
+			})
+		}
+		testSuite.Scenarios = append(testSuite.Scenarios, *scenario)
+	}
+	return testSuite, nil
+}