refractor: move integration code to the test directory.

2024-03-22 14:08:44 +00:00 · 2024-03-22 14:08:44 +00:00 · 492c5a37dd
commit 492c5a37dd
parent 828f282fc3
5 changed files with 1 additions and 1 deletions
--- a/tests/integration/paths.go
+++ b/tests/integration/paths.go
@ -0,0 +1,72 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package integration
+
+import (
+	"archive/tar"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"path/filepath"
+	"strings"
+
+	"github.com/arduino/go-paths-helper"
+)
+
+// Either or not to extract the file
+func toExtrat(name string, subfolders []string) bool {
+	for _, subfolder := range subfolders {
+		if strings.HasPrefix(name, subfolder) {
+			return true
+		}
+	}
+	return false
+}
+
+// Extract part of an archive to a destination directory
+func extratTo(src *paths.Path, dst *paths.Path, subfolders []string) error {
+	gzIn, err := src.Open()
+	if err != nil {
+		return fmt.Errorf("opening %s: %w", src, err)
+	}
+	defer gzIn.Close()
+
+	in, err := gzip.NewReader(gzIn)
+	if err != nil {
+		return fmt.Errorf("decoding %s: %w", src, err)
+	}
+	defer in.Close()
+
+	if err := dst.MkdirAll(); err != nil {
+		return fmt.Errorf("creating %s: %w", src, err)
+	}
+
+	tarIn := tar.NewReader(in)
+	for {
+		header, err := tarIn.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return err
+		}
+
+		if header.Typeflag == tar.TypeReg {
+			if !toExtrat(header.Name, subfolders) {
+				continue
+			}
+			path := dst.Join(filepath.Base(header.Name))
+			file, err := path.Create()
+			if err != nil {
+				return fmt.Errorf("creating %s: %w", file.Name(), err)
+			}
+			if _, err := io.Copy(file, tarIn); err != nil {
+				return fmt.Errorf("extracting %s: %w", file.Name(), err)
+			}
+			file.Close()
+		}
+	}
+	return nil
+}
--- a/tests/integration/scenario.go
+++ b/tests/integration/scenario.go
@ -0,0 +1,141 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+// TODO:
+// - Finish templating
+// - Provide a large selection of resources: files, disks, http server... for automatic test on them
+// - Expand support for interactive program (stdin and Control-D)
+// - Properlly log the test result
+// - Dbus integration
+
+package integration
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os/exec"
+	"strings"
+
+	"github.com/arduino/go-paths-helper"
+	"github.com/roddhjav/apparmor.d/pkg/logging"
+)
+
+var (
+	Ignore    []string          // Do not run some scenarios
+	Arguments map[string]string // Common arguments used across all scenarios
+	Profiles  paths.PathList    // List of profiles in apparmor.d
+)
+
+// Test represents of a list of tests for a given program
+type Test struct {
+	Name         string            `yaml:"name"`
+	Root         bool              `yaml:"root"`      // Run the test as user or as root
+	Dependencies []string          `yaml:"require"`   // Packages required for the tests to run "$(pacman -Qqo Scenario.Name)"
+	Arguments    map[string]string `yaml:"arguments"` // Arguments to pass to the program, specific to this scenario
+	Commands     []Command         `yaml:"tests"`
+}
+
+// Command is a command line to run as part of a test
+type Command struct {
+	Description string   `yaml:"dsc"`
+	Cmd         string   `yaml:"cmd"`
+	Stdin       []string `yaml:"stdin"`
+}
+
+func NewTest() *Test {
+	return &Test{
+		Name:         "",
+		Root:         false,
+		Dependencies: []string{},
+		Arguments:    map[string]string{},
+		Commands:     []Command{},
+	}
+}
+
+// HasProfile returns true if the program in the scenario is profiled in apparmor.d
+func (t *Test) HasProfile() bool {
+	for _, path := range Profiles {
+		if t.Name == path.Base() {
+			return true
+		}
+	}
+	return false
+}
+
+// IsInstalled returns true if the program in the scenario is installed on the system
+func (t *Test) IsInstalled() bool {
+	if _, err := exec.LookPath(t.Name); err != nil {
+		return false
+	}
+	return true
+}
+
+func (t *Test) resolve(in string) string {
+	res := in
+	for key, value := range t.Arguments {
+		res = strings.ReplaceAll(res, "{{ "+key+" }}", value)
+	}
+	return res
+}
+
+// mergeArguments merge the arguments of the scenario with the global arguments
+// Test arguments have priority over global arguments
+func (t *Test) mergeArguments(args map[string]string) {
+	if len(t.Arguments) == 0 {
+		t.Arguments = map[string]string{}
+	}
+	for key, value := range args {
+		t.Arguments[key] = value
+	}
+}
+
+// Run the scenarios tests
+func (t *Test) Run(dryRun bool) (ran int, nb int, err error) {
+	nb = 0
+	if t.HasProfile() && t.IsInstalled() {
+		logging.Step("%s", t.Name)
+		t.mergeArguments(Arguments)
+		for _, test := range t.Commands {
+			cmd := t.resolve(test.Cmd)
+			if !strings.Contains(cmd, "{{") {
+				nb++
+				if dryRun {
+					logging.Bullet(cmd)
+				} else {
+					cmdErr := t.run(cmd, strings.Join(test.Stdin, "\n"))
+					if cmdErr != nil {
+						logging.Error("%v", cmdErr)
+					} else {
+						logging.Success(cmd)
+					}
+				}
+			}
+		}
+		return 1, nb, err
+	}
+	return 0, nb, err
+}
+
+func (t *Test) run(cmdline string, in string) error {
+	var testErr bytes.Buffer
+
+	// Running the command in a shell ensure it does not run confined under the sudo profile.
+	// The shell is run unconfined and therefore the cmdline can be confined without no-new-privs issue.
+	sufix := " &" // TODO: we need a goroutine here
+	cmd := exec.Command("sh", "-c", cmdline+sufix)
+	if t.Root {
+		cmd = exec.Command("sudo", "sh", "-c", cmdline+sufix)
+	}
+
+	stderr := io.MultiWriter(Stderr, &testErr)
+	cmd.Stdin = strings.NewReader(in)
+	cmd.Stdout = Stdout
+	cmd.Stderr = stderr
+	err := cmd.Run()
+	if testErr.Len() > 0 {
+		return fmt.Errorf("%s", testErr.String())
+	}
+	return err
+}
--- a/tests/integration/suite.go
+++ b/tests/integration/suite.go
@ -0,0 +1,114 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package integration
+
+import (
+	"os"
+
+	"github.com/arduino/go-paths-helper"
+	"github.com/roddhjav/apparmor.d/pkg/logs"
+	"github.com/roddhjav/apparmor.d/pkg/util"
+	"gopkg.in/yaml.v2"
+)
+
+var (
+	// Integration tests standard output
+	Stdout *os.File
+
+	// Integration tests standard error output
+	Stderr *os.File
+
+	stdoutPath = paths.New("tests/out.log")
+	stderrPath = paths.New("tests/err.log")
+)
+
+// TestSuite is the apparmod.d integration tests to run
+type TestSuite struct {
+	Tests     []Test            // List of tests to run
+	Ignore    []string          // Do not run some tests
+	Arguments map[string]string // Common arguments used across all tests
+}
+
+// NewScenarios returns a new list of scenarios
+func NewTestSuite() *TestSuite {
+	var err error
+	Stdout, err = stdoutPath.Create()
+	if err != nil {
+		panic(err)
+	}
+	Stderr, err = stderrPath.Create()
+	if err != nil {
+		panic(err)
+	}
+	return &TestSuite{
+		Tests:     []Test{},
+		Ignore:    []string{},
+		Arguments: map[string]string{},
+	}
+}
+
+// Write export the list of scenarios to a file
+func (t *TestSuite) Write(path *paths.Path) error {
+	jsonString, err := yaml.Marshal(&t.Tests)
+	if err != nil {
+		return err
+	}
+
+	path = path.Clean()
+	file, err := path.Create()
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	// Cleanup a bit
+	res := string(jsonString)
+	regClean := util.ToRegexRepl([]string{
+		"- name:", "\n- name:",
+		`(?m)^.*stdin: \[\].*$`, ``,
+		`{{`, `{{ `,
+		`}}`, ` }}`,
+	})
+	res = regClean.Replace(res)
+	_, err = file.WriteString("---\n" + res)
+	return err
+}
+
+// ReadTests import the tests from a file
+func (t *TestSuite) ReadTests(path *paths.Path) error {
+	content, _ := path.ReadFile()
+	return yaml.Unmarshal(content, &t.Tests)
+}
+
+// ReadSettings import the common argument and ignore list from a file
+func (t *TestSuite) ReadSettings(path *paths.Path) error {
+	type temp struct {
+		Arguments map[string]string `yaml:"arguments"`
+		Ignore    []string          `yaml:"ignore"`
+	}
+	tmp := temp{}
+	content, _ := path.ReadFile()
+	if err := yaml.Unmarshal(content, &tmp); err != nil {
+		return err
+	}
+	t.Arguments = tmp.Arguments
+	t.Ignore = tmp.Ignore
+	return nil
+}
+
+// Results returns a sum up of the apparmor logs raised by the scenarios
+func (t *TestSuite) Results() string {
+	file, _ := logs.GetAuditLogs(logs.LogFiles[0])
+	aaLogs := logs.NewApparmorLogs(file, "")
+	return aaLogs.String()
+}
+
+func (t *TestSuite) GetDependencies() []string {
+	res := []string{}
+	for _, test := range t.Tests {
+		res = append(res, test.Dependencies...)
+	}
+	return res
+}
--- a/tests/integration/tldr.go
+++ b/tests/integration/tldr.go
@ -0,0 +1,89 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package integration
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/arduino/go-paths-helper"
+)
+
+type Tldr struct {
+	Url    string      // Tldr download url
+	Dir    *paths.Path // Tldr cache directory
+	Ignore []string    // List of ignored software
+}
+
+func NewTldr(dir *paths.Path) Tldr {
+	return Tldr{
+		Url: "https://github.com/tldr-pages/tldr/archive/refs/heads/main.tar.gz",
+		Dir: dir,
+	}
+}
+
+// Download and extract the tldr pages into the cache directory
+func (t Tldr) Download() error {
+	gzPath := t.Dir.Parent().Join("tldr.tar.gz")
+	if !gzPath.Exist() {
+		resp, err := http.Get(t.Url)
+		if err != nil {
+			return fmt.Errorf("downloading %s: %w", t.Url, err)
+		}
+		defer resp.Body.Close()
+
+		out, err := gzPath.Create()
+		if err != nil {
+			return err
+		}
+		defer out.Close()
+
+		if _, err := io.Copy(out, resp.Body); err != nil {
+			return err
+		}
+	}
+
+	pages := []string{"tldr-main/pages/linux", "tldr-main/pages/common"}
+	return extratTo(gzPath, t.Dir, pages)
+}
+
+// Parse the tldr pages and return a list of scenarios
+func (t Tldr) Parse() (*TestSuite, error) {
+	testSuite := NewTestSuite()
+	files, _ := t.Dir.ReadDirRecursiveFiltered(nil, paths.FilterOutDirectories())
+	for _, path := range files {
+		content, err := path.ReadFile()
+		if err != nil {
+			return nil, err
+		}
+		raw := string(content)
+		t := &Test{
+			Name:      strings.TrimSuffix(path.Base(), ".md"),
+			Root:      false,
+			Arguments: map[string]string{},
+			Commands:  []Command{},
+		}
+		if strings.Contains(raw, "sudo") {
+			t.Root = true
+		}
+		rawTests := strings.Split(raw, "\n-")[1:]
+		for _, test := range rawTests {
+			res := strings.Split(test, "\n")
+			dsc := strings.ReplaceAll(strings.Trim(res[0], " "), ":", "")
+			cmd := strings.Trim(strings.Trim(res[2], "`"), " ")
+			if t.Root {
+				cmd = strings.ReplaceAll(cmd, "sudo ", "")
+			}
+			t.Commands = append(t.Commands, Command{
+				Description: dsc,
+				Cmd:         cmd,
+			})
+		}
+		testSuite.Tests = append(testSuite.Tests, *t)
+	}
+	return testSuite, nil
+}