refractor: move integration code to the test directory.

tests/integration/scenario.go

@@ -0,0 +1,141 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+// TODO:
+// - Finish templating
+// - Provide a large selection of resources: files, disks, http server... for automatic test on them
+// - Expand support for interactive program (stdin and Control-D)
+// - Properlly log the test result
+// - Dbus integration
+
+package integration
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os/exec"
+	"strings"
+
+	"github.com/arduino/go-paths-helper"
+	"github.com/roddhjav/apparmor.d/pkg/logging"
+)
+
+var (
+	Ignore    []string          // Do not run some scenarios
+	Arguments map[string]string // Common arguments used across all scenarios
+	Profiles  paths.PathList    // List of profiles in apparmor.d
+)
+
+// Test represents of a list of tests for a given program
+type Test struct {
+	Name         string            `yaml:"name"`
+	Root         bool              `yaml:"root"`      // Run the test as user or as root
+	Dependencies []string          `yaml:"require"`   // Packages required for the tests to run "$(pacman -Qqo Scenario.Name)"
+	Arguments    map[string]string `yaml:"arguments"` // Arguments to pass to the program, specific to this scenario
+	Commands     []Command         `yaml:"tests"`
+}
+
+// Command is a command line to run as part of a test
+type Command struct {
+	Description string   `yaml:"dsc"`
+	Cmd         string   `yaml:"cmd"`
+	Stdin       []string `yaml:"stdin"`
+}
+
+func NewTest() *Test {
+	return &Test{
+		Name:         "",
+		Root:         false,
+		Dependencies: []string{},
+		Arguments:    map[string]string{},
+		Commands:     []Command{},
+	}
+}
+
+// HasProfile returns true if the program in the scenario is profiled in apparmor.d
+func (t *Test) HasProfile() bool {
+	for _, path := range Profiles {
+		if t.Name == path.Base() {
+			return true
+		}
+	}
+	return false
+}
+
+// IsInstalled returns true if the program in the scenario is installed on the system
+func (t *Test) IsInstalled() bool {
+	if _, err := exec.LookPath(t.Name); err != nil {
+		return false
+	}
+	return true
+}
+
+func (t *Test) resolve(in string) string {
+	res := in
+	for key, value := range t.Arguments {
+		res = strings.ReplaceAll(res, "{{ "+key+" }}", value)
+	}
+	return res
+}
+
+// mergeArguments merge the arguments of the scenario with the global arguments
+// Test arguments have priority over global arguments
+func (t *Test) mergeArguments(args map[string]string) {
+	if len(t.Arguments) == 0 {
+		t.Arguments = map[string]string{}
+	}
+	for key, value := range args {
+		t.Arguments[key] = value
+	}
+}
+
+// Run the scenarios tests
+func (t *Test) Run(dryRun bool) (ran int, nb int, err error) {
+	nb = 0
+	if t.HasProfile() && t.IsInstalled() {
+		logging.Step("%s", t.Name)
+		t.mergeArguments(Arguments)
+		for _, test := range t.Commands {
+			cmd := t.resolve(test.Cmd)
+			if !strings.Contains(cmd, "{{") {
+				nb++
+				if dryRun {
+					logging.Bullet(cmd)
+				} else {
+					cmdErr := t.run(cmd, strings.Join(test.Stdin, "\n"))
+					if cmdErr != nil {
+						logging.Error("%v", cmdErr)
+					} else {
+						logging.Success(cmd)
+					}
+				}
+			}
+		}
+		return 1, nb, err
+	}
+	return 0, nb, err
+}
+
+func (t *Test) run(cmdline string, in string) error {
+	var testErr bytes.Buffer
+
+	// Running the command in a shell ensure it does not run confined under the sudo profile.
+	// The shell is run unconfined and therefore the cmdline can be confined without no-new-privs issue.
+	sufix := " &" // TODO: we need a goroutine here
+	cmd := exec.Command("sh", "-c", cmdline+sufix)
+	if t.Root {
+		cmd = exec.Command("sudo", "sh", "-c", cmdline+sufix)
+	}
+
+	stderr := io.MultiWriter(Stderr, &testErr)
+	cmd.Stdin = strings.NewReader(in)
+	cmd.Stdout = Stdout
+	cmd.Stderr = stderr
+	err := cmd.Run()
+	if testErr.Len() > 0 {
+		return fmt.Errorf("%s", testErr.String())
+	}
+	return err
+}