test/cases: OpenSCAP cloudapi tests

Run a basic check to see that the tailoring file has been created when adding tailoring rules to the OpenSCAP config. Since the OpenSCAP scan requires more memory and breaks some of the API tests, a full scan is not run in the cloudapi tests.
2023-08-14 12:49:17 +01:00 · 2023-08-14 12:49:17 +01:00 · 0311ef449d
commit 0311ef449d
parent 9af8579eb5
6 changed files with 52 additions and 4 deletions
--- a/test/cases/api/aws.sh
+++ b/test/cases/api/aws.sh
@ -63,7 +63,7 @@ function createReqFile() {
        "name": "user2",
        "key": "$(cat "${WORKDIR}/usertest.pub")"
      }
-    ]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}
+    ]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}${OPENSCAP_CUSTOMIZATION_BLOCK}
  },
  "image_request": {
      "architecture": "$ARCH",
--- a/test/cases/api/azure.sh
+++ b/test/cases/api/azure.sh
@ -84,7 +84,7 @@ function createReqFile() {
    "packages": [
      "postgresql",
      "dummy"
-    ]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}
+    ]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}${OPENSCAP_CUSTOMIZATION_BLOCK}
  },
  "image_request": {
    "architecture": "$ARCH",
--- a/test/cases/api/common/common.sh
+++ b/test/cases/api/common/common.sh
@ -55,6 +55,9 @@ function _instanceCheck() {
  verify_dirs_files_customization "$_ssh"

  verify_repository_customization "$_ssh"
+
+  verify_openscap_customization "$_ssh"
+
 }

 WORKER_REFRESH_TOKEN_PATH="/etc/osbuild-worker/token"
@ -173,3 +176,26 @@ function verify_repository_customization {
    exit 1
  fi
 }
+
+# Verify that tailoring file was created
+function verify_openscap_customization {
+  echo "✔️ Checking OpenSCAP customizations"
+  local _ssh="$1"
+  local _error=0
+
+  # NOTE: We are only checking the creation of the tailoring file and ensuring it exists
+  # since running openscap tests here requires more memory and causes some out-of-memory issues.
+  local tailoring_file_content
+  tailoring_file_content=$($_ssh cat /usr/share/xml/osbuild-openscap-data/tailoring.xml \
+      | grep 'idref="xccdf_org.ssgproject.content_rule_rpm_verify_permissions" selected="false"' -c
+  )
+  if [[ "$tailoring_file_content" -eq 0 ]]; then
+    echo "File /usr/share/xml/osbuild-openscap-data/tailoring.xml has wrong content"
+    _error=1
+  fi
+
+  if [[ "$_error" == "1" ]]; then
+    echo "Testing of OpenSCAP customizations has failed."
+    exit 1
+  fi
+}
--- a/test/cases/api/common/s3.sh
+++ b/test/cases/api/common/s3.sh
@ -78,7 +78,7 @@ function createReqFileGuest() {
        "name": "user2",
        "key": "$(cat "${WORKDIR}/usertest.pub")"
      }
-    ]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}
+    ]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}${OPENSCAP_CUSTOMIZATION_BLOCK}
  },
  "image_request": {
    "architecture": "$ARCH",
--- a/test/cases/api/gcp.sh
+++ b/test/cases/api/gcp.sh
@ -71,7 +71,7 @@ function createReqFile() {
    "packages": [
      "postgresql",
      "dummy"
-    ]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}
+    ]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}${OPENSCAP_CUSTOMIZATION_BLOCK}
  },
  "image_request": {
    "architecture": "$ARCH",