0311ef449d
Run a basic check to see that the tailoring file has been created when adding tailoring rules to the OpenSCAP config. Since the OpenSCAP scan requires more memory and breaks some of the API tests, a full scan is not run in the cloudapi tests.
226 lines
6.5 KiB
Bash
226 lines
6.5 KiB
Bash
#!/usr/bin/bash
|
|
|
|
source /usr/libexec/tests/osbuild-composer/shared_lib.sh
|
|
|
|
# Global var for ostree ref
|
|
OSTREE_REF="test/rhel/8/edge"
|
|
|
|
function createReqFileEdge() {
|
|
local public_block=
|
|
|
|
# on Fedora, upload the artifact publicly, so we can later check the
|
|
# URL created by composer is just public, not presigned
|
|
if [[ $ID == "fedora" ]]; then
|
|
public_block=',"public": true'
|
|
fi
|
|
|
|
cat > "$REQUEST_FILE" << EOF
|
|
{
|
|
"distribution": "$DISTRO",
|
|
"customizations": {
|
|
"payload_repositories": [
|
|
{
|
|
"baseurl": "$PAYLOAD_REPO_URL"
|
|
}
|
|
],
|
|
"packages": [
|
|
"postgresql",
|
|
"dummy"
|
|
],
|
|
"users":[
|
|
{
|
|
"name": "user1",
|
|
"groups": ["wheel"],
|
|
"key": "$(cat "${WORKDIR}/usertest.pub")"
|
|
},
|
|
{
|
|
"name": "user2",
|
|
"key": "$(cat "${WORKDIR}/usertest.pub")"
|
|
}
|
|
]${DIR_FILES_CUSTOMIZATION_BLOCK}
|
|
},
|
|
"image_request": {
|
|
"architecture": "$ARCH",
|
|
"image_type": "${IMAGE_TYPE}",
|
|
"repositories": $(jq ".\"$ARCH\"" /usr/share/tests/osbuild-composer/repositories/"$DISTRO".json),
|
|
"ostree": {
|
|
"ref": "${OSTREE_REF}"
|
|
},
|
|
"upload_options": {
|
|
"region": "${AWS_REGION}"${public_block}
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
}
|
|
|
|
function createReqFileGuest() {
|
|
cat > "$REQUEST_FILE" << EOF
|
|
{
|
|
"distribution": "$DISTRO",
|
|
"customizations": {
|
|
"payload_repositories": [
|
|
{
|
|
"baseurl": "$PAYLOAD_REPO_URL"
|
|
}
|
|
],
|
|
"packages": [
|
|
"postgresql",
|
|
"dummy"
|
|
],
|
|
"users":[
|
|
{
|
|
"name": "user1",
|
|
"groups": ["wheel"],
|
|
"key": "$(cat "${WORKDIR}/usertest.pub")"
|
|
},
|
|
{
|
|
"name": "user2",
|
|
"key": "$(cat "${WORKDIR}/usertest.pub")"
|
|
}
|
|
]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}${OPENSCAP_CUSTOMIZATION_BLOCK}
|
|
},
|
|
"image_request": {
|
|
"architecture": "$ARCH",
|
|
"image_type": "${IMAGE_TYPE}",
|
|
"repositories": $(jq ".\"$ARCH\"" /usr/share/tests/osbuild-composer/repositories/"$DISTRO".json),
|
|
"upload_options": {
|
|
"region": "${AWS_REGION}"
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
}
|
|
|
|
# the VSphere test case does not create any additional users,
|
|
# since this is not supported by the service UI
|
|
function createReqFileVSphere() {
|
|
cat > "$REQUEST_FILE" << EOF
|
|
{
|
|
"distribution": "$DISTRO",
|
|
"customizations": {
|
|
"payload_repositories": [
|
|
{
|
|
"baseurl": "$PAYLOAD_REPO_URL"
|
|
}
|
|
],
|
|
"packages": [
|
|
"postgresql",
|
|
"dummy"
|
|
]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}
|
|
},
|
|
"image_request": {
|
|
"architecture": "$ARCH",
|
|
"image_type": "${IMAGE_TYPE}",
|
|
"repositories": $(jq ".\"$ARCH\"" /usr/share/tests/osbuild-composer/repositories/"$DISTRO".json),
|
|
"upload_options": {
|
|
"region": "${AWS_REGION}"
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
}
|
|
|
|
# verify edge/iot commit content
|
|
function verifyEdgeCommit() {
|
|
filename="$1"
|
|
greenprint "Verifying contents of ${filename}"
|
|
|
|
# extract tarball and save file list to artifacts directroy
|
|
local COMMIT_DIR
|
|
COMMIT_DIR="${WORKDIR}/edge-commit"
|
|
mkdir -p "${COMMIT_DIR}"
|
|
tar xvf "${filename}" -C "${COMMIT_DIR}" > "${ARTIFACTS}/edge-commit-filelist.txt"
|
|
|
|
# Verify that the commit contains the ref we defined in the request
|
|
sudo dnf install -y ostree
|
|
local COMMIT_REF
|
|
COMMIT_REF=$(ostree refs --repo "${COMMIT_DIR}/repo")
|
|
if [[ "${COMMIT_REF}" != "${OSTREE_REF}" ]]; then
|
|
echo "Commit ref in archive does not match request 😠"
|
|
exit 1
|
|
fi
|
|
|
|
local TAR_COMMIT_ID
|
|
TAR_COMMIT_ID=$(ostree rev-parse --repo "${COMMIT_DIR}/repo" "${OSTREE_REF}")
|
|
API_COMMIT_ID_V2=$(curl \
|
|
--silent \
|
|
--show-error \
|
|
--cacert /etc/osbuild-composer/ca-crt.pem \
|
|
--key /etc/osbuild-composer/client-key.pem \
|
|
--cert /etc/osbuild-composer/client-crt.pem \
|
|
https://localhost/api/image-builder-composer/v2/composes/"$COMPOSE_ID"/metadata | jq -r '.ostree_commit')
|
|
|
|
if [[ "${API_COMMIT_ID_V2}" != "${TAR_COMMIT_ID}" ]]; then
|
|
echo "Commit ID returned from API does not match Commit ID in archive 😠"
|
|
exit 1
|
|
fi
|
|
|
|
verify_dirs_files_customization_edge_commit "${COMMIT_DIR}/repo" $OSTREE_REF
|
|
}
|
|
|
|
function verify_dirs_files_customization_edge_commit() {
|
|
echo "✔️ Checking custom directories and files is ostree commit"
|
|
local _repo_path=$1
|
|
local _ref=$2
|
|
local _error=0
|
|
|
|
# verify that `/usr/etc/custom_dir/dir1` exists and has mode `0775`
|
|
# the output from ostree is 'd00775 0 0 0 { [(b'security.selinux', b'system_u:object_r:etc_t:s0')] } /usr/etc/custom_dir/dir1'
|
|
local cust_dir1_mode
|
|
cust_dir1_mode=$(ostree --repo="${_repo_path}" ls -X "${_ref}" /usr/etc/custom_dir/dir1 | awk '{print $1}')
|
|
if [[ "$cust_dir1_mode" != "d00775" ]]; then
|
|
echo "Directory /usr/etc/custom_dir/dir1 has wrong mode: $cust_dir1_mode"
|
|
_error=1
|
|
fi
|
|
|
|
# verify that `/usr/etc/custom_dir/custom_file.txt` exists and contains `image builder is the best\n`
|
|
local cust_file_content
|
|
cust_file_content=$(ostree --repo="${_repo_path}" cat "${_ref}" /usr/etc/custom_dir/custom_file.txt)
|
|
if [[ "$cust_file_content" != "image builder is the best" ]]; then
|
|
echo "File /usr/etc/custom_dir/custom_file.txt has wrong content: $cust_file_content"
|
|
_error=1
|
|
fi
|
|
|
|
# verify that `/usr/etc/custom_dir2/empty_file.txt` exists and is empty
|
|
local cust_file2_content
|
|
cust_file2_content=$(ostree --repo="${_repo_path}" cat "${_ref}" /usr/etc/custom_dir2/empty_file.txt)
|
|
if [[ "$cust_file2_content" != "" ]]; then
|
|
echo "File /usr/etc/custom_dir2/empty_file.txt has wrong content: $cust_file2_content"
|
|
_error=1
|
|
fi
|
|
|
|
if [[ "$_error" == "1" ]]; then
|
|
echo "Testing of custom directories and files failed."
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Verify image blobs from s3
|
|
function verifyDisk() {
|
|
filename="$1"
|
|
greenprint "Verifying contents of ${filename}"
|
|
|
|
infofile="${filename}-info.json"
|
|
sudo /usr/libexec/osbuild-composer-test/image-info "${filename}" | tee "${infofile}" > /dev/null
|
|
|
|
# save image info to artifacts
|
|
cp -v "${infofile}" "${ARTIFACTS}/image-info.json"
|
|
|
|
# check compose request users in passwd
|
|
if ! jq .passwd "${infofile}" | grep -q "user1"; then
|
|
greenprint "❌ user1 not found in passwd file"
|
|
exit 1
|
|
fi
|
|
if ! jq .passwd "${infofile}" | grep -q "user2"; then
|
|
greenprint "❌ user2 not found in passwd file"
|
|
exit 1
|
|
fi
|
|
# check packages for postgresql
|
|
if ! jq .packages "${infofile}" | grep -q "postgresql"; then
|
|
greenprint "❌ postgresql not found in packages"
|
|
exit 1
|
|
fi
|
|
|
|
greenprint "✅ ${filename} image info verified"
|
|
}
|