Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: add fips-updates tests for Jammy #2821

Merged
merged 1 commit into from
Nov 24, 2023
+89 −0
Merged

test: add fips-updates tests for Jammy #2821

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions features/enable_fips_cloud.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -466,3 +466,22 @@ Feature: FIPS enablement in cloud based machines
| release | machine_type |
| bionic | aws.generic |
| focal | aws.generic |

Scenario Outline: Attached enable of FIPS in an ubuntu GCP vm
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not worrying that much now as we never did in the past, but at some point in time we need to verify the Scenario names... even the ones that are correct could be more descriptive

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed

Given a `<release>` `<machine_type>` machine with ubuntu-advantage-tools installed
When I attach `contract_token` with sudo
And I verify that running `pro enable fips-updates --assume-yes` `with sudo` exits `1`
Then stdout matches regexp:
"""
FIPS Updates is not available for Ubuntu 22.04 LTS \(Jammy Jellyfish\)
"""
When I run `pro status --all` with sudo
Then stdout matches regexp:
"""
fips-updates +yes +n/a
"""

Examples: ubuntu release
| release | machine_type |
| jammy | aws.generic |
| jammy | azure.generic |
70 changes: 70 additions & 0 deletions features/enable_fips_vm.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -620,3 +620,73 @@ Feature: FIPS enablement in lxd VMs
Examples: ubuntu release
| release | machine_type |
| jammy | lxd-vm |

@slow
Scenario Outline: Attached enable of FIPS-updates in an ubuntu lxd vm
Given a `<release>` `<machine_type>` machine with ubuntu-advantage-tools installed
When I attach `contract_token` with sudo
And I run `apt update` with sudo
And I run `DEBIAN_FRONTEND=noninteractive apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y openssh-client openssh-server strongswan` with sudo, retrying exit [100]
When I run `pro enable <fips-service> --assume-yes` with sudo
Then stdout matches regexp:
"""
Updating <fips-name> package lists
Installing <fips-name> packages
Updating standard Ubuntu package lists
<fips-name> enabled
A reboot is required to complete install
"""
When I run `pro status --all` with sudo
Then stdout matches regexp:
"""
<fips-service> +yes enabled
"""
And I verify that running `apt update` `with sudo` exits `0`
And I verify that `openssh-server` is installed from apt source `<fips-apt-source>`
And I verify that `openssh-client` is installed from apt source `<fips-apt-source>`
And I verify that `strongswan` is installed from apt source `<fips-apt-source>`
And I verify that `strongswan-hmac` is installed from apt source `<fips-apt-source>`
When I reboot the machine
And I run `uname -r` as non-root
Then stdout matches regexp:
"""
fips
"""
When I run `cat /proc/sys/crypto/fips_enabled` with sudo
Then I will see the following on stdout:
"""
1
"""
When I run `pro disable <fips-service> --assume-yes` with sudo
Then stdout matches regexp:
"""
Updating package lists
A reboot is required to complete disable operation
"""
When I reboot the machine
Then I verify that `openssh-server` installed version matches regexp `Fips`
And I verify that `openssh-client` installed version matches regexp `Fips`
And I verify that `strongswan` installed version matches regexp `Fips`
And I verify that `strongswan-hmac` installed version matches regexp `Fips`
When I run `apt-mark unhold openssh-client openssh-server strongswan` with sudo
Then I will see the following on stdout:
"""
openssh-client was already not on hold.
openssh-server was already not on hold.
strongswan was already not on hold.
"""
When I run `pro status --all` with sudo
Then stdout matches regexp:
"""
<fips-service> +yes disabled
"""
When I verify that running `pro enable fips --assume-yes` `with sudo` exits `1`
Then stdout matches regexp:
"""
Cannot enable FIPS because FIPS Updates was once enabled.
"""
And I verify that files exist matching `/var/lib/ubuntu-advantage/services-once-enabled`

Examples: ubuntu release
| release | machine_type | fips-name | fips-service |fips-apt-source |
| jammy | lxd-vm | FIPS Updates | fips-updates |https://esm.ubuntu.com/fips-updates/ubuntu jammy-updates/main |
Loading