Commit 8154bf3 smoketest: add sanity smoketest basic test

5 files Authored and Committed by Jianlin Shi 10 months ago
smoketest: add sanity smoketest basic test

    
1 @@ -0,0 +1,3 @@
2 + #!/bin/bash
3 + export TEST_DOCKER_EXTRA_ARGS="--privileged -v /dev:/dev"
4 + exec merge-standard-inventory "$@"
 1 @@ -0,0 +1,64 @@
 2 + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 3 + #
 4 + #   Makefile of /CoreOS/arptables/Sanity/smoketest
 5 + #   Description: Test primary functionality of arptables
 6 + #   Author: Hubert Kario <hkario@redhat.com>
 7 + #           Karel Srot <ksrot@redhat.com>  arptables_jf -> arptables port
 8 + #
 9 + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10 + #
11 + #   Copyright (c) 2014 Red Hat, Inc. All rights reserved.
12 + #
13 + #   This copyrighted material is made available to anyone wishing
14 + #   to use, modify, copy, or redistribute it subject to the terms
15 + #   and conditions of the GNU General Public License version 2.
16 + #
17 + #   This program is distributed in the hope that it will be
18 + #   useful, but WITHOUT ANY WARRANTY; without even the implied
19 + #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
20 + #   PURPOSE. See the GNU General Public License for more details.
21 + #
22 + #   You should have received a copy of the GNU General Public
23 + #   License along with this program; if not, write to the Free
24 + #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
25 + #   Boston, MA 02110-1301, USA.
26 + #
27 + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
28 + 
29 + export TEST=/CoreOS/arptables/Sanity/smoketest
30 + export TESTVERSION=1.0
31 + 
32 + BUILT_FILES=
33 + 
34 + FILES=$(METADATA) runtest.sh Makefile PURPOSE
35 + 
36 + .PHONY: all install download clean
37 + 
38 + run: $(FILES) build
39 + »       ./runtest.sh
40 + 
41 + build: $(BUILT_FILES)
42 + »       test -x runtest.sh || chmod a+x runtest.sh
43 + 
44 + clean:
45 + »       rm -f *~ $(BUILT_FILES)
46 + 
47 + 
48 + include /usr/share/rhts/lib/rhts-make.include
49 + 
50 + $(METADATA): Makefile
51 + »       @echo "Owner:           Hubert Kario <hkario@redhat.com>" > $(METADATA)
52 + »       @echo "Name:            $(TEST)" >> $(METADATA)
53 + »       @echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
54 + »       @echo "Path:            $(TEST_DIR)" >> $(METADATA)
55 + »       @echo "Description:     Test primary functionality of arptables" >> $(METADATA)
56 + »       @echo "Type:            Sanity" >> $(METADATA)
57 + »       @echo "TestTime:        5m" >> $(METADATA)
58 + »       @echo "RunFor:          arptables" >> $(METADATA)
59 + »       @echo "Requires:        arptables" >> $(METADATA)
60 + »       @echo "Priority:        Normal" >> $(METADATA)
61 + »       @echo "License:         GPLv2" >> $(METADATA)
62 + »       @echo "Confidential:    no" >> $(METADATA)
63 + »       @echo "Destructive:     no" >> $(METADATA)
64 + 
65 + »       rhts-lint $(METADATA)
1 @@ -0,0 +1,5 @@
2 + PURPOSE of /CoreOS/arptables/Sanity/smoketest
3 + Description: Test primary functionality of arptables
4 + Author: Hubert Kario <hkario@redhat.com>
5 +         Karel Srot <ksrot@redhat.com>  arptables_jf -> arptables port
6 + 
  1 @@ -0,0 +1,181 @@
  2 + #!/bin/bash
  3 + # vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
  4 + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5 + #
  6 + #   runtest.sh of /CoreOS/arptables/Sanity/smoketest
  7 + #   Description: Test primary functionality of arptables
  8 + #   Author: Hubert Kario <hkario@redhat.com>
  9 + #           Karel Srot <ksrot@redhat.com>  arptables_jf -> arptables port
 10 + #
 11 + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 12 + #
 13 + #   Copyright (c) 2014 Red Hat, Inc. All rights reserved.
 14 + #
 15 + #   This copyrighted material is made available to anyone wishing
 16 + #   to use, modify, copy, or redistribute it subject to the terms
 17 + #   and conditions of the GNU General Public License version 2.
 18 + #
 19 + #   This program is distributed in the hope that it will be
 20 + #   useful, but WITHOUT ANY WARRANTY; without even the implied
 21 + #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 22 + #   PURPOSE. See the GNU General Public License for more details.
 23 + #
 24 + #   You should have received a copy of the GNU General Public
 25 + #   License along with this program; if not, write to the Free
 26 + #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 27 + #   Boston, MA 02110-1301, USA.
 28 + #
 29 + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 30 + 
 31 + # Include Beaker environment
 32 + . /usr/bin/rhts-environment.sh || exit 1
 33 + . /usr/share/beakerlib/beakerlib.sh || exit 1
 34 + 
 35 + PACKAGE="arptables"
 36 + 
 37 + rlJournalStart
 38 +     rlPhaseStartSetup
 39 +         rlAssertRpm $PACKAGE
 40 +         rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
 41 +         rlRun "pushd $TmpDir"
 42 + »       rlRun "cat > clean-tables <<_EOF_
 43 + *filter
 44 + :INPUT ACCEPT
 45 + :OUTPUT ACCEPT
 46 + :FORWARD ACCEPT
 47 + _EOF_" 0 "Create saved configuration with no rules and default ACCEPT policies"
 48 +     rlPhaseEnd
 49 + 
 50 +     rlPhaseStartTest "CLI options sanity tests"
 51 + »       arptables_out=`mktemp -p .`
 52 + »       rlRun "arptables -L > $arptables_out" 0 "Check if we can run the command"
 53 + »       rlRun "grep 'Chain INPUT' $arptables_out" 0 "Check if the IN table is present"
 54 + »       rlRun "grep 'Chain OUTPUT' $arptables_out" 0 "Check if the OUT table is present"
 55 + »       rlRun "grep 'Chain FORWARD' $arptables_out" 0 "Check if the FORWARD table is present"
 56 + »       rlRun "arptables-restore < clean-tables" 0 "Restore clean configuration"
 57 + »       rlRun "arptables -vL" 0 "Check if -v option is supported in list mode"
 58 + »       rlRun "arptables -t filter -L >/dev/null" 0 "Check if the -t option is supported in list more"
 59 + »       rlRun "arptables -nL >/dev/null" 0 "Check if -n option is supported in list mode"
 60 + »       rlRun "arptables -xL >/dev/null" 0 "Check if -x option is supported in list mode"
 61 + »       rlRun "arptables --line-numbers -L >/dev/null" 0 "Check if --line-numbers option is supported in list mode"
 62 + »       rlRun "arptables --line-numbers -xnv -t filter -L >/dev/null" 0 "Check if all the options are supported at the same time"
 63 + »       rlRun "arptables -F INPUT" 0 "Try to flush INPUT table"
 64 + »       rlRun "arptables -F OUTPUT" 0 "Try to flush OUTPUT table"
 65 + »       rlRun "arptables -F FORWARD" 0 "Try to flush FORWARD table"
 66 + »       rlRun "arptables -Z INPUT" 0 "Try to zero the counters in INPUT table"
 67 + »       rlRun "arptables -P INPUT DROP" 0 "Change policy of INPUT table to drop"
 68 + »       rlRun "arptables -L | grep 'INPUT.*policy DROP'" 0 "Check if policy is set"
 69 + »       rlRun "arptables -P INPUT RETURN" 1 "Check if setting the default policy to RETURN is not allowed"
 70 + »       rlRun "arptables -P INPUT ACCEPT" 0 "Change policy back to ACCEPT"
 71 + »       rlRun "arptables -L | grep 'INPUT.*policy ACCEPT'" 0 "Check if policy was set"
 72 + »       rlRun "arptables -L OUTPUT > $arptables_out" 0 "Check if outputting only specific table is supported"
 73 + »       rlRun "grep -E 'Chain.*INPUT|Chain.*FORWARD' $arptables_out" 1 "Check if arptables output didn't contain listing from other tables"
 74 +    rlPhaseEnd
 75 + 
 76 +    rlPhaseStartTest "Check rule manipulation"
 77 + »       rlRun "arptables-restore < clean-tables" 0 "Restore tables to known good state"
 78 + »       rlRun "arptables -A OUTPUT -s 192.168.0.1 -d 192.168.1.1 -j ACCEPT" 0 "Add simple rule to OUTPUT chain"
 79 + »       rlRun "arptables -nL OUTPUT | grep -E 'ACCEPT.*192.168.0.1.*192.168.1.1'" 0 "Check if the simple rule was added"
 80 + »       arptables_save=`mktemp -p .`
 81 + »       rlRun "arptables-save > $arptables_save" 0 "Try to save the rules to file"
 82 + »       rlRun "grep -E 'OUTPUT.*ACCEPT.*192.168.0.1.*192.168.1.1' $arptables_save" 0 "Check if the rule is present in file"
 83 + »       rlRun "arptables -F OUTPUT" 0 "Remove the rules from OUT table"
 84 + »       rlRun "arptables -nL OUTPUT | grep -E 'ACCEPT.*192.168.0.1.*192.168.1.1'" 1 "Check if the simple rule was successfully removed"
 85 + »       rlRun "arptables-restore < $arptables_save" 0 "Try to restore saved rules"
 86 + »       rlRun "arptables -nL OUTPUT | grep -E 'ACCEPT.*192.168.0.1.*192.168.1.1'" 0 "Check if the simple rule was added back"
 87 + »       rlRun "arptables -A OUTPUT -s 172.16.12.12 -d 172.16.13.13 -j ACCEPT" 0 "Add second rule to OUTPUT chain"
 88 + »       rlRun "arptables -n --line-numbers -L OUTPUT | grep '^[[:space:]]*1' | grep 'ACCEPT.*192.168.0.1.*192.168.1.1'" 0 "Check if first rule is still first"
 89 + »       rlRun "arptables -n --line-numbers -L OUTPUT | grep '^[[:space:]]*2' | grep -E 'ACCEPT.*172.16.12.12.*172.16.13.13'" 0 "Check if second rule is on second position"
 90 + »       rlRun "arptables -I OUTPUT 2 -s 10.10.10.10 -d 10.11.12.13 -j ACCEPT" 0 "Insert a new rule in the second place of the chain"
 91 + »       rlRun "arptables -n --line-numbers -L OUTPUT | grep '^[[:space:]]*2' | grep -E 'ACCEPT.*10.10.10.10.*10.11.12.13'" 0 "Check if rule was inserted to second position"
 92 + »       rlRun "arptables -n --line-numbers -L OUTPUT | grep '^[[:space:]]*3' | grep -E 'ACCEPT.*172.16.12.12.*172.16.13.13'" 0 "Check if second rule was moved to last position"
 93 + »       rlRun "arptables -D OUTPUT 3" 0 "Try to remove the third rule in chain"
 94 + »       rlRun "arptables -n --line-numbers -L OUTPUT | grep '^[[:space:]]*3'" 1 "Check if third rule was removed"
 95 + »       rlRun "arptables -D OUTPUT -s 192.168.0.1 -d 192.168.1.1 -j ACCEPT" 0 "Try to remove the rule by specyfying it"
 96 + »       rlRun "arptables -nL OUTPUT | grep -E 'ACCEPT.*192.168.0.1.*192.168.1.1'" 1 "Check if the rule was removed"
 97 + »       rlRun "arptables -n --line-numbers -L OUTPUT | grep '^[[:space:]]*2'" 1 "Check if there is no more than a single rule"
 98 + »       rlRun "arptables -nL OUTPUT | grep ACCEPT.*10.10.10.10.*10.11.12.13" 0 "Check if the only rule left is the one that should have left"
 99 +     rlPhaseEnd
100 + 
101 + 
102 +     rlPhaseStartTest "Test chain manipulation"
103 + »       rlRun "arptables-restore < clean-tables" 0 "Restore tables to known good state"
104 + »       rlRun "arptables -nL | grep -E 'Chain.*FOOBAR|Chain.*BAZ'" 1 "Make sure there is no table with the test name"
105 + »       rlRun "arptables -N FOOBAR" 0 "Test creation of new table"
106 + »       rlRun "arptables -nL | grep 'Chain.*FOOBAR'" 0 "Check if the table was created"
107 + »       rlRun "arptables -A FOOBAR -s 192.168.0.1 -d 192.168.1.1 -j ACCEPT" 0 "Try adding a rule to the new table"
108 + »       rlRun "arptables -nL FOOBAR | grep 'ACCEPT.*192.168.0.1.*192.168.1.1'" 0 "Check if the rule was added"
109 + »       rlRun "arptables -E FOOBAR BAZ" 0 "Try renaming the table"
110 + »       rlRun "arptables -L FOOBAR" 1 "Check if the table was removed"
111 + »       rlRun "arptables -nL BAZ | grep 'ACCEPT.*192.168.0.1.*192.168.1.1'" 0 "Check if the rule was preserved"
112 + »       rlRun "arptables -F BAZ" 0 "Check if flushing a user chain is supported"
113 + »       rlRun "arptables -nL BAZ | grep 'ACCEPT.*192.168.0.1.*192.168.1.1'" 1 "Check if flushing was successful"
114 + »       rlRun "arptables -X BAZ" 0 "Try removing the user table"
115 + »       rlRun "arptables -nL | grep -E 'FOOBAR|BAZ'" 1 "Check if no test table remains"
116 + »       rlRun "arptables -nL | grep 'ACCEPT.*192.168.0.1.*192.168.1.1'" 1 "Check if the rule from user table was not migrated somwhere else"
117 +     rlPhaseEnd
118 + 
119 + 
120 +     rlPhaseStartTest "Test inter-table reference handling"
121 + »       rlRun "arptables-restore < clean-tables" 0 "Restore tables to known good state"
122 + »       rlRun "arptables -A OUTPUT -d 192.168.0.1 -j FOOBAR" 2 "Check if creating rule referencing non existing table fails"
123 + »       rlRun "arptables -N FOOBAR" 0 "Add new user table"
124 + »       rlRun "arptables -A OUTPUT -d 192.168.0.1 -j FOOBAR" 0 "Add a rule referencing user table"
125 + »       rlRun "arptables -X FOOBAR" 1 "Check if removing table with references fails"
126 + »       rlRun "arptables -E FOOBAR BAZ" 0 "Rename user table"
127 + »       rlRun "arptables -nL OUTPUT | grep BAZ" 0 "Check if the reference name changed in system table"
128 + »       rlRun "arptables -X BAZ" 1 "Check if removing table with references still fails"
129 + »       rlRun "arptables -D OUTPUT 1" 0 "Remove rule"
130 + »       rlRun "arptables -X BAZ" 0 "Remove user created table"
131 +      rlPhaseEnd
132 + 
133 + 
134 +     rlPhaseStartTest "Test rule parameters"
135 + »       rlRun "arptables-restore < clean-tables" 0 "Restore tables to known good state"
136 + »       rlRun "arptables -A OUTPUT --source-ip 192.168.0.1 -j ACCEPT" 0 "Check if --source-ip option is supported"
137 + »       rlRun "arptables -A OUTPUT -s 192.168.0.1 -j ACCEPT" 0 "Check if -s option is supported"
138 + »       rlRun "arptables -A OUTPUT --source-ip ! 192.168.0.1 -j ACCEPT" 0 "Check if negated --source-ip option is supported"
139 + »       rlRun "arptables -A OUTPUT --source-ip 192.168.0.0/16 -j ACCEPT" 0 "Check if --source-ip option with mask is supported"
140 + »       rlRun "arptables -A OUTPUT --destination-ip 192.168.0.1 -j ACCEPT" 0 "Check if --destination-ip option is supported"
141 + »       rlRun "arptables -A OUTPUT -d 192.168.0.1 -j ACCEPT" 0 "Check if -d option is supported"
142 + »       rlRun "arptables -A OUTPUT --destination-ip ! 192.168.0.1 -j ACCEPT" 0 "Check if negated --destination-ip option is supported"
143 + »       rlRun "arptables -A OUTPUT --destination-ip 192.168.0.0/24 -j ACCEPT" 0 "Check if --destination-ip option with mask is supported"
144 + »       rlRun "arptables -A OUTPUT --source-mac 00:11:22:33:44:66 -j ACCEPT" 0 "Check if --source-mac option is supported"
145 + »       rlRun "arptables -A OUTPUT --source-mac \! 00:11:22:33:44:55 -j ACCEPT" 0 "Check if negated --source-mac option is supported"
146 + »       rlRun "arptables -A OUTPUT --destination-mac 55:44:33:22:11:11 -j ACCEPT" 0 "Check if --destination-mac option is supported"
147 + »       rlRun "arptables -A OUTPUT --destination-mac \! 55:44:33:22:11:00 -j ACCEPT" 0 "Check if negated --destination-mac option is supported"
148 + »       rlRun "arptables -A INPUT -i en0 -j ACCEPT" 0 "Check if -i option is supported"
149 + »       rlRun "arptables -A INPUT --in-interface en1 -j ACCEPT" 0 "Check if --in-interface is supported"
150 + »       rlRun "arptables -A INPUT --in-interface ! en1 -j ACCEPT" 0 "Check if negated --in-interface is supported"
151 + »       rlRun "arptables -A INPUT -i en+ -j ACCEPT" 0 "Check if -i option supports wildcards"
152 + »       rlRun "arptables -A OUTPUT -o ed0 -j ACCEPT" 0 "Check if -o option is supported"
153 + »       rlRun "arptables -A OUTPUT --out-interface ed1 -j ACCEPT" 0 "Check if --out-interface option is supported"
154 + »       rlRun "arptables -A OUTPUT --out-interface ! ed1 -j ACCEPT" 0 "Check if negated --out-interface option is supported"
155 + »       rlRun "arptables -A OUTPUT -o ed+ -j ACCEPT" 0 "Check if -o option supports wildcards"
156 + »       rlRun "arptables -A OUTPUT --opcode Request -j ACCEPT" 0 "Check if --opcode option is supported"
157 + »       rlRun "arptables -A OUTPUT --h-type Ethernet -j ACCEPT" 0 "Check if --h-type option is supported"
158 + »       rlRun "arptables -A OUTPUT --proto-type IPV4 -j ACCEPT" 0 "Check if --proto-type option is supported"
159 + #»       rlRun "arptables -A OUTPUT -s 192.168.0.1 -d 192.168.1.1 --set-counters 1 8 -j ACCEPT" 0 "Check if --set-counters option is supported"»       
160 + #»       rlRun "arptables -A OUTPUT -s 192.168.0.1 -d 192.168.1.1 --set-counters $((1024*1024*1024*3)) $((1024*1024*1024*3)) -j ACCEPT" 0 "Check if --set-counters option handles large values (>2^31)"
161 + #»       rlRun "arptables -A OUTPUT -s 192.168.0.1 -d 192.168.1.1 --source-mac 00:11:22:33:44:55 --destination-mac 55:44:33:22:11:00 -o eth1 --opcode Reply --h-type Ethernet --proto-type IPV4 --set-counters 12 21 " 0 "Check if all options at the same time are supported"
162 +     rlPhaseEnd
163 + 
164 + 
165 +     rlPhaseStartTest "Test mangle target parameters"
166 + »       rlRun "arptables-restore < clean-tables" 0 "Restore tables to known good state"
167 + »       rlRun "arptables -A OUTPUT -s 192.168.0.1 -j mangle --mangle-ip-s 10.0.0.1" 0 "Check if --mangle-ip-s option is supported"
168 + »       rlRun "arptables -A OUTPUT -s 192.168.0.1 -j mangle --mangle-ip-d 10.0.10.1" 0 "Check if --mangle-ip-d option is supported"
169 + »       rlRun "arptables -A OUTPUT --h-length 06 -d 192.168.0.1 -j mangle --mangle-mac-s 00:11:22:33:44:55" 0 "Check if --mangle-mac-s is supported"
170 + »       rlRun "arptables -A OUTPUT --h-length 06 -d 192.168.0.1 -j mangle --mangle-mac-d 55:44:33:22:11:00" 0 "Check if --mangle-mac-d option is supported"
171 + »       rlRun "arptables -A OUTPUT -s 192.168.0.1 -j mangle --mangle-ip-s 10.0.0.1 --mangle-target CONTINUE" 0 "Check if --mangle-target option is supported"
172 +     rlPhaseEnd
173 + 
174 + 
175 +     rlPhaseStartCleanup
176 + »       rlRun "arptables-restore < clean-tables" 0 "Restore tables to known good state"
177 +         rlRun "popd"
178 +         rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
179 +     rlPhaseEnd
180 + rlJournalPrintText
181 + rlJournalEnd
182 + 
 1 @@ -0,0 +1,29 @@
 2 + - hosts: localhost
 3 +   tags:
 4 +   - classic
 5 +   roles:
 6 +   - role: standard-test-beakerlib
 7 +     tests:
 8 +     - smoketest
 9 +     required_packages:
10 +     - arptables
11 + 
12 + - hosts: localhost
13 +   tags:
14 +   - container
15 +   roles:
16 +   - role: standard-test-beakerlib
17 +     tests:
18 +     - smoketest
19 +     required_packages:
20 +     - arptables
21 + 
22 + - hosts: localhost
23 +   tags:
24 +   - atomic
25 +   roles:
26 +   - role: standard-test-beakerlib
27 +     tests:
28 +     - smoketest
29 +     required_packages:
30 +     - arptables