From cf543adf72025c9f400b5577c1b27b8cbee89ce5 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 31 May 2016 14:24:34 -0700
Subject: [PATCH] add a server default firewall test

Summary:
The test here is a bit ugly, but it should work. Better ideas
welcome =)

Test Plan:
Run the test, check it works (and maybe hack it up
a bit and check it fails properly too, it worked first time for
me which is always suspicious)

Reviewers: jskladan, garretraziel

Reviewed By: garretraziel

Subscribers: tflink

Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D870
---
 templates                                    | 21 ++++++++++++++
 tests/server_firewall_default_postinstall.pm | 29 ++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 tests/server_firewall_default_postinstall.pm

diff --git a/templates b/templates
index 7782a9dc..97667a2c 100755
--- a/templates
+++ b/templates
@@ -831,6 +831,17 @@
                                     },
                       test_suite => { name => "install_kickstart_firewall_configured" },
                     },
+                    {
+                      machine    => { name => "64bit" },
+                      prio       => 40,
+                      product    => {
+                                      arch    => "x86_64",
+                                      distri  => "fedora",
+                                      flavor  => "Server-dvd-iso",
+                                      version => "*",
+                                    },
+                      test_suite => { name => "server_firewall_default" },
+                    },
                     {
                       machine    => { name => "64bit" },
                       prio       => 11,
@@ -1608,6 +1619,16 @@
                         { key => "USER_LOGIN", value => "false" },
                       ],
                     },
+                    {
+                      name => "server_firewall_default",
+                      settings => [
+                        { key => "POSTINSTALL", value => "server_firewall_default" },
+                        { key => "USER_LOGIN", value => "false" },
+                        { key => "START_AFTER_TEST", value => "install_default_upload" },
+                        { key => "BOOTFROM", value => "c" },
+                        { key => "HDD_1", value => "disk_%FLAVOR%_%MACHINE%.qcow2" },
+                      ],
+                    },
                     {
                       name => "server_role_deploy_domain_controller",
                       settings => [
diff --git a/tests/server_firewall_default_postinstall.pm b/tests/server_firewall_default_postinstall.pm
new file mode 100644
index 00000000..2aa0c7b8
--- /dev/null
+++ b/tests/server_firewall_default_postinstall.pm
@@ -0,0 +1,29 @@
+use base "installedtest";
+use strict;
+use testapi;
+
+sub run {
+    my $self=shift;
+    if (not( check_screen "root_console", 0)) {
+        $self->root_console(tty=>3);
+    }
+    # this only succeeds if the firewall is running
+    assert_script_run 'firewall-cmd --state';
+    # we need to check that exactly these three services and no others
+    # are allowed...but the displayed order is arbitrary.
+    validate_script_output 'firewall-cmd --list-services', sub { m/^(cockpit dhcpv6-client ssh|cockpit ssh dhcpv6-client|dhcpv6-client cockpit ssh|dhcpv6-client ssh cockpit|ssh cockpit dhcpv6-client|ssh dhcpv6-client cockpit)$/ };
+    validate_script_output 'firewall-cmd --list-ports', sub { m/^$/ };
+    validate_script_output 'firewall-cmd --list-protocols', sub { m/^$/ };
+}
+
+sub test_flags {
+    # without anything - rollback to 'lastgood' snapshot if failed
+    # 'fatal' - whole test suite is in danger if this fails
+    # 'milestone' - after this test succeeds, update 'lastgood'
+    # 'important' - if this fails, set the overall state to 'fail'
+    return { fatal => 1 };
+}
+
+1;
+
+# vim: set sw=4 et: