add a server default firewall test

Summary: The test here is a bit ugly, but it should work. Better ideas welcome =) Test Plan: Run the test, check it works (and maybe hack it up a bit and check it fails properly too, it worked first time for me which is always suspicious) Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D870
2024-06-09 21:30:15 +00:00 · 2016-05-31 14:24:34 -07:00 · 2016-05-31 14:24:34 -07:00 · cf543adf72
commit cf543adf72
parent 802c9298fd
2 changed files with 50 additions and 0 deletions
--- a/21
+++ b/21
@ -831,6 +831,17 @@
                                    },
                      test_suite => { name => "install_kickstart_firewall_configured" },
                    },
+                    {
+                      machine    => { name => "64bit" },
+                      prio       => 40,
+                      product    => {
+                                      arch    => "x86_64",
+                                      distri  => "fedora",
+                                      flavor  => "Server-dvd-iso",
+                                      version => "*",
+                                    },
+                      test_suite => { name => "server_firewall_default" },
+                    },
                    {
                      machine    => { name => "64bit" },
                      prio       => 11,
@ -1608,6 +1619,16 @@
                        { key => "USER_LOGIN", value => "false" },
                      ],
                    },
+                    {
+                      name => "server_firewall_default",
+                      settings => [
+                        { key => "POSTINSTALL", value => "server_firewall_default" },
+                        { key => "USER_LOGIN", value => "false" },
+                        { key => "START_AFTER_TEST", value => "install_default_upload" },
+                        { key => "BOOTFROM", value => "c" },
+                        { key => "HDD_1", value => "disk_%FLAVOR%_%MACHINE%.qcow2" },
+                      ],
+                    },
                    {
                      name => "server_role_deploy_domain_controller",
                      settings => [
--- a/tests/server_firewall_default_postinstall.pm
+++ b/tests/server_firewall_default_postinstall.pm
@ -0,0 +1,29 @@
+use base "installedtest";
+use strict;
+use testapi;
+
+sub run {
+    my $self=shift;
+    if (not( check_screen "root_console", 0)) {
+        $self->root_console(tty=>3);
+    }
+    # this only succeeds if the firewall is running
+    assert_script_run 'firewall-cmd --state';
+    # we need to check that exactly these three services and no others
+    # are allowed...but the displayed order is arbitrary.
+    validate_script_output 'firewall-cmd --list-services', sub { m/^(cockpit dhcpv6-client ssh|cockpit ssh dhcpv6-client|dhcpv6-client cockpit ssh|dhcpv6-client ssh cockpit|ssh cockpit dhcpv6-client|ssh dhcpv6-client cockpit)$/ };
+    validate_script_output 'firewall-cmd --list-ports', sub { m/^$/ };
+    validate_script_output 'firewall-cmd --list-protocols', sub { m/^$/ };
+}
+
+sub test_flags {
+    # without anything - rollback to 'lastgood' snapshot if failed
+    # 'fatal' - whole test suite is in danger if this fails
+    # 'milestone' - after this test succeeds, update 'lastgood'
+    # 'important' - if this fails, set the overall state to 'fail'
+    return { fatal => 1 };
+}
+
+1;
+
+# vim: set sw=4 et: