add a server default firewall test

Summary: The test here is a bit ugly, but it should work. Better ideas welcome =) Test Plan: Run the test, check it works (and maybe hack it up a bit and check it fails properly too, it worked first time for me which is always suspicious) Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D870
2024-11-20 04:01:28 +00:00 · 2016-05-31 14:24:34 -07:00 · 2016-05-31 14:24:34 -07:00 · cf543adf72
commit cf543adf72
parent 802c9298fd
2 changed files with 50 additions and 0 deletions
--- a/21
+++ b/21
@ -831,6 +831,17 @@
                                    },
                      test_suite => { name => "install_kickstart_firewall_configured" },
                    },
                    {
                      machine    => { name => "64bit" },
                      prio       => 40,
                      product    => {
                                      arch    => "x86_64",
                                      distri  => "fedora",
                                      flavor  => "Server-dvd-iso",
                                      version => "*",
                                    },
                      test_suite => { name => "server_firewall_default" },
                    },
                    {
                      machine    => { name => "64bit" },
                      prio       => 11,
@ -1608,6 +1619,16 @@
                        { key => "USER_LOGIN", value => "false" },
                      ],
                    },
                    {
                      name => "server_firewall_default",
                      settings => [
                        { key => "POSTINSTALL", value => "server_firewall_default" },
                        { key => "USER_LOGIN", value => "false" },
                        { key => "START_AFTER_TEST", value => "install_default_upload" },
                        { key => "BOOTFROM", value => "c" },
                        { key => "HDD_1", value => "disk_%FLAVOR%_%MACHINE%.qcow2" },
                      ],
                    },
                    {
                      name => "server_role_deploy_domain_controller",
                      settings => [
--- a/tests/server_firewall_default_postinstall.pm
+++ b/tests/server_firewall_default_postinstall.pm
@ -0,0 +1,29 @@
 use base "installedtest";
 use strict;
 use testapi;
 sub run {
    my $self=shift;
    if (not( check_screen "root_console", 0)) {
        $self->root_console(tty=>3);
    }
    # this only succeeds if the firewall is running
    assert_script_run 'firewall-cmd --state';
    # we need to check that exactly these three services and no others
    # are allowed...but the displayed order is arbitrary.
    validate_script_output 'firewall-cmd --list-services', sub { m/^(cockpit dhcpv6-client ssh|cockpit ssh dhcpv6-client|dhcpv6-client cockpit ssh|dhcpv6-client ssh cockpit|ssh cockpit dhcpv6-client|ssh dhcpv6-client cockpit)$/ };
    validate_script_output 'firewall-cmd --list-ports', sub { m/^$/ };
    validate_script_output 'firewall-cmd --list-protocols', sub { m/^$/ };
 }
 sub test_flags {
    # without anything - rollback to 'lastgood' snapshot if failed
    # 'fatal' - whole test suite is in danger if this fails
    # 'milestone' - after this test succeeds, update 'lastgood'
    # 'important' - if this fails, set the overall state to 'fail'
    return { fatal => 1 };
 }
 1;
 # vim: set sw=4 et: