tests: add e2e tests for all policy managers (#891)

I recommend reviewing this one commit by commit since it includes lots of minor fixes and improvements to support the e2e tests implementation. There's more context in the individual commit messages too. I've ran the suite on focal, jammy and mantic and got passing runs, however I'll tinker with them some more once everything is set up on GitHub Actions (as part of a follow-up card). Because this PR includes changes to the VM template provisioning script, we will have to refresh the templates once this is merged. Fixes UDENG-1360
ubuntu · Jan 23, 2024 · 706877b · 706877b
2 parents be8b0d0 + 3b5b124
commit 706877b
Show file tree

Hide file tree

Showing 18 changed files with 581 additions and 46 deletions.
diff --git a/e2e/assets/sysvol/assets/scripts/shutdown-machine-script.sh b/e2e/assets/sysvol/assets/scripts/shutdown-machine-script.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/sh
-touch /etc/adsys-machine-shutdown
+touch /etc/created-by-adsys-machine-shutdown-script
diff --git a/e2e/assets/sysvol/assets/scripts/startup-machine-script.sh b/e2e/assets/sysvol/assets/scripts/startup-machine-script.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/sh
-touch /etc/adsys-machine-startup
+touch /etc/created-by-adsys-machine-startup-script
diff --git a/e2e/assets/sysvol/assets/scripts/user-logoff-admin.sh b/e2e/assets/sysvol/assets/scripts/user-logoff-admin.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/sh
-touch ~/adsys-admin-logged-off
+touch ~/created-by-adsys-admin-logoff-script
diff --git a/e2e/assets/sysvol/assets/scripts/user-logon-admin.sh b/e2e/assets/sysvol/assets/scripts/user-logon-admin.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/sh
-touch ~/adsys-admin-logged-on
+touch ~/created-by-adsys-admin-logon-script
diff --git a/e2e/assets/sysvol/assets/scripts/user-logon.sh b/e2e/assets/sysvol/assets/scripts/user-logon.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/sh
-touch ~/adsys-user-logged-on
+touch ~/created-by-adsys-user-logon-script
diff --git a/e2e/cmd/build_base_image/01_prepare_base_vm/main.go b/e2e/cmd/build_base_image/01_prepare_base_vm/main.go
@@ -60,8 +60,7 @@ The machine must be connected to the ADSys E2E tests VPN.`, filepath.Base(os.Arg
 	return cmd.Execute(context.Background())
 }
 
-func validate(_ context.Context, _ *command.Command) error {
-	var err error
+func validate(_ context.Context, _ *command.Command) (err error) {
 	sshKey, err = command.ValidateAndExpandPath(sshKey, command.DefaultSSHKeyPath)
 	if err != nil {
 		return err

diff --git a/...sion_resources/00_build_adsys_deb/main.go → e2e/cmd/run_tests/00_build_adsys_deb/main.go b/...sion_resources/00_build_adsys_deb/main.go → e2e/cmd/run_tests/00_build_adsys_deb/main.go
diff --git a/...ion_resources/01_provision_client/main.go → ...cmd/run_tests/01_provision_client/main.go b/...ion_resources/01_provision_client/main.go → ...cmd/run_tests/01_provision_client/main.go
@@ -10,7 +10,6 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
-	"time"
 
 	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
@@ -58,8 +57,7 @@ This script will:
 	return cmd.Execute(context.Background())
 }
 
-func validate(_ context.Context, _ *command.Command) error {
-	var err error
+func validate(_ context.Context, _ *command.Command) (err error) {
 	sshKey, err = command.ValidateAndExpandPath(sshKey, command.DefaultSSHKeyPath)
 	if err != nil {
 		return err
@@ -149,8 +147,12 @@ func action(ctx context.Context, cmd *command.Command) error {
 	ipAddress := vm.IP
 	id := vm.ID
 
-	// Sleep for a bit to let the VM finish booting
-	time.Sleep(5 * time.Second)
+	// Wait for cloud-init to finish before connecting
+	_, _, err = az.RunCommand(ctx, "vm", "run-command", "invoke",
+		"--ids", id,
+		"--command-id", "RunShellScript",
+		"--scripts", "cloud-init status --wait",
+	)
 
 	client, err := remote.NewClient(ipAddress, "root", sshKey)
 	if err != nil {
@@ -164,7 +166,7 @@ func action(ctx context.Context, cmd *command.Command) error {
 	}
 	hostname := strings.TrimSpace(string(out))
 
-	_, err = client.Run(ctx, "sudo mkdir -p /debs")
+	_, err = client.Run(ctx, "mkdir -p /debs")
 	if err != nil {
 		return fmt.Errorf("failed to create /debs directory on VM: %w", err)
 	}
@@ -182,6 +184,14 @@ func action(ctx context.Context, cmd *command.Command) error {
 
 	log.Infof("Installing adsys package...")
 	_, err = client.Run(ctx, "apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get install -y /debs/*.deb")
+	if err != nil {
+		return fmt.Errorf("failed to install adsys package: %w", err)
+	}
+
+	// TODO: remove this once the packages installed below are MIRed and installed by default with adsys
+	log.Infof("Installing universe packages required for some policy managers...")
+	_, err = client.Run(ctx, "DEBIAN_FRONTEND=noninteractive apt-get install -y ubuntu-proxy-manager python3-cepces")
+	// Allow errors here on account on packages not being available on the tested Ubuntu version
 
 	cmd.Inventory.IP = ipAddress
 	cmd.Inventory.VMID = id

diff --git a/...ovision_resources/02_provision_ad/main.go → e2e/cmd/run_tests/02_provision_ad/main.go b/...ovision_resources/02_provision_ad/main.go → e2e/cmd/run_tests/02_provision_ad/main.go
@@ -42,8 +42,7 @@ This script will:
 	return cmd.Execute(context.Background())
 }
 
-func validate(_ context.Context, cmd *command.Command) error {
-	var err error
+func validate(_ context.Context, cmd *command.Command) (err error) {
 	sshKey, err = command.ValidateAndExpandPath(cmd.Inventory.SSHKeyPath, command.DefaultSSHKeyPath)
 	if err != nil {
 		return err

diff --git a/e2e/cmd/run_tests/03_test_non_pro_managers/main.go b/e2e/cmd/run_tests/03_test_non_pro_managers/main.go
@@ -0,0 +1,117 @@
+// Package main provides a script that applies and asserts non-Pro policies on
+// the provisioned Ubuntu client.
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/ubuntu/adsys/e2e/internal/command"
+	"github.com/ubuntu/adsys/e2e/internal/inventory"
+	"github.com/ubuntu/adsys/e2e/internal/remote"
+)
+
+var sshKey string
+
+func main() {
+	os.Exit(run())
+}
+
+func run() int {
+	cmd := command.New(action,
+		command.WithValidateFunc(validate),
+		command.WithRequiredState(inventory.ADProvisioned),
+	)
+	cmd.Usage = fmt.Sprintf(`go run ./%s [options]
+
+Apply and assert non-Pro policies on the Ubuntu client.
+
+These policies are configured in the e2e/assets/gpo directory, and described as
+part of the ADSys QA Plan document.
+
+https://docs.google.com/document/d/1dIdhqAfNohapcTgWVVeyG7aSDMrGJekeezmoRdd_JSU/
+
+This script will:
+ - reboot the client VM to trigger machine policy application
+ - assert machine GPO rules were applied
+ - assert users and admins GPO rules were applied
+
+The run is considered successful if the script exits with a zero exit code.
+
+The runner must be connected to the ADSys E2E tests VPN.`, filepath.Base(os.Args[0]))
+
+	return cmd.Execute(context.Background())
+}
+
+func validate(_ context.Context, cmd *command.Command) (err error) {
+	sshKey, err = command.ValidateAndExpandPath(cmd.Inventory.SSHKeyPath, command.DefaultSSHKeyPath)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func action(ctx context.Context, cmd *command.Command) error {
+	client, err := remote.NewClient(cmd.Inventory.IP, "root", sshKey)
+	if err != nil {
+		return fmt.Errorf("failed to connect to VM: %w", err)
+	}
+
+	// Reboot machine to apply machine policies
+	if err := client.Reboot(); err != nil {
+		return err
+	}
+
+	// Assert machine policies were applied
+	if err := client.RequireEqual(ctx, "DCONF_PROFILE=gdm dconf read /org/gnome/desktop/interface/clock-format", "'12h'"); err != nil {
+		return err
+	}
+	if err := client.RequireEqual(ctx, "DCONF_PROFILE=gdm dconf read /org/gnome/desktop/interface/clock-show-weekday", "false"); err != nil {
+		return err
+	}
+	if err := client.RequireEqual(ctx, "DCONF_PROFILE=gdm dconf read /org/gnome/login-screen/banner-message-enable", "true"); err != nil {
+		return err
+	}
+	if err := client.RequireEqual(ctx, "DCONF_PROFILE=gdm dconf read /org/gnome/login-screen/banner-message-text", "'Sample banner text'"); err != nil {
+		return err
+	}
+
+	// Pro policies should not be applied yet
+	if err := client.RequireEqual(ctx, "gsettings get org.gnome.system.proxy.ftp host", "''"); err != nil {
+		return err
+	}
+
+	// Assert user GPO policies were applied
+	client, err = remote.NewClient(cmd.Inventory.IP, fmt.Sprintf("%s-usr@warthogs.biz", cmd.Inventory.Hostname), remote.DomainUserPassword)
+	if err != nil {
+		return fmt.Errorf("failed to connect to VM: %w", err)
+	}
+	if err := client.RequireEqual(ctx, "dconf read /org/gnome/desktop/background/picture-uri", ""); err != nil {
+		return err
+	}
+
+	expectedPictureURIDark := "'file:///usr/share/backgrounds/warty-final-ubuntu.png'"
+	if cmd.Inventory.Codename == "jammy" {
+		expectedPictureURIDark = "'file:///usr/share/backgrounds/ubuntu-default-greyscale-wallpaper.png'"
+	}
+	if err := client.RequireEqual(ctx, "dconf read /org/gnome/desktop/background/picture-uri-dark", expectedPictureURIDark); err != nil {
+		return err
+	}
+	if err := client.RequireEqual(ctx, "dconf read /org/gnome/shell/favorite-apps", "['firefox.desktop', 'thunderbird.desktop', 'org.gnome.Nautilus.desktop']"); err != nil {
+		return err
+	}
+
+	// Assert admin GPO policies were applied
+	client, err = remote.NewClient(cmd.Inventory.IP, fmt.Sprintf("%s-adm@warthogs.biz", cmd.Inventory.Hostname), remote.DomainUserPassword)
+	if err != nil {
+		return fmt.Errorf("failed to connect to VM: %w", err)
+	}
+	if err := client.RequireEqual(ctx, "dconf read /org/gnome/shell/favorite-apps", "['rhythmbox.desktop']"); err != nil {
+		return err
+	}
+
+	return nil
+}