Container.READONLY: False
}
DBUS_GW_CONFIG = [{
"dbus-gateway-config-session": [{
"direction": "outgoing",
"interface": "*",
"object-path": "*",
"method": "*"
}],
"dbus-gateway-config-system": []
}]
""" Cap with the purpose of just providing a valid cap """
# TODO: Using this cap should actually fail when we get the error handling correct,
# see reported issue
test_cap = Capability("test.cap", [{"id": "test", "config": []}])
""" A valid dbus GW cap to test e.g. listing of available caps """
test_cap_dbus = Capability("test.cap.valid-dbus", [{
"id": "dbus",
"config": DBUS_GW_CONFIG
}])
test_cap_broken = Capability("test.cap.broken-gw-config",
[{
"id": "dbus",
"config": ["malformed"]
}])
manifest = StandardManifest(TESTOUTPUT_DIR, "caps-test-manifest.json",
[test_cap, test_cap_dbus, test_cap_broken])
""" Sample env gateway config, used for default capabilities """
GW_CONFIG_APPEND = [{
"name": "LD_LIBRARY_PATH",
"value": "/another/path",
"mode": "append",
"separator": ":"
}]
GW_CONFIG_PREPEND = [{
"name": "LD_LIBRARY_PATH",
"value": "/another/path",
"mode": "prepend",
"separator": ":"
}]
""" Cap that appends to a non existent env variable """
test_cap_2 = Capability("environment.test.cap.2", [{
"id": "env",
"config": GW_CONFIG_APPEND
}])
""" Cap that sets one env variable """
test_cap_4 = Capability("environment.test.cap.4", [{
"id": "env",
"config": GW_CONFIG_ONE_VAR
}])
""" Cap that sets the same env variable twice """
test_cap_1 = Capability("environment.test.cap.1", [{
"id": "env",
"config": GW_CONFIG_ONE_VAR
}, {
"id": "env",
"config": GW_CONFIG_SAME_VAR
}])
""" Cap that sets two env variables """
"setting": "cpu.shares",
"value": CPU_SHARES_LOW_VALUE
}]
CPU_SHARES_WHITELISTING_VALUE = "750"
CONFIG_CPU_SHARES_WHITELISTING = [{
"setting": "cpu.shares",
"value": "250"
}, {
"setting": "cpu.shares",
"value": CPU_SHARES_WHITELISTING_VALUE
}]
cap_0 = Capability("test.cap.small.threshold",
[{
"id": "cgroups",
"config": CONFIG_TEST_MEMORY_SMALL_THRESHOLD
}])
cap_1 = Capability("test.cap.memory.share", [{
"id": "cgroups",
"config": CONFIG_TEST_MEMORY_SHARE
}])
cap_2 = Capability("test.cap.memory.whitelist",
[{
"id": "cgroups",
"config": CONFIG_TEST_MEMORY_WHITELISTING
}])
cap_3 = Capability("test.cap.netcls", [{
# This function is used by the testframework 'testhelper' fixture to know where the
# testhelper should be made available when running the tests
def mounted_path_in_host():
return CURRENT_DIR
#
# Gateway config and capability + service manifest for enabling core dumps
#
FILE_CONFIG = [{
"path-host": coredump_path(),
"path-container": coredump_path(),
"read-only": False
}]
default_cap = Capability("test.cap.default.coredump", [{
"id": "file",
"config": FILE_CONFIG
}])
default_manifest = DefaultManifest(TESTOUTPUT_DIR, "default-caps.json",
[default_cap])
def service_manifests():
""" The agent fixture calls this function when it creates the service manifests
that should be used with this test module. The agent fixture expects a list
of StandardManifest and/or DefaultManifest objects.
"""
return [default_manifest]
@pytest.fixture
def create_coredump_dir(scope="module"):
GW_CONFIG_SAME_DEV_0 = [{"name": "/dev/input/mouse0", "mode": 644}]
GW_CONFIG_SAME_DEV_1 = [{"name": "/dev/input/mouse0", "mode": 754}]
GW_CONFIG_NEW_DEV_0 = [{"name": "/dev/tty0", "mode": 644}]
GW_CONFIG_NEW_DEV_1 = [{"name": "/dev/tty1", "mode": 755}]
GW_CONFIG_SAME_DEV_SAME_MODE = [{"name": "/dev/tty0", "mode": 644}]
""" Following capabilities are fed to DynamicConfiguration tests to examine the case
when new mode is configured for same device.
"""
test_cap_0 = Capability("double.activation.same.device.0.cap",
[{
"id": "devicenode",
"config": GW_CONFIG_SAME_DEV_0
}])
test_cap_1 = Capability("double.activation.same.device.1.cap",
[{
"id": "devicenode",
"config": GW_CONFIG_SAME_DEV_1
}])
""" Following capabilities are fed to DynamicConfiguration tests to examine the case
when a new device is added to configuration
"""
test_cap_2 = Capability("double.activation.new.device.0.cap",
[{
"id": "devicenode",
"config": GW_CONFIG_NEW_DEV_0
def logfile_path():
return CURRENT_DIR + "/test.log"
GW_CONFIG = [{
"dbus-gateway-config-session": [{
"direction": "*",
"interface": "*",
"object-path": "*",
"method": "*"
}],
"dbus-gateway-config-system": []
}]
test_cap = Capability("test.cap.profiling", [{
"id": "dbus",
"config": GW_CONFIG
}])
manifest = StandardManifest(TESTOUTPUT_DIR, "profiling-test-manifest.json",
[test_cap])
def service_manifests():
""" The agent fixture calls this function when it creates the service manifests
that should be used with this test module. The agent fixture expects a list
of StandardManifest and/or DefaultManifest objects.
"""
return [manifest]
def run_test(num_starts=3):
"direction":
"OUTGOING",
"allow": [{
"host": "iana.org",
"protocols": "icmp"
}]
}, {
"direction":
"INCOMING",
"allow": [{
"host": "iana.org",
"protocols": "icmp"
}]
}]
""" An empty network GW config """
test_cap_1 = Capability("test.cap.empty", [{"id": "network", "config": []}])
test_cap_2 = Capability("test.cap.policy-drop",
[{
"id": "network",
"config": GW_CONFIG_POLICY_DROP
}])
test_cap_3 = Capability("test.cap.policy-accept-ping",
[{
"id": "network",
"config": GW_CONFIG_POLICY_ACCEPT_PING
}])
test_cap_4 = Capability("test.cap.accept-example-com",
[{
}],
"dbus-gateway-config-system": []
}]
GW_CONFIG_ALLOW_PING = [{
"dbus-gateway-config-session": [{
"direction": "outgoing",
"interface": "*",
"object-path": "*",
"method": ["Ping", "Introspect"]
}],
"dbus-gateway-config-system": []
}]
""" Cap with only GW_CONFIG"""
test_cap_1 = Capability("test.cap.gwconfig", [{
"id": "dbus",
"config": GW_CONFIG
}])
""" Cap with only WL_CONFIG """
test_cap_2 = Capability("test.cap.wlconfig", [{
"id": "dbus",
"config": WL_CONFIG
}])
""" Cap with only GW_CONFIG_DENY_ALL """
test_cap_deny_all = Capability("test.cap.denyall",
[{
"id": "dbus",
"config": GW_CONFIG_DENY_ALL
}])
""" Cap with only GW_CONFIG_ALLOW_PING """
test_cap_allow_ping = Capability("test.cap.allowping",
[{
# This function is used by the 'agent' fixture to know where the log should be stored
def logfile_path():
return TESTOUTPUT_DIR + "/test.log"
# These default values are used to pass various test specific values and
# configurations to the Container helper. Tests that need to add, remove or
# update entries can simply base their dict on this one for convenience.
DATA = {
Container.CONFIG: '[{"enableWriteBuffer": false}]',
Container.BIND_MOUNT_DIR: "/gateways/app",
Container.HOST_PATH: CURRENT_DIR,
Container.READONLY: False
}
""" An empty capability for the service manifest """
test_cap = Capability("test.cap.valid-dbus", [])
manifest = StandardManifest(TESTOUTPUT_DIR, "queries-test-manifest.json",
[test_cap])
def service_manifests():
""" The agent fixture calls this function when it creates the service manifests
that should be used with this test module. The agent fixture expects a list
of StandardManifest and/or DefaultManifest objects.
"""
return [manifest]
# This function is used by the testframework 'testhelper' fixture to know where the
# testhelper should be made available when running the tests
}],
"dbus-gateway-config-system": []
}]
WL_CONFIG = [{
"dbus-gateway-config-session": [{
"direction": "*",
"interface": "*",
"object-path": "*",
"method": "*"
}],
"dbus-gateway-config-system": []
}]
""" Cap with only GW_CONFIG"""
test_cap_1 = Capability("test.cap.gwconfig", [{
"id": "dbus",
"config": GW_CONFIG
}])
""" Cap with only WL_CONFIG """
test_cap_2 = Capability("test.cap.wlconfig", [{
"id": "dbus",
"config": WL_CONFIG
}])
manifest = StandardManifest(TESTOUTPUT_DIR, "dbus-test-manifest.json",
[test_cap_1, test_cap_2])
def service_manifests():
""" The agent fixture calls this function when it creates the service manifests
that should be used with this test module. The agent fixture expects a list
of StandardManifest and/or DefaultManifest objects.