Skip to content

Commit

Permalink
Set test secret
Browse files Browse the repository at this point in the history
  • Loading branch information
RebeccaMahany committed Jan 18, 2024
1 parent 01d242d commit 6d09674
Show file tree
Hide file tree
Showing 4 changed files with 82 additions and 27 deletions.
15 changes: 13 additions & 2 deletions .github/workflows/validate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,17 @@ jobs:
- name: build
run: NIXPKGS_ALLOW_UNFREE=1 nix build --impure

- name: set up test secret
run: |
mv ./tests/test-secret ./tests/test-secret.bak
echo -n "${{ secrets.NABALU_ENROLL_SECRET }}" | tee ./tests/test-secret
- name: check flake (runs tests)
run: NIXPKGS_ALLOW_UNFREE=1 nix flake check --impure --log-format internal-json
timeout-minutes: 15

env:
CI: "true"

- name: get test derivation path
id: test-derivation
if: always()
Expand All @@ -40,7 +47,7 @@ jobs:
if: always()
with:
name: test-screenshot
path: ${{ steps.test-derivation.outputs.drvpath }}/test.png
path: ${{ steps.test-derivation.outputs.drvpath }}/test-*.png
retention-days: 1

- name: show flake output attributes
Expand All @@ -54,3 +61,7 @@ jobs:

- name: osqueryd version
run: ./result/bin/osqueryd --version

- name: clean up after tests
if: always()
run: mv ./tests/test-secret.bak ./tests/test-secret
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,4 +80,4 @@ Then start the `kolide-launcher.service` service.

[NixOS tests](https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests)
live in the [./tests](./tests) directory and are included via flake checks.
They are able to be run via the `nix flake check` command.
They are currently intended to run in CI only.
91 changes: 67 additions & 24 deletions tests/kolide-launcher.nix
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,26 @@ pkgs.nixosTest {

services.xserver.enable = true;
services.xserver.displayManager = {
lightdm.enable = true;
gdm.enable = true;
gdm.debug = true;
autoLogin = {
enable = true;
user = "alice";
};
};
services.xserver.desktopManager.mate.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services.xserver.desktopManager.gnome.debug = true;

systemd.user.services = {
"org.gnome.Shell@wayland" = {
serviceConfig = {
ExecStart = [
""
"${pkgs.gnome.gnome-shell}/bin/gnome-shell --unsafe-mode"
];
};
};
};

# This just quiets some log spam we don't care about
hardware.pulseaudio.enable = true;
Expand All @@ -40,40 +53,70 @@ pkgs.nixosTest {
system.stateVersion = "23.05";
};

enableOCR = true;

testScript = { nodes, ... }:
let
user = nodes.machine.users.users.alice;
user = nodes.machine.config.users.users.alice;
uid = toString user.uid;
bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${uid}/bus";
gdbus = "${bus} gdbus";
su = command: "su - ${user.name} -c '${command}'";
eval = "call --session -d org.gnome.Shell -o /org/gnome/Shell -m org.gnome.Shell.Eval";
startingUp = su "${gdbus} ${eval} Main.layoutManager._startingUp";
launchConsole = su "${bus} gapplication launch org.gnome.Console";
wmClass = su "${gdbus} ${eval} global.display.focus_window.wm_class";
in
''
machine.start()
# TODO: currently launcher will shut itself down if its secret file doesn't exist,
# so we don't get all the way through setup and launcher doesn't stay running.
# In the future, we'll want to validate setup and that the service is running.
with subtest("Login to GNOME with GDM"):
machine.wait_for_unit("display-manager.service")
machine.wait_for_file("/run/user/${uid}/wayland-0")
machine.wait_for_unit("default.target", "${user.name}")
assert "alice" in machine.succeed("getfacl -p /dev/snd/timer")
with subtest("kolide-launcher service starts"):
machine.wait_for_unit("kolide-launcher.service")
machine.sleep(10)
machine.systemctl("stop kolide-launcher.service")
with subtest("Wait for GNOME Shell"):
machine.wait_until_succeeds(
"${startingUp} | grep -q 'true,..false'"
)
with subtest("launcher set up correctly"):
with subtest("Open Console"):
machine.send_key("esc")
machine.succeed(
"${launchConsole}"
)
machine.wait_until_succeeds(
"${wmClass} | grep -q 'true,...org.gnome.Console'"
)
machine.sleep(20)
machine.screenshot("test-screen4.png")
with subtest("enable appindicator extension"):
machine.succeed("${su "gnome-extensions enable [email protected]"}")
machine.screenshot("test-screen5.png")
with subtest("set up secret file"):
machine.copy_from_host("${./test-secret}", "/etc/kolide-k2/secret")
with subtest("launcher service runs and is set up correctly"):
machine.systemctl("stop kolide-launcher.service")
machine.systemctl("start kolide-launcher.service")
machine.wait_for_unit("kolide-launcher.service", timeout=120)
machine.wait_for_file("/var/kolide-k2/k2device.kolide.com/debug.json")
machine.sleep(60)
machine.screenshot("test-screen7.png")
machine.wait_until_succeeds("pgrep osqueryd", timeout=30)
with subtest("get a screenshot"):
machine.wait_for_unit("display-manager.service")
with subtest("launcher desktop runs"):
machine.wait_for_file("/var/kolide-k2/k2device.kolide.com/kolide.png")
machine.wait_for_file("/var/kolide-k2/k2device.kolide.com/menu.json")
machine.screenshot("test-screen8.png")
machine.wait_for_file("${user.home}/.Xauthority")
machine.succeed("xauth merge ${user.home}/.Xauthority")
# print(machine.get_screen_text())
machine.wait_until_succeeds("pgrep marco")
machine.wait_for_window("marco")
machine.wait_until_succeeds("pgrep mate-panel")
machine.wait_for_window("Top Panel")
machine.wait_for_window("Bottom Panel")
machine.wait_until_succeeds("pgrep caja")
machine.wait_for_window("Caja")
machine.sleep(20)
machine.screenshot("test.png")
# machine.wait_until_succeeds("pgrep -U ${uid} launcher")
# machine.screenshot("test-screen9.png")
machine.shutdown()
'';
Expand Down
1 change: 1 addition & 0 deletions tests/test-secret
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
test-secret

0 comments on commit 6d09674

Please sign in to comment.