saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 17:50:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Added tests to excerise changes for efi-secure-boot grain

Browse source
This commit is contained in:
David Murphy 2024-10-14 15:28:35 -06:00 committed by Daniel Wozniak
parent effada446c
commit 1b680c6f13
2 changed files with 129 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
tests/pytests/functional/grains/test_secure_boot.py
View file

@ -1,51 +0,0 @@
"""
:codeauthor: :email:`David Murphy <david-dm.murphy@broadcom.com`
"""
## import logging
import os
import tempfile
import pytest
import salt.utils.files
import salt.utils.path
from tests.support.mock import patch
pytestmark = [
pytest.mark.skip_unless_on_linux(reason="Only supported on Linux family"),
]
## log = logging.getLogger(__name__)
def test_secure_boot_efivars():
_salt_utils_files_fopen = salt.utils.files.fopen
with tempfile.TemporaryDirectory() as tempdir:
secure_boot_path = os.path.join(tempdir, "secure-boot/efivars")
print(
f"DGM test_secure_boot_efivars, secure_boot_path '{secure_boot_path}'",
flush=True,
)
with _salt_utils_files_fopen(
os.path.join(secure_boot_path, "/SecureBoot-dog", "wb+")
) as fd:
binary_data = b"\x06\x00\x00\x00\x01"
fd.write(binary_data)
secure_boot_path_file = os.path.join(secure_boot_path, "/SecureBoot-dog")
print(
f"DGM test_secure_boot_efivars secure_boot_path file '{secure_boot_path_file}'",
flush=True,
)
with patch("salt.grains.extra.get_secure_boot_path", return_value=secure_boot_path):
grains = salt.grains.extra.uefi()
print(f"DGM test_secure_boot_efivars grains '{grains}'", flush=True)
expected = {"efi": True, "efi-secure-boot": True}
assert grains == expected

129
tests/pytests/unit/grains/test_secure_boot.py Normal file
View file

@ -0,0 +1,129 @@
"""
:codeauthor: :email:`David Murphy <david-dm.murphy@broadcom.com`
"""
import shutil
import pytest
import salt.grains.extra
from tests.support.mock import patch
pytestmark = [
pytest.mark.skip_unless_on_linux(reason="Only supported on Linux family"),
]
@pytest.mark.parametrize(
"setting_secure, extra_file, expected_enabled",
(
(True, False, True),
(True, True, False),
(False, False, False),
(False, True, False),
),
)
def test_secure_boot_efivars(tmp_path, setting_secure, extra_file, expected_enabled):
secure_boot_path = tmp_path / "secure-boot"
secure_boot_path_vars = secure_boot_path / "efivars"
secure_boot_path_vars.mkdir(parents=True, exist_ok=True)
secure_boot_filepath = secure_boot_path_vars / "SecureBoot-dog"
if setting_secure:
secure_boot_filepath.write_bytes(b"\x06\x00\x00\x00\x01")
else:
secure_boot_filepath.write_bytes(b"\x06\x00\x00\x00\x00")
if extra_file:
secure_boot_filepath2 = secure_boot_path_vars / "SecureBoot-kat"
if setting_secure:
secure_boot_filepath2.write_bytes(b"\x06\x00\x00\x00\x01")
else:
secure_boot_filepath2.write_bytes(b"\x06\x00\x00\x00\x00")
with patch(
"salt.grains.extra.get_secure_boot_path", return_value=secure_boot_path_vars
):
grains = salt.grains.extra.uefi()
expected = {"efi": True, "efi-secure-boot": expected_enabled}
assert grains == expected
shutil.rmtree(secure_boot_path)
@pytest.mark.parametrize(
"setting_secure, extra_file, expected_enabled",
(
(True, False, True),
(True, True, False),
(False, False, False),
(False, True, False),
),
)
def test_secure_boot_vars(tmp_path, setting_secure, extra_file, expected_enabled):
secure_boot_path = tmp_path / "secure-boot"
secure_boot_path_vars = secure_boot_path / "vars" / "SecureBoot-dog"
secure_boot_path_vars1 = secure_boot_path_vars / "SecureBoot-dog"
secure_boot_path_vars1.mkdir(parents=True, exist_ok=True)
secure_boot_filepath = secure_boot_path_vars1 / "data"
if setting_secure:
secure_boot_filepath.write_bytes(b"\x06\x00\x00\x00\x01")
else:
secure_boot_filepath.write_bytes(b"\x06\x00\x00\x00\x00")
if extra_file:
secure_boot_path_vars2 = secure_boot_path_vars / "SecureBoot-kat"
secure_boot_path_vars2.mkdir(parents=True, exist_ok=True)
secure_boot_filepath2 = secure_boot_path_vars2 / "data"
if setting_secure:
secure_boot_filepath2.write_bytes(b"\x06\x00\x00\x00\x01")
else:
secure_boot_filepath2.write_bytes(b"\x06\x00\x00\x00\x00")
with patch(
"salt.grains.extra.get_secure_boot_path", return_value=secure_boot_path_vars
):
grains = salt.grains.extra.uefi()
expected = {"efi": True, "efi-secure-boot": expected_enabled}
assert grains == expected
shutil.rmtree(secure_boot_path)
@pytest.mark.parametrize(
"setting_secure, expected_enabled",
(
(True, True),
(False, False),
(False, False),
(False, False),
),
)
def test_secure_boot_efivars_and_vars(tmp_path, setting_secure, expected_enabled):
secure_boot_path = tmp_path / "secure-boot"
secure_boot_path_vars = secure_boot_path / "efivars"
secure_boot_path_vars.mkdir(parents=True, exist_ok=True)
secure_boot_filepath = secure_boot_path_vars / "SecureBoot-dog"
secure_boot_path_vars2 = secure_boot_path / "vars" / "SecureBoot-kat"
secure_boot_path_vars2.mkdir(parents=True, exist_ok=True)
secure_boot_filepath2 = secure_boot_path_vars2 / "data"
if setting_secure:
# efivars True, vars / data False
secure_boot_filepath.write_bytes(b"\x06\x00\x00\x00\x01")
secure_boot_filepath2.write_bytes(b"\x06\x00\x00\x00\x00")
else:
# efivars false, vars / data True
secure_boot_filepath.write_bytes(b"\x06\x00\x00\x00\x00")
secure_boot_filepath2.write_bytes(b"\x06\x00\x00\x00\x01")
with patch(
"salt.grains.extra.get_secure_boot_path", return_value=secure_boot_path_vars
):
grains = salt.grains.extra.uefi()
expected = {"efi": True, "efi-secure-boot": expected_enabled}
assert grains == expected
shutil.rmtree(secure_boot_path)