Process files in tests/shared by Jinja #12867
Conversation
After this change, the keys in other_content will be allowed to be not only file names but also they can be relative file paths, including directories. In other words, the other_content will be able to supply content also in directories and subdirectories. The directory structure will be preserved in the tarball.
The files located in `tests/shared` will not be copied directly to the tarball to be uploaded. Instead, before copying them, Jinja variables will be substituted in them. This change will allow us to use conditions and product properties and other Jinja code in files in the `tests/shared` directory.
The `is_rule_dir` function is a part of `ssg.rules` module, it doesn't need to be transitively imported through `ssg_test_suite.common`, but it can be imported directly. Also, remove unused imports.
Ensure newline at the end of the file because process_file_with_macros strips it off. This leads to unexpected scenarios fails if files copied are concatenated together, for example: linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/tests/ordered_by_filter.pass.sh
jan-cerny
added
Test Suite
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
/packit retest-failed |
|
I've found out that there was a problem with the detection of the augenrules in These binaries are owned by: Excerpt of The following change should fix the issue: - <ind:pattern operation="pattern match">^ExecStart=\/sbin\/augenrules.*$</ind:pattern>
+ <ind:pattern operation="pattern match">^ExecStart=(\/usr|)?\/sbin\/augenrules.*$</ind:pattern> |
RHEL10 /usr/lib/systemd/system/audit-rules.service content now has the following: ExecStart=/usr/sbin/augenrules --load So the regex had to be updated to accept /usr but also /sbin in case the other binary is used which should be still acceptable.
|
With 0337848 I now get the following from automatus: |
|
@jan-cerny: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Interesting. I have a newer one in my automatus machine: |
|
Code Climate has analyzed commit 0337848 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 61.9% (0.0% change). View more on Code Climate. |
|
With my audit-rules version and with your changes it passes as well: |
And what are the contents of: Because if the addition of |
|
Sorry for confusion, 4.0.3-1 is newer than 4.0-10. |
|
4.0-10 has That means we need to keep the improved regex in the PR. |
Description:
Resolve Jinja expressions in files in the
tests/shareddirectory when running Automatus tests. The files will be processed with Jinja before they will be packed to a tarball and sent to the testing back end.For more details, please read commit messages of every commit.
Rationale:
This change will fix some failing test scenarios in rules starting with
audit_rules_unsuccessful_file_modification, specifically:These scenarios were erroring because they use files from
tests/shared, these files contain Jinja expressions but the expansion of the Jinja expressions wasn't performed byautomatus. A specific example is that the{{{ uid_min }}}expression wasn't expanded intests/shared/audit_open_o_creat.rulesandtests/shared/audit_open_o_creat.rules.Review Hints: