Adds config tests for Qubes sys-* VMs

Most of the config tests to date, reasonably, target the SDW-managed VMs. As we attempt to ensure up-to-date components across the board, we must also ensure that Qubes-provided VM configures are updated. These include: * sys-usb * sys-net * sys-firewall * sys-whonix If we check those VMs to match our expected definition of "up-to-date" templates, then we should have rather solid coverage. It's not as complete as testing for e.g. "any fedora-based VM should be based on the latest fedora template". Ideally we'll get to that point, but for now, that could report failures of components unrelated to the SDW config.
freedomofpress · Dec 6, 2019 · d1fad9c · d1fad9c
1 parent 6e7dbfe
commit d1fad9c
Showing 1 changed file with 51 additions and 0 deletions.
diff --git a/tests/test_qubes_vms.py b/tests/test_qubes_vms.py
@@ -0,0 +1,51 @@
+import unittest
+
+from qubesadmin import Qubes
+
+
+CURRENT_FEDORA_VERSION = "30"
+CURRENT_WHONIX_VERSION = "15"
+
+class SD_Qubes_VM_Tests(unittest.TestCase):
+    """
+    Ensures that the upstream, Qubes-maintained VMs are
+    sufficiently up to date.
+    """
+
+    def setUp(self):
+        self.app = Qubes()
+
+    def tearDown(self):
+        pass
+
+    def test_current_fedora_for_sys_vms(self):
+        """
+        Checks that all sys-* VMs are configured to use
+        an up-to-date version of Fedora.
+        """
+        sys_vms = [
+            "sys-firewall",
+            "sys-net",
+            "sys-usb",
+        ]
+        for sys_vm in sys_vms:
+            vm = self.app.domains[sys_vm]
+            self.assertTrue(vm.template.name == "fedora-"+CURRENT_FEDORA_VERSION)
+
+    def test_current_whonix_vms(self):
+        """
+        Checks that the Qubes-maintained Whonix tooling
+        has been updated to the most recent version.
+        """
+        whonix_vms = [
+            "sys-whonix",
+            "anon-whonix",
+        ]
+        for whonix_vm in whonix_vms:
+            vm = self.app.domains[whonix_vm]
+            self.assertTrue(vm.template.name.startswith("whonix-"))
+            self.assertTrue(vm.template.name.endswith("-"+CURRENT_WHONIX_VERSION))
+
+def load_tests(loader, tests, pattern):
+    suite = unittest.TestLoader().loadTestsFromTestCase(SD_Qubes_VM_Tests)
+    return suite