/
attach_validtoken.feature
399 lines (384 loc) · 15.9 KB
/
attach_validtoken.feature
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
@uses.config.contract_token
Feature: Command behaviour when attaching a machine to an Ubuntu Pro
subscription using a valid token
@series.kinetic
@series.lunar
@uses.config.machine_type.lxd-container
Scenario Outline: Attached command in a non-lts ubuntu machine
Given a `<release>` machine with ubuntu-advantage-tools installed
When I attach `contract_token` with sudo
And I run `pro status` as non-root
Then stdout matches regexp:
"""
No Ubuntu Pro services are available to this system.
"""
And stdout matches regexp:
"""
For a list of all Ubuntu Pro services, run 'pro status --all'
"""
When I run `pro status --all` as non-root
Then stdout matches regexp:
"""
SERVICE +ENTITLED STATUS DESCRIPTION
cc-eal +yes +n/a +Common Criteria EAL2 Provisioning Packages
cis +yes +n/a +Security compliance and audit tools
esm-apps +yes +n/a +Expanded Security Maintenance for Applications
esm-infra +yes +n/a +Expanded Security Maintenance for Infrastructure
fips +yes +n/a +NIST-certified core packages
fips-updates +yes +n/a +NIST-certified core packages with priority security updates
livepatch +yes +n/a +Canonical Livepatch service
"""
And stdout does not match regexp:
"""
For a list of all Ubuntu Pro services, run 'pro status --all'
"""
Examples: ubuntu release
| release |
| kinetic |
| lunar |
@series.lts
@uses.config.machine_type.lxd-container
Scenario Outline: Attach command in a ubuntu lxd container
Given a `<release>` machine with ubuntu-advantage-tools installed
When I run `apt-get update` with sudo, retrying exit [100]
And I run `apt install update-motd` with sudo, retrying exit [100]
And I run `DEBIAN_FRONTEND=noninteractive apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y <downrev_pkg>` with sudo, retrying exit [100]
And I run `pro refresh messages` with sudo
Then stdout matches regexp:
"""
Successfully updated Ubuntu Pro related APT and MOTD messages.
"""
When I run `update-motd` with sudo
Then if `<release>` in `xenial` and stdout matches regexp:
"""
\d+ update(s)? can be applied immediately.
\d+ of these updates (is a|are) standard security update(s)?.
"""
Then if `<release>` in `bionic` and stdout matches regexp:
"""
\d+ update(s)? can be applied immediately.
\d+ of these updates (is a|are) standard security update(s)?.
"""
Then if `<release>` in `focal` and stdout matches regexp:
"""
\d+ update(s)? can be applied immediately.
"""
When I attach `contract_token` with sudo
Then stdout matches regexp:
"""
Ubuntu Pro: ESM Infra enabled
"""
And stdout matches regexp:
"""
This machine is now attached to
"""
And stdout matches regexp:
"""
esm-apps +yes +enabled +Expanded Security Maintenance for Applications
esm-infra +yes +enabled +Expanded Security Maintenance for Infrastructure
"""
And stderr matches regexp:
"""
Enabling default service esm-infra
"""
When I verify that running `pro attach contract_token` `with sudo` exits `2`
Then stderr matches regexp:
"""
This machine is already attached to '.+'
To use a different subscription first run: sudo pro detach.
"""
Examples: ubuntu release packages
| release | downrev_pkg | cc_status | cis_or_usg | cis | fips | livepatch_desc |
| xenial | libkrad0=1.13.2+dfsg-5 | disabled | cis | disabled | disabled | Canonical Livepatch service |
| bionic | libkrad0=1.16-2build1 | disabled | cis | disabled | disabled | Canonical Livepatch service |
| focal | hello=2.10-2ubuntu2 | n/a | usg | disabled | disabled | Canonical Livepatch service |
| jammy | hello=2.10-2ubuntu4 | n/a | usg | n/a | n/a | Canonical Livepatch service |
@series.lts
@uses.config.machine_type.lxd-container
Scenario Outline: Attach command with attach config
Given a `<release>` machine with ubuntu-advantage-tools installed
# simplest happy path
When I create the file `/tmp/attach.yaml` with the following
"""
token: <contract_token>
"""
When I replace `<contract_token>` in `/tmp/attach.yaml` with token `contract_token`
When I run `pro attach --attach-config /tmp/attach.yaml` with sudo
Then stdout matches regexp:
"""
esm-apps +yes +enabled
"""
And stdout matches regexp:
"""
esm-infra +yes +enabled
"""
And stdout matches regexp:
"""
<cis_or_usg> +yes +disabled
"""
When I run `pro detach --assume-yes` with sudo
# don't allow both token on cli and config
Then I verify that running `pro attach TOKEN --attach-config /tmp/attach.yaml` `with sudo` exits `1`
Then stderr matches regexp:
"""
Do not pass the TOKEN arg if you are using --attach-config.
Include the token in the attach-config file instead.
"""
# happy path with service overrides
When I create the file `/tmp/attach.yaml` with the following
"""
token: <contract_token>
enable_services:
- esm-apps
- <cis_or_usg>
"""
When I replace `<contract_token>` in `/tmp/attach.yaml` with token `contract_token`
When I run `pro attach --attach-config /tmp/attach.yaml` with sudo
Then stdout matches regexp:
"""
esm-apps +yes +enabled
"""
And stdout matches regexp:
"""
esm-infra +yes +disabled
"""
And stdout matches regexp:
"""
<cis_or_usg> +yes +enabled
"""
When I run `pro detach --assume-yes` with sudo
# missing token
When I create the file `/tmp/attach.yaml` with the following
"""
enable_services:
- esm-apps
- <cis_or_usg>
"""
Then I verify that running `pro attach --attach-config /tmp/attach.yaml` `with sudo` exits `1`
Then stderr matches regexp:
"""
Error while reading /tmp/attach.yaml: Got value with incorrect type for field
"token": Expected value with type StringDataValue but got type: null
"""
# other schema error
When I create the file `/tmp/attach.yaml` with the following
"""
token: <contract_token>
enable_services: {cis: true}
"""
When I replace `<contract_token>` in `/tmp/attach.yaml` with token `contract_token`
Then I verify that running `pro attach --attach-config /tmp/attach.yaml` `with sudo` exits `1`
Then stderr matches regexp:
"""
Error while reading /tmp/attach.yaml: Got value with incorrect type for field
"enable_services": Expected value with type list but got type: dict
"""
# invalid service name
When I create the file `/tmp/attach.yaml` with the following
"""
token: <contract_token>
enable_services:
- esm-apps
- nonexistent
- nonexistent2
"""
When I replace `<contract_token>` in `/tmp/attach.yaml` with token `contract_token`
Then I verify that running `pro attach --attach-config /tmp/attach.yaml` `with sudo` exits `1`
Then stdout matches regexp:
"""
esm-apps +yes +enabled
"""
And stdout matches regexp:
"""
esm-infra +yes +disabled
"""
Then stderr matches regexp:
"""
Cannot enable unknown service 'nonexistent, nonexistent2'.
"""
Examples: ubuntu
| release | cis_or_usg |
| xenial | cis |
| bionic | cis |
| focal | usg |
@series.all
@uses.config.machine_type.aws.generic
Scenario Outline: Attach command in an generic AWS Ubuntu VM
Given a `<release>` machine with ubuntu-advantage-tools installed
When I set the machine token overlay to the following yaml
"""
machineTokenInfo:
contractInfo:
resourceEntitlements:
- type: esm-apps
entitled: false
"""
And I attach `contract_token` with sudo
Then stdout matches regexp:
"""
Ubuntu Pro: ESM Infra enabled
"""
And stdout matches regexp:
"""
This machine is now attached to
"""
And stdout matches regexp:
"""
esm-infra +yes +enabled +Expanded Security Maintenance for Infrastructure
"""
And stderr matches regexp:
"""
Enabling default service esm-infra
"""
Examples: ubuntu release livepatch status
| release | fips_status |lp_status | lp_desc | cc_status | cis_or_usg | cis_status |
| xenial | disabled |enabled | Canonical Livepatch service | disabled | cis | disabled |
| bionic | disabled |enabled | Canonical Livepatch service | disabled | cis | disabled |
| focal | disabled |enabled | Canonical Livepatch service | n/a | usg | disabled |
| jammy | n/a |enabled | Canonical Livepatch service | n/a | usg | n/a |
@series.all
@uses.config.machine_type.azure.generic
Scenario Outline: Attach command in an generic Azure Ubuntu VM
Given a `<release>` machine with ubuntu-advantage-tools installed
When I set the machine token overlay to the following yaml
"""
machineTokenInfo:
contractInfo:
resourceEntitlements:
- type: esm-apps
entitled: false
"""
And I attach `contract_token` with sudo
Then stdout matches regexp:
"""
Ubuntu Pro: ESM Infra enabled
"""
And stdout matches regexp:
"""
This machine is now attached to
"""
And stdout matches regexp:
"""
esm-infra +yes +enabled +Expanded Security Maintenance for Infrastructure
"""
And stderr matches regexp:
"""
Enabling default service esm-infra
"""
Examples: ubuntu release livepatch status
| release | lp_status | fips_status | cc_status | cis_or_usg | cis_status |
| xenial | enabled | disabled | disabled | cis | disabled |
| bionic | enabled | disabled | disabled | cis | disabled |
| focal | enabled | disabled | n/a | usg | disabled |
| jammy | enabled | n/a | n/a | usg | n/a |
@series.all
@uses.config.machine_type.gcp.generic
Scenario Outline: Attach command in an generic GCP Ubuntu VM
Given a `<release>` machine with ubuntu-advantage-tools installed
When I set the machine token overlay to the following yaml
"""
machineTokenInfo:
contractInfo:
resourceEntitlements:
- type: esm-apps
entitled: false
"""
And I attach `contract_token` with sudo
Then stdout matches regexp:
"""
Ubuntu Pro: ESM Infra enabled
"""
And stdout matches regexp:
"""
This machine is now attached to
"""
And stdout matches regexp:
"""
esm-infra +yes +enabled +Expanded Security Maintenance for Infrastructure
"""
And stderr matches regexp:
"""
Enabling default service esm-infra
"""
Examples: ubuntu release livepatch status
| release | lp_status | fips_status | cc_status | cis_or_usg | cis_status |
| xenial | n/a | n/a | disabled | cis | disabled |
| bionic | enabled | disabled | disabled | cis | disabled |
| focal | enabled | disabled | n/a | usg | disabled |
| jammy | enabled | n/a | n/a | usg | n/a |
@series.all
@uses.config.machine_type.lxd-container
Scenario Outline: Attach command with json output
Given a `<release>` machine with ubuntu-advantage-tools installed
When I verify that running attach `as non-root` with json response exits `1`
Then I will see the following on stdout:
"""
{"_schema_version": "0.1", "errors": [{"message": "This command must be run as root (try using sudo).", "message_code": "nonroot-user", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []}
"""
When I verify that running attach `with sudo` with json response exits `0`
Then I will see the following on stdout:
"""
{"_schema_version": "0.1", "errors": [], "failed_services": [], "needs_reboot": false, "processed_services": ["esm-apps", "esm-infra"], "result": "success", "warnings": []}
"""
When I run `pro status` with sudo
Then stdout matches regexp:
"""
esm-apps +yes +enabled +Expanded Security Maintenance for Applications
esm-infra +yes +enabled +Expanded Security Maintenance for Infrastructure
"""
Examples: ubuntu release
| release | cc-eal |
| xenial | disabled |
| bionic | disabled |
| focal | n/a |
| jammy | n/a |
@series.all
@uses.config.machine_type.lxd-container
Scenario Outline: Attach and Check for contract change in status checking
Given a `<release>` machine with ubuntu-advantage-tools installed
When I attach `contract_token` with sudo
Then stdout matches regexp:
"""
Ubuntu Pro: ESM Infra enabled
"""
And stdout matches regexp:
"""
This machine is now attached to
"""
And stdout matches regexp:
"""
esm-infra +yes +enabled +Expanded Security Maintenance for Infrastructure
"""
When I set the machine token overlay to the following yaml
"""
machineTokenInfo:
contractInfo:
effectiveTo: 2000-01-02T03:04:05Z
"""
And I delete the file `/var/lib/ubuntu-advantage/jobs-status.json`
And I run `python3 /usr/lib/ubuntu-advantage/timer.py` with sudo
And I run `pro status` with sudo
Then stdout matches regexp:
"""
A change has been detected in your contract.
Please run `sudo pro refresh`.
"""
When I run `pro refresh contract` with sudo
Then stdout matches regexp:
"""
Successfully refreshed your subscription.
"""
# remove machine token overlay
When I change config key `features` to use value `{}`
And I run `pro status` with sudo
Then stdout does not match regexp:
"""
A change has been detected in your contract.
Please run `sudo pro refresh`.
"""
Examples: ubuntu release livepatch status
| release |
# removing until we add this feature back in a way that doesn't hammer the server
#| xenial |
#| bionic |
#| focal |