Add upgrade scenario tests when FIPS is enabled

canonical · Nov 23, 2020 · 4446fd6 · 4446fd6
1 parent cc164c5
commit 4446fd6
Showing 1 changed file with 85 additions and 8 deletions.
diff --git a/features/staging_commands.feature b/features/staging_commands.feature
@@ -64,18 +64,18 @@ Feature: Enable command behaviour when attached to an UA staging subscription
         When I attach `contract_token_staging` with sudo
         And I run `ua disable livepatch` with sudo
         And I run `apt-get install openssh-client openssh-server strongswan -y` with sudo
-        When I run `ua enable fips --assume-yes --beta` with sudo
+        When I run `ua enable <fips-service> --assume-yes --beta` with sudo
         Then stdout matches regexp:
             """
             Updating package lists
-            Installing FIPS packages
-            FIPS enabled
+            Installing <fips-name> packages
+            <fips-name> enabled
             A reboot is required to complete install
             """
         When I run `ua status --all` with sudo
         Then stdout matches regexp:
             """
-            fips          yes                enabled
+            <fips-service> +yes                enabled
             """
         And I verify that running `apt update` `with sudo` exits `0`
         And I verify that running `grep Traceback /var/log/ubuntu-advantage.log` `with sudo` exits `1`
@@ -96,7 +96,7 @@ Feature: Enable command behaviour when attached to an UA staging subscription
         """
         1
         """
-        When I run `ua disable fips --assume-yes` with sudo
+        When I run `ua disable <fips-service> --assume-yes` with sudo
         Then stdout matches regexp:
             """
             Updating package lists
@@ -116,6 +116,83 @@ Feature: Enable command behaviour when attached to an UA staging subscription
         And I verify that `strongswan-hmac` installed version matches regexp `fips`
 
         Examples: ubuntu release
-           | release | fips-apt-source |
-           | xenial  | https://esm.staging.ubuntu.com/fips/ubuntu xenial/main |
-           | bionic  | https://esm.staging.ubuntu.com/fips/ubuntu bionic/main |
+           | release | fips-name    | fips-service |fips-apt-source                                                        |
+           | xenial  | FIPS         | fips         |https://esm.staging.ubuntu.com/fips/ubuntu xenial/main                 |
+           | xenial  | FIPS Updates | fips-updates |https://esm.staging.ubuntu.com/fips-updates/ubuntu xenial-updates/main |
+           | bionic  | FIPS         | fips         |https://esm.staging.ubuntu.com/fips/ubuntu bionic/main                 |
+           | bionic  | FIPS Updates | fips-updates |https://esm.staging.ubuntu.com/fips-updates/ubuntu bionic-updates/main |
+
+   @wip
+   @series.xenial
+   @uses.config.machine_type.lxd.vm
+   Scenario Outline: Attached FIPS upgrade across LTS releases
+        Given a `<release>` machine with ubuntu-advantage-tools installed
+        When I run `sudo add-apt-repository ppa:lamoura/uaclient-test -y` with sudo
+        And I run `apt-get install lsof` with sudo
+        And I run `apt-get update` with sudo
+        And I run `apt-get install ubuntu-advantage-tools -y` with sudo
+        And I run `ua version` with sudo
+        And I attach `contract_token_staging` with sudo
+        And I run `ua disable livepatch` with sudo
+        And I run `ua enable <fips-service> --assume-yes --beta` with sudo
+        Then stdout matches regexp:
+            """
+            Updating package lists
+            Installing <fips-name> packages
+            <fips-name> enabled
+            A reboot is required to complete install
+            """
+        When I run `ua status --all` with sudo
+        Then stdout matches regexp:
+            """
+            <fips-service> +yes                enabled
+            """
+        And I verify that running `apt update` `with sudo` exits `0`
+        When I reboot the `<release>` machine
+        And  I run `uname -r` as non-root
+        Then stdout matches regexp:
+            """
+            fips
+            """
+        When I run `cat /proc/sys/crypto/fips_enabled` with sudo
+        Then I will see the following on stdout:
+        """
+        1
+        """
+        When I run `apt-get dist-upgrade -y` with sudo
+        And I create the file `/etc/update-manager/release-upgrades.d/ua-test.cfg` with the following
+        """
+        [Sources]
+        AllowThirdParty=yes
+        """
+        Then I verify that running `do-release-upgrade --frontend DistUpgradeViewNonInteractive` `with sudo` exits `0`
+        When I reboot the `<release>` machine
+        And I run `lsb_release -cs` as non-root
+        Then I will see the following on stdout:
+        """
+        <next_release>
+        """
+        When I run `egrep "<release>|disabled" /etc/apt/sources.list.d/*` as non-root
+        Then I will see the following on stdout:
+        """
+        """
+        When I run `ua status --all` with sudo
+        Then stdout matches regexp:
+        """
+        <fips-service> +yes                enabled
+        """
+        When  I run `uname -r` as non-root
+        Then stdout matches regexp:
+            """
+            fips
+            """
+        When I run `cat /proc/sys/crypto/fips_enabled` with sudo
+        Then I will see the following on stdout:
+        """
+        1
+        """
+
+        Examples: ubuntu release
+        | release | next_release | fips-service  | fips-name    |
+        #| xenial  | bionic       | fips          | FIPS         |
+        | xenial  | bionic       | fips-updates  | FIPS Updates |