tests/main/sudo-env: check snap path under sudo

tests/main/sudo-env/task.yaml

@@ -0,0 +1,51 @@
+summary: verify that snap binaries dir is present in PATH under sudo
+
+description: |
+    Some distributions set secure_path in /etc/sudoers which resets the PATH
+    under sudo to some predefined set of locations. Make sure to account for all
+    distros supported by snapd that have sudo set up this way.
+
+environment:
+    # list of regular expressions that match systems where sudo is set up to use
+    # secure_path
+    SECURE_PATH_SUDO: "fedora-.* centos-.* amazon-linux-2-64 opensuse-.* debian-.*"
+
+# ubuntu-14.04: no support for user sessions used by test helpers
+systems: [ -ubuntu-14.04-* ]
+
+debug: |
+    cat sudo.path || true
+    cat sudo-login.path || true
+
+prepare: |
+    tests.session -u test prepare
+
+restore: |
+    tests.session -u test restore
+
+execute: |
+    #shellcheck source=tests/lib/dirs.sh
+    . "$TESTSLIB/dirs.sh"
+
+    # run a snap command via sudo
+    # shellcheck disable=SC2016
+    tests.session -u test exec sudo sh -c 'echo :$PATH:' > sudo.path
+    # and again via sudo --login which should load /etc/profile
+    # shellcheck disable=SC2016
+    tests.session -u test exec sudo --login sh -c 'echo :$PATH:' > sudo-login.path
+
+    secure_path=no
+    for regex in $SECURE_PATH_SUDO ; do
+        if echo "$SPREAD_SYSTEM" | grep -Eq "$regex" ; then
+            secure_path=yes
+            break
+        fi
+    done
+
+    if [ "$secure_path" = "yes" ] ; then
+        not MATCH ":${SNAP_MOUNT_DIR}/bin:" < sudo.path
+    else
+        MATCH ":${SNAP_MOUNT_DIR}/bin:" < sudo.path
+    fi
+    # in either case, the location should be listed in a login shell
+    MATCH ":${SNAP_MOUNT_DIR}/bin:" < sudo-login.path