refactor(SD_VM_Local_Test): automatically check all VMs for expected …

…configuration keys This eliminates the need to treat $QUBES_GPG_DOMAIN as special: now only a VM that expects it lists it in its "expected_config_keys" set, and any other VM will fail SD_VM_Local_Test.test_vm_config_keys() if it's present.
freedomofpress · Apr 25, 2024 · bf786e2 · bf786e2
1 parent dc6f763
commit bf786e2
Show file tree

Hide file tree

Showing 8 changed files with 19 additions and 35 deletions.
diff --git a/tests/base.py b/tests/base.py
@@ -55,6 +55,10 @@ def setUp(self):
         with open("config.json") as config_file:
             self.dom0_config = json.load(config_file)
 
+        # A VM shouldn't have any configuration keys it doesn't explicitly
+        # expect.
+        self.expected_config_keys = set()
+
     # def tearDown(self):
     #     self.vm.shutdown()
 
@@ -153,6 +157,14 @@ def _vm_config_read(self, key):
         except subprocess.CalledProcessError:
             return None
 
+    def _vm_config_check(self, expected):
+        """Check that the set of expected by the VM keys equals the set of keys
+        actually configured.
+        """
+        actual = set(self._run("qubesdb-list /vm-config/").split("\n"))
+        actual.discard("")  # if "qubesdb-list" returned nothing
+        self.assertEqual(actual, set(expected))
+
     def logging_configured(self):
         """
         Make sure rsyslog is configured to send in data to sd-log vm.
@@ -203,18 +215,8 @@ def mailcap_hardened(self):
         # Ensure that the wildcard rule worked as expected.
         self.assertEqual(mailcap_result, 'logger "Mailcap is disabled." <{}'.format(tmpfile_name))
 
-    def qubes_gpg_domain_configured(self, vmname=False):
-        """
-        Ensure the QUBES_GPG_DOMAIN is properly set for a given AppVM. This
-        var is set by a script /etc/profile.d.
-        sd-app should have it set to sd-gpg.
-        All other AppVMs should not have this configured.
+    def test_vm_config_keys(self):
+        """Every VM should check that it has only the configuration keys it
+        expects.
         """
-        env_contents = self._vm_config_read("QUBES_GPG_DOMAIN")
-
-        if vmname == "sd-app":
-            expected_env = "sd-gpg"
-        else:
-            expected_env = None
-
-        self.assertEqual(env_contents, expected_env)
+        self._vm_config_check(self.expected_config_keys)
diff --git a/tests/test_app.py b/tests/test_app.py
@@ -8,9 +8,7 @@ class SD_App_Tests(SD_VM_Local_Test):
     def setUp(self):
         self.vm_name = "sd-app"
         super(SD_App_Tests, self).setUp()
-
-    def test_gpg_domain_configured(self):
-        self.qubes_gpg_domain_configured(self.vm_name)
+        self.expected_config_keys = {"QUBES_GPG_DOMAIN", "SD_SUBMISSION_KEY_FPR"}
 
     def test_open_in_dvm_desktop(self):
         contents = self._get_file_contents("/usr/share/applications/open-in-dvm.desktop")

diff --git a/tests/test_gpg.py b/tests/test_gpg.py
@@ -80,9 +80,6 @@ def test_logging_disabled(self):
         # Logging to sd-log should be disabled on sd-gpg
         self.assertFalse(self._fileExists("/etc/rsyslog.d/sdlog.conf"))
 
-    def test_gpg_domain_configured(self):
-        self.qubes_gpg_domain_configured(self.vm_name)
-
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_GPG_Tests)

diff --git a/tests/test_log_vm.py b/tests/test_log_vm.py
@@ -48,9 +48,6 @@ def test_log_dirs_properly_named(self):
         # Confirm we don't have 'host' entries from Whonix VMs
         self.assertFalse("host" in log_dirs)
 
-    def test_gpg_domain_configured(self):
-        self.qubes_gpg_domain_configured(self.vm_name)
-
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_Log_Tests)

diff --git a/tests/test_proxy_vm.py b/tests/test_proxy_vm.py
@@ -9,6 +9,7 @@ class SD_Proxy_Tests(SD_VM_Local_Test):
     def setUp(self):
         self.vm_name = "sd-proxy"
         super(SD_Proxy_Tests, self).setUp()
+        self.expected_config_keys = {"SD_PROXY_ORIGIN"}
 
     def test_do_not_open_here(self):
         """
@@ -85,9 +86,6 @@ def test_mime_types(self):
     def test_mailcap_hardened(self):
         self.mailcap_hardened()
 
-    def test_gpg_domain_configured(self):
-        self.qubes_gpg_domain_configured(self.vm_name)
-
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_Proxy_Tests)

diff --git a/tests/test_sd_devices.py b/tests/test_sd_devices.py
@@ -49,9 +49,6 @@ def test_open_in_dvm_desktop(self):
         for line in expected_contents:
             self.assertTrue(line in contents)
 
-    def test_gpg_domain_configured(self):
-        self.qubes_gpg_domain_configured(self.vm_name)
-
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_Devices_Tests)

diff --git a/tests/test_sd_whonix.py b/tests/test_sd_whonix.py
@@ -10,6 +10,7 @@ def setUp(self):
         self.vm_name = "sd-whonix"
         self.whonix_apt_list = "/etc/apt/sources.list.d/derivative.list"
         super(SD_Whonix_Tests, self).setUp()
+        self.expected_config_keys = {"SD_HIDSERV_HOSTNAME", "SD_HIDSERV_KEY"}
 
     def test_accept_sd_xfer_extracted_file(self):
         with open("config.json") as c:
@@ -63,9 +64,6 @@ def test_whonix_torrc(self):
             "Whonix GW torrc contains duplicate %include lines",
         )
 
-    def test_gpg_domain_configured(self):
-        self.qubes_gpg_domain_configured(self.vm_name)
-
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_Whonix_Tests)

diff --git a/tests/test_viewer.py b/tests/test_viewer.py
@@ -47,9 +47,6 @@ def test_mime_types(self):
     def test_mailcap_hardened(self):
         self.mailcap_hardened()
 
-    def test_gpg_domain_configured(self):
-        self.qubes_gpg_domain_configured(self.vm_name)
-
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_Viewer_Tests)