ENT-3999: Atexit code coverage

.travis.yml

@@ -29,6 +29,8 @@ matrix:
       env: JOB_TYPE=compile_and_unit_test COVERAGE=no
       compiler: clang
     - os: linux
+      before_script:
+      - export CFLAGS="-g3 -O0"
       sudo: required
       env: JOB_TYPE=acceptance_tests_common
       # The unsafe acceptance tests don't work with SIMFS which is the default

README.md

@@ -1,3 +1,4 @@
+testing 1 2 3 -craig
 
 | Version    | [Core](https://github.com/cfengine/core)                                                                           | [MPF](https://github.com/cfengine/masterfiles)                                                                                  |
 |------------|--------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|

cf-serverd/server_transform.c

@@ -231,6 +231,8 @@ void KeepPromises(EvalContext *ctx, const Policy *policy, GenericAgentConfig *co
     roles_acl     = calloc(1, sizeof(*roles_acl));
     SV.path_shortcuts = StringMapNew();
 
+    // GDB: breakpoint for tests/acceptance/16_cf-serverd/keep_promises_fail.cf
+
     if (paths_acl    == NULL || classes_acl == NULL || vars_acl    == NULL ||
         literals_acl == NULL || query_acl   == NULL || bundles_acl == NULL ||
         roles_acl    == NULL || SV.path_shortcuts == NULL)
@@ -1149,6 +1151,8 @@ static void AccessPromise_AddAccessConstraints(const EvalContext *ctx,
                 }
             }
 
+            // GDB: breakpoint for tests/acceptance/16_cf-serverd/add_access_constraints_fail.cf
+
             if (ret == (size_t) -1)
             {
                 /* Should never happen, besides when allocation fails. */

libenv/unix_iface.c

@@ -344,7 +344,9 @@ void GetInterfacesInfo(EvalContext *ctx)
 
     InitIgnoreInterfaces();
 
-    if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+    fd = socket(AF_INET, SOCK_DGRAM, 0);
+    // GDB: breakpoint for tests/acceptance/27_cf-agent/couldnt_open_socket.cf
+    if (fd == -1)
     {
         Log(LOG_LEVEL_ERR, "Couldn't open socket. (socket: %s)", GetErrorStr());
         exit(EXIT_FAILURE);
@@ -362,6 +364,7 @@ void GetInterfacesInfo(EvalContext *ctx)
     intmax_t request = OSIOCGIFCONF;
 #endif
     int ret = ioctl(fd, request, &list);
+    // GDB: breakpoint for tests/acceptance/27_cf-agent/couldnt_ioctl_socket.cf
     if (ret == -1)
     {
         Log(LOG_LEVEL_ERR,

tests/acceptance/08_commands/background.cf

@@ -0,0 +1,42 @@
+# TODO ammend/clarify the docs: https://docs.cfengine.com/docs/3.12/reference-promise-types.html#background
+body common control
+{
+  inputs => { "../default.cf.sub" };
+  bundlesequence => { default("$(this.promise_filename)") };
+}
+
+body agent control
+{
+  max_children => 10;
+}
+
+bundle agent init
+{
+  commands:
+    "/bin/sleep 5"
+      action => background;
+
+    "/bin/sleep 10"
+      action => background;
+
+    "/bin/sleep 15"
+      action => background;
+
+  files:
+    "/bin/sleep"
+      action => background;
+
+    "/bin/date"
+      action => background;
+}
+
+body action background
+{
+  background => "true";
+}
+
+bundle agent check
+{
+  reports:
+    "$(this.promise_filename) Pass";
+}

tests/acceptance/15_control/02_agent/agentaccess.cf

@@ -0,0 +1,17 @@
+body common control
+{
+  inputs => { "../../default.cf.sub" };
+  bundlesequence => { default("$(this.promise_filename)") };
+}
+
+bundle agent init
+{
+  commands:
+    "$(sys.cf_agent) --file $(this.promise_dirname)/agentaccess.cf.sub";
+}
+
+bundle agent check
+{
+  reports:
+    "$(this.promise_filename) Pass";
+}

tests/acceptance/15_control/02_agent/agentaccess.cf.sub

@@ -0,0 +1,10 @@
+body agent control
+{
+    agentaccess => { "nobody" };
+}
+
+bundle agent main
+{
+  reports:
+    "I am here!";
+}

tests/acceptance/15_control/02_agent/allclassesreport.cf

@@ -0,0 +1,38 @@
+body common control
+{
+  inputs => { "../../default.cf.sub" };
+  bundlesequence => { default("$(this.promise_filename)") };
+  version => "1.0";
+}
+
+bundle agent init
+{
+  commands:
+      "$(sys.cf_agent) -f $(this.promise_dirname)/allclassesreport.cf.sub";
+}
+
+bundle agent test
+{
+  classes:
+    "ok" expression => "any";
+
+  vars:
+    "fields" slist => splitstring("size,gid,uid,permstr,permoct,type,basename",",",999);
+
+    "stat[$(fields)]" string => filestat("$(sys.statedir)/allclasses.txt", $(fields));
+}
+
+bundle agent check
+{
+  methods:
+      "Pass/Fail" usebundle => dcs_passif_fileexists( "$(sys.statedir)/allclasses.txt",
+                                                      $(this.promise_filename));
+
+  reports:
+      DEBUG|EXTRA::
+      "$(sys.statedir)/allclasses.txt $(with)"
+        with => ifelse( fileexists( "$(sys.statedir)/allclasses.txt" ), "exists",
+                        "doesn't exist");
+
+      "$(test.fields) is $(test.stat[$(test.fields)])";
+}

tests/acceptance/15_control/02_agent/allclassesreport.cf.sub

@@ -0,0 +1,10 @@
+body agent control
+{
+    allclassesreport => "true";
+}
+
+bundle agent main
+{
+  reports:
+    "I am here!";
+}

tests/acceptance/15_control/02_agent/secureinput.cf

@@ -0,0 +1,31 @@
+body common control
+{
+  inputs => { "../../default.cf.sub" };
+  bundlesequence => { default("$(this.promise_filename)") };
+}
+
+body agent control
+{
+    secureinput => "true";
+}
+
+bundle agent init
+{
+  files:
+    "$(this.promise_dirname)/secureinput.cf.sub"
+    perms => bad_perms;
+
+  commands:
+    "$(sys.cf_agent) --file $(this.promise_dirname)/secureinput.cf.sub";
+}
+
+body perms bad_perms
+{
+    owners => { "nobody" };
+}
+
+bundle agent check
+{
+  reports:
+    "$(this.promise_filename) Pass";
+}

tests/acceptance/15_control/02_agent/secureinput.cf.sub

@@ -0,0 +1,12 @@
+body agent control
+{
+# TODO not sure how to architect this test of checking agent access
+# due to agentaccess being present... but not having a list of agents
+  agentaccess => { };
+}
+
+bundle agent main
+{
+  reports:
+    "I am here!";
+}

tests/acceptance/15_control/02_agent/simple_options.cf

@@ -0,0 +1,44 @@
+body common control
+{
+  inputs => { "../../default.cf.sub" };
+  bundlesequence => { default("$(this.promise_filename)") };
+}
+
+bundle agent init
+{
+  commands:
+    "$(sys.cf_agent) -z" classes => kept;       # unknown option should cause --help
+    "$(sys.cf_agent) --version" classes => kept;
+    "$(sys.cf_agent) --help" classes => kept;
+    "$(sys.cf_agent) --log-modules=help" classes => kept;
+
+# --show-evaluated-classes needs DoCleanupAndExit()
+    "$(sys.cf_agent) --show-evaluated-classes --file $(this.promise_dirname)/simple_options.cf.sub" classes => kept;
+# --show-evaluated-vars needs DoCleanupAndExit()
+    "$(sys.cf_agent) --show-evaluated-vars --file $(this.promise_dirname)/simple_options.cf.sub" classes => kept;
+# --color and any evaluation of policy (--file and not --help or --version) requires DoCleanupAndExit()
+    "$(sys.cf_agent) --color --file $(this.promise_dirname)/simple_options.cf.sub" classes => kept;
+
+    "$(sys.cf_agent) --self-diagnostics" classes => kept;
+    # secret options! :p output man page!?
+    "$(sys.cf_agent) -M" classes => kept;
+
+# should cause error, can't use --trust-server without --bootstrap
+    "$(sys.cf_agent) --trust-server";
+}
+
+body classes kept
+{
+  promise_kept => { "ok" };
+  promise_repaired => { "ok" };
+  cancel_notkept => { "ok" };
+}
+
+bundle agent check
+{
+  reports:
+    ok::
+      "$(this.promise_filename) Pass";
+    !ok::
+      "$(this.promise_filename) FAIL";
+}

tests/acceptance/15_control/02_agent/simple_options.cf.sub

@@ -0,0 +1,3 @@
+bundle agent main
+{
+}

tests/acceptance/16_cf-serverd/add_access_constraints_fail.cf

@@ -0,0 +1,45 @@
+body common control
+{
+  inputs => { "../default.cf.sub" };
+  bundlesequence => { default("$(this.promise_filename)") };
+}
+
+bundle agent init
+{
+  commands:
+    "/bin/echo -n '=line_number=' && /bin/grep -n GDB:.*add_access_constraints_fail.cf $(this.promise_dirname)/../../../cf-serverd/server_transform.c | cut -d: -f1"
+      contain => shell_command,
+      module => "true";
+
+  files:
+    "$(sys.workdir)/add_access_constraints_fail.gdb"
+      create => "true",
+      edit_template => "$(this.promise_dirname)/add_access_constraints_fail.gdb.mustache",
+      template_data => ' { "line_number": "$(echo.line_number)" } ',
+      template_method => "mustache";
+}
+
+bundle agent test
+{
+  commands:
+    "$(this.promise_dirname)/../../../libtool --mode=execute gdb -x $(sys.workdir)/add_access_constraints_fail.gdb --args $(this.promise_dirname)/../../../cf-serverd/cf-serverd --no-lock --no-fork --debug --file $(this.promise_dirname)/add_access_constraints_fail.cf.sub"
+      classes => keptcode;
+}
+
+bundle agent check
+{
+  methods:
+    "pass" usebundle => dcs_passif("ok", "$(this.promise_filename)");
+}
+
+body contain shell_command
+{
+  useshell => "useshell";
+}
+
+
+body classes keptcode
+{
+  kept_returncodes => { "255" };
+  promise_kept => { "ok" };
+}

tests/acceptance/16_cf-serverd/add_access_constraints_fail.cf.sub

@@ -0,0 +1,21 @@
+bundle server access_rules()
+{
+  access:
+    "test value"
+      resource_type => "literal",
+      admit => { "127.0.0.1" };
+
+    "myvar"
+      resource_type => "variable",
+      admit => { "127.0.0.1" };
+
+    "/tmp"
+      resource_type => "path",
+      admit => { "127.0.0.1" };
+}
+
+bundle agent main
+{
+  reports:
+    "hello";
+}

tests/acceptance/16_cf-serverd/add_access_constraints_fail.gdb.mustache

@@ -0,0 +1,7 @@
+b server_transform.c:{{line_number}}
+commands
+  set ret=(size_t) -1
+  c
+end
+run
+quit $_exitcode

tests/acceptance/16_cf-serverd/keep_promises_fail.cf

@@ -0,0 +1,49 @@
+body common control
+{
+  inputs => { "../default.cf.sub" };
+  bundlesequence => { default("$(this.promise_filename)") };
+}
+
+bundle agent init
+{
+  commands:
+# TODO add grep for GDB: !!! so that other references don't get found! :) :(
+    "/bin/echo -n '=line_number=' && /bin/grep -n GDB:.*keep_promises_fail.cf $(this.promise_dirname)/../../../cf-serverd/server_transform.c | cut -d: -f1"
+      contain => shell_command,
+      module => "true";
+
+  files:
+    "$(sys.workdir)/keep_promises_fail.gdb"
+      create => "true",
+      edit_template => "$(this.promise_dirname)/keep_promises_fail.gdb.mustache",
+      template_data => ' { "line_number": "$(echo.line_number)" } ',
+      template_method => "mustache";
+}
+
+bundle agent test
+{
+  commands:
+    "/bin/ls -l $(this.promise_dirname)/../../..";
+    "/usr/bin/find $(this.promise_dirname)/../../.. -name 'server_transform.c'";
+    "/bin/cat $(sys.workdir)/keep_promises_fail.gdb";
+
+    "$(this.promise_dirname)/../../../libtool --mode=execute gdb -x $(sys.workdir)/keep_promises_fail.gdb --args $(this.promise_dirname)/../../../cf-serverd/cf-serverd --no-fork --file $(this.promise_dirname)/keep_promises_fail.cf.sub"
+      classes => keptcode;
+}
+
+bundle agent check
+{
+  methods:
+    "pass" usebundle => dcs_passif("ok", "$(this.promise_filename)");
+}
+
+body contain shell_command
+{
+  useshell => "useshell";
+}
+
+body classes keptcode
+{
+  kept_returncodes => { "255" };
+  promise_kept => { "ok" };
+}

tests/acceptance/16_cf-serverd/keep_promises_fail.cf.sub

@@ -0,0 +1,5 @@
+bundle agent main
+{
+  reports:
+    "hello";
+}