ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Added check for non typical provisioner status

Browse Source
This commit is contained in:
iadgovuser26 iadgovuser26@empire.eclipse.ncsc.mil 2024-07-25 13:33:16 -04:00
parent 8a3478c19e
commit 89e1aea091
5 changed files with 28 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.ci/system-tests/run_system_tests.sh
View File

@ -6,7 +6,6 @@
# 1. Uncomment the "cd ../.." line below to make working directory = /HIRS/
# 2. Run with the desired HIRS branch as an argument (i.e. $./run_system_tests.sh main)
##########################################################################################
#cd ../..
# Setting variables
aca_container=hirs-aca1
@ -49,13 +48,3 @@ docker exec $tpm2_container sh -c "mkdir -p /HIRS/logs/provisioner/ && cp -ap hi
echo "*** Exiting and removing Docker containers and network ..."
docker compose -f ./.ci/docker/docker-compose-system-test.yml down -v
# Return container exit code
if [[ ${TEST_STATUS} == "0" ]]; then
echo "******** SUCCESS: System Tests for TPM 2.0 passed ********"
echo "TEST_STATUS=0" >> $GITHUB_ENV
exit 0;
else
echo "******** FAILURE: System Tests for TPM 2.0 failed ********"
echo "TEST_STATUS=1" >> $GITHUB_ENV
exit 1
fi

17
.ci/system-tests/sys_test_common.sh
View File

@ -99,13 +99,16 @@ provisionTpm2() {
else
echo "Provisioning failed as expected."
fi
else # provisioning succeeded
if [[ $expected_result == "fail" ]]; then
((failedTests++))
echo "!!! Provisioning passed, but was expected to fail"
else
echo "Provisioning passed as expected."
fi
elif [[ $provisionOutput == *"Provisioning successful"* ]]; then
if [[ $expected_result == "fail" ]]; then
((failedTests++))
echo "!!! Provisioning passed, but was expected to fail."
else
echo "Provisioning passed as expected."
fi
else # Unexpected output
((failedTests++))
echo "Provisioning failed. Provisioner provided an unexpected output."
fi
}

1
.ci/system-tests/tests/platform_cert_tests.sh
View File

@ -48,7 +48,6 @@ fi
# Process Test Results, any single failure will send back a failed result.
if [[ $failedTests != 0 ]]; then
export TEST_STATUS=1
echo "**** $failedTests out of $totalTests Platform Certificate Tests Failed! ****"
exit 1
else

1
.ci/system-tests/tests/rim_system_tests.sh
View File

@ -51,7 +51,6 @@ fi
# Process Test Results, any single failure will send back a failed result.
if [[ $failedTests != 0 ]]; then
export TEST_STATUS=1
echo "**** $failedTests out of $totalTests ACA RIM Tests Failed! ****"
exit 1
else

55
.github/workflows/system_test.yml vendored
View File

@ -8,8 +8,6 @@ on:
- '*v3*'
- 'main'
workflow_dispatch:
env:
TEST_STATUS: 0
jobs:
DockerTests:
runs-on: ubuntu-latest
@ -30,52 +28,52 @@ jobs:
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
.ci/system-tests/setup_system_tests.sh ${GITHUB_REF#refs/heads/}
- name: ACA POLICY TEST 1 - Test ACA default policy
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 1
- name: ACA POLICY TEST 2 - Test EK cert Only Validation Policy without a EK Issuer Cert in the trust store
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 2
- name: ACA POLICY TEST 3 - Test EK Only Validation Policy
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 3
- name: ACA POLICY TEST 4 - Test PC Validation Policy with no PC
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 4
- name: ACA POLICY TEST 5 - Test FW and PC Validation Policy with no PC
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 5
- name: ACA POLICY TEST 6 - Test PC Validation Policy with valid PC with no Attribute Check
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 6
- name: ACA POLICY TEST 7 - Test PC Validation Policy with valid PC with Attribute Check
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 7
- name: ACA POLICY TEST 8 - Test PC with RIM Validation Policy with valid PC and RIM
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 8
- name: ACA POLICY TEST 9 - Test valid PC and RIM with PC only uploaded
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 9
- name: ACA POLICY TEST 10 - Test valid PC and RIM with RIM only uploaded
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 10
@ -85,17 +83,17 @@ jobs:
# run: |
# .ci/system-tests/tests/aca_policy_tests.sh
- name: ACA PLATFORM CERTIFICATE TEST 1 - Test a delta Platform Certificate that adds a new memory component
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 1
- name: ACA PLATFORM CERTIFICATE TEST 2 - Test a Platform Certificate that is missing a memory component
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 2
- name: ACA PLATFORM CERTIFICATE TEST 3 - Test a Delta Platform Certificate that has a wrong a memory component
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 3
@ -105,17 +103,17 @@ jobs:
# run: |
# .ci/system-tests/tests/platform_cert_tests.sh
- name: ACA RIM TEST 1 - Test a RIM from an OEM and a Supplemental RIM from a VAR
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 1
- name: ACA RIM TEST 2 - Test a RIM from an OEM with a bad reference measurement and a Supplemental RIM from a VAR
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 2
- name: ACA RIM TEST 3 - Test a RIM from an OEM and a Supplemental RIM from a VAR with a bad reference measurement
continue-on-error: true
if: always()
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 3
@ -125,38 +123,21 @@ jobs:
# run: |
# .ci/system-tests/tests/rim_system_tests.sh
- name: Copy System Test Log files
continue-on-error: true
if: always()
shell: bash
run: |
echo "*** Extracting ACA and Provisioner.Net logs ..."
docker exec hirs-aca1 bash -c "mkdir -p /HIRS/logs/aca/ && cp -arp /var/log/hirs/* /HIRS/logs/aca/"
docker exec hirs-provisioner1-tpm2 bash -c "mkdir -p /HIRS/logs/provisioner/ && cp -ap hirs*.log /HIRS/logs/provisioner/ && chmod -R 777 /HIRS/logs"
- name: Docker Compose Down
continue-on-error: true
if: always()
shell: bash
run: |
echo "*** Exiting and removing Docker containers and network ..."
docker compose -f .ci/docker/docker-compose-system-test.yml down -v
if [[ ${TEST_STATUS} == "0" ]]; then
echo "******** SUCCESS: System Tests for TPM 2.0 passed ********"
echo "TEST_STATUS=0" >> $GITHUB_ENV
exit 0;
else
echo "******** FAILURE: System Tests for TPM 2.0 failed ********"
echo "TEST_STATUS=1" >> $GITHUB_ENV
exit 1
fi
- name: Archive System Test Log files
uses: actions/upload-artifact@v4
with:
name: System_Test_Log_Files
path: logs/
if-no-files-found: ignore
- name: Check System Test results
if: success() || failure()
run: |
if [ ${TEST_STATUS} == "0" ]; then
exit 0;
else
exit 1;
fi