ReachableCEO
34433d4739
Add end-to-end integration tests for complete workflows. Add comprehensive security compliance tests covering FR-001 (Full Disk Encryption) and FR-007 (Password Complexity). Add encryption configuration tests for LUKS2, cipher settings, and validation hooks. 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
183 lines
6.2 KiB
Bash
183 lines
6.2 KiB
Bash
#!/usr/bin/env bats
|
|
# End-to-end integration tests for complete workflows
|
|
|
|
# Add bats library to BATS_LIB_PATH
|
|
export BATS_LIB_PATH="/usr/lib/bats-core"
|
|
|
|
load 'bats-support/load'
|
|
load 'bats-assert/load'
|
|
load 'bats-file/load'
|
|
load '../test_helper/common.bash'
|
|
|
|
setup() {
|
|
export TEST_ROOT="${TEST_TEMP_DIR}/integration"
|
|
mkdir -p "${TEST_ROOT}"
|
|
}
|
|
|
|
@test "E2E: All shell scripts are executable" {
|
|
local scripts=(
|
|
"run.sh"
|
|
"test-iso.sh"
|
|
"src/security-hardening.sh"
|
|
"src/firewall-setup.sh"
|
|
"src/build-iso.sh"
|
|
"src/run.sh"
|
|
"src/run-new.sh"
|
|
"config/hooks/installed/encryption-setup.sh"
|
|
"config/hooks/installed/encryption-validation.sh"
|
|
"config/hooks/installed/install-scripts.sh"
|
|
"config/hooks/installed/disable-package-management.sh"
|
|
"config/hooks/live/desktop-environment.sh"
|
|
"config/hooks/live/firewall-setup.sh"
|
|
"config/hooks/live/qr-code-import.sh"
|
|
"config/hooks/live/security-hardening.sh"
|
|
"config/hooks/live/usb-automount.sh"
|
|
)
|
|
|
|
for script in "${scripts[@]}"; do
|
|
local script_path="${PROJECT_ROOT}/${script}"
|
|
assert_file_exists "$script_path"
|
|
assert [ -x "$script_path" ]
|
|
done
|
|
}
|
|
|
|
@test "E2E: All shell scripts are valid bash syntax" {
|
|
local scripts=(
|
|
"run.sh"
|
|
"test-iso.sh"
|
|
"src/security-hardening.sh"
|
|
"src/firewall-setup.sh"
|
|
"src/build-iso.sh"
|
|
"src/run.sh"
|
|
"src/run-new.sh"
|
|
"config/hooks/installed/encryption-setup.sh"
|
|
"config/hooks/installed/encryption-validation.sh"
|
|
"config/hooks/installed/install-scripts.sh"
|
|
"config/hooks/installed/disable-package-management.sh"
|
|
"config/hooks/live/desktop-environment.sh"
|
|
"config/hooks/live/firewall-setup.sh"
|
|
"config/hooks/live/qr-code-import.sh"
|
|
"config/hooks/live/security-hardening.sh"
|
|
"config/hooks/live/usb-automount.sh"
|
|
)
|
|
|
|
for script in "${scripts[@]}"; do
|
|
local script_path="${PROJECT_ROOT}/${script}"
|
|
run bash -n "$script_path"
|
|
assert_success "Script $script has syntax errors"
|
|
done
|
|
}
|
|
|
|
@test "E2E: Dockerfile contains all required packages" {
|
|
assert_file_contains "${PROJECT_ROOT}/Dockerfile" "live-build"
|
|
assert_file_contains "${PROJECT_ROOT}/Dockerfile" "debootstrap"
|
|
assert_file_contains "${PROJECT_ROOT}/Dockerfile" "squashfs-tools"
|
|
assert_file_contains "${PROJECT_ROOT}/Dockerfile" "xorriso"
|
|
assert_file_contains "${PROJECT_ROOT}/Dockerfile" "bats"
|
|
assert_file_contains "${PROJECT_ROOT}/Dockerfile" "shellcheck"
|
|
assert_file_contains "${PROJECT_ROOT}/Dockerfile" "nftables"
|
|
}
|
|
|
|
@test "E2E: Preseed configuration contains mandatory encryption settings" {
|
|
assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "crypto"
|
|
assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "LUKS"
|
|
assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "AES"
|
|
}
|
|
|
|
@test "E2E: Package list includes all required packages" {
|
|
local pkg_list="${PROJECT_ROOT}/config/package-lists/knel-football.list.chroot"
|
|
|
|
assert_file_contains "$pkg_list" "icewm"
|
|
assert_file_contains "$pkg_list" "lightdm"
|
|
assert_file_contains "$pkg_list" "wireguard"
|
|
assert_file_contains "$pkg_list" "nftables"
|
|
assert_file_contains "$pkg_list" "cryptsetup"
|
|
assert_file_contains "$pkg_list" "libpam-pwquality"
|
|
}
|
|
|
|
@test "E2E: Security hardening script enforces password complexity" {
|
|
source "${PROJECT_ROOT}/src/security-hardening.sh"
|
|
|
|
local test_output="${TEST_ROOT}/pwquality.conf"
|
|
configure_password_policy "$test_output"
|
|
|
|
assert_file_contains "$test_output" "minlen = 14"
|
|
assert_file_contains "$test_output" "enforcing = 1"
|
|
}
|
|
|
|
@test "E2E: Firewall setup blocks inbound by default" {
|
|
source "${PROJECT_ROOT}/src/firewall-setup.sh"
|
|
|
|
local test_output="${TEST_ROOT}/firewall.rules"
|
|
configure_nftables "$test_output"
|
|
|
|
assert_file_contains "$test_output" "policy input drop"
|
|
}
|
|
|
|
@test "E2E: Encryption setup hook creates key management scripts" {
|
|
source "${PROJECT_ROOT}/config/hooks/installed/encryption-setup.sh"
|
|
|
|
local script_dir="${TEST_ROOT}/bin"
|
|
mkdir -p "$script_dir"
|
|
|
|
create_check_encryption_script "$script_dir/check-encryption.sh"
|
|
create_manage_keys_script "$script_dir/manage-encryption-keys.sh"
|
|
|
|
assert_file_exists "$script_dir/check-encryption.sh"
|
|
assert_file_exists "$script_dir/manage-encryption-keys.sh"
|
|
}
|
|
|
|
@test "E2E: All documentation files exist and are readable" {
|
|
local docs=(
|
|
"README.md"
|
|
"AGENTS.md"
|
|
"PRD.md"
|
|
"RESUME.md"
|
|
"JOURNAL.md"
|
|
"QUICK_START.md"
|
|
"BUILD-COMPLETE.md"
|
|
"BUILD-SUMMARY.md"
|
|
"VERIFICATION-REPORT.md"
|
|
)
|
|
|
|
for doc in "${docs[@]}"; do
|
|
local doc_path="${PROJECT_ROOT}/${doc}"
|
|
assert_file_exists "$doc_path"
|
|
run cat "$doc_path"
|
|
assert_success "Documentation file $doc is not readable"
|
|
done
|
|
}
|
|
|
|
@test "E2E: Test suite directory structure is complete" {
|
|
assert [ -d "${PROJECT_ROOT}/tests/unit" ]
|
|
assert [ -d "${PROJECT_ROOT}/tests/integration" ]
|
|
assert [ -d "${PROJECT_ROOT}/tests/security" ]
|
|
assert [ -d "${PROJECT_ROOT}/tests/test_helper" ]
|
|
|
|
# Test helper files exist
|
|
assert_file_exists "${PROJECT_ROOT}/tests/test_helper/common.bash"
|
|
}
|
|
|
|
@test "E2E: .gitignore excludes build artifacts" {
|
|
assert_file_contains "${PROJECT_ROOT}/.gitignore" "*.iso"
|
|
assert_file_contains "${PROJECT_ROOT}/.gitignore" "*.sha256"
|
|
assert_file_contains "${PROJECT_ROOT}/.gitignore" "*.md5"
|
|
assert_file_contains "${PROJECT_ROOT}/.gitignore" "output/"
|
|
}
|
|
|
|
@test "E2E: Output directory structure is correct" {
|
|
assert [ -d "${PROJECT_ROOT}/output" ] || mkdir -p "${PROJECT_ROOT}/output"
|
|
assert [ -d "${PROJECT_ROOT}/output" ]
|
|
}
|
|
|
|
@test "E2E: Config directory structure is complete" {
|
|
assert [ -d "${PROJECT_ROOT}/config" ]
|
|
assert [ -d "${PROJECT_ROOT}/config/hooks/live" ]
|
|
assert [ -d "${PROJECT_ROOT}/config/hooks/installed" ]
|
|
assert [ -d "${PROJECT_ROOT}/config/package-lists" ]
|
|
|
|
# Key config files exist
|
|
assert_file_exists "${PROJECT_ROOT}/config/preseed.cfg"
|
|
assert_file_exists "${PROJECT_ROOT}/config/package-lists/knel-football.list.chroot"
|
|
}
|