Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Secure Upgrade Test #6816

Merged
merged 28 commits into from
Jun 15, 2023
Merged

Add Secure Upgrade Test #6816

merged 28 commits into from
Jun 15, 2023

Conversation

azmyali98
Copy link
Contributor

@azmyali98 azmyali98 commented Nov 13, 2022

Description of PR

Summary:

  • Introducing a new test for secure upgrade feature

Type of change

  • [X ] Test case(new/improvement)

Approach

What is the motivation for this PR?

We want to add a new secure upgrade test to validate non successful upgrade to non secure image.
In details:
If we have a secured image installed on a secured system, trying to install a non-secure image on it
should fail and we should expect a relevant message indicating so.

How did you verify/test it?

By taking a secured system with secured image installed on it and a path to non secure image we created privately,
we ran the test.

Supported testbed topology if it's a new test case?

Any topology is supported for the test.

Documentation

link to feature HLD: sonic-net/SONiC#1024

	in this test case we validate non successful install of a given non secure image file
adjusting existing upgrade test to be able to run on canonical setup by removing redundant imports
	in this test case we validate non successful install of a given non secure image file
adjusting existing upgrade test to be able to run on canonical setup by removing redundant imports
	in this test case we validate non successful install of a given non secure image file
adjusting existing upgrade test to be able to run on canonical setup by removing redundant imports
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Nov 13, 2022

CLA Signed

The committers listed above are authorized under a signed CLA.

@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Passed
check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_secure_boot.py:11:1: F401 'tests.upgrade_path.test_upgrade_path.upgrade_path_lists' imported but unused
tests/platform_tests/test_secure_boot.py:23:97: F811 redefinition of unused 'upgrade_path_lists' from line 11
tests/platform_tests/test_secure_boot.py:23:121: E501 line too long (132 > 120 characters)
tests/platform_tests/test_secure_boot.py:33:37: E261 at least two spaces before inline comment
tests/platform_tests/test_secure_boot.py:40:121: E501 line too long (130 > 120 characters)
tests/platform_tests/test_secure_boot.py:42:29: E225 missing whitespace around operator
tests/upgrade_path/test_upgrade_path.py:8:1: F401 'tests.common.fixtures.advanced_reboot.get_advanced_reboot' imported but unused
tests/upgrade_path/test_upgrade_path.py:9:1: F401 'tests.platform_tests.conftest.advanceboot_loganalyzer' imported but unused
tests/upgrade_path/test_upgrade_path.py:29:1: E302 expected 2 blank lines, found 1
tests/upgrade_path/test_upgrade_path.py:40:25: F811 redefinition of unused 'get_advanced_reboot' from line 8
tests/upgrade_path/test_upgrade_path.py:40:25: E127 continuation line over-indented for visual indent
...
[truncated extra lines, please run pre-commit locally to view full check results]

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

	in this test case we validate non successful install of a given non secure image file
adjusting existing upgrade test to be able to run on canonical setup by removing redundant imports
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Passed
check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_secure_boot.py:5:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:6:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:9:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:9:121: E501 line too long (123 > 120 characters)
tests/platform_tests/test_secure_boot.py:17:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:18:1: F401 'tests.upgrade_path.test_upgrade_path.upgrade_path_lists' imported but unused
tests/platform_tests/test_secure_boot.py:21:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:22:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:23:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:24:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:30:97: F811 redefinition of unused 'upgrade_path_lists' from line 18
...
[truncated extra lines, please run pre-commit locally to view full check results]

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

	in this test case we validate non successful install of a given non secure image file
adjusting existing upgrade test to be able to run on canonical setup by removing redundant imports
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Passed
check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_secure_boot.py:5:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:6:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:9:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:9:121: E501 line too long (123 > 120 characters)
tests/platform_tests/test_secure_boot.py:17:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:18:1: F401 'tests.upgrade_path.test_upgrade_path.upgrade_path_lists' imported but unused
tests/platform_tests/test_secure_boot.py:21:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:22:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:23:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:24:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:30:97: F811 redefinition of unused 'upgrade_path_lists' from line 18
...
[truncated extra lines, please run pre-commit locally to view full check results]

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

	in this test case we validate non successful install of a given non secure image file
adjusting existing upgrade test to be able to run on canonical setup by removing redundant imports
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Passed
check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_secure_boot.py:5:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:6:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:9:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:9:121: E501 line too long (123 > 120 characters)
tests/platform_tests/test_secure_boot.py:17:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:18:1: F401 'tests.upgrade_path.test_upgrade_path.upgrade_path_lists' imported but unused
tests/platform_tests/test_secure_boot.py:21:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:22:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:23:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:24:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:30:97: F811 redefinition of unused 'upgrade_path_lists' from line 18
...
[truncated extra lines, please run pre-commit locally to view full check results]

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

@@ -0,0 +1,48 @@
"""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a description of how to run the test.
I mean target_image and type parameters

logger.info("Expected fail, msg : {}".format(err_msg))
pytest_assert("Failure: CMS signature verification failed" in str(err_msg), "failure was not due to security limitations")
finally:
pytest_assert(result=="image install failure", "install non secure image should not succeed")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't want to change the image in case the test failed or passed.
need to be sure at the end of the test the "next" image is the same as the "current" at the beginning of the test.
Use the next commands:
sonic-installer list / show boot
sonic-installer set-default

finally:
pytest_assert(result=="image install failure", "install non secure image should not succeed")
logger.info("Cold reboot the DUT")
reboot(duthost, localhost)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the reboot is not required in the test

from tests.common.fixtures.ptfhost_utils import copy_ptftests_directory # lgtm[py/unused-import]
from tests.common.fixtures.ptfhost_utils import change_mac_addresses # lgtm[py/unused-import]
from tests.common.fixtures.ptfhost_utils import remove_ip_addresses # lgtm[py/unused-import]
from tests.common.fixtures.ptfhost_utils import copy_arp_responder_py # lgtm[py/unused-import]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please restore it.
the usage of these fixtures exist in the tests

	in this test case we validate non successful install of a given non secure image file
adjusting existing upgrade test to be able to run on canonical setup by removing redundant imports
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Passed
check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_secure_boot.py:5:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:8:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:14:1: F401 'tests.common.reboot' imported but unused
tests/platform_tests/test_secure_boot.py:16:1: F401 'tests.upgrade_path.upgrade_helpers.check_services' imported but unused
tests/platform_tests/test_secure_boot.py:16:1: F401 'tests.upgrade_path.upgrade_helpers.check_reboot_cause' imported but unused
tests/platform_tests/test_secure_boot.py:17:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:18:1: F401 'tests.upgrade_path.test_upgrade_path.upgrade_path_lists' imported but unused
tests/platform_tests/test_secure_boot.py:21:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:22:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:23:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:24:1: E101 indentation contains mixed spaces and tabs
...
[truncated extra lines, please run pre-commit locally to view full check results]

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

	in this test case we validate non successful install of a given non secure image file
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Passed
check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_secure_boot.py:5:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:8:1: W191 indentation contains tabs
tests/platform_tests/test_secure_boot.py:16:1: F401 'tests.upgrade_path.test_upgrade_path.upgrade_path_lists' imported but unused
tests/platform_tests/test_secure_boot.py:19:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:20:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:21:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:22:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:31:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:32:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:33:1: E101 indentation contains mixed spaces and tabs
tests/platform_tests/test_secure_boot.py:34:1: E101 indentation contains mixed spaces and tabs
...
[truncated extra lines, please run pre-commit locally to view full check results]

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

	in this test case we validate non successful install of a given non secure image file
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Passed
check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_secure_boot.py:24:1: E302 expected 2 blank lines, found 1
tests/platform_tests/test_secure_boot.py:33:34: W605 invalid escape sequence 's'
tests/platform_tests/test_secure_boot.py:33:37: W605 invalid escape sequence ':'
tests/platform_tests/test_secure_boot.py:33:39: W605 invalid escape sequence 's'
tests/platform_tests/test_secure_boot.py:57:37: E261 at least two spaces before inline comment
tests/platform_tests/test_secure_boot.py:64:121: E501 line too long (130 > 120 characters)

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

	in this test case we validate non successful install of a given non secure image file
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Failed
- hook id: end-of-file-fixer
- exit code: 1
- files were modified by this hook

Fixing tests/platform_tests/test_secure_boot.py

check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_secure_boot.py:24:1: E302 expected 2 blank lines, found 1
tests/platform_tests/test_secure_boot.py:33:34: W605 invalid escape sequence 's'
tests/platform_tests/test_secure_boot.py:33:37: W605 invalid escape sequence ':'
tests/platform_tests/test_secure_boot.py:33:39: W605 invalid escape sequence 's'
tests/platform_tests/test_secure_boot.py:57:37: E261 at least two spaces before inline comment
...
[truncated extra lines, please run pre-commit locally to view full check results]

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

	in this test case we validate non successful install of a given non secure image file
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Failed
- hook id: end-of-file-fixer
- exit code: 1
- files were modified by this hook

Fixing tests/platform_tests/test_secure_boot.py

check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_secure_boot.py:24:1: E302 expected 2 blank lines, found 1
tests/platform_tests/test_secure_boot.py:65:9: E128 continuation line under-indented for visual indent

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

	in this test case we validate non successful install of a given non secure image file
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Failed
- hook id: end-of-file-fixer
- exit code: 1
- files were modified by this hook

Fixing tests/platform_tests/test_secure_boot.py

check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_secure_boot.py:66:9: E128 continuation line under-indented for visual indent

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

	in this test case we validate non successful install of a given non secure image file
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Failed
- hook id: end-of-file-fixer
- exit code: 1
- files were modified by this hook

Fixing tests/platform_tests/test_secure_boot.py

check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Passed

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

	in this test case we validate non successful install of a given non secure image file
	in this test case we validate non successful install of a given non secure image file
	in this test case we validate non successful install of a given non secure image file
	in this test case we validate non successful install of a given non secure image file
	in this test case we validate non successful install of a given non secure image file
@azmyali98 azmyali98 requested review from liat-grozovik and removed request for sujinmkang November 21, 2022 08:47
@azure-pipelines
Copy link

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Passed
fix end of files.........................................................Failed
- hook id: end-of-file-fixer
- exit code: 1
- files were modified by this hook

Fixing tests/platform_tests/test_first_time_boot_password_change/manufacture.py
Fixing tests/platform_tests/test_first_time_boot_password_change/default_consts.py

check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Failed
- hook id: flake8
- exit code: 1

tests/platform_tests/test_first_time_boot_password_change/default_consts.py:5:1: E302 expected 2 blank lines, found 0
tests/platform_tests/test_first_time_boot_password_change/default_consts.py:25:19: E127 continuation line over-indented for visual indent
tests/platform_tests/test_first_time_boot_password_change/manufacture.py:21:1: F403 'from ansible.module_utils.basic import ' used; unable to detect undefined names
tests/platform_tests/test_first_time_boot_password_change/manufacture.py:21:1: F401 'ansible.module_utils.basic.
' imported but unused
...
[truncated extra lines, please run pre-commit locally to view full check results]

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

@lgtm-com
Copy link

lgtm-com bot commented Nov 21, 2022

This pull request introduces 1 alert when merging 5e9520d into b2b45b7 - view on LGTM.com

new alerts:

  • 1 for Clear-text logging of sensitive information

Heads-up: LGTM.com's PR analysis will be disabled on the 5th of December, and LGTM.com will be shut down ⏻ completely on the 16th of December 2022. Please enable GitHub code scanning, which uses the same CodeQL engine ⚙️ that powers LGTM.com. For more information, please check out our post on the GitHub blog.

@davidpil2002
Copy link
Contributor

Hi @xumia & @lguohan,
Can you help by reviewing this PR as well?

@liat-grozovik
Copy link
Collaborator

@azmyali98 can you please confirm that if the test run on a system without secured boot enable, the test is skipped and not raised error?

@liat-grozovik
Copy link
Collaborator

@AntonHryshchuk if comments were handled from your POV can you approve?
@yxieca should you assign someone to review it or we can go a head and merge?

AntonHryshchuk
AntonHryshchuk previously approved these changes Feb 1, 2023
xumia
xumia previously approved these changes Feb 14, 2023
@xumia xumia requested a review from wangxin February 14, 2023 09:22
@xumia
Copy link
Collaborator

xumia commented Feb 14, 2023

LGTM, @wangxin , could you please take a look for it?

@liat-grozovik
Copy link
Collaborator

@azmyali98 could you please refer to the open question by Xin?

@azmyali98
Copy link
Contributor Author

azmyali98 commented May 16, 2023 via email

@azmyali98 azmyali98 dismissed stale reviews from xumia and AntonHryshchuk via 4f5275a May 30, 2023 04:51
@azmyali98 azmyali98 requested a review from prgeor as a code owner May 30, 2023 04:51
@azmyali98
Copy link
Contributor Author

@liat-grozovik, fixed :)

@liat-grozovik
Copy link
Collaborator

@wangxin could you please help to approve so we can merge?

@wangxin wangxin merged commit 7bb70bb into sonic-net:master Jun 15, 2023
mrkcmo pushed a commit to Azarack/sonic-mgmt that referenced this pull request Oct 3, 2023
What is the motivation for this PR?
We want to add a new secure upgrade test to validate non successful upgrade to non secure image.
In details:
If we have a secured image installed on a secured system, trying to install a non-secure image on it
should fail and we should expect a relevant message indicating so.

How did you verify/test it?
By taking a secured system with secured image installed on it and a path to non secure image we created privately,
we ran the test.

Supported testbed topology if it's a new test case?
Any topology is supported for the test.

Documentation
link to feature HLD: sonic-net/SONiC#1024
AharonMalkin pushed a commit to AharonMalkin/sonic-mgmt that referenced this pull request Jan 25, 2024
What is the motivation for this PR?
We want to add a new secure upgrade test to validate non successful upgrade to non secure image.
In details:
If we have a secured image installed on a secured system, trying to install a non-secure image on it
should fail and we should expect a relevant message indicating so.

How did you verify/test it?
By taking a secured system with secured image installed on it and a path to non secure image we created privately,
we ran the test.

Supported testbed topology if it's a new test case?
Any topology is supported for the test.

Documentation
link to feature HLD: sonic-net/SONiC#1024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants