Drop environment check from test config.json samples and check environment via .repo file and installed packages in dom0 tests.

Check environment via .repo files instead of config.json in VM tests.

openqa

Author: rocodes

files/sdw-admin.py

@@ -506,7 +506,6 @@ def import_config():
                 "hostname": ji_addr + ".onion",
                 "key": ji_auth_token,
             },
-            "environment": "prod",
             "vmsizes": {"sd_app": sd_app_gb, "sd_log": sd_log_gb},
         }
         temp_file = "/tmp/config.json"

tests/conftest.py

@@ -44,9 +44,20 @@ def dom0_config():
 
 @pytest.fixture
 def env():
-    with open("config.json") as c:
-        config = json.load(c)
-        return config.get("environment")
+    """
+    Check build variant based on installed .repo filename.
+    Developers who are experimenting with additional disabled .repo files in
+    /etc/yum.repos.d/ should ensure no naming collisions with securedrop-workstation-keyring
+    files, per REPO_CONFIG above or per the securedrop-workstation-keyring rpm spec file.
+    """
+    # Order matters due to package versioning
+    for env_type in ["dev", "staging", "prod"]:
+        repo_filename = REPO_CONFIG[env_type]["repo_file_name"]
+        repo_path = Path(f"/etc/yum.repos.d/{repo_filename}")
+        if repo_path.exists:
+            return env_type
+
+    pytest.fail("Misconfigured environment, env could not be determined.")
 
 
 @pytest.fixture

tests/files/testconfig.json

@@ -4,7 +4,6 @@
       "hostname": "sdolvtfhatvsysc6l34d65ymdwxcujausv7k5jk4cy5ttzhjoi6fzvyd.onion",
       "key": "5U4JPYSZ34N2ZDSOUAL2YLEX2NPI5BLL2Y66QJW24KLSH7R3FEPQ"
     },
-    "environment": "prod",
     "vmsizes": {
        "sd_app": 10,
        "sd_log": 5

tests/files/testconfig.json.malformedfpr

@@ -4,7 +4,6 @@
     "hostname": "sdolvtfhatvsysc6l34d65ymdwxcujausv7k5jk4cy5ttzhjoi6fzvyd.onion",
     "key": "5U4JPYSZ34N2ZDSOUAL2YLEX2NPI5BLL2Y66QJW24KLSH7R3FEPQ"
   },
-  "environment": "prod",
   "vmsizes": {
      "sd_app": 10,
      "sd_log": 5

tests/files/testconfig.json.malformedonion

@@ -4,7 +4,6 @@
       "hostname": "sdolvtfhatvsysc6l34d65ymdwxcuj.onion",
       "key": "5U4JPYSZ34N2ZDSOUAL2YLEX2NPI5BLL2Y66QJW24KLSH7R3FEPQ"
     },
-    "environment": "prod",
     "vmsizes": {
        "sd_app": 10,
        "sd_log": 5

tests/test_dom0_and_templates_correct_key.py

@@ -129,6 +129,8 @@ def test_dom0_has_keyring_package(env):
         assert _is_installed("securedrop-workstation-keyring-dev")
     elif env == "staging":
         assert _is_installed("securedrop-workstation-keyring-staging")
+    else:
+        assert env == "prod"
 
 
 def test_rpm_repo_config(config):

tests/test_vms_exist.py

@@ -1,6 +1,7 @@
 import json
 import subprocess
 import unittest
+from pathlib import Path
 
 from qubesadmin import Qubes
 
@@ -16,8 +17,8 @@
     SD_VMS,
 )
 
-with open("config.json") as f:
-    CONFIG = json.load(f)
+DEV_REPO = Path("/etc/yum.repos.d/securedrop-workstation-dom0-dev.repo")
+STAGING_REPO = Path("/etc/yum.repos.d/securedrop-workstation-dom0-staging.repo")
 
 
 class SD_VM_Tests(unittest.TestCase):
@@ -40,7 +41,7 @@ def test_expected(self):
         for vm_name in SD_UNTAGGED_DEPRECATED_VMS:
             assert vm_name not in self.app.domains
 
-    @unittest.skipIf(CONFIG["environment"] != "prod", "Skipping on non-prod system")
+    @unittest.skipIf(STAGING_REPO.exists or DEV_REPO.exists, "Skipping on non-prod system")
     def test_internal(self):
         internal = ["sd-proxy", "sd-proxy-dvm", "sd-viewer"]
 

tests/test_vms_platform.py

@@ -1,8 +1,8 @@
-import json
 import os
 import re
 import subprocess
 import unittest
+from pathlib import Path
 
 import pytest
 from qubesadmin import Qubes
@@ -21,14 +21,22 @@
 
 IS_CI = os.environ.get("CI") == "true"
 
+DEV_REPO = Path("/etc/yum.repos.d/securedrop-workstation-dom0-dev.repo")
+STAGING_REPO = Path("/etc/yum.repos.d/securedrop-workstation-dom0-staging.repo")
+
 
 class SD_VM_Platform_Tests(unittest.TestCase):
     def setUp(self):
         self.app = Qubes()
-        with open("config.json") as c:
-            self.config = json.load(c)
-        if "environment" not in self.config:
-            self.config["environment"] = "dev"
+
+        # Order matters; if dev .repo file is installed,
+        # it wins, then staging, due to package versioning
+        if DEV_REPO.exists:
+            self.environment = "dev"
+        elif STAGING_REPO.exists:
+            self.environment = "staging"
+        else:
+            self.environment = "prod"
 
     def tearDown(self):
         pass
@@ -63,11 +71,11 @@ def _validate_apt_sources(self, vm):
         if vm.name in ["sd-whonix"]:
             return
 
-        if self.config["environment"] == "prod":
+        if self.environment == "prod":
             component = "main"
             url = "https://apt.freedom.press"
             filename = "/etc/apt/sources.list.d/apt_freedom_press.sources"
-        elif self.config["environment"] == "staging":
+        elif self.environment == "staging":
             component = "main"
             url = "https://apt-test.freedom.press"
             filename = "/etc/apt/sources.list.d/apt-test_freedom_press.sources"
@@ -200,13 +208,13 @@ def test_sd_vm_apt_sources(self):
             assert (
                 "Description: https://apt.freedom.press bookworm/main amd64 Packages\n" in contents
             )
-            if self.config["environment"] == "prod":
+            if self.environment == "prod":
                 # prod setups shouldn't have any apt-test sources
                 assert "apt-test.freedom.press" not in contents
             else:
                 # staging/dev
                 test_components = ["main"]
-                if self.config["environment"] == "dev":
+                if self.environment == "dev":
                     test_components.append("nightlies")
                 for component in test_components:
                     assert (