Merge #404587 from ~pieq/oem-qa-checkbox:wenshan-and-active-directory

3 files changed, 386 insertions, 0 deletions

diff --git a/units/wenshan/category.pxu b/units/wenshan/category.pxu
new file mode 100644
index 0000000..e4c0d64
--- /dev/null
+++ b/units/wenshan/category.pxu
@@ -0,0 +1,7 @@
+unit: category
+id: wenshan
+_name: Wenshan test cases
+
+unit: category
+id: active-directory
+_name: Active Directory related test cases
diff --git a/units/wenshan/jobs.pxu b/units/wenshan/jobs.pxu
new file mode 100644
index 0000000..add042e
--- /dev/null
+++ b/units/wenshan/jobs.pxu
@@ -0,0 +1,333 @@
+id: active-directory/fqdn-check
+category_id: active-directory
+plugin: shell
+_summary: Check Fully Qualified Domain Name
+estimated_duration: 1s
+environ: AD_DOMAIN
+command:
+ hostname -f | grep ${AD_DOMAIN}
+
+id: active-directory/ntp-config-check
+category_id: active-directory
+plugin: user-interact
+_summary: Check NTP Server Configuration
+estimated_duration: 3m
+environ: AD_SERVER
+_purpose:
+ Set the NTP server and make sure time is properly synchronized with the
+ Windows server.
+_steps:
+ 1. Edit the /etc/systemd/timesyncd.conf file to point to the NTP server, and
+ make sure the Root Distance value is high enough, e.g.:
+ [Time]
+ NTP=ad.wenshan.biz
+ RootDistanceMaxSec=15
+ 2. Restart the time sync service:
+ systemctl restart systemd-timesyncd.service
+ 3. Start this test.
+command:
+ timedatectl status
+ echo ""
+ timedatectl timesync-status
+ echo ""
+ if [ -z ${AD_SERVER} ]; then
+ echo "ERROR: Environment variable AD_SERVER not set."
+ exit 1
+ fi
+ if timedatectl timesync-status | grep -i -q ${AD_SERVER}; then
+ echo "Device synchronized with ${AD_SERVER} NTP server."
+ else
+ echo "ERROR: Device not synchronized with ${AD_SERVER} NTP server."
+ exit 1
+ fi
+
+id: active-directory/required-packages
+category_id: active-directory
+_summary: Check for packages required for Active Directory features
+estimated_duration: 1s
+flags: simple fail-on-resource
+imports: from com.canonical.certification import package
+requires:
+ package.name == 'adsys'
+ package.name == 'realmd'
+ package.name == 'sssd'
+command: echo "Packages required for Active Directory features found."
+
+id: active-directory/realm-list
+category_id: active-directory
+plugin: shell
+_summary: Check realm can be found
+estimated_duration: 1s
+environ: AD_DOMAIN
+depends: active-directory/required-packages
+command:
+ realm list --all
+ echo ""
+ if [ -z ${AD_DOMAIN} ]; then
+ echo "ERROR: Environment variable AD_DOMAIN not set."
+ exit 1
+ fi
+ if realm list --all | grep -i -q ${AD_DOMAIN}; then
+ echo "${AD_DOMAIN} realm found."
+ else
+ echo "ERROR: ${AD_DOMAIN} realm not found."
+ exit 1
+ fi
+
+id: active-directory/realm-join
+category_id: active-directory
+plugin: manual
+depends: active-directory/realm-list
+estimated_duration: 1m
+_summary: Join a realm
+_purpose:
+ Check that the device can join the Active Directory realm (e.g. ad.wenshan.biz).
+_steps:
+ 1. Enter the command to join the realm:
+ $ sudo realm join <AD_SERVER>
+ 2. Input the Active Directory Administrator password
+_verification:
+ Check that the device joined the realm:
+ $ realm list
+ This should return information about the Active Directory realm.
+
+id: active-directory/sssd-config-check
+category_id: active-directory
+plugin: shell
+_summary: Check SSSD configuration
+estimated_duration: 1s
+environ: AD_DOMAIN AD_SERVER
+depends: active-directory/realm-join
+user: root
+command:
+ if grep -i "ad_domain.*${AD_DOMAIN}" /etc/sssd/sssd.conf; then
+ echo "ad_domain properly configured."
+ else
+ echo "ERROR: ad_domain not configured correctly in /etc/sssd/sssd.conf."
+ exit 1
+ fi
+ if grep -i "ad_server.*${AD_SERVER}" /etc/sssd/sssd.conf; then
+ echo "ad_server properly configured."
+ else
+ echo "ERROR: ad_server not configured correctly in /etc/sssd/sssd.conf."
+ exit 1
+ fi
+
+id: active-directory/realm-config-check
+category_id: active-directory
+plugin: shell
+_summary: Check realm configuration
+estimated_duration: 1s
+environ: AD_DOMAIN
+depends: active-directory/sssd-config-check
+command:
+ realm list
+ echo ""
+ if realm list | grep -i -q "domain-name.*${AD_DOMAIN}"; then
+ echo "Realm domain-name found."
+ else
+ echo "ERROR: Realm domain-name not found."
+ exit 1
+ fi
+ if realm list | grep -i -q "login-formats.*${AD_DOMAIN}"; then
+ echo "Realm login-formats properly configured."
+ else
+ echo "ERROR: Realm login-formats not configured correctly."
+ exit 1
+ fi
+ if realm list | grep -i -q "configured: no"; then
+ echo "ERROR: Realm not configured."
+ exit 1
+ else
+ echo "Realm correctly configured."
+ fi
+
+id: active-directory/ad-user-check
+category_id: active-directory
+plugin: shell
+_summary: Check user from the Active Directory domain can be resolved
+estimated_duration: 1s
+environ: AD_DOMAIN AD_USER
+depends: active-directory/realm-config-check
+command:
+ if getent passwd ${AD_USER}@${AD_DOMAIN}; then
+ echo "User ${AD_USER} found."
+ else
+ echo "ERROR: User ${AD_USER} not found."
+ exit 1
+ fi
+
+id: active-directory/pam-mkhomedir-check
+category_id: active-directory
+plugin: shell
+_summary: Make sure home directories can be created automatically in the PAM configuration
+estimated_duration: 5s
+user: root
+command:
+ # TODO: Until LP #1894135 is fixed, we need to call this command.
+ pam-auth-update --enable mkhomedir
+ if grep "session.*optional.*pam_mkhomedir.so" /etc/pam.d/common-session; then
+ echo "Option correctly activated."
+ else
+ echo "ERROR: pam_mkhomedir.so is absent from /etc/pam.d/common-session."
+ exit 1
+ fi
+
+id: active-directory/ubiquity-activation
+category_id: active-directory
+plugin: manual
+estimated_duration: 30m
+_summary: Check that entering AD credentials at install time (ubiquity) works
+_purpose:
+ Login using Active Directory credentials at install time should work.
+_steps:
+ 1. Make sure you are connected on the same network as the Active Directory
+ server.
+ 2. During the installation, check "Use Active Directory".
+ 3. Use the credentials of your Active Directory test user (e.g. user1@wenshan.biz)
+_verification:
+ The installation completes and you can log in using your Active Directory
+ credentials.
+
+id: active-directory/login-terminal
+category_id: active-directory
+plugin: manual
+depends: active-directory/ad-user-check
+estimated_duration: 3m
+_summary: Check an Active Directory user can login (terminal)
+_purpose:
+ Login in a terminal using Active Directory credentials time should work.
+_steps:
+ 1. In a terminal, switch to super user, then enter the login command:
+ $ sudo -i
+ # login
+ 2. Enter the AD test user account (e.g. user1@wenshan.biz)
+ 3. Enter the password of your Active Directory test user (e.g. user1)
+_verification:
+ Check that a home directory is created for user user1@wenshan.biz and user
+ can type commands on the device (ls, date, etc.).
+
+id: active-directory/login-gui
+category_id: active-directory
+plugin: manual
+depends: active-directory/ad-user-check
+estimated_duration: 3m
+_summary: Check an Active Directory user can login (graphical user interface)
+_purpose:
+ Login using the GUI using Active Directory credentials time should work.
+_steps:
+ 1. Select “Log Out” or “Switch User…” from the Power Menu > "Power Off / Log Out" entry
+ 2. Select “Not listed?”
+ 3. Enter username (e.g. user1@wenshan.biz)
+ 4. Enter password and press Enter
+_verification:
+ User can log in and access Ubuntu.
+ .
+ When finished, switch back to local user to continue testing.
+
+id: active-directory/password-policy
+category_id: active-directory
+plugin: manual
+#depends: active-directory/login-terminal
+estimated_duration: 5m
+_summary: Check password policy from Active Directory server is enforced
+_purpose:
+ Login using the GUI using Active Directory credentials time should work.
+_steps:
+ A. On the Windows Server:
+ 1. Open "Group Policy Management"
+ 2. Right click on [AD Domain] > Group Policy Objects > Default Domain Policy
+ and select "Edit..." to open the Group Policy Management Editor
+ 3. In Computer Configuration > Policies > Windows Settings > Security Settings
+ > Account Policies > Password Policy, modify something (e.g. set "Minimum
+ password length" to a higher value)
+ 4. Open "Active Directory Users and Computers"
+ 5. Right click on an existing user (e.g. user1@wenshan.biz), select "Properties...",
+ and in "Account", check "User must change password at next login"
+ .
+ B. On the Ubuntu client (either graphically or in a terminal):
+ 1. Log in using the user credentials modified in Windows Server (e.g. user1@wenshan.biz)
+ 2. When prompted for a new password, try to type one that does not match the
+ requirements set in step A3
+ 3. Use a password that matches the requirements set in step A3
+_verification:
+ 1. You should be prompted to choose a new password
+ 2. You should see an error message such as:
+ "Password change failed. Server message: Please make sure the password meets the complexity constraints."
+ 3. You should be able to set the new password
+ .
+ When finished, switch back to local user to continue testing.
+
+id: active-directory/offline-connection
+category_id: active-directory
+plugin: manual
+estimated_duration: 3m
+depends: active-directory/login-gui
+_summary: Offline Connection (Credentials Caching)
+_purpose:
+ Check a user can log back in even when device does not have access to the
+ Active Directory server.
+_steps:
+ 1. Disconnect from the network where the AD server is located
+ 2. Select “Log Out” or “Switch User…” from the Power Menu > "Power Off / Log Out" entry
+ 3. Enter username (e.g. user1@wenshan.biz)
+ 4. Enter password and press Enter
+_verification:
+ User can log in and access Ubuntu.
+ .
+ When finished, switch back to local user and connect back to the network to
+ continue testing.
+
+id: active-directory/gpo-computer-setting
+category_id: active-directory
+plugin: manual
+estimated_duration: 6m
+_summary: Modify a computer setting (login screen background)
+_purpose:
+ Make sure setting or modifying a Computer Group Policy Object (GPO) in AD is
+ reflected in the Ubuntu client.
+_steps:
+ On the Windows Server:
+ 1. Open the GPO Management Editor for the GPO your test user is associated to
+ 2. Select GDM background picture setting in "Computer Configuration >
+ Policies > Administrative Templates > Ubuntu > Login Screen > Interface >
+ Picture URI"
+ 3. Select "Enabled" to enable the modification of the Picture URI field
+ 4. Enter a valid absolute path to a .png image on the client machine,
+ e.g. /usr/share/backgrounds/ubuntu-default-greyscale-wallpaper.png
+ .
+ On the Ubuntu client:
+ 1. Refresh the GPO rule on the client by rebooting the machine or running
+ adsysctl update -m
+ (You may be prompted to enter your password to check if have enough privileges
+ to run the command)
+_verification:
+ The new background is set and visible in the login screen (GDM).
+
+id: active-directory/gpo-user-setting
+category_id: active-directory
+plugin: manual
+estimated_duration: 6m
+_summary: Modify a user setting (list of favorite desktop apps)
+_purpose:
+ Make sure setting a User Group Policy Object (GPO) in AD is reflected in
+ Ubuntu client.
+_steps:
+ On the Windows Server:
+ 1. Open the GPO Management Editor for the GPO your test user is associated to
+ 2. Select list of favorite desktop applications setting in "User Configuration >
+ Policies > Administrative Templates > Ubuntu > Desktop > Shell >
+ List of desktop file IDs for favorite applications"
+ 3. Enter a list of valid .desktop file IDs, one per line, like the following:
+ libreoffice-writer.desktop
+ snap-store_ubuntu-software.desktop
+ yelp.desktop
+ .
+ On the Ubuntu client:
+ 1. Refresh the GPO rule applied to the user by logging in or running
+ `adsysctl update` as your current user or `adsysctl update --all` to refresh
+ the computer and all active users.
+_verification:
+ The list of applications showing up on the left side for your current Active
+ Directory user should be updated.
+
diff --git a/units/wenshan/test-plan.pxu b/units/wenshan/test-plan.pxu
new file mode 100644
index 0000000..6678f47
--- /dev/null
+++ b/units/wenshan/test-plan.pxu
@@ -0,0 +1,46 @@
+id: wenshan-full-focal
+_name: Wenshan 20.04 Full Test
+unit: test plan
+_description: Wenshan 20.04 Full Test Plan
+include:
+nested_part:
+ active-directory-full
+ oem-generic-full-20-04
+
+id: active-directory-full
+_name: Active Directory Test Plan (Automated + Manual)
+unit: test plan
+_description: Active Directory Test Plan (Automated + Manual)
+include:
+nested_part:
+ active-directory-automated
+ active-directory-manual
+
+id: active-directory-automated
+_name: Active Directory Test Plan (Automated)
+unit: test plan
+_description: Active Directory Test Plan (Automated)
+include:
+ active-directory/fqdn-check
+ active-directory/required-packages
+ active-directory/realm-list
+ active-directory/sssd-config-check
+ active-directory/realm-config-check
+ active-directory/ad-user-check
+ active-directory/pam-mkhomedir-check
+
+id: active-directory-manual
+_name: Active Directory Test Plan (Manual)
+unit: test plan
+_description: Active Directory Test Plan (Manual)
+include:
+ active-directory/ntp-config-check
+ active-directory/realm-join
+ active-directory/ubiquity-activation
+ active-directory/login-terminal
+ active-directory/login-gui
+ active-directory/password-policy
+ active-directory/offline-connection
+ active-directory/gpo-computer-setting
+ active-directory/gpo-user-setting
+