alegrey91 · alegrey91 · Sep 7, 2024 · Aug 29, 2024 · Aug 29, 2024 · Aug 29, 2024
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -64,37 +64,37 @@ jobs:
             -exec sudo \
             -cover \
             -v ./... \
-            -run TestFwdctl/apply \
+            -run TestFwdctl/apply$ \
             -args -test.gocoverdir=/tmp/integration/
           go test \
             -exec sudo \
             -cover \
             -v ./... \
-            -run TestFwdctl/create \
+            -run TestFwdctl/create$ \
             -args -test.gocoverdir=/tmp/integration/
           go test \
             -exec sudo \
             -cover \
             -v ./... \
-            -run TestFwdctl/delete \
+            -run TestFwdctl/delete$ \
             -args -test.gocoverdir=/tmp/integration/
           go test \
             -exec sudo \
             -cover \
             -v ./... \
-            -run TestFwdctl/list \
+            -run TestFwdctl/list$ \
             -args -test.gocoverdir=/tmp/integration/
           go test \
             -exec sudo \
             -cover \
             -v ./... \
-            -run TestFwdctl/daemon \
+            -run TestFwdctl/daemon$ \
             -args -test.gocoverdir=/tmp/integration/
           go test \
             -exec sudo \
             -cover \
             -v ./... \
-            -run TestFwdctl/version \
+            -run TestFwdctl/version$ \
             -args -test.gocoverdir=/tmp/integration/
 
       - name: Upload cover profiles
@@ -188,10 +188,70 @@ jobs:
           name: unit-test-syscalls
           path: unit-test-syscalls
 
+  trace-integration-test:
+
+    runs-on: ubuntu-latest
+    needs: [integration-test]
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # ratchet:actions/setup-go@v4
+        with:
+          go-version: '1.22'
+
+      - name: Install iptables
+        run: |
+          sudo apt update
+          sudo apt install -y iptables
+
+      - name: Build coverage-instrumented binary
+        run: |
+          make build && sudo make -B install
+
+      - name: Install harpoon
+        run: |
+          curl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | sudo sh
+
+      - name: Run integration test
+        run: |
+          mkdir -p integration-test-syscalls
+          go test \
+            -exec sudo \
+            -v ./... \
+            -run TestFwdctl/apply_trace
+          go test \
+            -exec sudo \
+            -v ./... \
+            -run TestFwdctl/create_trace
+          go test \
+            -exec sudo \
+            -v ./... \
+            -run TestFwdctl/delete_trace
+          go test \
+            -exec sudo \
+            -v ./... \
+            -run TestFwdctl/generate_trace
+          go test \
+            -exec sudo \
+            -v ./... \
+            -run TestFwdctl/list_trace
+          go test \
+            -exec sudo \
+            -v ./... \
+            -run TestFwdctl/version_trace
+        shell: bash
+
+      - name: Upload cover profiles
+        uses: actions/upload-artifact@v3
+        with:
+          name: integration-test-syscalls
+          path: integration-test-syscalls
+
   build-seccomp-profile:
 
     runs-on: ubuntu-latest
-    needs: [trace-unit-test]
+    needs: [trace-unit-test, trace-integration-test]
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
 
@@ -200,14 +260,15 @@ jobs:
           name: unit-test-syscalls
           path: unit-test-syscalls
 
-#      - uses: actions/download-artifact@v3
-#        with:
-#          name: integration-test
-#          path: ./integration-test
+      - uses: actions/download-artifact@v3
+        with:
+          name: integration-test-syscalls
+          path: ./integration-test-syscalls
 
       - name: list files
         run: |
           ls -lah ./unit-test-syscalls
+          ls -lah ./integration-test-syscalls
 
       - name: Set up Go
         uses: actions/setup-go@v4
@@ -222,6 +283,7 @@ jobs:
         run: |
           mkdir -p harpoon
           mv unit-test-syscalls/* harpoon/
+          mv integration-test-syscalls/* harpoon/
 
       - name: Build Seccomp Profile
         run: |

diff --git a/cmd/generate.go b/cmd/generate.go
@@ -16,6 +16,8 @@ limitations under the License.
 package cmd
 
 import (
+	"fmt"
+
 	"github.com/spf13/cobra"
 )
 
@@ -28,14 +30,12 @@ var generateCmd = &cobra.Command{
 	Short:   "generates templated files",
 	Long: `generates templated file for fwdtcl
 `,
-	Run: func(cmd *cobra.Command, args []string) {
-		_ = cmd.Help()
+	RunE: func(cmd *cobra.Command, args []string) error {
+		fmt.Println(cmd.Help())
+		return nil
 	},
 }
 
 func init() {
 	rootCmd.AddCommand(generateCmd)
-
-	generateCmd.PersistentFlags().StringVarP(&outputFile, "output-path", "O", "", "output path")
-	_ = generateCmd.MarkPersistentFlagRequired("output-path")
 }
diff --git a/cmd/generate_rules.go b/cmd/generate_rules.go
@@ -41,4 +41,7 @@ var generateRulesCmd = &cobra.Command{
 
 func init() {
 	generateCmd.AddCommand(generateRulesCmd)
+
+	generateRulesCmd.PersistentFlags().StringVarP(&outputFile, "output-path", "O", "", "output path")
+	_ = generateRulesCmd.MarkPersistentFlagRequired("output-path")
 }
diff --git a/cmd/generate_systemd.go b/cmd/generate_systemd.go
@@ -38,8 +38,8 @@ var generateSystemdCmd = &cobra.Command{
 		if err != nil {
 			return fmt.Errorf("cannot create systemd service: %v", err)
 		}
-		
-		if err = template.GenerateTemplate(systemd, outputFile);err != nil {
+
+		if err = template.GenerateTemplate(systemd, outputFile); err != nil {
 			return fmt.Errorf("generating templated file: %v", err)
 		}
 		return nil
@@ -52,4 +52,7 @@ func init() {
 	generateSystemdCmd.Flags().StringVarP(&installationPath, "installation-path", "p", "/usr/local/bin", "fwdctl installation path")
 	generateSystemdCmd.Flags().StringVarP(&c.RulesFile, "file", "f", "rules.yml", "rules file path")
 	generateSystemdCmd.Flags().StringVarP(&serviceType, "type", "t", "oneshot", "systemd service type [oneshot, fork]")
+
+	generateSystemdCmd.PersistentFlags().StringVarP(&outputFile, "output-path", "O", "", "output path")
+	_ = generateSystemdCmd.MarkPersistentFlagRequired("output-path")
 }
diff --git a/main_test.go b/main_test.go
@@ -1,15 +1,14 @@
 package main
 
 import (
-	"flag"
 	"testing"
 
 	"github.com/rogpeppe/go-internal/testscript"
 )
 
 func TestFwdctl(t *testing.T) {
-	flag.Parse()
 	testscript.Run(t, testscript.Params{
+		TestWork:            true,
 		Dir:                 "tests",
 		Cmds:                customCommands(),
 		RequireExplicitExec: true,

diff --git a/tests/README.md b/tests/README.md
@@ -0,0 +1,41 @@
+# Integration Tests
+
+This directory is dedicated to host integration tests written with [`testscript`](https://pkg.go.dev/github.com/rogpeppe/go-internal/testscript).
+
+## Converting from test to trace file
+
+As you can see, for each command we have a couple of files (eg. `apply.txtar`, `apply_trace.txtar`).
+
+The `<command>.txtar` file is used for testing purposes and is run at the beginning of the pipeline to ensure the binary is behave like we expect.
+
+The `<command>_trace.txtar`, on the other side, is used for tracing purposes. This means that we re-run the same commands of the previous file, tracing them with [`harpoon`](https://github.com/alegrey91/harpoon) under the hood.
+
+The file content are quite similar, there are just few differences to follow:
+
+* Each `exec` of the command under test (eg. `fwdctl apply`) have to be replaced with `exec_cmd`.
+
+  `exec_cmd` is a custom testscript function to trace the command using `harpoon`.
+
+* If the `exec` of the command under test had a negation (`!`), this should not be added in the command used with `exec_cmd`.
+
+  This because in this case we don't care about the result of `harpoon` that will execute the real command.
+
+Here's an example:
+
+```txt
+# command.txtar
+
+# normal execution of command
+exec command list -a
+# -x flag doesn't exists, so this should handle the error
+! exec command list -x
+```
+
+Should be converted into this:
+
+```txt
+# command_trace.txtar
+
+exec_cmd command list -a
+exec_cmd command list -x
+```