1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
summary: Verify that snap-refresh-observe grants read-access to relevant endpoints
details: |
The snap-refresh-observe interface grants read-access to refresh-app-awareness
client (e.g. snapd-desktop-integration) to a subset of snapd's API endpoints needed
to track snap refresh inhibitions.
Specifically:
- /v2/notices: to read change-update and refresh-inhibit notices
- /v2/changes{,/<id>}: to read refresh related changes
- /v2/snaps: to read snaps whose refresh is inhibited
environment:
# not all terminals support UTF-8, but Python tries to be smart and attempts
# to guess the encoding as if the output would go to the terminal, but in
# fact all the test does is pipe the output to (go)jq
PYTHONIOENCODING: utf-8
execute: |
"$TESTSTOOLS"/snaps-state install-local api-client
echo "The snap-refresh-observe plug on the api-client snap is initially disconnected"
snap connections api-client | MATCH "snap-refresh-observe +api-client:snap-refresh-observe +- +-"
echo "Connect the snap-refresh-observe plug"
snap connect api-client:snap-refresh-observe
echo "Check snap can access change-update and refresh-inhibit notices under /v2/notices"
api-client --socket /run/snapd-snap.socket "/v2/notices?types=change-update" | gojq '."status-code"' | MATCH '^200$'
api-client --socket /run/snapd-snap.socket "/v2/notices?types=refresh-inhibit" | gojq '."status-code"' | MATCH '^200$'
api-client --socket /run/snapd-snap.socket "/v2/notices" | gojq '."status-code"' | MATCH '^200$'
echo "But not other notice types"
api-client --socket /run/snapd-snap.socket "/v2/notices?types=change-update,warning" | gojq '."status-code"' | MATCH '^403$'
echo "Check snap can access changes /v2/changes"
api-client --socket /run/snapd-snap.socket "/v2/changes" | gojq '."status-code"' | MATCH '^200$'
echo "Check snap can access a single change /v2/changes/<ID>"
CHANGE_ID=$(snap changes | tr -s '\n' | awk 'END{ print $1 }')
api-client --socket /run/snapd-snap.socket "/v2/changes/$CHANGE_ID" | gojq '."status-code"' | MATCH '^200$'
# TODO: Check it can only access /v2/snaps?select=refresh-inhibited
echo "Check snap can access snaps /v2/snaps"
api-client --socket /run/snapd-snap.socket "/v2/snaps" | gojq '."status-code"' | MATCH '^200$'
echo "And also a specific snap /v2/snaps/<instance-name>"
api-client --socket /run/snapd-snap.socket "/v2/snaps/api-client" | gojq '."status-code"' | MATCH '^200$'
echo "Check that snap can access /v2/icons"
api-client --socket /run/snapd-snap.socket "/v2/icons/api-client/icon" | gojq '."status-code"' | MATCH '^404$'
echo "Without snap-refresh-observe the snap cannot access those API endpoints"
snap disconnect api-client:snap-refresh-observe
api-client --socket /run/snapd-snap.socket "/v2/notices?types=change-update" | gojq '."status-code"' | MATCH '^403$'
api-client --socket /run/snapd-snap.socket "/v2/changes" | gojq '."status-code"' | MATCH '^403$'
api-client --socket /run/snapd-snap.socket "/v2/changes/$CHANGE_ID" | gojq '."status-code"' | MATCH '^403$'
api-client --socket /run/snapd-snap.socket "/v2/snaps" | gojq '."status-code"' | MATCH '^403$'
api-client --socket /run/snapd-snap.socket "/v2/snaps/api-client" | gojq '."status-code"' | MATCH '^403$'
api-client --socket /run/snapd-snap.socket "/v2/icons/api-client/icon" | gojq '."status-code"' | MATCH '^403$'
|
