josh
23c689aa5b
Ships all five phases of the deep-profile overhaul together. Runs now carry a profile (quick/deep/soak); every profile walks the same 11-stage order — Inventory → Firmware → SpecValidate → SMART → CPUStress → Storage → Network → Burn → GPU → PSU → Reporting — with only per-stage durations and concurrency scaled. Phase 1: profiles.ProfileRegistry loaded from vetting.yaml; runs.profile column + CreateWithProfile; threshold table + evaluator seeded per-run from the shared vetting.thresholds block; breach flips result at /sensor + /result. Phase 2: upgraded CPUStress (stress-ng --cpu-method=all --verify + EDAC/MCE poll), Storage (fio --verify=md5 + SMART start/end delta), Network (sustained iperf + /proc/net/dev deltas) with per-profile knobs from Deps. Phase 3: Burn super-stage with goroutine fan-out for CPU + memory + fio + iperf, PSU rails sampled across the Burn window, SensorMux (2 s flush, 500-sample cap) to absorb backpressure. Phase 4: Firmware stage + firmware_snapshots table; probes dmidecode (BIOS), ipmitool (BMC), ethtool -i (NIC), nvme (sysfs + id-ctrl), lspci (HBA), /proc/cpuinfo (microcode). spec.DiffFirmware folds into SpecValidate with pin-by-identifier and fan-out-across-component matching; mismatches park the run in FailedHolding. Phase 5: profile radio on the host start form, profile chip on the run header, Firmware section in the HTML report, coverage artifact uploaded from CI, agent/tests/fakes/ scaffold with Deps.LookPath seam + stress_ng and dmidecode example fakes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
215 lines
7.3 KiB
Go
215 lines
7.3 KiB
Go
package spec
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"vetting/internal/model"
|
|
)
|
|
|
|
func TestDiffEmptySpec(t *testing.T) {
|
|
if d := Diff(&Spec{}, &Inventory{}); len(d) != 0 {
|
|
t.Fatalf("empty spec → empty diff, got %v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffCPUMismatch(t *testing.T) {
|
|
exp := &Spec{CPU: &CPUSpec{Model: "E5-2680 v4", LogicalCores: 28}}
|
|
act := &Inventory{CPU: CPUSpec{Model: "Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz", LogicalCores: 16}}
|
|
d := Diff(exp, act)
|
|
if len(d) != 1 || d[0].Field != "cpu.logical_cores" || d[0].Severity != "critical" {
|
|
t.Fatalf("expected logical_cores critical, got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffCPUModelSubstringMatch(t *testing.T) {
|
|
exp := &Spec{CPU: &CPUSpec{Model: "E5-2680 v4"}}
|
|
act := &Inventory{CPU: CPUSpec{Model: "Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz"}}
|
|
if d := Diff(exp, act); len(d) != 0 {
|
|
t.Fatalf("substring should match, got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffMemoryTolerance(t *testing.T) {
|
|
exp := &Spec{Memory: &MemorySpec{TotalGiB: 128}}
|
|
act := &Inventory{Memory: MemorySpec{TotalGiB: 127}}
|
|
if d := Diff(exp, act); len(d) != 0 {
|
|
t.Fatalf("1 GiB variance should be tolerated, got %+v", d)
|
|
}
|
|
act2 := &Inventory{Memory: MemorySpec{TotalGiB: 112}} // missing stick
|
|
d := Diff(exp, act2)
|
|
if len(d) != 1 || d[0].Field != "memory.total_gib" {
|
|
t.Fatalf("16 GiB drop should be critical, got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffDisksMissingAndUnexpected(t *testing.T) {
|
|
exp := &Spec{Disks: []DiskSpec{{Serial: "A", SizeGB: 1000}, {Serial: "B", SizeGB: 500}}}
|
|
act := &Inventory{Disks: []DiskSpec{{Serial: "A", SizeGB: 1000}, {Serial: "C", SizeGB: 32}}}
|
|
d := Diff(exp, act)
|
|
// Expect: disk B missing, disk C unexpected.
|
|
got := map[string]bool{}
|
|
for _, row := range d {
|
|
got[row.Field] = true
|
|
}
|
|
if !got["disks[B].present"] {
|
|
t.Fatalf("expected disks[B].present critical; got %+v", d)
|
|
}
|
|
if !got["disks[unexpected C]"] {
|
|
t.Fatalf("expected disks[unexpected C] critical; got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffDisksSerialCaseInsensitive(t *testing.T) {
|
|
exp := &Spec{Disks: []DiskSpec{{Serial: "wd-abc123", SizeGB: 1000}}}
|
|
act := &Inventory{Disks: []DiskSpec{{Serial: "WD-ABC123", SizeGB: 1000}}}
|
|
if d := Diff(exp, act); len(d) != 0 {
|
|
t.Fatalf("serial compare must be case-insensitive, got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffNICMAC(t *testing.T) {
|
|
exp := &Spec{NICs: []NICSpec{{MAC: "aa:bb:cc:dd:ee:ff", SpeedGbps: 10}}}
|
|
act := &Inventory{NICs: []NICSpec{{MAC: "aa:bb:cc:dd:ee:ff", SpeedGbps: 1}}}
|
|
d := Diff(exp, act)
|
|
if len(d) != 1 || d[0].Field != "nics[aa:bb:cc:dd:ee:ff].speed_gbps" {
|
|
t.Fatalf("expected speed mismatch, got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffGPUCount(t *testing.T) {
|
|
exp := &Spec{GPUs: []GPUSpec{{Model: "NVIDIA RTX 3090"}, {Model: "NVIDIA RTX 3090"}}}
|
|
act := &Inventory{GPUs: []GPUSpec{{Model: "nvidia rtx 3090"}}}
|
|
d := Diff(exp, act)
|
|
if len(d) != 1 || d[0].Field != "gpus[nvidia rtx 3090].count" {
|
|
t.Fatalf("expected GPU count critical, got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestParseValidYAML(t *testing.T) {
|
|
src := `
|
|
cpu:
|
|
model: "E5-2680 v4"
|
|
logical_cores: 28
|
|
memory:
|
|
total_gib: 128
|
|
disks:
|
|
- serial: A
|
|
size_gb: 1000
|
|
`
|
|
s, err := Parse(src)
|
|
if err != nil {
|
|
t.Fatalf("Parse: %v", err)
|
|
}
|
|
if s.CPU == nil || s.CPU.LogicalCores != 28 {
|
|
t.Fatalf("cpu not parsed: %+v", s)
|
|
}
|
|
if len(s.Disks) != 1 || s.Disks[0].Serial != "A" {
|
|
t.Fatalf("disks not parsed: %+v", s)
|
|
}
|
|
}
|
|
|
|
func TestDiffSeverityAlwaysCritical(t *testing.T) {
|
|
exp := &Spec{CPU: &CPUSpec{LogicalCores: 8}}
|
|
act := &Inventory{CPU: CPUSpec{LogicalCores: 4}}
|
|
d := Diff(exp, act)
|
|
var got []model.SpecDiff = d
|
|
for _, row := range got {
|
|
if row.Severity != "critical" {
|
|
t.Fatalf("phase-3 rule: every diff is critical; got %q for %s", row.Severity, row.Field)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestDiffFirmwareIdentifierMatch(t *testing.T) {
|
|
exp := []FirmwareSpec{{Component: "bios", Version: "3.2"}}
|
|
obs := []FirmwareObserved{{Component: "bios", Identifier: "system", Version: "3.2"}}
|
|
if d := DiffFirmware(exp, obs); len(d) != 0 {
|
|
t.Fatalf("matching bios version should produce no diff, got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffFirmwareVersionMismatch(t *testing.T) {
|
|
exp := []FirmwareSpec{{Component: "bios", Version: "3.3"}}
|
|
obs := []FirmwareObserved{{Component: "bios", Identifier: "system", Version: "3.2"}}
|
|
d := DiffFirmware(exp, obs)
|
|
if len(d) != 1 {
|
|
t.Fatalf("want 1 diff, got %d: %+v", len(d), d)
|
|
}
|
|
if d[0].Expected != "3.3" || d[0].Actual != "3.2" {
|
|
t.Fatalf("diff expected/actual = %q/%q, want 3.3/3.2", d[0].Expected, d[0].Actual)
|
|
}
|
|
if d[0].Severity != "critical" {
|
|
t.Errorf("severity = %q, want critical", d[0].Severity)
|
|
}
|
|
}
|
|
|
|
func TestDiffFirmwareMissingComponentPresent(t *testing.T) {
|
|
// Expected rule with no identifier + zero observed snapshots →
|
|
// single "present=false" diff, not N.
|
|
exp := []FirmwareSpec{{Component: "bmc", Version: "1.74"}}
|
|
d := DiffFirmware(exp, nil)
|
|
if len(d) != 1 {
|
|
t.Fatalf("want 1 diff for missing BMC, got %d: %+v", len(d), d)
|
|
}
|
|
if d[0].Field != "firmware[bmc].present" || d[0].Expected != "true" || d[0].Actual != "false" {
|
|
t.Fatalf("missing-BMC diff = %+v", d[0])
|
|
}
|
|
}
|
|
|
|
func TestDiffFirmwareWildcardFanOut(t *testing.T) {
|
|
// Expected rule with empty identifier fans across every observed
|
|
// snapshot of the component — one port matches, one doesn't → one diff.
|
|
exp := []FirmwareSpec{{Component: "nic", Version: "16.32.1010"}}
|
|
obs := []FirmwareObserved{
|
|
{Component: "nic", Identifier: "eth0", Version: "16.32.1010"},
|
|
{Component: "nic", Identifier: "eth1", Version: "14.28.0000"},
|
|
}
|
|
d := DiffFirmware(exp, obs)
|
|
if len(d) != 1 {
|
|
t.Fatalf("want 1 diff (mismatched eth1 only), got %d: %+v", len(d), d)
|
|
}
|
|
if d[0].Field != "firmware[nic/eth1].version" {
|
|
t.Errorf("field = %q, want firmware[nic/eth1].version", d[0].Field)
|
|
}
|
|
}
|
|
|
|
func TestDiffFirmwareIdentifierPin(t *testing.T) {
|
|
// Identifier set: pins the rule to a specific port. Other ports
|
|
// with mismatched firmware are not evaluated by this rule.
|
|
exp := []FirmwareSpec{{Component: "nic", Identifier: "eth0", Version: "1.0"}}
|
|
obs := []FirmwareObserved{
|
|
{Component: "nic", Identifier: "eth0", Version: "1.0"},
|
|
{Component: "nic", Identifier: "eth1", Version: "9.9"},
|
|
}
|
|
if d := DiffFirmware(exp, obs); len(d) != 0 {
|
|
t.Fatalf("pinned rule should ignore other ports, got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffFirmwareIdentifierPinMissing(t *testing.T) {
|
|
// Pinned rule with no matching observed snapshot → present=false diff.
|
|
exp := []FirmwareSpec{{Component: "nic", Identifier: "eth0", Version: "1.0"}}
|
|
if d := DiffFirmware(exp, nil); len(d) != 1 || d[0].Field != "firmware[nic/eth0].present" {
|
|
t.Fatalf("want present=false for pinned rule, got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffFirmwareEmptyRuleSkipped(t *testing.T) {
|
|
// Empty component or empty version silently skip rather than panic.
|
|
exp := []FirmwareSpec{{Component: "", Version: "x"}, {Component: "bios", Version: ""}}
|
|
obs := []FirmwareObserved{{Component: "bios", Identifier: "system", Version: "3.2"}}
|
|
if d := DiffFirmware(exp, obs); len(d) != 0 {
|
|
t.Fatalf("empty rules should skip, got %+v", d)
|
|
}
|
|
}
|
|
|
|
func TestDiffFirmwareCaseInsensitive(t *testing.T) {
|
|
// Version match is case-insensitive after trim; avoids spurious diff
|
|
// from ethtool's "FW1234" vs expected YAML's "fw1234".
|
|
exp := []FirmwareSpec{{Component: "nvme_fw", Identifier: "nvme0", Version: "fw1234"}}
|
|
obs := []FirmwareObserved{{Component: "nvme_fw", Identifier: "nvme0", Version: "FW1234"}}
|
|
if d := DiffFirmware(exp, obs); len(d) != 0 {
|
|
t.Fatalf("case-insensitive match expected, got %+v", d)
|
|
}
|
|
}
|