AppVerifier adjustment (#478)

Adjustments to AppVerifier in CI based on feedback when implementing it for the aws-c-* repositories.

Author: TwistedTwigleg

.github/workflows/ci.yml

@@ -17,12 +17,6 @@ env:
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DATEST_SECRET_ACCESS_KEY }}
   AWS_DEFAULT_REGION: us-east-1
 
-  APP_VERIFIER_EXE: D:\a\work\aws-iot-device-sdk-cpp-v2\build\samples\pub_sub\cycle_pub_sub\RelWithDebInfo\cycle-pub-sub.exe
-  APP_VERIFIER_OUTPUT_XML: D:\a\work\aws-iot-device-sdk-cpp-v2\app_verifier_output.xml
-  APP_VERIFIER_OUTPUT_XML_HELPER: D:\a\work\aws-iot-device-sdk-cpp-v2\utils\appverifier_xml_util.py
-  # All of the tests that will be run by AppVerifier
-  APP_VERIFIER_TESTS: Exceptions Handles Heaps Leak Locks Memory SRWLock Threadpool TLS
-
 jobs:
   linux-compat:
     runs-on: ubuntu-latest
@@ -90,20 +84,6 @@ jobs:
           cd D:\a\work
           python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz', 'builder.pyz')"
           python builder.pyz build -p ${{ env.PACKAGE_NAME }}
-      - name: Run and check AppVerifier
-        run: |
-          echo "Enabling AppVerifier:"
-          appverif -enable ${{ env.APP_VERIFIER_TESTS }} -for ${{ env.APP_VERIFIER_EXE }}
-          echo "Starting AppVerifier utility sample run:"
-          python -m pip install termcolor
-          python -m pip install boto3
-          python ${{ env.APP_VERIFIER_OUTPUT_XML_HELPER }} --launch_sample true --sample_file ${{ env.APP_VERIFIER_EXE }}
-          echo "Exporting XML log:"
-          appverif -export log -for ${{ env.APP_VERIFIER_EXE }} -with to=${{ env.APP_VERIFIER_OUTPUT_XML }}
-          echo "Disabling AppVerifier:"
-          appverif -delete settings -for ${{ env.APP_VERIFIER_EXE }}
-          echo "Starting AppVerifier utility parsing XML:"
-          python ${{ env.APP_VERIFIER_OUTPUT_XML_HELPER }} --parse_xml true --xml_file ${{ env.APP_VERIFIER_OUTPUT_XML }}
 
   windows-vs14:
     runs-on: windows-2019 # windows-2019 is last env with Visual Studio 2015 (v14.0)
@@ -117,20 +97,6 @@ jobs:
           cd D:\a\work
           python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
           python builder.pyz build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-Tv140 --cmake-extra=-A${{ matrix.arch }}
-      - name: Run and check AppVerifier
-        run: |
-          echo "Enabling AppVerifier:"
-          appverif -enable ${{ env.APP_VERIFIER_TESTS }} -for ${{ env.APP_VERIFIER_EXE }}
-          echo "Starting AppVerifier utility sample run:"
-          python -m pip install termcolor
-          python -m pip install boto3
-          python ${{ env.APP_VERIFIER_OUTPUT_XML_HELPER }} --launch_sample true --sample_file ${{ env.APP_VERIFIER_EXE }}
-          echo "Exporting XML log:"
-          appverif -export log -for ${{ env.APP_VERIFIER_EXE }} -with to=${{ env.APP_VERIFIER_OUTPUT_XML }}
-          echo "Disabling AppVerifier:"
-          appverif -delete settings -for ${{ env.APP_VERIFIER_EXE }}
-          echo "Starting AppVerifier utility parsing XML:"
-          python ${{ env.APP_VERIFIER_OUTPUT_XML_HELPER }} --parse_xml true --xml_file ${{ env.APP_VERIFIER_OUTPUT_XML }}
 
   windows-no-cpu-extensions:
     runs-on: windows-latest
@@ -141,20 +107,22 @@ jobs:
           cd D:\a\work
           python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz', 'builder.pyz')"
           python builder.pyz build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DUSE_CPU_EXTENSIONS=OFF
-      - name: Run and check AppVerifier
-        run: |
-          echo "Enabling AppVerifier:"
-          appverif -enable ${{ env.APP_VERIFIER_TESTS }} -for ${{ env.APP_VERIFIER_EXE }}
-          echo "Starting AppVerifier utility sample run:"
-          python -m pip install termcolor
-          python -m pip install boto3
-          python ${{ env.APP_VERIFIER_OUTPUT_XML_HELPER }} --launch_sample true --sample_file ${{ env.APP_VERIFIER_EXE }}
-          echo "Exporting XML log:"
-          appverif -export log -for ${{ env.APP_VERIFIER_EXE }} -with to=${{ env.APP_VERIFIER_OUTPUT_XML }}
-          echo "Disabling AppVerifier:"
-          appverif -delete settings -for ${{ env.APP_VERIFIER_EXE }}
-          echo "Starting AppVerifier utility parsing XML:"
-          python ${{ env.APP_VERIFIER_OUTPUT_XML_HELPER }} --parse_xml true --xml_file ${{ env.APP_VERIFIER_OUTPUT_XML }}
+  
+  windows-app-verifier:
+    runs-on: windows-2022 # latest
+    steps:
+    - name: Build ${{ env.PACKAGE_NAME }} + consumers
+      run: |
+        md D:\a\work
+        cd D:\a\work
+        python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz', 'builder.pyz')"
+        python builder.pyz build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DUSE_CPU_EXTENSIONS=OFF
+    - name: Run and check AppVerifier
+      run: |
+        cd D:\a\work
+        echo "Starting to run AppVerifier with cycle pub-sub sample"
+        python -m pip install boto3
+        python .\aws-iot-device-sdk-cpp-v2\utils\appverifier_launch_sample.py --sample_file .\aws-iot-device-sdk-cpp-v2\build\samples\pub_sub\cycle_pub_sub\RelWithDebInfo\cycle-pub-sub.exe
 
   osx:
     runs-on: macos-latest

.github/workflows/license-check.yml

@@ -43,4 +43,5 @@ jobs:
         run: for filename in $(< fileList.txt); do ./scancode-toolkit/scancode -l -n 30 --json-pp - ./new-ref/$filename | grep short_name | sort | uniq >> new-licenses.txt; done
       # compare
       - name: License test
-        run: if ! cmp old-licenses.txt new-licenses.txt; then echo "Licenses differ! Failing."; exit -1; else echo "Licenses are the same. Success."; exit 0; fi
+        run: |
+          if ! cmp old-licenses.txt new-licenses.txt; then echo "Licenses differ! Failing."; exit -1; else echo "Licenses are the same. Success."; exit 0; fi

utils/appverifier_launch_sample.py

@@ -0,0 +1,149 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0.
+
+# Built-in
+import argparse
+import os
+import subprocess
+import pathlib
+import sys
+import tempfile
+import appverifier_xml
+# Needs to be installed via pip
+import boto3  # - for launching sample
+
+
+def launchSample(sample_file, sample_region, sample_secret_endpoint, sample_secret_certificate, sample_secret_private_key, sample_arguments):
+    print("Attempting to get credentials from secrets using Boto3...")
+    try:
+        secrets_client = boto3.client(
+            "secretsmanager", region_name=sample_region)
+        sample_endpoint = secrets_client.get_secret_value(
+            SecretId=sample_secret_endpoint)["SecretString"]
+        sample_certificate = secrets_client.get_secret_value(
+            SecretId=sample_secret_certificate)
+        sample_private_key = secrets_client.get_secret_value(
+            SecretId=sample_secret_private_key)
+    except Exception: # lgtm [py/catch-base-exception]
+        sys.exit("ERROR: Could not get secrets to launch sample!")
+
+    current_folder = pathlib.Path(__file__).resolve()
+    # Remove the name of the python file
+    current_folder = str(current_folder).replace("appverifier_xml_util.py", "")
+
+    print("Saving credentials to file...")
+    tmp_certificate_file_path = str(current_folder) + "tmp_certificate.pem"
+    tmp_private_key_path = str(current_folder) + "tmp_privatekey.pem.key"
+    with open(tmp_certificate_file_path, "w") as file:
+        file.write(sample_certificate["SecretString"]) # lgtm [py/clear-text-storage-sensitive-data]
+    with open(tmp_private_key_path, "w") as file:
+        file.write(sample_private_key["SecretString"]) # lgtm [py/clear-text-storage-sensitive-data]
+    print("Saved credentials to file...")
+
+    print("Processing arguments...")
+    launch_arguments = []
+    launch_arguments.append("--endpoint")
+    launch_arguments.append(sample_endpoint)
+    launch_arguments.append("--cert")
+    launch_arguments.append(tmp_certificate_file_path)
+    launch_arguments.append("--key")
+    launch_arguments.append(tmp_private_key_path)
+    sample_arguments_split = sample_arguments.split(" ")
+    for arg in sample_arguments_split:
+        launch_arguments.append(arg)
+
+    print("Running sample...")
+    exit_code = 0
+    sample_return = subprocess.run(
+        args=launch_arguments, executable=sample_file)
+    exit_code = sample_return.returncode
+
+    print("Deleting credentials files...")
+    os.remove(tmp_certificate_file_path)
+    os.remove(tmp_private_key_path)
+
+    if (exit_code == 0):
+        print("SUCCESS: Finished running sample! Exiting with success")
+    else:
+        print("ERROR: Sample did not return success! Exit code " + str(exit_code))
+    return exit_code
+
+
+def registerAppVerifier(test_executable, app_verifier_tests_list):
+    arguments = ["appverif", "-enable"] + app_verifier_tests_list + ["-for", test_executable]
+    print (f'Calling AppVerifier with: {subprocess.list2cmdline(arguments)}')
+    # NOTE: Needs elevated permissions.
+    subprocess.run(args=arguments)
+
+
+def unregisterAppVerifier(test_executable):
+    arguments = ["appverif", "-delete", "settings", "-for", test_executable]
+    print (f'Calling AppVerifier with: {subprocess.list2cmdline(arguments)}')
+    # NOTE: Needs elevated permissions.
+    subprocess.run(args=arguments)
+
+
+def checkAppVerifierXML(test_executable, tmp_xml_file_path):
+    appverif_xml_dump_args = ["appverif", "-export", "log", "-for", test_executable, "-with", "to="+ tmp_xml_file_path]
+    print (f'Calling AppVerifier with: {subprocess.list2cmdline(appverif_xml_dump_args)}')
+    # NOTE: Needs elevated permissions
+    subprocess.run(args=appverif_xml_dump_args)
+
+    xml_result = appverifier_xml.parseXML(tmp_xml_file_path, True)
+    if (xml_result != 0):
+        print (f"ERROR: XML parse returned failure!")
+    return xml_result
+
+
+def booleanString(string):
+    string = string.lower()
+    if string not in {"false", "true"}:
+        raise ValueError("Boolean is not true or false!")
+    return string == "true"
+
+
+def main():
+    argument_parser = argparse.ArgumentParser(
+        description="AppVerifier XML output util")
+    argument_parser.add_argument("--sample_file", metavar="<C:\\example\\sample.exe>",
+                                 required=True, default="", help="Sample to launch that AppVerifier is following")
+    argument_parser.add_argument("--sample_region", metavar="<Name of region>",
+                                 required=False, default="us-east-1", help="The name of the region to use for accessing secrets")
+    argument_parser.add_argument("--sample_secret_endpoint", metavar="<Name of endpoint secret>",
+                                 required=False, default="unit-test/endpoint", help="The name of the secret containing the endpoint")
+    argument_parser.add_argument("--sample_secret_certificate", metavar="<Name of certificate secret>", required=False,
+                                 default="unit-test/certificate", help="The name of the secret containing the certificate PEM file")
+    argument_parser.add_argument("--sample_secret_private_key", metavar="<Name of private key secret>", required=False,
+                                 default="unit-test/privatekey", help="The name of the secret containing the private key PEM file")
+    argument_parser.add_argument("--sample_arguments", metavar="<Arguments here in single string!>",
+                                 required=False, default="", help="Arguments to pass to sample")
+
+    parsed_commands = argument_parser.parse_args()
+
+    print ("Registering with AppVerifier")
+    app_verifier_tests = ["Exceptions", "Handles", "Heaps", "Leak", "Locks", "Memory", "SRWLock", "Threadpool", "TLS"]
+    registerAppVerifier(parsed_commands.sample_file, app_verifier_tests)
+
+    print("Starting to launch sample...")
+    sample_result = launchSample(
+        parsed_commands.sample_file,
+        parsed_commands.sample_region,
+        parsed_commands.sample_secret_endpoint,
+        parsed_commands.sample_secret_certificate,
+        parsed_commands.sample_secret_private_key,
+        parsed_commands.sample_arguments)
+
+    print ("Parsing XML...")
+    tmp_xml_file_path = os.path.join(tempfile.gettempdir(), "tmp.xml")
+    xml_result = checkAppVerifierXML(parsed_commands.sample_file, tmp_xml_file_path)
+
+    print ("Unregistering with AppVerifier")
+    unregisterAppVerifier(parsed_commands.sample_file)
+
+    if (xml_result != 0):
+        sys.exit(xml_result)
+    sys.exit(sample_result)
+
+
+if __name__ == "__main__":
+    main()