diff --git a/playbook/shopfloor-setup/common/test/SCOPE.md b/playbook/shopfloor-setup/common/test/SCOPE.md new file mode 100644 index 0000000..f0e4b02 --- /dev/null +++ b/playbook/shopfloor-setup/common/test/SCOPE.md @@ -0,0 +1,127 @@ +# Shopfloor test scope + +Two test paths against the win11 analyzer VM as a synthetic shopfloor PC. + +## Path A: Imaging-time install (one-shot) + +Simulates full PXE-deployed-and-first-booted PC. Verifies the imaging chain +(preinstall.json + Run-ShopfloorSetup.ps1 + per-PC-type stage scripts) lands +the expected end state for each PC type. + +**Per-round flow:** +1. Revert VM to `blank-slate` snapshot (clean Win11 baseline + qemu-ga + WinRM). +2. Stage `C:\PreInstall\` from `playbook/preinstall/` (preinstall.json + payloads). +3. Run preinstall runner with `PCType`/`PCSubType` arguments. +4. Stage `C:\Enrollment\shopfloor-setup\` from `playbook/shopfloor-setup/`. +5. Drop `C:\Enrollment\pc-type.txt` + `pc-subtype.txt` + `site-config.json`. +6. Run `Run-ShopfloorSetup.ps1`. +7. Verify expected install state per PC type (table below). +8. Capture verification report. + +## Path B: Manifest-engine ongoing enforcement + +Simulates a steady-state PC discovering drift. Verifies GE-Enforce idempotence, +drift heal, InUseCheck behavior. + +**Per-round flow:** +1. Start from a post-imaging state (either via Path A first, or revert to a + pre-installed snapshot we'll capture once). +2. Stage GE-Enforce.ps1 + Install-FromManifest.ps1 to `C:\Program Files\GE\Shopfloor\`. +3. Inject SFLD creds in HKLM pointing at the v2 share via samba. +4. Phase 1 (clean cycle): run GE-Enforce. Verify "all skipped" (no-op). +5. Phase 2 (drift): tamper specific entries (delete file, reset reg value, kill marker). +6. Phase 3 (heal): re-run GE-Enforce. Verify each tampered entry re-fires and end state matches. +7. Phase 4 (idempotent): re-run GE-Enforce. Verify back to "all skipped". + +## PC-type matrix + +| PCType | PCSubType | A applies | B applies | Manifest scopes (B) | +|--------|-----------|-----------|-----------|---------------------| +| Standard | Machine | yes | yes | common, standard, standard-machine | +| Standard | Timeclock | yes | yes | common, standard, standard-timeclock | +| CMM | - | yes | yes | common, cmm | +| Keyence | - | yes | yes | common, keyence | +| Lab | - | yes | yes | common, lab | +| WaxAndTrace | - | yes | yes | common, waxandtrace | +| Genspect | - | yes | yes | common, genspect | +| Display | - | yes | yes | common, display | +| Shopfloor | - | yes (baseline only) | yes | common only (PCTypes filter excludes most apps) | + +## Expected install state per PC type (post-A) + +Sourced from preinstall.json's PCTypes filter + per-PC-type Stage-Dispatcher +flow. Detection methods match what GE-Enforce uses for re-enforcement, so +verification logic is shared between A and B. + +### Common (all PC types) + +| App | Detection | Detection value | +|-----|-----------|-----------------| +| VC++ 2008 x86 | Reg | `HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{...}` | +| VC++ 2010 x86 / x64 | Reg | (vendor-version) | +| VC++ 2012 x86 (Min+Add) / x64 | Reg | | +| VC++ 2013 x86 (Min+Add) / x64 (Min+Add) | Reg | | +| VC++ 2022 x86 (Min+Add) | Reg | | +| Adobe Acrobat Reader DC | Reg | DisplayVersion = 25.001.20531 | +| WJF Defect Tracker | File | C:\Program Files (x86)\WJF_Defect_Tracker\Defect_Tracker.exe | + +### + Standard / Standard-Machine + +| App | Detection | +|-----|-----------| +| Oracle Client 11.2 | Reg ORACLE_HOME_NAME | +| OpenText HostExplorer | Reg HKLM\SOFTWARE\GE\OpenText\Installed = 15.0.SP1.2 | +| Shopfloor Serial Drivers | Driver pnputil enum | +| eDNC + NTLARS (bundled) | FileVersion DncMain.exe = 6.4.5.0 | +| eMxInfo.txt | Hash content match | +| UDC (Standard-Machine only) | Reg DisplayVersion = 1.0.34 | +| FMSHostPrimary reg | ValueMatches = wjfms3.ae.ge.com | +| FMSHostSecondary reg | ValueMatches = 10.233.112.158 | +| Hosts pin | grep file for `10.233.112.158\twjfms3.ae.ge.com` | + +### CMM/Keyence/Genspect/WaxAndTrace/Lab/Display + +(Each adds its own per-type apps - see playbook/shopfloor-setup// +stage scripts and v2 share `/manifest.json`.) + +## Drift scenarios for Path B (per app) + +| App | Drift action | Heal expected | +|-----|--------------|---------------| +| OpenText | `Remove-ItemProperty HKLM:\SOFTWARE\GE\OpenText -Name Installed` | Re-fires Setup-OpenText.cmd, marker re-written | +| eMxInfo.txt | Truncate/overwrite the txt file | Hash mismatch -> Install-eMxInfo.cmd re-runs | +| FMSHostPrimary | `reg add ... /d "WJFMS3" /f` | ValueMatches -> Type=Registry re-asserts wjfms3.ae.ge.com | +| FMSHostSecondary | `reg add ... /d "WJFMS4" /f` | ValueMatches -> re-asserts 10.233.112.158 | +| Hosts pin | Remove the FMS line from hosts | Always -> Set-FmsHostsEntry.ps1 re-adds | +| Edge IE-Mode site list | Overwrite XML with junk | Hash -> file re-copied from share | +| 3OF9 font reg | Delete reg value | ValueMatches -> Type=Registry re-asserts | +| eDNC | `msiexec /x` to uninstall | FileVersion miss -> MSI re-installs | +| InUseCheck (eDNC) | Spawn placeholder DncMain process before run | CloseAndReopen -> graceful close / kill / install / restart | + +## Out of scope (initial) + +- Display Kiosk App content matrix (per-site config). +- Display lobby vs dashboard variants. +- Per-bay machine-number-driven ACL setup (requires real bay number + AD context). +- Intune device QR / DSC handoff (Azure-side, can't simulate locally). + +## Deliverables + +``` +playbook/shopfloor-setup/common/test/ + SCOPE.md (this file) + README.md (operator how-to) + lib/ + vm-base.sh (host: revert, qga, share mount) + verify-state.ps1 (VM: detection per app, returns JSON report) + A-imaging/ + run.sh (host orchestrator, takes -PCType/-PCSubType) + stage-image.ps1 (VM: copy preinstall + shopfloor-setup, run them) + B-enforce/ + run.sh (host orchestrator, drives 4-phase cycle) + tamper.ps1 (VM: drift injection per app, JSON-driven) + matrix.json (PC-type list + expected apps + drift scenarios) +``` + +Each `run.sh` returns 0 on full pass, non-zero on any failure; emits per-app +pass/fail to stdout + a JSON report to stderr for CI.