From 395d045cdf190df44c4727cd3a53ac4dc476fd5c Mon Sep 17 00:00:00 2001 From: cproudlock Date: Sat, 2 May 2026 17:58:26 -0400 Subject: [PATCH] test harness: extend matrix to all 9 PC types Adds rows for Standard-Timeclock, CMM, Keyence, Lab, WaxAndTrace, Genspect, Display, Shopfloor alongside the existing Standard-Machine. Per-type apps verified against the corresponding v2 manifest's detection methods (PC-DMIS 2016/2019R2/Protect Viewer/CLM/goCMM for CMM; VR-6000/USB driver for Keyence; kiosk shortcut for Display). Common app list deduped via "$ref": "common." pattern. Verifier resolves refs into the per-type apps array at runtime so each row stays short and PCTypes-filter-aware (Lab + Display + Shopfloor get fewer common apps because the manifest's PCTypes filter excludes them from FMS hosts pin / Oracle / OpenText respectively). verify-state.ps1 changes: - $ref resolution against the matrix.common namespace - Registry method now permits no DetectionName (key-existence only, e.g. Protect Viewer) - New PnpUtilGrep method for INF-driver checks (Keyence USB driver) Smoke-verified end-to-end on the win11 VM as SYSTEM via qga - 60 checks across 9 PC types. Type-specific failures (5 CMM, 2 Keyence, 1 Display) correctly surface "no payload staged" rather than masking it as pass. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../common/test/lib/verify-state.ps1 | 38 ++++- .../shopfloor-setup/common/test/matrix.json | 148 ++++++++++++++++-- 2 files changed, 170 insertions(+), 16 deletions(-) diff --git a/playbook/shopfloor-setup/common/test/lib/verify-state.ps1 b/playbook/shopfloor-setup/common/test/lib/verify-state.ps1 index b61c567..0f9f1f0 100644 --- a/playbook/shopfloor-setup/common/test/lib/verify-state.ps1 +++ b/playbook/shopfloor-setup/common/test/lib/verify-state.ps1 @@ -31,12 +31,41 @@ if (-not $entry) { exit 1 } +# Resolve `{ "$ref": "common." }` entries: matrix.json uses $ref to dedup +# common app lists (e.g. "common.all", "common.fmsResolver") so per-PC-type +# rows can compose without copy/paste. Walk the apps list, expand each ref +# inline, drop the ref placeholder. +$resolvedApps = @() +foreach ($a in $entry.apps) { + $refVal = $a.PSObject.Properties['$ref'] + if ($refVal) { + $parts = $refVal.Value -split '\.' + if ($parts.Count -eq 2 -and $parts[0] -eq 'common') { + $key = $parts[1] + $list = $matrix.common.$key + if ($list) { + foreach ($x in $list) { $resolvedApps += $x } + continue + } + Write-Host "[WARN] unresolved `$ref: $($refVal.Value)" + continue + } + Write-Host "[WARN] unsupported `$ref form: $($refVal.Value)" + continue + } + $resolvedApps += $a +} + function Test-AppState { param($app) $v = $app.verify switch ($v.method) { 'Registry' { if (-not (Test-Path -LiteralPath $v.path)) { return @{ pass=$false; detail="reg path missing: $($v.path)" } } + # No DetectionName/value -> key existence is enough (e.g. Protect Viewer entry) + if (-not $v.name) { + return @{ pass=$true; detail="reg key exists: $($v.path)" } + } $val = (Get-ItemProperty -LiteralPath $v.path -Name $v.name -ErrorAction SilentlyContinue).$($v.name) if ($null -eq $val) { return @{ pass=$false; detail="reg name $($v.name) not present" } } if ($v.value -and $val -ne $v.value) { @@ -70,12 +99,19 @@ function Test-AppState { if ($hit) { return @{ pass=$true; detail="pattern matched: $($v.pattern)" } } return @{ pass=$false; detail="pattern not found: $($v.pattern)" } } + 'PnpUtilGrep' { + $drivers = & pnputil /enum-drivers 2>&1 | Out-String + if ($drivers -match $v.pattern) { + return @{ pass=$true; detail="pnputil match: $($v.pattern)" } + } + return @{ pass=$false; detail="pnputil no match for: $($v.pattern)" } + } default { return @{ pass=$false; detail="unknown method: $($v.method)" } } } } $total = 0; $passed = 0; $failed = @() -foreach ($app in $entry.apps) { +foreach ($app in $resolvedApps) { $total++ $r = Test-AppState -app $app if ($r.pass) { diff --git a/playbook/shopfloor-setup/common/test/matrix.json b/playbook/shopfloor-setup/common/test/matrix.json index 1d151dd..0f16333 100644 --- a/playbook/shopfloor-setup/common/test/matrix.json +++ b/playbook/shopfloor-setup/common/test/matrix.json @@ -1,30 +1,148 @@ { - "_comment": "Test matrix for shopfloor harness. Each PC-type entry lists apps to verify + drift scenarios for Path B's tamper+heal phase. Verify methods mirror the v2 manifest's DetectionMethod so harness verification == GE-Enforce detection.", + "_comment": "Test matrix for shopfloor harness. Each PC-type entry lists apps to verify + drift scenarios for Path B's tamper+heal phase. Verify methods mirror the v2 manifest's DetectionMethod so harness == GE-Enforce detection. Apps requiring binary installers staged on share but not in repo: see paths in apps/ entries. Without staged payload, verify will FAIL for those - that surfaces 'payload missing' as actionable signal.", + + "common": { + "_comment": "Shared app list referenced by per-PC-type entries via 'includeCommon: '. Filter mimics the manifest's PCTypes gating so each PC-type test only verifies apps that SHOULD be installed for that type.", + "all": [ + { "name": "Adobe Acrobat Reader DC", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}", "name": "DisplayVersion", "value": "25.001.20531" } }, + { "name": "WJF Defect Tracker", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{CC1B4D32-1606-4A3F-8F24-31312F723D5C}", "name": "DisplayVersion", "value": "01.00.0102" } }, + { "name": "3OF9 barcode font", "verify": { "method": "File", "path": "C:\\Windows\\Fonts\\3OF9.ttf" } }, + { "name": "Edge IE-Mode site list", "verify": { "method": "Hash", "path": "C:\\ProgramData\\Edge\\enterprise-mode-site-list.xml", "value": "16F2A6E45EFA19ED7B1C54B264D6B33597678D3A5303255BC7CEB7E8510C60FC" } } + ], + "fmsResolver": [ + { "name": "FMS hosts pin", "verify": { "method": "FileGrep", "path": "C:\\Windows\\System32\\drivers\\etc\\hosts", "pattern": "10\\.233\\.112\\.158\\s+wjfms3\\.ae\\.ge\\.com" } } + ], + "oracle": [ + { "name": "Oracle Client 11.2", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\Oracle\\KEY_OraClient11g_home1", "name": "ORACLE_HOME_NAME", "value": "OraClient11g_home1" } } + ], + "openText": [ + { "name": "OpenText HostExplorer", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\GE\\OpenText", "name": "Installed", "value": "15.0.SP1.2" } } + ] + }, "pcTypes": [ { - "PCType": "Standard", - "PCSubType": "Machine", + "PCType": "Standard", "PCSubType": "Machine", "scopes": ["common", "standard-machine"], "apps": [ - { "name": "Adobe Acrobat Reader DC", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}", "name": "DisplayVersion", "value": "25.001.20531" } }, - { "name": "WJF Defect Tracker", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{CC1B4D32-1606-4A3F-8F24-31312F723D5C}", "name": "DisplayVersion", "value": "01.00.0102" } }, - { "name": "3OF9 barcode font", "verify": { "method": "File", "path": "C:\\Windows\\Fonts\\3OF9.ttf" } }, - { "name": "Edge IE-Mode site list", "verify": { "method": "Hash", "path": "C:\\ProgramData\\Edge\\enterprise-mode-site-list.xml", "value": "16F2A6E45EFA19ED7B1C54B264D6B33597678D3A5303255BC7CEB7E8510C60FC" } }, - { "name": "OpenText HostExplorer", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\GE\\OpenText", "name": "Installed", "value": "15.0.SP1.2" } }, - { "name": "FMS hosts pin", "verify": { "method": "FileGrep", "path": "C:\\Windows\\System32\\drivers\\etc\\hosts", "pattern": "10\\.233\\.112\\.158\\s+wjfms3\\.ae\\.ge\\.com" } }, + { "$ref": "common.all" }, + { "$ref": "common.fmsResolver" }, + { "$ref": "common.oracle" }, + { "$ref": "common.openText" }, { "name": "FMS Primary host", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\GE Aircraft Engines\\Dnc\\FMS", "name": "FMSHostPrimary", "value": "wjfms3.ae.ge.com" } }, { "name": "FMS Secondary host", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\GE Aircraft Engines\\Dnc\\FMS", "name": "FMSHostSecondary", "value": "10.233.112.158" } }, { "name": "eDNC bundles NTLARS", "verify": { "method": "FileVersion", "path": "C:\\Program Files (x86)\\Dnc\\bin\\DncMain.exe", "value": "6.4.5.0" } } ], "driftScenarios": [ - { "name": "OpenText marker reset", "tamper": { "method": "RegRemove", "path": "HKLM:\\SOFTWARE\\GE\\OpenText", "regName": "Installed" }, "expectedHeal": "OpenText HostExplorer" }, - { "name": "Hosts pin removed", "tamper": { "method": "FileGrepDelete", "path": "C:\\Windows\\System32\\drivers\\etc\\hosts", "pattern": "wjfms3\\.ae\\.ge\\.com" }, "expectedHeal": "FMS hosts pin" }, - { "name": "FMS Primary clobbered", "tamper": { "method": "RegSet", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\GE Aircraft Engines\\Dnc\\FMS", "regName": "FMSHostPrimary", "value": "WJFMS3" }, "expectedHeal": "FMS Primary host" }, - { "name": "FMS Secondary clobbered", "tamper": { "method": "RegSet", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\GE Aircraft Engines\\Dnc\\FMS", "regName": "FMSHostSecondary", "value": "WJFMS4" }, "expectedHeal": "FMS Secondary host" }, - { "name": "Edge IE site list overwrite", "tamper": { "method": "FileOverwrite", "path": "C:\\ProgramData\\Edge\\enterprise-mode-site-list.xml", "content": "" }, "expectedHeal": "Edge IE-Mode site list" }, - { "name": "3OF9 font deleted", "tamper": { "method": "FileDelete", "path": "C:\\Windows\\Fonts\\3OF9.ttf" }, "expectedHeal": "3OF9 barcode font" } + { "name": "OpenText marker reset", "tamper": { "method": "RegRemove", "path": "HKLM:\\SOFTWARE\\GE\\OpenText", "regName": "Installed" }, "expectedHeal": "OpenText HostExplorer" }, + { "name": "Hosts pin removed", "tamper": { "method": "FileGrepDelete", "path": "C:\\Windows\\System32\\drivers\\etc\\hosts", "pattern": "wjfms3\\.ae\\.ge\\.com" }, "expectedHeal": "FMS hosts pin" }, + { "name": "FMS Primary clobbered", "tamper": { "method": "RegSet", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\GE Aircraft Engines\\Dnc\\FMS", "regName": "FMSHostPrimary", "value": "WJFMS3" }, "expectedHeal": "FMS Primary host" }, + { "name": "FMS Secondary clobbered", "tamper": { "method": "RegSet", "path": "HKLM:\\SOFTWARE\\WOW6432Node\\GE Aircraft Engines\\Dnc\\FMS", "regName": "FMSHostSecondary", "value": "WJFMS4" }, "expectedHeal": "FMS Secondary host" }, + { "name": "Edge IE site list overwrite", "tamper": { "method": "FileOverwrite", "path": "C:\\ProgramData\\Edge\\enterprise-mode-site-list.xml", "content": "" }, "expectedHeal": "Edge IE-Mode site list" }, + { "name": "3OF9 font deleted", "tamper": { "method": "FileDelete", "path": "C:\\Windows\\Fonts\\3OF9.ttf" }, "expectedHeal": "3OF9 barcode font" } ] + }, + + { + "PCType": "Standard", "PCSubType": "Timeclock", + "scopes": ["common"], + "_comment": "Standard-Timeclock has NO standard-timeclock/manifest.json on the v2 share. Common-scope FMS hosts pin still applies (PCTypes filter includes Standard for either subtype). Standard-machine scope (FMS reg, eDNC, UDC, eMxInfo) is gated to subtype=Machine and is NOT enforced on Timeclock - those apps are correctly absent here.", + "apps": [ + { "$ref": "common.all" }, + { "$ref": "common.fmsResolver" }, + { "$ref": "common.oracle" }, + { "$ref": "common.openText" } + ], + "driftScenarios": [] + }, + + { + "PCType": "CMM", "PCSubType": "", + "scopes": ["common", "cmm"], + "apps": [ + { "$ref": "common.all" }, + { "$ref": "common.fmsResolver" }, + { "$ref": "common.oracle" }, + { "$ref": "common.openText" }, + { "name": "PC-DMIS 2016", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5389B196-81F0-44A9-A073-4C1D72041F09}", "name": "DisplayVersion", "value": "11.0.1179.0" } }, + { "name": "PC-DMIS 2019 R2", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{49DBE7F9-228A-4E66-8BB5-DB5A446DCAE7}", "name": "DisplayVersion", "value": "14.2.728.0" } }, + { "name": "Protect Viewer", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7DE6B8AF-F580-4CDE-845F-FBE46C1FCF69}" } }, + { "name": "CLM 1.8.73", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{a55fecde-0776-474e-a5b3-d57ea93d6a9f}", "name": "DisplayVersion", "value": "1.8.73.0" } }, + { "name": "goCMM", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{94f02b85-bbca-422e-9b8b-0c16a769eced}", "name": "DisplayVersion", "value": "1.1.6710.18601" } } + ], + "driftScenarios": [] + }, + + { + "PCType": "Keyence", "PCSubType": "", + "scopes": ["common", "keyence"], + "apps": [ + { "$ref": "common.all" }, + { "$ref": "common.fmsResolver" }, + { "$ref": "common.oracle" }, + { "$ref": "common.openText" }, + { "name": "VR-6000 Series Software", "verify": { "method": "Registry", "path": "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{058E7194-BDF8-4FA2-9D69-978BB0F25214}", "name": "DisplayVersion", "value": "4.3.7" } }, + { "name": "KEYENCE VR Series USB Driver", "verify": { "method": "PnpUtilGrep", "pattern": "keyence_vr_series\\.inf" } } + ], + "driftScenarios": [] + }, + + { + "PCType": "Lab", "PCSubType": "", + "scopes": ["common"], + "_comment": "lab/manifest.json on v2 share has empty Applications array - Lab gets only common apps. OpenText applies (PCTypes=*). FMS hosts pin and Oracle do NOT (Lab is excluded from those PCTypes filters).", + "apps": [ + { "$ref": "common.all" }, + { "$ref": "common.openText" } + ], + "driftScenarios": [] + }, + + { + "PCType": "WaxAndTrace", "PCSubType": "", + "scopes": ["common", "waxandtrace"], + "apps": [ + { "$ref": "common.all" }, + { "$ref": "common.fmsResolver" }, + { "$ref": "common.oracle" }, + { "$ref": "common.openText" } + ], + "driftScenarios": [] + }, + + { + "PCType": "Genspect", "PCSubType": "", + "scopes": ["common", "genspect"], + "apps": [ + { "$ref": "common.all" }, + { "$ref": "common.fmsResolver" }, + { "$ref": "common.oracle" }, + { "$ref": "common.openText" } + ], + "driftScenarios": [] + }, + + { + "PCType": "Display", "PCSubType": "", + "scopes": ["common", "display"], + "_comment": "Display gets Oracle (PCTypes filter includes it) but NOT FMS hosts pin. Display kiosk shortcut at the well-known Start Menu path is the marker for the kiosk setup CMD.", + "apps": [ + { "$ref": "common.all" }, + { "$ref": "common.oracle" }, + { "$ref": "common.openText" }, + { "name": "GE Aerospace Display kiosk setup", "verify": { "method": "File", "path": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\GE Aerospace\\GE Aerospace Dashboard.lnk" } } + ], + "driftScenarios": [] + }, + + { + "PCType": "Shopfloor", "PCSubType": "", + "scopes": ["common"], + "_comment": "Shopfloor is the bare baseline image (no per-type apps). Most common apps with PCTypes=* still install. FMS hosts pin and Oracle are gated by PCTypes filters that exclude Shopfloor. OpenText also gated (PCTypes excludes Shopfloor).", + "apps": [ + { "$ref": "common.all" } + ], + "driftScenarios": [] } ] }