summary: Sanity test for ausearch expression API
description: |-
    Audit lib provides the following function in API for auparse:

      * int ausearch_add_expression(auparse_state_t *au,
                                    const char *expression,
                                    char **error,
                                    ausearch_rule_t how);

    This is a sanity test for this function. Currently only the supported
    fields are virtual ones and *uid and *gid.

    We are testing the following

     * logical operators !, && and ||;
     * comparison operators <, <=, ==, >, >=, !==, i=, i!=, r= and r!=;
     * virtual fields \timestamp, \timestamp_ex and \record_type;
     * actual fields: *uid and *gid.
contact: Ondrej Moris <omoris@redhat.com>
component:
  - audit
test: ./runtest.sh
recommend:
  - audit
  - audit-libs-devel
  - gcc
duration: 5m
enabled: true
tag:
  - CI-Tier-1
  - NoRHEL4
  - NoRHEL5
  - NoRHEL6
  - TIPpass
  - Tier1
  - Tier1security
tier: '1'
link:
  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1399314
adjust:
  - enabled: false
    when: distro == rhel-4, rhel-5, rhel-6, rhel-alt-7
    continue: false
  - enabled: false
    when: arch != x86_64
    continue: false
extra-nitrate: TC#0562620
extra-summary: /CoreOS/audit/Sanity/ausearch-expression
extra-task: /CoreOS/audit/Sanity/ausearch-expression