def test_exclude_config(self):
variables = {
'test_run': False,
}
@audits.audit()
def test(options):
variables['test_run'] = True
audits.run({'excludes': ['test']})
self.assertFalse(variables['test_run'])
def main():
config = {
'config_path': '/etc/nova',
'config_file': 'nova.conf',
'audit_type': audits.AuditType.OpenStackSecurityGuide,
'files': openstack_security_guide.FILE_ASSERTIONS['nova-compute'],
}
return audits.action_parse_results(audits.run(config))
def main():
config = {
'config_path': '/etc/nova',
'config_file': 'nova.conf',
'audit_type': audits.AuditType.OpenStackSecurityGuide,
'files': openstack_security_guide.FILE_ASSERTIONS['nova-compute'],
}
return audits.action_parse_results(audits.run(config))
def test_wrapper_not_run(self):
variables = {
'guard_called': False,
'test_run': False,
}
def should_run(audit_options):
variables['guard_called'] = True
return False
@audits.audit(should_run)
def test(options):
variables['test_run'] = True
audits.run({})
self.assertTrue(variables['guard_called'])
self.assertFalse(variables['test_run'])
self.assertEqual(audits._audits['test'], audits.Audit(test, (should_run,)))
def main():
config = {
'audit_type': audits.AuditType.OpenStackSecurityGuide,
'files': openstack_security_guide.FILE_ASSERTIONS['ceph-osd'],
'excludes': [
'validate-uses-keystone',
'validate-uses-tls-for-glance',
'validate-uses-tls-for-keystone',
],
}
return audits.action_parse_results(audits.run(config))
def main():
config = {
'config_path': '/etc/cinder',
'config_file': 'cinder.conf',
'audit_type': audits.AuditType.OpenStackSecurityGuide,
'files': openstack_security_guide.FILE_ASSERTIONS['cinder'],
'excludes': [
'validate-uses-tls-for-glance',
],
}
config['cinder-conf'] = _config_file('/etc/cinder/cinder.conf')
return audits.action_parse_results(audits.run(config))
def main():
config = {
'config_path': '/etc/cinder',
'config_file': 'cinder.conf',
'audit_type': audits.AuditType.OpenStackSecurityGuide,
'files': openstack_security_guide.FILE_ASSERTIONS['cinder'],
'excludes': [
'validate-uses-tls-for-glance',
],
}
config['cinder-conf'] = _config_file('/etc/cinder/cinder.conf')
return audits.action_parse_results(audits.run(config))
def main():
config = {
'audit_type': audits.AuditType.OpenStackSecurityGuide,
'files': openstack_security_guide.FILE_ASSERTIONS['neutron-gateway'],
'excludes': [
'validate-uses-keystone',
'validate-uses-tls-for-glance',
'validate-uses-tls-for-keystone',
],
}
conf = configparser.ConfigParser()
conf.read("/etc/neutron/neutron.conf")
config['neutron_config'] = dict(conf)
return audits.action_parse_results(audits.run(config))
def main():
global LOCAL_SETTINGS
config = {
'audit_type': audits.AuditType.OpenStackSecurityGuide,
'files': openstack_security_guide.FILE_ASSERTIONS['ceph-mon'],
'excludes': [
'validate-uses-keystone',
'validate-uses-tls-for-glance',
'validate-uses-tls-for-keystone',
],
}
LOCAL_SETTINGS = json.loads(
subprocess.check_output([
'sudo', '-u', 'horizon',
'python3', 'actions/local_settings_to_json.py'],
stderr=sys.stderr)
)
return audits.action_parse_results(audits.run(config))
def main():
global LOCAL_SETTINGS
config = {
'audit_type':
audits.AuditType.OpenStackSecurityGuide,
'files':
openstack_security_guide.FILE_ASSERTIONS['ceph-mon'],
'excludes': [
'validate-uses-keystone',
'validate-uses-tls-for-glance',
'validate-uses-tls-for-keystone',
],
}
LOCAL_SETTINGS = json.loads(
subprocess.check_output([
'sudo', '-u', 'horizon', 'python3',
'actions/local_settings_to_json.py'
],
stderr=sys.stderr))
return audits.action_parse_results(audits.run(config))
