def test_not_supported_id(current_actor_context): current_actor_context.feed(create_osrelease(id='not_supported_id')) current_actor_context.run() assert current_actor_context.consume(Report) assert current_actor_context.consume( Report)[0].title == 'Unsupported OS id' assert 'inhibitor' in current_actor_context.consume(Report)[0].flags
def test_actor_ethX_and_not_ethX(current_actor_context): pci1 = PCIAddress(domain="0000", bus="3e", function="00", device="PCI bridge") pci2 = PCIAddress(domain="0000", bus="3d", function="00", device="Serial controller") interface = [ Interface(name="virbr0", mac="52:54:00:0b:4a:6d", vendor="redhat", driver="pcieport", pci_info=pci1, devpath="/devices/platform/usb/cdc-wdm0"), Interface(name="eth0", mac="52:54:00:0b:4a:6a", vendor="redhat", driver="serial", pci_info=pci2, devpath="/devices/hidraw/hidraw0") ] current_actor_context.feed(PersistentNetNamesFacts(interfaces=interface)) current_actor_context.run() assert current_actor_context.consume(Report) assert 'inhibitor' in current_actor_context.consume( Report)[0].report['flags']
def test_not_supported_minor_version(current_actor_context): current_actor_context.feed(create_osrelease(id='rhel', version_id='7.5')) current_actor_context.run() assert current_actor_context.consume(Report) assert current_actor_context.consume( Report)[0].title == 'Unsupported OS version' assert 'inhibitor' in current_actor_context.consume(Report)[0].flags
def test_repositoriesblacklist_disabled_optional(current_actor_context): repo_facts = get_repo_facts(['rhel-7-server-optional-rpms'], False) current_actor_context.feed(repo_facts) current_actor_context.run() assert current_actor_context.consume(RepositoriesBlacklisted) repoids = current_actor_context.consume(RepositoriesBlacklisted)[0].repoids assert 'codeready-builder-for-rhel-8-x86_64-rpms' in repoids
def test_wrong_symlink_inhibitor(current_actor_context, modified, expected_report): subdirs = { 'bin': 'usr/bin', 'boot': '', 'dev': '', 'etc': '', 'home': '', 'lib': 'usr/lib', 'lib64': 'usr/lib64', 'media': '', 'mnt': '', 'opt': '', 'proc': '', 'root': '', 'run': '', 'sbin': 'usr/sbin', 'srv': '', 'sys': '', 'tmp': '', 'usr': '', 'var': '' } subdirs.update(modified) items = [ RootSubdirectory(name=name, target=target) for name, target in subdirs.items() ] current_actor_context.feed(RootDirectory(items=items)) current_actor_context.run() if expected_report: assert current_actor_context.consume(Report) else: assert not current_actor_context.consume(Report)
def test_actor_selinux_disabled(current_actor_context): disabled = create_selinuxfacts(enabled=False, static_mode='disabled') current_actor_context.feed(disabled) current_actor_context.run() assert not current_actor_context.consume(SelinuxRelabelDecision) assert not current_actor_context.consume(SelinuxPermissiveDecision)
def test_actor_set_permissive(current_actor_context): relabel = create_selinuxfacts(static_mode='enforcing', enabled=True) current_actor_context.feed(relabel) current_actor_context.run() assert current_actor_context.consume(Report) assert current_actor_context.consume(SelinuxPermissiveDecision)[0].set_permissive
def test_SELinuxContentScanner(current_actor_context, destructive_selinux_env): expected_data = { 'policy': 'targeted', 'mls_enabled': True, 'enabled': True, 'runtime_mode': 'enforcing', 'static_mode': 'enforcing' } current_actor_context.feed(SELinuxFacts(**expected_data)) current_actor_context.run() modules = current_actor_context.consume(SELinuxModules)[0] api.current_logger().warning("Modules: %s", str(modules)) assert modules # check that all modules installed during test setup where reported for priority, name in TEST_MODULES: if priority not in ('100', '200'): assert find_module(modules, name, priority) rpms = current_actor_context.consume(SELinuxRequestRPMs)[0] assert rpms # modules with priority 200 should only originate in "<module_name>-selinux" rpms assert "mock1-selinux" in rpms.to_keep # mock1 contains container related type assert "container-selinux" in rpms.to_install custom = current_actor_context.consume(SELinuxCustom)[0] assert custom # the second command contains removed type and should be discarded assert find_semanage_rule(custom.removed, SEMANAGE_COMMANDS[1]) # the rest of the commands should be reported (except for the last which will show up in modules) assert find_semanage_rule(custom.commands, SEMANAGE_COMMANDS[0]) assert find_semanage_rule(custom.commands, SEMANAGE_COMMANDS[2])
def test_SELinuxContentScanner(current_actor_context, destructive_selinux_env): expected_data = { 'policy': 'targeted', 'mls_enabled': True, 'enabled': True, 'runtime_mode': 'enforcing', 'static_mode': 'enforcing' } current_actor_context.feed(SELinuxFacts(**expected_data)) current_actor_context.run(config_model=mock_configs.CONFIG) modules = current_actor_context.consume(SELinuxModules)[0] assert modules # check that all modules installed during test setup where reported for priority, name in TEST_MODULES: if priority not in ('100', '200'): assert find_module(modules, name, priority) # check that udica template was reported assert find_template(modules, TEST_MODULES[-1][1], TEST_MODULES[-1][0]) rpms = current_actor_context.consume(SELinuxRequestRPMs)[0] assert rpms # mock1 contains container related type assert "container-selinux" in rpms.to_install custom = current_actor_context.consume(SELinuxCustom)[0] assert custom # The second command contains removed type and should be discarded (in either upgrade path) assert find_semanage_rule(custom.removed, SEMANAGE_COMMANDS[1]) # the rest of the commands should be reported (except for the last which will show up in modules) assert find_semanage_rule(custom.commands, SEMANAGE_COMMANDS[0]) assert find_semanage_rule(custom.commands, SEMANAGE_COMMANDS[2])
def test_actor_execution(current_actor_context): current_actor_context.run() if platform.machine() == 'x86_64': assert not current_actor_context.consume(Report) else: assert current_actor_context.consume(Report) assert 'inhibitor' in current_actor_context.consume(Report)[0].flags
def test_actor_execution_with_signed_unsigned_data(current_actor_context): installed_rpm = [ RPM(name='sample01', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51'), RPM(name='sample02', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='SOME_OTHER_SIG_X'), RPM(name='sample03', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 5326810137017186'), RPM(name='sample04', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='SOME_OTHER_SIG_X'), RPM(name='sample05', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 938a80caf21541eb'), RPM(name='sample06', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='SOME_OTHER_SIG_X'), RPM(name='sample07', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID fd372689897da07a'), RPM(name='sample08', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='SOME_OTHER_SIG_X'), RPM(name='sample09', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 45689c882fa658e0')] current_actor_context.feed(InstalledRPM(items=installed_rpm)) current_actor_context.run() assert current_actor_context.consume(InstalledRedHatSignedRPM) assert len(current_actor_context.consume(InstalledRedHatSignedRPM)[0].items) == 5 assert current_actor_context.consume(InstalledUnsignedRPM) assert len(current_actor_context.consume(InstalledUnsignedRPM)[0].items) == 4
def test_execution(current_actor_context): current_actor_context.run() assert current_actor_context.consume(RpmTransactionTasks) assert current_actor_context.consume(RpmTransactionTasks)[0].local_rpms assert not current_actor_context.consume(RpmTransactionTasks)[0].to_install assert not current_actor_context.consume(RpmTransactionTasks)[0].to_remove assert not current_actor_context.consume(RpmTransactionTasks)[0].to_keep
def test_gpg_pubkey_pkg(current_actor_context): installed_rpm = [ RPM(name='gpg-pubkey', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig= 'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID aa17105e03152d37' ), RPM(name='gpg-pubkey', version='0.1', release='1.sm01', epoch='1', packager='Tester', arch='noarch', pgpsig= 'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 9ea903b1361e896b' ), ] current_actor_context.feed(InstalledRPM(items=installed_rpm)) current_actor_context.run() assert current_actor_context.consume(InstalledRedHatSignedRPM) assert len( current_actor_context.consume(InstalledRedHatSignedRPM)[0].items) == 1 assert current_actor_context.consume(InstalledUnsignedRPM) assert len( current_actor_context.consume(InstalledUnsignedRPM)[0].items) == 1
def test_protocol(current_actor_context, protocol): current_actor_context.feed( OpenSshConfig(permit_root_login=[osprl], protocol=protocol)) current_actor_context.run() if protocol: assert current_actor_context.consume(Report) else: assert not current_actor_context.consume(Report)
def test_check_fips(current_actor_context, parameters, expected_report): cmdline = KernelCmdline(parameters=ballast1 + parameters + ballast2) current_actor_context.feed(cmdline) current_actor_context.run() if expected_report: assert current_actor_context.consume(Report) else: assert not current_actor_context.consume(Report)
def test_ciphers(current_actor_context, ciphers, expected_report): current_actor_context.feed( OpenSshConfig(permit_root_login=[osprl], ciphers=ciphers)) current_actor_context.run() if expected_report: assert current_actor_context.consume(Report) else: assert not current_actor_context.consume(Report)
def test_process_devel_kernels(current_actor_context, n): current_actor_context.feed( InstalledRedHatSignedRPM(items=ballast1 + devel_kernels[:n] + ballast2)) current_actor_context.run() if n < 2: assert not current_actor_context.consume(Report) else: assert current_actor_context.consume(Report)
def test_actor_schedule_relabelling(current_actor_context): facts = [create_selinuxfacts(static_mode='permissive', enabled=True), create_selinuxfacts(static_mode='enforcing', enabled=True)] for fact in facts: current_actor_context.feed(fact) current_actor_context.run() assert current_actor_context.consume(Report) assert current_actor_context.consume(SelinuxRelabelDecision)[0].set_relabel
def test_actor_schedule_relabelling(current_actor_context): options = [create_selinux(static_mode='permissive', enabled=True), create_selinux(static_mode='enforcing', enabled=True)] for option in options: current_actor_context.feed(create_sysfacts(selinux=option)) current_actor_context.run() assert current_actor_context.consume(CheckResult) assert current_actor_context.consume(SelinuxRelabelDecision)[0].set_relabel
def test_repositoriesblacklist_no_optional_multiple_repo_files( current_actor_context): repo_facts = get_repo_facts(['rhel-7-server-rpms', 'rhel-7-extras-rpms'], True, True) current_actor_context.feed(repo_facts) current_actor_context.run() assert current_actor_context.consume(RepositoriesBlacklisted) repoids = current_actor_context.consume(RepositoriesBlacklisted)[0].repoids assert 'codeready-builder-for-rhel-8-x86_64-rpms' in repoids
def test_check_rhui_actor(monkeypatch, current_actor_context, skip_rhsm, msgs_received, installed_rpms): monkeypatch.setattr(rhsm, 'skip_rhsm', lambda: skip_rhsm) current_actor_context.feed( create_modulesfacts(installed_rpm=installed_rpms)) current_actor_context.run(config_model=mock_configs.CONFIG) assert bool(current_actor_context.consume(Report)) is msgs_received.report assert bool( current_actor_context.consume(RHUIInfo)) is msgs_received.rhui_info assert bool(current_actor_context.consume( RequiredTargetUserspacePackages)) is msgs_received.req_target_userspace
def test_drivers(devices, expected, current_actor_context): """ Tests CheckKernelDrivers actor by feeding it mocked PCI devices with their respective drivers, if they have one. Actor should produce a report iff any mocked devices from devices_removed are fed to the actor, since their drivers are removed in RHEL8 (as per 'files/removed_drivers.txt'). """ current_actor_context.feed(PCIDevices(devices=devices)) current_actor_context.run() if expected: assert not current_actor_context.consume(Report) else: assert current_actor_context.consume(Report)
def test_separation(current_actor_context, values, expected_report): for value in values: if value: current_actor_context.feed( OpenSshConfig(permit_root_login=[osprl], use_privilege_separation=value)) else: current_actor_context.feed( OpenSshConfig(permit_root_login=[osprl])) current_actor_context.run() if expected_report: assert current_actor_context.consume(Report) else: assert not current_actor_context.consume(Report)
def test_actor_with_luks(current_actor_context): with_luks = [ LsblkEntry(name='luks-132', maj_min='253:0', rm='0', size='10G', ro='0', tp='crypt', mountpoint='') ] current_actor_context.feed(StorageInfo(lsblk=with_luks)) current_actor_context.run() assert current_actor_context.consume(Report) assert 'inhibitor' in current_actor_context.consume(Report)[0].flags
def test_actor_without_acpid_package(current_actor_context): without_acpid = [ RPM(name='powertop', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig= 'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51' ), RPM(name='sed', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig= 'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51' ) ] current_actor_context.feed( create_modulesfacts(installed_rpm=without_acpid)) current_actor_context.run() assert not current_actor_context.consume(Report)
def test_actor_execution_with_unsigned_data(current_actor_context): installed_rpm = [ RPM(name='sample02', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='SOME_OTHER_SIG_X'), RPM(name='sample04', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='SOME_OTHER_SIG_X'), RPM(name='sample06', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='SOME_OTHER_SIG_X'), RPM(name='sample08', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='SOME_OTHER_SIG_X') ] current_actor_context.feed(InstalledUnsignedRPM(items=installed_rpm)) current_actor_context.run() assert current_actor_context.consume(CheckResult)
def test_actor_execution_with_sample_data(current_actor_context): installed_rpm = [ RPM(name='sample01', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='SOME_PGP_SIG'), RPM(name='sample02', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig='SOME_PGP_SIG') ] current_actor_context.feed(InstalledRedHatSignedRPM(items=installed_rpm)) current_actor_context.feed( RpmTransactionTasks(to_remove=[rpm.name for rpm in installed_rpm], to_keep=[installed_rpm[0].name])) current_actor_context.run() result = current_actor_context.consume(FilteredRpmTransactionTasks) assert len(result) == 1 assert result[0].to_keep == [installed_rpm[0].name] assert result[0].to_remove == [installed_rpm[1].name]
def test_actor_with_grep_package(current_actor_context): rpms = [ RPM(name='wireshark', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig= 'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51' ), RPM(name='powertop', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch', pgpsig= 'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51' ) ] current_actor_context.feed(InstalledRedHatSignedRPM(items=rpms)) current_actor_context.run() assert current_actor_context.consume(Report)
def test_KDE_present(current_actor_context): current_actor_context.feed(InstalledRPM(items=[ KDE_RPM, ])) current_actor_context.run() message = current_actor_context.consume(InstalledDesktopsFacts)[0] assert message.kde_installed
def test_run(monkeypatch, current_actor_context, count): monkeypatch.setattr(persistentnetnames, 'interfaces', interfaces_mocked(count)) current_actor_context.run() assert len( current_actor_context.consume(PersistentNetNamesFactsInitramfs) [0].interfaces) == count