def testSuccess(self):
user = test_utils.CreateUser()
expected_host_id = test_utils.CreateBit9Host(users=[user.nickname]).key.id()
test_utils.CreateBit9Host(users=['someone_else'])
test_utils.CreateSantaHost(primary_user=user.nickname)
actual_host_ids = model_utils.GetBit9HostIdsForUser(user)
self.assertListEqual([expected_host_id], actual_host_ids)
def testGetSelf(self):
user = test_utils.CreateUser()
host_id_1 = test_utils.CreateBit9Host(users=[user.nickname]).key.id()
host_id_2 = test_utils.CreateBit9Host(users=[user.nickname]).key.id()
with self.LoggedInUser(user=user):
response = self.testapp.get(self.SELF_ROUTE)
output = response.json
expected_host_ids = [host_id_1, host_id_2]
actual_host_ids = [host['id'] for host in output]
self.assertListEqual(sorted(expected_host_ids), sorted(actual_host_ids))
def testGetSelf_Sorted(self):
"""Hosts are sorted by their rule_sync_dts."""
early, middle, recent, recenter = common_test_utils.GetSequentialTimes(4)
user = test_utils.CreateUser()
santa_host_1 = test_utils.CreateSantaHost(
primary_user=user.nickname, rule_sync_dt=early)
santa_host_2 = test_utils.CreateSantaHost(
primary_user=user.nickname, rule_sync_dt=middle)
test_utils.CreateSantaHost(rule_sync_dt=recent)
bit9_host_1 = test_utils.CreateBit9Host(
users=[user.nickname], last_event_dt=recenter)
self.assertTrue(model_utils.IsHostAssociatedWithUser(santa_host_1, user))
self.assertTrue(model_utils.IsHostAssociatedWithUser(santa_host_2, user))
self.assertTrue(model_utils.IsHostAssociatedWithUser(bit9_host_1, user))
with self.LoggedInUser(user=user):
response = self.testapp.get(self.SELF_ROUTE)
output = response.json
self.assertIn('application/json', response.headers['Content-type'])
self.assertLen(output, 3)
expected_host_ids = [
bit9_host_1.key.id(), santa_host_2.key.id(), santa_host_1.key.id()]
actual_host_ids = [entry['id'] for entry in output]
self.assertListEqual(sorted(expected_host_ids), sorted(actual_host_ids))
def testRenew_Failure(self):
host_id = test_utils.CreateBit9Host().key.id()
test_utils.CreateExemption(host_id, initial_state=_STATE.ESCALATED)
with self.assertRaises(api.InvalidRenewalError):
api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY)
self.mock_send.assert_not_called()
def testNotSantaClient(self):
user = test_utils.CreateUser()
host = test_utils.CreateBit9Host(users=[user.nickname])
with self.LoggedInUser(user=user):
url = self.ROUTE % (host.key.id(), 'true')
self.testapp.put(url, status=httplib.FORBIDDEN)
def testBlockableKey_NotABlockableKey(self):
host = test_utils.CreateBit9Host()
change = rule_models.RuleChangeSet(
rule_keys=[],
change_type=constants.RULE_POLICY.WHITELIST,
parent=host.key)
with self.assertRaises(ValueError):
change.put()
def testSuccess(self):
binary_count = 10
# Create a user and some corresponding Bit9Hosts.
user = test_utils.CreateUser()
host_1 = test_utils.CreateBit9Host(id='1111', users=[user.nickname])
host_2 = test_utils.CreateBit9Host(id='2222', users=[user.nickname])
host_3 = test_utils.CreateBit9Host(id='3333', users=[user.nickname])
# Create some Bit9Binaries, each with a Bit9Rule for host_1 and host_2.
binaries = test_utils.CreateBit9Binaries(binary_count)
for binary in binaries:
test_utils.CreateBit9Rule(
binary.key, host_id=host_1.key.id(), user_key=user.key,
in_effect=True)
test_utils.CreateBit9Rule(
binary.key, host_id=host_2.key.id(), user_key=user.key,
in_effect=True)
# Verify all the rule counts.
self.assertEntityCount(bit9_models.Bit9Rule, binary_count * 2)
host_1_rules = bit9_models.Bit9Rule.query(
bit9_models.Bit9Rule.host_id == host_1.key.id()).fetch()
self.assertEqual(binary_count, len(host_1_rules))
host_2_rules = bit9_models.Bit9Rule.query(
bit9_models.Bit9Rule.host_id == host_2.key.id()).fetch()
self.assertEqual(binary_count, len(host_2_rules))
host_3_rules = bit9_models.Bit9Rule.query(
bit9_models.Bit9Rule.host_id == host_3.key.id()).fetch()
self.assertEqual(0, len(host_3_rules))
sync._CopyLocalRules(user.key, host_3.key.id()).get_result()
# Verify all the rule counts again.
self.assertEntityCount(bit9_models.Bit9Rule, binary_count * 3)
host_1_rules = bit9_models.Bit9Rule.query(
bit9_models.Bit9Rule.host_id == host_1.key.id()).fetch()
self.assertEqual(binary_count, len(host_1_rules))
host_2_rules = bit9_models.Bit9Rule.query(
bit9_models.Bit9Rule.host_id == host_2.key.id()).fetch()
self.assertEqual(binary_count, len(host_2_rules))
host_3_rules = bit9_models.Bit9Rule.query(
bit9_models.Bit9Rule.host_id == host_3.key.id()).fetch()
self.assertEqual(binary_count, len(host_3_rules))
def testPost_WindowsNotSupported(self):
user = test_utils.CreateUser()
host = test_utils.CreateBit9Host(users=[user.nickname])
with self.LoggedInUser(user=user):
self.testapp.post(self.ROUTE % host.key.id(),
status=httplib.NOT_IMPLEMENTED)
self.mock_process.assert_not_called()
def testInvalidStateChangeError(self):
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.APPROVED)
with self.assertRaises(api.InvalidStateChangeError):
api.Escalate(exm_key)
self.assertEqual(_STATE.APPROVED, exm_key.get().state)
def setUp(self):
super(Bit9HostTest, self).setUp()
self.user = test_utils.CreateUser()
self.admin = test_utils.CreateUser(admin=True)
self.bit9_policy = test_utils.CreateBit9Policy()
self.bit9_host = test_utils.CreateBit9Host(
policy_key=self.bit9_policy.key, users=[self.user.nickname])
def testSuccess(self):
# Create a user and some Hosts, some with Exemptions, and some without.
user = test_utils.CreateUser()
host_key_1 = test_utils.CreateBit9Host(users=[user.nickname]).key
exm_1 = test_utils.CreateExemption(host_key_1.id()).get()
host_key_2 = test_utils.CreateBit9Host(users=[user.nickname]).key
host_key_3 = test_utils.CreateSantaHost(primary_user=user.nickname).key
exm_2 = test_utils.CreateExemption(host_key_3.id()).get()
host_key_4 = test_utils.CreateSantaHost(primary_user=user.nickname).key
host_keys = [host_key_1, host_key_2, host_key_3, host_key_4]
results = model_utils.GetExemptionsForHosts(host_keys)
self.assertLen(results, 4)
self.assertEqual(exm_1, results.get(host_key_1))
self.assertIsNone(results.get(host_key_2))
self.assertEqual(exm_2, results.get(host_key_3))
self.assertIsNone(results.get(host_key_4))
def testFirstRequest(self):
host_id = test_utils.CreateBit9Host().key.id()
self.assertIsNone(exemption_models.Exemption.Get(host_id))
api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY)
self.assertIsNotNone(exemption_models.Exemption.Get(host_id))
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS)
self.mock_send.assert_called_once()
def testRenew_NoOtherText(self):
host_id = test_utils.CreateBit9Host().key.id()
test_utils.CreateExemption(host_id, initial_state=_STATE.CANCELLED)
api.Request(host_id, _REASON.DEVELOPER_MACOS, None, _DURATION.DAY)
self.assertIsNotNone(exemption_models.Exemption.Get(host_id))
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS)
self.mock_send.assert_called_once()
def testSuccess(self):
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.PENDING)
api.Escalate(exm_key)
exm = exm_key.get()
self.assertEqual(_STATE.ESCALATED, exm.state)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
def testChangePolicyKey(self):
monitor_policy_key = ndb.Key(
policy_models.Bit9Policy, constants.BIT9_ENFORCEMENT_LEVEL.MONITOR)
lockdown_policy_key = ndb.Key(
policy_models.Bit9Policy, constants.BIT9_ENFORCEMENT_LEVEL.LOCKDOWN)
host_key = test_utils.CreateBit9Host(policy_key=monitor_policy_key).key
self.assertEqual(monitor_policy_key, host_key.get().policy_key)
host_models.Bit9Host.ChangePolicyKey(host_key.id(), lockdown_policy_key)
self.assertEqual(lockdown_policy_key, host_key.get().policy_key)
def testInvalidStateChangeError(self, mock_enable):
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.DENIED)
with self.assertRaises(api.InvalidStateChangeError):
api.Cancel(exm_key)
mock_enable.assert_not_called()
self.assertEqual(_STATE.DENIED, exm_key.get().state)
self.mock_send.assert_not_called()
def testWindows(self):
users = ['aaaa', 'bbbb']
host = test_utils.CreateBit9Host(users=users)
host_id = host.key.id()
exm_key = test_utils.CreateExemption(host_id)
notify.SendUpdateEmail(exm_key, _STATE.APPROVED)
expected_subject = 'Lockdown exemption update: %s' % host.hostname
self.mock_send.assert_called_once_with(expected_subject,
mock.ANY,
to=users,
html=True)
def testPendingLocalRule_ForUser(self):
with self.LoggedInUser() as user:
bit9_host = test_utils.CreateBit9Host(users=[user.nickname])
test_utils.CreateBit9Rule(self.bit9_blockable.key,
host_id=bit9_host.key.id(),
user_key=user.key,
is_committed=False)
response = self.testapp.get('/%s' % self.bit9_blockable.key.id())
output = response.json
self.assertTrue(output)
def testRenew_Success_NotYetExpired(self):
host_id = test_utils.CreateBit9Host().key.id()
test_utils.CreateExemption(host_id, initial_state=_STATE.APPROVED)
api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY)
exm = exemption_models.Exemption.Get(host_id)
self.assertEqual(_STATE.REQUESTED, exm.state)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS)
self.mock_send.assert_called_once()
def testGetPlatform_Success(self):
host_id = test_utils.CreateSantaHost().key.id()
exm_key = test_utils.CreateExemption(host_id)
self.assertEqual(
constants.PLATFORM.MACOS, exemption.Exemption.GetPlatform(exm_key))
host_id = test_utils.CreateBit9Host().key.id()
exm_key = test_utils.CreateExemption(host_id)
self.assertEqual(
constants.PLATFORM.WINDOWS, exemption.Exemption.GetPlatform(exm_key))
def testInvalidStateChangeError(self, mock_enable):
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.CANCELLED)
with self.assertRaises(api.InvalidStateChangeError):
api.Revoke(exm_key, ['justification'])
mock_enable.assert_not_called()
self.assertEqual(_STATE.CANCELLED, exm_key.get().state)
self.mock_send.assert_not_called()
def testGetSelf_WithoutExemption(self):
user = test_utils.CreateUser()
test_utils.CreateBit9Host(users=[user.nickname]).key.id()
with self.LoggedInUser(user=user):
response = self.testapp.get(self.SELF_ROUTE)
output = response.json
self.assertLen(output, 1)
self.assertIn('exemption', output[0])
self.assertIsNone(output[0]['exemption'])
def testGetByUserId_WithoutExemption(self):
user = test_utils.CreateUser()
test_utils.CreateBit9Host(users=[user.nickname]).key.id()
with self.LoggedInUser(admin=True):
response = self.testapp.get(self.USER_ID_ROUTE % user.key.id())
output = response.json
self.assertLen(output, 1)
self.assertIn('exemption', output[0])
self.assertIsNone(output[0]['exemption'])
def testSuccess(self):
user = test_utils.CreateUser()
host_id_1 = test_utils.CreateBit9Host(users=[user.nickname]).key.id()
host_id_2 = test_utils.CreateSantaHost(primary_user=user.nickname).key.id()
host_id_3 = test_utils.CreateSantaHost(primary_user='******').key.id()
exm_1 = test_utils.CreateExemption(host_id_1).get()
exm_2 = test_utils.CreateExemption(host_id_2).get()
test_utils.CreateExemption(host_id_3)
expected_exms = sorted([exm_1, exm_2])
actual_exms = sorted(model_utils.GetExemptionsForUser(user.email))
self.assertListEqual(expected_exms, actual_exms)
def testPolicyNotDefinedForPlatform(self, mock_metric):
self._PatchPolicyChecks()
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(host_key.id())
api.Process(exm_key)
exm = exm_key.get()
self.assertEqual(_STATE.DENIED, exm.state)
self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.EXEMPTION] * 2)
mock_metric.Increment.assert_called_once()
def testSuccess(self):
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.PENDING)
api.Deny(exm_key)
exm = exm_key.get()
self.assertEqual(_STATE.DENIED, exm.state)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS)
self.mock_send.assert_called_once()
def testAdminGetListPlatform(self):
"""Admin gets a list of all hosts specific to a single platform."""
# Create a dummy host that shouldn't be included in the returned list.
test_utils.CreateBit9Host()
with self.LoggedInUser(admin=True):
response = self.testapp.get(self.ROUTE + '/santa')
output = response.json
self.assertIn('application/json', response.headers['Content-type'])
self.assertIsInstance(output, dict)
self.assertIsInstance(output['content'], list)
self.assertLen(output['content'], 3)
def testGet_PendingLocalRule_ForSomeoneElse(self):
other_user = test_utils.CreateUser()
with self.LoggedInUser():
bit9_host = test_utils.CreateBit9Host(users=[other_user.nickname])
test_utils.CreateBit9Rule(self.bit9_blockable.key,
host_id=bit9_host.key.id(),
user_key=other_user.key,
is_committed=False)
response = self.testapp.get(self.ROUTE %
self.bit9_blockable.key.id())
output = response.json
self.assertFalse(output)
def testWithStateFilter(self):
user = test_utils.CreateUser()
host_id_1 = test_utils.CreateBit9Host(users=[user.nickname]).key.id()
host_id_2 = test_utils.CreateSantaHost(primary_user=user.nickname).key.id()
host_id_3 = test_utils.CreateSantaHost(primary_user='******').key.id()
exm_1 = test_utils.CreateExemption(
host_id_1, initial_state=_STATE.APPROVED).get()
test_utils.CreateExemption(host_id_2, initial_state=_STATE.EXPIRED)
test_utils.CreateExemption(host_id_3, initial_state=_STATE.APPROVED)
actual_exms = sorted(
model_utils.GetExemptionsForUser(user.email, state=_STATE.APPROVED))
self.assertListEqual([exm_1], actual_exms)
def testCopyLocalRules_Success(self):
old_user = test_utils.CreateUser(email=user_map.UsernameToEmail('foo'))
new_user = test_utils.CreateUser(email=user_map.UsernameToEmail('bar'))
policy_key = ndb.Key(bit9_db.Bit9Policy, '22222')
host1 = test_utils.CreateBit9Host(
id='12345', users=[old_user.nickname], policy_key=policy_key)
test_utils.CreateBit9Host(
id='67890', users=[new_user.nickname], policy_key=policy_key)
blockable1 = test_utils.CreateBit9Binary()
test_utils.CreateBit9Rule(
blockable1.key, host_id=host1.key.id(), user_key=old_user.key)
blockable2 = test_utils.CreateBit9Binary()
test_utils.CreateBit9Rule(
blockable2.key, host_id=host1.key.id(), user_key=old_user.key)
host = bit9_test_utils.CreateComputer(
id=67890,
policy_id=22222,
users='{0}\\{1},{0}\\{2}'.format(
settings.AD_DOMAIN, old_user.nickname, new_user.nickname))
occurred_dt = datetime.datetime.utcnow()
sync._PersistBit9Host(host, occurred_dt).wait()
self.assertEntityCount(bit9_db.Bit9Rule, 4) # 2 New + 2 Old
self.assertEntityCount(bit9_db.RuleChangeSet, 2)
rules_for_host1 = bit9_db.Bit9Rule.query(
bit9_db.Bit9Rule.host_id == host1.key.id()).fetch()
self.assertEqual(2, len(rules_for_host1))
self.assertSameElements(
[blockable1.key, blockable2.key],
[rule.key.parent() for rule in rules_for_host1])
self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 1)
self.DrainTaskQueue(constants.TASK_QUEUE.BQ_PERSISTENCE)
self.assertEntityCount(bigquery_db.HostRow, 1)
