def testFailure_RetryAndSucceed(self):
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
fi = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(self.local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
computer = api.Computer(id=5678, sync_percent=90)
computer.last_poll_date = datetime.datetime.utcnow()
self._PatchApiRequests([], computer, [], computer, [], computer, [fi],
fi)
change_set.CommitBlockableChangeSet(self.binary.key)
expected_call = mock.call('POST',
api_route='fileInstance',
data={
'id': 9012,
'localState': 2,
'fileCatalogId': 1234,
'computerId': 5678
},
query_args=None)
self.assertTrue(
expected_call in utils.CONTEXT.ExecuteRequest.mock_calls)
def testWhitelist_LocalRule_Fulfilled(self):
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
fi = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(self.local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self._PatchApiRequests([fi], fi)
change_set.CommitBlockableChangeSet(self.binary.key)
utils.CONTEXT.ExecuteRequest.assert_has_calls([
mock.call(
'GET',
api_route='fileInstance',
query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234']),
mock.call('POST',
api_route='fileInstance',
data={
'id': 9012,
'localState': 2,
'fileCatalogId': 1234,
'computerId': 5678
},
query_args=None)
])
self.assertTrue(self.local_rule.key.get().is_fulfilled)
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testWhitelist_GlobalRule_Certificate(self):
cert = test_utils.CreateBit9Certificate(id='1a2b')
global_rule = test_utils.CreateBit9Rule(cert.key, host_id='')
change = test_utils.CreateRuleChangeSet(
cert.key,
rule_keys=[global_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
api_cert = api.Certificate(id=9012,
thumbprint='1a2b',
certificate_state=1)
self._PatchApiRequests([api_cert], api_cert)
change_set.CommitBlockableChangeSet(cert.key)
utils.CONTEXT.ExecuteRequest.assert_has_calls([
mock.call('GET',
api_route='certificate',
query_args=['q=thumbprint:1a2b']),
mock.call('POST',
api_route='certificate',
data={
'id': 9012,
'thumbprint': '1a2b',
'certificateState': 2
},
query_args=None)
])
self.assertTrue(global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testTailDefer(self):
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.global_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
with mock.patch.object(change_set, '_Whitelist'):
change_set.CommitBlockableChangeSet(self.binary.key)
# Tail defer should have been added.
self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 1)
# Only the local rule should have been committed first.
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertFalse(self.global_rule.key.get().is_committed)
self.assertEntityCount(bit9.RuleChangeSet, 1)
# Run the deferred commit attempt.
self.RunDeferredTasks(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE)
# Tail defer should not have been added as there are no more changes.
self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 0)
# Both rules should now have been committed.
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertEntityCount(bit9.RuleChangeSet, 0)
def testBlacklist_MixedRules(self):
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key, self.global_rule.key],
change_type=constants.RULE_POLICY.BLACKLIST)
with self.assertRaises(deferred.PermanentTaskFailure):
change_set.CommitBlockableChangeSet(self.binary.key)
def testBlacklist_GlobalRule_Multiple(self):
other_global_rule = test_utils.CreateBit9Rule(self.binary.key)
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.global_rule.key, other_global_rule.key],
change_type=constants.RULE_POLICY.BLACKLIST)
with self.assertRaises(deferred.PermanentTaskFailure):
change_set.CommitBlockableChangeSet(self.binary.key)
def testFailure_ExceedRetryLimit(self):
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
computer = api.Computer(id=5678, sync_percent=90)
computer.last_poll_date = datetime.datetime.utcnow()
self._PatchApiRequests([], computer, [], computer, [], computer, [],
computer)
with self.assertRaises(deferred.PermanentTaskFailure):
change_set.CommitBlockableChangeSet(self.binary.key)
def testWhitelist_LocalRule_Certificate(self):
cert = test_utils.CreateBit9Certificate()
local_rule = test_utils.CreateBit9Rule(cert.key, host_id='5678')
change = test_utils.CreateRuleChangeSet(
cert.key,
rule_keys=[local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
change_set.CommitBlockableChangeSet(cert.key)
self.assertIsNotNone(self.local_rule.key.get().is_fulfilled)
self.assertFalse(local_rule.key.get().is_fulfilled)
self.assertTrue(local_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testWhitelist_GlobalRule(self):
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.global_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
self._PatchApiRequests(api.Computer(id=5678))
change_set.CommitBlockableChangeSet(self.binary.key)
utils.CONTEXT.ExecuteRequest.assert_has_calls([
mock.call('POST',
api_route='fileRule',
data={
'fileCatalogId': 1234,
'fileState': 2
},
query_args=None)
])
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testWhitelist_LocalRule_NotFulfilled(self):
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
computer = api.Computer(id=5678, sync_percent=100)
computer.last_poll_date = datetime.datetime.utcnow()
self._PatchApiRequests([], computer)
change_set.CommitBlockableChangeSet(self.binary.key)
utils.CONTEXT.ExecuteRequest.assert_has_calls([
mock.call(
'GET',
api_route='fileInstance',
query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234'])
])
self.assertIsNotNone(self.local_rule.key.get().is_fulfilled)
self.assertFalse(self.local_rule.key.get().is_fulfilled)
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testBlacklist_GlobalRule(self):
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.global_rule.key],
change_type=constants.RULE_POLICY.BLACKLIST)
rule = api.FileRule(
file_catalog_id=1234,
file_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self._PatchApiRequests(rule)
change_set.CommitBlockableChangeSet(self.binary.key)
utils.CONTEXT.ExecuteRequest.assert_has_calls([
mock.call('POST',
api_route='fileRule',
data={
'fileCatalogId': 1234,
'fileState': 3
},
query_args=None)
])
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testNoChange(self):
with mock.patch.object(change_set, 'CommitChangeSet') as mock_commit:
change_set.CommitBlockableChangeSet(self.binary.key)
self.assertFalse(mock_commit.called)
def testRemove_MixedRules(self):
other_local_rule = test_utils.CreateBit9Rule(self.binary.key,
host_id='9012')
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[
self.local_rule.key, other_local_rule.key, self.global_rule.key
],
change_type=constants.RULE_POLICY.REMOVE)
fi1 = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(self.local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.APPROVED)
fi2 = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(other_local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.APPROVED)
rule = api.FileRule(file_catalog_id=1234,
file_state=bit9_constants.APPROVAL_STATE.APPROVED)
self._PatchApiRequests([fi1], fi1, [fi2], fi2, rule)
change_set.CommitBlockableChangeSet(self.binary.key)
utils.CONTEXT.ExecuteRequest.assert_has_calls([
mock.call(
'GET',
api_route='fileInstance',
query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234']),
mock.call('POST',
api_route='fileInstance',
data={
'id': 9012,
'localState': 1,
'fileCatalogId': 1234,
'computerId': 5678
},
query_args=None),
mock.call(
'GET',
api_route='fileInstance',
query_args=[r'q=computerId:9012', 'q=fileCatalogId:1234']),
mock.call('POST',
api_route='fileInstance',
data={
'id': 9012,
'localState': 1,
'fileCatalogId': 1234,
'computerId': 9012
},
query_args=None),
mock.call('POST',
api_route='fileRule',
data={
'fileCatalogId': 1234,
'fileState': 1
},
query_args=None),
])
self.assertTrue(self.local_rule.key.get().is_fulfilled)
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertTrue(other_local_rule.key.get().is_fulfilled)
self.assertTrue(other_local_rule.key.get().is_committed)
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())