def test_check_files(request, fleecing_vm, ssh_client, analysis_profile):
"""This test checks presence and contents of a certain file. Due to caching, an existing file
is checked.
"""
check_file_name = "/etc/sudo.conf"
check_file_contents = "sudoers_policy" # The file contains: `Plugin sudoers_policy sudoers.so`
condition = VMCondition(
"Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)),
expression=("fill_find(VM and Instance.Files : Name, "
"=, {}, Check Any, Contents, INCLUDES, {})".format(
check_file_name, check_file_contents))
)
request.addfinalizer(lambda: diaper(condition.delete))
policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8)))
request.addfinalizer(lambda: diaper(policy.delete))
policy.create()
policy.assign_conditions(condition)
profile = PolicyProfile(
"Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)),
policies=[policy]
)
request.addfinalizer(lambda: diaper(profile.delete))
profile.create()
fleecing_vm.assign_policy_profiles(profile.description)
request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description))
with update(analysis_profile):
analysis_profile.files = [(check_file_name, True)]
analysis_profile.categories = [
"check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"]
do_scan(fleecing_vm, ("Configuration", "Files"))
assert fleecing_vm.check_compliance_and_wait()
def test_check_package_presence(request, fleecing_vm, ssh_client, analysis_profile):
"""This test checks compliance by presence of a certain cfme-appliance package which is expected
to be present on an appliance."""
# TODO: If we step out from provisioning a full appliance for fleecing, this might need revisit
condition = VMCondition(
"Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)),
expression=("fill_find(field=VM and Instance.Guest Applications : Name, "
"skey=STARTS WITH, value=cfme-appliance, check=Check Count, ckey= = , cvalue=1)")
)
request.addfinalizer(lambda: diaper(condition.delete))
policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8)))
request.addfinalizer(lambda: diaper(policy.delete))
policy.create()
policy.assign_conditions(condition)
profile = PolicyProfile(
"Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)),
policies=[policy]
)
request.addfinalizer(lambda: diaper(profile.delete))
profile.create()
fleecing_vm.assign_policy_profiles(profile.description)
request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description))
with update(analysis_profile):
analysis_profile.categories = [
"check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"]
do_scan(fleecing_vm)
assert fleecing_vm.check_compliance_and_wait()
def test_check_package_presence(request, fleecing_vm, ssh_client, vm_analysis,
analysis_profile):
"""This test checks compliance by presence of a certain cfme-appliance package which is expected
to be present on an appliance."""
# TODO: If we step out from provisioning a full appliance for fleecing, this might need revisit
condition = VMCondition(
"Compliance testing condition {}".format(
fauxfactory.gen_alphanumeric(8)),
expression=
("fill_find(field=VM and Instance.Guest Applications : Name, "
"skey=STARTS WITH, value=cfme-appliance, check=Check Count, ckey= = , cvalue=1)"
))
request.addfinalizer(lambda: diaper(condition.delete))
policy = VMCompliancePolicy("Compliance {}".format(
fauxfactory.gen_alphanumeric(8)))
request.addfinalizer(lambda: diaper(policy.delete))
policy.create()
policy.assign_conditions(condition)
profile = PolicyProfile("Compliance PP {}".format(
fauxfactory.gen_alphanumeric(8)),
policies=[policy])
request.addfinalizer(lambda: diaper(profile.delete))
profile.create()
fleecing_vm.assign_policy_profiles(profile.description)
request.addfinalizer(
lambda: fleecing_vm.unassign_policy_profiles(profile.description))
with update(analysis_profile):
analysis_profile.categories = [
"check_services", "check_accounts", "check_software",
"check_vmconfig", "check_system"
]
do_scan(fleecing_vm)
assert fleecing_vm.check_compliance_and_wait()
def test_check_files(request, fleecing_vm, ssh_client, check_file_name, analysis_profile):
"""This test checks presence and contents of a certain file. First the non-compliance is
enforced by not having the file, then the compliance is checked against existing file and
it is expected to be compliant.
"""
contents = generate_random_string(size=12)
condition = VMCondition(
"Compliance testing condition {}".format(generate_random_string(size=8)),
expression=("fill_find(VM and Instance.Files : Name, "
"=, {}, Check Any, Contents, INCLUDES, {})".format(check_file_name, contents))
)
request.addfinalizer(lambda: diaper(condition.delete))
policy = VMCompliancePolicy("Compliance {}".format(generate_random_string(size=8)))
request.addfinalizer(lambda: diaper(policy.delete))
policy.create()
policy.assign_conditions(condition)
profile = PolicyProfile(
"Compliance PP {}".format(generate_random_string(size=8)),
policies=[policy]
)
request.addfinalizer(lambda: diaper(profile.delete))
profile.create()
fleecing_vm.assign_policy_profiles(profile.description)
request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description))
with update(analysis_profile):
analysis_profile.files = [("/root/*", True)]
analysis_profile.categories = [
"check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"]
# Non-compliant
ssh_client.run_command("rm -f {}".format(check_file_name))
do_scan(fleecing_vm)
assert not fleecing_vm.check_compliance_and_wait()
# Compliant
ssh_client.run_command("echo {} > {}".format(contents, check_file_name))
do_scan(fleecing_vm)
assert fleecing_vm.check_compliance_and_wait()
def test_check_files(request, fleecing_vm, ssh_client, analysis_profile):
"""This test checks presence and contents of a certain file. Due to caching, an existing file
is checked.
"""
check_file_name = "/etc/sudo.conf"
check_file_contents = "sudoers_policy" # The file contains: `Plugin sudoers_policy sudoers.so`
condition = VMCondition(
"Compliance testing condition {}".format(
fauxfactory.gen_alphanumeric(8)),
expression=("fill_find(VM and Instance.Files : Name, "
"=, {}, Check Any, Contents, INCLUDES, {})".format(
check_file_name, check_file_contents)))
request.addfinalizer(lambda: diaper(condition.delete))
policy = VMCompliancePolicy("Compliance {}".format(
fauxfactory.gen_alphanumeric(8)))
request.addfinalizer(lambda: diaper(policy.delete))
policy.create()
policy.assign_conditions(condition)
profile = PolicyProfile("Compliance PP {}".format(
fauxfactory.gen_alphanumeric(8)),
policies=[policy])
request.addfinalizer(lambda: diaper(profile.delete))
profile.create()
fleecing_vm.assign_policy_profiles(profile.description)
request.addfinalizer(
lambda: fleecing_vm.unassign_policy_profiles(profile.description))
with update(analysis_profile):
analysis_profile.files = [(check_file_name, True)]
analysis_profile.categories = [
"check_services", "check_accounts", "check_software",
"check_vmconfig", "check_system"
]
do_scan(fleecing_vm, ("Configuration", "Files"))
assert fleecing_vm.check_compliance_and_wait()