def test_run_scan_fail(config, call):
compliance_client = ComplianceClient(config)
with raises(SystemExit):
compliance_client.run_scan('ref_id', '/nonexistent')
call.assert_called_with("oscap xccdf eval --profile ref_id --results " +
OSCAP_RESULTS_OUTPUT + ' /nonexistent',
keep_rc=True)
def test_run_scan(config, call):
compliance_client = ComplianceClient(config)
output_path = '/tmp/oscap_results-ref_id.xml'
compliance_client.run_scan('ref_id', '/nonexistent', output_path)
call.assert_called_with("oscap xccdf eval --profile ref_id --results " +
output_path + ' /nonexistent',
keep_rc=True)
def test_run_scan(config, Popen):
Popen().wait = MagicMock(return_value=0)
compliance_client = ComplianceClient(config)
compliance_client.run_scan('ref_id', '/nonexistent')
Popen.assert_called_with([
"oscap", "xccdf", "eval", "--profile", 'ref_id', "--results",
OSCAP_RESULTS_OUTPUT, '/nonexistent'
],
stdout=PIPE,
stderr=STDOUT)
def test_run_scan(config, call):
compliance_client = ComplianceClient(config)
output_path = '/tmp/oscap_results-ref_id.xml'
env = os.environ
env.update({'TZ': 'UTC'})
compliance_client.run_scan('ref_id', '/nonexistent', output_path)
if six.PY3:
call.assert_called_with(("oscap xccdf eval --profile ref_id --results " + output_path + ' /nonexistent'), keep_rc=True, env=env)
else:
call.assert_called_with(("oscap xccdf eval --profile ref_id --results " + output_path + ' /nonexistent').encode(), keep_rc=True, env=env)
def test_run_scan_fail(config, call):
compliance_client = ComplianceClient(config)
output_path = '/tmp/oscap_results-ref_id.xml'
env = os.environ
env.update({'TZ': 'UTC'})
with raises(SystemExit):
compliance_client.run_scan('ref_id', '/nonexistent', output_path)
call.assert_called_with("oscap xccdf eval --profile ref_id --results " +
output_path + ' /nonexistent',
keep_rc=True,
env=env)
def test_run_scan_fail(config, Popen):
Popen().wait = MagicMock(return_value=1)
Popen().stderr.read = MagicMock(return_value='bad things happened')
compliance_client = ComplianceClient(config)
with raises(SystemExit):
compliance_client.run_scan('ref_id', '/nonexistent')
Popen.assert_called_with([
"oscap", "xccdf", "eval", "--profile", 'ref_id', "--results",
OSCAP_RESULTS_OUTPUT, '/nonexistent'
],
stdout=PIPE,
stderr=STDOUT)
def test_errored_rpm_call(config, call):
compliance_client = ComplianceClient(config)
compliance_client.get_policies = lambda: [{'ref_id': 'foo'}]
compliance_client.find_scap_policy = lambda ref_id: '/usr/share/xml/scap/foo.xml'
compliance_client.run_scan = lambda ref_id, policy_xml: None
with raises(SystemExit):
compliance_client.oscap_scan()
def test_run_scan_missing_profile(config, call):
compliance_client = ComplianceClient(config)
output_path = '/tmp/oscap_results-ref_id.xml'
env = os.environ
env.update({'TZ': 'UTC'})
assert compliance_client.run_scan('ref_id', None, output_path) is None
call.assert_not_called()
def test_errored_rpm_call(config, call):
compliance_client = ComplianceClient(config)
compliance_client.get_initial_profiles = lambda: [{'attributes': {'ref_id': 'foo'}}]
compliance_client.get_profiles_matching_os = lambda: []
compliance_client.find_scap_policy = lambda ref_id: '/usr/share/xml/scap/foo.xml'
compliance_client.run_scan = lambda ref_id, policy_xml: None
with raises(SystemExit):
compliance_client.oscap_scan()
def test_oscap_scan(config, assert_rpms):
compliance_client = ComplianceClient(config)
compliance_client.get_policies = lambda: [{'ref_id': 'foo'}]
compliance_client.find_scap_policy = lambda ref_id: '/usr/share/xml/scap/foo.xml'
compliance_client.run_scan = lambda ref_id, policy_xml, output_path: None
compliance_client.archive.archive_tmp_dir = '/tmp'
compliance_client.archive.archive_name = 'insights-compliance-test'
archive, content_type = compliance_client.oscap_scan()
assert archive == '/tmp/insights-compliance-test.tar.gz'
assert content_type == COMPLIANCE_CONTENT_TYPE
def test_missing_packages(config, call):
compliance_client = ComplianceClient(config)
compliance_client.get_policies = lambda: [{
'attributes': {
'ref_id': 'foo'
}
}]
compliance_client.find_scap_policy = lambda ref_id: '/usr/share/xml/scap/foo.xml'
compliance_client.run_scan = lambda ref_id, policy_xml: None
with raises(SystemExit):
compliance_client.oscap_scan()
def test_oscap_scan(config, assert_rpms):
compliance_client = ComplianceClient(config)
compliance_client.get_initial_profiles = lambda: [{'attributes': {'ref_id': 'foo', 'tailored': False}}]
compliance_client.get_profiles_matching_os = lambda: []
compliance_client.find_scap_policy = lambda ref_id: '/usr/share/xml/scap/foo.xml'
compliance_client.run_scan = lambda ref_id, policy_xml, output_path, tailoring_file_path: None
compliance_client.archive.archive_tmp_dir = '/tmp'
compliance_client.archive.archive_name = 'insights-compliance-test'
archive, content_type = compliance_client.oscap_scan()
assert archive == '/tmp/insights-compliance-test.tar.gz'
assert content_type == COMPLIANCE_CONTENT_TYPE
def test_oscap_scan(config):
compliance_client = ComplianceClient(config)
compliance_client.get_policies = lambda: [{
'attributes': {
'ref_id': 'foo'
}
}]
compliance_client.find_scap_policy = lambda ref_id: '/usr/share/xml/scap/foo.xml'
compliance_client.run_scan = lambda ref_id, policy_xml: None
payload, content_type = compliance_client.oscap_scan()
assert payload == OSCAP_RESULTS_OUTPUT
assert content_type == COMPLIANCE_CONTENT_TYPE
def test_oscap_scan_with_results_repaired(config, assert_rpms, tmpdir):
results_file = tmpdir.mkdir('results').join('result.xml')
results_file.write("""
<xml>
<version>0.9</version>
</xml>
""")
compliance_client = ComplianceClient(config)
compliance_client._ssg_version = '0.1.25'
compliance_client._get_inventory_id = lambda: ''
compliance_client.get_initial_profiles = lambda: [{'attributes': {'ref_id': 'foo', 'tailored': False}}]
compliance_client.get_profiles_matching_os = lambda: []
compliance_client.find_scap_policy = lambda ref_id: '/usr/share/xml/scap/foo.xml'
compliance_client._results_file = lambda archive_dir, profile: str(results_file)
compliance_client.run_scan = lambda ref_id, policy_xml, output_path, tailoring_file_path: None
compliance_client.archive.archive_tmp_dir = '/tmp'
compliance_client.archive.archive_name = 'insights-compliance-test'
archive, content_type = compliance_client.oscap_scan()
assert archive == '/tmp/insights-compliance-test.tar.gz'
assert content_type == COMPLIANCE_CONTENT_TYPE
repaired_results = open(str(results_file)).read()
assert '<version>0.1.25</version>' in repaired_results
