def test_positive_create_matcher_puppet_default_value(self, module_puppet, module_sc_params): """Create matcher for attribute in parameter, Where Value is puppet default value. :id: c08fcf25-e5c7-411e-beed-3741a24496fd :steps: 1. Override the parameter. 2. Set some default Value. 3. Create matcher with valid attribute type, name and puppet default value. 4. Submit the change. :expectedresults: The matcher has been created successfully. :CaseImportance: Medium """ sc_param_id = module_sc_params['ids'].pop() SmartClassParameter.update( {'id': sc_param_id, 'override': 1, 'default-value': gen_string('alpha')} ) SmartClassParameter.add_matcher( {'smart-class-parameter-id': sc_param_id, 'match': 'domain=test.com', 'omit': 1} ) sc_param = SmartClassParameter.info( {'puppet-class': module_puppet['class']['name'], 'id': sc_param_id} ) assert sc_param['override-values']['values']['1']['match'] == 'domain=test.com'
def test_positive_create_and_remove_matcher(self, module_puppet, module_sc_params): """Create and remove matcher for attribute in parameter. :id: 37fe299b-1e81-4faf-b1c3-2edfc3d53dc1 :steps: 1. Override the parameter. 2. Set some default Value. 3. Create a matcher with all valid values. 4. Create matcher with valid attribute type, name and puppet default value. 5. Submit the change. 6. Remove the matcher created in step 1 :expectedresults: The matcher has been created successfully. :CaseImportance: Medium """ sc_param_id = module_sc_params['ids'].pop() value = gen_string('alpha') SmartClassParameter.update({ 'id': sc_param_id, 'override': 1, 'override-value-order': 'is_virtual' }) SmartClassParameter.add_matcher({ 'smart-class-parameter-id': sc_param_id, 'match': 'is_virtual=true', 'value': value }) sc_param = SmartClassParameter.info({ 'puppet-class': module_puppet['class']['name'], 'id': sc_param_id }) assert sc_param['override-values']['values']['1'][ 'match'] == 'is_virtual=true' assert sc_param['override-values']['values']['1']['value'] == value SmartClassParameter.remove_matcher({ 'smart-class-parameter-id': sc_param_id, 'id': sc_param['override-values']['values']['1']['id'], }) sc_param = SmartClassParameter.info({ 'puppet-class': module_puppet['class']['name'], 'id': sc_param_id }) assert len(sc_param['override-values']['values']) == 0
def test_negative_validate_matcher_non_existing_attribute(self): """Error while creating matcher for Non Existing Attribute. :id: 5223e582-81b4-442d-b4ba-b16ede460ef6 :steps: 1. Override the parameter. 2. Create a matcher with non existing attribute in org. 3. Attempt to submit the change. :expectedresults: Error raised for non existing attribute. :CaseImportance: Medium """ sc_param_id = self.sc_params_ids_list.pop() with self.assertRaises(CLIReturnCodeError): SmartClassParameter.add_matcher({ 'smart-class-parameter-id': sc_param_id, 'match': 'hostgroup=nonexistingHG', 'value': gen_string('alpha'), })
def test_positive_upload_to_satellite(self): """Perform end to end oscap test, and push the updated scap content via puppet after first run. :id: 17a0978d-64f9-44ad-8303-1f54ada08602 :expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be uploaded to Satellite and be searchable. Satellite should push updated content to Clients and satellite should get updated reports. :CaseLevel: System :BZ: 1479413, 1722475, 1420439, 1722475 """ if settings.rhel6_repo is None: self.skipTest('Missing configuration for rhel6_repo') rhel6_repo = settings.rhel6_repo if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') if settings.rhel8_repo is None: self.skipTest('Missing configuration for rhel8_repo') rhel8_repo = settings.rhel8_repo hgrp8_name = gen_string('alpha') rhel7_repo = settings.rhel7_repo hgrp6_name = gen_string('alpha') hgrp7_name = gen_string('alpha') policy6_name = gen_string('alpha') policy7_name = gen_string('alpha') policy8_name = gen_string('alpha') policy_values = [ { 'content': self.rhel6_content, 'hgrp': hgrp6_name, 'policy': policy6_name, 'profile': OSCAP_PROFILE['security6'], }, { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': policy7_name, 'profile': OSCAP_PROFILE['security7'], }, { 'content': self.rhel8_content, 'hgrp': hgrp8_name, 'policy': policy8_name, 'profile': OSCAP_PROFILE['cbrhel8'], }, ] vm_values = [ { 'distro': DISTRO_RHEL6, 'hgrp': hgrp6_name, 'rhel_repo': rhel6_repo, 'policy': policy6_name, }, { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo, 'policy': policy7_name, }, { 'distro': DISTRO_RHEL8, 'hgrp': hgrp8_name, 'rhel_repo': rhel8_repo, 'policy': policy8_name, }, ] # Creates host_group for both rhel6, rhel7 and rhel8. for host_group in [hgrp6_name, hgrp7_name, hgrp8_name]: make_hostgroup({ 'content-source': self.config_env['sat6_hostname'], 'name': host_group, 'puppet-environment-id': self.puppet_env.id, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'], 'puppet-classes': self.puppet_classes, }) # Creates oscap_policy for both rhel6, rhel7 and rhel8. for value in policy_values: scap_id, scap_profile_id = self.fetch_scap_and_profile_id( value['content'], value['profile']) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': value['hgrp'], 'deploy-by': 'puppet', 'name': value['policy'], 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'], }) # Creates two vm's each for rhel6, rhel7 and rhel8, runs # openscap scan and uploads report to satellite6. for value in vm_values: with VirtualMachine(distro=value['distro']) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost( self.config_env['org_name'], self.config_env['ak_name'].get(value['distro'])) assert vm.subscribed Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': value['hgrp'], 'openscap-proxy-id': self.proxy_id, 'organization': self.config_env['org_name'], 'puppet-environment-id': self.puppet_env.id, }) SmartClassParameter.update({ 'name': 'fetch_remote_resources', 'override': 1, 'parameter-type': 'boolean', 'default-value': 'true', 'puppet-class': 'foreman_scap_client', }) SmartClassParameter.add_matcher({ 'smart-class-parameter': 'fetch_remote_resources', 'match': f'fqdn={vm.hostname}', 'value': 'true', 'puppet-class': 'foreman_scap_client', }) vm.configure_puppet(value['rhel_repo']) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. arf_report = Arfreport.list({ 'search': f'host={vm.hostname.lower()}', 'per-page': 1 }) assert arf_report is not None scap_id, scap_profile_id = self.fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox']) Scappolicy.update({ 'scap-content-id': scap_id, 'deploy-by': 'puppet', 'name': value['policy'], 'new-name': gen_string('alpha'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'], }) Arfreport.delete({'id': arf_report[0].get('id')}) for _ in range(2): vm.run('puppet agent -t 2> /dev/null') updated_result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep content_path' ) assert result != updated_result assert updated_result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() result = Arfreport.list( {'search': f'host={vm.hostname.lower()}'}) assert result is not None
def test_positive_upload_to_satellite( module_org, default_proxy, content_view, lifecycle_env, puppet_env, distro, ): """Perform end to end oscap test, and push the updated scap content via puppet after first run. :id: 11fef620-6ee8-4768-a398-db8cede1fc14 :parametrized: yes :customerscenario: true :expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be uploaded to Satellite and be searchable. Satellite should push updated content to Clients and satellite should get updated reports. :CaseLevel: System :BZ: 1479413, 1722475, 1420439, 1722475 """ hgrp_name = gen_string('alpha') policy_name = gen_string('alpha') if distro == 'rhel6': rhel_repo = settings.repos.rhel6_repo profile1 = OSCAP_PROFILE['dsrhel6'] profile2 = OSCAP_PROFILE['pcidss6'] profile3 = OSCAP_PROFILE['usgcb'] elif distro == 'rhel7': rhel_repo = settings.repos.rhel7_repo profile1 = OSCAP_PROFILE['dsrhel7'] profile2 = OSCAP_PROFILE['pcidss7'] profile3 = OSCAP_PROFILE['ospp7'] else: rhel_repo = settings.repos.rhel8_repo profile1 = OSCAP_PROFILE['dsrhel8'] profile2 = OSCAP_PROFILE['pcidss8'] profile3 = OSCAP_PROFILE['ospp8'] content = OSCAP_DEFAULT_CONTENT[f'{distro}_content'] # Creates host_group. make_hostgroup({ 'content-source': settings.server.hostname, 'name': hgrp_name, 'puppet-environment-id': puppet_env.id, 'puppet-ca-proxy': settings.server.hostname, 'puppet-proxy': settings.server.hostname, 'organizations': module_org.name, 'puppet-classes': puppet_classes, }) # Creates oscap_policy. scap_id, scap_profile_id = fetch_scap_and_profile_id(content, profile1) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': hgrp_name, 'deploy-by': 'puppet', 'name': policy_name, 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': module_org.name, }) # Creates vm's and runs openscap scan and uploads report to satellite6. with VMBroker(nick=distro, host_classes={'host': ContentHost}) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(module_org.name, ak_name[distro]) assert vm.subscribed Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': lifecycle_env.name, 'content-view': content_view.name, 'hostgroup': hgrp_name, 'openscap-proxy-id': default_proxy, 'organization': module_org.name, 'puppet-environment-id': puppet_env.id, }) SmartClassParameter.update({ 'name': 'fetch_remote_resources', 'override': 1, 'parameter-type': 'boolean', 'default-value': 'true', 'puppet-class': 'foreman_scap_client', }) SmartClassParameter.add_matcher({ 'smart-class-parameter': 'fetch_remote_resources', 'match': f'fqdn={vm.hostname}', 'value': 'true', 'puppet-class': 'foreman_scap_client', }) vm.configure_puppet(rhel_repo) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.status == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. arf_report = Arfreport.list({ 'search': f'host={vm.hostname.lower()}', 'per-page': 1 }) assert arf_report is not None for profile in [profile2, profile3]: scap_id, scap_profile_id = fetch_scap_and_profile_id( content, profile) Scappolicy.update({ 'scap-content-id': scap_id, 'deploy-by': 'puppet', 'name': policy_name, 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organization': module_org.name, }) for _ in range(2): vm.run('puppet agent -t 2> /dev/null') updated_result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep content_path') assert result != updated_result assert updated_result.status == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() result = Arfreport.list({'search': f'host={vm.hostname.lower()}'}) assert result is not None