def set_certificate_in_satellite(server_type): """update the cert settings in satellite based on type of ldap server""" if server_type == 'IPA': idm_cert_path_url = os.path.join(settings.ipa.hostname_ipa, 'ipa/config/ca.crt') file_downloader( file_url=idm_cert_path_url, local_path=CERT_PATH, file_name='ipa.crt', hostname=settings.server.hostname, ) elif server_type == 'AD': ssh.command('yum -y --disableplugin=foreman-protector install cifs-utils') command = r'mount -t cifs -o username=administrator,pass={0} //{1}/c\$ /mnt' ssh.command(command.format(settings.ldap.password, settings.ldap.hostname)) result = ssh.command( 'cp /mnt/Users/Administrator/Desktop/satqe-QE-SAT6-AD-CA.cer {}'.format(CERT_PATH) ) if result.return_code != 0: raise AssertionError('Failed to copy the AD server certificate at right path') result = ssh.command('update-ca-trust extract && restorecon -R {}'.format(CERT_PATH)) if result.return_code != 0: raise AssertionError('Failed to update and trust the certificate') result = ssh.command('systemctl restart httpd') if result.return_code != 0: raise AssertionError( 'Failed to restart the httpd after applying {} cert'.format(server_type) )
def tailoring_file_path(): """ Return Tailoring file path.""" local = file_downloader(file_url=settings.oscap.tailoring_path)[0] satellite = file_downloader( file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname )[0] return {'local': local, 'satellite': satellite}
def module_synced_repos(sat_maintain): org = sat_maintain.api.Organization().create() manifests_path = file_downloader( file_url=settings.fake_manifest.url['default'], hostname=sat_maintain.hostname )[0] sat_maintain.cli.Subscription.upload({'file': manifests_path, 'organization-id': org.id}) # sync custom repo cust_prod = sat_maintain.api.Product(organization=org).create() cust_repo = sat_maintain.api.Repository( url=settings.repos.yum_1.url, product=cust_prod ).create() cust_repo.sync() # sync RH repo product = sat_maintain.api.Product(name=constants.PRDS['rhae'], organization=org.id).search()[0] r_set = sat_maintain.api.RepositorySet( name=constants.REPOSET['rhae2'], product=product ).search()[0] payload = {'basearch': constants.DEFAULT_ARCHITECTURE, 'product_id': product.id} r_set.enable(data=payload) result = sat_maintain.api.Repository(name=constants.REPOS['rhae2']['name']).search( query={'organization_id': org.id} ) rh_repo_id = result[0].id rh_repo = sat_maintain.api.Repository(id=rh_repo_id).read() rh_repo.sync() yield {'custom': cust_repo, 'rh': rh_repo}
def rhcloud_manifest_org(rhcloud_sat_host): """A module level fixture to get organization with manifest.""" org = rhcloud_sat_host.api.Organization().create() manifests_path = file_downloader( file_url=settings.fake_manifest.url['default'], hostname=rhcloud_sat_host.hostname )[0] rhcloud_sat_host.cli.Subscription.upload({'file': manifests_path, 'organization-id': org.id}) return org
def setUpClass(cls): super(OpenScapTestCase, cls).setUpClass() cls.title = gen_string('alpha') result = [scap['title'] for scap in Scapcontent.list() if scap.get('title') in cls.title] if not result: make_scapcontent({'title': cls.title, 'scap-file': settings.oscap.content_path}) cls.scap_id_rhel7, cls.scap_profile_id_rhel7 = cls.fetch_scap_and_profile_id( cls.title, OSCAP_PROFILE['security7'] ) cls.tailoring_file_path = file_downloader( file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname )[0] Ansible.roles_import({'proxy-id': 1}) Ansible.variables_import({'proxy-id': 1})
def setUpClass(cls): super(TailoringFilesTestCase, cls).setUpClass() cls.tailoring_file_path = file_downloader( file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname)[0]
def test_positive_oscap_run_with_tailoring_file_with_ansible(self): """End-to-End Oscap run with tailoring files via ansible :id: c7ea56eb-6cf1-4e79-8d6a-fb872d1bb804 :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Import Ansible role theforeman.foreman_scap_client 4. Import Ansible Variables needed for the role 5. Create a scap policy with anisble as deploy option 6. Associate scap content with it's tailoring file 7. Associate the policy with a hostgroup 8. Provision a host using the hostgroup 9. Configure REX and associate the Ansible role to created host 10. Play roles for the host :expectedresults: REX job should be success and ARF report should be sent to satellite reflecting the changes done via tailoring files :BZ: 1716307 :CaseImportance: Critical """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'], } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo } tailoring_file_name = gen_string('alpha') tailor_path = file_downloader(file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname)[0] # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': self.proxy_id, 'name': hgrp7_name, 'organizations': self.config_env['org_name'], }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': tailor_path, 'organization': self.config_env['org_name'], }) result = TailoringFiles.info({'name': tailoring_file_name}) assert result['name'] == tailoring_file_name # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile')) Ansible.roles_import({'proxy-id': self.proxy_id}) Ansible.variables_import({'proxy-id': self.proxy_id}) role_id = Ansible.roles_list({'search': 'foreman_scap_client'})[0].get('id') make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': policy_values.get('hgrp'), 'deploy-by': 'ansible', 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': self.config_env['org_name'], }) distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(self.config_env['org_name'], self.config_env['ak_name'].get(distro_os)) assert vm.subscribed Host.set_parameter({ 'host': vm.hostname.lower(), 'name': 'remote_execution_connect_by_ip', 'value': 'True', }) vm.configure_rhel_repo(settings.rhel7_repo) add_remote_execution_ssh_key(vm.ip_addr) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': self.proxy_id, 'organization': self.config_env['org_name'], 'ansible-role-ids': role_id, }) job_id = Host.ansible_roles_play({'name': vm.hostname.lower() })[0].get('id') wait_for_tasks( f"resource_type = JobInvocation and resource_id = {job_id} and " "action ~ \"hosts job\"") try: result = JobInvocation.info({'id': job_id})['success'] assert result == '1' except AssertionError: output = ' '.join( JobInvocation.get_output({ 'id': job_id, 'host': vm.hostname })) result = f'host output: {output}' raise AssertionError(result) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. result = Arfreport.list({'search': f'host={vm.hostname.lower()}'}) assert result is not None
def test_positive_oscap_run_with_tailoring_file_and_capsule(self): """End-to-End Oscap run with tailoring files and default capsule via puppet :id: 346946ad-4f62-400e-9390-81817006048c :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Create a scap policy 4. Associate scap content with it's tailoring file 5. Associate the policy with a hostgroup 6. Provision a host using the hostgroup 7. Puppet should configure and fetch the scap content and tailoring file :expectedresults: ARF report should be sent to satellite reflecting the changes done via tailoring files :BZ: 1722475 :CaseImportance: Critical """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'], } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo } tailoring_file_name = gen_string('alpha') tailor_path = file_downloader(file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname)[0] # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': self.proxy_id, 'name': hgrp7_name, 'puppet-environment-id': self.puppet_env.id, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'], 'puppet-classes': self.puppet_classes, }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': tailor_path, 'organization': self.config_env['org_name'], }) result = TailoringFiles.info({'name': tailoring_file_name}) assert result['name'] == tailoring_file_name # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile')) make_scap_policy({ 'scap-content-id': scap_id, 'deploy-by': 'puppet', 'hostgroups': policy_values.get('hgrp'), 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': self.config_env['org_name'], }) distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(self.config_env['org_name'], self.config_env['ak_name'].get(distro_os)) assert vm.subscribed Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': self.proxy_id, 'organization': self.config_env['org_name'], 'puppet-environment-id': self.puppet_env.id, }) vm.configure_puppet(rhel7_repo) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. result = Arfreport.list({'search': f'host={vm.hostname.lower()}'}) assert result is not None
def test_positive_oscap_run_with_tailoring_file_and_capsule( module_org, default_proxy, content_view, lifecycle_env, puppet_env): """End-to-End Oscap run with tailoring files and default capsule via puppet :id: 346946ad-4f62-400e-9390-81817006048c :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Create a scap policy 4. Associate scap content with it's tailoring file 5. Associate the policy with a hostgroup 6. Provision a host using the hostgroup 7. Puppet should configure and fetch the scap content and tailoring file :expectedresults: ARF report should be sent to satellite reflecting the changes done via tailoring files :BZ: 1722475 :CaseImportance: Critical """ hgrp_name = gen_string('alpha') policy_name = gen_string('alpha') tailoring_file_name = gen_string('alpha') tailor_path = file_downloader(file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname)[0] # Creates host_group. make_hostgroup({ 'content-source': settings.server.hostname, 'name': hgrp_name, 'puppet-environment-id': puppet_env.id, 'puppet-ca-proxy': settings.server.hostname, 'puppet-proxy': settings.server.hostname, 'organizations': module_org.name, 'puppet-classes': puppet_classes, }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': tailor_path, 'organization': module_org.name, }) result = TailoringFiles.info({'name': tailoring_file_name}) assert result['name'] == tailoring_file_name # Creates oscap_policy. scap_id, scap_profile_id = fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel7_content'], OSCAP_PROFILE['security7']) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': hgrp_name, 'deploy-by': 'puppet', 'name': policy_name, 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': module_org.name, }) # Creates vm's and runs openscap scan and uploads report to satellite6. with VMBroker(nick=DISTRO_RHEL7, host_classes={'host': ContentHost}) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(module_org.name, ak_name[DISTRO_RHEL7]) assert vm.subscribed Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': lifecycle_env.name, 'content-view': content_view.name, 'hostgroup': hgrp_name, 'openscap-proxy-id': default_proxy, 'organization': module_org.name, 'puppet-environment-id': puppet_env.id, }) vm.configure_puppet(settings.repos.rhel7_repo) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.status == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. arf_report = Arfreport.list({ 'search': f'host={vm.hostname.lower()}', 'per-page': 1 }) assert arf_report is not None Arfreport.delete({'id': arf_report[0].get('id')})
def oscap_tailoring_path(): return file_downloader(settings.oscap.tailoring_path)[0]
def tailoring_file_path(): """ Return Tailoring file path.""" return file_downloader(file_url=settings.oscap.tailoring_path)[0]