def _ChangeInstallerState(blockable, rules):
"""Issue the request to Bit9 to change the blockable's installer state."""
global_rule = _GetGlobalRule(rules)
assert global_rule is not None
logging.debug(
'Changing Installer state of %s to %s', blockable.key.id(),
global_rule.policy)
# The Bit9 API forbids creating a FileRule without a 'fileState' column. To
# avoid overwriting an existing FileRule's state, we need to use that if one
# exists.
file_catalog_id = int(blockable.file_catalog_id)
rules = (
api.FileRule.query()
.filter(api.FileRule.file_catalog_id == file_catalog_id).execute(
bit9_utils.CONTEXT))
existing_state = (
rules[0].file_state
if rules
else bit9_constants.APPROVAL_STATE.UNAPPROVED)
rule = api.FileRule(
file_catalog_id=file_catalog_id,
file_state=existing_state,
force_installer=(
global_rule.policy == constants.RULE_POLICY.FORCE_INSTALLER),
force_not_installer=(
global_rule.policy == constants.RULE_POLICY.FORCE_NOT_INSTALLER))
rule.put(bit9_utils.CONTEXT)
def testRemove_MixedRules(self):
other_local_rule = test_utils.CreateBit9Rule(
self.binary.key, host_id='9012')
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[
self.local_rule.key, other_local_rule.key, self.global_rule.key],
change_type=constants.RULE_POLICY.REMOVE)
fi1 = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(self.local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.APPROVED)
fi2 = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(other_local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.APPROVED)
rule = api.FileRule(
file_catalog_id=1234, file_state=bit9_constants.APPROVAL_STATE.APPROVED)
self.PatchApiRequests([fi1], fi1, [fi2], fi2, rule)
change_set._CommitBlockableChangeSet(self.binary.key)
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'GET', api_route='fileInstance',
query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234']),
mock.call(
'POST', api_route='fileInstance',
data={'id': 9012,
'localState': 1,
'fileCatalogId': 1234,
'computerId': 5678},
query_args=None),
mock.call(
'GET', api_route='fileInstance',
query_args=[r'q=computerId:9012', 'q=fileCatalogId:1234']),
mock.call(
'POST', api_route='fileInstance',
data={'id': 9012,
'localState': 1,
'fileCatalogId': 1234,
'computerId': 9012},
query_args=None),
mock.call(
'POST', api_route='fileRule',
data={'fileCatalogId': 1234, 'fileState': 1}, query_args=None),
])
self.assertTrue(self.local_rule.key.get().is_fulfilled)
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertTrue(other_local_rule.key.get().is_fulfilled)
self.assertTrue(other_local_rule.key.get().is_committed)
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.RULE] * 2)
def _ChangeGlobalState(blockable, new_state):
logging.info('Globally marking %s as %s', blockable.key.id(),
bit9_constants.APPROVAL_STATE.MAP_TO_STR[new_state])
if isinstance(blockable, cert_models.Bit9Certificate):
certs = (api.Certificate.query().filter(
api.Certificate.thumbprint == blockable.key.id()).execute(
bit9_utils.CONTEXT))
assert certs, 'No matching certificates found'
assert len(certs) == 1, 'Multiple matching certificates found'
cert = certs[0]
cert.certificate_state = new_state
cert.put(bit9_utils.CONTEXT)
else:
rule = api.FileRule(file_catalog_id=int(blockable.file_catalog_id),
file_state=new_state)
rule.put(bit9_utils.CONTEXT)
def testBlacklist_GlobalRule(self):
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.global_rule.key],
change_type=constants.RULE_POLICY.BLACKLIST)
rule = api.FileRule(
file_catalog_id=1234,
file_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self.PatchApiRequests(rule)
change_set._CommitBlockableChangeSet(self.binary.key)
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'POST', api_route='fileRule',
data={'fileCatalogId': 1234, 'fileState': 3}, query_args=None)])
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
