def test_check_package_presence(request, fleecing_vm, ssh_client, analysis_profile): """This test checks compliance by presence of a certain cfme-appliance package which is expected to be present on an appliance.""" # TODO: If we step out from provisioning a full appliance for fleecing, this might need revisit condition = VMCondition( "Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)), expression=("fill_find(field=VM and Instance.Guest Applications : Name, " "skey=STARTS WITH, value=cfme-appliance, check=Check Count, ckey= = , cvalue=1)") ) request.addfinalizer(lambda: diaper(condition.delete)) policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile( "Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)), policies=[policy] ) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() fleecing_vm.assign_policy_profiles(profile.description) request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description)) with update(analysis_profile): analysis_profile.categories = [ "check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"] do_scan(fleecing_vm) assert fleecing_vm.check_compliance_and_wait()
def test_check_files(request, fleecing_vm, ssh_client, analysis_profile): """This test checks presence and contents of a certain file. Due to caching, an existing file is checked. """ check_file_name = "/etc/sudo.conf" check_file_contents = "sudoers_policy" # The file contains: `Plugin sudoers_policy sudoers.so` condition = VMCondition( "Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)), expression=("fill_find(VM and Instance.Files : Name, " "=, {}, Check Any, Contents, INCLUDES, {})".format( check_file_name, check_file_contents)) ) request.addfinalizer(lambda: diaper(condition.delete)) policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile( "Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)), policies=[policy] ) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() fleecing_vm.assign_policy_profiles(profile.description) request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description)) with update(analysis_profile): analysis_profile.files = [(check_file_name, True)] analysis_profile.categories = [ "check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"] do_scan(fleecing_vm, ("Configuration", "Files")) assert fleecing_vm.check_compliance_and_wait()
def test_check_package_presence(request, fleecing_vm, ssh_client, vm_analysis, analysis_profile): """This test checks compliance by presence of a certain cfme-appliance package which is expected to be present on an appliance.""" # TODO: If we step out from provisioning a full appliance for fleecing, this might need revisit condition = VMCondition( "Compliance testing condition {}".format( fauxfactory.gen_alphanumeric(8)), expression= ("fill_find(field=VM and Instance.Guest Applications : Name, " "skey=STARTS WITH, value=cfme-appliance, check=Check Count, ckey= = , cvalue=1)" )) request.addfinalizer(lambda: diaper(condition.delete)) policy = VMCompliancePolicy("Compliance {}".format( fauxfactory.gen_alphanumeric(8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile("Compliance PP {}".format( fauxfactory.gen_alphanumeric(8)), policies=[policy]) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() fleecing_vm.assign_policy_profiles(profile.description) request.addfinalizer( lambda: fleecing_vm.unassign_policy_profiles(profile.description)) with update(analysis_profile): analysis_profile.categories = [ "check_services", "check_accounts", "check_software", "check_vmconfig", "check_system" ] do_scan(fleecing_vm) assert fleecing_vm.check_compliance_and_wait()
def test_check_files(request, fleecing_vm, ssh_client, check_file_name, analysis_profile): """This test checks presence and contents of a certain file. First the non-compliance is enforced by not having the file, then the compliance is checked against existing file and it is expected to be compliant. """ contents = generate_random_string(size=12) condition = VMCondition( "Compliance testing condition {}".format(generate_random_string(size=8)), expression=("fill_find(VM and Instance.Files : Name, " "=, {}, Check Any, Contents, INCLUDES, {})".format(check_file_name, contents)) ) request.addfinalizer(lambda: diaper(condition.delete)) policy = VMCompliancePolicy("Compliance {}".format(generate_random_string(size=8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile( "Compliance PP {}".format(generate_random_string(size=8)), policies=[policy] ) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() fleecing_vm.assign_policy_profiles(profile.description) request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description)) with update(analysis_profile): analysis_profile.files = [("/root/*", True)] analysis_profile.categories = [ "check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"] # Non-compliant ssh_client.run_command("rm -f {}".format(check_file_name)) do_scan(fleecing_vm) assert not fleecing_vm.check_compliance_and_wait() # Compliant ssh_client.run_command("echo {} > {}".format(contents, check_file_name)) do_scan(fleecing_vm) assert fleecing_vm.check_compliance_and_wait()
def test_scope_windows_registry_stuck(request, setup_a_provider): """If you provide Scope checking windows registry, it messes CFME up. Recoverable.""" policy = VMCompliancePolicy( "Windows registry scope glitch testing Compliance Policy", active=True, scope= r"fill_registry(HKLM\SOFTWARE\Microsoft\CurrentVersion\Uninstall\test, " r"some value, INCLUDES, some content)") request.addfinalizer(lambda: policy.delete() if policy.exists else None) policy.create() profile = PolicyProfile( "Windows registry scope glitch testing Compliance Policy", policies=[policy]) request.addfinalizer(lambda: profile.delete() if profile.exists else None) profile.create() # Now assign this malformed profile to a VM vm = get_first_vm_title() assign_policy_profiles(vm, profile.description, via_details=True) # It should be screwed here, but do additional check pytest.sel.force_navigate("dashboard") pytest.sel.force_navigate("infrastructure_virtual_machines") assert "except" not in pytest.sel.title().lower() unassign_policy_profiles(vm, profile.description, via_details=True)
def test_scope_windows_registry_stuck(request, setup_a_provider): """If you provide Scope checking windows registry, it messes CFME up. Recoverable.""" policy = VMCompliancePolicy( "Windows registry scope glitch testing Compliance Policy", active=True, scope=r"fill_registry(HKLM\SOFTWARE\Microsoft\CurrentVersion\Uninstall\test, " r"some value, INCLUDES, some content)" ) request.addfinalizer(lambda: policy.delete() if policy.exists else None) policy.create() profile = PolicyProfile( "Windows registry scope glitch testing Compliance Policy", policies=[policy] ) request.addfinalizer(lambda: profile.delete() if profile.exists else None) profile.create() # Now assign this malformed profile to a VM vm = VM.factory(Vm.get_first_vm_title(provider=setup_a_provider), setup_a_provider) vm.assign_policy_profiles(profile.description) # It should be screwed here, but do additional check pytest.sel.force_navigate("dashboard") pytest.sel.force_navigate("infrastructure_virtual_machines") assert "except" not in pytest.sel.title().lower() vm.unassign_policy_profiles(profile.description)
def test_check_files(request, fleecing_vm, ssh_client, analysis_profile): """This test checks presence and contents of a certain file. Due to caching, an existing file is checked. """ check_file_name = "/etc/sudo.conf" check_file_contents = "sudoers_policy" # The file contains: `Plugin sudoers_policy sudoers.so` condition = VMCondition( "Compliance testing condition {}".format( fauxfactory.gen_alphanumeric(8)), expression=("fill_find(VM and Instance.Files : Name, " "=, {}, Check Any, Contents, INCLUDES, {})".format( check_file_name, check_file_contents))) request.addfinalizer(lambda: diaper(condition.delete)) policy = VMCompliancePolicy("Compliance {}".format( fauxfactory.gen_alphanumeric(8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile("Compliance PP {}".format( fauxfactory.gen_alphanumeric(8)), policies=[policy]) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() fleecing_vm.assign_policy_profiles(profile.description) request.addfinalizer( lambda: fleecing_vm.unassign_policy_profiles(profile.description)) with update(analysis_profile): analysis_profile.files = [(check_file_name, True)] analysis_profile.categories = [ "check_services", "check_accounts", "check_software", "check_vmconfig", "check_system" ] do_scan(fleecing_vm, ("Configuration", "Files")) assert fleecing_vm.check_compliance_and_wait()