def scap_content(module_org, module_location, oscap_content_path): """ Import Ansible roles, Ansible variables, create Scap content.""" # Import Ansible roles and variables. Ansible.roles_import({'proxy-id': 1}) Ansible.variables_import({'proxy-id': 1}) sc_title = gen_string('alpha') entity = entities.ScapContents().search( query={'search': f'title="{sc_title}"'}) # Create Scap content. if not entity: result = entities.ScapContents( title=f"{sc_title}", scap_file=f"{oscap_content_path}", organization=[module_org], location=[module_location], ).create() else: result = entities.ScapContents(id=entity[0].id).read() scap_profile_id_rhel7 = [ profile['id'] for profile in result.scap_content_profiles if OSCAP_PROFILE['security7'] in profile['title'] ][0] return (result, scap_profile_id_rhel7)
def scap_content(import_ansible_roles, import_puppet_classes): title = f"rhel-content-{gen_string('alpha')}" scap_info = make_scapcontent({'title': title, 'scap-file': f'{settings.oscap.content_path}'}) scap_id = scap_info['id'] scap_info = entities.ScapContents(id=scap_id).read() scap_profile_id = [ profile['id'] for profile in scap_info.scap_content_profiles if OSCAP_PROFILE['security7'] in profile['title'] ][0] return { "title": title, "scap_id": scap_id, "scap_profile_id": scap_profile_id, }
def scap(content_type, content_name): """This function is used for deleting old scap contents and policy and it use create_policy for creating new policies. :param content_type: Search result of scap-content or compliance-policy entity. :param str content_name: Name assigned to searched entity. """ for entity in range(len(content_type)): if content_name == "updated_scap_content": if updated_scap_content[entity].title == scap_content_name[0]: create_policy(updated_scap_content[entity], compliance_policies[0]) elif updated_scap_content[entity].title == scap_content_name[ 1]: create_policy(updated_scap_content[entity], compliance_policies[1]) elif content_name == "policies_search": entities.CompliancePolicies( id=policies_search[entity].id).delete() elif content_name == "scap_content_search": entities.ScapContents( id=scap_content_search[entity].id).delete()
def create_policy(scap_content, policy_name): """This function is used for creating scap policy :param scap_content: Name of scap-content to be used while creating policy. :param str policy_name: Name of policy to be created. """ org = entities.Organization().search( query={'search': 'name="{}"'.format("Default Organization")})[0] loc = entities.Location().search( query={'search': 'name="Default Location"'})[0] scap_content_profile_id = entities.ScapContents( id=scap_content.id).read().scap_content_profiles[0]['id'] entities.CompliancePolicies( name=policy_name, scap_content_id=scap_content.id, scap_content_profile_id=scap_content_profile_id, deploy_by='puppet', organization=[org], location=[loc], period='weekly', weekday='monday', ).create()
def test_positive_check_dashboard( session, module_host_group, default_location, default_org, oscap_content_path, import_ansible_roles, ): """Create OpenScap Policy which is connected to the host. That policy dashboard should be rendered and correctly display information about the host :id: 3c1575cb-f290-4d99-bb86-61b9ca6a62eb :customerscenario: true :Steps: 1. Create new host group 2. Create new host using host group from step 1 3. Create an openscap content. 4. Create an openscap Policy using host group from step 1 :expectedresults: Policy dashboard rendered properly and has necessary data :BZ: 1424936 :CaseLevel: Integration """ name = gen_string('alpha') oscap_content_title = gen_string('alpha') lce = entities.LifecycleEnvironment(organization=default_org).create() content_view = entities.ContentView(organization=default_org).create() content_view.publish() content_view = content_view.read() promote(content_view.version[0], environment_id=lce.id) entities.Host( hostgroup=module_host_group, location=default_location, organization=default_org, content_facet_attributes={ 'content_view_id': content_view.id, 'lifecycle_environment_id': lce.id, }, ).create() entities.ScapContents( title=oscap_content_title, scap_file=oscap_content_path, organization=[default_org], location=[default_location], ).create() with session: session.organization.select(org_name=default_org.name) session.location.select(loc_name=default_location.name) session.oscappolicy.create( { 'deployment_options.deploy_by': 'ansible', 'policy_attributes.name': name, 'scap_content.scap_content_resource': oscap_content_title, 'scap_content.xccdf_profile': OSCAP_PROFILE['security7'], 'schedule.period': 'Weekly', 'schedule.period_selection.weekday': 'Friday', 'locations.resources.assigned': [default_location.name], 'organizations.resources.assigned': [default_org.name], 'host_group.resources.assigned': [module_host_group.name], } ) policy_details = session.oscappolicy.details(name) assert policy_details['HostsBreakdownStatus']['total_count'] == 1
def test_positive_end_to_end( session, module_host_group, default_location, default_org, oscap_content_path, tailoring_file_path, import_ansible_roles, ): """Perform end to end testing for oscap policy component :id: 39c26f89-3147-4f27-bf5e-810f0ba721d8 :expectedresults: All expected CRUD actions finished successfully :CaseLevel: Integration :CaseImportance: Critical """ name = '{} {}'.format(gen_string('alpha'), gen_string('alpha')) new_name = gen_string('alpha') description = gen_string('alpha') oscap_content_title = gen_string('alpha') tailoring_name = gen_string('alpha') profile_type = OSCAP_PROFILE['security7'] tailoring_type = OSCAP_PROFILE['tailoring_rhel7'] # Upload oscap content file entities.ScapContents( title=oscap_content_title, scap_file=oscap_content_path, organization=[default_org], location=[default_location], ).create() # Upload tailoring file entities.TailoringFile( name=tailoring_name, scap_file=tailoring_file_path['local'], organization=[default_org], location=[default_location], ).create() with session: session.organization.select(org_name=default_org.name) session.location.select(loc_name=default_location.name) # Create new oscap policy with assigned content and tailoring file session.oscappolicy.create( { 'deployment_options.deploy_by': 'ansible', 'policy_attributes.name': name, 'policy_attributes.description': description, 'scap_content.scap_content_resource': oscap_content_title, 'scap_content.xccdf_profile': profile_type, 'scap_content.tailoring_file': tailoring_name, 'scap_content.xccdf_profile_tailoring_file': tailoring_type, 'schedule.period': 'Monthly', 'schedule.period_selection.day_of_month': '5', 'locations.resources.assigned': [default_location.name], 'organizations.resources.assigned': [default_org.name], 'host_group.resources.assigned': [module_host_group.name], } ) assert session.oscappolicy.search(name)[0]['Name'] == name # Check that created entity has expected values oscappolicy_values = session.oscappolicy.read(name) assert oscappolicy_values['deployment_options']['deploy_by'] == 'ansible' assert oscappolicy_values['general']['name'] == name assert oscappolicy_values['general']['description'] == description assert oscappolicy_values['scap_content']['scap_content'] == oscap_content_title assert oscappolicy_values['scap_content']['xccdf_profile'] == profile_type assert oscappolicy_values['scap_content']['tailoring_file'] == tailoring_name assert oscappolicy_values['scap_content']['xccdf_profile_tailoring_file'] == tailoring_type assert oscappolicy_values['schedule']['period'] == 'Monthly' assert oscappolicy_values['schedule']['period_selection']['day_of_month'] == '5' assert default_location.name in oscappolicy_values['locations']['resources']['assigned'] assert default_org.name in oscappolicy_values['organizations']['resources']['assigned'] assert oscappolicy_values['host_group']['resources']['assigned'] == [module_host_group.name] # Update oscap policy with new name session.oscappolicy.update(name, {'general.name': new_name}) oscappolicy_values = session.oscappolicy.read(new_name) assert oscappolicy_values['general']['name'] == new_name assert not session.oscappolicy.search(name) # Delete oscap policy entity session.oscappolicy.delete(new_name) assert not session.oscappolicy.search(new_name)
def update_scap_content(): """ The purpose of this function is to perform deletion of old scap-contents and then uploading new scap-contents. It also deletes scap-policies and creates new scap-policies with new scap-contents. """ def create_policy(scap_content, policy_name): """This function is used for creating scap policy :param scap_content: Name of scap-content to be used while creating policy. :param str policy_name: Name of policy to be created. """ org = entities.Organization().search( query={'search': 'name="{}"'.format("Default Organization")})[0] loc = entities.Location().search( query={'search': 'name="Default Location"'})[0] scap_content_profile_id = entities.ScapContents( id=scap_content.id).read().scap_content_profiles[0]['id'] entities.CompliancePolicies( name=policy_name, scap_content_id=scap_content.id, scap_content_profile_id=scap_content_profile_id, deploy_by='puppet', organization=[org], location=[loc], period='weekly', weekday='monday', ).create() def scap(content_type, content_name): """This function is used for deleting old scap contents and policy and it use create_policy for creating new policies. :param content_type: Search result of scap-content or compliance-policy entity. :param str content_name: Name assigned to searched entity. """ for entity in range(len(content_type)): if content_name == "updated_scap_content": if updated_scap_content[entity].title == scap_content_name[0]: create_policy(updated_scap_content[entity], compliance_policies[0]) elif updated_scap_content[entity].title == scap_content_name[ 1]: create_policy(updated_scap_content[entity], compliance_policies[1]) elif content_name == "policies_search": entities.CompliancePolicies( id=policies_search[entity].id).delete() elif content_name == "scap_content_search": entities.ScapContents( id=scap_content_search[entity].id).delete() compliance_policies = ['RHEL 7 policy', 'RHEL 6 policy'] scap_content_name = [ 'Red Hat rhel7 default content', 'Red Hat rhel6 default content' ] scap_content_search = entities.ScapContents().search() policies_search = entities.CompliancePolicies().search() scap(policies_search, "policies_search") scap(scap_content_search, "scap_content_search") run('foreman-rake foreman_openscap:bulk_upload:default') updated_scap_content = entities.ScapContents().search() scap(updated_scap_content, "updated_scap_content")