def scap_content(module_org, module_location, oscap_content_path):
""" Import Ansible roles, Ansible variables, create Scap content."""
# Import Ansible roles and variables.
Ansible.roles_import({'proxy-id': 1})
Ansible.variables_import({'proxy-id': 1})
sc_title = gen_string('alpha')
entity = entities.ScapContents().search(
query={'search': f'title="{sc_title}"'})
# Create Scap content.
if not entity:
result = entities.ScapContents(
title=f"{sc_title}",
scap_file=f"{oscap_content_path}",
organization=[module_org],
location=[module_location],
).create()
else:
result = entities.ScapContents(id=entity[0].id).read()
scap_profile_id_rhel7 = [
profile['id'] for profile in result.scap_content_profiles
if OSCAP_PROFILE['security7'] in profile['title']
][0]
return (result, scap_profile_id_rhel7)
def scap_content(import_ansible_roles, import_puppet_classes):
title = f"rhel-content-{gen_string('alpha')}"
scap_info = make_scapcontent({'title': title, 'scap-file': f'{settings.oscap.content_path}'})
scap_id = scap_info['id']
scap_info = entities.ScapContents(id=scap_id).read()
scap_profile_id = [
profile['id']
for profile in scap_info.scap_content_profiles
if OSCAP_PROFILE['security7'] in profile['title']
][0]
return {
"title": title,
"scap_id": scap_id,
"scap_profile_id": scap_profile_id,
}
def scap(content_type, content_name):
"""This function is used for deleting old scap contents and policy
and it use create_policy for creating new policies.
:param content_type: Search result of scap-content or compliance-policy entity.
:param str content_name: Name assigned to searched entity.
"""
for entity in range(len(content_type)):
if content_name == "updated_scap_content":
if updated_scap_content[entity].title == scap_content_name[0]:
create_policy(updated_scap_content[entity],
compliance_policies[0])
elif updated_scap_content[entity].title == scap_content_name[
1]:
create_policy(updated_scap_content[entity],
compliance_policies[1])
elif content_name == "policies_search":
entities.CompliancePolicies(
id=policies_search[entity].id).delete()
elif content_name == "scap_content_search":
entities.ScapContents(
id=scap_content_search[entity].id).delete()
def create_policy(scap_content, policy_name):
"""This function is used for creating scap policy
:param scap_content: Name of scap-content to be used while creating policy.
:param str policy_name: Name of policy to be created.
"""
org = entities.Organization().search(
query={'search': 'name="{}"'.format("Default Organization")})[0]
loc = entities.Location().search(
query={'search': 'name="Default Location"'})[0]
scap_content_profile_id = entities.ScapContents(
id=scap_content.id).read().scap_content_profiles[0]['id']
entities.CompliancePolicies(
name=policy_name,
scap_content_id=scap_content.id,
scap_content_profile_id=scap_content_profile_id,
deploy_by='puppet',
organization=[org],
location=[loc],
period='weekly',
weekday='monday',
).create()
def test_positive_check_dashboard(
session,
module_host_group,
default_location,
default_org,
oscap_content_path,
import_ansible_roles,
):
"""Create OpenScap Policy which is connected to the host. That policy
dashboard should be rendered and correctly display information about
the host
:id: 3c1575cb-f290-4d99-bb86-61b9ca6a62eb
:customerscenario: true
:Steps:
1. Create new host group
2. Create new host using host group from step 1
3. Create an openscap content.
4. Create an openscap Policy using host group from step 1
:expectedresults: Policy dashboard rendered properly and has necessary
data
:BZ: 1424936
:CaseLevel: Integration
"""
name = gen_string('alpha')
oscap_content_title = gen_string('alpha')
lce = entities.LifecycleEnvironment(organization=default_org).create()
content_view = entities.ContentView(organization=default_org).create()
content_view.publish()
content_view = content_view.read()
promote(content_view.version[0], environment_id=lce.id)
entities.Host(
hostgroup=module_host_group,
location=default_location,
organization=default_org,
content_facet_attributes={
'content_view_id': content_view.id,
'lifecycle_environment_id': lce.id,
},
).create()
entities.ScapContents(
title=oscap_content_title,
scap_file=oscap_content_path,
organization=[default_org],
location=[default_location],
).create()
with session:
session.organization.select(org_name=default_org.name)
session.location.select(loc_name=default_location.name)
session.oscappolicy.create(
{
'deployment_options.deploy_by': 'ansible',
'policy_attributes.name': name,
'scap_content.scap_content_resource': oscap_content_title,
'scap_content.xccdf_profile': OSCAP_PROFILE['security7'],
'schedule.period': 'Weekly',
'schedule.period_selection.weekday': 'Friday',
'locations.resources.assigned': [default_location.name],
'organizations.resources.assigned': [default_org.name],
'host_group.resources.assigned': [module_host_group.name],
}
)
policy_details = session.oscappolicy.details(name)
assert policy_details['HostsBreakdownStatus']['total_count'] == 1
def test_positive_end_to_end(
session,
module_host_group,
default_location,
default_org,
oscap_content_path,
tailoring_file_path,
import_ansible_roles,
):
"""Perform end to end testing for oscap policy component
:id: 39c26f89-3147-4f27-bf5e-810f0ba721d8
:expectedresults: All expected CRUD actions finished successfully
:CaseLevel: Integration
:CaseImportance: Critical
"""
name = '{} {}'.format(gen_string('alpha'), gen_string('alpha'))
new_name = gen_string('alpha')
description = gen_string('alpha')
oscap_content_title = gen_string('alpha')
tailoring_name = gen_string('alpha')
profile_type = OSCAP_PROFILE['security7']
tailoring_type = OSCAP_PROFILE['tailoring_rhel7']
# Upload oscap content file
entities.ScapContents(
title=oscap_content_title,
scap_file=oscap_content_path,
organization=[default_org],
location=[default_location],
).create()
# Upload tailoring file
entities.TailoringFile(
name=tailoring_name,
scap_file=tailoring_file_path['local'],
organization=[default_org],
location=[default_location],
).create()
with session:
session.organization.select(org_name=default_org.name)
session.location.select(loc_name=default_location.name)
# Create new oscap policy with assigned content and tailoring file
session.oscappolicy.create(
{
'deployment_options.deploy_by': 'ansible',
'policy_attributes.name': name,
'policy_attributes.description': description,
'scap_content.scap_content_resource': oscap_content_title,
'scap_content.xccdf_profile': profile_type,
'scap_content.tailoring_file': tailoring_name,
'scap_content.xccdf_profile_tailoring_file': tailoring_type,
'schedule.period': 'Monthly',
'schedule.period_selection.day_of_month': '5',
'locations.resources.assigned': [default_location.name],
'organizations.resources.assigned': [default_org.name],
'host_group.resources.assigned': [module_host_group.name],
}
)
assert session.oscappolicy.search(name)[0]['Name'] == name
# Check that created entity has expected values
oscappolicy_values = session.oscappolicy.read(name)
assert oscappolicy_values['deployment_options']['deploy_by'] == 'ansible'
assert oscappolicy_values['general']['name'] == name
assert oscappolicy_values['general']['description'] == description
assert oscappolicy_values['scap_content']['scap_content'] == oscap_content_title
assert oscappolicy_values['scap_content']['xccdf_profile'] == profile_type
assert oscappolicy_values['scap_content']['tailoring_file'] == tailoring_name
assert oscappolicy_values['scap_content']['xccdf_profile_tailoring_file'] == tailoring_type
assert oscappolicy_values['schedule']['period'] == 'Monthly'
assert oscappolicy_values['schedule']['period_selection']['day_of_month'] == '5'
assert default_location.name in oscappolicy_values['locations']['resources']['assigned']
assert default_org.name in oscappolicy_values['organizations']['resources']['assigned']
assert oscappolicy_values['host_group']['resources']['assigned'] == [module_host_group.name]
# Update oscap policy with new name
session.oscappolicy.update(name, {'general.name': new_name})
oscappolicy_values = session.oscappolicy.read(new_name)
assert oscappolicy_values['general']['name'] == new_name
assert not session.oscappolicy.search(name)
# Delete oscap policy entity
session.oscappolicy.delete(new_name)
assert not session.oscappolicy.search(new_name)
def update_scap_content():
""" The purpose of this function is to perform deletion of old scap-contents
and then uploading new scap-contents. It also deletes scap-policies and creates
new scap-policies with new scap-contents. """
def create_policy(scap_content, policy_name):
"""This function is used for creating scap policy
:param scap_content: Name of scap-content to be used while creating policy.
:param str policy_name: Name of policy to be created.
"""
org = entities.Organization().search(
query={'search': 'name="{}"'.format("Default Organization")})[0]
loc = entities.Location().search(
query={'search': 'name="Default Location"'})[0]
scap_content_profile_id = entities.ScapContents(
id=scap_content.id).read().scap_content_profiles[0]['id']
entities.CompliancePolicies(
name=policy_name,
scap_content_id=scap_content.id,
scap_content_profile_id=scap_content_profile_id,
deploy_by='puppet',
organization=[org],
location=[loc],
period='weekly',
weekday='monday',
).create()
def scap(content_type, content_name):
"""This function is used for deleting old scap contents and policy
and it use create_policy for creating new policies.
:param content_type: Search result of scap-content or compliance-policy entity.
:param str content_name: Name assigned to searched entity.
"""
for entity in range(len(content_type)):
if content_name == "updated_scap_content":
if updated_scap_content[entity].title == scap_content_name[0]:
create_policy(updated_scap_content[entity],
compliance_policies[0])
elif updated_scap_content[entity].title == scap_content_name[
1]:
create_policy(updated_scap_content[entity],
compliance_policies[1])
elif content_name == "policies_search":
entities.CompliancePolicies(
id=policies_search[entity].id).delete()
elif content_name == "scap_content_search":
entities.ScapContents(
id=scap_content_search[entity].id).delete()
compliance_policies = ['RHEL 7 policy', 'RHEL 6 policy']
scap_content_name = [
'Red Hat rhel7 default content', 'Red Hat rhel6 default content'
]
scap_content_search = entities.ScapContents().search()
policies_search = entities.CompliancePolicies().search()
scap(policies_search, "policies_search")
scap(scap_content_search, "scap_content_search")
run('foreman-rake foreman_openscap:bulk_upload:default')
updated_scap_content = entities.ScapContents().search()
scap(updated_scap_content, "updated_scap_content")