def test_positive_update_scap_content_with_newtitle(self):
"""Update scap content title
:id: 2c32e94a-237d-40b9-8a3b-fca2ef26fe79
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell.
2. Execute "scap-content" command with "update" as sub-command.
3. Pass valid parameters and newtitle parameter.
:expectedresults: The scap-content is updated successfully.
:CaseImportance: Critical
:BZ: 1490302
"""
title = gen_string('alpha')
new_title = gen_string('alpha')
scap_content = make_scapcontent({
'title':
title,
'scap-file':
settings.oscap.content_path
})
assert scap_content['title'] == title
Scapcontent.update({'title': title, 'new-title': new_title})
result = Scapcontent.info({'title': new_title}, output_format='json')
assert result['title'] == new_title
def update_scap_content(module_org):
""" Update default scap contents"""
for content in rhel8_content, rhel7_content, rhel6_content:
content = Scapcontent.info({'title': content}, output_format='json')
organization_ids = [content_org['id'] for content_org in content.get('organizations', [])]
organization_ids.append(module_org.id)
Scapcontent.update({'title': content['title'], 'organization-ids': organization_ids})
def test_positive_update_scap_content_with_newtitle(self):
"""Update scap content title
:id: 2c32e94a-237d-40b9-8a3b-fca2ef26fe79
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell.
2. Execute "scap-content" command with "update" as sub-command.
3. Pass valid parameters and newtitle parameter.
:expectedresults: The scap-content is updated successfully.
:caseautomation: automated
:CaseImportance: Critical
"""
title = gen_string('alpha')
new_title = gen_string('alpha')
scap_content = make_scapcontent({
'title': title,
'scap-file': '/tmp/{0}'.format(self.file_name)})
self.assertEqual(scap_content['title'], title)
Scapcontent.update({
'title': title,
'new-title': new_title})
self.assertEqual(scap_content['title'], new_title)
def test_positive_associate_tailoring_file_with_scap(self):
""" Associate a Tailoring file with it’s scap content
:id: 33e7b8ca-2e5f-4886-91b7-1a8763059d14
:setup: scap content and tailoring file
:steps:
1. Create a valid scap content
2. Upload a vaild tailoring file
3. Associate scap content with it’s tailoring file
:expectedresults: Association should be successful
:CaseImportance: Critical
"""
tailoring_name = gen_string('alpha')
content_name = OSCAP_DEFAULT_CONTENT['rhel7_content']
Scapcontent.update({
'title': content_name,
'organizations': self.org_name})
policy_name = gen_string('alpha')
with Session(self) as session:
session.nav.go_to_select_org(self.org_name)
make_oscap_tailoringfile(
session,
name=tailoring_name,
tailoring_path=self.tailoring_path,
tailoring_loc=self.loc_name,
)
self.assertIsNotNone(
self.oscaptailoringfile.search(tailoring_name),
msg="Tailoring file name element not found")
self.assertIsNotNone(
self.oscapcontent.search(content_name))
make_oscappolicy(
session,
content=content_name,
name=policy_name,
period=OSCAP_PERIOD['weekly'],
profile=OSCAP_PROFILE['common'],
tailoring=tailoring_name,
tailoring_profile=OSCAP_PROFILE['tailoring_rhel7'],
period_value=OSCAP_WEEKDAY['friday'],
)
self.assertIsNotNone(
self.oscappolicy.search(policy_name),
msg="scap policy name element not found")
def test_positive_associate_tailoring_file_with_scap(self):
""" Associate a Tailoring file with it’s scap content
:id: 33e7b8ca-2e5f-4886-91b7-1a8763059d14
:setup: scap content and tailoring file
:steps:
1. Create a valid scap content
2. Upload a vaild tailoring file
3. Associate scap content with it’s tailoring file
:expectedresults: Association should be successful
:CaseImportance: Critical
"""
tailoring_name = gen_string('alpha')
content_name = OSCAP_DEFAULT_CONTENT['rhel7_content']
Scapcontent.update({
'title': content_name,
'organizations': self.org_name
})
policy_name = gen_string('alpha')
with Session(self) as session:
session.nav.go_to_select_org(self.org_name)
make_oscap_tailoringfile(
session,
name=tailoring_name,
tailoring_path=self.tailoring_path,
tailoring_loc=self.loc_name,
)
self.assertIsNotNone(
self.oscaptailoringfile.search(tailoring_name),
msg="Tailoring file name element not found")
self.assertIsNotNone(self.oscapcontent.search(content_name))
make_oscappolicy(
session,
content=content_name,
name=policy_name,
period=OSCAP_PERIOD['weekly'],
profile=OSCAP_PROFILE['common'],
tailoring=tailoring_name,
tailoring_profile=OSCAP_PROFILE['tailoring_rhel7'],
period_value=OSCAP_WEEKDAY['friday'],
)
self.assertIsNotNone(self.oscappolicy.search(policy_name),
msg="scap policy name element not found")
def test_positive_update_scap_content_with_newtitle(self):
"""Update scap content title
:id: 2c32e94a-237d-40b9-8a3b-fca2ef26fe79
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell.
2. Execute "scap-content" command with "update" as sub-command.
3. Pass valid parameters and newtitle parameter.
:expectedresults: The scap-content is updated successfully.
:CaseImportance: Critical
"""
title = gen_string('alpha')
new_title = gen_string('alpha')
scap_content = make_scapcontent({
'title':
title,
'scap-file':
'/tmp/{0}'.format(self.file_name)
})
self.assertEqual(scap_content['title'], title)
result = Scapcontent.update({'title': title, 'new-title': new_title})
if bz_bug_is_open(1496810):
result = Scapcontent.info({'title': new_title},
output_format='json')
self.assertEqual(result['title'], new_title)
def configure_puppet_test(cls):
"""Sets up the whole provisioning environment needed for Puppet based
end-to-end tests like OSCAP etc
:returns: A dict of entities to help with provisioning
"""
cls.rhel6_content = OSCAP_DEFAULT_CONTENT['rhel6_content']
cls.rhel7_content = OSCAP_DEFAULT_CONTENT['rhel7_content']
cls.rhel8_content = OSCAP_DEFAULT_CONTENT['rhel8_content']
sat6_hostname = settings.server.hostname
proxy = Proxy.list({'search': sat6_hostname})[0]
p_features = set(proxy.get('features').split(', '))
if {'Puppet', 'Ansible', 'Openscap'}.issubset(p_features):
cls.proxy_id = proxy.get('id')
else:
raise ProxyError(
'Some features like Puppet, DHCP, Openscap, Ansible are not present'
)
ak_name_8 = gen_string('alpha')
ak_name_7 = gen_string('alpha')
ak_name_6 = gen_string('alpha')
repo_values = [
{
'repo': settings.sattools_repo['rhel8'],
'akname': ak_name_8
},
{
'repo': settings.sattools_repo['rhel7'],
'akname': ak_name_7
},
{
'repo': settings.sattools_repo['rhel6'],
'akname': ak_name_6
},
]
# Create new organization and environment.
org = entities.Organization(name=gen_string('alpha')).create()
cls.puppet_env = (entities.Environment().search(
query={'search': 'name=production'})[0].read())
cls.puppet_env.organization.append(org)
cls.puppet_env = cls.puppet_env.update(['organization'])
smart_proxy = (entities.SmartProxy().search(
query={'search': f'name={sat6_hostname}'})[0].read())
smart_proxy.import_puppetclasses(environment=cls.puppet_env.name)
env = entities.LifecycleEnvironment(organization=org,
name=gen_string('alpha')).create()
# Create content view
content_view = entities.ContentView(organization=org,
name=gen_string('alpha')).create()
# Create activation keys for rhel6, rhel7 and rhel8.
for repo in repo_values:
activation_key = entities.ActivationKey(name=repo.get('akname'),
environment=env,
organization=org).create()
# Setup org for a custom repo for RHEL6, RHEL7 and RHEL8.
setup_org_for_a_custom_repo({
'url': repo.get('repo'),
'organization-id': org.id,
'content-view-id': content_view.id,
'lifecycle-environment-id': env.id,
'activationkey-id': activation_key.id,
})
for content in cls.rhel8_content, cls.rhel7_content, cls.rhel6_content:
content = Scapcontent.info({'title': content},
output_format='json')
organization_ids = [
content_org['id']
for content_org in content.get('organizations', [])
]
organization_ids.append(org.id)
Scapcontent.update({
'title': content['title'],
'organization-ids': organization_ids
})
return {
'org_name': org.name,
'cv_name': content_view.name,
'sat6_hostname': settings.server.hostname,
'ak_name': {
'rhel8': ak_name_8,
'rhel7': ak_name_7,
'rhel6': ak_name_6
},
'env_name': env.name,
}
def test_positive_push_updated_content(self):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f
:expectedresults: Satellite should push updated content to Clients and
satellite should get updated reports
:CaseLevel: System
:BZ: 1420439, 1722475
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox']
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
Scapcontent.update({
'title': content_update,
'organizations': self.config_env['org_name']
})
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
})
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
# host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
self.assertTrue(vm.subscribed)
vm.configure_puppet(vm_values.get('rhel_repo'))
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'puppet-environment-id': self.puppet_env.id,
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search':
'host={0}'.format(vm.hostname.lower()),
'per-page':
1
})
self.assertIsNotNone(arf_report)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox'])
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': policy_values.get('policy'),
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
self.assertIsNot(result, updated_result)
self.assertEqual(updated_result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
self.assertIsNotNone(
Arfreport.list(
{'search': 'host={0}'.format(vm.hostname.lower())}))
def configure_puppet_test(cls):
"""Sets up the whole provisioning environment needed for Puppet based
end-to-end tests like OSCAP etc
:returns: A dict of entities to help with provisioning
"""
cls.rhel6_content = OSCAP_DEFAULT_CONTENT['rhel6_content']
cls.rhel7_content = OSCAP_DEFAULT_CONTENT['rhel7_content']
sat6_hostname = settings.server.hostname
ak_name_7 = gen_string('alpha')
ak_name_6 = gen_string('alpha')
repo_values = [
{
'repo': settings.sattools_repo['rhel6'],
'akname': ak_name_6
},
{
'repo': settings.sattools_repo['rhel7'],
'akname': ak_name_7
},
]
# Create new organization and environment.
org = entities.Organization(name=gen_string('alpha')).create()
loc = entities.Location(name=DEFAULT_LOC).search()[0].read()
puppet_env = entities.Environment().search(
query={u'search': u'name=production'})[0].read()
puppet_env.location.append(loc)
puppet_env.organization.append(org)
puppet_env = puppet_env.update(['location', 'organization'])
Proxy.import_classes({
u'environment': puppet_env.name,
u'name': sat6_hostname,
})
env = entities.LifecycleEnvironment(organization=org,
name=gen_string('alpha')).create()
# Create content view
content_view = entities.ContentView(organization=org,
name=gen_string('alpha')).create()
# Create two activation keys for rhel7 and rhel6
for repo in repo_values:
activation_key = entities.ActivationKey(
name=repo.get('akname'),
environment=env,
organization=org,
).create()
# Setup org for a custom repo for RHEL6 and RHEL7
setup_org_for_a_custom_repo({
'url': repo.get('repo'),
'organization-id': org.id,
'content-view-id': content_view.id,
'lifecycle-environment-id': env.id,
'activationkey-id': activation_key.id
})
for content in cls.rhel6_content, cls.rhel7_content:
Scapcontent.update({'title': content, 'organizations': org.name})
return {
'org_name': org.name,
'cv_name': content_view.name,
'sat6_hostname': settings.server.hostname,
'ak_name': {
'rhel7': ak_name_7,
'rhel6': ak_name_6
},
'env_name': env.name,
}
def configure_puppet_test(cls):
"""Sets up the whole provisioning environment needed for Puppet based
end-to-end tests like OSCAP etc
:returns: A dict of entities to help with provisioning
"""
cls.rhel6_content = OSCAP_DEFAULT_CONTENT['rhel6_content']
cls.rhel7_content = OSCAP_DEFAULT_CONTENT['rhel7_content']
sat6_hostname = settings.server.hostname
ak_name_7 = gen_string('alpha')
ak_name_6 = gen_string('alpha')
repo_values = [
{
'repo': REPOS['rhst6']['name'],
'reposet': REPOSET['rhst6'],
'akname': ak_name_6
},
{
'repo': REPOS['rhst7']['name'],
'reposet': REPOSET['rhst7'],
'akname': ak_name_7
},
]
# Create new organization and environment.
org = entities.Organization(name=gen_string('alpha')).create()
loc = entities.Location(name=DEFAULT_LOC).search()[0].read()
puppet_env = entities.Environment().search(
query={u'search': u'name=production'})[0].read()
puppet_env.location.append(loc)
puppet_env.organization.append(org)
puppet_env = puppet_env.update(['location', 'organization'])
Proxy.import_classes({
u'environment': puppet_env.name,
u'name': sat6_hostname,
})
env = entities.LifecycleEnvironment(
organization=org,
name=gen_string('alpha')
).create()
# Clone and Upload manifest
with manifests.clone() as manifest:
upload_manifest(org.id, manifest.content)
# Create content view
content_view = entities.ContentView(
organization=org,
name=gen_string('alpha')
).create()
# Create two activation keys for rhel7 and rhel6
for repo in repo_values:
activation_key = entities.ActivationKey(
name=repo.get('akname'),
environment=env,
organization=org,
).create()
# Setup org for a RH or custom repo for RHEL6 and RHEL7
setup_org_for_a_rh_repo({
'product': PRDS['rhel'],
'repository-set': repo.get('reposet'),
'repository': repo.get('repo'),
'organization-id': org.id,
'content-view-id': content_view.id,
'lifecycle-environment-id': env.id,
'activationkey-id': activation_key.id,
})
for content in cls.rhel6_content, cls.rhel7_content:
Scapcontent.update({
'title': content,
'organizations': org.name})
return {
'org_name': org.name,
'cv_name': content_view.name,
'sat6_hostname': settings.server.hostname,
'ak_name': {'rhel7': ak_name_7, 'rhel6': ak_name_6},
'env_name': env.name,
}
def test_positive_push_updated_content(self):
"""Perform end to end oscap test, and push the updated scap content
after first run.
:id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f
:expectedresults: Satellite should push updated content to Clients and
satellite should get updated reports
:CaseLevel: System
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox']
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
Scapcontent.update({
'title': content_update,
'organizations': self.config_env['org_name']
})
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'),
policy_values.get('profile')
)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
# host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os)
)
self.assertTrue(vm.subscribed)
vm.configure_puppet(vm_values.get('rhel_repo'))
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep content_path'
)
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list(
{
'search': 'host={0}'.format(vm.hostname.lower()),
'per-page': 1
})
self.assertIsNotNone(arf_report)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox']
)
Scappolicy.update({
'scap-content-id': scap_id,
'name': policy_values.get('policy'),
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
updated_result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep content_path'
)
self.assertIsNot(result, updated_result)
self.assertEqual(updated_result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
self.assertIsNotNone(
Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))
