def test_one_time_compliance_check_one_ok_tuple(self):
query, _, distributed_query = self._force_query(
force_pack=True,
force_compliance_check=True,
force_distributed_query=True
)
compliance_check = query.compliance_check
serial_number = get_random_string()
cc_status_agg = ComplianceCheckStatusAggregator(serial_number)
status_time = datetime.utcnow()
cc_status_agg.add_result(
query.pk, query.version, status_time, [{"ztl_status": Status.OK.name}], distributed_query.pk
)
events = list(cc_status_agg.commit())
self.assertEqual(len(events), 1)
event = events[0]
self.assertIsInstance(event, OsqueryCheckStatusUpdated)
self.assertEqual(event.payload["pk"], compliance_check.pk)
self.assertEqual(event.payload["version"], query.version)
self.assertEqual(event.payload["version"], compliance_check.version)
self.assertEqual(event.payload["osquery_query"], {"pk": query.pk})
self.assertIsNone(event.payload.get("osquery_pack"))
self.assertEqual(event.payload["osquery_run"], {"pk": distributed_query.pk})
self.assertEqual(event.payload["status"], Status.OK.name)
self.assertIsNone(event.payload.get("previous_status"))
self.assertEqual(event.get_linked_objects_keys(),
{"compliance_check": [(compliance_check.pk,)],
"osquery_query": [(query.pk,)],
"osquery_run": [(distributed_query.pk,)]})
ms_qs = MachineStatus.objects.filter(compliance_check=compliance_check, serial_number=serial_number)
self.assertEqual(ms_qs.count(), 1)
ms = ms_qs.first()
self.assertEqual(ms.compliance_check_version, compliance_check.version)
self.assertEqual(ms.status, Status.OK.value)
self.assertEqual(ms.status_time, status_time)
def test_scheduled_compliance_check_one_ok_tuple_update(self):
query, _, _ = self._force_query(force_pack=True, force_compliance_check=True)
serial_number = get_random_string()
cc_status_agg = ComplianceCheckStatusAggregator(serial_number)
existing_ms = MachineStatus.objects.create(
serial_number=serial_number,
compliance_check=query.compliance_check,
compliance_check_version=query.compliance_check.version,
status=Status.OK.value,
status_time=datetime(2001, 1, 1)
)
status_time = datetime.utcnow()
cc_status_agg.add_result(query.pk, query.version, status_time, [{"ztl_status": Status.FAILED.name}])
events = list(cc_status_agg.commit())
self.assertEqual(len(events), 1)
event = events[0]
self.assertEqual(event.payload["status"], Status.FAILED.name)
self.assertEqual(event.payload["previous_status"], Status.OK.name)
ms_qs = MachineStatus.objects.filter(compliance_check=query.compliance_check, serial_number=serial_number)
self.assertEqual(ms_qs.count(), 1)
ms = ms_qs.first()
self.assertEqual(ms, existing_ms)
self.assertEqual(ms.compliance_check_version, query.compliance_check.version)
self.assertEqual(ms.status, Status.FAILED.value)
self.assertEqual(ms.status_time, status_time)
def test_no_compliance_check(self):
query, _, _ = self._force_query(force_pack=True)
serial_number = get_random_string()
cc_status_agg = ComplianceCheckStatusAggregator(serial_number)
cc_status_agg.add_result(query.pk, query.version, datetime.utcnow(), [{"ztl_status": Status.OK.value}])
events = list(cc_status_agg.commit())
self.assertEqual(len(events), 0)
ms_qs = MachineStatus.objects.filter(compliance_check=query.compliance_check, serial_number=serial_number)
self.assertEqual(ms_qs.count(), 0)
def test_scheduled_compliance_check_one_outdated_version_failed_tuple(self):
query, _, _ = self._force_query(force_pack=True, force_compliance_check=True)
query.version = 127
query.save()
serial_number = get_random_string()
cc_status_agg = ComplianceCheckStatusAggregator(serial_number)
cc_status_agg.add_result(query.pk, 1, datetime.utcnow(), [{"ztl_status": Status.FAILED.name}])
events = list(cc_status_agg.commit())
self.assertEqual(len(events), 0)
ms_qs = MachineStatus.objects.filter(compliance_check=query.compliance_check, serial_number=serial_number)
self.assertEqual(ms_qs.count(), 0)
def test_scheduled_compliance_check_no_tuple(self):
query, _, _ = self._force_query(force_pack=True, force_compliance_check=True)
serial_number = get_random_string()
cc_status_agg = ComplianceCheckStatusAggregator(serial_number)
status_time = datetime.utcnow()
cc_status_agg.add_result(query.pk, query.version, status_time, [])
events = list(cc_status_agg.commit())
self.assertEqual(len(events), 1)
ms_qs = MachineStatus.objects.filter(compliance_check=query.compliance_check, serial_number=serial_number)
self.assertEqual(ms_qs.count(), 1)
ms = ms_qs.first()
self.assertEqual(ms.compliance_check_version, query.compliance_check.version)
self.assertEqual(ms.status, Status.UNKNOWN.value)
self.assertEqual(ms.status_time, status_time)
def test_scheduled_compliance_check_one_ok_one_failed_tuple(self):
query1, _, _ = self._force_query(force_pack=True, force_compliance_check=True)
query2, _, _ = self._force_query(force_pack=True, force_compliance_check=True)
serial_number = get_random_string()
cc_status_agg = ComplianceCheckStatusAggregator(serial_number)
status_time1 = datetime.utcnow()
status_time2 = datetime.utcnow()
cc_status_agg.add_result(query1.pk, query1.version, status_time1, [{"ztl_status": Status.OK.name}])
cc_status_agg.add_result(query2.pk, query2.version, status_time2, [{"ztl_status": Status.FAILED.name}])
events = list(cc_status_agg.commit())
self.assertEqual(len(events), 2)
ms_qs1 = MachineStatus.objects.filter(compliance_check=query1.compliance_check, serial_number=serial_number)
self.assertEqual(ms_qs1.count(), 1)
ms_qs2 = MachineStatus.objects.filter(compliance_check=query2.compliance_check, serial_number=serial_number)
self.assertEqual(ms_qs2.count(), 1)
ms1 = ms_qs1.get(compliance_check=query1.compliance_check)
self.assertEqual(ms1.compliance_check_version, query1.compliance_check.version)
self.assertEqual(ms1.status, Status.OK.value)
self.assertEqual(ms1.status_time, status_time1)
ms2 = ms_qs2.get(compliance_check=query2.compliance_check)
self.assertEqual(ms2.compliance_check_version, query2.compliance_check.version)
self.assertEqual(ms2.status, Status.FAILED.value)
self.assertEqual(ms2.status_time, status_time2)