def test_positive_delete_scap_policy_with_name(self): """Delete the scap policy with name as parameter :id: 6c167e7b-cbdd-4059-808c-04c686ba9fe8 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "delete" as sub-command. 3. Pass name as parameter. :expectedresults: The scap policy is deleted successfully. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy( { 'name': name, 'deploy-by': 'puppet', 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), } ) assert scap_policy['name'] == name Scappolicy.delete({'name': name}) with pytest.raises(CLIReturnCodeError): Scapcontent.info({'name': scap_policy['name']})
def test_positive_delete_scap_policy_with_name(self): """Delete the scap policy with name as parameter :id: 6c167e7b-cbdd-4059-808c-04c686ba9fe8 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "delete" as sub-command. 3. Pass name as parameter. :expectedresults: The scap policy is deleted successfully. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['name'], name) Scappolicy.delete({'name': name}) with self.assertRaises(CLIReturnCodeError): Scapcontent.info({'name': scap_policy['name']})
def test_positive_delete_scap_policy_with_id(self): """Delete the scap policy with id as parameter :id: db9d925f-c730-4299-ad8e-5aaa08895f6e :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "delete" as sub-command. 3. Pass id as parameter. :expectedresults: The scap policy is deleted successfully. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy( { 'name': name, 'deploy-by': 'ansible', 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), } ) assert scap_policy['name'] == name Scappolicy.delete({'id': scap_policy['id']}) with pytest.raises(CLIReturnCodeError): Scappolicy.info({'id': scap_policy['id']})
def test_positive_scap_policy_end_to_end(self): """List all scap policies and read info using id, name :id: d14ab43e-c7a9-4eee-b61c-420b07ca1da9 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "list" as sub-command. 3. Execute "policy" command with "info" as sub-command. 4. Pass ID as the parameter. 5. Pass name as the parameter. :expectedresults: The policies are listed successfully and information is displayed. """ for deploy in ['manual', 'puppet', 'ansible']: with self.subTest(deploy): hostgroup = make_hostgroup() name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': deploy, 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'hostgroups': hostgroup['name'], }) result = Scappolicy.list() assert name in [policy['name'] for policy in result] assert Scappolicy.info({'id': scap_policy['id'] })['id'] == scap_policy['id'] assert Scappolicy.info({'name': scap_policy['name']})['name'] == name Scappolicy.update({ 'id': scap_policy['id'], 'period': OSCAP_PERIOD['monthly'].lower(), 'day-of-month': 15, }) scap_info = Scappolicy.info({'name': name}) assert scap_info['period'] == OSCAP_PERIOD['monthly'].lower() assert scap_info['day-of-month'] == '15' Scappolicy.delete({'id': scap_policy['id']}) with pytest.raises(CLIReturnCodeError): Scappolicy.info({'id': scap_policy['id']})
def test_positive_assign_compliance_policy(session, scap_policy): """Ensure host compliance Policy can be assigned. :id: 323661a4-e849-4cc2-aa39-4b4a5fe2abed :expectedresults: Host Assign Compliance Policy action is working as expected. :CaseLevel: Integration """ host = entities.Host().create() org = host.organization.read() loc = host.location.read() # add host organization and location to scap policy scap_policy = Scappolicy.info( {'id': scap_policy['id']}, output_format='json') organization_ids = [ policy_org['id'] for policy_org in scap_policy.get('organizations', []) ] organization_ids.append(org.id) location_ids = [ policy_loc['id'] for policy_loc in scap_policy.get('locations', []) ] location_ids.append(loc.id) Scappolicy.update({ 'id': scap_policy['id'], 'organization-ids': organization_ids, 'location-ids': location_ids }) with session: session.organization.select(org_name=org.name) session.location.select(loc_name=loc.name) assert not session.host.search( 'compliance_policy = {0}'.format(scap_policy['name'])) assert session.host.search(host.name)[0]['Name'] == host.name session.host.apply_action( 'Assign Compliance Policy', [host.name], { 'policy': scap_policy['name'], } ) assert (session.host.search( 'compliance_policy = {0}'.format(scap_policy['name']))[0]['Name'] == host.name)
def test_positive_update_scap_policy_with_hostgroup(self, scap_content): """Update scap policy by addition of hostgroup :id: 21b9b82b-7c6c-4944-bc2f-67631e1d4086 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy and hostgroup. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass hostgoups as the parameter. :expectedresults: The scap policy is updated. """ hostgroup = make_hostgroup() name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'puppet', 'scap-content-id': scap_content["scap_id"], 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'hostgroups': hostgroup['name'], }) assert scap_policy['hostgroups'][0] == hostgroup['name'] assert scap_policy['deployment-option'] == 'puppet' new_hostgroup = make_hostgroup() Scappolicy.update({ 'id': scap_policy['id'], 'deploy-by': 'ansible', 'hostgroups': new_hostgroup['name'] }) scap_info = Scappolicy.info({'name': name}) assert scap_info['hostgroups'][0] == new_hostgroup['name'] # Assert if the deployment is updated assert scap_info['deployment-option'] == 'ansible'
def test_positive_assign_compliance_policy(session, scap_policy): """Ensure host compliance Policy can be assigned. :id: 323661a4-e849-4cc2-aa39-4b4a5fe2abed :expectedresults: Host Assign Compliance Policy action is working as expected. :CaseLevel: Integration """ host = entities.Host().create() org = host.organization.read() loc = host.location.read() # add host organization and location to scap policy scap_policy = Scappolicy.info( {'id': scap_policy['id']}, output_format='json') organization_ids = [ policy_org['id'] for policy_org in scap_policy.get('organizations', []) ] organization_ids.append(org.id) location_ids = [ policy_loc['id'] for policy_loc in scap_policy.get('locations', []) ] location_ids.append(loc.id) Scappolicy.update({ 'id': scap_policy['id'], 'organization-ids': organization_ids, 'location-ids': location_ids }) with session: session.organization.select(org_name=org.name) session.location.select(loc_name=loc.name) assert not session.host.search( 'compliance_policy = {0}'.format(scap_policy['name'])) assert session.host.search(host.name)[0]['Name'] == host.name session.host.apply_action( 'Assign Compliance Policy', [host.name], { 'policy': scap_policy['name'], } ) assert (session.host.search( 'compliance_policy = {0}'.format(scap_policy['name']))[0]['Name'] == host.name)
def test_positive_info_scap_policy_with_name(self): """View info of policy with name as parameter :id: eece98b2-3e6a-4ac0-b742-913482343e9d :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "info" as sub-command. 3. Pass name as the parameter. :expectedresults: The information is displayed. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) result = Scappolicy.info({'name': scap_policy['name']}) self.assertEqual(result['name'], name)
def test_positive_info_scap_policy_with_id(self): """View info of policy with id as parameter :id: d309000b-777e-4cfb-bf6c-7f02ab130b9d :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "info" as sub-command. 3. Pass ID as the parameter. :expectedresults: The information is displayed. """ scap_policy = make_scap_policy({ 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) result = Scappolicy.info({'id': scap_policy['id']}) self.assertEqual(result['id'], scap_policy['id'])
def test_positive_info_scap_policy_with_name(self): """View info of policy with name as parameter :id: eece98b2-3e6a-4ac0-b742-913482343e9d :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "info" as sub-command. 3. Pass name as the parameter. :expectedresults: The information is displayed. """ for deploy in ['puppet', 'ansible', 'manual']: name = gen_string('alphanumeric') with self.subTest(deploy): scap_policy = make_scap_policy( { 'name': name, 'deploy-by': deploy, 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), } ) assert scap_policy['deployment-option'] == deploy assert Scappolicy.info({'name': scap_policy['name']})['name'] == name
def test_positive_info_scap_policy_with_id(self): """View info of policy with id as parameter :id: d309000b-777e-4cfb-bf6c-7f02ab130b9d :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "info" as sub-command. 3. Pass ID as the parameter. :expectedresults: The information is displayed. """ for deploy in ['puppet', 'ansible', 'manual']: with self.subTest(deploy): scap_policy = make_scap_policy( { 'scap-content-id': self.scap_id_rhel7, 'deploy-by': deploy, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), } ) assert scap_policy['deployment-option'] == deploy assert Scappolicy.info({'id': scap_policy['id']})['id'] == scap_policy['id']
def test_positive_list_scap_policy(self): """List all scap policies :id: d14ab43e-c7a9-4eee-b61c-420b07ca1da9 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "list" as sub-command. :expectedresults: The policies are listed successfully. """ name = gen_string('alphanumeric') make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) result = Scappolicy.list() self.assertIn(name, [policy['name'] for policy in result] )
def test_positive_info_scap_policy_with_id(self): """View info of policy with id as parameter :id: d309000b-777e-4cfb-bf6c-7f02ab130b9d :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "info" as sub-command. 3. Pass ID as the parameter. :expectedresults: The information is displayed. """ scap_policy = make_scap_policy({ 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) result = Scappolicy.info({'id': scap_policy['id']}) self.assertEqual(result['id'], scap_policy['id'])
def test_positive_info_scap_policy_with_name(self): """View info of policy with name as parameter :id: eece98b2-3e6a-4ac0-b742-913482343e9d :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "info" as sub-command. 3. Pass name as the parameter. :expectedresults: The information is displayed. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) result = Scappolicy.info({'name': scap_policy['name']}) self.assertEqual(result['name'], name)
def test_positive_list_scap_policy(self): """List all scap policies :id: d14ab43e-c7a9-4eee-b61c-420b07ca1da9 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "list" as sub-command. :expectedresults: The policies are listed successfully. """ for deploy in ['puppet', 'ansible', 'manual']: with self.subTest(deploy): name = gen_string('alphanumeric') make_scap_policy({ 'name': name, 'deploy-by': deploy, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) result = Scappolicy.list() self.assertIn(name, [policy['name'] for policy in result])
def test_positive_update_scap_policy_with_content(self): """Update the scap policy by updating the scap content associated with the policy :id: 3c9df098-9ff8-4f48-a9a0-2ba21a8e48e0 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass scap-content-id as parameter. :expectedresults: The scap policy is updated. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'puppet', 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6) scap_id, scap_profile_id = self.fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox']) Scappolicy.update({ 'name': name, 'scap-content-id': scap_id, 'scap-content-profile-id': scap_profile_id, }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['scap-content-id'], scap_id) self.assertEqual(scap_info['scap-content-profile-id'], scap_profile_id[0])
def test_positive_associate_scap_policy_with_single_server(self): """Assign an audit policy to a single server :id: 30566c27-f466-4b4d-beaf-0a5bfda98b89 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. At least 1 policy and host. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass host name as the parameter. :expectedresults: The scap policy is updated. """ host = entities.Host() host.create() name = gen_string('alpha') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'puppet', 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) host_name = host.name + "." + host.domain.name Scappolicy.update({ 'id': scap_policy['id'], 'hosts': host_name, }) hosts = Host.list( {'search': 'compliance_policy_id = {0}'.format(scap_policy['id'])}) self.assertIn(host_name, [host['name'] for host in hosts], 'The attached host is different')
def test_positive_update_scap_policy_with_tailoringfiles_name(self): """Update the scap policy by updating the scap tailoring file name associated with the policy :id: a2403170-51df-4561-9a58-820f77a5e048 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass tailoring-file as parameter. :expectedresults: The scap policy is updated. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file(local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name)) tailoring_file = make_tailoringfile( {'scap-file': '/tmp/{0}'.format(file_name)}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'ansible', 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6) Scappolicy.update({ 'name': name, 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_info['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_update_scap_policy_period(self, scap_content): """Update scap policy by updating the period strategy from monthly to weekly :id: 4892bc3c-d886-49b4-a5b1-250d96b7e278 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass period as parameter and weekday as parameter. :expectedresults: The scap policy is updated. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'puppet', 'scap-content-id': scap_content["scap_id"], 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) assert scap_policy['period'] == OSCAP_PERIOD['weekly'].lower() Scappolicy.update({ 'id': scap_policy['id'], 'period': OSCAP_PERIOD['monthly'].lower(), 'day-of-month': 15, }) scap_info = Scappolicy.info({'name': name}) assert scap_info['period'] == OSCAP_PERIOD['monthly'].lower() assert scap_info['day-of-month'] == '15'
def test_positive_update_scap_policy_with_content(self): """Update the scap policy by updating the scap content associated with the policy :id: 3c9df098-9ff8-4f48-a9a0-2ba21a8e48e0 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass scap-content-id as parameter. :expectedresults: The scap policy is updated. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6) scap_id, scap_profile_id = self.fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox'] ) Scappolicy.update({ 'name': name, 'scap-content-id': scap_id, 'scap-content-profile-id': scap_profile_id, }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['scap-content-id'], scap_id) self.assertEqual(scap_info['scap-content-profile-id'], scap_profile_id[0])
def test_positive_update_scap_policy_with_tailoringfiles_name(self): """Update the scap policy by updating the scap tailoring file name associated with the policy :id: a2403170-51df-4561-9a58-820f77a5e048 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass tailoring-file as parameter. :expectedresults: The scap policy is updated. """ tailoring_file = make_tailoringfile( {'scap-file': self.tailoring_file_path}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'ansible', 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) assert scap_policy['scap-content-id'] == self.scap_id_rhel7 Scappolicy.update({ 'name': name, 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) scap_info = Scappolicy.info({'name': name}) assert scap_info['tailoring-file-id'] == tailoring_file['id'] assert scap_info['tailoring-file-profile-id'] == tailor_profile_id
def test_positive_update_scap_policy_with_tailoringfiles_id(self): """Update the scap policy by updating the scap tailoring file id associated with the policy :id: 91a25e0b-d5d2-49d8-a3cd-1f3836ac323c :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass tailoring-file-id as parameter. :expectedresults: The scap policy is updated. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file( local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name) ) tailoring_file = make_tailoringfile({ 'scap-file': '/tmp/{0}'.format(file_name) }) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6) Scappolicy.update({ 'name': name, 'tailoring-file-id': tailoring_file['id'], 'tailoring-file-profile-id': tailor_profile_id }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_info['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_associate_scap_policy_with_single_server(self): """Assign an audit policy to a single server :id: 30566c27-f466-4b4d-beaf-0a5bfda98b89 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. At least 1 policy and host. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass host name as the parameter. :expectedresults: The scap policy is updated. """ host = entities.Host() host.create() name = gen_string('alpha') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) host_name = host.name + "." + host.domain.name Scappolicy.update({ 'id': scap_policy['id'], 'hosts': host_name, }) hosts = Host.list({'search': 'compliance_policy_id = {0}'.format( scap_policy['id'])}) self.assertIn(host_name, [host['name'] for host in hosts], 'The attached host is different')
def test_positive_update_scap_policy_period(self): """Update scap policy by updating the period strategy from monthly to weekly :id: 4892bc3c-d886-49b4-a5b1-250d96b7e278 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass period as parameter and weekday as parameter. :expectedresults: The scap policy is updated. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['period'], OSCAP_PERIOD['weekly'].lower()) Scappolicy.update({ 'id': scap_policy['id'], 'period': OSCAP_PERIOD['monthly'].lower(), 'day-of-month': 15 }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['period'], OSCAP_PERIOD['monthly'].lower()) self.assertEqual(scap_info['day-of-month'], '15')
def test_positive_update_scap_policy_with_hostgroup(self): """Update scap policy by addition of hostgroup :id: 21b9b82b-7c6c-4944-bc2f-67631e1d4086 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy and hostgroup. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass hostgoups as the parameter. :expectedresults: The scap policy is updated. """ hostgroup = make_hostgroup() name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'hostgroups': hostgroup['name'] }) self.assertEqual(scap_policy['hostgroups'][0], hostgroup['name']) new_hostgroup = make_hostgroup() Scappolicy.update({ 'id': scap_policy['id'], 'hostgroups': new_hostgroup['name'] }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['hostgroups'][0], new_hostgroup['name'])
def test_positive_push_updated_content(self): """Perform end to end oscap test, and push the updated scap content after first run. :id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f :expectedresults: Satellite should push updated content to Clients and satellite should get updated reports :CaseLevel: System """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox'] hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'] } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo, } Scapcontent.update({ 'title': content_update, 'organizations': self.config_env['org_name'] }) # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': 1, 'name': hgrp7_name, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'] }) # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile') ) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': policy_values.get('hgrp'), 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'] }) # Creates two vm's each for rhel6 and rhel7, runs # openscap scan and uploads report to satellite6. distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: # host = vm.hostname host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost( self.config_env['org_name'], self.config_env['ak_name'].get(distro_os) ) self.assertTrue(vm.subscribed) vm.configure_puppet(vm_values.get('rhel_repo')) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': 1, 'organization': self.config_env['org_name'], 'environment': 'production' }) # Run "puppet agent -t" twice so that it detects it's, # satellite6 and fetch katello SSL certs. for _ in range(2): vm.run(u'puppet agent -t 2> /dev/null') result = vm.run( u'cat /etc/foreman_scap_client/config.yaml' '| grep content_path' ) self.assertEqual(result.return_code, 0) # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. arf_report = Arfreport.list( { 'search': 'host={0}'.format(vm.hostname.lower()), 'per-page': 1 }) self.assertIsNotNone(arf_report) scap_id, scap_profile_id = self.fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox'] ) Scappolicy.update({ 'scap-content-id': scap_id, 'name': policy_values.get('policy'), 'new-name': gen_string('alpha'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'] }) Arfreport.delete({'id': arf_report[0].get('id')}) for _ in range(2): vm.run(u'puppet agent -t 2> /dev/null') updated_result = vm.run( u'cat /etc/foreman_scap_client/config.yaml' '| grep content_path' ) self.assertIsNot(result, updated_result) self.assertEqual(updated_result.return_code, 0) # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() self.assertIsNotNone( Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_push_updated_content(self): """Perform end to end oscap test, and push the updated scap content via puppet after first run. :id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f :expectedresults: Satellite should push updated content to Clients and satellite should get updated reports :CaseLevel: System :BZ: 1420439, 1722475 """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox'] hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'], } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo } Scapcontent.update({ 'title': content_update, 'organizations': self.config_env['org_name'] }) # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': self.proxy_id, 'name': hgrp7_name, 'puppet-environment-id': self.puppet_env.id, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'], }) # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile')) make_scap_policy({ 'scap-content-id': scap_id, 'deploy-by': 'puppet', 'hostgroups': policy_values.get('hgrp'), 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'], }) # Creates two vm's each for rhel6 and rhel7, runs # openscap scan and uploads report to satellite6. distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: # host = vm.hostname host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(self.config_env['org_name'], self.config_env['ak_name'].get(distro_os)) self.assertTrue(vm.subscribed) vm.configure_puppet(vm_values.get('rhel_repo')) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': self.proxy_id, 'organization': self.config_env['org_name'], 'puppet-environment-id': self.puppet_env.id, }) # Run "puppet agent -t" twice so that it detects it's, # satellite6 and fetch katello SSL certs. for _ in range(2): vm.run('puppet agent -t 2> /dev/null') result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep content_path') self.assertEqual(result.return_code, 0) # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. arf_report = Arfreport.list({ 'search': 'host={0}'.format(vm.hostname.lower()), 'per-page': 1 }) self.assertIsNotNone(arf_report) scap_id, scap_profile_id = self.fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox']) Scappolicy.update({ 'scap-content-id': scap_id, 'deploy-by': 'puppet', 'name': policy_values.get('policy'), 'new-name': gen_string('alpha'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'], }) Arfreport.delete({'id': arf_report[0].get('id')}) for _ in range(2): vm.run('puppet agent -t 2> /dev/null') updated_result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep content_path') self.assertIsNot(result, updated_result) self.assertEqual(updated_result.return_code, 0) # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() self.assertIsNotNone( Arfreport.list( {'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_upload_to_satellite( module_org, default_proxy, content_view, lifecycle_env, puppet_env, distro, ): """Perform end to end oscap test, and push the updated scap content via puppet after first run. :id: 11fef620-6ee8-4768-a398-db8cede1fc14 :parametrized: yes :customerscenario: true :expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be uploaded to Satellite and be searchable. Satellite should push updated content to Clients and satellite should get updated reports. :CaseLevel: System :BZ: 1479413, 1722475, 1420439, 1722475 """ hgrp_name = gen_string('alpha') policy_name = gen_string('alpha') if distro == 'rhel6': rhel_repo = settings.repos.rhel6_repo profile1 = OSCAP_PROFILE['dsrhel6'] profile2 = OSCAP_PROFILE['pcidss6'] profile3 = OSCAP_PROFILE['usgcb'] elif distro == 'rhel7': rhel_repo = settings.repos.rhel7_repo profile1 = OSCAP_PROFILE['dsrhel7'] profile2 = OSCAP_PROFILE['pcidss7'] profile3 = OSCAP_PROFILE['ospp7'] else: rhel_repo = settings.repos.rhel8_repo profile1 = OSCAP_PROFILE['dsrhel8'] profile2 = OSCAP_PROFILE['pcidss8'] profile3 = OSCAP_PROFILE['ospp8'] content = OSCAP_DEFAULT_CONTENT[f'{distro}_content'] # Creates host_group. make_hostgroup({ 'content-source': settings.server.hostname, 'name': hgrp_name, 'puppet-environment-id': puppet_env.id, 'puppet-ca-proxy': settings.server.hostname, 'puppet-proxy': settings.server.hostname, 'organizations': module_org.name, 'puppet-classes': puppet_classes, }) # Creates oscap_policy. scap_id, scap_profile_id = fetch_scap_and_profile_id(content, profile1) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': hgrp_name, 'deploy-by': 'puppet', 'name': policy_name, 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': module_org.name, }) # Creates vm's and runs openscap scan and uploads report to satellite6. with VMBroker(nick=distro, host_classes={'host': ContentHost}) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(module_org.name, ak_name[distro]) assert vm.subscribed Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': lifecycle_env.name, 'content-view': content_view.name, 'hostgroup': hgrp_name, 'openscap-proxy-id': default_proxy, 'organization': module_org.name, 'puppet-environment-id': puppet_env.id, }) SmartClassParameter.update({ 'name': 'fetch_remote_resources', 'override': 1, 'parameter-type': 'boolean', 'default-value': 'true', 'puppet-class': 'foreman_scap_client', }) SmartClassParameter.add_matcher({ 'smart-class-parameter': 'fetch_remote_resources', 'match': f'fqdn={vm.hostname}', 'value': 'true', 'puppet-class': 'foreman_scap_client', }) vm.configure_puppet(rhel_repo) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.status == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. arf_report = Arfreport.list({ 'search': f'host={vm.hostname.lower()}', 'per-page': 1 }) assert arf_report is not None for profile in [profile2, profile3]: scap_id, scap_profile_id = fetch_scap_and_profile_id( content, profile) Scappolicy.update({ 'scap-content-id': scap_id, 'deploy-by': 'puppet', 'name': policy_name, 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organization': module_org.name, }) for _ in range(2): vm.run('puppet agent -t 2> /dev/null') updated_result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep content_path') assert result != updated_result assert updated_result.status == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() result = Arfreport.list({'search': f'host={vm.hostname.lower()}'}) assert result is not None
def test_positive_associate_scap_policy_with_tailoringfiles( self, deploy, scap_content, tailoring_file_path): """Associate tailoring file by name/id to scap policy with all deployments :id: d0f9b244-b92d-4889-ba6a-8973ea05bf43 :parametrized: yes :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by name/id with policy :expectedresults: The policy is created and associated successfully. """ tailoring_file_a = make_tailoringfile( {'scap-file': tailoring_file_path['satellite']}) tailoring_file_profile_a_id = tailoring_file_a[ 'tailoring-file-profiles'][0]['id'] tailoring_file_b = make_tailoringfile( {'scap-file': tailoring_file_path['satellite']}) tailoring_file_profile_b_id = tailoring_file_b[ 'tailoring-file-profiles'][0]['id'] scap_policy = make_scap_policy({ 'scap-content-id': scap_content["scap_id"], 'deploy-by': deploy, 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file': tailoring_file_a['name'], 'tailoring-file-profile-id': tailoring_file_profile_a_id, }) assert scap_policy['deployment-option'] == deploy assert scap_policy['tailoring-file-id'] == tailoring_file_a['id'] assert scap_policy[ 'tailoring-file-profile-id'] == tailoring_file_profile_a_id Scappolicy.update({ 'name': scap_policy['name'], 'tailoring-file': tailoring_file_b['name'], 'tailoring-file-profile-id': tailoring_file_profile_b_id, }) scap_info = Scappolicy.info({'name': scap_policy['name']}) assert scap_info['tailoring-file-id'] == tailoring_file_b['id'] assert scap_info[ 'tailoring-file-profile-id'] == tailoring_file_profile_b_id Scappolicy.delete({'name': scap_policy['name']}) with pytest.raises(CLIReturnCodeError): Scapcontent.info({'name': scap_policy['name']}) scap_policy = make_scap_policy({ 'scap-content-id': scap_content["scap_id"], 'deploy-by': deploy, 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailoring_file_a['id'], 'tailoring-file-profile-id': tailoring_file_profile_a_id, }) assert scap_policy['deployment-option'] == deploy assert scap_policy['tailoring-file-id'] == tailoring_file_a['id'] assert scap_policy[ 'tailoring-file-profile-id'] == tailoring_file_profile_a_id Scappolicy.update({ 'id': scap_policy['id'], 'tailoring-file-id': tailoring_file_b['id'], 'tailoring-file-profile-id': tailoring_file_profile_b_id, }) scap_info = Scappolicy.info({'id': scap_policy['id']}) assert scap_info['tailoring-file-id'] == tailoring_file_b['id'] assert scap_info[ 'tailoring-file-profile-id'] == tailoring_file_profile_b_id Scappolicy.delete({'id': scap_policy['id']}) with pytest.raises(CLIReturnCodeError): Scapcontent.info({'name': scap_policy['name']})
def test_positive_upload_to_satellite(self): """Perform end to end oscap test, and push the updated scap content via puppet after first run. :id: 17a0978d-64f9-44ad-8303-1f54ada08602 :expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be uploaded to Satellite and be searchable. Satellite should push updated content to Clients and satellite should get updated reports. :CaseLevel: System :BZ: 1479413, 1722475, 1420439, 1722475 """ if settings.rhel6_repo is None: self.skipTest('Missing configuration for rhel6_repo') rhel6_repo = settings.rhel6_repo if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') if settings.rhel8_repo is None: self.skipTest('Missing configuration for rhel8_repo') rhel8_repo = settings.rhel8_repo hgrp8_name = gen_string('alpha') rhel7_repo = settings.rhel7_repo hgrp6_name = gen_string('alpha') hgrp7_name = gen_string('alpha') policy6_name = gen_string('alpha') policy7_name = gen_string('alpha') policy8_name = gen_string('alpha') policy_values = [ { 'content': self.rhel6_content, 'hgrp': hgrp6_name, 'policy': policy6_name, 'profile': OSCAP_PROFILE['security6'], }, { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': policy7_name, 'profile': OSCAP_PROFILE['security7'], }, { 'content': self.rhel8_content, 'hgrp': hgrp8_name, 'policy': policy8_name, 'profile': OSCAP_PROFILE['cbrhel8'], }, ] vm_values = [ { 'distro': DISTRO_RHEL6, 'hgrp': hgrp6_name, 'rhel_repo': rhel6_repo, 'policy': policy6_name, }, { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo, 'policy': policy7_name, }, { 'distro': DISTRO_RHEL8, 'hgrp': hgrp8_name, 'rhel_repo': rhel8_repo, 'policy': policy8_name, }, ] # Creates host_group for both rhel6, rhel7 and rhel8. for host_group in [hgrp6_name, hgrp7_name, hgrp8_name]: make_hostgroup({ 'content-source': self.config_env['sat6_hostname'], 'name': host_group, 'puppet-environment-id': self.puppet_env.id, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'], 'puppet-classes': self.puppet_classes, }) # Creates oscap_policy for both rhel6, rhel7 and rhel8. for value in policy_values: scap_id, scap_profile_id = self.fetch_scap_and_profile_id( value['content'], value['profile']) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': value['hgrp'], 'deploy-by': 'puppet', 'name': value['policy'], 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'], }) # Creates two vm's each for rhel6, rhel7 and rhel8, runs # openscap scan and uploads report to satellite6. for value in vm_values: with VirtualMachine(distro=value['distro']) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost( self.config_env['org_name'], self.config_env['ak_name'].get(value['distro'])) assert vm.subscribed Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': value['hgrp'], 'openscap-proxy-id': self.proxy_id, 'organization': self.config_env['org_name'], 'puppet-environment-id': self.puppet_env.id, }) SmartClassParameter.update({ 'name': 'fetch_remote_resources', 'override': 1, 'parameter-type': 'boolean', 'default-value': 'true', 'puppet-class': 'foreman_scap_client', }) SmartClassParameter.add_matcher({ 'smart-class-parameter': 'fetch_remote_resources', 'match': f'fqdn={vm.hostname}', 'value': 'true', 'puppet-class': 'foreman_scap_client', }) vm.configure_puppet(value['rhel_repo']) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. arf_report = Arfreport.list({ 'search': f'host={vm.hostname.lower()}', 'per-page': 1 }) assert arf_report is not None scap_id, scap_profile_id = self.fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox']) Scappolicy.update({ 'scap-content-id': scap_id, 'deploy-by': 'puppet', 'name': value['policy'], 'new-name': gen_string('alpha'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'], }) Arfreport.delete({'id': arf_report[0].get('id')}) for _ in range(2): vm.run('puppet agent -t 2> /dev/null') updated_result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep content_path' ) assert result != updated_result assert updated_result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() result = Arfreport.list( {'search': f'host={vm.hostname.lower()}'}) assert result is not None