def test_positive_delete_scap_policy_with_name(self):
"""Delete the scap policy with name as parameter
:id: 6c167e7b-cbdd-4059-808c-04c686ba9fe8
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "delete" as sub-command.
3. Pass name as parameter.
:expectedresults: The scap policy is deleted successfully.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy(
{
'name': name,
'deploy-by': 'puppet',
'scap-content-id': self.scap_id_rhel7,
'scap-content-profile-id': self.scap_profile_id_rhel7,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
}
)
assert scap_policy['name'] == name
Scappolicy.delete({'name': name})
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'name': scap_policy['name']})
def test_positive_delete_scap_policy_with_name(self):
"""Delete the scap policy with name as parameter
:id: 6c167e7b-cbdd-4059-808c-04c686ba9fe8
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "delete" as sub-command.
3. Pass name as parameter.
:expectedresults: The scap policy is deleted successfully.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name': name,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
})
self.assertEqual(scap_policy['name'], name)
Scappolicy.delete({'name': name})
with self.assertRaises(CLIReturnCodeError):
Scapcontent.info({'name': scap_policy['name']})
def test_positive_delete_scap_policy_with_id(self):
"""Delete the scap policy with id as parameter
:id: db9d925f-c730-4299-ad8e-5aaa08895f6e
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "delete" as sub-command.
3. Pass id as parameter.
:expectedresults: The scap policy is deleted successfully.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy(
{
'name': name,
'deploy-by': 'ansible',
'scap-content-id': self.scap_id_rhel7,
'scap-content-profile-id': self.scap_profile_id_rhel7,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
}
)
assert scap_policy['name'] == name
Scappolicy.delete({'id': scap_policy['id']})
with pytest.raises(CLIReturnCodeError):
Scappolicy.info({'id': scap_policy['id']})
def test_positive_scap_policy_end_to_end(self):
"""List all scap policies and read info using id, name
:id: d14ab43e-c7a9-4eee-b61c-420b07ca1da9
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "list" as sub-command.
3. Execute "policy" command with "info" as sub-command.
4. Pass ID as the parameter.
5. Pass name as the parameter.
:expectedresults: The policies are listed successfully and information is displayed.
"""
for deploy in ['manual', 'puppet', 'ansible']:
with self.subTest(deploy):
hostgroup = make_hostgroup()
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name':
name,
'deploy-by':
deploy,
'scap-content-id':
self.scap_id_rhel7,
'scap-content-profile-id':
self.scap_profile_id_rhel7,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'hostgroups':
hostgroup['name'],
})
result = Scappolicy.list()
assert name in [policy['name'] for policy in result]
assert Scappolicy.info({'id': scap_policy['id']
})['id'] == scap_policy['id']
assert Scappolicy.info({'name':
scap_policy['name']})['name'] == name
Scappolicy.update({
'id': scap_policy['id'],
'period': OSCAP_PERIOD['monthly'].lower(),
'day-of-month': 15,
})
scap_info = Scappolicy.info({'name': name})
assert scap_info['period'] == OSCAP_PERIOD['monthly'].lower()
assert scap_info['day-of-month'] == '15'
Scappolicy.delete({'id': scap_policy['id']})
with pytest.raises(CLIReturnCodeError):
Scappolicy.info({'id': scap_policy['id']})
def test_positive_assign_compliance_policy(session, scap_policy):
"""Ensure host compliance Policy can be assigned.
:id: 323661a4-e849-4cc2-aa39-4b4a5fe2abed
:expectedresults: Host Assign Compliance Policy action is working as
expected.
:CaseLevel: Integration
"""
host = entities.Host().create()
org = host.organization.read()
loc = host.location.read()
# add host organization and location to scap policy
scap_policy = Scappolicy.info(
{'id': scap_policy['id']}, output_format='json')
organization_ids = [
policy_org['id']
for policy_org in scap_policy.get('organizations', [])
]
organization_ids.append(org.id)
location_ids = [
policy_loc['id']
for policy_loc in scap_policy.get('locations', [])
]
location_ids.append(loc.id)
Scappolicy.update({
'id': scap_policy['id'],
'organization-ids': organization_ids,
'location-ids': location_ids
})
with session:
session.organization.select(org_name=org.name)
session.location.select(loc_name=loc.name)
assert not session.host.search(
'compliance_policy = {0}'.format(scap_policy['name']))
assert session.host.search(host.name)[0]['Name'] == host.name
session.host.apply_action(
'Assign Compliance Policy',
[host.name],
{
'policy': scap_policy['name'],
}
)
assert (session.host.search(
'compliance_policy = {0}'.format(scap_policy['name']))[0]['Name']
==
host.name)
def test_positive_update_scap_policy_with_hostgroup(self, scap_content):
"""Update scap policy by addition of hostgroup
:id: 21b9b82b-7c6c-4944-bc2f-67631e1d4086
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy and hostgroup.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass hostgoups as the parameter.
:expectedresults: The scap policy is updated.
"""
hostgroup = make_hostgroup()
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name':
name,
'deploy-by':
'puppet',
'scap-content-id':
scap_content["scap_id"],
'scap-content-profile-id':
scap_content["scap_profile_id"],
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'hostgroups':
hostgroup['name'],
})
assert scap_policy['hostgroups'][0] == hostgroup['name']
assert scap_policy['deployment-option'] == 'puppet'
new_hostgroup = make_hostgroup()
Scappolicy.update({
'id': scap_policy['id'],
'deploy-by': 'ansible',
'hostgroups': new_hostgroup['name']
})
scap_info = Scappolicy.info({'name': name})
assert scap_info['hostgroups'][0] == new_hostgroup['name']
# Assert if the deployment is updated
assert scap_info['deployment-option'] == 'ansible'
def test_positive_assign_compliance_policy(session, scap_policy):
"""Ensure host compliance Policy can be assigned.
:id: 323661a4-e849-4cc2-aa39-4b4a5fe2abed
:expectedresults: Host Assign Compliance Policy action is working as
expected.
:CaseLevel: Integration
"""
host = entities.Host().create()
org = host.organization.read()
loc = host.location.read()
# add host organization and location to scap policy
scap_policy = Scappolicy.info(
{'id': scap_policy['id']}, output_format='json')
organization_ids = [
policy_org['id']
for policy_org in scap_policy.get('organizations', [])
]
organization_ids.append(org.id)
location_ids = [
policy_loc['id']
for policy_loc in scap_policy.get('locations', [])
]
location_ids.append(loc.id)
Scappolicy.update({
'id': scap_policy['id'],
'organization-ids': organization_ids,
'location-ids': location_ids
})
with session:
session.organization.select(org_name=org.name)
session.location.select(loc_name=loc.name)
assert not session.host.search(
'compliance_policy = {0}'.format(scap_policy['name']))
assert session.host.search(host.name)[0]['Name'] == host.name
session.host.apply_action(
'Assign Compliance Policy',
[host.name],
{
'policy': scap_policy['name'],
}
)
assert (session.host.search(
'compliance_policy = {0}'.format(scap_policy['name']))[0]['Name']
==
host.name)
def test_positive_info_scap_policy_with_name(self):
"""View info of policy with name as parameter
:id: eece98b2-3e6a-4ac0-b742-913482343e9d
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "info" as sub-command.
3. Pass name as the parameter.
:expectedresults: The information is displayed.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name':
name,
'scap-content-id':
self.scap_id_rhel6,
'scap-content-profile-id':
self.scap_profile_id_rhel6,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower()
})
result = Scappolicy.info({'name': scap_policy['name']})
self.assertEqual(result['name'], name)
def test_positive_info_scap_policy_with_id(self):
"""View info of policy with id as parameter
:id: d309000b-777e-4cfb-bf6c-7f02ab130b9d
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "info" as sub-command.
3. Pass ID as the parameter.
:expectedresults: The information is displayed.
"""
scap_policy = make_scap_policy({
'scap-content-id':
self.scap_id_rhel6,
'scap-content-profile-id':
self.scap_profile_id_rhel6,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower()
})
result = Scappolicy.info({'id': scap_policy['id']})
self.assertEqual(result['id'], scap_policy['id'])
def test_positive_info_scap_policy_with_name(self):
"""View info of policy with name as parameter
:id: eece98b2-3e6a-4ac0-b742-913482343e9d
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "info" as sub-command.
3. Pass name as the parameter.
:expectedresults: The information is displayed.
"""
for deploy in ['puppet', 'ansible', 'manual']:
name = gen_string('alphanumeric')
with self.subTest(deploy):
scap_policy = make_scap_policy(
{
'name': name,
'deploy-by': deploy,
'scap-content-id': self.scap_id_rhel7,
'scap-content-profile-id': self.scap_profile_id_rhel7,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
}
)
assert scap_policy['deployment-option'] == deploy
assert Scappolicy.info({'name': scap_policy['name']})['name'] == name
def test_positive_info_scap_policy_with_id(self):
"""View info of policy with id as parameter
:id: d309000b-777e-4cfb-bf6c-7f02ab130b9d
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "info" as sub-command.
3. Pass ID as the parameter.
:expectedresults: The information is displayed.
"""
for deploy in ['puppet', 'ansible', 'manual']:
with self.subTest(deploy):
scap_policy = make_scap_policy(
{
'scap-content-id': self.scap_id_rhel7,
'deploy-by': deploy,
'scap-content-profile-id': self.scap_profile_id_rhel7,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
}
)
assert scap_policy['deployment-option'] == deploy
assert Scappolicy.info({'id': scap_policy['id']})['id'] == scap_policy['id']
def test_positive_list_scap_policy(self):
"""List all scap policies
:id: d14ab43e-c7a9-4eee-b61c-420b07ca1da9
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "list" as sub-command.
:expectedresults: The policies are listed successfully.
"""
name = gen_string('alphanumeric')
make_scap_policy({
'name': name,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower()
})
result = Scappolicy.list()
self.assertIn(name,
[policy['name'] for policy in result]
)
def test_positive_info_scap_policy_with_id(self):
"""View info of policy with id as parameter
:id: d309000b-777e-4cfb-bf6c-7f02ab130b9d
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "info" as sub-command.
3. Pass ID as the parameter.
:expectedresults: The information is displayed.
"""
scap_policy = make_scap_policy({
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower()
})
result = Scappolicy.info({'id': scap_policy['id']})
self.assertEqual(result['id'], scap_policy['id'])
def test_positive_info_scap_policy_with_name(self):
"""View info of policy with name as parameter
:id: eece98b2-3e6a-4ac0-b742-913482343e9d
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "info" as sub-command.
3. Pass name as the parameter.
:expectedresults: The information is displayed.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name': name,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower()
})
result = Scappolicy.info({'name': scap_policy['name']})
self.assertEqual(result['name'], name)
def test_positive_list_scap_policy(self):
"""List all scap policies
:id: d14ab43e-c7a9-4eee-b61c-420b07ca1da9
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "list" as sub-command.
:expectedresults: The policies are listed successfully.
"""
for deploy in ['puppet', 'ansible', 'manual']:
with self.subTest(deploy):
name = gen_string('alphanumeric')
make_scap_policy({
'name': name,
'deploy-by': deploy,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower()
})
result = Scappolicy.list()
self.assertIn(name, [policy['name'] for policy in result])
def test_positive_update_scap_policy_with_content(self):
"""Update the scap policy by updating the scap content
associated with the policy
:id: 3c9df098-9ff8-4f48-a9a0-2ba21a8e48e0
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass scap-content-id as parameter.
:expectedresults: The scap policy is updated.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name':
name,
'deploy-by':
'puppet',
'scap-content-id':
self.scap_id_rhel6,
'scap-content-profile-id':
self.scap_profile_id_rhel6,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
})
self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox'])
Scappolicy.update({
'name': name,
'scap-content-id': scap_id,
'scap-content-profile-id': scap_profile_id,
})
scap_info = Scappolicy.info({'name': name})
self.assertEqual(scap_info['scap-content-id'], scap_id)
self.assertEqual(scap_info['scap-content-profile-id'],
scap_profile_id[0])
def test_positive_associate_scap_policy_with_single_server(self):
"""Assign an audit policy to a single server
:id: 30566c27-f466-4b4d-beaf-0a5bfda98b89
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. At least 1 policy and host.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass host name as the parameter.
:expectedresults: The scap policy is updated.
"""
host = entities.Host()
host.create()
name = gen_string('alpha')
scap_policy = make_scap_policy({
'name':
name,
'deploy-by':
'puppet',
'scap-content-id':
self.scap_id_rhel6,
'scap-content-profile-id':
self.scap_profile_id_rhel6,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower()
})
host_name = host.name + "." + host.domain.name
Scappolicy.update({
'id': scap_policy['id'],
'hosts': host_name,
})
hosts = Host.list(
{'search': 'compliance_policy_id = {0}'.format(scap_policy['id'])})
self.assertIn(host_name, [host['name'] for host in hosts],
'The attached host is different')
def test_positive_update_scap_policy_with_tailoringfiles_name(self):
"""Update the scap policy by updating the scap tailoring file name
associated with the policy
:id: a2403170-51df-4561-9a58-820f77a5e048
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass tailoring-file as parameter.
:expectedresults: The scap policy is updated.
"""
_, file_name = os.path.split(settings.oscap.tailoring_path)
ssh.upload_file(local_file=settings.oscap.tailoring_path,
remote_file="/tmp/{0}".format(file_name))
tailoring_file = make_tailoringfile(
{'scap-file': '/tmp/{0}'.format(file_name)})
tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id']
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name':
name,
'deploy-by':
'ansible',
'scap-content-id':
self.scap_id_rhel6,
'scap-content-profile-id':
self.scap_profile_id_rhel6,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
})
self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6)
Scappolicy.update({
'name': name,
'tailoring-file': tailoring_file['name'],
'tailoring-file-profile-id': tailor_profile_id
})
scap_info = Scappolicy.info({'name': name})
self.assertEqual(scap_info['tailoring-file-id'], tailoring_file['id'])
self.assertEqual(scap_info['tailoring-file-profile-id'],
tailor_profile_id)
def test_positive_update_scap_policy_period(self, scap_content):
"""Update scap policy by updating the period strategy
from monthly to weekly
:id: 4892bc3c-d886-49b4-a5b1-250d96b7e278
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass period as parameter and weekday as parameter.
:expectedresults: The scap policy is updated.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name':
name,
'deploy-by':
'puppet',
'scap-content-id':
scap_content["scap_id"],
'scap-content-profile-id':
scap_content["scap_profile_id"],
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
})
assert scap_policy['period'] == OSCAP_PERIOD['weekly'].lower()
Scappolicy.update({
'id': scap_policy['id'],
'period': OSCAP_PERIOD['monthly'].lower(),
'day-of-month': 15,
})
scap_info = Scappolicy.info({'name': name})
assert scap_info['period'] == OSCAP_PERIOD['monthly'].lower()
assert scap_info['day-of-month'] == '15'
def test_positive_update_scap_policy_with_content(self):
"""Update the scap policy by updating the scap content
associated with the policy
:id: 3c9df098-9ff8-4f48-a9a0-2ba21a8e48e0
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass scap-content-id as parameter.
:expectedresults: The scap policy is updated.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name': name,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
})
self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox']
)
Scappolicy.update({
'name': name,
'scap-content-id': scap_id,
'scap-content-profile-id': scap_profile_id,
})
scap_info = Scappolicy.info({'name': name})
self.assertEqual(scap_info['scap-content-id'], scap_id)
self.assertEqual(scap_info['scap-content-profile-id'],
scap_profile_id[0])
def test_positive_update_scap_policy_with_tailoringfiles_name(self):
"""Update the scap policy by updating the scap tailoring file name
associated with the policy
:id: a2403170-51df-4561-9a58-820f77a5e048
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass tailoring-file as parameter.
:expectedresults: The scap policy is updated.
"""
tailoring_file = make_tailoringfile(
{'scap-file': self.tailoring_file_path})
tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id']
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name':
name,
'deploy-by':
'ansible',
'scap-content-id':
self.scap_id_rhel7,
'scap-content-profile-id':
self.scap_profile_id_rhel7,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
})
assert scap_policy['scap-content-id'] == self.scap_id_rhel7
Scappolicy.update({
'name': name,
'tailoring-file': tailoring_file['name'],
'tailoring-file-profile-id': tailor_profile_id
})
scap_info = Scappolicy.info({'name': name})
assert scap_info['tailoring-file-id'] == tailoring_file['id']
assert scap_info['tailoring-file-profile-id'] == tailor_profile_id
def test_positive_update_scap_policy_with_tailoringfiles_id(self):
"""Update the scap policy by updating the scap tailoring file id
associated with the policy
:id: 91a25e0b-d5d2-49d8-a3cd-1f3836ac323c
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass tailoring-file-id as parameter.
:expectedresults: The scap policy is updated.
"""
_, file_name = os.path.split(settings.oscap.tailoring_path)
ssh.upload_file(
local_file=settings.oscap.tailoring_path,
remote_file="/tmp/{0}".format(file_name)
)
tailoring_file = make_tailoringfile({
'scap-file': '/tmp/{0}'.format(file_name)
})
tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id']
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name': name,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
})
self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6)
Scappolicy.update({
'name': name,
'tailoring-file-id': tailoring_file['id'],
'tailoring-file-profile-id': tailor_profile_id
})
scap_info = Scappolicy.info({'name': name})
self.assertEqual(scap_info['tailoring-file-id'], tailoring_file['id'])
self.assertEqual(scap_info['tailoring-file-profile-id'],
tailor_profile_id)
def test_positive_associate_scap_policy_with_single_server(self):
"""Assign an audit policy to a single server
:id: 30566c27-f466-4b4d-beaf-0a5bfda98b89
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. At least 1 policy and host.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass host name as the parameter.
:expectedresults: The scap policy is updated.
"""
host = entities.Host()
host.create()
name = gen_string('alpha')
scap_policy = make_scap_policy({
'name': name,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower()
})
host_name = host.name + "." + host.domain.name
Scappolicy.update({
'id': scap_policy['id'],
'hosts': host_name,
})
hosts = Host.list({'search': 'compliance_policy_id = {0}'.format(
scap_policy['id'])})
self.assertIn(host_name, [host['name'] for host in hosts],
'The attached host is different')
def test_positive_update_scap_policy_period(self):
"""Update scap policy by updating the period strategy
from monthly to weekly
:id: 4892bc3c-d886-49b4-a5b1-250d96b7e278
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass period as parameter and weekday as parameter.
:expectedresults: The scap policy is updated.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name': name,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
})
self.assertEqual(scap_policy['period'], OSCAP_PERIOD['weekly'].lower())
Scappolicy.update({
'id': scap_policy['id'],
'period': OSCAP_PERIOD['monthly'].lower(),
'day-of-month': 15
})
scap_info = Scappolicy.info({'name': name})
self.assertEqual(scap_info['period'], OSCAP_PERIOD['monthly'].lower())
self.assertEqual(scap_info['day-of-month'], '15')
def test_positive_update_scap_policy_with_hostgroup(self):
"""Update scap policy by addition of hostgroup
:id: 21b9b82b-7c6c-4944-bc2f-67631e1d4086
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy and hostgroup.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass hostgoups as the parameter.
:expectedresults: The scap policy is updated.
"""
hostgroup = make_hostgroup()
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name': name,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'hostgroups': hostgroup['name']
})
self.assertEqual(scap_policy['hostgroups'][0], hostgroup['name'])
new_hostgroup = make_hostgroup()
Scappolicy.update({
'id': scap_policy['id'],
'hostgroups': new_hostgroup['name']
})
scap_info = Scappolicy.info({'name': name})
self.assertEqual(scap_info['hostgroups'][0], new_hostgroup['name'])
def test_positive_push_updated_content(self):
"""Perform end to end oscap test, and push the updated scap content
after first run.
:id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f
:expectedresults: Satellite should push updated content to Clients and
satellite should get updated reports
:CaseLevel: System
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox']
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
Scapcontent.update({
'title': content_update,
'organizations': self.config_env['org_name']
})
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'),
policy_values.get('profile')
)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
# host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os)
)
self.assertTrue(vm.subscribed)
vm.configure_puppet(vm_values.get('rhel_repo'))
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep content_path'
)
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list(
{
'search': 'host={0}'.format(vm.hostname.lower()),
'per-page': 1
})
self.assertIsNotNone(arf_report)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox']
)
Scappolicy.update({
'scap-content-id': scap_id,
'name': policy_values.get('policy'),
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
updated_result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep content_path'
)
self.assertIsNot(result, updated_result)
self.assertEqual(updated_result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
self.assertIsNotNone(
Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_push_updated_content(self):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f
:expectedresults: Satellite should push updated content to Clients and
satellite should get updated reports
:CaseLevel: System
:BZ: 1420439, 1722475
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox']
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
Scapcontent.update({
'title': content_update,
'organizations': self.config_env['org_name']
})
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
})
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
# host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
self.assertTrue(vm.subscribed)
vm.configure_puppet(vm_values.get('rhel_repo'))
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'puppet-environment-id': self.puppet_env.id,
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search':
'host={0}'.format(vm.hostname.lower()),
'per-page':
1
})
self.assertIsNotNone(arf_report)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox'])
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': policy_values.get('policy'),
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
self.assertIsNot(result, updated_result)
self.assertEqual(updated_result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
self.assertIsNotNone(
Arfreport.list(
{'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_upload_to_satellite(
module_org,
default_proxy,
content_view,
lifecycle_env,
puppet_env,
distro,
):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 11fef620-6ee8-4768-a398-db8cede1fc14
:parametrized: yes
:customerscenario: true
:expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be
uploaded to Satellite and be searchable. Satellite should push updated
content to Clients and satellite should get updated reports.
:CaseLevel: System
:BZ: 1479413, 1722475, 1420439, 1722475
"""
hgrp_name = gen_string('alpha')
policy_name = gen_string('alpha')
if distro == 'rhel6':
rhel_repo = settings.repos.rhel6_repo
profile1 = OSCAP_PROFILE['dsrhel6']
profile2 = OSCAP_PROFILE['pcidss6']
profile3 = OSCAP_PROFILE['usgcb']
elif distro == 'rhel7':
rhel_repo = settings.repos.rhel7_repo
profile1 = OSCAP_PROFILE['dsrhel7']
profile2 = OSCAP_PROFILE['pcidss7']
profile3 = OSCAP_PROFILE['ospp7']
else:
rhel_repo = settings.repos.rhel8_repo
profile1 = OSCAP_PROFILE['dsrhel8']
profile2 = OSCAP_PROFILE['pcidss8']
profile3 = OSCAP_PROFILE['ospp8']
content = OSCAP_DEFAULT_CONTENT[f'{distro}_content']
# Creates host_group.
make_hostgroup({
'content-source': settings.server.hostname,
'name': hgrp_name,
'puppet-environment-id': puppet_env.id,
'puppet-ca-proxy': settings.server.hostname,
'puppet-proxy': settings.server.hostname,
'organizations': module_org.name,
'puppet-classes': puppet_classes,
})
# Creates oscap_policy.
scap_id, scap_profile_id = fetch_scap_and_profile_id(content, profile1)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': hgrp_name,
'deploy-by': 'puppet',
'name': policy_name,
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': module_org.name,
})
# Creates vm's and runs openscap scan and uploads report to satellite6.
with VMBroker(nick=distro, host_classes={'host': ContentHost}) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(module_org.name, ak_name[distro])
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': lifecycle_env.name,
'content-view': content_view.name,
'hostgroup': hgrp_name,
'openscap-proxy-id': default_proxy,
'organization': module_org.name,
'puppet-environment-id': puppet_env.id,
})
SmartClassParameter.update({
'name': 'fetch_remote_resources',
'override': 1,
'parameter-type': 'boolean',
'default-value': 'true',
'puppet-class': 'foreman_scap_client',
})
SmartClassParameter.add_matcher({
'smart-class-parameter': 'fetch_remote_resources',
'match': f'fqdn={vm.hostname}',
'value': 'true',
'puppet-class': 'foreman_scap_client',
})
vm.configure_puppet(rhel_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
for profile in [profile2, profile3]:
scap_id, scap_profile_id = fetch_scap_and_profile_id(
content, profile)
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': policy_name,
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organization': module_org.name,
})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
assert result != updated_result
assert updated_result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_associate_scap_policy_with_tailoringfiles(
self, deploy, scap_content, tailoring_file_path):
"""Associate tailoring file by name/id to scap policy with all deployments
:id: d0f9b244-b92d-4889-ba6a-8973ea05bf43
:parametrized: yes
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "create" as sub-command.
3. Pass valid parameters.
4. Associate tailoring file by name/id with policy
:expectedresults: The policy is created and associated successfully.
"""
tailoring_file_a = make_tailoringfile(
{'scap-file': tailoring_file_path['satellite']})
tailoring_file_profile_a_id = tailoring_file_a[
'tailoring-file-profiles'][0]['id']
tailoring_file_b = make_tailoringfile(
{'scap-file': tailoring_file_path['satellite']})
tailoring_file_profile_b_id = tailoring_file_b[
'tailoring-file-profiles'][0]['id']
scap_policy = make_scap_policy({
'scap-content-id':
scap_content["scap_id"],
'deploy-by':
deploy,
'scap-content-profile-id':
scap_content["scap_profile_id"],
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file':
tailoring_file_a['name'],
'tailoring-file-profile-id':
tailoring_file_profile_a_id,
})
assert scap_policy['deployment-option'] == deploy
assert scap_policy['tailoring-file-id'] == tailoring_file_a['id']
assert scap_policy[
'tailoring-file-profile-id'] == tailoring_file_profile_a_id
Scappolicy.update({
'name':
scap_policy['name'],
'tailoring-file':
tailoring_file_b['name'],
'tailoring-file-profile-id':
tailoring_file_profile_b_id,
})
scap_info = Scappolicy.info({'name': scap_policy['name']})
assert scap_info['tailoring-file-id'] == tailoring_file_b['id']
assert scap_info[
'tailoring-file-profile-id'] == tailoring_file_profile_b_id
Scappolicy.delete({'name': scap_policy['name']})
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'name': scap_policy['name']})
scap_policy = make_scap_policy({
'scap-content-id':
scap_content["scap_id"],
'deploy-by':
deploy,
'scap-content-profile-id':
scap_content["scap_profile_id"],
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailoring_file_a['id'],
'tailoring-file-profile-id':
tailoring_file_profile_a_id,
})
assert scap_policy['deployment-option'] == deploy
assert scap_policy['tailoring-file-id'] == tailoring_file_a['id']
assert scap_policy[
'tailoring-file-profile-id'] == tailoring_file_profile_a_id
Scappolicy.update({
'id':
scap_policy['id'],
'tailoring-file-id':
tailoring_file_b['id'],
'tailoring-file-profile-id':
tailoring_file_profile_b_id,
})
scap_info = Scappolicy.info({'id': scap_policy['id']})
assert scap_info['tailoring-file-id'] == tailoring_file_b['id']
assert scap_info[
'tailoring-file-profile-id'] == tailoring_file_profile_b_id
Scappolicy.delete({'id': scap_policy['id']})
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'name': scap_policy['name']})
def test_positive_upload_to_satellite(self):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 17a0978d-64f9-44ad-8303-1f54ada08602
:expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be
uploaded to Satellite and be searchable. Satellite should push updated
content to Clients and satellite should get updated reports.
:CaseLevel: System
:BZ: 1479413, 1722475, 1420439, 1722475
"""
if settings.rhel6_repo is None:
self.skipTest('Missing configuration for rhel6_repo')
rhel6_repo = settings.rhel6_repo
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
if settings.rhel8_repo is None:
self.skipTest('Missing configuration for rhel8_repo')
rhel8_repo = settings.rhel8_repo
hgrp8_name = gen_string('alpha')
rhel7_repo = settings.rhel7_repo
hgrp6_name = gen_string('alpha')
hgrp7_name = gen_string('alpha')
policy6_name = gen_string('alpha')
policy7_name = gen_string('alpha')
policy8_name = gen_string('alpha')
policy_values = [
{
'content': self.rhel6_content,
'hgrp': hgrp6_name,
'policy': policy6_name,
'profile': OSCAP_PROFILE['security6'],
},
{
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': policy7_name,
'profile': OSCAP_PROFILE['security7'],
},
{
'content': self.rhel8_content,
'hgrp': hgrp8_name,
'policy': policy8_name,
'profile': OSCAP_PROFILE['cbrhel8'],
},
]
vm_values = [
{
'distro': DISTRO_RHEL6,
'hgrp': hgrp6_name,
'rhel_repo': rhel6_repo,
'policy': policy6_name,
},
{
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
'policy': policy7_name,
},
{
'distro': DISTRO_RHEL8,
'hgrp': hgrp8_name,
'rhel_repo': rhel8_repo,
'policy': policy8_name,
},
]
# Creates host_group for both rhel6, rhel7 and rhel8.
for host_group in [hgrp6_name, hgrp7_name, hgrp8_name]:
make_hostgroup({
'content-source': self.config_env['sat6_hostname'],
'name': host_group,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
'puppet-classes': self.puppet_classes,
})
# Creates oscap_policy for both rhel6, rhel7 and rhel8.
for value in policy_values:
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
value['content'], value['profile'])
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': value['hgrp'],
'deploy-by': 'puppet',
'name': value['policy'],
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
# Creates two vm's each for rhel6, rhel7 and rhel8, runs
# openscap scan and uploads report to satellite6.
for value in vm_values:
with VirtualMachine(distro=value['distro']) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(value['distro']))
assert vm.subscribed
Host.update({
'name':
vm.hostname.lower(),
'lifecycle-environment':
self.config_env['env_name'],
'content-view':
self.config_env['cv_name'],
'hostgroup':
value['hgrp'],
'openscap-proxy-id':
self.proxy_id,
'organization':
self.config_env['org_name'],
'puppet-environment-id':
self.puppet_env.id,
})
SmartClassParameter.update({
'name':
'fetch_remote_resources',
'override':
1,
'parameter-type':
'boolean',
'default-value':
'true',
'puppet-class':
'foreman_scap_client',
})
SmartClassParameter.add_matcher({
'smart-class-parameter':
'fetch_remote_resources',
'match':
f'fqdn={vm.hostname}',
'value':
'true',
'puppet-class':
'foreman_scap_client',
})
vm.configure_puppet(value['rhel_repo'])
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox'])
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': value['policy'],
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path'
)
assert result != updated_result
assert updated_result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
result = Arfreport.list(
{'search': f'host={vm.hostname.lower()}'})
assert result is not None
