def test_positive_update_scap_content_with_newtitle(self):
"""Update scap content title
:id: 2c32e94a-237d-40b9-8a3b-fca2ef26fe79
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell.
2. Execute "scap-content" command with "update" as sub-command.
3. Pass valid parameters and newtitle parameter.
:expectedresults: The scap-content is updated successfully.
:CaseImportance: Critical
:BZ: 1490302
"""
title = gen_string('alpha')
new_title = gen_string('alpha')
scap_content = make_scapcontent({
'title':
title,
'scap-file':
settings.oscap.content_path
})
assert scap_content['title'] == title
Scapcontent.update({'title': title, 'new-title': new_title})
result = Scapcontent.info({'title': new_title}, output_format='json')
assert result['title'] == new_title
def test_positive_update_scap_content_with_newtitle(self):
"""Update scap content title
:id: 2c32e94a-237d-40b9-8a3b-fca2ef26fe79
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell.
2. Execute "scap-content" command with "update" as sub-command.
3. Pass valid parameters and newtitle parameter.
:expectedresults: The scap-content is updated successfully.
:CaseImportance: Critical
"""
title = gen_string('alpha')
new_title = gen_string('alpha')
scap_content = make_scapcontent({
'title':
title,
'scap-file':
'/tmp/{0}'.format(self.file_name)
})
self.assertEqual(scap_content['title'], title)
result = Scapcontent.update({'title': title, 'new-title': new_title})
if bz_bug_is_open(1496810):
result = Scapcontent.info({'title': new_title},
output_format='json')
self.assertEqual(result['title'], new_title)
def test_positive_delete_scap_content_with_id(self):
"""Delete a scap content with id as parameter
:id: 11ae7652-65e0-4751-b1e0-246b27919238
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell.
2. Execute "scap-content" command with "delete" as sub-command.
3. Pass ID as parameter.
:expectedresults: The scap-content is deleted successfully.
:CaseImportance: Critical
"""
scap_content = make_scapcontent(
{'scap-file': settings.oscap.content_path})
Scapcontent.delete({'id': scap_content['id']})
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'id': scap_content['id']})
def update_scap_content(module_org):
""" Update default scap contents"""
for content in rhel8_content, rhel7_content, rhel6_content:
content = Scapcontent.info({'title': content}, output_format='json')
organization_ids = [content_org['id'] for content_org in content.get('organizations', [])]
organization_ids.append(module_org.id)
Scapcontent.update({'title': content['title'], 'organization-ids': organization_ids})
def test_negative_list_default_content_with_viewer_role(
self, scap_content, default_viewer_role):
"""List the default scap content by user with viewer role
:id: 1e909ffc-10d9-4bcd-b4bb-c26981912bb4
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell with viewer role.
2. Execute the scap-content command with list as sub-Command.
3. Execute the "scap-content" command with info as sub-command.
4. Pass valid parameters.
:expectedresults: The scap-content and it's info is not listed.
:CaseImportance: Critical
"""
result = Scapcontent.with_user(default_viewer_role.login,
default_viewer_role.password).list()
assert len(result) == 0
with pytest.raises(CLIReturnCodeError):
Scapcontent.with_user(default_viewer_role.login,
default_viewer_role.password).info(
{'title': scap_content['title']})
def test_positive_delete_scap_content_with_title(self):
"""Delete a scap content with title as parameter
:id: aa4ca830-3250-4517-b40c-0256cdda5e0a
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell.
2. Execute "scap-content" command with "delete" as sub-command.
3. Pass name as parameter.
:expectedresults: The scap-content is deleted successfully.
:CaseAutomation: Automated
:CaseImportance: Critical
"""
scap_content = make_scapcontent(
{'scap-file': settings.oscap.content_path})
Scapcontent.delete({'title': scap_content['title']})
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'title': scap_content['title']})
def test_positive_delete_scap_policy_with_name(self):
"""Delete the scap policy with name as parameter
:id: 6c167e7b-cbdd-4059-808c-04c686ba9fe8
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "delete" as sub-command.
3. Pass name as parameter.
:expectedresults: The scap policy is deleted successfully.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name': name,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
})
self.assertEqual(scap_policy['name'], name)
Scappolicy.delete({'name': name})
with self.assertRaises(CLIReturnCodeError):
Scapcontent.info({'name': scap_policy['name']})
def test_negative_info_scap_content(self):
"""View info of scap content with invalid ID as parameter
:id: 86f44fb1-2e2b-4004-83c1-4a62162ebea9
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell as admin.
2. Execute the "scap-content" command with info as sub-command.
3. Pass invalid "ID" of scap-content as argument.
:expectedresults: The info of the scap-content is not listed.
:caseautomation: automated
:CaseImportance: Critical
"""
scap_id = gen_string('alphanumeric')
with self.assertRaises(CLIReturnCodeError):
Scapcontent.info({'id': scap_id})
def test_positive_delete_scap_policy_with_name(self):
"""Delete the scap policy with name as parameter
:id: 6c167e7b-cbdd-4059-808c-04c686ba9fe8
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
3. Atleast 1 policy.
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "delete" as sub-command.
3. Pass name as parameter.
:expectedresults: The scap policy is deleted successfully.
"""
name = gen_string('alphanumeric')
scap_policy = make_scap_policy(
{
'name': name,
'deploy-by': 'puppet',
'scap-content-id': self.scap_id_rhel7,
'scap-content-profile-id': self.scap_profile_id_rhel7,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
}
)
assert scap_policy['name'] == name
Scappolicy.delete({'name': name})
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'name': scap_policy['name']})
def test_negative_info_scap_content_viewer_role(self):
"""View info of scap content with viewer role
:id: 15eb035b-d301-4dbd-b66a-c4621d2003a3
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell with user with viewer role.
2. Execute the "scap-content" command with info as sub-command.
3. Pass valid parameters.
:expectedresults: The info of the scap-content is not listed.
:CaseImportance: Critical
"""
title = gen_string('alpha')
make_scapcontent({
'title': title,
'scap-file': '/tmp/{0}'.format(self.file_name)})
login, password = self.create_test_user_viewer_role()
with self.assertRaises(CLIReturnCodeError):
Scapcontent.with_user(login, password).info({'title': title})
def test_positive_update_scap_content_with_newtitle(self):
"""Update scap content title
:id: 2c32e94a-237d-40b9-8a3b-fca2ef26fe79
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell.
2. Execute "scap-content" command with "update" as sub-command.
3. Pass valid parameters and newtitle parameter.
:expectedresults: The scap-content is updated successfully.
:CaseImportance: Critical
"""
title = gen_string('alpha')
new_title = gen_string('alpha')
scap_content = make_scapcontent({
'title': title,
'scap-file': '/tmp/{0}'.format(self.file_name)})
self.assertEqual(scap_content['title'], title)
result = Scapcontent.update({
'title': title,
'new-title': new_title})
if bz_bug_is_open(1496810):
result = Scapcontent.info({'title': new_title})
self.assertEqual(result['title'], new_title)
def test_positive_delete_scap_content_with_id(self):
"""Delete a scap content with id as parameter
:id: 11ae7652-65e0-4751-b1e0-246b27919238
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell.
2. Execute "scap-content" command with "delete" as sub-command.
3. Pass ID as parameter.
:expectedresults: The scap-content is deleted successfully.
:CaseImportance: Critical
"""
scap_content = make_scapcontent({
'scap-file': '/tmp/{0}'.format(self.file_name)})
Scapcontent.delete({'id': scap_content['id']})
with self.assertRaises(CLIReturnCodeError):
Scapcontent.info({'id': scap_content['id']})
def test_positive_delete_scap_content_with_title(self):
"""Delete a scap content with title as parameter
:id: aa4ca830-3250-4517-b40c-0256cdda5e0a
:setup:
1. Oscap should be enabled.
2. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell.
2. Execute "scap-content" command with "delete" as sub-command.
3. Pass name as parameter.
:expectedresults: The scap-content is deleted successfully.
:caseautomation: automated
:CaseImportance: Critical
"""
scap_content = make_scapcontent({
'scap-file': '/tmp/{0}'.format(self.file_name)})
Scapcontent.delete({'title': scap_content['title']})
with self.assertRaises(CLIReturnCodeError):
Scapcontent.info({'title': scap_content['title']})
def test_negative_info_scap_content_viewer_role(self):
"""View info of scap content with viewer role
:id: 15eb035b-d301-4dbd-b66a-c4621d2003a3
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell with user with viewer role.
2. Execute the "scap-content" command with info as sub-command.
3. Pass valid parameters.
:expectedresults: The info of the scap-content is not listed.
:CaseImportance: Critical
"""
title = gen_string('alpha')
make_scapcontent({
'title': title,
'scap-file': '/tmp/{0}'.format(self.file_name)
})
login, password = self.create_test_user_viewer_role()
with self.assertRaises(CLIReturnCodeError):
Scapcontent.with_user(login, password).info({'title': title})
def test_positive_associate_tailoring_file_with_scap(self):
""" Associate a Tailoring file with it’s scap content
:id: 33e7b8ca-2e5f-4886-91b7-1a8763059d14
:setup: scap content and tailoring file
:steps:
1. Create a valid scap content
2. Upload a vaild tailoring file
3. Associate scap content with it’s tailoring file
:expectedresults: Association should be successful
:CaseImportance: Critical
"""
tailoring_name = gen_string('alpha')
content_name = OSCAP_DEFAULT_CONTENT['rhel7_content']
Scapcontent.update({
'title': content_name,
'organizations': self.org_name})
policy_name = gen_string('alpha')
with Session(self) as session:
session.nav.go_to_select_org(self.org_name)
make_oscap_tailoringfile(
session,
name=tailoring_name,
tailoring_path=self.tailoring_path,
tailoring_loc=self.loc_name,
)
self.assertIsNotNone(
self.oscaptailoringfile.search(tailoring_name),
msg="Tailoring file name element not found")
self.assertIsNotNone(
self.oscapcontent.search(content_name))
make_oscappolicy(
session,
content=content_name,
name=policy_name,
period=OSCAP_PERIOD['weekly'],
profile=OSCAP_PROFILE['common'],
tailoring=tailoring_name,
tailoring_profile=OSCAP_PROFILE['tailoring_rhel7'],
period_value=OSCAP_WEEKDAY['friday'],
)
self.assertIsNotNone(
self.oscappolicy.search(policy_name),
msg="scap policy name element not found")
def test_positive_associate_tailoring_file_with_scap(self):
""" Associate a Tailoring file with it’s scap content
:id: 33e7b8ca-2e5f-4886-91b7-1a8763059d14
:setup: scap content and tailoring file
:steps:
1. Create a valid scap content
2. Upload a vaild tailoring file
3. Associate scap content with it’s tailoring file
:expectedresults: Association should be successful
:CaseImportance: Critical
"""
tailoring_name = gen_string('alpha')
content_name = OSCAP_DEFAULT_CONTENT['rhel7_content']
Scapcontent.update({
'title': content_name,
'organizations': self.org_name
})
policy_name = gen_string('alpha')
with Session(self) as session:
session.nav.go_to_select_org(self.org_name)
make_oscap_tailoringfile(
session,
name=tailoring_name,
tailoring_path=self.tailoring_path,
tailoring_loc=self.loc_name,
)
self.assertIsNotNone(
self.oscaptailoringfile.search(tailoring_name),
msg="Tailoring file name element not found")
self.assertIsNotNone(self.oscapcontent.search(content_name))
make_oscappolicy(
session,
content=content_name,
name=policy_name,
period=OSCAP_PERIOD['weekly'],
profile=OSCAP_PROFILE['common'],
tailoring=tailoring_name,
tailoring_profile=OSCAP_PROFILE['tailoring_rhel7'],
period_value=OSCAP_WEEKDAY['friday'],
)
self.assertIsNotNone(self.oscappolicy.search(policy_name),
msg="scap policy name element not found")
def test_negative_list_default_content_with_viewer_role(self):
"""List the default scap content by user with viewer role
:id: 1e909ffc-10d9-4bcd-b4bb-c26981912bb4
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to shell from user account.
2. Execute the scap-content command with list as sub-Command.
:expectedresults: The scap-content is not listed.
:caseautomation: automated
:CaseImportance: Critical
"""
login, password = self.create_test_user_viewer_role()
result = Scapcontent.with_user(login, password).list()
self.assertEqual(len(result), 0)
def test_positive_list_default_content_with_admin(self):
"""List the default scap content with admin account
:id: 32c41c22-6aef-424e-8e69-a65c00f1c811
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to shell from admin account.
2. Execute the scap-content command with list as sub-command.
:expectedresults: Default scap-content are listed.
:BZ: 1749692
:customerscenario: true
:CaseImportance: Critical
"""
scap_contents = [content['title'] for content in Scapcontent.list()]
for title in OSCAP_DEFAULT_CONTENT.values():
assert title in scap_contents
def test_positive_view_scap_content_info_admin(self):
"""View info of scap content with admin account
:id: 539ea982-0701-43f5-bb91-e566e6687e35
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell as admin.
2. Execute the "scap-content" command with info as sub-command.
3. Pass valid "ID" of scap-content as argument.
:expectedresults: The info of the scap-content is listed.
:CaseImportance: Critical
"""
title = gen_string('alpha')
make_scapcontent({
'title': title,
'scap-file': '/tmp/{0}'.format(self.file_name)})
result = Scapcontent.info({'title': title})
self.assertEqual(result['title'], title)
def test_positive_view_scap_content_info_admin(self):
"""View info of scap content with admin account
:id: 539ea982-0701-43f5-bb91-e566e6687e35
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell as admin.
2. Execute the "scap-content" command with info as sub-command.
3. Pass valid "ID" of scap-content as argument.
:expectedresults: The info of the scap-content is listed.
:CaseImportance: Critical
"""
title = gen_string('alpha')
make_scapcontent({
'title': title,
'scap-file': settings.oscap.content_path
})
result = Scapcontent.info({'title': title})
assert result['title'] == title
def test_positive_list_default_content_with_admin(self):
"""List the default scap content with admin account
:id: 32c41c22-6aef-424e-8e69-a65c00f1c811
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to shell from admin account.
2. Execute the scap-content command with list as sub-command.
:expectedresults: The scap-content are listed.
:CaseImportance: Critical
"""
result = Scapcontent.list()
self.assertIn(
OSCAP_DEFAULT_CONTENT['rhel7_content'],
[scap['title'] for scap in result]
)
def test_positive_list_default_content_with_admin(self):
"""List the default scap content with admin account
:id: 32c41c22-6aef-424e-8e69-a65c00f1c811
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to shell from admin account.
2. Execute the scap-content command with list as sub-command.
:expectedresults: The scap-content are listed.
:CaseImportance: Critical
"""
result = Scapcontent.list()
self.assertIn(
OSCAP_DEFAULT_CONTENT['rhel7_content'],
[scap['title'] for scap in result]
)
def setUpClass(cls):
super(OpenScapTestCase, cls).setUpClass()
cls.title = gen_string('alpha')
result = [scap['title'] for scap in Scapcontent.list() if scap.get('title') in cls.title]
if not result:
make_scapcontent({'title': cls.title, 'scap-file': settings.oscap.content_path})
cls.scap_id_rhel7, cls.scap_profile_id_rhel7 = cls.fetch_scap_and_profile_id(
cls.title, OSCAP_PROFILE['security7']
)
cls.tailoring_file_path = file_downloader(
file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname
)[0]
Ansible.roles_import({'proxy-id': 1})
Ansible.variables_import({'proxy-id': 1})
def test_negative_info_scap_content(self):
"""View info of scap content with invalid ID as parameter
:id: 86f44fb1-2e2b-4004-83c1-4a62162ebea9
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to hammer shell as admin.
2. Execute the "scap-content" command with info as sub-command.
3. Pass invalid "ID" of scap-content as argument.
:expectedresults: The info of the scap-content is not listed.
:CaseImportance: Critical
"""
invalid_scap_id = gen_string('alpha')
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'id': invalid_scap_id})
def fetch_scap_and_profile_id(cls, scap_name, scap_profile):
"""Extracts the scap ID and scap profile id
:param scap_name: Scap title
:param scap_profile: Scap profile you want to select
:returns: scap_id and scap_profile_id
"""
default_content = Scapcontent.info({'title': scap_name}, output_format='json')
scap_id = default_content['id']
scap_profile_ids = [
profile['id']
for profile in default_content['scap-content-profiles']
if scap_profile in profile['title']
]
return scap_id, scap_profile_ids
def fetch_scap_and_profile_id(cls, scap_name, scap_profile):
"""Extracts the scap ID and scap profile id
:param scap_name: Scap title
:param scap_profile: Scap profile you want to select
:returns: scap_id and scap_profile_id
"""
default_content = Scapcontent.info({'title': scap_name})
scap_id = default_content['id']
scap_profile_ids = [
profile['id']
for profile in default_content['scap-content-profiles']
if scap_profile in profile['title']
]
return scap_id, scap_profile_ids
def scap_content():
oscap_content_path = settings.oscap.content_path
_, file_name = os.path.split(oscap_content_path)
title = 'rhel-content-{0}'.format(gen_string('alpha'))
ssh.upload_file(local_file=oscap_content_path,
remote_file="/tmp/{0}".format(file_name))
scap_info = make_scapcontent({
'title': title,
'scap-file': '/tmp/{0}'.format(file_name)
})
scap_id = scap_info['id']
scap_info = Scapcontent.info({'id': scap_id}, output_format='json')
scap_profile_id = [
profile['id'] for profile in scap_info['scap-content-profiles']
if OSCAP_PROFILE['common'] in profile['title']
][0]
return scap_id, scap_profile_id
def setUpClass(cls):
super(OpenScapTestCase, cls).setUpClass()
_, cls.file_name = os.path.split(settings.oscap.content_path)
# uploads the scap content to satellite
ssh.upload_file(local_file=settings.oscap.content_path,
remote_file="/tmp/{0}".format(cls.file_name))
cls.title = 'rhel-6-content'
result = [
scap['title'] for scap in Scapcontent.list()
if scap.get('title') in cls.title
]
if not result:
make_scapcontent({
'title': cls.title,
'scap-file': '/tmp/{0}'.format(cls.file_name)
})
cls.scap_id_rhel6, cls.scap_profile_id_rhel6 = (
cls.fetch_scap_and_profile_id(cls.title, OSCAP_PROFILE['common']))
def scap_content():
oscap_content_path = settings.oscap.content_path
_, file_name = os.path.split(oscap_content_path)
title = 'rhel-content-{0}'.format(gen_string('alpha'))
ssh.upload_file(
local_file=oscap_content_path,
remote_file="/tmp/{0}".format(file_name)
)
scap_info = make_scapcontent({
'title': title,
'scap-file': '/tmp/{0}'.format(file_name)
})
scap_id = scap_info['id']
scap_info = Scapcontent.info({'id': scap_id}, output_format='json')
scap_profile_id = [
profile['id']
for profile in scap_info['scap-content-profiles']
if OSCAP_PROFILE['common'] in profile['title']
][0]
return scap_id, scap_profile_id
def setUpClass(cls):
super(OpenScapTestCase, cls).setUpClass()
_, cls.file_name = os.path.split(settings.oscap.content_path)
# uploads the scap content to satellite
ssh.upload_file(local_file=settings.oscap.content_path,
remote_file="/tmp/{0}".format(cls.file_name))
cls.title = gen_string('alpha')
result = [
scap['title'] for scap in Scapcontent.list()
if scap.get('title') in cls.title
]
if not result:
make_scapcontent({
'title': cls.title,
'scap-file': '/tmp/{0}'.format(cls.file_name)
})
cls.scap_id_rhel6, cls.scap_profile_id_rhel6 = (
cls.fetch_scap_and_profile_id(cls.title,
OSCAP_PROFILE['security6']))
Ansible.roles_import({'proxy-id': 1})
Ansible.variables_import({'proxy-id': 1})
def setUpClass(cls):
super(OpenScapTestCase, cls).setUpClass()
_, cls.file_name = os.path.split(settings.oscap.content_path)
# uploads the scap content to satellite
ssh.upload_file(
local_file=settings.oscap.content_path,
remote_file="/tmp/{0}".format(cls.file_name)
)
cls.title = 'rhel-6-content'
result = [scap['title'] for scap in Scapcontent.list() if
scap.get('title') in cls.title]
if not result:
make_scapcontent({
'title': cls.title,
'scap-file': '/tmp/{0}'.format(cls.file_name)
})
cls.scap_id_rhel6, cls.scap_profile_id_rhel6 = (
cls.fetch_scap_and_profile_id(
cls.title,
OSCAP_PROFILE['common']
)
)
def test_negative_list_default_content_with_viewer_role(self):
"""List the default scap content by user with viewer role
:id: 1e909ffc-10d9-4bcd-b4bb-c26981912bb4
:setup:
1. Oscap should be enabled.
2. Default content should already be populated.
3. Oscap-cli hammer plugin installed.
:steps:
1. Login to shell from user account.
2. Execute the scap-content command with list as sub-Command.
:expectedresults: The scap-content is not listed.
:CaseImportance: Critical
"""
login, password = self.create_test_user_viewer_role()
result = Scapcontent.with_user(login, password).list()
self.assertEqual(len(result), 0)
def configure_puppet_test(cls):
"""Sets up the whole provisioning environment needed for Puppet based
end-to-end tests like OSCAP etc
:returns: A dict of entities to help with provisioning
"""
cls.rhel6_content = OSCAP_DEFAULT_CONTENT['rhel6_content']
cls.rhel7_content = OSCAP_DEFAULT_CONTENT['rhel7_content']
sat6_hostname = settings.server.hostname
ak_name_7 = gen_string('alpha')
ak_name_6 = gen_string('alpha')
repo_values = [
{
'repo': settings.sattools_repo['rhel6'],
'akname': ak_name_6
},
{
'repo': settings.sattools_repo['rhel7'],
'akname': ak_name_7
},
]
# Create new organization and environment.
org = entities.Organization(name=gen_string('alpha')).create()
loc = entities.Location(name=DEFAULT_LOC).search()[0].read()
puppet_env = entities.Environment().search(
query={u'search': u'name=production'})[0].read()
puppet_env.location.append(loc)
puppet_env.organization.append(org)
puppet_env = puppet_env.update(['location', 'organization'])
Proxy.import_classes({
u'environment': puppet_env.name,
u'name': sat6_hostname,
})
env = entities.LifecycleEnvironment(organization=org,
name=gen_string('alpha')).create()
# Create content view
content_view = entities.ContentView(organization=org,
name=gen_string('alpha')).create()
# Create two activation keys for rhel7 and rhel6
for repo in repo_values:
activation_key = entities.ActivationKey(
name=repo.get('akname'),
environment=env,
organization=org,
).create()
# Setup org for a custom repo for RHEL6 and RHEL7
setup_org_for_a_custom_repo({
'url': repo.get('repo'),
'organization-id': org.id,
'content-view-id': content_view.id,
'lifecycle-environment-id': env.id,
'activationkey-id': activation_key.id
})
for content in cls.rhel6_content, cls.rhel7_content:
Scapcontent.update({'title': content, 'organizations': org.name})
return {
'org_name': org.name,
'cv_name': content_view.name,
'sat6_hostname': settings.server.hostname,
'ak_name': {
'rhel7': ak_name_7,
'rhel6': ak_name_6
},
'env_name': env.name,
}
def test_positive_associate_scap_policy_with_tailoringfiles(
self, deploy, scap_content, tailoring_file_path):
"""Associate tailoring file by name/id to scap policy with all deployments
:id: d0f9b244-b92d-4889-ba6a-8973ea05bf43
:parametrized: yes
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "create" as sub-command.
3. Pass valid parameters.
4. Associate tailoring file by name/id with policy
:expectedresults: The policy is created and associated successfully.
"""
tailoring_file_a = make_tailoringfile(
{'scap-file': tailoring_file_path['satellite']})
tailoring_file_profile_a_id = tailoring_file_a[
'tailoring-file-profiles'][0]['id']
tailoring_file_b = make_tailoringfile(
{'scap-file': tailoring_file_path['satellite']})
tailoring_file_profile_b_id = tailoring_file_b[
'tailoring-file-profiles'][0]['id']
scap_policy = make_scap_policy({
'scap-content-id':
scap_content["scap_id"],
'deploy-by':
deploy,
'scap-content-profile-id':
scap_content["scap_profile_id"],
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file':
tailoring_file_a['name'],
'tailoring-file-profile-id':
tailoring_file_profile_a_id,
})
assert scap_policy['deployment-option'] == deploy
assert scap_policy['tailoring-file-id'] == tailoring_file_a['id']
assert scap_policy[
'tailoring-file-profile-id'] == tailoring_file_profile_a_id
Scappolicy.update({
'name':
scap_policy['name'],
'tailoring-file':
tailoring_file_b['name'],
'tailoring-file-profile-id':
tailoring_file_profile_b_id,
})
scap_info = Scappolicy.info({'name': scap_policy['name']})
assert scap_info['tailoring-file-id'] == tailoring_file_b['id']
assert scap_info[
'tailoring-file-profile-id'] == tailoring_file_profile_b_id
Scappolicy.delete({'name': scap_policy['name']})
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'name': scap_policy['name']})
scap_policy = make_scap_policy({
'scap-content-id':
scap_content["scap_id"],
'deploy-by':
deploy,
'scap-content-profile-id':
scap_content["scap_profile_id"],
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailoring_file_a['id'],
'tailoring-file-profile-id':
tailoring_file_profile_a_id,
})
assert scap_policy['deployment-option'] == deploy
assert scap_policy['tailoring-file-id'] == tailoring_file_a['id']
assert scap_policy[
'tailoring-file-profile-id'] == tailoring_file_profile_a_id
Scappolicy.update({
'id':
scap_policy['id'],
'tailoring-file-id':
tailoring_file_b['id'],
'tailoring-file-profile-id':
tailoring_file_profile_b_id,
})
scap_info = Scappolicy.info({'id': scap_policy['id']})
assert scap_info['tailoring-file-id'] == tailoring_file_b['id']
assert scap_info[
'tailoring-file-profile-id'] == tailoring_file_profile_b_id
Scappolicy.delete({'id': scap_policy['id']})
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'name': scap_policy['name']})
def test_positive_push_updated_content(self):
"""Perform end to end oscap test, and push the updated scap content
after first run.
:id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f
:expectedresults: Satellite should push updated content to Clients and
satellite should get updated reports
:CaseLevel: System
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox']
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
Scapcontent.update({
'title': content_update,
'organizations': self.config_env['org_name']
})
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'),
policy_values.get('profile')
)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
# host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os)
)
self.assertTrue(vm.subscribed)
vm.configure_puppet(vm_values.get('rhel_repo'))
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep content_path'
)
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list(
{
'search': 'host={0}'.format(vm.hostname.lower()),
'per-page': 1
})
self.assertIsNotNone(arf_report)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox']
)
Scappolicy.update({
'scap-content-id': scap_id,
'name': policy_values.get('policy'),
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
updated_result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep content_path'
)
self.assertIsNot(result, updated_result)
self.assertEqual(updated_result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
self.assertIsNotNone(
Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))
def configure_puppet_test(cls):
"""Sets up the whole provisioning environment needed for Puppet based
end-to-end tests like OSCAP etc
:returns: A dict of entities to help with provisioning
"""
cls.rhel6_content = OSCAP_DEFAULT_CONTENT['rhel6_content']
cls.rhel7_content = OSCAP_DEFAULT_CONTENT['rhel7_content']
sat6_hostname = settings.server.hostname
ak_name_7 = gen_string('alpha')
ak_name_6 = gen_string('alpha')
repo_values = [
{
'repo': REPOS['rhst6']['name'],
'reposet': REPOSET['rhst6'],
'akname': ak_name_6
},
{
'repo': REPOS['rhst7']['name'],
'reposet': REPOSET['rhst7'],
'akname': ak_name_7
},
]
# Create new organization and environment.
org = entities.Organization(name=gen_string('alpha')).create()
loc = entities.Location(name=DEFAULT_LOC).search()[0].read()
puppet_env = entities.Environment().search(
query={u'search': u'name=production'})[0].read()
puppet_env.location.append(loc)
puppet_env.organization.append(org)
puppet_env = puppet_env.update(['location', 'organization'])
Proxy.import_classes({
u'environment': puppet_env.name,
u'name': sat6_hostname,
})
env = entities.LifecycleEnvironment(
organization=org,
name=gen_string('alpha')
).create()
# Clone and Upload manifest
with manifests.clone() as manifest:
upload_manifest(org.id, manifest.content)
# Create content view
content_view = entities.ContentView(
organization=org,
name=gen_string('alpha')
).create()
# Create two activation keys for rhel7 and rhel6
for repo in repo_values:
activation_key = entities.ActivationKey(
name=repo.get('akname'),
environment=env,
organization=org,
).create()
# Setup org for a RH or custom repo for RHEL6 and RHEL7
setup_org_for_a_rh_repo({
'product': PRDS['rhel'],
'repository-set': repo.get('reposet'),
'repository': repo.get('repo'),
'organization-id': org.id,
'content-view-id': content_view.id,
'lifecycle-environment-id': env.id,
'activationkey-id': activation_key.id,
})
for content in cls.rhel6_content, cls.rhel7_content:
Scapcontent.update({
'title': content,
'organizations': org.name})
return {
'org_name': org.name,
'cv_name': content_view.name,
'sat6_hostname': settings.server.hostname,
'ak_name': {'rhel7': ak_name_7, 'rhel6': ak_name_6},
'env_name': env.name,
}
def test_positive_push_updated_content(self):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f
:expectedresults: Satellite should push updated content to Clients and
satellite should get updated reports
:CaseLevel: System
:BZ: 1420439, 1722475
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox']
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
Scapcontent.update({
'title': content_update,
'organizations': self.config_env['org_name']
})
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
})
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
# host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
self.assertTrue(vm.subscribed)
vm.configure_puppet(vm_values.get('rhel_repo'))
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'puppet-environment-id': self.puppet_env.id,
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search':
'host={0}'.format(vm.hostname.lower()),
'per-page':
1
})
self.assertIsNotNone(arf_report)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox'])
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': policy_values.get('policy'),
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
self.assertIsNot(result, updated_result)
self.assertEqual(updated_result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
self.assertIsNotNone(
Arfreport.list(
{'search': 'host={0}'.format(vm.hostname.lower())}))
def configure_puppet_test(cls):
"""Sets up the whole provisioning environment needed for Puppet based
end-to-end tests like OSCAP etc
:returns: A dict of entities to help with provisioning
"""
cls.rhel6_content = OSCAP_DEFAULT_CONTENT['rhel6_content']
cls.rhel7_content = OSCAP_DEFAULT_CONTENT['rhel7_content']
cls.rhel8_content = OSCAP_DEFAULT_CONTENT['rhel8_content']
sat6_hostname = settings.server.hostname
proxy = Proxy.list({'search': sat6_hostname})[0]
p_features = set(proxy.get('features').split(', '))
if {'Puppet', 'Ansible', 'Openscap'}.issubset(p_features):
cls.proxy_id = proxy.get('id')
else:
raise ProxyError(
'Some features like Puppet, DHCP, Openscap, Ansible are not present'
)
ak_name_8 = gen_string('alpha')
ak_name_7 = gen_string('alpha')
ak_name_6 = gen_string('alpha')
repo_values = [
{
'repo': settings.sattools_repo['rhel8'],
'akname': ak_name_8
},
{
'repo': settings.sattools_repo['rhel7'],
'akname': ak_name_7
},
{
'repo': settings.sattools_repo['rhel6'],
'akname': ak_name_6
},
]
# Create new organization and environment.
org = entities.Organization(name=gen_string('alpha')).create()
cls.puppet_env = (entities.Environment().search(
query={'search': 'name=production'})[0].read())
cls.puppet_env.organization.append(org)
cls.puppet_env = cls.puppet_env.update(['organization'])
smart_proxy = (entities.SmartProxy().search(
query={'search': f'name={sat6_hostname}'})[0].read())
smart_proxy.import_puppetclasses(environment=cls.puppet_env.name)
env = entities.LifecycleEnvironment(organization=org,
name=gen_string('alpha')).create()
# Create content view
content_view = entities.ContentView(organization=org,
name=gen_string('alpha')).create()
# Create activation keys for rhel6, rhel7 and rhel8.
for repo in repo_values:
activation_key = entities.ActivationKey(name=repo.get('akname'),
environment=env,
organization=org).create()
# Setup org for a custom repo for RHEL6, RHEL7 and RHEL8.
setup_org_for_a_custom_repo({
'url': repo.get('repo'),
'organization-id': org.id,
'content-view-id': content_view.id,
'lifecycle-environment-id': env.id,
'activationkey-id': activation_key.id,
})
for content in cls.rhel8_content, cls.rhel7_content, cls.rhel6_content:
content = Scapcontent.info({'title': content},
output_format='json')
organization_ids = [
content_org['id']
for content_org in content.get('organizations', [])
]
organization_ids.append(org.id)
Scapcontent.update({
'title': content['title'],
'organization-ids': organization_ids
})
return {
'org_name': org.name,
'cv_name': content_view.name,
'sat6_hostname': settings.server.hostname,
'ak_name': {
'rhel8': ak_name_8,
'rhel7': ak_name_7,
'rhel6': ak_name_6
},
'env_name': env.name,
}
