def testSuccess(self): user = test_utils.CreateUser() expected_host_id = test_utils.CreateBit9Host(users=[user.nickname]).key.id() test_utils.CreateBit9Host(users=['someone_else']) test_utils.CreateSantaHost(primary_user=user.nickname) actual_host_ids = model_utils.GetBit9HostIdsForUser(user) self.assertListEqual([expected_host_id], actual_host_ids)
def testGetSelf(self): user = test_utils.CreateUser() host_id_1 = test_utils.CreateBit9Host(users=[user.nickname]).key.id() host_id_2 = test_utils.CreateBit9Host(users=[user.nickname]).key.id() with self.LoggedInUser(user=user): response = self.testapp.get(self.SELF_ROUTE) output = response.json expected_host_ids = [host_id_1, host_id_2] actual_host_ids = [host['id'] for host in output] self.assertListEqual(sorted(expected_host_ids), sorted(actual_host_ids))
def testGetSelf_Sorted(self): """Hosts are sorted by their rule_sync_dts.""" early, middle, recent, recenter = common_test_utils.GetSequentialTimes(4) user = test_utils.CreateUser() santa_host_1 = test_utils.CreateSantaHost( primary_user=user.nickname, rule_sync_dt=early) santa_host_2 = test_utils.CreateSantaHost( primary_user=user.nickname, rule_sync_dt=middle) test_utils.CreateSantaHost(rule_sync_dt=recent) bit9_host_1 = test_utils.CreateBit9Host( users=[user.nickname], last_event_dt=recenter) self.assertTrue(model_utils.IsHostAssociatedWithUser(santa_host_1, user)) self.assertTrue(model_utils.IsHostAssociatedWithUser(santa_host_2, user)) self.assertTrue(model_utils.IsHostAssociatedWithUser(bit9_host_1, user)) with self.LoggedInUser(user=user): response = self.testapp.get(self.SELF_ROUTE) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertLen(output, 3) expected_host_ids = [ bit9_host_1.key.id(), santa_host_2.key.id(), santa_host_1.key.id()] actual_host_ids = [entry['id'] for entry in output] self.assertListEqual(sorted(expected_host_ids), sorted(actual_host_ids))
def testRenew_Failure(self): host_id = test_utils.CreateBit9Host().key.id() test_utils.CreateExemption(host_id, initial_state=_STATE.ESCALATED) with self.assertRaises(api.InvalidRenewalError): api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY) self.mock_send.assert_not_called()
def testNotSantaClient(self): user = test_utils.CreateUser() host = test_utils.CreateBit9Host(users=[user.nickname]) with self.LoggedInUser(user=user): url = self.ROUTE % (host.key.id(), 'true') self.testapp.put(url, status=httplib.FORBIDDEN)
def testBlockableKey_NotABlockableKey(self): host = test_utils.CreateBit9Host() change = rule_models.RuleChangeSet( rule_keys=[], change_type=constants.RULE_POLICY.WHITELIST, parent=host.key) with self.assertRaises(ValueError): change.put()
def testSuccess(self): binary_count = 10 # Create a user and some corresponding Bit9Hosts. user = test_utils.CreateUser() host_1 = test_utils.CreateBit9Host(id='1111', users=[user.nickname]) host_2 = test_utils.CreateBit9Host(id='2222', users=[user.nickname]) host_3 = test_utils.CreateBit9Host(id='3333', users=[user.nickname]) # Create some Bit9Binaries, each with a Bit9Rule for host_1 and host_2. binaries = test_utils.CreateBit9Binaries(binary_count) for binary in binaries: test_utils.CreateBit9Rule( binary.key, host_id=host_1.key.id(), user_key=user.key, in_effect=True) test_utils.CreateBit9Rule( binary.key, host_id=host_2.key.id(), user_key=user.key, in_effect=True) # Verify all the rule counts. self.assertEntityCount(bit9_models.Bit9Rule, binary_count * 2) host_1_rules = bit9_models.Bit9Rule.query( bit9_models.Bit9Rule.host_id == host_1.key.id()).fetch() self.assertEqual(binary_count, len(host_1_rules)) host_2_rules = bit9_models.Bit9Rule.query( bit9_models.Bit9Rule.host_id == host_2.key.id()).fetch() self.assertEqual(binary_count, len(host_2_rules)) host_3_rules = bit9_models.Bit9Rule.query( bit9_models.Bit9Rule.host_id == host_3.key.id()).fetch() self.assertEqual(0, len(host_3_rules)) sync._CopyLocalRules(user.key, host_3.key.id()).get_result() # Verify all the rule counts again. self.assertEntityCount(bit9_models.Bit9Rule, binary_count * 3) host_1_rules = bit9_models.Bit9Rule.query( bit9_models.Bit9Rule.host_id == host_1.key.id()).fetch() self.assertEqual(binary_count, len(host_1_rules)) host_2_rules = bit9_models.Bit9Rule.query( bit9_models.Bit9Rule.host_id == host_2.key.id()).fetch() self.assertEqual(binary_count, len(host_2_rules)) host_3_rules = bit9_models.Bit9Rule.query( bit9_models.Bit9Rule.host_id == host_3.key.id()).fetch() self.assertEqual(binary_count, len(host_3_rules))
def testPost_WindowsNotSupported(self): user = test_utils.CreateUser() host = test_utils.CreateBit9Host(users=[user.nickname]) with self.LoggedInUser(user=user): self.testapp.post(self.ROUTE % host.key.id(), status=httplib.NOT_IMPLEMENTED) self.mock_process.assert_not_called()
def testInvalidStateChangeError(self): host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.APPROVED) with self.assertRaises(api.InvalidStateChangeError): api.Escalate(exm_key) self.assertEqual(_STATE.APPROVED, exm_key.get().state)
def setUp(self): super(Bit9HostTest, self).setUp() self.user = test_utils.CreateUser() self.admin = test_utils.CreateUser(admin=True) self.bit9_policy = test_utils.CreateBit9Policy() self.bit9_host = test_utils.CreateBit9Host( policy_key=self.bit9_policy.key, users=[self.user.nickname])
def testSuccess(self): # Create a user and some Hosts, some with Exemptions, and some without. user = test_utils.CreateUser() host_key_1 = test_utils.CreateBit9Host(users=[user.nickname]).key exm_1 = test_utils.CreateExemption(host_key_1.id()).get() host_key_2 = test_utils.CreateBit9Host(users=[user.nickname]).key host_key_3 = test_utils.CreateSantaHost(primary_user=user.nickname).key exm_2 = test_utils.CreateExemption(host_key_3.id()).get() host_key_4 = test_utils.CreateSantaHost(primary_user=user.nickname).key host_keys = [host_key_1, host_key_2, host_key_3, host_key_4] results = model_utils.GetExemptionsForHosts(host_keys) self.assertLen(results, 4) self.assertEqual(exm_1, results.get(host_key_1)) self.assertIsNone(results.get(host_key_2)) self.assertEqual(exm_2, results.get(host_key_3)) self.assertIsNone(results.get(host_key_4))
def testFirstRequest(self): host_id = test_utils.CreateBit9Host().key.id() self.assertIsNone(exemption_models.Exemption.Get(host_id)) api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY) self.assertIsNotNone(exemption_models.Exemption.Get(host_id)) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION) self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS) self.mock_send.assert_called_once()
def testRenew_NoOtherText(self): host_id = test_utils.CreateBit9Host().key.id() test_utils.CreateExemption(host_id, initial_state=_STATE.CANCELLED) api.Request(host_id, _REASON.DEVELOPER_MACOS, None, _DURATION.DAY) self.assertIsNotNone(exemption_models.Exemption.Get(host_id)) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION) self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS) self.mock_send.assert_called_once()
def testSuccess(self): host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.PENDING) api.Escalate(exm_key) exm = exm_key.get() self.assertEqual(_STATE.ESCALATED, exm.state) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
def testChangePolicyKey(self): monitor_policy_key = ndb.Key( policy_models.Bit9Policy, constants.BIT9_ENFORCEMENT_LEVEL.MONITOR) lockdown_policy_key = ndb.Key( policy_models.Bit9Policy, constants.BIT9_ENFORCEMENT_LEVEL.LOCKDOWN) host_key = test_utils.CreateBit9Host(policy_key=monitor_policy_key).key self.assertEqual(monitor_policy_key, host_key.get().policy_key) host_models.Bit9Host.ChangePolicyKey(host_key.id(), lockdown_policy_key) self.assertEqual(lockdown_policy_key, host_key.get().policy_key)
def testInvalidStateChangeError(self, mock_enable): host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.DENIED) with self.assertRaises(api.InvalidStateChangeError): api.Cancel(exm_key) mock_enable.assert_not_called() self.assertEqual(_STATE.DENIED, exm_key.get().state) self.mock_send.assert_not_called()
def testWindows(self): users = ['aaaa', 'bbbb'] host = test_utils.CreateBit9Host(users=users) host_id = host.key.id() exm_key = test_utils.CreateExemption(host_id) notify.SendUpdateEmail(exm_key, _STATE.APPROVED) expected_subject = 'Lockdown exemption update: %s' % host.hostname self.mock_send.assert_called_once_with(expected_subject, mock.ANY, to=users, html=True)
def testPendingLocalRule_ForUser(self): with self.LoggedInUser() as user: bit9_host = test_utils.CreateBit9Host(users=[user.nickname]) test_utils.CreateBit9Rule(self.bit9_blockable.key, host_id=bit9_host.key.id(), user_key=user.key, is_committed=False) response = self.testapp.get('/%s' % self.bit9_blockable.key.id()) output = response.json self.assertTrue(output)
def testRenew_Success_NotYetExpired(self): host_id = test_utils.CreateBit9Host().key.id() test_utils.CreateExemption(host_id, initial_state=_STATE.APPROVED) api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY) exm = exemption_models.Exemption.Get(host_id) self.assertEqual(_STATE.REQUESTED, exm.state) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION) self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS) self.mock_send.assert_called_once()
def testGetPlatform_Success(self): host_id = test_utils.CreateSantaHost().key.id() exm_key = test_utils.CreateExemption(host_id) self.assertEqual( constants.PLATFORM.MACOS, exemption.Exemption.GetPlatform(exm_key)) host_id = test_utils.CreateBit9Host().key.id() exm_key = test_utils.CreateExemption(host_id) self.assertEqual( constants.PLATFORM.WINDOWS, exemption.Exemption.GetPlatform(exm_key))
def testInvalidStateChangeError(self, mock_enable): host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.CANCELLED) with self.assertRaises(api.InvalidStateChangeError): api.Revoke(exm_key, ['justification']) mock_enable.assert_not_called() self.assertEqual(_STATE.CANCELLED, exm_key.get().state) self.mock_send.assert_not_called()
def testGetSelf_WithoutExemption(self): user = test_utils.CreateUser() test_utils.CreateBit9Host(users=[user.nickname]).key.id() with self.LoggedInUser(user=user): response = self.testapp.get(self.SELF_ROUTE) output = response.json self.assertLen(output, 1) self.assertIn('exemption', output[0]) self.assertIsNone(output[0]['exemption'])
def testGetByUserId_WithoutExemption(self): user = test_utils.CreateUser() test_utils.CreateBit9Host(users=[user.nickname]).key.id() with self.LoggedInUser(admin=True): response = self.testapp.get(self.USER_ID_ROUTE % user.key.id()) output = response.json self.assertLen(output, 1) self.assertIn('exemption', output[0]) self.assertIsNone(output[0]['exemption'])
def testSuccess(self): user = test_utils.CreateUser() host_id_1 = test_utils.CreateBit9Host(users=[user.nickname]).key.id() host_id_2 = test_utils.CreateSantaHost(primary_user=user.nickname).key.id() host_id_3 = test_utils.CreateSantaHost(primary_user='******').key.id() exm_1 = test_utils.CreateExemption(host_id_1).get() exm_2 = test_utils.CreateExemption(host_id_2).get() test_utils.CreateExemption(host_id_3) expected_exms = sorted([exm_1, exm_2]) actual_exms = sorted(model_utils.GetExemptionsForUser(user.email)) self.assertListEqual(expected_exms, actual_exms)
def testPolicyNotDefinedForPlatform(self, mock_metric): self._PatchPolicyChecks() host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption(host_key.id()) api.Process(exm_key) exm = exm_key.get() self.assertEqual(_STATE.DENIED, exm.state) self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.EXEMPTION] * 2) mock_metric.Increment.assert_called_once()
def testSuccess(self): host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.PENDING) api.Deny(exm_key) exm = exm_key.get() self.assertEqual(_STATE.DENIED, exm.state) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION) self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS) self.mock_send.assert_called_once()
def testAdminGetListPlatform(self): """Admin gets a list of all hosts specific to a single platform.""" # Create a dummy host that shouldn't be included in the returned list. test_utils.CreateBit9Host() with self.LoggedInUser(admin=True): response = self.testapp.get(self.ROUTE + '/santa') output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict) self.assertIsInstance(output['content'], list) self.assertLen(output['content'], 3)
def testGet_PendingLocalRule_ForSomeoneElse(self): other_user = test_utils.CreateUser() with self.LoggedInUser(): bit9_host = test_utils.CreateBit9Host(users=[other_user.nickname]) test_utils.CreateBit9Rule(self.bit9_blockable.key, host_id=bit9_host.key.id(), user_key=other_user.key, is_committed=False) response = self.testapp.get(self.ROUTE % self.bit9_blockable.key.id()) output = response.json self.assertFalse(output)
def testWithStateFilter(self): user = test_utils.CreateUser() host_id_1 = test_utils.CreateBit9Host(users=[user.nickname]).key.id() host_id_2 = test_utils.CreateSantaHost(primary_user=user.nickname).key.id() host_id_3 = test_utils.CreateSantaHost(primary_user='******').key.id() exm_1 = test_utils.CreateExemption( host_id_1, initial_state=_STATE.APPROVED).get() test_utils.CreateExemption(host_id_2, initial_state=_STATE.EXPIRED) test_utils.CreateExemption(host_id_3, initial_state=_STATE.APPROVED) actual_exms = sorted( model_utils.GetExemptionsForUser(user.email, state=_STATE.APPROVED)) self.assertListEqual([exm_1], actual_exms)
def testCopyLocalRules_Success(self): old_user = test_utils.CreateUser(email=user_map.UsernameToEmail('foo')) new_user = test_utils.CreateUser(email=user_map.UsernameToEmail('bar')) policy_key = ndb.Key(bit9_db.Bit9Policy, '22222') host1 = test_utils.CreateBit9Host( id='12345', users=[old_user.nickname], policy_key=policy_key) test_utils.CreateBit9Host( id='67890', users=[new_user.nickname], policy_key=policy_key) blockable1 = test_utils.CreateBit9Binary() test_utils.CreateBit9Rule( blockable1.key, host_id=host1.key.id(), user_key=old_user.key) blockable2 = test_utils.CreateBit9Binary() test_utils.CreateBit9Rule( blockable2.key, host_id=host1.key.id(), user_key=old_user.key) host = bit9_test_utils.CreateComputer( id=67890, policy_id=22222, users='{0}\\{1},{0}\\{2}'.format( settings.AD_DOMAIN, old_user.nickname, new_user.nickname)) occurred_dt = datetime.datetime.utcnow() sync._PersistBit9Host(host, occurred_dt).wait() self.assertEntityCount(bit9_db.Bit9Rule, 4) # 2 New + 2 Old self.assertEntityCount(bit9_db.RuleChangeSet, 2) rules_for_host1 = bit9_db.Bit9Rule.query( bit9_db.Bit9Rule.host_id == host1.key.id()).fetch() self.assertEqual(2, len(rules_for_host1)) self.assertSameElements( [blockable1.key, blockable2.key], [rule.key.parent() for rule in rules_for_host1]) self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 1) self.DrainTaskQueue(constants.TASK_QUEUE.BQ_PERSISTENCE) self.assertEntityCount(bigquery_db.HostRow, 1)