def test_check_files(request, fleecing_vm, ssh_client, analysis_profile): """This test checks presence and contents of a certain file. Due to caching, an existing file is checked. """ check_file_name = "/etc/sudo.conf" check_file_contents = "sudoers_policy" # The file contains: `Plugin sudoers_policy sudoers.so` condition = VMCondition( "Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)), expression=("fill_find(VM and Instance.Files : Name, " "=, {}, Check Any, Contents, INCLUDES, {})".format( check_file_name, check_file_contents)) ) request.addfinalizer(lambda: diaper(condition.delete)) policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile( "Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)), policies=[policy] ) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() fleecing_vm.assign_policy_profiles(profile.description) request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description)) with update(analysis_profile): analysis_profile.files = [(check_file_name, True)] analysis_profile.categories = [ "check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"] do_scan(fleecing_vm, ("Configuration", "Files")) assert fleecing_vm.check_compliance_and_wait()
def test_check_files(request, compliance_vm, analysis_profile): """This test checks presence and contents of a certain file. Due to caching, an existing file is checked. """ check_file_name = "/etc/hosts" check_file_contents = "127.0.0.1" condition = VMCondition( "Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)), expression=("fill_find(VM and Instance.Files : Name, " "=, {}, Check Any, Contents, INCLUDES, {})".format( check_file_name, check_file_contents)) ) request.addfinalizer(lambda: diaper(condition.delete)) condition.create() policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile( "Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)), policies=[policy] ) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() compliance_vm.assign_policy_profiles(profile.description) request.addfinalizer(lambda: compliance_vm.unassign_policy_profiles(profile.description)) with update(analysis_profile): analysis_profile.files = [(check_file_name, True)] do_scan(compliance_vm, ("Configuration", "Files")) assert compliance_vm.check_compliance()
def test_check_package_presence(request, fleecing_vm, ssh_client, analysis_profile): """This test checks compliance by presence of a certain cfme-appliance package which is expected to be present on an appliance.""" # TODO: If we step out from provisioning a full appliance for fleecing, this might need revisit condition = VMCondition( "Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)), expression=("fill_find(field=VM and Instance.Guest Applications : Name, " "skey=STARTS WITH, value=cfme-appliance, check=Check Count, ckey= = , cvalue=1)") ) request.addfinalizer(lambda: diaper(condition.delete)) policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile( "Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)), policies=[policy] ) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() fleecing_vm.assign_policy_profiles(profile.description) request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description)) with update(analysis_profile): analysis_profile.categories = [ "check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"] do_scan(fleecing_vm) assert fleecing_vm.check_compliance_and_wait()
def test_check_compliance_history(request, virtualcenter_provider, vmware_vm): """This test checks if compliance history link in a VM details screen work. Steps: * Create any VM compliance policy * Assign it to a policy profile * Assign the policy profile to any VM * Perform the compliance check for the VM * Go to the VM details screen * Click on "History" row in Compliance InfoBox Result: Compliance history screen with last 10 checks should be opened """ policy = VMCompliancePolicy( "Check compliance history policy {}".format(fauxfactory.gen_alpha()), active=True, scope="fill_field(VM and Instance : Name, INCLUDES, {})".format( vmware_vm.name)) request.addfinalizer(lambda: policy.delete() if policy.exists else None) policy.create() policy_profile = PolicyProfile(policy.description, policies=[policy]) request.addfinalizer(lambda: policy_profile.delete() if policy_profile.exists else None) policy_profile.create() virtualcenter_provider.assign_policy_profiles(policy_profile.description) request.addfinalizer(lambda: virtualcenter_provider. unassign_policy_profiles(policy_profile.description)) vmware_vm.check_compliance() vmware_vm.open_details(["Compliance", "History"]) appliance = get_or_create_current_appliance() history_screen_title = Text(appliance.browser.widgetastic, "//span[@id='explorer_title_text']").text assert history_screen_title == '"Compliance History" for Virtual Machine "{}"'.format( vmware_vm.name)
def test_delete_all_actions_from_compliance_policy(request): """We should not allow a compliance policy to be saved if there are no actions on the compliance event. Steps: * Create a compliance policy * Remove all actions Result: The policy shouldn't be saved. """ policy = VMCompliancePolicy(fauxfactory.gen_alphanumeric()) @request.addfinalizer def _delete_policy(): if policy.exists: policy.delete() policy.create() with pytest.raises(AssertionError): policy.assign_actions_to_event("VM Compliance Check", [])
def test_check_files(request, compliance_vm, analysis_profile): """This test checks presence and contents of a certain file. Due to caching, an existing file is checked. """ check_file_name = "/etc/hosts" check_file_contents = "127.0.0.1" condition = VMCondition( "Compliance testing condition {}".format( fauxfactory.gen_alphanumeric(8)), expression=("fill_find(VM and Instance.Files : Name, " "=, {}, Check Any, Contents, INCLUDES, {})".format( check_file_name, check_file_contents))) request.addfinalizer(lambda: diaper(condition.delete)) condition.create() policy = VMCompliancePolicy("Compliance {}".format( fauxfactory.gen_alphanumeric(8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile("Compliance PP {}".format( fauxfactory.gen_alphanumeric(8)), policies=[policy]) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() compliance_vm.assign_policy_profiles(profile.description) request.addfinalizer( lambda: compliance_vm.unassign_policy_profiles(profile.description)) with update(analysis_profile): analysis_profile.files = [(check_file_name, True)] do_scan(compliance_vm, ("Configuration", "Files")) assert compliance_vm.check_compliance()
def test_check_package_presence(request, compliance_vm, analysis_profile): """This test checks compliance by presence of a certain "kernel" package which is expected to be present on the full_template.""" condition = VMCondition( "Compliance testing condition {}".format( fauxfactory.gen_alphanumeric(8)), expression= ("fill_find(field=VM and Instance.Guest Applications : Name, " "skey=STARTS WITH, value=kernel, check=Check Count, ckey= = , cvalue=1)" )) request.addfinalizer(lambda: diaper(condition.delete)) condition.create() policy = VMCompliancePolicy("Compliance {}".format( fauxfactory.gen_alphanumeric(8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile("Compliance PP {}".format( fauxfactory.gen_alphanumeric(8)), policies=[policy]) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() compliance_vm.assign_policy_profiles(profile.description) request.addfinalizer( lambda: compliance_vm.unassign_policy_profiles(profile.description)) do_scan(compliance_vm) assert compliance_vm.check_compliance()
def test_check_compliance_history(request, virtualcenter_provider, vmware_vm): """This test checks if compliance history link in a VM details screen work. Steps: * Create any VM compliance policy * Assign it to a policy profile * Assign the policy profile to any VM * Perform the compliance check for the VM * Go to the VM details screen * Click on "History" row in Compliance InfoBox Result: Compliance history screen with last 10 checks should be opened """ policy = VMCompliancePolicy( "Check compliance history policy {}".format(fauxfactory.gen_alpha()), active=True, scope="fill_field(VM and Instance : Name, INCLUDES, {})".format(vmware_vm.name) ) request.addfinalizer(lambda: policy.delete() if policy.exists else None) policy.create() policy_profile = PolicyProfile( policy.description, policies=[policy] ) request.addfinalizer(lambda: policy_profile.delete() if policy_profile.exists else None) policy_profile.create() virtualcenter_provider.assign_policy_profiles(policy_profile.description) request.addfinalizer(lambda: virtualcenter_provider.unassign_policy_profiles( policy_profile.description)) vmware_vm.check_compliance() vmware_vm.open_details(["Compliance", "History"]) appliance = get_or_create_current_appliance() history_screen_title = Text(appliance.browser.widgetastic, "//span[@id='explorer_title_text']").text assert history_screen_title == '"Compliance History" for Virtual Machine "{}"'.format( vmware_vm.name)
def test_scope_windows_registry_stuck(request, setup_a_provider): """If you provide Scope checking windows registry, it messes CFME up. Recoverable.""" policy = VMCompliancePolicy( "Windows registry scope glitch testing Compliance Policy", active=True, scope=r"fill_registry(HKLM\SOFTWARE\Microsoft\CurrentVersion\Uninstall\test, " r"some value, INCLUDES, some content)" ) request.addfinalizer(lambda: policy.delete() if policy.exists else None) policy.create() profile = PolicyProfile( "Windows registry scope glitch testing Compliance Policy", policies=[policy] ) request.addfinalizer(lambda: profile.delete() if profile.exists else None) profile.create() # Now assign this malformed profile to a VM vm = VM.factory(Vm.get_first_vm_title(provider=setup_a_provider), setup_a_provider) vm.assign_policy_profiles(profile.description) # It should be screwed here, but do additional check navigate_to(Server, 'Dashboard') navigate_to(Vm, 'All') assert "except" not in pytest.sel.title().lower() vm.unassign_policy_profiles(profile.description)
def test_scope_windows_registry_stuck(request, infra_provider): """If you provide Scope checking windows registry, it messes CFME up. Recoverable.""" policy = VMCompliancePolicy( "Windows registry scope glitch testing Compliance Policy", active=True, scope=r"fill_registry(HKLM\SOFTWARE\Microsoft\CurrentVersion\Uninstall\test, " r"some value, INCLUDES, some content)" ) request.addfinalizer(lambda: policy.delete() if policy.exists else None) policy.create() profile = PolicyProfile( "Windows registry scope glitch testing Compliance Policy", policies=[policy] ) request.addfinalizer(lambda: profile.delete() if profile.exists else None) profile.create() # Now assign this malformed profile to a VM vm = VM.factory(Vm.get_first_vm(provider=infra_provider).name, infra_provider) vm.assign_policy_profiles(profile.description) # It should be screwed here, but do additional check navigate_to(Server, 'Dashboard') navigate_to(Vm, 'All') assert "except" not in pytest.sel.title().lower() vm.unassign_policy_profiles(profile.description)
def test_check_package_presence(request, compliance_vm, analysis_profile): """This test checks compliance by presence of a certain "kernel" package which is expected to be present on the full_template.""" condition = VMCondition( "Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)), expression=("fill_find(field=VM and Instance.Guest Applications : Name, " "skey=STARTS WITH, value=kernel, check=Check Count, ckey= = , cvalue=1)") ) request.addfinalizer(lambda: diaper(condition.delete)) condition.create() policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8))) request.addfinalizer(lambda: diaper(policy.delete)) policy.create() policy.assign_conditions(condition) profile = PolicyProfile( "Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)), policies=[policy] ) request.addfinalizer(lambda: diaper(profile.delete)) profile.create() compliance_vm.assign_policy_profiles(profile.description) request.addfinalizer(lambda: compliance_vm.unassign_policy_profiles(profile.description)) do_scan(compliance_vm) assert compliance_vm.check_compliance()
def test_delete_all_actions_from_compliance_policy(request): """We should not allow a compliance policy to be saved if there are no actions on the compliance event. Steps: * Create a compliance policy * Remove all actions Result: The policy shouldn't be saved. """ policy = VMCompliancePolicy(fauxfactory.gen_alphanumeric()) @request.addfinalizer def _delete_policy(): if policy.exists: policy.delete() policy.create() with pytest.raises(AssertionError): policy.assign_actions_to_event("VM Compliance Check", [])