def test_positive_download_tailoring_file(self): """ Download the tailoring file from satellite :id: 75d8c810-19a7-4285-bc3a-a1fb1a0e9088 :steps: 1.Create valid tailoring file with valid name 2.Execute "tailoring-file" command with "download" as sub-command :expectedresults: The tailoring file should be downloaded BZ: 1857572 :CaseImportance: Critical """ name = gen_string('alphanumeric') file_path = f'/var/{self.tailoring_file_path}' tailoring_file = make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path}) assert tailoring_file['name'] == name result = TailoringFiles.download_tailoring_file({'name': name, 'path': '/var/tmp/'}) assert file_path in result[0] result = ssh.command(f'find {file_path} 2> /dev/null') assert result.return_code == 0 assert file_path == result.stdout[0]
def test_positive_download_tailoring_file(self, tailoring_file_path, default_sat): """Download the tailoring file from satellite :id: 75d8c810-19a7-4285-bc3a-a1fb1a0e9088 :steps: 1.Create valid tailoring file with valid name 2.Execute "tailoring-file" command with "download" as sub-command :expectedresults: The tailoring file should be downloaded BZ: 1857572 :CaseImportance: Medium """ name = gen_string('alphanumeric') file_path = f'/var{tailoring_file_path["satellite"]}' tailoring_file = make_tailoringfile({ 'name': name, 'scap-file': tailoring_file_path['satellite'] }) assert tailoring_file['name'] == name result = TailoringFiles.download_tailoring_file({ 'name': name, 'path': '/var/tmp/' }) assert file_path in result result = default_sat.execute(f'find {file_path} 2> /dev/null') assert result.status == 0 assert file_path == result.stdout.strip()
def test_positive_associate_scap_policy_with_tailoringfiles_name(self): """Associate tailoring file by name to scap policy :id: d0f9b244-b92d-4889-ba6a-8973ea05bf43 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by "tailoring-file" with policy :expectedresults: The policy is created and associated successfully. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file( local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name) ) tailoring_file = make_tailoringfile({ 'scap-file': '/tmp/{0}'.format(file_name) }) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] scap_policy = make_scap_policy({ 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) self.assertEqual(scap_policy['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_policy['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_download_tailoring_file(self): """ Download the tailoring file from satellite :id: 75d8c810-19a7-4285-bc3a-a1fb1a0e9088 :steps: 1.Create valid tailoring file with valid name 2.Execute "tailoring-file" command with "download" as sub-command :expectedresults: The tailoring file should be downloaded :CaseImportance: Critical """ name = gen_string('alphanumeric') file_path = '/tmp/{0}.xml'.format(name) tailoring_file = make_tailoringfile({ 'name': name, 'scap-file': '/tmp/{0}'.format(self.file_name)}) self.assertEqual(tailoring_file['name'], name) result = TailoringFiles.download_tailoring_file({ 'name': name, 'path': '/tmp/' }) self.assertIn(file_path, result[0]) result = ssh.command('find {0}'.format(file_path)) self.assertEqual(result.return_code, 0) self.assertIn(file_path, result.stdout)
def test_negative_create_with_invalid_name(self): """Create Tailoring files with invalid name :id: 973eee82-9735-49bb-b534-0de619aa0279 :steps: 1. Attempt to create tailoring file with invalid name parameter :expectedresults: Tailoring file will not be added to satellite :CaseImportance: Critical """ for name in invalid_names_list(): with self.subTest(name): with pytest.raises(CLIFactoryError): make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path})
def test_negative_create_with_invalid_file(self): """Create Tailoring files with invalid file :id: 86f5ce13-856c-4e58-997f-fa21093edd04 :steps: 1. Attempt to create tailoring file with invalid file :expectedresults: Tailoring file will not be added to satellite :CaseImportance: Critical """ ssh.upload_file( local_file=get_data_file(SNIPPET_DATA_FILE), remote_file=f'/tmp/{SNIPPET_DATA_FILE}', ) name = gen_string('alphanumeric') with pytest.raises(CLIFactoryError): make_tailoringfile({'name': name, 'scap-file': f'/tmp/{SNIPPET_DATA_FILE}'})
def test_negative_create_with_invalid_name(self): """Create Tailoring files with invalid name :id: 973eee82-9735-49bb-b534-0de619aa0279 :steps: 1. Attempt to create tailoring file with invalid name parameter :expectedresults: Tailoring file will not be added to satellite :CaseImportance: Critical """ for name in invalid_names_list(): with self.subTest(name): with self.assertRaises(CLIFactoryError): make_tailoringfile({ 'name': name, 'scap-file': '/tmp/{0}'.format(self.file_name)})
def test_positive_list_tailoring_file(self): """List all created tailoring files :id: 2ea63c4b-eebe-468d-8153-807e86d1b6a2 :setup: tailoring file :steps: 1. Create different tailoring file with different valid name 2. Execute "tailoring-file" command with "list" as sub-command :expectedresults: Tailoring files list should be displayed :CaseImportance: Critical """ name = gen_string('alphanumeric') make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path}) result = TailoringFiles.list() assert name in [tailoringfile['name'] for tailoringfile in result]
def test_negative_create_with_invalid_name(self, tailoring_file_path, name): """Create Tailoring files with invalid name :id: 973eee82-9735-49bb-b534-0de619aa0279 :steps: 1. Attempt to create tailoring file with invalid name parameter :expectedresults: Tailoring file will not be added to satellite :parametrized: yes :CaseImportance: Medium """ with pytest.raises(CLIFactoryError): make_tailoringfile({ 'name': name, 'scap-file': tailoring_file_path['satellite'] })
def test_positive_get_info_of_tailoring_file(self): """Get information of tailoring file :id: bc201194-e8c8-4385-a577-09f3455f5a4d :setup: tailoring file :steps: 1. Create tailoring file with valid parameters 2. Execute "tailoring-file" command with "info" as sub-command with valid parameter :expectedresults: Tailoring file information should be displayed :CaseImportance: Critical """ name = gen_string('alphanumeric') make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path}) result = TailoringFiles.info({'name': name}) assert result['name'] == name
def test_negative_create_with_invalid_file(self): """Create Tailoring files with invalid file :id: 86f5ce13-856c-4e58-997f-fa21093edd04 :steps: 1. Attempt to create tailoring file with invalid file :expectedresults: Tailoring file will not be added to satellite :CaseImportance: Critical """ ssh.upload_file( local_file=get_data_file(SNIPPET_DATA_FILE), remote_file='/tmp/{0}'.format(SNIPPET_DATA_FILE) ) name = gen_string('alphanumeric') with self.assertRaises(CLIFactoryError): make_tailoringfile({ 'name': name, 'scap-file': '/tmp/{0}'.format(SNIPPET_DATA_FILE) })
def test_positive_list_tailoring_file(self): """List all created tailoring files :id: 2ea63c4b-eebe-468d-8153-807e86d1b6a2 :setup: tailoring file :steps: 1. Create different tailoring file with different valid name 2. Execute "tailoring-file" command with "list" as sub-command :expectedresults: Tailoring files list should be displayed :CaseImportance: Critical """ name = gen_string('alphanumeric') make_tailoringfile({ 'name': name, 'scap-file': '/tmp/{0}'.format(self.file_name)}) result = TailoringFiles.list() self.assertIn( name, [tailoringfile['name'] for tailoringfile in result])
def test_positive_get_info_of_tailoring_file(self): """Get information of tailoring file :id: bc201194-e8c8-4385-a577-09f3455f5a4d :setup: tailoring file :steps: 1. Create tailoring file with valid parameters 2. Execute "tailoring-file" command with "info" as sub-command with valid parameter :expectedresults: Tailoring file information should be displayed :CaseImportance: Critical """ name = gen_string('alphanumeric') make_tailoringfile({ 'name': name, 'scap-file': '/tmp/{0}'.format(self.file_name)}) result = TailoringFiles.info({'name': name}) self.assertEqual(result['name'], name)
def test_positive_create_with_space(self): """Create tailoring files with space in name :id: c98ef4e7-41c5-4a8b-8a0b-8d53100b75a8 :steps: 1. Create valid tailoring file with space in name :expectedresults: Tailoring file will be added to satellite :CaseImportance: Critical """ name = gen_string('alphanumeric') + ' ' + gen_string('alphanumeric') tailoring_file = make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path}) assert tailoring_file['name'] == name
def test_positive_update_scap_policy_with_tailoringfiles_name(self): """Update the scap policy by updating the scap tailoring file name associated with the policy :id: a2403170-51df-4561-9a58-820f77a5e048 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass tailoring-file as parameter. :expectedresults: The scap policy is updated. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file(local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name)) tailoring_file = make_tailoringfile( {'scap-file': '/tmp/{0}'.format(file_name)}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'ansible', 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6) Scappolicy.update({ 'name': name, 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_info['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_create_with_space(self): """Create tailoring files with space in name :id: c98ef4e7-41c5-4a8b-8a0b-8d53100b75a8 :steps: 1. Create valid tailoring file with space in name :expectedresults: Tailoring file will be added to satellite :CaseImportance: Critical """ name = gen_string('alphanumeric') + ' ' + gen_string('alphanumeric') tailoring_file = make_tailoringfile({ 'name': name, 'scap-file': '/tmp/{0}'.format(self.file_name)}) self.assertEqual(tailoring_file['name'], name)
def test_positive_delete_tailoring_file(self): """ Delete tailoring file :id: 8bab5478-1ef1-484f-aafd-98e5cba7b1e7 :steps: 1. Create valid tailoring file with valid parameter 2. Execute "tailoring-file" command with "delete" as sub-command :expectedresults: Tailoring file should be deleted :CaseImportance: Critical """ tailoring_file = make_tailoringfile({'scap-file': self.tailoring_file_path}) TailoringFiles.delete({'id': tailoring_file['id']}) with pytest.raises(CLIReturnCodeError): TailoringFiles.info({'id': tailoring_file['id']})
def test_positive_create(self): """Create new Tailoring Files using different values types as name :id: e1bb4de2-1b64-4904-bc7c-f0befa9dbd6f :steps: 1. Create valid tailoring file with valid parameter :expectedresults: Tailoring file will be added to satellite :CaseImportance: Critical """ for name in valid_data_list(): with self.subTest(name): tailoring_file = make_tailoringfile({ 'name': name, 'scap-file': '/tmp/{0}'.format(self.file_name)}) self.assertEqual(tailoring_file['name'], name)
def test_positive_associate_scap_policy_with_tailoringfiles_name(self): """Associate tailoring file by name to scap policy with all deployments :id: d0f9b244-b92d-4889-ba6a-8973ea05bf43 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by "tailoring-file" with policy :expectedresults: The policy is created and associated successfully. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file(local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name)) tailoring_file = make_tailoringfile( {'scap-file': '/tmp/{0}'.format(file_name)}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] for deploy in ['puppet', 'ansible', 'manual']: with self.subTest(deploy): scap_policy = make_scap_policy({ 'scap-content-id': self.scap_id_rhel6, 'deploy-by': deploy, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) self.assertEqual(scap_policy['deployment-option'], deploy) self.assertEqual(scap_policy['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_policy['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_delete_tailoring_file(self): """ Delete tailoring file :id: 8bab5478-1ef1-484f-aafd-98e5cba7b1e7 :steps: 1. Create valid tailoring file with valid parameter 2. Execute "tailoring-file" command with "delete" as sub-command :expectedresults: Tailoring file should be deleted :CaseImportance: Critical """ tailoring_file = make_tailoringfile({ 'scap-file': '/tmp/{0}'.format(self.file_name)}) TailoringFiles.delete({'id': tailoring_file['id']}) with self.assertRaises(CLIReturnCodeError): TailoringFiles.info({'id': tailoring_file['id']})
def test_positive_create(self, tailoring_file_path, name): """Create new Tailoring Files using different values types as name :id: e1bb4de2-1b64-4904-bc7c-f0befa9dbd6f :steps: 1. Create valid tailoring file with valid parameter :expectedresults: Tailoring file will be added to satellite :parametrized: yes """ tailoring_file = make_tailoringfile({ 'name': name, 'scap-file': tailoring_file_path['satellite'] }) assert tailoring_file['name'] == name
def test_positive_update_scap_policy_with_tailoringfiles_id(self): """Update the scap policy by updating the scap tailoring file id associated with the policy :id: 91a25e0b-d5d2-49d8-a3cd-1f3836ac323c :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass tailoring-file-id as parameter. :expectedresults: The scap policy is updated. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file( local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name) ) tailoring_file = make_tailoringfile({ 'scap-file': '/tmp/{0}'.format(file_name) }) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6) Scappolicy.update({ 'name': name, 'tailoring-file-id': tailoring_file['id'], 'tailoring-file-profile-id': tailor_profile_id }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_info['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_update_scap_policy_with_tailoringfiles_name(self): """Update the scap policy by updating the scap tailoring file name associated with the policy :id: a2403170-51df-4561-9a58-820f77a5e048 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass tailoring-file as parameter. :expectedresults: The scap policy is updated. """ tailoring_file = make_tailoringfile( {'scap-file': self.tailoring_file_path}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'ansible', 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) assert scap_policy['scap-content-id'] == self.scap_id_rhel7 Scappolicy.update({ 'name': name, 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) scap_info = Scappolicy.info({'name': name}) assert scap_info['tailoring-file-id'] == tailoring_file['id'] assert scap_info['tailoring-file-profile-id'] == tailor_profile_id
def test_positive_associate_scap_policy_with_tailoringfiles_name(self): """Associate tailoring file by name to scap policy with all deployments :id: d0f9b244-b92d-4889-ba6a-8973ea05bf43 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by "tailoring-file" with policy :expectedresults: The policy is created and associated successfully. """ tailoring_file = make_tailoringfile( {'scap-file': self.tailoring_file_path}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] for deploy in ['puppet', 'ansible', 'manual']: with self.subTest(deploy): scap_policy = make_scap_policy({ 'scap-content-id': self.scap_id_rhel7, 'deploy-by': deploy, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) assert scap_policy['deployment-option'] == deploy assert scap_policy['tailoring-file-id'] == tailoring_file['id'] assert scap_policy[ 'tailoring-file-profile-id'] == tailor_profile_id
def test_positive_associate_scap_policy_with_tailoringfiles_id(self): """Associate tailoring file by id to scap policy :id: 4d60333d-ffd7-4c6c-9ba5-6a311ccf2910 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by "tailoring-file-id" with policy :expectedresults: The policy is created and associated successfully. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file(local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name)) tailoring_file = make_tailoringfile( {'scap-file': '/tmp/{0}'.format(file_name)}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] scap_policy = make_scap_policy({ 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailoring_file['id'], 'tailoring-file-profile-id': tailor_profile_id }) self.assertEqual(scap_policy['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_policy['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_oscap_run_with_tailoring_file_and_capsule(self): """ End-to-End Oscap run with tailoring files and default capsule :id: 346946ad-4f62-400e-9390-81817006048c :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Create a scap policy 4. Associate scap content with it's tailoring file 5. Associate the policy with a hostgroup 6. Provision a host using the hostgroup 7. Puppet should configure and fetch the scap content and tailoring file :expectedresults: ARF report should be sent to satellite reflecting the changes done via tailoring files :CaseImportance: Critical """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'] } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo, } tailoring_file_name = gen_string('alpha') tailor_path = get_data_file(settings.oscap.tailoring_path) file_name = tailor_path.split('/')[(len(tailor_path.split('/')) - 1)] ssh.upload_file( local_file=tailor_path, remote_file="/tmp/{0}".format(file_name) ) # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': 1, 'name': hgrp7_name, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'] }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': '/tmp/{0}'.format(file_name), 'organization': self.config_env['org_name'] }) result = TailoringFiles.info({'name': tailoring_file_name}) self.assertEqual(result['name'], tailoring_file_name) # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile') ) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': policy_values.get('hgrp'), 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': self.config_env['org_name'] }) distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost( self.config_env['org_name'], self.config_env['ak_name'].get(distro_os) ) self.assertTrue(vm.subscribed) vm.configure_puppet(rhel7_repo) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': 1, 'organization': self.config_env['org_name'], 'environment': 'production' }) # Run "puppet agent -t" twice so that it detects it's, # satellite6 and fetch katello SSL certs. for _ in range(2): vm.run(u'puppet agent -t 2> /dev/null') result = vm.run( u'cat /etc/foreman_scap_client/config.yaml' '| grep profile' ) self.assertEqual(result.return_code, 0) # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. self.assertIsNotNone( Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_oscap_run_with_tailoring_file_with_ansible(self): """End-to-End Oscap run with tailoring files via ansible :id: c7ea56eb-6cf1-4e79-8d6a-fb872d1bb804 :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Import Ansible role theforeman.foreman_scap_client 4. Import Ansible Variables needed for the role 5. Create a scap policy with anisble as deploy option 6. Associate scap content with it's tailoring file 7. Associate the policy with a hostgroup 8. Provision a host using the hostgroup 9. Configure REX and associate the Ansible role to created host 10. Play roles for the host :expectedresults: REX job should be success and ARF report should be sent to satellite reflecting the changes done via tailoring files :BZ: 1716307 :CaseImportance: Critical """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'], } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo } tailoring_file_name = gen_string('alpha') tailor_path = file_downloader(file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname)[0] # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': self.proxy_id, 'name': hgrp7_name, 'organizations': self.config_env['org_name'], }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': tailor_path, 'organization': self.config_env['org_name'], }) result = TailoringFiles.info({'name': tailoring_file_name}) assert result['name'] == tailoring_file_name # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile')) Ansible.roles_import({'proxy-id': self.proxy_id}) Ansible.variables_import({'proxy-id': self.proxy_id}) role_id = Ansible.roles_list({'search': 'foreman_scap_client'})[0].get('id') make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': policy_values.get('hgrp'), 'deploy-by': 'ansible', 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': self.config_env['org_name'], }) distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(self.config_env['org_name'], self.config_env['ak_name'].get(distro_os)) assert vm.subscribed Host.set_parameter({ 'host': vm.hostname.lower(), 'name': 'remote_execution_connect_by_ip', 'value': 'True', }) vm.configure_rhel_repo(settings.rhel7_repo) add_remote_execution_ssh_key(vm.ip_addr) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': self.proxy_id, 'organization': self.config_env['org_name'], 'ansible-role-ids': role_id, }) job_id = Host.ansible_roles_play({'name': vm.hostname.lower() })[0].get('id') wait_for_tasks( f"resource_type = JobInvocation and resource_id = {job_id} and " "action ~ \"hosts job\"") try: result = JobInvocation.info({'id': job_id})['success'] assert result == '1' except AssertionError: output = ' '.join( JobInvocation.get_output({ 'id': job_id, 'host': vm.hostname })) result = f'host output: {output}' raise AssertionError(result) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. result = Arfreport.list({'search': f'host={vm.hostname.lower()}'}) assert result is not None
def test_positive_oscap_run_with_tailoring_file_and_capsule(self): """End-to-End Oscap run with tailoring files and default capsule via puppet :id: 346946ad-4f62-400e-9390-81817006048c :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Create a scap policy 4. Associate scap content with it's tailoring file 5. Associate the policy with a hostgroup 6. Provision a host using the hostgroup 7. Puppet should configure and fetch the scap content and tailoring file :expectedresults: ARF report should be sent to satellite reflecting the changes done via tailoring files :BZ: 1722475 :CaseImportance: Critical """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'], } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo } tailoring_file_name = gen_string('alpha') tailor_path = file_downloader(file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname)[0] # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': self.proxy_id, 'name': hgrp7_name, 'puppet-environment-id': self.puppet_env.id, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'], 'puppet-classes': self.puppet_classes, }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': tailor_path, 'organization': self.config_env['org_name'], }) result = TailoringFiles.info({'name': tailoring_file_name}) assert result['name'] == tailoring_file_name # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile')) make_scap_policy({ 'scap-content-id': scap_id, 'deploy-by': 'puppet', 'hostgroups': policy_values.get('hgrp'), 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': self.config_env['org_name'], }) distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(self.config_env['org_name'], self.config_env['ak_name'].get(distro_os)) assert vm.subscribed Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': self.proxy_id, 'organization': self.config_env['org_name'], 'puppet-environment-id': self.puppet_env.id, }) vm.configure_puppet(rhel7_repo) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. result = Arfreport.list({'search': f'host={vm.hostname.lower()}'}) assert result is not None
def test_positive_associate_scap_policy_with_tailoringfiles( self, deploy, scap_content, tailoring_file_path): """Associate tailoring file by name/id to scap policy with all deployments :id: d0f9b244-b92d-4889-ba6a-8973ea05bf43 :parametrized: yes :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by name/id with policy :expectedresults: The policy is created and associated successfully. """ tailoring_file_a = make_tailoringfile( {'scap-file': tailoring_file_path['satellite']}) tailoring_file_profile_a_id = tailoring_file_a[ 'tailoring-file-profiles'][0]['id'] tailoring_file_b = make_tailoringfile( {'scap-file': tailoring_file_path['satellite']}) tailoring_file_profile_b_id = tailoring_file_b[ 'tailoring-file-profiles'][0]['id'] scap_policy = make_scap_policy({ 'scap-content-id': scap_content["scap_id"], 'deploy-by': deploy, 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file': tailoring_file_a['name'], 'tailoring-file-profile-id': tailoring_file_profile_a_id, }) assert scap_policy['deployment-option'] == deploy assert scap_policy['tailoring-file-id'] == tailoring_file_a['id'] assert scap_policy[ 'tailoring-file-profile-id'] == tailoring_file_profile_a_id Scappolicy.update({ 'name': scap_policy['name'], 'tailoring-file': tailoring_file_b['name'], 'tailoring-file-profile-id': tailoring_file_profile_b_id, }) scap_info = Scappolicy.info({'name': scap_policy['name']}) assert scap_info['tailoring-file-id'] == tailoring_file_b['id'] assert scap_info[ 'tailoring-file-profile-id'] == tailoring_file_profile_b_id Scappolicy.delete({'name': scap_policy['name']}) with pytest.raises(CLIReturnCodeError): Scapcontent.info({'name': scap_policy['name']}) scap_policy = make_scap_policy({ 'scap-content-id': scap_content["scap_id"], 'deploy-by': deploy, 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailoring_file_a['id'], 'tailoring-file-profile-id': tailoring_file_profile_a_id, }) assert scap_policy['deployment-option'] == deploy assert scap_policy['tailoring-file-id'] == tailoring_file_a['id'] assert scap_policy[ 'tailoring-file-profile-id'] == tailoring_file_profile_a_id Scappolicy.update({ 'id': scap_policy['id'], 'tailoring-file-id': tailoring_file_b['id'], 'tailoring-file-profile-id': tailoring_file_profile_b_id, }) scap_info = Scappolicy.info({'id': scap_policy['id']}) assert scap_info['tailoring-file-id'] == tailoring_file_b['id'] assert scap_info[ 'tailoring-file-profile-id'] == tailoring_file_profile_b_id Scappolicy.delete({'id': scap_policy['id']}) with pytest.raises(CLIReturnCodeError): Scapcontent.info({'name': scap_policy['name']})
def test_positive_oscap_run_with_tailoring_file_and_capsule( module_org, default_proxy, content_view, lifecycle_env, puppet_env): """End-to-End Oscap run with tailoring files and default capsule via puppet :id: 346946ad-4f62-400e-9390-81817006048c :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Create a scap policy 4. Associate scap content with it's tailoring file 5. Associate the policy with a hostgroup 6. Provision a host using the hostgroup 7. Puppet should configure and fetch the scap content and tailoring file :expectedresults: ARF report should be sent to satellite reflecting the changes done via tailoring files :BZ: 1722475 :CaseImportance: Critical """ hgrp_name = gen_string('alpha') policy_name = gen_string('alpha') tailoring_file_name = gen_string('alpha') tailor_path = file_downloader(file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname)[0] # Creates host_group. make_hostgroup({ 'content-source': settings.server.hostname, 'name': hgrp_name, 'puppet-environment-id': puppet_env.id, 'puppet-ca-proxy': settings.server.hostname, 'puppet-proxy': settings.server.hostname, 'organizations': module_org.name, 'puppet-classes': puppet_classes, }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': tailor_path, 'organization': module_org.name, }) result = TailoringFiles.info({'name': tailoring_file_name}) assert result['name'] == tailoring_file_name # Creates oscap_policy. scap_id, scap_profile_id = fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel7_content'], OSCAP_PROFILE['security7']) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': hgrp_name, 'deploy-by': 'puppet', 'name': policy_name, 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': module_org.name, }) # Creates vm's and runs openscap scan and uploads report to satellite6. with VMBroker(nick=DISTRO_RHEL7, host_classes={'host': ContentHost}) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(module_org.name, ak_name[DISTRO_RHEL7]) assert vm.subscribed Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': lifecycle_env.name, 'content-view': content_view.name, 'hostgroup': hgrp_name, 'openscap-proxy-id': default_proxy, 'organization': module_org.name, 'puppet-environment-id': puppet_env.id, }) vm.configure_puppet(settings.repos.rhel7_repo) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.status == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. arf_report = Arfreport.list({ 'search': f'host={vm.hostname.lower()}', 'per-page': 1 }) assert arf_report is not None Arfreport.delete({'id': arf_report[0].get('id')})
def test_positive_oscap_run_with_tailoring_file_and_capsule(self): """ End-to-End Oscap run with tailoring files and default capsule :id: 346946ad-4f62-400e-9390-81817006048c :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Create a scap policy 4. Associate scap content with it's tailoring file 5. Associate the policy with a hostgroup 6. Provision a host using the hostgroup 7. Puppet should configure and fetch the scap content and tailoring file :expectedresults: ARF report should be sent to satellite reflecting the changes done via tailoring files :CaseImportance: Critical """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'] } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo, } tailoring_file_name = gen_string('alpha') tailor_path = get_data_file(settings.oscap.tailoring_path) file_name = tailor_path.split('/')[(len(tailor_path.split('/')) - 1)] ssh.upload_file(local_file=tailor_path, remote_file="/tmp/{0}".format(file_name)) # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': 1, 'name': hgrp7_name, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'] }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': '/tmp/{0}'.format(file_name), 'organization': self.config_env['org_name'] }) result = TailoringFiles.info({'name': tailoring_file_name}) self.assertEqual(result['name'], tailoring_file_name) # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile')) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': policy_values.get('hgrp'), 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': self.config_env['org_name'] }) distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(self.config_env['org_name'], self.config_env['ak_name'].get(distro_os)) self.assertTrue(vm.subscribed) vm.configure_puppet(rhel7_repo) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': 1, 'organization': self.config_env['org_name'], 'environment': 'production' }) # Run "puppet agent -t" twice so that it detects it's, # satellite6 and fetch katello SSL certs. for _ in range(2): vm.run(u'puppet agent -t 2> /dev/null') result = vm.run(u'cat /etc/foreman_scap_client/config.yaml' '| grep profile') self.assertEqual(result.return_code, 0) # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. self.assertIsNotNone( Arfreport.list( {'search': 'host={0}'.format(vm.hostname.lower())}))