def test_positive_create_matcher_puppet_default_value(self, module_puppet, module_sc_params):
"""Create matcher for attribute in parameter,
Where Value is puppet default value.
:id: c08fcf25-e5c7-411e-beed-3741a24496fd
:steps:
1. Override the parameter.
2. Set some default Value.
3. Create matcher with valid attribute type, name and puppet
default value.
4. Submit the change.
:expectedresults: The matcher has been created successfully.
:CaseImportance: Medium
"""
sc_param_id = module_sc_params['ids'].pop()
SmartClassParameter.update(
{'id': sc_param_id, 'override': 1, 'default-value': gen_string('alpha')}
)
SmartClassParameter.add_matcher(
{'smart-class-parameter-id': sc_param_id, 'match': 'domain=test.com', 'omit': 1}
)
sc_param = SmartClassParameter.info(
{'puppet-class': module_puppet['class']['name'], 'id': sc_param_id}
)
assert sc_param['override-values']['values']['1']['match'] == 'domain=test.com'
def test_positive_create_and_remove_matcher(self, module_puppet,
module_sc_params):
"""Create and remove matcher for attribute in parameter.
:id: 37fe299b-1e81-4faf-b1c3-2edfc3d53dc1
:steps:
1. Override the parameter.
2. Set some default Value.
3. Create a matcher with all valid values.
4. Create matcher with valid attribute type, name and puppet
default value.
5. Submit the change.
6. Remove the matcher created in step 1
:expectedresults: The matcher has been created successfully.
:CaseImportance: Medium
"""
sc_param_id = module_sc_params['ids'].pop()
value = gen_string('alpha')
SmartClassParameter.update({
'id': sc_param_id,
'override': 1,
'override-value-order': 'is_virtual'
})
SmartClassParameter.add_matcher({
'smart-class-parameter-id': sc_param_id,
'match': 'is_virtual=true',
'value': value
})
sc_param = SmartClassParameter.info({
'puppet-class':
module_puppet['class']['name'],
'id':
sc_param_id
})
assert sc_param['override-values']['values']['1'][
'match'] == 'is_virtual=true'
assert sc_param['override-values']['values']['1']['value'] == value
SmartClassParameter.remove_matcher({
'smart-class-parameter-id':
sc_param_id,
'id':
sc_param['override-values']['values']['1']['id'],
})
sc_param = SmartClassParameter.info({
'puppet-class':
module_puppet['class']['name'],
'id':
sc_param_id
})
assert len(sc_param['override-values']['values']) == 0
def test_negative_validate_matcher_non_existing_attribute(self):
"""Error while creating matcher for Non Existing Attribute.
:id: 5223e582-81b4-442d-b4ba-b16ede460ef6
:steps:
1. Override the parameter.
2. Create a matcher with non existing attribute in org.
3. Attempt to submit the change.
:expectedresults: Error raised for non existing attribute.
:CaseImportance: Medium
"""
sc_param_id = self.sc_params_ids_list.pop()
with self.assertRaises(CLIReturnCodeError):
SmartClassParameter.add_matcher({
'smart-class-parameter-id': sc_param_id,
'match': 'hostgroup=nonexistingHG',
'value': gen_string('alpha'),
})
def test_positive_upload_to_satellite(self):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 17a0978d-64f9-44ad-8303-1f54ada08602
:expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be
uploaded to Satellite and be searchable. Satellite should push updated
content to Clients and satellite should get updated reports.
:CaseLevel: System
:BZ: 1479413, 1722475, 1420439, 1722475
"""
if settings.rhel6_repo is None:
self.skipTest('Missing configuration for rhel6_repo')
rhel6_repo = settings.rhel6_repo
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
if settings.rhel8_repo is None:
self.skipTest('Missing configuration for rhel8_repo')
rhel8_repo = settings.rhel8_repo
hgrp8_name = gen_string('alpha')
rhel7_repo = settings.rhel7_repo
hgrp6_name = gen_string('alpha')
hgrp7_name = gen_string('alpha')
policy6_name = gen_string('alpha')
policy7_name = gen_string('alpha')
policy8_name = gen_string('alpha')
policy_values = [
{
'content': self.rhel6_content,
'hgrp': hgrp6_name,
'policy': policy6_name,
'profile': OSCAP_PROFILE['security6'],
},
{
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': policy7_name,
'profile': OSCAP_PROFILE['security7'],
},
{
'content': self.rhel8_content,
'hgrp': hgrp8_name,
'policy': policy8_name,
'profile': OSCAP_PROFILE['cbrhel8'],
},
]
vm_values = [
{
'distro': DISTRO_RHEL6,
'hgrp': hgrp6_name,
'rhel_repo': rhel6_repo,
'policy': policy6_name,
},
{
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
'policy': policy7_name,
},
{
'distro': DISTRO_RHEL8,
'hgrp': hgrp8_name,
'rhel_repo': rhel8_repo,
'policy': policy8_name,
},
]
# Creates host_group for both rhel6, rhel7 and rhel8.
for host_group in [hgrp6_name, hgrp7_name, hgrp8_name]:
make_hostgroup({
'content-source': self.config_env['sat6_hostname'],
'name': host_group,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
'puppet-classes': self.puppet_classes,
})
# Creates oscap_policy for both rhel6, rhel7 and rhel8.
for value in policy_values:
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
value['content'], value['profile'])
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': value['hgrp'],
'deploy-by': 'puppet',
'name': value['policy'],
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
# Creates two vm's each for rhel6, rhel7 and rhel8, runs
# openscap scan and uploads report to satellite6.
for value in vm_values:
with VirtualMachine(distro=value['distro']) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(value['distro']))
assert vm.subscribed
Host.update({
'name':
vm.hostname.lower(),
'lifecycle-environment':
self.config_env['env_name'],
'content-view':
self.config_env['cv_name'],
'hostgroup':
value['hgrp'],
'openscap-proxy-id':
self.proxy_id,
'organization':
self.config_env['org_name'],
'puppet-environment-id':
self.puppet_env.id,
})
SmartClassParameter.update({
'name':
'fetch_remote_resources',
'override':
1,
'parameter-type':
'boolean',
'default-value':
'true',
'puppet-class':
'foreman_scap_client',
})
SmartClassParameter.add_matcher({
'smart-class-parameter':
'fetch_remote_resources',
'match':
f'fqdn={vm.hostname}',
'value':
'true',
'puppet-class':
'foreman_scap_client',
})
vm.configure_puppet(value['rhel_repo'])
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox'])
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': value['policy'],
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path'
)
assert result != updated_result
assert updated_result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
result = Arfreport.list(
{'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_upload_to_satellite(
module_org,
default_proxy,
content_view,
lifecycle_env,
puppet_env,
distro,
):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 11fef620-6ee8-4768-a398-db8cede1fc14
:parametrized: yes
:customerscenario: true
:expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be
uploaded to Satellite and be searchable. Satellite should push updated
content to Clients and satellite should get updated reports.
:CaseLevel: System
:BZ: 1479413, 1722475, 1420439, 1722475
"""
hgrp_name = gen_string('alpha')
policy_name = gen_string('alpha')
if distro == 'rhel6':
rhel_repo = settings.repos.rhel6_repo
profile1 = OSCAP_PROFILE['dsrhel6']
profile2 = OSCAP_PROFILE['pcidss6']
profile3 = OSCAP_PROFILE['usgcb']
elif distro == 'rhel7':
rhel_repo = settings.repos.rhel7_repo
profile1 = OSCAP_PROFILE['dsrhel7']
profile2 = OSCAP_PROFILE['pcidss7']
profile3 = OSCAP_PROFILE['ospp7']
else:
rhel_repo = settings.repos.rhel8_repo
profile1 = OSCAP_PROFILE['dsrhel8']
profile2 = OSCAP_PROFILE['pcidss8']
profile3 = OSCAP_PROFILE['ospp8']
content = OSCAP_DEFAULT_CONTENT[f'{distro}_content']
# Creates host_group.
make_hostgroup({
'content-source': settings.server.hostname,
'name': hgrp_name,
'puppet-environment-id': puppet_env.id,
'puppet-ca-proxy': settings.server.hostname,
'puppet-proxy': settings.server.hostname,
'organizations': module_org.name,
'puppet-classes': puppet_classes,
})
# Creates oscap_policy.
scap_id, scap_profile_id = fetch_scap_and_profile_id(content, profile1)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': hgrp_name,
'deploy-by': 'puppet',
'name': policy_name,
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': module_org.name,
})
# Creates vm's and runs openscap scan and uploads report to satellite6.
with VMBroker(nick=distro, host_classes={'host': ContentHost}) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(module_org.name, ak_name[distro])
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': lifecycle_env.name,
'content-view': content_view.name,
'hostgroup': hgrp_name,
'openscap-proxy-id': default_proxy,
'organization': module_org.name,
'puppet-environment-id': puppet_env.id,
})
SmartClassParameter.update({
'name': 'fetch_remote_resources',
'override': 1,
'parameter-type': 'boolean',
'default-value': 'true',
'puppet-class': 'foreman_scap_client',
})
SmartClassParameter.add_matcher({
'smart-class-parameter': 'fetch_remote_resources',
'match': f'fqdn={vm.hostname}',
'value': 'true',
'puppet-class': 'foreman_scap_client',
})
vm.configure_puppet(rhel_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
for profile in [profile2, profile3]:
scap_id, scap_profile_id = fetch_scap_and_profile_id(
content, profile)
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': policy_name,
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organization': module_org.name,
})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
assert result != updated_result
assert updated_result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
