def testTailDefer(self): test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.local_rule.key], change_type=constants.RULE_POLICY.WHITELIST) test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.global_rule.key], change_type=constants.RULE_POLICY.WHITELIST) with mock.patch.object(change_set, '_Whitelist'): change_set._CommitBlockableChangeSet(self.binary.key) # Tail defer should have been added. self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 1) # Only the local rule should have been committed first. self.assertTrue(self.local_rule.key.get().is_committed) self.assertFalse(self.global_rule.key.get().is_committed) self.assertEntityCount(rule_models.RuleChangeSet, 1) # Run the deferred commit attempt. self.RunDeferredTasks(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE) # Tail defer should not have been added as there are no more changes. self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 0) # Both rules should now have been committed. self.assertTrue(self.local_rule.key.get().is_committed) self.assertTrue(self.global_rule.key.get().is_committed) self.assertEntityCount(rule_models.RuleChangeSet, 0)
def testWhitelist_LocalRule_Fulfilled(self): change = test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.local_rule.key], change_type=constants.RULE_POLICY.WHITELIST) fi = api.FileInstance( id=9012, file_catalog_id=int(self.binary.file_catalog_id), computer_id=int(self.local_rule.host_id), local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED) self._PatchApiRequests([fi], fi) change_set.CommitBlockableChangeSet(self.binary.key) utils.CONTEXT.ExecuteRequest.assert_has_calls([ mock.call( 'GET', api_route='fileInstance', query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234']), mock.call('POST', api_route='fileInstance', data={ 'id': 9012, 'localState': 2, 'fileCatalogId': 1234, 'computerId': 5678 }, query_args=None) ]) self.assertTrue(self.local_rule.key.get().is_fulfilled) self.assertTrue(self.local_rule.key.get().is_committed) self.assertIsNone(change.key.get())
def testFailure_RetryAndSucceed(self): test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.local_rule.key], change_type=constants.RULE_POLICY.WHITELIST) fi = api.FileInstance( id=9012, file_catalog_id=int(self.binary.file_catalog_id), computer_id=int(self.local_rule.host_id), local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED) computer = api.Computer(id=5678, sync_percent=90) computer.last_poll_date = datetime.datetime.utcnow() self._PatchApiRequests([], computer, [], computer, [], computer, [fi], fi) change_set.CommitBlockableChangeSet(self.binary.key) expected_call = mock.call('POST', api_route='fileInstance', data={ 'id': 9012, 'localState': 2, 'fileCatalogId': 1234, 'computerId': 5678 }, query_args=None) self.assertTrue( expected_call in utils.CONTEXT.ExecuteRequest.mock_calls)
def setUp(self): app = webapp2.WSGIApplication( [webapp2.Route('/', handler=cron.CommitAllChangeSets)]) super(CommitAllChangeSetsTest, self).setUp(wsgi_app=app) self.binary = test_utils.CreateBit9Binary() self.change = test_utils.CreateRuleChangeSet(self.binary.key)
def testWhitelist_GlobalRule_Certificate(self): cert = test_utils.CreateBit9Certificate(id='1a2b') global_rule = test_utils.CreateBit9Rule(cert.key, host_id='') change = test_utils.CreateRuleChangeSet( cert.key, rule_keys=[global_rule.key], change_type=constants.RULE_POLICY.WHITELIST) api_cert = api.Certificate(id=9012, thumbprint='1a2b', certificate_state=1) self.PatchApiRequests([api_cert], api_cert) change_set._CommitBlockableChangeSet(cert.key) self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call('GET', api_route='certificate', query_args=['q=thumbprint:1a2b']), mock.call('POST', api_route='certificate', data={ 'id': 9012, 'thumbprint': '1a2b', 'certificateState': 2 }, query_args=None) ]) self.assertTrue(global_rule.key.get().is_committed) self.assertIsNone(change.key.get())
def testBlacklist_MixedRules(self): test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.local_rule.key, self.global_rule.key], change_type=constants.RULE_POLICY.BLACKLIST) with self.assertRaises(deferred.PermanentTaskFailure): change_set._CommitBlockableChangeSet(self.binary.key)
def testRemove_MixedRules(self): other_local_rule = test_utils.CreateBit9Rule( self.binary.key, host_id='9012') change = test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[ self.local_rule.key, other_local_rule.key, self.global_rule.key], change_type=constants.RULE_POLICY.REMOVE) fi1 = api.FileInstance( id=9012, file_catalog_id=int(self.binary.file_catalog_id), computer_id=int(self.local_rule.host_id), local_state=bit9_constants.APPROVAL_STATE.APPROVED) fi2 = api.FileInstance( id=9012, file_catalog_id=int(self.binary.file_catalog_id), computer_id=int(other_local_rule.host_id), local_state=bit9_constants.APPROVAL_STATE.APPROVED) rule = api.FileRule( file_catalog_id=1234, file_state=bit9_constants.APPROVAL_STATE.APPROVED) self.PatchApiRequests([fi1], fi1, [fi2], fi2, rule) change_set._CommitBlockableChangeSet(self.binary.key) self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call( 'GET', api_route='fileInstance', query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234']), mock.call( 'POST', api_route='fileInstance', data={'id': 9012, 'localState': 1, 'fileCatalogId': 1234, 'computerId': 5678}, query_args=None), mock.call( 'GET', api_route='fileInstance', query_args=[r'q=computerId:9012', 'q=fileCatalogId:1234']), mock.call( 'POST', api_route='fileInstance', data={'id': 9012, 'localState': 1, 'fileCatalogId': 1234, 'computerId': 9012}, query_args=None), mock.call( 'POST', api_route='fileRule', data={'fileCatalogId': 1234, 'fileState': 1}, query_args=None), ]) self.assertTrue(self.local_rule.key.get().is_fulfilled) self.assertTrue(self.local_rule.key.get().is_committed) self.assertTrue(other_local_rule.key.get().is_fulfilled) self.assertTrue(other_local_rule.key.get().is_committed) self.assertTrue(self.global_rule.key.get().is_committed) self.assertIsNone(change.key.get()) self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.RULE] * 2)
def testBlacklist_GlobalRule_Multiple(self): other_global_rule = test_utils.CreateBit9Rule(self.binary.key) test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.global_rule.key, other_global_rule.key], change_type=constants.RULE_POLICY.BLACKLIST) with self.assertRaises(deferred.PermanentTaskFailure): change_set._CommitBlockableChangeSet(self.binary.key)
def setUp(self): app = webapp2.WSGIApplication([ webapp2.Route( '/<blockable_id>', handler=handlers.CommitBlockableChangeSet)]) super(CommitBlockableChangeSetTest, self).setUp(wsgi_app=app) self.binary = test_utils.CreateBit9Binary() self.change = test_utils.CreateRuleChangeSet(self.binary.key)
def setUp(self): super(DeferCommitBlockableChangeSetTest, self).setUp() self.binary = test_utils.CreateBit9Binary(file_catalog_id='1234') self.local_rule = test_utils.CreateBit9Rule(self.binary.key, host_id='5678') self.change = test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.local_rule.key], change_type=constants.RULE_POLICY.WHITELIST)
def testAll(self, mock_metric): binary = test_utils.CreateBit9Binary() change = test_utils.CreateRuleChangeSet(binary.key) other_binary = test_utils.CreateBit9Binary() # Create two changesets so we're sure we're doing only 1 task per blockable. real_change = test_utils.CreateRuleChangeSet(other_binary.key) unused_change = test_utils.CreateRuleChangeSet(other_binary.key) self.assertTrue(real_change.recorded_dt < unused_change.recorded_dt) self.testapp.get('/') self.assertEqual(2, mock_metric.Set.call_args_list[0][0][0]) self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 2) with mock.patch.object(change_set, '_CommitChangeSet') as mock_commit: self.RunDeferredTasks(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE) expected_calls = [mock.call(change.key), mock.call(real_change.key)] self.assertSameElements(expected_calls, mock_commit.mock_calls)
def testFailure_ExceedRetryLimit(self): test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.local_rule.key], change_type=constants.RULE_POLICY.WHITELIST) computer = api.Computer(id=5678, sync_percent=90) computer.last_poll_date = datetime.datetime.utcnow() self._PatchApiRequests([], computer, [], computer, [], computer, [], computer) with self.assertRaises(deferred.PermanentTaskFailure): change_set.CommitBlockableChangeSet(self.binary.key)
def testTailDefer_MoreChanges(self): test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.local_rule.key], change_type=constants.RULE_POLICY.BLACKLIST) with mock.patch.object(change_set, '_CommitChangeSet') as mock_commit: change_set.DeferCommitBlockableChangeSet(self.binary.key) self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 1) self.RunDeferredTasks(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE) # Tail defer task for remaining change. self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 1) mock_commit.assert_called_once_with(self.change.key)
def testWhitelist_LocalRule_Certificate(self): cert = test_utils.CreateBit9Certificate() local_rule = test_utils.CreateBit9Rule(cert.key, host_id='5678') change = test_utils.CreateRuleChangeSet( cert.key, rule_keys=[local_rule.key], change_type=constants.RULE_POLICY.WHITELIST) change_set._CommitBlockableChangeSet(cert.key) self.assertIsNotNone(self.local_rule.key.get().is_fulfilled) self.assertFalse(local_rule.key.get().is_fulfilled) self.assertTrue(local_rule.key.get().is_committed) self.assertIsNone(change.key.get())
def testWhitelist_GlobalRule(self): change = test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.global_rule.key], change_type=constants.RULE_POLICY.WHITELIST) self.PatchApiRequests(api.Computer(id=5678)) change_set._CommitBlockableChangeSet(self.binary.key) self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call( 'POST', api_route='fileRule', data={'fileCatalogId': 1234, 'fileState': 2}, query_args=None)]) self.assertTrue(self.global_rule.key.get().is_committed) self.assertIsNone(change.key.get())
def testBlacklist_GlobalRule(self): change = test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.global_rule.key], change_type=constants.RULE_POLICY.BLACKLIST) rule = api.FileRule( file_catalog_id=1234, file_state=bit9_constants.APPROVAL_STATE.UNAPPROVED) self.PatchApiRequests(rule) change_set._CommitBlockableChangeSet(self.binary.key) self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call( 'POST', api_route='fileRule', data={'fileCatalogId': 1234, 'fileState': 3}, query_args=None)]) self.assertTrue(self.global_rule.key.get().is_committed) self.assertIsNone(change.key.get())
def testWhitelist_LocalRule_NotFulfilled(self): change = test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.local_rule.key], change_type=constants.RULE_POLICY.WHITELIST) computer = api.Computer(id=5678, sync_percent=100) computer.last_poll_date = datetime.datetime.utcnow() self.PatchApiRequests([], computer) change_set._CommitBlockableChangeSet(self.binary.key) self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call( 'GET', api_route='fileInstance', query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234'])]) self.assertIsNotNone(self.local_rule.key.get().is_fulfilled) self.assertFalse(self.local_rule.key.get().is_fulfilled) self.assertTrue(self.local_rule.key.get().is_committed) self.assertIsNone(change.key.get())