def test_one_time_compliance_check_one_ok_tuple(self): query, _, distributed_query = self._force_query( force_pack=True, force_compliance_check=True, force_distributed_query=True ) compliance_check = query.compliance_check serial_number = get_random_string() cc_status_agg = ComplianceCheckStatusAggregator(serial_number) status_time = datetime.utcnow() cc_status_agg.add_result( query.pk, query.version, status_time, [{"ztl_status": Status.OK.name}], distributed_query.pk ) events = list(cc_status_agg.commit()) self.assertEqual(len(events), 1) event = events[0] self.assertIsInstance(event, OsqueryCheckStatusUpdated) self.assertEqual(event.payload["pk"], compliance_check.pk) self.assertEqual(event.payload["version"], query.version) self.assertEqual(event.payload["version"], compliance_check.version) self.assertEqual(event.payload["osquery_query"], {"pk": query.pk}) self.assertIsNone(event.payload.get("osquery_pack")) self.assertEqual(event.payload["osquery_run"], {"pk": distributed_query.pk}) self.assertEqual(event.payload["status"], Status.OK.name) self.assertIsNone(event.payload.get("previous_status")) self.assertEqual(event.get_linked_objects_keys(), {"compliance_check": [(compliance_check.pk,)], "osquery_query": [(query.pk,)], "osquery_run": [(distributed_query.pk,)]}) ms_qs = MachineStatus.objects.filter(compliance_check=compliance_check, serial_number=serial_number) self.assertEqual(ms_qs.count(), 1) ms = ms_qs.first() self.assertEqual(ms.compliance_check_version, compliance_check.version) self.assertEqual(ms.status, Status.OK.value) self.assertEqual(ms.status_time, status_time)
def test_scheduled_compliance_check_one_ok_tuple_update(self): query, _, _ = self._force_query(force_pack=True, force_compliance_check=True) serial_number = get_random_string() cc_status_agg = ComplianceCheckStatusAggregator(serial_number) existing_ms = MachineStatus.objects.create( serial_number=serial_number, compliance_check=query.compliance_check, compliance_check_version=query.compliance_check.version, status=Status.OK.value, status_time=datetime(2001, 1, 1) ) status_time = datetime.utcnow() cc_status_agg.add_result(query.pk, query.version, status_time, [{"ztl_status": Status.FAILED.name}]) events = list(cc_status_agg.commit()) self.assertEqual(len(events), 1) event = events[0] self.assertEqual(event.payload["status"], Status.FAILED.name) self.assertEqual(event.payload["previous_status"], Status.OK.name) ms_qs = MachineStatus.objects.filter(compliance_check=query.compliance_check, serial_number=serial_number) self.assertEqual(ms_qs.count(), 1) ms = ms_qs.first() self.assertEqual(ms, existing_ms) self.assertEqual(ms.compliance_check_version, query.compliance_check.version) self.assertEqual(ms.status, Status.FAILED.value) self.assertEqual(ms.status_time, status_time)
def test_no_compliance_check(self): query, _, _ = self._force_query(force_pack=True) serial_number = get_random_string() cc_status_agg = ComplianceCheckStatusAggregator(serial_number) cc_status_agg.add_result(query.pk, query.version, datetime.utcnow(), [{"ztl_status": Status.OK.value}]) events = list(cc_status_agg.commit()) self.assertEqual(len(events), 0) ms_qs = MachineStatus.objects.filter(compliance_check=query.compliance_check, serial_number=serial_number) self.assertEqual(ms_qs.count(), 0)
def test_scheduled_compliance_check_one_outdated_version_failed_tuple(self): query, _, _ = self._force_query(force_pack=True, force_compliance_check=True) query.version = 127 query.save() serial_number = get_random_string() cc_status_agg = ComplianceCheckStatusAggregator(serial_number) cc_status_agg.add_result(query.pk, 1, datetime.utcnow(), [{"ztl_status": Status.FAILED.name}]) events = list(cc_status_agg.commit()) self.assertEqual(len(events), 0) ms_qs = MachineStatus.objects.filter(compliance_check=query.compliance_check, serial_number=serial_number) self.assertEqual(ms_qs.count(), 0)
def test_scheduled_compliance_check_no_tuple(self): query, _, _ = self._force_query(force_pack=True, force_compliance_check=True) serial_number = get_random_string() cc_status_agg = ComplianceCheckStatusAggregator(serial_number) status_time = datetime.utcnow() cc_status_agg.add_result(query.pk, query.version, status_time, []) events = list(cc_status_agg.commit()) self.assertEqual(len(events), 1) ms_qs = MachineStatus.objects.filter(compliance_check=query.compliance_check, serial_number=serial_number) self.assertEqual(ms_qs.count(), 1) ms = ms_qs.first() self.assertEqual(ms.compliance_check_version, query.compliance_check.version) self.assertEqual(ms.status, Status.UNKNOWN.value) self.assertEqual(ms.status_time, status_time)
def test_scheduled_compliance_check_one_ok_one_failed_tuple(self): query1, _, _ = self._force_query(force_pack=True, force_compliance_check=True) query2, _, _ = self._force_query(force_pack=True, force_compliance_check=True) serial_number = get_random_string() cc_status_agg = ComplianceCheckStatusAggregator(serial_number) status_time1 = datetime.utcnow() status_time2 = datetime.utcnow() cc_status_agg.add_result(query1.pk, query1.version, status_time1, [{"ztl_status": Status.OK.name}]) cc_status_agg.add_result(query2.pk, query2.version, status_time2, [{"ztl_status": Status.FAILED.name}]) events = list(cc_status_agg.commit()) self.assertEqual(len(events), 2) ms_qs1 = MachineStatus.objects.filter(compliance_check=query1.compliance_check, serial_number=serial_number) self.assertEqual(ms_qs1.count(), 1) ms_qs2 = MachineStatus.objects.filter(compliance_check=query2.compliance_check, serial_number=serial_number) self.assertEqual(ms_qs2.count(), 1) ms1 = ms_qs1.get(compliance_check=query1.compliance_check) self.assertEqual(ms1.compliance_check_version, query1.compliance_check.version) self.assertEqual(ms1.status, Status.OK.value) self.assertEqual(ms1.status_time, status_time1) ms2 = ms_qs2.get(compliance_check=query2.compliance_check) self.assertEqual(ms2.compliance_check_version, query2.compliance_check.version) self.assertEqual(ms2.status, Status.FAILED.value) self.assertEqual(ms2.status_time, status_time2)