def test_positive_oscap_run_with_tailoring_file_and_capsule(self):
"""End-to-End Oscap run with tailoring files and default capsule via puppet
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:BZ: 1722475
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
'puppet-classes': self.puppet_classes,
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
tailor_path,
'organization':
self.config_env['org_name'],
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id':
scap_id,
'deploy-by':
'puppet',
'hostgroups':
policy_values.get('hgrp'),
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name'],
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'puppet-environment-id': self.puppet_env.id,
})
vm.configure_puppet(rhel7_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_oscap_run_with_tailoring_file_with_ansible(self):
"""End-to-End Oscap run with tailoring files via ansible
:id: c7ea56eb-6cf1-4e79-8d6a-fb872d1bb804
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Import Ansible role theforeman.foreman_scap_client
4. Import Ansible Variables needed for the role
5. Create a scap policy with anisble as deploy option
6. Associate scap content with it's tailoring file
7. Associate the policy with a hostgroup
8. Provision a host using the hostgroup
9. Configure REX and associate the Ansible role to created host
10. Play roles for the host
:expectedresults: REX job should be success and ARF report should be sent to satellite
reflecting the changes done via tailoring files
:BZ: 1716307
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'organizations': self.config_env['org_name'],
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
tailor_path,
'organization':
self.config_env['org_name'],
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
Ansible.roles_import({'proxy-id': self.proxy_id})
Ansible.variables_import({'proxy-id': self.proxy_id})
role_id = Ansible.roles_list({'search':
'foreman_scap_client'})[0].get('id')
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
policy_values.get('hgrp'),
'deploy-by':
'ansible',
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name'],
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
assert vm.subscribed
Host.set_parameter({
'host': vm.hostname.lower(),
'name': 'remote_execution_connect_by_ip',
'value': 'True',
})
vm.configure_rhel_repo(settings.rhel7_repo)
add_remote_execution_ssh_key(vm.ip_addr)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'ansible-role-ids': role_id,
})
job_id = Host.ansible_roles_play({'name': vm.hostname.lower()
})[0].get('id')
wait_for_tasks(
f"resource_type = JobInvocation and resource_id = {job_id} and "
"action ~ \"hosts job\"")
try:
result = JobInvocation.info({'id': job_id})['success']
assert result == '1'
except AssertionError:
output = ' '.join(
JobInvocation.get_output({
'id': job_id,
'host': vm.hostname
}))
result = f'host output: {output}'
raise AssertionError(result)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_oscap_run_via_ansible_bz_1814988(module_org, default_proxy,
content_view,
lifecycle_env):
"""End-to-End Oscap run via ansible
:id: 375f8f08-9299-4d16-91f9-9426eeecb9c5
:parametrized: yes
:customerscenario: true
:setup: scap content, scap policy, host group
:steps:
1. Create a valid scap content
2. Import Ansible role theforeman.foreman_scap_client
3. Import Ansible Variables needed for the role
4. Create a scap policy with anisble as deploy option
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Harden the host by remediating it with DISA STIG security policy
8. Configure REX and associate the Ansible role to created host
9. Play roles for the host
:expectedresults: REX job should be success and ARF report should be sent to satellite
:BZ: 1814988
:CaseImportance: Critical
"""
hgrp_name = gen_string('alpha')
policy_name = gen_string('alpha')
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': default_proxy,
'name': hgrp_name,
'organizations': module_org.name,
})
# Creates oscap_policy.
scap_id, scap_profile_id = fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel7_content'], OSCAP_PROFILE['dsrhel7'])
Ansible.roles_import({'proxy-id': default_proxy})
Ansible.variables_import({'proxy-id': default_proxy})
role_id = Ansible.roles_list({'search':
'foreman_scap_client'})[0].get('id')
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': hgrp_name,
'deploy-by': 'ansible',
'name': policy_name,
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': module_org.name,
})
with VMBroker(nick=DISTRO_RHEL7, host_classes={'host': ContentHost}) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(module_org.name, ak_name[DISTRO_RHEL7])
assert vm.subscribed
Host.set_parameter({
'host': vm.hostname.lower(),
'name': 'remote_execution_connect_by_ip',
'value': 'True',
})
vm.configure_rhel_repo(settings.repos.rhel7_repo)
# Harden the rhel7 client with DISA STIG security policy
vm.run('yum install -y scap-security-guide')
vm.run(
'oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_stig '
'--fetch-remote-resources --results-arf results.xml '
'/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml', )
add_remote_execution_ssh_key(vm.ip_addr)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': lifecycle_env.name,
'content-view': content_view.name,
'hostgroup': hgrp_name,
'openscap-proxy-id': default_proxy,
'organization': module_org.name,
'ansible-role-ids': role_id,
})
job_id = Host.ansible_roles_play({'name':
vm.hostname.lower()})[0].get('id')
wait_for_tasks(
f'resource_type = JobInvocation and resource_id = {job_id} and action ~ "hosts job"'
)
try:
result = JobInvocation.info({'id': job_id})['success']
assert result == '1'
except AssertionError:
output = ' '.join(
JobInvocation.get_output({
'id': job_id,
'host': vm.hostname
}))
result = f'host output: {output}'
raise AssertionError(result)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_upload_to_satellite(self):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 17a0978d-64f9-44ad-8303-1f54ada08602
:expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be
uploaded to Satellite and be searchable. Satellite should push updated
content to Clients and satellite should get updated reports.
:CaseLevel: System
:BZ: 1479413, 1722475, 1420439, 1722475
"""
if settings.rhel6_repo is None:
self.skipTest('Missing configuration for rhel6_repo')
rhel6_repo = settings.rhel6_repo
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
if settings.rhel8_repo is None:
self.skipTest('Missing configuration for rhel8_repo')
rhel8_repo = settings.rhel8_repo
hgrp8_name = gen_string('alpha')
rhel7_repo = settings.rhel7_repo
hgrp6_name = gen_string('alpha')
hgrp7_name = gen_string('alpha')
policy6_name = gen_string('alpha')
policy7_name = gen_string('alpha')
policy8_name = gen_string('alpha')
policy_values = [
{
'content': self.rhel6_content,
'hgrp': hgrp6_name,
'policy': policy6_name,
'profile': OSCAP_PROFILE['security6'],
},
{
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': policy7_name,
'profile': OSCAP_PROFILE['security7'],
},
{
'content': self.rhel8_content,
'hgrp': hgrp8_name,
'policy': policy8_name,
'profile': OSCAP_PROFILE['cbrhel8'],
},
]
vm_values = [
{
'distro': DISTRO_RHEL6,
'hgrp': hgrp6_name,
'rhel_repo': rhel6_repo,
'policy': policy6_name,
},
{
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
'policy': policy7_name,
},
{
'distro': DISTRO_RHEL8,
'hgrp': hgrp8_name,
'rhel_repo': rhel8_repo,
'policy': policy8_name,
},
]
# Creates host_group for both rhel6, rhel7 and rhel8.
for host_group in [hgrp6_name, hgrp7_name, hgrp8_name]:
make_hostgroup({
'content-source': self.config_env['sat6_hostname'],
'name': host_group,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
'puppet-classes': self.puppet_classes,
})
# Creates oscap_policy for both rhel6, rhel7 and rhel8.
for value in policy_values:
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
value['content'], value['profile'])
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': value['hgrp'],
'deploy-by': 'puppet',
'name': value['policy'],
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
# Creates two vm's each for rhel6, rhel7 and rhel8, runs
# openscap scan and uploads report to satellite6.
for value in vm_values:
with VirtualMachine(distro=value['distro']) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(value['distro']))
assert vm.subscribed
Host.update({
'name':
vm.hostname.lower(),
'lifecycle-environment':
self.config_env['env_name'],
'content-view':
self.config_env['cv_name'],
'hostgroup':
value['hgrp'],
'openscap-proxy-id':
self.proxy_id,
'organization':
self.config_env['org_name'],
'puppet-environment-id':
self.puppet_env.id,
})
SmartClassParameter.update({
'name':
'fetch_remote_resources',
'override':
1,
'parameter-type':
'boolean',
'default-value':
'true',
'puppet-class':
'foreman_scap_client',
})
SmartClassParameter.add_matcher({
'smart-class-parameter':
'fetch_remote_resources',
'match':
f'fqdn={vm.hostname}',
'value':
'true',
'puppet-class':
'foreman_scap_client',
})
vm.configure_puppet(value['rhel_repo'])
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox'])
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': value['policy'],
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path'
)
assert result != updated_result
assert updated_result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
result = Arfreport.list(
{'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_oscap_run_with_tailoring_file_and_capsule(
module_org, default_proxy, content_view, lifecycle_env, puppet_env):
"""End-to-End Oscap run with tailoring files and default capsule via puppet
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:BZ: 1722475
:CaseImportance: Critical
"""
hgrp_name = gen_string('alpha')
policy_name = gen_string('alpha')
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group.
make_hostgroup({
'content-source': settings.server.hostname,
'name': hgrp_name,
'puppet-environment-id': puppet_env.id,
'puppet-ca-proxy': settings.server.hostname,
'puppet-proxy': settings.server.hostname,
'organizations': module_org.name,
'puppet-classes': puppet_classes,
})
tailor_result = make_tailoringfile({
'name': tailoring_file_name,
'scap-file': tailor_path,
'organization': module_org.name,
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy.
scap_id, scap_profile_id = fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel7_content'], OSCAP_PROFILE['security7'])
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
hgrp_name,
'deploy-by':
'puppet',
'name':
policy_name,
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
module_org.name,
})
# Creates vm's and runs openscap scan and uploads report to satellite6.
with VMBroker(nick=DISTRO_RHEL7, host_classes={'host': ContentHost}) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(module_org.name, ak_name[DISTRO_RHEL7])
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': lifecycle_env.name,
'content-view': content_view.name,
'hostgroup': hgrp_name,
'openscap-proxy-id': default_proxy,
'organization': module_org.name,
'puppet-environment-id': puppet_env.id,
})
vm.configure_puppet(settings.repos.rhel7_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
Arfreport.delete({'id': arf_report[0].get('id')})
def test_positive_oscap_run_via_ansible(module_org, default_proxy,
content_view, lifecycle_env, distro):
"""End-to-End Oscap run via ansible
:id: c7ea56eb-6cf1-4e79-8d6a-fb872d1bb804
:parametrized: yes
:setup: scap content, scap policy, host group
:steps:
1. Create a valid scap content
2. Import Ansible role theforeman.foreman_scap_client
3. Import Ansible Variables needed for the role
4. Create a scap policy with anisble as deploy option
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Configure REX and associate the Ansible role to created host
8. Play roles for the host
:expectedresults: REX job should be success and ARF report should be sent to satellite
:BZ: 1716307
:CaseImportance: Critical
"""
if distro == 'rhel7':
rhel_repo = settings.repos.rhel7_repo
profile = OSCAP_PROFILE['security7']
else:
rhel_repo = settings.repos.rhel8_repo
profile = OSCAP_PROFILE['ospp8']
content = OSCAP_DEFAULT_CONTENT[f'{distro}_content']
hgrp_name = gen_string('alpha')
policy_name = gen_string('alpha')
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': default_proxy,
'name': hgrp_name,
'organizations': module_org.name,
})
# Creates oscap_policy.
scap_id, scap_profile_id = fetch_scap_and_profile_id(content, profile)
Ansible.roles_import({'proxy-id': default_proxy})
Ansible.variables_import({'proxy-id': default_proxy})
role_id = Ansible.roles_list({'search':
'foreman_scap_client'})[0].get('id')
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': hgrp_name,
'deploy-by': 'ansible',
'name': policy_name,
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': module_org.name,
})
with VMBroker(nick=distro, host_classes={'host': ContentHost}) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(module_org.name, ak_name[distro])
assert vm.subscribed
Host.set_parameter({
'host': vm.hostname.lower(),
'name': 'remote_execution_connect_by_ip',
'value': 'True',
})
vm.configure_rhel_repo(rhel_repo)
add_remote_execution_ssh_key(vm.ip_addr)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': lifecycle_env.name,
'content-view': content_view.name,
'hostgroup': hgrp_name,
'openscap-proxy-id': default_proxy,
'organization': module_org.name,
'ansible-role-ids': role_id,
})
job_id = Host.ansible_roles_play({'name':
vm.hostname.lower()})[0].get('id')
wait_for_tasks(
f'resource_type = JobInvocation and resource_id = {job_id} and action ~ "hosts job"'
)
try:
result = JobInvocation.info({'id': job_id})['success']
assert result == '1'
except AssertionError:
output = ' '.join(
JobInvocation.get_output({
'id': job_id,
'host': vm.hostname
}))
result = f'host output: {output}'
raise AssertionError(result)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_push_updated_content(self):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f
:expectedresults: Satellite should push updated content to Clients and
satellite should get updated reports
:CaseLevel: System
:BZ: 1420439, 1722475
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox']
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
Scapcontent.update({
'title': content_update,
'organizations': self.config_env['org_name']
})
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
})
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
# host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
self.assertTrue(vm.subscribed)
vm.configure_puppet(vm_values.get('rhel_repo'))
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'puppet-environment-id': self.puppet_env.id,
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search':
'host={0}'.format(vm.hostname.lower()),
'per-page':
1
})
self.assertIsNotNone(arf_report)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox'])
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': policy_values.get('policy'),
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
self.assertIsNot(result, updated_result)
self.assertEqual(updated_result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
self.assertIsNotNone(
Arfreport.list(
{'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_upload_to_satellite(
module_org,
default_proxy,
content_view,
lifecycle_env,
puppet_env,
distro,
):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 11fef620-6ee8-4768-a398-db8cede1fc14
:parametrized: yes
:customerscenario: true
:expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be
uploaded to Satellite and be searchable. Satellite should push updated
content to Clients and satellite should get updated reports.
:CaseLevel: System
:BZ: 1479413, 1722475, 1420439, 1722475
"""
hgrp_name = gen_string('alpha')
policy_name = gen_string('alpha')
if distro == 'rhel6':
rhel_repo = settings.repos.rhel6_repo
profile1 = OSCAP_PROFILE['dsrhel6']
profile2 = OSCAP_PROFILE['pcidss6']
profile3 = OSCAP_PROFILE['usgcb']
elif distro == 'rhel7':
rhel_repo = settings.repos.rhel7_repo
profile1 = OSCAP_PROFILE['dsrhel7']
profile2 = OSCAP_PROFILE['pcidss7']
profile3 = OSCAP_PROFILE['ospp7']
else:
rhel_repo = settings.repos.rhel8_repo
profile1 = OSCAP_PROFILE['dsrhel8']
profile2 = OSCAP_PROFILE['pcidss8']
profile3 = OSCAP_PROFILE['ospp8']
content = OSCAP_DEFAULT_CONTENT[f'{distro}_content']
# Creates host_group.
make_hostgroup({
'content-source': settings.server.hostname,
'name': hgrp_name,
'puppet-environment-id': puppet_env.id,
'puppet-ca-proxy': settings.server.hostname,
'puppet-proxy': settings.server.hostname,
'organizations': module_org.name,
'puppet-classes': puppet_classes,
})
# Creates oscap_policy.
scap_id, scap_profile_id = fetch_scap_and_profile_id(content, profile1)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': hgrp_name,
'deploy-by': 'puppet',
'name': policy_name,
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': module_org.name,
})
# Creates vm's and runs openscap scan and uploads report to satellite6.
with VMBroker(nick=distro, host_classes={'host': ContentHost}) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(module_org.name, ak_name[distro])
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': lifecycle_env.name,
'content-view': content_view.name,
'hostgroup': hgrp_name,
'openscap-proxy-id': default_proxy,
'organization': module_org.name,
'puppet-environment-id': puppet_env.id,
})
SmartClassParameter.update({
'name': 'fetch_remote_resources',
'override': 1,
'parameter-type': 'boolean',
'default-value': 'true',
'puppet-class': 'foreman_scap_client',
})
SmartClassParameter.add_matcher({
'smart-class-parameter': 'fetch_remote_resources',
'match': f'fqdn={vm.hostname}',
'value': 'true',
'puppet-class': 'foreman_scap_client',
})
vm.configure_puppet(rhel_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
for profile in [profile2, profile3]:
scap_id, scap_profile_id = fetch_scap_and_profile_id(
content, profile)
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': policy_name,
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organization': module_org.name,
})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
assert result != updated_result
assert updated_result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_upload_to_satellite(self):
"""Perform end to end oscap test and upload reports via puppet
:id: 17a0978d-64f9-44ad-8303-1f54ada08602
:expectedresults: Oscap reports from rhel6 and rhel7 clients should be
uploaded to satellite6 and be searchable.
:CaseLevel: System
:BZ: 1479413, 1722475
"""
if settings.rhel6_repo is None:
self.skipTest('Missing configuration for rhel6_repo')
rhel6_repo = settings.rhel6_repo
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp6_name = gen_string('alpha')
hgrp7_name = gen_string('alpha')
policy6_name = gen_string('alpha')
policy7_name = gen_string('alpha')
policy_values = [
{
'content': self.rhel6_content,
'hgrp': hgrp6_name,
'policy': policy6_name,
'profile': OSCAP_PROFILE['security6'],
},
{
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': policy7_name,
'profile': OSCAP_PROFILE['security7'],
},
]
vm_values = [
{
'distro': DISTRO_RHEL6,
'hgrp': hgrp6_name,
'rhel_repo': rhel6_repo,
'policy': policy6_name,
},
{
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
'policy': policy7_name,
},
]
# Creates host_group for both rhel6 and rhel7
for host_group in [hgrp6_name, hgrp7_name]:
make_hostgroup({
'content-source': self.config_env['sat6_hostname'],
'name': host_group,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
})
# Creates oscap_policy for both rhel6 and rhel7.
for value in policy_values:
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
value['content'], value['profile'])
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': value['hgrp'],
'deploy-by': 'puppet',
'name': value['policy'],
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
for value in vm_values:
with VirtualMachine(distro=value['distro']) as vm:
host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(value['distro']))
self.assertTrue(vm.subscribed)
vm.configure_puppet(value['rhel_repo'])
Host.update({
'name':
vm.hostname.lower(),
'lifecycle-environment':
self.config_env['env_name'],
'content-view':
self.config_env['cv_name'],
'hostgroup':
value['hgrp'],
'openscap-proxy-id':
self.proxy_id,
'organization':
self.config_env['org_name'],
'puppet-environment-id':
self.puppet_env.id,
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
self.assertIsNotNone(
Arfreport.list({'search': 'host={0}'.format(host)}))
def test_positive_oscap_run_with_tailoring_file_and_capsule(self):
""" End-to-End Oscap run with tailoring files and default capsule
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
tailoring_file_name = gen_string('alpha')
tailor_path = get_data_file(settings.oscap.tailoring_path)
file_name = tailor_path.split('/')[(len(tailor_path.split('/')) - 1)]
ssh.upload_file(local_file=tailor_path,
remote_file="/tmp/{0}".format(file_name))
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
'/tmp/{0}'.format(file_name),
'organization':
self.config_env['org_name']
})
result = TailoringFiles.info({'name': tailoring_file_name})
self.assertEqual(result['name'], tailoring_file_name)
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
policy_values.get('hgrp'),
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name']
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
self.assertTrue(vm.subscribed)
vm.configure_puppet(rhel7_repo)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(u'cat /etc/foreman_scap_client/config.yaml'
'| grep profile')
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
self.assertIsNotNone(
Arfreport.list(
{'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_oscap_run_with_tailoring_file_and_capsule(self):
""" End-to-End Oscap run with tailoring files and default capsule
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
tailoring_file_name = gen_string('alpha')
tailor_path = get_data_file(settings.oscap.tailoring_path)
file_name = tailor_path.split('/')[(len(tailor_path.split('/')) - 1)]
ssh.upload_file(
local_file=tailor_path,
remote_file="/tmp/{0}".format(file_name)
)
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
tailor_result = make_tailoringfile({
'name': tailoring_file_name,
'scap-file': '/tmp/{0}'.format(file_name),
'organization': self.config_env['org_name']
})
result = TailoringFiles.info({'name': tailoring_file_name})
self.assertEqual(result['name'], tailoring_file_name)
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'),
policy_values.get('profile')
)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id': tailor_result['id'],
'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'],
'organizations': self.config_env['org_name']
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os)
)
self.assertTrue(vm.subscribed)
vm.configure_puppet(rhel7_repo)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep profile'
)
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
self.assertIsNotNone(
Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_push_updated_content(self):
"""Perform end to end oscap test, and push the updated scap content
after first run.
:id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f
:expectedresults: Satellite should push updated content to Clients and
satellite should get updated reports
:CaseLevel: System
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox']
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
Scapcontent.update({
'title': content_update,
'organizations': self.config_env['org_name']
})
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'),
policy_values.get('profile')
)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
# host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os)
)
self.assertTrue(vm.subscribed)
vm.configure_puppet(vm_values.get('rhel_repo'))
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep content_path'
)
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list(
{
'search': 'host={0}'.format(vm.hostname.lower()),
'per-page': 1
})
self.assertIsNotNone(arf_report)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox']
)
Scappolicy.update({
'scap-content-id': scap_id,
'name': policy_values.get('policy'),
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
updated_result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep content_path'
)
self.assertIsNot(result, updated_result)
self.assertEqual(updated_result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
self.assertIsNotNone(
Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_upload_to_satellite(self):
"""Perform end to end oscap test and upload reports.
:id: 17a0978d-64f9-44ad-8303-1f54ada08602
:expectedresults: Oscap reports from rhel6 and rhel7 clients should be
uploaded to satellite6 and be searchable.
:CaseLevel: System
"""
if settings.rhel6_repo is None:
self.skipTest('Missing configuration for rhel6_repo')
rhel6_repo = settings.rhel6_repo
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp6_name = gen_string('alpha')
hgrp7_name = gen_string('alpha')
policy6_name = gen_string('alpha')
policy7_name = gen_string('alpha')
policy_values = [
{
'content': self.rhel6_content,
'hgrp': hgrp6_name,
'policy': policy6_name,
'profile': OSCAP_PROFILE['security6']
},
{
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': policy7_name,
'profile': OSCAP_PROFILE['security7']
},
]
vm_values = [
{
'distro': DISTRO_RHEL6,
'hgrp': hgrp6_name,
'rhel_repo': rhel6_repo,
'policy': policy6_name,
},
{
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
'policy': policy7_name,
},
]
# Creates host_group for both rhel6 and rhel7
for host_group in [hgrp6_name, hgrp7_name]:
make_hostgroup({
'content-source-id': 1,
'name': host_group,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
# Creates oscap_policy for both rhel6 and rhel7.
for value in policy_values:
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
value['content'],
value['profile']
)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': value['hgrp'],
'name': value['policy'],
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
for value in vm_values:
with VirtualMachine(distro=value['distro']) as vm:
host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(value['distro'])
)
self.assertTrue(vm.subscribed)
vm.configure_puppet(value['rhel_repo'])
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': value['hgrp'],
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep profile'
)
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
self.assertIsNotNone(Arfreport.list({'search': 'host={0}'.format(host)}))
