def set_certificate_in_satellite(server_type):
"""update the cert settings in satellite based on type of ldap server"""
if server_type == 'IPA':
idm_cert_path_url = os.path.join(settings.ipa.hostname_ipa, 'ipa/config/ca.crt')
file_downloader(
file_url=idm_cert_path_url,
local_path=CERT_PATH,
file_name='ipa.crt',
hostname=settings.server.hostname,
)
elif server_type == 'AD':
ssh.command('yum -y --disableplugin=foreman-protector install cifs-utils')
command = r'mount -t cifs -o username=administrator,pass={0} //{1}/c\$ /mnt'
ssh.command(command.format(settings.ldap.password, settings.ldap.hostname))
result = ssh.command(
'cp /mnt/Users/Administrator/Desktop/satqe-QE-SAT6-AD-CA.cer {}'.format(CERT_PATH)
)
if result.return_code != 0:
raise AssertionError('Failed to copy the AD server certificate at right path')
result = ssh.command('update-ca-trust extract && restorecon -R {}'.format(CERT_PATH))
if result.return_code != 0:
raise AssertionError('Failed to update and trust the certificate')
result = ssh.command('systemctl restart httpd')
if result.return_code != 0:
raise AssertionError(
'Failed to restart the httpd after applying {} cert'.format(server_type)
)
def tailoring_file_path():
""" Return Tailoring file path."""
local = file_downloader(file_url=settings.oscap.tailoring_path)[0]
satellite = file_downloader(
file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname
)[0]
return {'local': local, 'satellite': satellite}
def module_synced_repos(sat_maintain):
org = sat_maintain.api.Organization().create()
manifests_path = file_downloader(
file_url=settings.fake_manifest.url['default'], hostname=sat_maintain.hostname
)[0]
sat_maintain.cli.Subscription.upload({'file': manifests_path, 'organization-id': org.id})
# sync custom repo
cust_prod = sat_maintain.api.Product(organization=org).create()
cust_repo = sat_maintain.api.Repository(
url=settings.repos.yum_1.url, product=cust_prod
).create()
cust_repo.sync()
# sync RH repo
product = sat_maintain.api.Product(name=constants.PRDS['rhae'], organization=org.id).search()[0]
r_set = sat_maintain.api.RepositorySet(
name=constants.REPOSET['rhae2'], product=product
).search()[0]
payload = {'basearch': constants.DEFAULT_ARCHITECTURE, 'product_id': product.id}
r_set.enable(data=payload)
result = sat_maintain.api.Repository(name=constants.REPOS['rhae2']['name']).search(
query={'organization_id': org.id}
)
rh_repo_id = result[0].id
rh_repo = sat_maintain.api.Repository(id=rh_repo_id).read()
rh_repo.sync()
yield {'custom': cust_repo, 'rh': rh_repo}
def rhcloud_manifest_org(rhcloud_sat_host):
"""A module level fixture to get organization with manifest."""
org = rhcloud_sat_host.api.Organization().create()
manifests_path = file_downloader(
file_url=settings.fake_manifest.url['default'], hostname=rhcloud_sat_host.hostname
)[0]
rhcloud_sat_host.cli.Subscription.upload({'file': manifests_path, 'organization-id': org.id})
return org
def setUpClass(cls):
super(OpenScapTestCase, cls).setUpClass()
cls.title = gen_string('alpha')
result = [scap['title'] for scap in Scapcontent.list() if scap.get('title') in cls.title]
if not result:
make_scapcontent({'title': cls.title, 'scap-file': settings.oscap.content_path})
cls.scap_id_rhel7, cls.scap_profile_id_rhel7 = cls.fetch_scap_and_profile_id(
cls.title, OSCAP_PROFILE['security7']
)
cls.tailoring_file_path = file_downloader(
file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname
)[0]
Ansible.roles_import({'proxy-id': 1})
Ansible.variables_import({'proxy-id': 1})
def setUpClass(cls):
super(TailoringFilesTestCase, cls).setUpClass()
cls.tailoring_file_path = file_downloader(
file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
def test_positive_oscap_run_with_tailoring_file_with_ansible(self):
"""End-to-End Oscap run with tailoring files via ansible
:id: c7ea56eb-6cf1-4e79-8d6a-fb872d1bb804
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Import Ansible role theforeman.foreman_scap_client
4. Import Ansible Variables needed for the role
5. Create a scap policy with anisble as deploy option
6. Associate scap content with it's tailoring file
7. Associate the policy with a hostgroup
8. Provision a host using the hostgroup
9. Configure REX and associate the Ansible role to created host
10. Play roles for the host
:expectedresults: REX job should be success and ARF report should be sent to satellite
reflecting the changes done via tailoring files
:BZ: 1716307
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'organizations': self.config_env['org_name'],
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
tailor_path,
'organization':
self.config_env['org_name'],
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
Ansible.roles_import({'proxy-id': self.proxy_id})
Ansible.variables_import({'proxy-id': self.proxy_id})
role_id = Ansible.roles_list({'search':
'foreman_scap_client'})[0].get('id')
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
policy_values.get('hgrp'),
'deploy-by':
'ansible',
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name'],
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
assert vm.subscribed
Host.set_parameter({
'host': vm.hostname.lower(),
'name': 'remote_execution_connect_by_ip',
'value': 'True',
})
vm.configure_rhel_repo(settings.rhel7_repo)
add_remote_execution_ssh_key(vm.ip_addr)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'ansible-role-ids': role_id,
})
job_id = Host.ansible_roles_play({'name': vm.hostname.lower()
})[0].get('id')
wait_for_tasks(
f"resource_type = JobInvocation and resource_id = {job_id} and "
"action ~ \"hosts job\"")
try:
result = JobInvocation.info({'id': job_id})['success']
assert result == '1'
except AssertionError:
output = ' '.join(
JobInvocation.get_output({
'id': job_id,
'host': vm.hostname
}))
result = f'host output: {output}'
raise AssertionError(result)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_oscap_run_with_tailoring_file_and_capsule(self):
"""End-to-End Oscap run with tailoring files and default capsule via puppet
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:BZ: 1722475
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
'puppet-classes': self.puppet_classes,
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
tailor_path,
'organization':
self.config_env['org_name'],
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id':
scap_id,
'deploy-by':
'puppet',
'hostgroups':
policy_values.get('hgrp'),
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name'],
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'puppet-environment-id': self.puppet_env.id,
})
vm.configure_puppet(rhel7_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_oscap_run_with_tailoring_file_and_capsule(
module_org, default_proxy, content_view, lifecycle_env, puppet_env):
"""End-to-End Oscap run with tailoring files and default capsule via puppet
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:BZ: 1722475
:CaseImportance: Critical
"""
hgrp_name = gen_string('alpha')
policy_name = gen_string('alpha')
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group.
make_hostgroup({
'content-source': settings.server.hostname,
'name': hgrp_name,
'puppet-environment-id': puppet_env.id,
'puppet-ca-proxy': settings.server.hostname,
'puppet-proxy': settings.server.hostname,
'organizations': module_org.name,
'puppet-classes': puppet_classes,
})
tailor_result = make_tailoringfile({
'name': tailoring_file_name,
'scap-file': tailor_path,
'organization': module_org.name,
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy.
scap_id, scap_profile_id = fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel7_content'], OSCAP_PROFILE['security7'])
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
hgrp_name,
'deploy-by':
'puppet',
'name':
policy_name,
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
module_org.name,
})
# Creates vm's and runs openscap scan and uploads report to satellite6.
with VMBroker(nick=DISTRO_RHEL7, host_classes={'host': ContentHost}) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(module_org.name, ak_name[DISTRO_RHEL7])
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': lifecycle_env.name,
'content-view': content_view.name,
'hostgroup': hgrp_name,
'openscap-proxy-id': default_proxy,
'organization': module_org.name,
'puppet-environment-id': puppet_env.id,
})
vm.configure_puppet(settings.repos.rhel7_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
Arfreport.delete({'id': arf_report[0].get('id')})
def oscap_tailoring_path():
return file_downloader(settings.oscap.tailoring_path)[0]
def tailoring_file_path():
""" Return Tailoring file path."""
return file_downloader(file_url=settings.oscap.tailoring_path)[0]
