def test_check_package_presence(request, fleecing_vm, ssh_client, analysis_profile):
"""This test checks compliance by presence of a certain cfme-appliance package which is expected
to be present on an appliance."""
# TODO: If we step out from provisioning a full appliance for fleecing, this might need revisit
condition = VMCondition(
"Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)),
expression=("fill_find(field=VM and Instance.Guest Applications : Name, "
"skey=STARTS WITH, value=cfme-appliance, check=Check Count, ckey= = , cvalue=1)")
)
request.addfinalizer(lambda: diaper(condition.delete))
policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8)))
request.addfinalizer(lambda: diaper(policy.delete))
policy.create()
policy.assign_conditions(condition)
profile = PolicyProfile(
"Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)),
policies=[policy]
)
request.addfinalizer(lambda: diaper(profile.delete))
profile.create()
fleecing_vm.assign_policy_profiles(profile.description)
request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description))
with update(analysis_profile):
analysis_profile.categories = [
"check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"]
do_scan(fleecing_vm)
assert fleecing_vm.check_compliance_and_wait()
def test_check_files(request, fleecing_vm, ssh_client, analysis_profile):
"""This test checks presence and contents of a certain file. Due to caching, an existing file
is checked.
"""
check_file_name = "/etc/sudo.conf"
check_file_contents = "sudoers_policy" # The file contains: `Plugin sudoers_policy sudoers.so`
condition = VMCondition(
"Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)),
expression=("fill_find(VM and Instance.Files : Name, "
"=, {}, Check Any, Contents, INCLUDES, {})".format(
check_file_name, check_file_contents))
)
request.addfinalizer(lambda: diaper(condition.delete))
policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8)))
request.addfinalizer(lambda: diaper(policy.delete))
policy.create()
policy.assign_conditions(condition)
profile = PolicyProfile(
"Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)),
policies=[policy]
)
request.addfinalizer(lambda: diaper(profile.delete))
profile.create()
fleecing_vm.assign_policy_profiles(profile.description)
request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description))
with update(analysis_profile):
analysis_profile.files = [(check_file_name, True)]
analysis_profile.categories = [
"check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"]
do_scan(fleecing_vm, ("Configuration", "Files"))
assert fleecing_vm.check_compliance_and_wait()
def test_check_package_presence(request, fleecing_vm, ssh_client, vm_analysis,
analysis_profile):
"""This test checks compliance by presence of a certain cfme-appliance package which is expected
to be present on an appliance."""
# TODO: If we step out from provisioning a full appliance for fleecing, this might need revisit
condition = VMCondition(
"Compliance testing condition {}".format(
fauxfactory.gen_alphanumeric(8)),
expression=
("fill_find(field=VM and Instance.Guest Applications : Name, "
"skey=STARTS WITH, value=cfme-appliance, check=Check Count, ckey= = , cvalue=1)"
))
request.addfinalizer(lambda: diaper(condition.delete))
policy = VMCompliancePolicy("Compliance {}".format(
fauxfactory.gen_alphanumeric(8)))
request.addfinalizer(lambda: diaper(policy.delete))
policy.create()
policy.assign_conditions(condition)
profile = PolicyProfile("Compliance PP {}".format(
fauxfactory.gen_alphanumeric(8)),
policies=[policy])
request.addfinalizer(lambda: diaper(profile.delete))
profile.create()
fleecing_vm.assign_policy_profiles(profile.description)
request.addfinalizer(
lambda: fleecing_vm.unassign_policy_profiles(profile.description))
with update(analysis_profile):
analysis_profile.categories = [
"check_services", "check_accounts", "check_software",
"check_vmconfig", "check_system"
]
do_scan(fleecing_vm)
assert fleecing_vm.check_compliance_and_wait()
def fleecing_vm(
request, compliance_vm, vm_analysis, provider_mgmt, provider_key, provider_crud,
analysis_profile):
logger.info("Provisioning an appliance for fleecing on {}".format(provider_key))
# TODO: When we get something smaller, use it!
appliance = provision_appliance(
vm_name_prefix=PREFIX + "for_fleece_",
version=str(version.current_version()),
provider_name=provider_key)
request.addfinalizer(lambda: diaper(appliance.destroy))
logger.info("Appliance {} provisioned".format(appliance.vm_name))
vm = Vm(appliance.vm_name, provider_crud)
provider_crud.refresh_provider_relationships()
vm.wait_to_appear()
# Assign the analysis profile
action = Action(
"Assign analysis profile {}".format(analysis_profile.name),
"Assign Profile to Analysis Task",
dict(analysis_profile=analysis_profile.name))
action.create()
request.addfinalizer(action.delete)
policy = VMControlPolicy("Analysis profile policy {}".format(generate_random_string()))
policy.create()
request.addfinalizer(policy.delete)
policy.assign_actions_to_event("VM Analysis Start", action)
analysis_pp = PolicyProfile(
"Analysis profile PP {}".format(generate_random_string()),
policies=[policy])
analysis_pp.create()
request.addfinalizer(analysis_pp.delete)
vm.assign_policy_profiles(analysis_pp.description)
request.addfinalizer(lambda: vm.unassign_policy_profiles(analysis_pp.description))
return vm
def policy_profile(request):
policy = VMControlPolicy(fauxfactory.gen_alpha())
policy.create()
request.addfinalizer(policy.delete)
profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
profile.create()
request.addfinalizer(profile.delete)
return profile
def policy_profile(request):
policy = VMControlPolicy(fauxfactory.gen_alpha())
policy.create()
request.addfinalizer(policy.delete)
profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
profile.create()
request.addfinalizer(profile.delete)
return profile
def test_vm_create(request, vm_crud, provider, register_event):
""" Test whether vm_create_complete event is emitted.
Prerequisities:
* A provider that is set up and able to deploy VMs
Steps:
* Create a Control setup (action, policy, profile) that apply a tag on a VM when
``VM Create Complete`` event comes
* Deploy the VM outside of CFME (directly in the provider)
* Refresh provider relationships and wait for VM to appear
* Assert the tag appears.
Metadata:
test_flag: provision
"""
action = Action(
fauxfactory.gen_alpha(), "Tag",
dict(tag=("My Company Tags", "Environment", "Development")))
action.create()
request.addfinalizer(action.delete)
policy = VMControlPolicy(fauxfactory.gen_alpha())
policy.create()
request.addfinalizer(policy.delete)
policy.assign_events("VM Create Complete")
request.addfinalizer(policy.assign_events)
policy.assign_actions_to_event("VM Create Complete", action)
profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
profile.create()
request.addfinalizer(profile.delete)
provider.assign_policy_profiles(profile.description)
request.addfinalizer(
lambda: provider.unassign_policy_profiles(profile.description))
register_event('VmOrTemplate', vm_crud.name, 'vm_create')
vm_crud.create_on_provider()
provider.refresh_provider_relationships()
vm_crud.wait_to_appear()
def _check():
return any(tag.category.display_name == "Environment"
and tag.display_name == "Development"
for tag in vm_crud.get_tags())
wait_for(_check, num_sec=180, delay=15, message="tags to appear")
def test_vm_create(request, vm_crud, provider, register_event):
""" Test whether vm_create_complete event is emitted.
Prerequisities:
* A provider that is set up and able to deploy VMs
Steps:
* Create a Control setup (action, policy, profile) that apply a tag on a VM when
``VM Create Complete`` event comes
* Deploy the VM outside of CFME (directly in the provider)
* Refresh provider relationships and wait for VM to appear
* Assert the tag appears.
Metadata:
test_flag: provision
"""
action = Action(
fauxfactory.gen_alpha(),
"Tag",
dict(tag=("My Company Tags", "Environment", "Development")))
action.create()
request.addfinalizer(action.delete)
policy = VMControlPolicy(fauxfactory.gen_alpha())
policy.create()
request.addfinalizer(policy.delete)
policy.assign_events("VM Create Complete")
request.addfinalizer(policy.assign_events)
policy.assign_actions_to_event("VM Create Complete", action)
profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
profile.create()
request.addfinalizer(profile.delete)
provider.assign_policy_profiles(profile.description)
request.addfinalizer(lambda: provider.unassign_policy_profiles(profile.description))
register_event('VmOrTemplate', vm_crud.name, 'vm_create')
vm_crud.create_on_provider()
provider.refresh_provider_relationships()
vm_crud.wait_to_appear()
def _check():
return any(tag.category.display_name == "Environment" and tag.display_name == "Development"
for tag in vm_crud.get_tags())
wait_for(_check, num_sec=300, delay=15, message="tags to appear")
def policy_profile(request, instance):
collected_files = [
{"Name": "/etc/redhat-access-insights/machine-id", "Collect Contents?": True},
{"Name": ssa_expect_file, "Collect Contents?": True},
]
analysis_profile_name = 'ssa_analysis_{}'.format(fauxfactory.gen_alphanumeric())
analysis_profile = configuration.VMAnalysisProfile(analysis_profile_name, analysis_profile_name,
categories=["check_system"],
files=collected_files)
if analysis_profile.exists:
analysis_profile.delete()
analysis_profile.create()
request.addfinalizer(analysis_profile.delete)
action = Action(
'ssa_action_{}'.format(fauxfactory.gen_alpha()),
"Assign Profile to Analysis Task",
dict(analysis_profile=analysis_profile_name))
if action.exists:
action.delete()
action.create()
request.addfinalizer(action.delete)
policy = VMControlPolicy('ssa_policy_{}'.format(fauxfactory.gen_alpha()))
if policy.exists:
policy.delete()
policy.create()
request.addfinalizer(policy.delete)
policy.assign_events("VM Analysis Start")
request.addfinalizer(policy.assign_events)
policy.assign_actions_to_event("VM Analysis Start", action)
profile = PolicyProfile('ssa_policy_profile_{}'.format(fauxfactory.gen_alpha()),
policies=[policy])
if profile.exists:
profile.delete()
profile.create()
request.addfinalizer(profile.delete)
instance.assign_policy_profiles(profile.description)
request.addfinalizer(lambda: instance.unassign_policy_profiles(profile.description))
def test_check_files(request, fleecing_vm, ssh_client, check_file_name, analysis_profile):
"""This test checks presence and contents of a certain file. First the non-compliance is
enforced by not having the file, then the compliance is checked against existing file and
it is expected to be compliant.
"""
contents = generate_random_string(size=12)
condition = VMCondition(
"Compliance testing condition {}".format(generate_random_string(size=8)),
expression=("fill_find(VM and Instance.Files : Name, "
"=, {}, Check Any, Contents, INCLUDES, {})".format(check_file_name, contents))
)
request.addfinalizer(lambda: diaper(condition.delete))
policy = VMCompliancePolicy("Compliance {}".format(generate_random_string(size=8)))
request.addfinalizer(lambda: diaper(policy.delete))
policy.create()
policy.assign_conditions(condition)
profile = PolicyProfile(
"Compliance PP {}".format(generate_random_string(size=8)),
policies=[policy]
)
request.addfinalizer(lambda: diaper(profile.delete))
profile.create()
fleecing_vm.assign_policy_profiles(profile.description)
request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description))
with update(analysis_profile):
analysis_profile.files = [("/root/*", True)]
analysis_profile.categories = [
"check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"]
# Non-compliant
ssh_client.run_command("rm -f {}".format(check_file_name))
do_scan(fleecing_vm)
assert not fleecing_vm.check_compliance_and_wait()
# Compliant
ssh_client.run_command("echo {} > {}".format(contents, check_file_name))
do_scan(fleecing_vm)
assert fleecing_vm.check_compliance_and_wait()
def test_scope_windows_registry_stuck(request, setup_a_provider):
"""If you provide Scope checking windows registry, it messes CFME up. Recoverable."""
policy = VMCompliancePolicy(
"Windows registry scope glitch testing Compliance Policy",
active=True,
scope=
r"fill_registry(HKLM\SOFTWARE\Microsoft\CurrentVersion\Uninstall\test, "
r"some value, INCLUDES, some content)")
request.addfinalizer(lambda: policy.delete() if policy.exists else None)
policy.create()
profile = PolicyProfile(
"Windows registry scope glitch testing Compliance Policy",
policies=[policy])
request.addfinalizer(lambda: profile.delete() if profile.exists else None)
profile.create()
# Now assign this malformed profile to a VM
vm = get_first_vm_title()
assign_policy_profiles(vm, profile.description, via_details=True)
# It should be screwed here, but do additional check
pytest.sel.force_navigate("dashboard")
pytest.sel.force_navigate("infrastructure_virtual_machines")
assert "except" not in pytest.sel.title().lower()
unassign_policy_profiles(vm, profile.description, via_details=True)
def test_scope_windows_registry_stuck(request, setup_a_provider):
"""If you provide Scope checking windows registry, it messes CFME up. Recoverable."""
policy = VMCompliancePolicy(
"Windows registry scope glitch testing Compliance Policy",
active=True,
scope=r"fill_registry(HKLM\SOFTWARE\Microsoft\CurrentVersion\Uninstall\test, "
r"some value, INCLUDES, some content)"
)
request.addfinalizer(lambda: policy.delete() if policy.exists else None)
policy.create()
profile = PolicyProfile(
"Windows registry scope glitch testing Compliance Policy",
policies=[policy]
)
request.addfinalizer(lambda: profile.delete() if profile.exists else None)
profile.create()
# Now assign this malformed profile to a VM
vm = VM.factory(Vm.get_first_vm_title(provider=setup_a_provider), setup_a_provider)
vm.assign_policy_profiles(profile.description)
# It should be screwed here, but do additional check
pytest.sel.force_navigate("dashboard")
pytest.sel.force_navigate("infrastructure_virtual_machines")
assert "except" not in pytest.sel.title().lower()
vm.unassign_policy_profiles(profile.description)
def test_check_files(request, fleecing_vm, ssh_client, analysis_profile):
"""This test checks presence and contents of a certain file. Due to caching, an existing file
is checked.
"""
check_file_name = "/etc/sudo.conf"
check_file_contents = "sudoers_policy" # The file contains: `Plugin sudoers_policy sudoers.so`
condition = VMCondition(
"Compliance testing condition {}".format(
fauxfactory.gen_alphanumeric(8)),
expression=("fill_find(VM and Instance.Files : Name, "
"=, {}, Check Any, Contents, INCLUDES, {})".format(
check_file_name, check_file_contents)))
request.addfinalizer(lambda: diaper(condition.delete))
policy = VMCompliancePolicy("Compliance {}".format(
fauxfactory.gen_alphanumeric(8)))
request.addfinalizer(lambda: diaper(policy.delete))
policy.create()
policy.assign_conditions(condition)
profile = PolicyProfile("Compliance PP {}".format(
fauxfactory.gen_alphanumeric(8)),
policies=[policy])
request.addfinalizer(lambda: diaper(profile.delete))
profile.create()
fleecing_vm.assign_policy_profiles(profile.description)
request.addfinalizer(
lambda: fleecing_vm.unassign_policy_profiles(profile.description))
with update(analysis_profile):
analysis_profile.files = [(check_file_name, True)]
analysis_profile.categories = [
"check_services", "check_accounts", "check_software",
"check_vmconfig", "check_system"
]
do_scan(fleecing_vm, ("Configuration", "Files"))
assert fleecing_vm.check_compliance_and_wait()
def policy_profile(request, instance):
collected_files = [
{
"Name": "/etc/redhat-access-insights/machine-id",
"Collect Contents?": True
},
{
"Name": ssa_expect_file,
"Collect Contents?": True
},
]
analysis_profile_name = 'ssa_analysis_{}'.format(
fauxfactory.gen_alphanumeric())
analysis_profile = configuration.VMAnalysisProfile(
analysis_profile_name,
analysis_profile_name,
categories=["check_system"],
files=collected_files)
if analysis_profile.exists:
analysis_profile.delete()
analysis_profile.create()
request.addfinalizer(analysis_profile.delete)
action = Action('ssa_action_{}'.format(fauxfactory.gen_alpha()),
"Assign Profile to Analysis Task",
dict(analysis_profile=analysis_profile_name))
if action.exists:
action.delete()
action.create()
request.addfinalizer(action.delete)
policy = VMControlPolicy('ssa_policy_{}'.format(fauxfactory.gen_alpha()))
if policy.exists:
policy.delete()
policy.create()
request.addfinalizer(policy.delete)
policy.assign_events("VM Analysis Start")
request.addfinalizer(policy.assign_events)
policy.assign_actions_to_event("VM Analysis Start", action)
profile = PolicyProfile('ssa_policy_profile_{}'.format(
fauxfactory.gen_alpha()),
policies=[policy])
if profile.exists:
profile.delete()
profile.create()
request.addfinalizer(profile.delete)
instance.assign_policy_profiles(profile.description)
request.addfinalizer(
lambda: instance.unassign_policy_profiles(profile.description))
def test_folder_field_scope(request, vmware_provider, vmware_vm):
"""This test tests the bug that makes the folder filter in expression not work.
Prerequisities:
* A VMware provider.
* A VM on the provider.
* A tag to assign.
Steps:
* Read the VM's 'Parent Folder Path (VMs & Templates)' from its summary page.
* Create an action for assigning the tag to the VM.
* Create a policy, for scope use ``Field``, field name
``VM and Instance : Parent Folder Path (VMs & Templates)``, ``INCLUDES`` and the
folder name as stated on the VM's summary page.
* Assign the ``VM Discovery`` event to the policy.
* Assign the action to the ``VM Discovery`` event.
* Create a policy profile and assign the policy to it.
* Assign the policy profile to the provider.
* Delete the VM from the CFME database.
* Initiate provider refresh and wait for VM to appear again.
* Assert that the VM gets tagged by the tag.
"""
# Retrieve folder location
folder = None
tags = vmware_vm.get_tags()
if any(tag.category.display_name == "Parent Folder Path (VMs & Templates)" for tag in tags):
folder = ', '.join(
item.display_name for item in
[tag for tag in tags
if tag.category.display_name == "Parent Folder Path (VMs & Templates)"])
logger.info("Detected folder: %s", folder)
else:
pytest.fail("Could not read the folder from the tags:\n{}".format(repr(tags)))
# Create Control stuff
action = Action(
fauxfactory.gen_alpha(),
"Tag", dict(tag=("My Company Tags", "Service Level", "Platinum")))
action.create()
request.addfinalizer(action.delete)
policy = VMControlPolicy(
fauxfactory.gen_alpha(),
scope=(
"fill_field(VM and Instance : Parent Folder Path (VMs & Templates), "
"INCLUDES, {})".format(folder)))
policy.create()
request.addfinalizer(policy.delete)
policy.assign_events("VM Discovery")
request.addfinalizer(policy.assign_events) # Unassigns
policy.assign_actions_to_event("VM Discovery", action)
profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
profile.create()
request.addfinalizer(profile.delete)
# Assign policy profile to the provider
vmware_provider.assign_policy_profiles(profile.description)
request.addfinalizer(lambda: vmware_provider.unassign_policy_profiles(profile.description))
# Delete and rediscover the VM
vmware_vm.delete()
vmware_vm.wait_for_delete()
vmware_provider.refresh_provider_relationships()
vmware_vm.wait_to_appear()
# Wait for the tag to appear
wait_for(
vmware_vm.get_tags, num_sec=600, delay=15,
fail_condition=lambda tags: not any(
tag.category.display_name == "Service Level" and tag.display_name == "Platinum"
for tag in tags),
message="vm be tagged")
def test_folder_field_scope(request, vmware_provider, vmware_vm):
"""This test tests the bug that makes the folder filter in expression not work.
Prerequisities:
* A VMware provider.
* A VM on the provider.
* A tag to assign.
Steps:
* Read the VM's 'Parent Folder Path (VMs & Templates)' from its summary page.
* Create an action for assigning the tag to the VM.
* Create a policy, for scope use ``Field``, field name
``VM and Instance : Parent Folder Path (VMs & Templates)``, ``INCLUDES`` and the
folder name as stated on the VM's summary page.
* Assign the ``VM Discovery`` event to the policy.
* Assign the action to the ``VM Discovery`` event.
* Create a policy profile and assign the policy to it.
* Assign the policy profile to the provider.
* Delete the VM from the CFME database.
* Initiate provider refresh and wait for VM to appear again.
* Assert that the VM gets tagged by the tag.
"""
# Retrieve folder location
folder = None
tags = vmware_vm.get_tags()
for tag in tags:
if "Parent Folder Path (VMs & Templates)" in tag:
folder = tag.split(":", 1)[-1].strip()
logger.info("Detected folder: {}".format(folder))
break
else:
pytest.fail("Could not read the folder from the tags:\n{}".format(
repr(tags)))
# Create Control stuff
action = Action(fauxfactory.gen_alpha(), "Tag",
dict(tag=("My Company Tags", "Service Level", "Platinum")))
action.create()
request.addfinalizer(action.delete)
policy = VMControlPolicy(
fauxfactory.gen_alpha(),
scope=
("fill_field(VM and Instance : Parent Folder Path (VMs & Templates), "
"INCLUDES, {})".format(folder)))
policy.create()
request.addfinalizer(policy.delete)
policy.assign_events("VM Discovery")
request.addfinalizer(policy.assign_events) # Unassigns
policy.assign_actions_to_event("VM Discovery", action)
profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
profile.create()
request.addfinalizer(profile.delete)
# Assign policy profile to the provider
vmware_provider.assign_policy_profiles(profile.description)
request.addfinalizer(
lambda: vmware_provider.unassign_policy_profiles(profile.description))
# Delete and rediscover the VM
vmware_vm.remove_from_cfme()
vmware_vm.wait_for_delete()
vmware_provider.refresh_provider_relationships()
vmware_vm.wait_to_appear()
# Wait for the tag to appear
wait_for(vmware_vm.get_tags,
num_sec=600,
delay=15,
fail_condition=lambda tags: "Service Level: Platinum" not in tags,
message="vm be tagged")