Пример #1
0
def test_check_package_presence(request, fleecing_vm, ssh_client, analysis_profile):
    """This test checks compliance by presence of a certain cfme-appliance package which is expected
    to be present on an appliance."""
    # TODO: If we step out from provisioning a full appliance for fleecing, this might need revisit
    condition = VMCondition(
        "Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)),
        expression=("fill_find(field=VM and Instance.Guest Applications : Name, "
            "skey=STARTS WITH, value=cfme-appliance, check=Check Count, ckey= = , cvalue=1)")
    )
    request.addfinalizer(lambda: diaper(condition.delete))
    policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8)))
    request.addfinalizer(lambda: diaper(policy.delete))
    policy.create()
    policy.assign_conditions(condition)
    profile = PolicyProfile(
        "Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)),
        policies=[policy]
    )
    request.addfinalizer(lambda: diaper(profile.delete))
    profile.create()
    fleecing_vm.assign_policy_profiles(profile.description)
    request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description))

    with update(analysis_profile):
        analysis_profile.categories = [
            "check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"]

    do_scan(fleecing_vm)
    assert fleecing_vm.check_compliance_and_wait()
Пример #2
0
def test_check_files(request, fleecing_vm, ssh_client, analysis_profile):
    """This test checks presence and contents of a certain file. Due to caching, an existing file
    is checked.
    """
    check_file_name = "/etc/sudo.conf"
    check_file_contents = "sudoers_policy"  # The file contains: `Plugin sudoers_policy sudoers.so`
    condition = VMCondition(
        "Compliance testing condition {}".format(fauxfactory.gen_alphanumeric(8)),
        expression=("fill_find(VM and Instance.Files : Name, "
            "=, {}, Check Any, Contents, INCLUDES, {})".format(
                check_file_name, check_file_contents))
    )
    request.addfinalizer(lambda: diaper(condition.delete))
    policy = VMCompliancePolicy("Compliance {}".format(fauxfactory.gen_alphanumeric(8)))
    request.addfinalizer(lambda: diaper(policy.delete))
    policy.create()
    policy.assign_conditions(condition)
    profile = PolicyProfile(
        "Compliance PP {}".format(fauxfactory.gen_alphanumeric(8)),
        policies=[policy]
    )
    request.addfinalizer(lambda: diaper(profile.delete))
    profile.create()
    fleecing_vm.assign_policy_profiles(profile.description)
    request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description))

    with update(analysis_profile):
        analysis_profile.files = [(check_file_name, True)]
        analysis_profile.categories = [
            "check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"]

    do_scan(fleecing_vm, ("Configuration", "Files"))
    assert fleecing_vm.check_compliance_and_wait()
Пример #3
0
def test_check_package_presence(request, fleecing_vm, ssh_client, vm_analysis,
                                analysis_profile):
    """This test checks compliance by presence of a certain cfme-appliance package which is expected
    to be present on an appliance."""
    # TODO: If we step out from provisioning a full appliance for fleecing, this might need revisit
    condition = VMCondition(
        "Compliance testing condition {}".format(
            fauxfactory.gen_alphanumeric(8)),
        expression=
        ("fill_find(field=VM and Instance.Guest Applications : Name, "
         "skey=STARTS WITH, value=cfme-appliance, check=Check Count, ckey= = , cvalue=1)"
         ))
    request.addfinalizer(lambda: diaper(condition.delete))
    policy = VMCompliancePolicy("Compliance {}".format(
        fauxfactory.gen_alphanumeric(8)))
    request.addfinalizer(lambda: diaper(policy.delete))
    policy.create()
    policy.assign_conditions(condition)
    profile = PolicyProfile("Compliance PP {}".format(
        fauxfactory.gen_alphanumeric(8)),
                            policies=[policy])
    request.addfinalizer(lambda: diaper(profile.delete))
    profile.create()
    fleecing_vm.assign_policy_profiles(profile.description)
    request.addfinalizer(
        lambda: fleecing_vm.unassign_policy_profiles(profile.description))

    with update(analysis_profile):
        analysis_profile.categories = [
            "check_services", "check_accounts", "check_software",
            "check_vmconfig", "check_system"
        ]

    do_scan(fleecing_vm)
    assert fleecing_vm.check_compliance_and_wait()
Пример #4
0
def fleecing_vm(
        request, compliance_vm, vm_analysis, provider_mgmt, provider_key, provider_crud,
        analysis_profile):
    logger.info("Provisioning an appliance for fleecing on {}".format(provider_key))
    # TODO: When we get something smaller, use it!
    appliance = provision_appliance(
        vm_name_prefix=PREFIX + "for_fleece_",
        version=str(version.current_version()),
        provider_name=provider_key)
    request.addfinalizer(lambda: diaper(appliance.destroy))
    logger.info("Appliance {} provisioned".format(appliance.vm_name))
    vm = Vm(appliance.vm_name, provider_crud)
    provider_crud.refresh_provider_relationships()
    vm.wait_to_appear()
    # Assign the analysis profile
    action = Action(
        "Assign analysis profile {}".format(analysis_profile.name),
        "Assign Profile to Analysis Task",
        dict(analysis_profile=analysis_profile.name))
    action.create()
    request.addfinalizer(action.delete)
    policy = VMControlPolicy("Analysis profile policy {}".format(generate_random_string()))
    policy.create()
    request.addfinalizer(policy.delete)
    policy.assign_actions_to_event("VM Analysis Start", action)
    analysis_pp = PolicyProfile(
        "Analysis profile PP {}".format(generate_random_string()),
        policies=[policy])
    analysis_pp.create()
    request.addfinalizer(analysis_pp.delete)
    vm.assign_policy_profiles(analysis_pp.description)
    request.addfinalizer(lambda: vm.unassign_policy_profiles(analysis_pp.description))
    return vm
def policy_profile(request):
    policy = VMControlPolicy(fauxfactory.gen_alpha())
    policy.create()
    request.addfinalizer(policy.delete)
    profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
    profile.create()
    request.addfinalizer(profile.delete)
    return profile
Пример #6
0
def policy_profile(request):
    policy = VMControlPolicy(fauxfactory.gen_alpha())
    policy.create()
    request.addfinalizer(policy.delete)
    profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
    profile.create()
    request.addfinalizer(profile.delete)
    return profile
Пример #7
0
def test_vm_create(request, vm_crud, provider, register_event):
    """ Test whether vm_create_complete event is emitted.

    Prerequisities:
        * A provider that is set up and able to deploy VMs

    Steps:
        * Create a Control setup (action, policy, profile) that apply a tag on a VM when
            ``VM Create Complete`` event comes
        * Deploy the VM outside of CFME (directly in the provider)
        * Refresh provider relationships and wait for VM to appear
        * Assert the tag appears.

    Metadata:
        test_flag: provision
    """
    action = Action(
        fauxfactory.gen_alpha(), "Tag",
        dict(tag=("My Company Tags", "Environment", "Development")))
    action.create()
    request.addfinalizer(action.delete)

    policy = VMControlPolicy(fauxfactory.gen_alpha())
    policy.create()
    request.addfinalizer(policy.delete)

    policy.assign_events("VM Create Complete")
    request.addfinalizer(policy.assign_events)
    policy.assign_actions_to_event("VM Create Complete", action)

    profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
    profile.create()
    request.addfinalizer(profile.delete)

    provider.assign_policy_profiles(profile.description)
    request.addfinalizer(
        lambda: provider.unassign_policy_profiles(profile.description))

    register_event('VmOrTemplate', vm_crud.name, 'vm_create')
    vm_crud.create_on_provider()
    provider.refresh_provider_relationships()
    vm_crud.wait_to_appear()

    def _check():
        return any(tag.category.display_name == "Environment"
                   and tag.display_name == "Development"
                   for tag in vm_crud.get_tags())

    wait_for(_check, num_sec=180, delay=15, message="tags to appear")
Пример #8
0
def test_vm_create(request, vm_crud, provider, register_event):
    """ Test whether vm_create_complete event is emitted.

    Prerequisities:
        * A provider that is set up and able to deploy VMs

    Steps:
        * Create a Control setup (action, policy, profile) that apply a tag on a VM when
            ``VM Create Complete`` event comes
        * Deploy the VM outside of CFME (directly in the provider)
        * Refresh provider relationships and wait for VM to appear
        * Assert the tag appears.

    Metadata:
        test_flag: provision
    """
    action = Action(
        fauxfactory.gen_alpha(),
        "Tag",
        dict(tag=("My Company Tags", "Environment", "Development")))
    action.create()
    request.addfinalizer(action.delete)

    policy = VMControlPolicy(fauxfactory.gen_alpha())
    policy.create()
    request.addfinalizer(policy.delete)

    policy.assign_events("VM Create Complete")
    request.addfinalizer(policy.assign_events)
    policy.assign_actions_to_event("VM Create Complete", action)

    profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
    profile.create()
    request.addfinalizer(profile.delete)

    provider.assign_policy_profiles(profile.description)
    request.addfinalizer(lambda: provider.unassign_policy_profiles(profile.description))

    register_event('VmOrTemplate', vm_crud.name, 'vm_create')
    vm_crud.create_on_provider()
    provider.refresh_provider_relationships()
    vm_crud.wait_to_appear()

    def _check():
        return any(tag.category.display_name == "Environment" and tag.display_name == "Development"
                   for tag in vm_crud.get_tags())

    wait_for(_check, num_sec=300, delay=15, message="tags to appear")
def policy_profile(request, instance):
    collected_files = [
        {"Name": "/etc/redhat-access-insights/machine-id", "Collect Contents?": True},
        {"Name": ssa_expect_file, "Collect Contents?": True},
    ]

    analysis_profile_name = 'ssa_analysis_{}'.format(fauxfactory.gen_alphanumeric())
    analysis_profile = configuration.VMAnalysisProfile(analysis_profile_name, analysis_profile_name,
                                                       categories=["check_system"],
                                                       files=collected_files)
    if analysis_profile.exists:
        analysis_profile.delete()
    analysis_profile.create()
    request.addfinalizer(analysis_profile.delete)

    action = Action(
        'ssa_action_{}'.format(fauxfactory.gen_alpha()),
        "Assign Profile to Analysis Task",
        dict(analysis_profile=analysis_profile_name))
    if action.exists:
        action.delete()
    action.create()
    request.addfinalizer(action.delete)

    policy = VMControlPolicy('ssa_policy_{}'.format(fauxfactory.gen_alpha()))
    if policy.exists:
        policy.delete()
    policy.create()
    request.addfinalizer(policy.delete)

    policy.assign_events("VM Analysis Start")
    request.addfinalizer(policy.assign_events)
    policy.assign_actions_to_event("VM Analysis Start", action)

    profile = PolicyProfile('ssa_policy_profile_{}'.format(fauxfactory.gen_alpha()),
                            policies=[policy])
    if profile.exists:
        profile.delete()
    profile.create()
    request.addfinalizer(profile.delete)

    instance.assign_policy_profiles(profile.description)
    request.addfinalizer(lambda: instance.unassign_policy_profiles(profile.description))
Пример #10
0
def test_check_files(request, fleecing_vm, ssh_client, check_file_name, analysis_profile):
    """This test checks presence and contents of a certain file. First the non-compliance is
    enforced by not having the file, then the compliance is checked against existing file and
    it is expected to be compliant.
    """
    contents = generate_random_string(size=12)
    condition = VMCondition(
        "Compliance testing condition {}".format(generate_random_string(size=8)),
        expression=("fill_find(VM and Instance.Files : Name, "
            "=, {}, Check Any, Contents, INCLUDES, {})".format(check_file_name, contents))
    )
    request.addfinalizer(lambda: diaper(condition.delete))
    policy = VMCompliancePolicy("Compliance {}".format(generate_random_string(size=8)))
    request.addfinalizer(lambda: diaper(policy.delete))
    policy.create()
    policy.assign_conditions(condition)
    profile = PolicyProfile(
        "Compliance PP {}".format(generate_random_string(size=8)),
        policies=[policy]
    )
    request.addfinalizer(lambda: diaper(profile.delete))
    profile.create()
    fleecing_vm.assign_policy_profiles(profile.description)
    request.addfinalizer(lambda: fleecing_vm.unassign_policy_profiles(profile.description))

    with update(analysis_profile):
        analysis_profile.files = [("/root/*", True)]
        analysis_profile.categories = [
            "check_services", "check_accounts", "check_software", "check_vmconfig", "check_system"]

    # Non-compliant
    ssh_client.run_command("rm -f {}".format(check_file_name))
    do_scan(fleecing_vm)
    assert not fleecing_vm.check_compliance_and_wait()

    # Compliant
    ssh_client.run_command("echo {} > {}".format(contents, check_file_name))
    do_scan(fleecing_vm)
    assert fleecing_vm.check_compliance_and_wait()
Пример #11
0
def test_scope_windows_registry_stuck(request, setup_a_provider):
    """If you provide Scope checking windows registry, it messes CFME up. Recoverable."""
    policy = VMCompliancePolicy(
        "Windows registry scope glitch testing Compliance Policy",
        active=True,
        scope=
        r"fill_registry(HKLM\SOFTWARE\Microsoft\CurrentVersion\Uninstall\test, "
        r"some value, INCLUDES, some content)")
    request.addfinalizer(lambda: policy.delete() if policy.exists else None)
    policy.create()
    profile = PolicyProfile(
        "Windows registry scope glitch testing Compliance Policy",
        policies=[policy])
    request.addfinalizer(lambda: profile.delete() if profile.exists else None)
    profile.create()
    # Now assign this malformed profile to a VM
    vm = get_first_vm_title()
    assign_policy_profiles(vm, profile.description, via_details=True)
    # It should be screwed here, but do additional check
    pytest.sel.force_navigate("dashboard")
    pytest.sel.force_navigate("infrastructure_virtual_machines")
    assert "except" not in pytest.sel.title().lower()
    unassign_policy_profiles(vm, profile.description, via_details=True)
Пример #12
0
def test_scope_windows_registry_stuck(request, setup_a_provider):
    """If you provide Scope checking windows registry, it messes CFME up. Recoverable."""
    policy = VMCompliancePolicy(
        "Windows registry scope glitch testing Compliance Policy",
        active=True,
        scope=r"fill_registry(HKLM\SOFTWARE\Microsoft\CurrentVersion\Uninstall\test, "
        r"some value, INCLUDES, some content)"
    )
    request.addfinalizer(lambda: policy.delete() if policy.exists else None)
    policy.create()
    profile = PolicyProfile(
        "Windows registry scope glitch testing Compliance Policy",
        policies=[policy]
    )
    request.addfinalizer(lambda: profile.delete() if profile.exists else None)
    profile.create()
    # Now assign this malformed profile to a VM
    vm = VM.factory(Vm.get_first_vm_title(provider=setup_a_provider), setup_a_provider)
    vm.assign_policy_profiles(profile.description)
    # It should be screwed here, but do additional check
    pytest.sel.force_navigate("dashboard")
    pytest.sel.force_navigate("infrastructure_virtual_machines")
    assert "except" not in pytest.sel.title().lower()
    vm.unassign_policy_profiles(profile.description)
Пример #13
0
def test_check_files(request, fleecing_vm, ssh_client, analysis_profile):
    """This test checks presence and contents of a certain file. Due to caching, an existing file
    is checked.
    """
    check_file_name = "/etc/sudo.conf"
    check_file_contents = "sudoers_policy"  # The file contains: `Plugin sudoers_policy sudoers.so`
    condition = VMCondition(
        "Compliance testing condition {}".format(
            fauxfactory.gen_alphanumeric(8)),
        expression=("fill_find(VM and Instance.Files : Name, "
                    "=, {}, Check Any, Contents, INCLUDES, {})".format(
                        check_file_name, check_file_contents)))
    request.addfinalizer(lambda: diaper(condition.delete))
    policy = VMCompliancePolicy("Compliance {}".format(
        fauxfactory.gen_alphanumeric(8)))
    request.addfinalizer(lambda: diaper(policy.delete))
    policy.create()
    policy.assign_conditions(condition)
    profile = PolicyProfile("Compliance PP {}".format(
        fauxfactory.gen_alphanumeric(8)),
                            policies=[policy])
    request.addfinalizer(lambda: diaper(profile.delete))
    profile.create()
    fleecing_vm.assign_policy_profiles(profile.description)
    request.addfinalizer(
        lambda: fleecing_vm.unassign_policy_profiles(profile.description))

    with update(analysis_profile):
        analysis_profile.files = [(check_file_name, True)]
        analysis_profile.categories = [
            "check_services", "check_accounts", "check_software",
            "check_vmconfig", "check_system"
        ]

    do_scan(fleecing_vm, ("Configuration", "Files"))
    assert fleecing_vm.check_compliance_and_wait()
Пример #14
0
def policy_profile(request, instance):
    collected_files = [
        {
            "Name": "/etc/redhat-access-insights/machine-id",
            "Collect Contents?": True
        },
        {
            "Name": ssa_expect_file,
            "Collect Contents?": True
        },
    ]

    analysis_profile_name = 'ssa_analysis_{}'.format(
        fauxfactory.gen_alphanumeric())
    analysis_profile = configuration.VMAnalysisProfile(
        analysis_profile_name,
        analysis_profile_name,
        categories=["check_system"],
        files=collected_files)
    if analysis_profile.exists:
        analysis_profile.delete()
    analysis_profile.create()
    request.addfinalizer(analysis_profile.delete)

    action = Action('ssa_action_{}'.format(fauxfactory.gen_alpha()),
                    "Assign Profile to Analysis Task",
                    dict(analysis_profile=analysis_profile_name))
    if action.exists:
        action.delete()
    action.create()
    request.addfinalizer(action.delete)

    policy = VMControlPolicy('ssa_policy_{}'.format(fauxfactory.gen_alpha()))
    if policy.exists:
        policy.delete()
    policy.create()
    request.addfinalizer(policy.delete)

    policy.assign_events("VM Analysis Start")
    request.addfinalizer(policy.assign_events)
    policy.assign_actions_to_event("VM Analysis Start", action)

    profile = PolicyProfile('ssa_policy_profile_{}'.format(
        fauxfactory.gen_alpha()),
                            policies=[policy])
    if profile.exists:
        profile.delete()
    profile.create()
    request.addfinalizer(profile.delete)

    instance.assign_policy_profiles(profile.description)
    request.addfinalizer(
        lambda: instance.unassign_policy_profiles(profile.description))
Пример #15
0
def test_folder_field_scope(request, vmware_provider, vmware_vm):
    """This test tests the bug that makes the folder filter in expression not work.

    Prerequisities:
        * A VMware provider.
        * A VM on the provider.
        * A tag to assign.

    Steps:
        * Read the VM's 'Parent Folder Path (VMs & Templates)' from its summary page.
        * Create an action for assigning the tag to the VM.
        * Create a policy, for scope use ``Field``, field name
            ``VM and Instance : Parent Folder Path (VMs & Templates)``, ``INCLUDES`` and the
            folder name as stated on the VM's summary page.
        * Assign the ``VM Discovery`` event to the policy.
        * Assign the action to the ``VM Discovery`` event.
        * Create a policy profile and assign the policy to it.
        * Assign the policy profile to the provider.
        * Delete the VM from the CFME database.
        * Initiate provider refresh and wait for VM to appear again.
        * Assert that the VM gets tagged by the tag.
    """
    # Retrieve folder location
    folder = None
    tags = vmware_vm.get_tags()
    if any(tag.category.display_name == "Parent Folder Path (VMs & Templates)" for tag in tags):
        folder = ', '.join(
            item.display_name for item in
            [tag for tag in tags
             if tag.category.display_name == "Parent Folder Path (VMs & Templates)"])
        logger.info("Detected folder: %s", folder)
    else:
        pytest.fail("Could not read the folder from the tags:\n{}".format(repr(tags)))

    # Create Control stuff
    action = Action(
        fauxfactory.gen_alpha(),
        "Tag", dict(tag=("My Company Tags", "Service Level", "Platinum")))
    action.create()
    request.addfinalizer(action.delete)
    policy = VMControlPolicy(
        fauxfactory.gen_alpha(),
        scope=(
            "fill_field(VM and Instance : Parent Folder Path (VMs & Templates), "
            "INCLUDES, {})".format(folder)))
    policy.create()
    request.addfinalizer(policy.delete)
    policy.assign_events("VM Discovery")
    request.addfinalizer(policy.assign_events)  # Unassigns
    policy.assign_actions_to_event("VM Discovery", action)
    profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
    profile.create()
    request.addfinalizer(profile.delete)

    # Assign policy profile to the provider
    vmware_provider.assign_policy_profiles(profile.description)
    request.addfinalizer(lambda: vmware_provider.unassign_policy_profiles(profile.description))

    # Delete and rediscover the VM
    vmware_vm.delete()
    vmware_vm.wait_for_delete()
    vmware_provider.refresh_provider_relationships()
    vmware_vm.wait_to_appear()

    # Wait for the tag to appear
    wait_for(
        vmware_vm.get_tags, num_sec=600, delay=15,
        fail_condition=lambda tags: not any(
            tag.category.display_name == "Service Level" and tag.display_name == "Platinum"
            for tag in tags),
        message="vm be tagged")
Пример #16
0
def test_folder_field_scope(request, vmware_provider, vmware_vm):
    """This test tests the bug that makes the folder filter in expression not work.

    Prerequisities:
        * A VMware provider.
        * A VM on the provider.
        * A tag to assign.

    Steps:
        * Read the VM's 'Parent Folder Path (VMs & Templates)' from its summary page.
        * Create an action for assigning the tag to the VM.
        * Create a policy, for scope use ``Field``, field name
            ``VM and Instance : Parent Folder Path (VMs & Templates)``, ``INCLUDES`` and the
            folder name as stated on the VM's summary page.
        * Assign the ``VM Discovery`` event to the policy.
        * Assign the action to the ``VM Discovery`` event.
        * Create a policy profile and assign the policy to it.
        * Assign the policy profile to the provider.
        * Delete the VM from the CFME database.
        * Initiate provider refresh and wait for VM to appear again.
        * Assert that the VM gets tagged by the tag.
    """
    # Retrieve folder location
    folder = None
    tags = vmware_vm.get_tags()
    for tag in tags:
        if "Parent Folder Path (VMs & Templates)" in tag:
            folder = tag.split(":", 1)[-1].strip()
            logger.info("Detected folder: {}".format(folder))
            break
    else:
        pytest.fail("Could not read the folder from the tags:\n{}".format(
            repr(tags)))

    # Create Control stuff
    action = Action(fauxfactory.gen_alpha(), "Tag",
                    dict(tag=("My Company Tags", "Service Level", "Platinum")))
    action.create()
    request.addfinalizer(action.delete)
    policy = VMControlPolicy(
        fauxfactory.gen_alpha(),
        scope=
        ("fill_field(VM and Instance : Parent Folder Path (VMs & Templates), "
         "INCLUDES, {})".format(folder)))
    policy.create()
    request.addfinalizer(policy.delete)
    policy.assign_events("VM Discovery")
    request.addfinalizer(policy.assign_events)  # Unassigns
    policy.assign_actions_to_event("VM Discovery", action)
    profile = PolicyProfile(fauxfactory.gen_alpha(), policies=[policy])
    profile.create()
    request.addfinalizer(profile.delete)

    # Assign policy profile to the provider
    vmware_provider.assign_policy_profiles(profile.description)
    request.addfinalizer(
        lambda: vmware_provider.unassign_policy_profiles(profile.description))

    # Delete and rediscover the VM
    vmware_vm.remove_from_cfme()
    vmware_vm.wait_for_delete()
    vmware_provider.refresh_provider_relationships()
    vmware_vm.wait_to_appear()

    # Wait for the tag to appear
    wait_for(vmware_vm.get_tags,
             num_sec=600,
             delay=15,
             fail_condition=lambda tags: "Service Level: Platinum" not in tags,
             message="vm be tagged")