def report(hostname, release): if release and release.is_rhel: return make_pass(ERROR_KEY_1, hostname=hostname.fqdn, release=release.version) elif release: return make_fail(ERROR_KEY_2, hostname=hostname.fqdn, release=release.raw) else: return make_fail(ERROR_KEY_3, hostname=hostname.fqdn)
def test_validate_good_response(): assert plugins.make_response("a_test", foo="bar") == { "type": "rule", "error_key": "a_test", "foo": "bar" } assert plugins.make_fail("a_test", foo="bar") == { "type": "rule", "error_key": "a_test", "foo": "bar" } assert plugins.make_pass("a_test", foo="bar") == { "type": "pass", "pass_key": "a_test", "foo": "bar" } assert plugins.make_fingerprint("a_test", foo="bar") == { "type": "fingerprint", "fingerprint_key": "a_test", "foo": "bar" } assert plugins.make_metadata(foo="bar") == { "type": "metadata", "foo": "bar" } assert plugins.make_metadata_key("foo", "bar") == { "type": "metadata_key", "key": "foo", "value": "bar" }
def report(rel): """Fires if the machine is running Fedora.""" if "Fedora" in rel.product: return make_pass("IS_FEDORA", product=rel.product) else: return make_fail("IS_NOT_FEDORA", product=rel.product)
def report(root_login, sshd, release): if sshd and release: if root_login: # The issue is detected. return make_fail('SSHD_ROOT_LOGIN_PERMITTED', os=release) # The issue does not exist. return make_pass('SSHD_ROOT_LOGIN_DISABLED', os=release)
def report(rpms, uname): if rpms is not None: bash_ver = rpms.get_max('bash') if uname is not None: return make_pass('PASS', bash_ver=bash_ver.nvr, uname_ver=uname.version) else: return make_fail('FAIL', bash_ver=bash_ver.nvr, path=rpms.file_path)
def integration_test_hit(): bad_env = InputData("bad_environment_hit_1") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT) bad_env.add(Specs.sysctl, CONTENT_SYSCTL_COMMAND_HIT) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail(ocp_tuned_regression.ERROR_KEY, tuned_version='tuned-2.11.0-5.el7') yield bad_env, expected bad_env = InputData("bad_environment_hit_2") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT2) bad_env.add(Specs.sysctl, CONTENT_SYSCTL_COMMAND_HIT) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail(ocp_tuned_regression.ERROR_KEY, tuned_version='tuned-2.11.0-5.el7fdp') yield bad_env, expected
def test_vulnerable_kernel_integration(): comp = vulnerable_kernel.report for kernel, i in generate_inputs(VULNERABLE): expected = make_fail(ERROR_KEY, kernel=kernel) run_test(comp, i, expected) for _, i in generate_inputs(NOT_VULNERABLE): run_test(comp, i, None)
def test_rules_fixture(run_rule): input_data = [UNAME, RPMS] expected = make_pass('PASS', bash_ver='bash-4.1.23-6.fc29', uname_ver='2.6.32') results = run_rule('test_pass', rules_fixture_plugin.report, input_data) assert results == expected input_data = [RPMS] expected = make_fail('FAIL', bash_ver='bash-4.1.23-6.fc29', path=RPMS['path']) results = run_rule('test_fail_list', rules_fixture_plugin.report, input_data) assert results == expected input_data = RPMS expected = make_fail('FAIL', bash_ver='bash-4.1.23-6.fc29', path=RPMS['path']) results = run_rule('test_fail_dict', rules_fixture_plugin.report, input_data) assert results == expected input_data = [] expected = None results = run_rule('test_ret_none', rules_fixture_plugin.report, input_data) assert results == expected
def test_integration_tests(): comp = insights_heartbeat.is_insights_heartbeat input_data = InputData(name="Match: no kernel") input_data.add(Specs.hostname, insights_heartbeat.HOST) expected = make_fail(insights_heartbeat.ERROR_KEY) run_test(comp, input_data, expected) input_data = InputData(name="No Match: bad hostname") input_data.add(Specs.hostname, NON_MATCHING_HOSTNAME) run_test(comp, input_data, None)
def report(rel, hostname): """Fires if the machine is running Fedora.""" if "Fedora" in rel.product: return make_pass(ERROR_KEY_IS_FEDORA, hostname=hostname.hostname, product=rel.product) else: return make_fail(ERROR_KEY_IS_FEDORA, hostname=hostname.hostname, product=rel.product)
def report(installed_rpms, sshd_config): errors = {} errors = check_auth_method(sshd_config, errors) errors = check_log_level(sshd_config, errors) errors = check_permit_root(sshd_config, errors) errors = check_protocol(sshd_config, errors) if errors: openssh_version = installed_rpms.get_max('openssh') return make_fail(ERROR_KEY, errors=errors, openssh=openssh_version.package)
def integration_test(): input_data = InputData("no_bash_bug") input_data.add(Specs.installed_rpms, CURRENT_VERSION) expected = make_pass("BASH_BUG", bash=CURRENT_VERSION, found=NOT_FOUND) yield input_data, expected input_data = InputData("is_bash_bug") input_data.add(Specs.installed_rpms, BUG_VERSION) expected = make_fail("BASH_BUG", bash=BUG_VERSION, found=FOUND) yield input_data, expected
def integration_test_no_hit(): data = InputData("test1") data.add(Specs.installed_rpms, INSTALLED_TUNED_HIT) expected = make_fail(tuned_not_applying_profiles.ERROR_KEY, installed_package='tuned-2.11.0-5.el7', kcs=tuned_not_applying_profiles.KCS) yield data, expected data = InputData("test2") data.add(Specs.installed_rpms, INSTALLED_TUNED_FDP_HIT) expected = make_fail(tuned_not_applying_profiles.ERROR_KEY, installed_package='tuned-2.11.0-5.el7fdp', kcs=tuned_not_applying_profiles.KCS) yield data, expected data = InputData("test3") data.add(Specs.installed_rpms, INSTALLED_TUNED_NOT_HIT) yield data, None data = InputData("test4") data.add(Specs.installed_rpms, INSTALLED_TUNED_FDP_NOT_HIT) yield data, None
def integration_tests(): """ InputData acts as the data source for the parsers so that they may execute and then be used as input to the rule. So this is essentially and end-to-end test of the component chain. """ input_data = InputData("GOOD_CONFIG") input_data.add(LocalSpecs.sshd_config, GOOD_CONFIG) input_data.add(Specs.installed_rpms, OPENSSH_RPM) yield input_data, None input_data = InputData("BAD_CONFIG") input_data.add(LocalSpecs.sshd_config, BAD_CONFIG) input_data.add(Specs.installed_rpms, OPENSSH_RPM) errors = { 'AuthenticationMethods': 'badkey', 'LogLevel': 'normal', 'PermitRootLogin': '******', 'Protocol': '1' } expected = make_fail(sshd_secure.ERROR_KEY, errors=errors, openssh=EXPECTED_OPENSSH) yield input_data, expected input_data = InputData("DEFAULT_CONFIG") input_data.add(LocalSpecs.sshd_config, DEFAULT_CONFIG) input_data.add(Specs.installed_rpms, OPENSSH_RPM) errors = { 'AuthenticationMethods': 'default', 'LogLevel': 'default', 'PermitRootLogin': '******' } expected = make_fail(sshd_secure.ERROR_KEY, errors=errors, openssh=EXPECTED_OPENSSH) yield input_data, expected
def integration_test(): input_data = InputData("test_fedora") input_data.add(Specs.redhat_release, FEDORA) input_data.add(Specs.hostname, TEST_HOSTNAME) expected = make_pass("IS_FEDORA", hostname=TEST_HOSTNAME, product="Fedora") yield input_data, expected input_data = InputData("test_rhel") input_data.add(Specs.redhat_release, RHEL) input_data.add(Specs.hostname, TEST_HOSTNAME) expected = make_fail("IS_NOT_FEDORA", hostname=TEST_HOSTNAME, product="Red Hat Enterprise Linux Server") yield input_data, expected
def test_vulnerable_kernel(): for kernel in NOT_VULNERABLE: uname_line = UNAME_TEMPLATE % kernel result = vulnerable_kernel.report(Uname(context_wrap(uname_line))) expected = None if not (result == expected): print(result) print(expected) assert result == expected assert False for kernel in VULNERABLE: uname_line = UNAME_TEMPLATE % kernel result = vulnerable_kernel.report(Uname(context_wrap(uname_line))) expected = make_fail(ERROR_KEY, kernel=kernel) if not (result == expected): print(result) print(expected) assert result == expected assert False
def integration_test_no_hit(): data = InputData("test1") data.add(Specs.redhat_release, RHEL7) data.add(Specs.ps_aux, CONTENT_PS_AUX_HIT) data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_RUNNING) data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT) expected = make_fail(ocp_firewalld_enabled.ERROR_KEY, firewalld_service=True, version="4.1.9") yield data, expected data = InputData("test2") data.add(Specs.redhat_release, RHEL6) data.add(Specs.ps_aux, CONTENT_PS_AUX_HIT) data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_RUNNING) data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT) yield data, None data = InputData("test3") data.add(Specs.redhat_release, RHEL7) data.add(Specs.ps_aux, CONTENT_PS_AUX_NOT_HIT) data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_RUNNING) data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT) yield data, None data = InputData("test4") data.add(Specs.redhat_release, RHEL7) data.add(Specs.ps_aux, CONTENT_PS_AUX_HIT) data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_NOT_RUNNING) data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT) yield data, None data = InputData("test5") data.add(Specs.redhat_release, RHEL7) data.add(Specs.ps_aux, CONTENT_PS_AUX_HIT) data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_RUNNING) data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_NOT_HIT) yield data, None data = InputData("test6") data.add(Specs.redhat_release, RHEL7) data.add(Specs.ps_aux, CONTENT_PS_AUX_NOT_HIT) data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_NOT_RUNNING) data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_NOT_HIT) yield data, None
def test_rules_fixture(run_rule): input_data = InputData('test_pass') input_data.add(UNAME['spec'], UNAME['data']) input_data.add(RPMS['spec'], RPMS['data'], path=RPMS['path']) expected = make_pass('PASS', bash_ver='bash-4.1.23-6.fc29', uname_ver='2.6.32') results = run_rule(rules_fixture_plugin.report, input_data) assert results == expected input_data = InputData('test_fail') input_data.add(RPMS['spec'], RPMS['data'], path=RPMS['path']) expected = make_fail('FAIL', bash_ver='bash-4.1.23-6.fc29', path=RPMS['path']) results = run_rule(rules_fixture_plugin.report, input_data) assert results == expected input_data = InputData('test_ret_none') results = run_rule(rules_fixture_plugin.report, input_data) assert results is None
def test_heartbeat(): expected_result = make_fail(insights_heartbeat.ERROR_KEY) assert expected_result == insights_heartbeat.is_insights_heartbeat(good) assert insights_heartbeat.is_insights_heartbeat(bad) is None
def report(a, b, c): # any json serializable values may be passed as keyword arguments and may # be used in the content templates. return make_fail(ERROR_KEY, a=a, b=b, c=c)
def report(node, systemd_version, check_error_log, rh_release): if all([node, systemd_version, check_error_log, rh_release.major == 7]): return make_fail(ERROR_KEY, systemd_version=systemd_version)
def report(node, tuned_version, checked_sysctl, rh_release): if all([node, tuned_version, checked_sysctl, rh_release.major == 7]): return make_fail(ERROR_KEY, tuned_version=tuned_version)
def report(node_running, firewalld_service, ocp_4x, rh_release): if all([node_running, firewalld_service, ocp_4x, rh_release]): return make_fail(ERROR_KEY, firewalld_service=firewalld_service, version=ocp_4x)
def report(a, b, c, hn, dmsg): selinux = dmsg.get("SELinux") return make_fail("ERROR", a=a, b=b, c=c, hn=hn.fqdn, selinux=selinux)
def report(): return make_fail(ERROR_KEY)
def integration_test_hit(): bad_env = InputData("bad_environment_hit_1") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_750_HIT) bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT1) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail( ocp_systemd_dbus_regression.ERROR_KEY, systemd_version=['systemd-219-57.el7', 'systemd-219-67.el7']) yield bad_env, expected bad_env = InputData("bad_environment_hit_2") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_750_HIT) bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT2) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail( ocp_systemd_dbus_regression.ERROR_KEY, systemd_version=['systemd-219-57.el7', 'systemd-219-67.el7']) yield bad_env, expected bad_env = InputData("bad_environment_hit_3") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_750_HIT) bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT3) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail( ocp_systemd_dbus_regression.ERROR_KEY, systemd_version=['systemd-219-57.el7', 'systemd-219-67.el7']) yield bad_env, expected bad_env = InputData("bad_environment_hit_4") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_750_HIT) bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT4) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail( ocp_systemd_dbus_regression.ERROR_KEY, systemd_version=['systemd-219-57.el7', 'systemd-219-67.el7']) yield bad_env, expected bad_env = InputData("bad_environment_hit_5") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_750_HIT) bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT5) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail( ocp_systemd_dbus_regression.ERROR_KEY, systemd_version=['systemd-219-57.el7', 'systemd-219-67.el7']) yield bad_env, expected bad_env = InputData("bad_environment_hit_6") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_760_HIT) bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT1) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail( ocp_systemd_dbus_regression.ERROR_KEY, systemd_version=['systemd-219-62.el7', 'systemd-219-62.el7_6.9']) yield bad_env, expected bad_env = InputData("bad_environment_hit_7") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_760_HIT) bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT2) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail( ocp_systemd_dbus_regression.ERROR_KEY, systemd_version=['systemd-219-62.el7', 'systemd-219-62.el7_6.9']) yield bad_env, expected bad_env = InputData("bad_environment_hit_8") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_760_HIT) bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT3) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail( ocp_systemd_dbus_regression.ERROR_KEY, systemd_version=['systemd-219-62.el7', 'systemd-219-62.el7_6.9']) yield bad_env, expected bad_env = InputData("bad_environment_hit_9") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_760_HIT) bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT4) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail( ocp_systemd_dbus_regression.ERROR_KEY, systemd_version=['systemd-219-62.el7', 'systemd-219-62.el7_6.9']) yield bad_env, expected bad_env = InputData("bad_environment_hit_10") bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT) bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_760_HIT) bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT5) bad_env.add(Specs.redhat_release, RHEL7) expected = make_fail( ocp_systemd_dbus_regression.ERROR_KEY, systemd_version=['systemd-219-62.el7', 'systemd-219-62.el7_6.9']) yield bad_env, expected
def report(a, b, c): return make_fail("ERROR", a=a, b=b, c=c)
def report(roles): return make_fail("ERROR", roles=roles)