def report(hostname, release):
if release and release.is_rhel:
return make_pass(ERROR_KEY_1,
hostname=hostname.fqdn,
release=release.version)
elif release:
return make_fail(ERROR_KEY_2,
hostname=hostname.fqdn,
release=release.raw)
else:
return make_fail(ERROR_KEY_3, hostname=hostname.fqdn)
def test_validate_good_response():
assert plugins.make_response("a_test", foo="bar") == {
"type": "rule",
"error_key": "a_test",
"foo": "bar"
}
assert plugins.make_fail("a_test", foo="bar") == {
"type": "rule",
"error_key": "a_test",
"foo": "bar"
}
assert plugins.make_pass("a_test", foo="bar") == {
"type": "pass",
"pass_key": "a_test",
"foo": "bar"
}
assert plugins.make_fingerprint("a_test", foo="bar") == {
"type": "fingerprint",
"fingerprint_key": "a_test",
"foo": "bar"
}
assert plugins.make_metadata(foo="bar") == {
"type": "metadata",
"foo": "bar"
}
assert plugins.make_metadata_key("foo", "bar") == {
"type": "metadata_key",
"key": "foo",
"value": "bar"
}
def report(rel):
"""Fires if the machine is running Fedora."""
if "Fedora" in rel.product:
return make_pass("IS_FEDORA", product=rel.product)
else:
return make_fail("IS_NOT_FEDORA", product=rel.product)
def report(root_login, sshd, release):
if sshd and release:
if root_login:
# The issue is detected.
return make_fail('SSHD_ROOT_LOGIN_PERMITTED', os=release)
# The issue does not exist.
return make_pass('SSHD_ROOT_LOGIN_DISABLED', os=release)
def report(rpms, uname):
if rpms is not None:
bash_ver = rpms.get_max('bash')
if uname is not None:
return make_pass('PASS', bash_ver=bash_ver.nvr, uname_ver=uname.version)
else:
return make_fail('FAIL', bash_ver=bash_ver.nvr, path=rpms.file_path)
def integration_test_hit():
bad_env = InputData("bad_environment_hit_1")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT)
bad_env.add(Specs.sysctl, CONTENT_SYSCTL_COMMAND_HIT)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(ocp_tuned_regression.ERROR_KEY, tuned_version='tuned-2.11.0-5.el7')
yield bad_env, expected
bad_env = InputData("bad_environment_hit_2")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT2)
bad_env.add(Specs.sysctl, CONTENT_SYSCTL_COMMAND_HIT)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(ocp_tuned_regression.ERROR_KEY, tuned_version='tuned-2.11.0-5.el7fdp')
yield bad_env, expected
def test_vulnerable_kernel_integration():
comp = vulnerable_kernel.report
for kernel, i in generate_inputs(VULNERABLE):
expected = make_fail(ERROR_KEY, kernel=kernel)
run_test(comp, i, expected)
for _, i in generate_inputs(NOT_VULNERABLE):
run_test(comp, i, None)
def test_rules_fixture(run_rule):
input_data = [UNAME, RPMS]
expected = make_pass('PASS', bash_ver='bash-4.1.23-6.fc29', uname_ver='2.6.32')
results = run_rule('test_pass', rules_fixture_plugin.report, input_data)
assert results == expected
input_data = [RPMS]
expected = make_fail('FAIL', bash_ver='bash-4.1.23-6.fc29', path=RPMS['path'])
results = run_rule('test_fail_list', rules_fixture_plugin.report, input_data)
assert results == expected
input_data = RPMS
expected = make_fail('FAIL', bash_ver='bash-4.1.23-6.fc29', path=RPMS['path'])
results = run_rule('test_fail_dict', rules_fixture_plugin.report, input_data)
assert results == expected
input_data = []
expected = None
results = run_rule('test_ret_none', rules_fixture_plugin.report, input_data)
assert results == expected
def test_integration_tests():
comp = insights_heartbeat.is_insights_heartbeat
input_data = InputData(name="Match: no kernel")
input_data.add(Specs.hostname, insights_heartbeat.HOST)
expected = make_fail(insights_heartbeat.ERROR_KEY)
run_test(comp, input_data, expected)
input_data = InputData(name="No Match: bad hostname")
input_data.add(Specs.hostname, NON_MATCHING_HOSTNAME)
run_test(comp, input_data, None)
def report(rel, hostname):
"""Fires if the machine is running Fedora."""
if "Fedora" in rel.product:
return make_pass(ERROR_KEY_IS_FEDORA,
hostname=hostname.hostname,
product=rel.product)
else:
return make_fail(ERROR_KEY_IS_FEDORA,
hostname=hostname.hostname,
product=rel.product)
def report(installed_rpms, sshd_config):
errors = {}
errors = check_auth_method(sshd_config, errors)
errors = check_log_level(sshd_config, errors)
errors = check_permit_root(sshd_config, errors)
errors = check_protocol(sshd_config, errors)
if errors:
openssh_version = installed_rpms.get_max('openssh')
return make_fail(ERROR_KEY,
errors=errors,
openssh=openssh_version.package)
def integration_test():
input_data = InputData("no_bash_bug")
input_data.add(Specs.installed_rpms, CURRENT_VERSION)
expected = make_pass("BASH_BUG", bash=CURRENT_VERSION, found=NOT_FOUND)
yield input_data, expected
input_data = InputData("is_bash_bug")
input_data.add(Specs.installed_rpms, BUG_VERSION)
expected = make_fail("BASH_BUG", bash=BUG_VERSION, found=FOUND)
yield input_data, expected
def integration_test_no_hit():
data = InputData("test1")
data.add(Specs.installed_rpms, INSTALLED_TUNED_HIT)
expected = make_fail(tuned_not_applying_profiles.ERROR_KEY,
installed_package='tuned-2.11.0-5.el7',
kcs=tuned_not_applying_profiles.KCS)
yield data, expected
data = InputData("test2")
data.add(Specs.installed_rpms, INSTALLED_TUNED_FDP_HIT)
expected = make_fail(tuned_not_applying_profiles.ERROR_KEY,
installed_package='tuned-2.11.0-5.el7fdp',
kcs=tuned_not_applying_profiles.KCS)
yield data, expected
data = InputData("test3")
data.add(Specs.installed_rpms, INSTALLED_TUNED_NOT_HIT)
yield data, None
data = InputData("test4")
data.add(Specs.installed_rpms, INSTALLED_TUNED_FDP_NOT_HIT)
yield data, None
def integration_tests():
"""
InputData acts as the data source for the parsers
so that they may execute and then be used as input
to the rule. So this is essentially and end-to-end
test of the component chain.
"""
input_data = InputData("GOOD_CONFIG")
input_data.add(LocalSpecs.sshd_config, GOOD_CONFIG)
input_data.add(Specs.installed_rpms, OPENSSH_RPM)
yield input_data, None
input_data = InputData("BAD_CONFIG")
input_data.add(LocalSpecs.sshd_config, BAD_CONFIG)
input_data.add(Specs.installed_rpms, OPENSSH_RPM)
errors = {
'AuthenticationMethods': 'badkey',
'LogLevel': 'normal',
'PermitRootLogin': '******',
'Protocol': '1'
}
expected = make_fail(sshd_secure.ERROR_KEY,
errors=errors,
openssh=EXPECTED_OPENSSH)
yield input_data, expected
input_data = InputData("DEFAULT_CONFIG")
input_data.add(LocalSpecs.sshd_config, DEFAULT_CONFIG)
input_data.add(Specs.installed_rpms, OPENSSH_RPM)
errors = {
'AuthenticationMethods': 'default',
'LogLevel': 'default',
'PermitRootLogin': '******'
}
expected = make_fail(sshd_secure.ERROR_KEY,
errors=errors,
openssh=EXPECTED_OPENSSH)
yield input_data, expected
def integration_test():
input_data = InputData("test_fedora")
input_data.add(Specs.redhat_release, FEDORA)
input_data.add(Specs.hostname, TEST_HOSTNAME)
expected = make_pass("IS_FEDORA", hostname=TEST_HOSTNAME, product="Fedora")
yield input_data, expected
input_data = InputData("test_rhel")
input_data.add(Specs.redhat_release, RHEL)
input_data.add(Specs.hostname, TEST_HOSTNAME)
expected = make_fail("IS_NOT_FEDORA",
hostname=TEST_HOSTNAME,
product="Red Hat Enterprise Linux Server")
yield input_data, expected
def test_vulnerable_kernel():
for kernel in NOT_VULNERABLE:
uname_line = UNAME_TEMPLATE % kernel
result = vulnerable_kernel.report(Uname(context_wrap(uname_line)))
expected = None
if not (result == expected):
print(result)
print(expected)
assert result == expected
assert False
for kernel in VULNERABLE:
uname_line = UNAME_TEMPLATE % kernel
result = vulnerable_kernel.report(Uname(context_wrap(uname_line)))
expected = make_fail(ERROR_KEY, kernel=kernel)
if not (result == expected):
print(result)
print(expected)
assert result == expected
assert False
def integration_test_no_hit():
data = InputData("test1")
data.add(Specs.redhat_release, RHEL7)
data.add(Specs.ps_aux, CONTENT_PS_AUX_HIT)
data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_RUNNING)
data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT)
expected = make_fail(ocp_firewalld_enabled.ERROR_KEY, firewalld_service=True, version="4.1.9")
yield data, expected
data = InputData("test2")
data.add(Specs.redhat_release, RHEL6)
data.add(Specs.ps_aux, CONTENT_PS_AUX_HIT)
data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_RUNNING)
data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT)
yield data, None
data = InputData("test3")
data.add(Specs.redhat_release, RHEL7)
data.add(Specs.ps_aux, CONTENT_PS_AUX_NOT_HIT)
data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_RUNNING)
data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT)
yield data, None
data = InputData("test4")
data.add(Specs.redhat_release, RHEL7)
data.add(Specs.ps_aux, CONTENT_PS_AUX_HIT)
data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_NOT_RUNNING)
data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_HIT)
yield data, None
data = InputData("test5")
data.add(Specs.redhat_release, RHEL7)
data.add(Specs.ps_aux, CONTENT_PS_AUX_HIT)
data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_RUNNING)
data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_NOT_HIT)
yield data, None
data = InputData("test6")
data.add(Specs.redhat_release, RHEL7)
data.add(Specs.ps_aux, CONTENT_PS_AUX_NOT_HIT)
data.add(Specs.systemctl_list_units, LIST_UNITS_FIREWALLD_NOT_RUNNING)
data.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_NOT_HIT)
yield data, None
def test_rules_fixture(run_rule):
input_data = InputData('test_pass')
input_data.add(UNAME['spec'], UNAME['data'])
input_data.add(RPMS['spec'], RPMS['data'], path=RPMS['path'])
expected = make_pass('PASS',
bash_ver='bash-4.1.23-6.fc29',
uname_ver='2.6.32')
results = run_rule(rules_fixture_plugin.report, input_data)
assert results == expected
input_data = InputData('test_fail')
input_data.add(RPMS['spec'], RPMS['data'], path=RPMS['path'])
expected = make_fail('FAIL',
bash_ver='bash-4.1.23-6.fc29',
path=RPMS['path'])
results = run_rule(rules_fixture_plugin.report, input_data)
assert results == expected
input_data = InputData('test_ret_none')
results = run_rule(rules_fixture_plugin.report, input_data)
assert results is None
def test_heartbeat():
expected_result = make_fail(insights_heartbeat.ERROR_KEY)
assert expected_result == insights_heartbeat.is_insights_heartbeat(good)
assert insights_heartbeat.is_insights_heartbeat(bad) is None
def report(a, b, c):
# any json serializable values may be passed as keyword arguments and may
# be used in the content templates.
return make_fail(ERROR_KEY, a=a, b=b, c=c)
def report(node, systemd_version, check_error_log, rh_release):
if all([node, systemd_version, check_error_log, rh_release.major == 7]):
return make_fail(ERROR_KEY, systemd_version=systemd_version)
def report(node, tuned_version, checked_sysctl, rh_release):
if all([node, tuned_version, checked_sysctl, rh_release.major == 7]):
return make_fail(ERROR_KEY, tuned_version=tuned_version)
def report(node_running, firewalld_service, ocp_4x, rh_release):
if all([node_running, firewalld_service, ocp_4x, rh_release]):
return make_fail(ERROR_KEY,
firewalld_service=firewalld_service,
version=ocp_4x)
def report(a, b, c, hn, dmsg):
selinux = dmsg.get("SELinux")
return make_fail("ERROR", a=a, b=b, c=c, hn=hn.fqdn, selinux=selinux)
def report():
return make_fail(ERROR_KEY)
def integration_test_hit():
bad_env = InputData("bad_environment_hit_1")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_750_HIT)
bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT1)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(
ocp_systemd_dbus_regression.ERROR_KEY,
systemd_version=['systemd-219-57.el7', 'systemd-219-67.el7'])
yield bad_env, expected
bad_env = InputData("bad_environment_hit_2")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_750_HIT)
bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT2)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(
ocp_systemd_dbus_regression.ERROR_KEY,
systemd_version=['systemd-219-57.el7', 'systemd-219-67.el7'])
yield bad_env, expected
bad_env = InputData("bad_environment_hit_3")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_750_HIT)
bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT3)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(
ocp_systemd_dbus_regression.ERROR_KEY,
systemd_version=['systemd-219-57.el7', 'systemd-219-67.el7'])
yield bad_env, expected
bad_env = InputData("bad_environment_hit_4")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_750_HIT)
bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT4)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(
ocp_systemd_dbus_regression.ERROR_KEY,
systemd_version=['systemd-219-57.el7', 'systemd-219-67.el7'])
yield bad_env, expected
bad_env = InputData("bad_environment_hit_5")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_750_HIT)
bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT5)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(
ocp_systemd_dbus_regression.ERROR_KEY,
systemd_version=['systemd-219-57.el7', 'systemd-219-67.el7'])
yield bad_env, expected
bad_env = InputData("bad_environment_hit_6")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_760_HIT)
bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT1)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(
ocp_systemd_dbus_regression.ERROR_KEY,
systemd_version=['systemd-219-62.el7', 'systemd-219-62.el7_6.9'])
yield bad_env, expected
bad_env = InputData("bad_environment_hit_7")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_760_HIT)
bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT2)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(
ocp_systemd_dbus_regression.ERROR_KEY,
systemd_version=['systemd-219-62.el7', 'systemd-219-62.el7_6.9'])
yield bad_env, expected
bad_env = InputData("bad_environment_hit_8")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_760_HIT)
bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT3)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(
ocp_systemd_dbus_regression.ERROR_KEY,
systemd_version=['systemd-219-62.el7', 'systemd-219-62.el7_6.9'])
yield bad_env, expected
bad_env = InputData("bad_environment_hit_9")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_760_HIT)
bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT4)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(
ocp_systemd_dbus_regression.ERROR_KEY,
systemd_version=['systemd-219-62.el7', 'systemd-219-62.el7_6.9'])
yield bad_env, expected
bad_env = InputData("bad_environment_hit_10")
bad_env.add(Specs.systemctl_list_units, CONTENT_SYSTEMCTL_LIST_UNITS_HIT)
bad_env.add(Specs.installed_rpms, CONTENT_INSTALLED_RPMS_760_HIT)
bad_env.add(Specs.messages, CONTENT_MESSAGE_HIT5)
bad_env.add(Specs.redhat_release, RHEL7)
expected = make_fail(
ocp_systemd_dbus_regression.ERROR_KEY,
systemd_version=['systemd-219-62.el7', 'systemd-219-62.el7_6.9'])
yield bad_env, expected
def report(a, b, c):
return make_fail("ERROR", a=a, b=b, c=c)
def report(roles):
return make_fail("ERROR", roles=roles)
