def test_positive_upload_to_satellite(self):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 17a0978d-64f9-44ad-8303-1f54ada08602
:expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be
uploaded to Satellite and be searchable. Satellite should push updated
content to Clients and satellite should get updated reports.
:CaseLevel: System
:BZ: 1479413, 1722475, 1420439, 1722475
"""
if settings.rhel6_repo is None:
self.skipTest('Missing configuration for rhel6_repo')
rhel6_repo = settings.rhel6_repo
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
if settings.rhel8_repo is None:
self.skipTest('Missing configuration for rhel8_repo')
rhel8_repo = settings.rhel8_repo
hgrp8_name = gen_string('alpha')
rhel7_repo = settings.rhel7_repo
hgrp6_name = gen_string('alpha')
hgrp7_name = gen_string('alpha')
policy6_name = gen_string('alpha')
policy7_name = gen_string('alpha')
policy8_name = gen_string('alpha')
policy_values = [
{
'content': self.rhel6_content,
'hgrp': hgrp6_name,
'policy': policy6_name,
'profile': OSCAP_PROFILE['security6'],
},
{
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': policy7_name,
'profile': OSCAP_PROFILE['security7'],
},
{
'content': self.rhel8_content,
'hgrp': hgrp8_name,
'policy': policy8_name,
'profile': OSCAP_PROFILE['cbrhel8'],
},
]
vm_values = [
{
'distro': DISTRO_RHEL6,
'hgrp': hgrp6_name,
'rhel_repo': rhel6_repo,
'policy': policy6_name,
},
{
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
'policy': policy7_name,
},
{
'distro': DISTRO_RHEL8,
'hgrp': hgrp8_name,
'rhel_repo': rhel8_repo,
'policy': policy8_name,
},
]
# Creates host_group for both rhel6, rhel7 and rhel8.
for host_group in [hgrp6_name, hgrp7_name, hgrp8_name]:
make_hostgroup({
'content-source': self.config_env['sat6_hostname'],
'name': host_group,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
'puppet-classes': self.puppet_classes,
})
# Creates oscap_policy for both rhel6, rhel7 and rhel8.
for value in policy_values:
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
value['content'], value['profile'])
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': value['hgrp'],
'deploy-by': 'puppet',
'name': value['policy'],
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
# Creates two vm's each for rhel6, rhel7 and rhel8, runs
# openscap scan and uploads report to satellite6.
for value in vm_values:
with VirtualMachine(distro=value['distro']) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(value['distro']))
assert vm.subscribed
Host.update({
'name':
vm.hostname.lower(),
'lifecycle-environment':
self.config_env['env_name'],
'content-view':
self.config_env['cv_name'],
'hostgroup':
value['hgrp'],
'openscap-proxy-id':
self.proxy_id,
'organization':
self.config_env['org_name'],
'puppet-environment-id':
self.puppet_env.id,
})
SmartClassParameter.update({
'name':
'fetch_remote_resources',
'override':
1,
'parameter-type':
'boolean',
'default-value':
'true',
'puppet-class':
'foreman_scap_client',
})
SmartClassParameter.add_matcher({
'smart-class-parameter':
'fetch_remote_resources',
'match':
f'fqdn={vm.hostname}',
'value':
'true',
'puppet-class':
'foreman_scap_client',
})
vm.configure_puppet(value['rhel_repo'])
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox'])
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': value['policy'],
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path'
)
assert result != updated_result
assert updated_result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
result = Arfreport.list(
{'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_push_updated_content(self):
"""Perform end to end oscap test, and push the updated scap content via puppet
after first run.
:id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f
:expectedresults: Satellite should push updated content to Clients and
satellite should get updated reports
:CaseLevel: System
:BZ: 1420439, 1722475
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox']
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
Scapcontent.update({
'title': content_update,
'organizations': self.config_env['org_name']
})
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
})
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
# host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
self.assertTrue(vm.subscribed)
vm.configure_puppet(vm_values.get('rhel_repo'))
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'puppet-environment-id': self.puppet_env.id,
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search':
'host={0}'.format(vm.hostname.lower()),
'per-page':
1
})
self.assertIsNotNone(arf_report)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox'])
Scappolicy.update({
'scap-content-id': scap_id,
'deploy-by': 'puppet',
'name': policy_values.get('policy'),
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name'],
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run('puppet agent -t 2> /dev/null')
updated_result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep content_path')
self.assertIsNot(result, updated_result)
self.assertEqual(updated_result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
self.assertIsNotNone(
Arfreport.list(
{'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_oscap_run_with_tailoring_file_and_capsule(
module_org, default_proxy, content_view, lifecycle_env, puppet_env):
"""End-to-End Oscap run with tailoring files and default capsule via puppet
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:BZ: 1722475
:CaseImportance: Critical
"""
hgrp_name = gen_string('alpha')
policy_name = gen_string('alpha')
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group.
make_hostgroup({
'content-source': settings.server.hostname,
'name': hgrp_name,
'puppet-environment-id': puppet_env.id,
'puppet-ca-proxy': settings.server.hostname,
'puppet-proxy': settings.server.hostname,
'organizations': module_org.name,
'puppet-classes': puppet_classes,
})
tailor_result = make_tailoringfile({
'name': tailoring_file_name,
'scap-file': tailor_path,
'organization': module_org.name,
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy.
scap_id, scap_profile_id = fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel7_content'], OSCAP_PROFILE['security7'])
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
hgrp_name,
'deploy-by':
'puppet',
'name':
policy_name,
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
module_org.name,
})
# Creates vm's and runs openscap scan and uploads report to satellite6.
with VMBroker(nick=DISTRO_RHEL7, host_classes={'host': ContentHost}) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(module_org.name, ak_name[DISTRO_RHEL7])
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': lifecycle_env.name,
'content-view': content_view.name,
'hostgroup': hgrp_name,
'openscap-proxy-id': default_proxy,
'organization': module_org.name,
'puppet-environment-id': puppet_env.id,
})
vm.configure_puppet(settings.repos.rhel7_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
Arfreport.delete({'id': arf_report[0].get('id')})
def test_positive_push_updated_content(self):
"""Perform end to end oscap test, and push the updated scap content
after first run.
:id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f
:expectedresults: Satellite should push updated content to Clients and
satellite should get updated reports
:CaseLevel: System
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox']
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
Scapcontent.update({
'title': content_update,
'organizations': self.config_env['org_name']
})
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'),
policy_values.get('profile')
)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
# Creates two vm's each for rhel6 and rhel7, runs
# openscap scan and uploads report to satellite6.
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
# host = vm.hostname
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os)
)
self.assertTrue(vm.subscribed)
vm.configure_puppet(vm_values.get('rhel_repo'))
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep content_path'
)
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list(
{
'search': 'host={0}'.format(vm.hostname.lower()),
'per-page': 1
})
self.assertIsNotNone(arf_report)
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel_firefox'],
OSCAP_PROFILE['firefox']
)
Scappolicy.update({
'scap-content-id': scap_id,
'name': policy_values.get('policy'),
'new-name': gen_string('alpha'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'organizations': self.config_env['org_name']
})
Arfreport.delete({'id': arf_report[0].get('id')})
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
updated_result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep content_path'
)
self.assertIsNot(result, updated_result)
self.assertEqual(updated_result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
self.assertIsNotNone(
Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))