def test_negative_create_scap_policy_with_invalid_name(self): """Create scap policy with invalid name :id: 0d163968-7759-4cfd-9c4d-98533d8db925 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters and invalid name. :expectedresults: The policy is not created. """ for name in invalid_names_list(): with self.subTest(name): with self.assertRaises(CLIFactoryError): make_scap_policy({ 'name': name, 'deploy-by': 'puppet', 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() })
def test_negative_create_scap_policy_with_invalid_name(self, name, scap_content): """Create scap policy with invalid name :id: 0d163968-7759-4cfd-9c4d-98533d8db925 :parametrized: yes :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters and invalid name. :expectedresults: The policy is not created. :CaseImportance: Medium """ with pytest.raises(CLIFactoryError): make_scap_policy( { 'name': name, 'deploy-by': 'ansible', 'scap-content-id': scap_content["scap_id"], 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), } )
def test_negative_create_scap_policy_without_content(self, scap_content): """Create scap policy without scap content :id: 88a8fba3-f45a-4e22-9ee1-f0d701f1135f :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters without passing the scap-content-id. :expectedresults: The policy is not created. """ with pytest.raises(CLIFactoryError): make_scap_policy({ 'deploy-by': 'puppet', 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), })
def test_negative_create_scap_policy_with_invalid_name(self): """Create scap policy with invalid name :id: 0d163968-7759-4cfd-9c4d-98533d8db925 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters and invalid name. :expectedresults: The policy is not created. """ for name in invalid_names_list(): with self.subTest(name): with self.assertRaises(CLIFactoryError): make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() })
def test_positive_list_scap_policy(self): """List all scap policies :id: d14ab43e-c7a9-4eee-b61c-420b07ca1da9 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "list" as sub-command. :expectedresults: The policies are listed successfully. """ name = gen_string('alphanumeric') make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) result = Scappolicy.list() self.assertIn(name, [policy['name'] for policy in result] )
def test_positive_list_scap_policy(self): """List all scap policies :id: d14ab43e-c7a9-4eee-b61c-420b07ca1da9 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "list" as sub-command. :expectedresults: The policies are listed successfully. """ for deploy in ['puppet', 'ansible', 'manual']: with self.subTest(deploy): name = gen_string('alphanumeric') make_scap_policy({ 'name': name, 'deploy-by': deploy, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) result = Scappolicy.list() self.assertIn(name, [policy['name'] for policy in result])
def test_positive_info_scap_policy_with_name(self): """View info of policy with name as parameter :id: eece98b2-3e6a-4ac0-b742-913482343e9d :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "info" as sub-command. 3. Pass name as the parameter. :expectedresults: The information is displayed. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) result = Scappolicy.info({'name': scap_policy['name']}) self.assertEqual(result['name'], name)
def test_positive_info_scap_policy_with_id(self): """View info of policy with id as parameter :id: d309000b-777e-4cfb-bf6c-7f02ab130b9d :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "info" as sub-command. 3. Pass ID as the parameter. :expectedresults: The information is displayed. """ scap_policy = make_scap_policy({ 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) result = Scappolicy.info({'id': scap_policy['id']}) self.assertEqual(result['id'], scap_policy['id'])
def test_positive_info_scap_policy_with_name(self): """View info of policy with name as parameter :id: eece98b2-3e6a-4ac0-b742-913482343e9d :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "info" as sub-command. 3. Pass name as the parameter. :expectedresults: The information is displayed. """ for deploy in ['puppet', 'ansible', 'manual']: name = gen_string('alphanumeric') with self.subTest(deploy): scap_policy = make_scap_policy( { 'name': name, 'deploy-by': deploy, 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), } ) assert scap_policy['deployment-option'] == deploy assert Scappolicy.info({'name': scap_policy['name']})['name'] == name
def test_positive_info_scap_policy_with_id(self): """View info of policy with id as parameter :id: d309000b-777e-4cfb-bf6c-7f02ab130b9d :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "info" as sub-command. 3. Pass ID as the parameter. :expectedresults: The information is displayed. """ for deploy in ['puppet', 'ansible', 'manual']: with self.subTest(deploy): scap_policy = make_scap_policy( { 'scap-content-id': self.scap_id_rhel7, 'deploy-by': deploy, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), } ) assert scap_policy['deployment-option'] == deploy assert Scappolicy.info({'id': scap_policy['id']})['id'] == scap_policy['id']
def test_positive_associate_scap_policy_with_tailoringfiles_name(self): """Associate tailoring file by name to scap policy with all deployments :id: d0f9b244-b92d-4889-ba6a-8973ea05bf43 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by "tailoring-file" with policy :expectedresults: The policy is created and associated successfully. """ tailoring_file = make_tailoringfile({'scap-file': self.tailoring_file_path}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] for deploy in ['puppet', 'ansible', 'manual']: with self.subTest(deploy): scap_policy = make_scap_policy( { 'scap-content-id': self.scap_id_rhel7, 'deploy-by': deploy, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id, } ) assert scap_policy['deployment-option'] == deploy assert scap_policy['tailoring-file-id'] == tailoring_file['id'] assert scap_policy['tailoring-file-profile-id'] == tailor_profile_id
def test_positive_associate_scap_policy_with_hostgroups(self): """Associate hostgroups to scap policy :id: 916403a0-572d-4cf3-9155-3e3d0373577f :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. More than 1 hostgroups :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate multiple hostgroups with policy :expectedresults: The policy is created and associated successfully. """ hostgroup = make_hostgroup() name = gen_string('alphanumeric') scap_policy = make_scap_policy( { 'name': name, 'deploy-by': 'puppet', 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'hostgroups': hostgroup['name'], } ) assert scap_policy['hostgroups'][0] == hostgroup['name']
def test_positive_delete_scap_policy_with_name(self): """Delete the scap policy with name as parameter :id: 6c167e7b-cbdd-4059-808c-04c686ba9fe8 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "delete" as sub-command. 3. Pass name as parameter. :expectedresults: The scap policy is deleted successfully. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy( { 'name': name, 'deploy-by': 'puppet', 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), } ) assert scap_policy['name'] == name Scappolicy.delete({'name': name}) with pytest.raises(CLIReturnCodeError): Scapcontent.info({'name': scap_policy['name']})
def test_positive_delete_scap_policy_with_id(self): """Delete the scap policy with id as parameter :id: db9d925f-c730-4299-ad8e-5aaa08895f6e :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "delete" as sub-command. 3. Pass id as parameter. :expectedresults: The scap policy is deleted successfully. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy( { 'name': name, 'deploy-by': 'ansible', 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), } ) assert scap_policy['name'] == name Scappolicy.delete({'id': scap_policy['id']}) with pytest.raises(CLIReturnCodeError): Scappolicy.info({'id': scap_policy['id']})
def test_postive_create_scap_policy_with_valid_name(self, name, scap_content): """Create scap policy with valid name :id: c9327675-62b2-4e22-933a-02818ef68c11 :parametrized: yes :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters and valid name. :expectedresults: The policy is created successfully. :CaseImportance: Medium """ scap_policy = make_scap_policy( { 'name': name, 'deploy-by': 'ansible', 'scap-content-id': scap_content["scap_id"], 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), } ) assert scap_policy['name'] == name
def test_positive_associate_scap_policy_with_hostgroup_via_ansible(self): """Associate hostgroup to scap policy via ansible :id: 2df303c6-bff5-4977-a865-a3afabfb8726 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Created hostgroup 4. Ansible role and Ansible variable :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters and deploy option as ansible 4. Associate hostgroup with policy :expectedresults: The policy is created via ansible deploy option and associated successfully. """ hostgroup = make_hostgroup() name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'ansible', 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'hostgroups': hostgroup['name'] }) self.assertEqual(scap_policy['deployment-option'], 'ansible') self.assertEqual(scap_policy['hostgroups'][0], hostgroup['name'])
def test_postive_create_scap_policy_with_valid_name(self): """Create scap policy with valid name :id: c9327675-62b2-4e22-933a-02818ef68c11 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters and valid name. :expectedresults: The policy is created successfully. """ for name in valid_data_list(): with self.subTest(name): scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) self.assertEqual(scap_policy['name'], name)
def test_positive_associate_scap_policy_with_hostgroups(self): """Associate hostgroups to scap policy :id: 916403a0-572d-4cf3-9155-3e3d0373577f :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. More than 1 hostgroups :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate multiple hostgroups with policy :expectedresults: The policy is created and associated successfully. """ hostgroup = make_hostgroup() name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'hostgroups': hostgroup['name'] }) self.assertEqual(scap_policy['hostgroups'][0], hostgroup['name'])
def test_positive_associate_scap_policy_with_tailoringfiles_name(self): """Associate tailoring file by name to scap policy :id: d0f9b244-b92d-4889-ba6a-8973ea05bf43 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by "tailoring-file" with policy :expectedresults: The policy is created and associated successfully. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file( local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name) ) tailoring_file = make_tailoringfile({ 'scap-file': '/tmp/{0}'.format(file_name) }) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] scap_policy = make_scap_policy({ 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) self.assertEqual(scap_policy['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_policy['tailoring-file-profile-id'], tailor_profile_id)
def test_postive_create_scap_policy_with_valid_name(self): """Create scap policy with valid name :id: c9327675-62b2-4e22-933a-02818ef68c11 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters and valid name. :expectedresults: The policy is created successfully. """ for name in valid_data_list(): with self.subTest(name): scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'puppet', 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) self.assertEqual(scap_policy['name'], name)
def test_positive_delete_scap_policy_with_name(self): """Delete the scap policy with name as parameter :id: 6c167e7b-cbdd-4059-808c-04c686ba9fe8 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "delete" as sub-command. 3. Pass name as parameter. :expectedresults: The scap policy is deleted successfully. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['name'], name) Scappolicy.delete({'name': name}) with self.assertRaises(CLIReturnCodeError): Scapcontent.info({'name': scap_policy['name']})
def test_positive_scap_policy_end_to_end(self): """List all scap policies and read info using id, name :id: d14ab43e-c7a9-4eee-b61c-420b07ca1da9 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "list" as sub-command. 3. Execute "policy" command with "info" as sub-command. 4. Pass ID as the parameter. 5. Pass name as the parameter. :expectedresults: The policies are listed successfully and information is displayed. """ for deploy in ['manual', 'puppet', 'ansible']: with self.subTest(deploy): hostgroup = make_hostgroup() name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': deploy, 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'hostgroups': hostgroup['name'], }) result = Scappolicy.list() assert name in [policy['name'] for policy in result] assert Scappolicy.info({'id': scap_policy['id'] })['id'] == scap_policy['id'] assert Scappolicy.info({'name': scap_policy['name']})['name'] == name Scappolicy.update({ 'id': scap_policy['id'], 'period': OSCAP_PERIOD['monthly'].lower(), 'day-of-month': 15, }) scap_info = Scappolicy.info({'name': name}) assert scap_info['period'] == OSCAP_PERIOD['monthly'].lower() assert scap_info['day-of-month'] == '15' Scappolicy.delete({'id': scap_policy['id']}) with pytest.raises(CLIReturnCodeError): Scappolicy.info({'id': scap_policy['id']})
def scap_policy(scap_content): scap_id, scap_profile_id = scap_content scap_policy = make_scap_policy({ 'name': gen_string('alpha'), 'scap-content-id': scap_id, 'scap-content-profile-id': scap_profile_id, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) return scap_policy
def test_positive_update_scap_policy_with_hostgroup(self, scap_content): """Update scap policy by addition of hostgroup :id: 21b9b82b-7c6c-4944-bc2f-67631e1d4086 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy and hostgroup. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass hostgoups as the parameter. :expectedresults: The scap policy is updated. """ hostgroup = make_hostgroup() name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'puppet', 'scap-content-id': scap_content["scap_id"], 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'hostgroups': hostgroup['name'], }) assert scap_policy['hostgroups'][0] == hostgroup['name'] assert scap_policy['deployment-option'] == 'puppet' new_hostgroup = make_hostgroup() Scappolicy.update({ 'id': scap_policy['id'], 'deploy-by': 'ansible', 'hostgroups': new_hostgroup['name'] }) scap_info = Scappolicy.info({'name': name}) assert scap_info['hostgroups'][0] == new_hostgroup['name'] # Assert if the deployment is updated assert scap_info['deployment-option'] == 'ansible'
def test_negative_create_scap_policy_without_content(self): """Create scap policy without scap content :id: 88a8fba3-f45a-4e22-9ee1-f0d701f1135f :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters without passing the scap-content-id. :expectedresults: The policy is not created. """ with self.assertRaises(CLIFactoryError): make_scap_policy({ 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() })
def test_positive_update_scap_policy_with_content(self): """Update the scap policy by updating the scap content associated with the policy :id: 3c9df098-9ff8-4f48-a9a0-2ba21a8e48e0 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass scap-content-id as parameter. :expectedresults: The scap policy is updated. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'puppet', 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6) scap_id, scap_profile_id = self.fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox']) Scappolicy.update({ 'name': name, 'scap-content-id': scap_id, 'scap-content-profile-id': scap_profile_id, }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['scap-content-id'], scap_id) self.assertEqual(scap_info['scap-content-profile-id'], scap_profile_id[0])
def test_positive_update_scap_policy_with_tailoringfiles_name(self): """Update the scap policy by updating the scap tailoring file name associated with the policy :id: a2403170-51df-4561-9a58-820f77a5e048 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass tailoring-file as parameter. :expectedresults: The scap policy is updated. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file(local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name)) tailoring_file = make_tailoringfile( {'scap-file': '/tmp/{0}'.format(file_name)}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'ansible', 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6) Scappolicy.update({ 'name': name, 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_info['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_associate_scap_policy_with_single_server(self): """Assign an audit policy to a single server :id: 30566c27-f466-4b4d-beaf-0a5bfda98b89 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. At least 1 policy and host. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass host name as the parameter. :expectedresults: The scap policy is updated. """ host = entities.Host() host.create() name = gen_string('alpha') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'puppet', 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) host_name = host.name + "." + host.domain.name Scappolicy.update({ 'id': scap_policy['id'], 'hosts': host_name, }) hosts = Host.list( {'search': 'compliance_policy_id = {0}'.format(scap_policy['id'])}) self.assertIn(host_name, [host['name'] for host in hosts], 'The attached host is different')
def test_positive_update_scap_policy_period(self, scap_content): """Update scap policy by updating the period strategy from monthly to weekly :id: 4892bc3c-d886-49b4-a5b1-250d96b7e278 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass period as parameter and weekday as parameter. :expectedresults: The scap policy is updated. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'puppet', 'scap-content-id': scap_content["scap_id"], 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) assert scap_policy['period'] == OSCAP_PERIOD['weekly'].lower() Scappolicy.update({ 'id': scap_policy['id'], 'period': OSCAP_PERIOD['monthly'].lower(), 'day-of-month': 15, }) scap_info = Scappolicy.info({'name': name}) assert scap_info['period'] == OSCAP_PERIOD['monthly'].lower() assert scap_info['day-of-month'] == '15'
def test_positive_associate_scap_policy_with_tailoringfiles_name(self): """Associate tailoring file by name to scap policy with all deployments :id: d0f9b244-b92d-4889-ba6a-8973ea05bf43 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by "tailoring-file" with policy :expectedresults: The policy is created and associated successfully. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file(local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name)) tailoring_file = make_tailoringfile( {'scap-file': '/tmp/{0}'.format(file_name)}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] for deploy in ['puppet', 'ansible', 'manual']: with self.subTest(deploy): scap_policy = make_scap_policy({ 'scap-content-id': self.scap_id_rhel6, 'deploy-by': deploy, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) self.assertEqual(scap_policy['deployment-option'], deploy) self.assertEqual(scap_policy['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_policy['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_update_scap_policy_with_content(self): """Update the scap policy by updating the scap content associated with the policy :id: 3c9df098-9ff8-4f48-a9a0-2ba21a8e48e0 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass scap-content-id as parameter. :expectedresults: The scap policy is updated. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6) scap_id, scap_profile_id = self.fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox'] ) Scappolicy.update({ 'name': name, 'scap-content-id': scap_id, 'scap-content-profile-id': scap_profile_id, }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['scap-content-id'], scap_id) self.assertEqual(scap_info['scap-content-profile-id'], scap_profile_id[0])
def test_positive_update_scap_policy_with_tailoringfiles_id(self): """Update the scap policy by updating the scap tailoring file id associated with the policy :id: 91a25e0b-d5d2-49d8-a3cd-1f3836ac323c :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass tailoring-file-id as parameter. :expectedresults: The scap policy is updated. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file( local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name) ) tailoring_file = make_tailoringfile({ 'scap-file': '/tmp/{0}'.format(file_name) }) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6) Scappolicy.update({ 'name': name, 'tailoring-file-id': tailoring_file['id'], 'tailoring-file-profile-id': tailor_profile_id }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_info['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_update_scap_policy_with_tailoringfiles_name(self): """Update the scap policy by updating the scap tailoring file name associated with the policy :id: a2403170-51df-4561-9a58-820f77a5e048 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass tailoring-file as parameter. :expectedresults: The scap policy is updated. """ tailoring_file = make_tailoringfile( {'scap-file': self.tailoring_file_path}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'deploy-by': 'ansible', 'scap-content-id': self.scap_id_rhel7, 'scap-content-profile-id': self.scap_profile_id_rhel7, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) assert scap_policy['scap-content-id'] == self.scap_id_rhel7 Scappolicy.update({ 'name': name, 'tailoring-file': tailoring_file['name'], 'tailoring-file-profile-id': tailor_profile_id }) scap_info = Scappolicy.info({'name': name}) assert scap_info['tailoring-file-id'] == tailoring_file['id'] assert scap_info['tailoring-file-profile-id'] == tailor_profile_id
def test_positive_associate_scap_policy_with_single_server(self): """Assign an audit policy to a single server :id: 30566c27-f466-4b4d-beaf-0a5bfda98b89 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. At least 1 policy and host. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass host name as the parameter. :expectedresults: The scap policy is updated. """ host = entities.Host() host.create() name = gen_string('alpha') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower() }) host_name = host.name + "." + host.domain.name Scappolicy.update({ 'id': scap_policy['id'], 'hosts': host_name, }) hosts = Host.list({'search': 'compliance_policy_id = {0}'.format( scap_policy['id'])}) self.assertIn(host_name, [host['name'] for host in hosts], 'The attached host is different')
def test_positive_associate_scap_policy_with_tailoringfiles_id(self): """Associate tailoring file by id to scap policy :id: 4d60333d-ffd7-4c6c-9ba5-6a311ccf2910 :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by "tailoring-file-id" with policy :expectedresults: The policy is created and associated successfully. """ _, file_name = os.path.split(settings.oscap.tailoring_path) ssh.upload_file(local_file=settings.oscap.tailoring_path, remote_file="/tmp/{0}".format(file_name)) tailoring_file = make_tailoringfile( {'scap-file': '/tmp/{0}'.format(file_name)}) tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id'] scap_policy = make_scap_policy({ 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailoring_file['id'], 'tailoring-file-profile-id': tailor_profile_id }) self.assertEqual(scap_policy['tailoring-file-id'], tailoring_file['id']) self.assertEqual(scap_policy['tailoring-file-profile-id'], tailor_profile_id)
def test_positive_update_scap_policy_period(self): """Update scap policy by updating the period strategy from monthly to weekly :id: 4892bc3c-d886-49b4-a5b1-250d96b7e278 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass period as parameter and weekday as parameter. :expectedresults: The scap policy is updated. """ name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), }) self.assertEqual(scap_policy['period'], OSCAP_PERIOD['weekly'].lower()) Scappolicy.update({ 'id': scap_policy['id'], 'period': OSCAP_PERIOD['monthly'].lower(), 'day-of-month': 15 }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['period'], OSCAP_PERIOD['monthly'].lower()) self.assertEqual(scap_info['day-of-month'], '15')
def test_positive_update_scap_policy_with_hostgroup(self): """Update scap policy by addition of hostgroup :id: 21b9b82b-7c6c-4944-bc2f-67631e1d4086 :setup: 1. Oscap should be enabled. 2. Oscap-cli hammer plugin installed. 3. Atleast 1 policy and hostgroup. :steps: 1. Login to hammer shell. 2. Execute "policy" command with "update" as sub-command. 3. Pass hostgoups as the parameter. :expectedresults: The scap policy is updated. """ hostgroup = make_hostgroup() name = gen_string('alphanumeric') scap_policy = make_scap_policy({ 'name': name, 'scap-content-id': self.scap_id_rhel6, 'scap-content-profile-id': self.scap_profile_id_rhel6, 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'hostgroups': hostgroup['name'] }) self.assertEqual(scap_policy['hostgroups'][0], hostgroup['name']) new_hostgroup = make_hostgroup() Scappolicy.update({ 'id': scap_policy['id'], 'hostgroups': new_hostgroup['name'] }) scap_info = Scappolicy.info({'name': name}) self.assertEqual(scap_info['hostgroups'][0], new_hostgroup['name'])
def test_positive_oscap_run_with_tailoring_file_and_capsule(self): """End-to-End Oscap run with tailoring files and default capsule via puppet :id: 346946ad-4f62-400e-9390-81817006048c :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Create a scap policy 4. Associate scap content with it's tailoring file 5. Associate the policy with a hostgroup 6. Provision a host using the hostgroup 7. Puppet should configure and fetch the scap content and tailoring file :expectedresults: ARF report should be sent to satellite reflecting the changes done via tailoring files :BZ: 1722475 :CaseImportance: Critical """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'], } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo } tailoring_file_name = gen_string('alpha') tailor_path = file_downloader(file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname)[0] # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': self.proxy_id, 'name': hgrp7_name, 'puppet-environment-id': self.puppet_env.id, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'], 'puppet-classes': self.puppet_classes, }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': tailor_path, 'organization': self.config_env['org_name'], }) result = TailoringFiles.info({'name': tailoring_file_name}) assert result['name'] == tailoring_file_name # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile')) make_scap_policy({ 'scap-content-id': scap_id, 'deploy-by': 'puppet', 'hostgroups': policy_values.get('hgrp'), 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': self.config_env['org_name'], }) distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(self.config_env['org_name'], self.config_env['ak_name'].get(distro_os)) assert vm.subscribed Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': self.proxy_id, 'organization': self.config_env['org_name'], 'puppet-environment-id': self.puppet_env.id, }) vm.configure_puppet(rhel7_repo) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. result = Arfreport.list({'search': f'host={vm.hostname.lower()}'}) assert result is not None
def test_positive_upload_to_satellite(self): """Perform end to end oscap test and upload reports. :id: 17a0978d-64f9-44ad-8303-1f54ada08602 :expectedresults: Oscap reports from rhel6 and rhel7 clients should be uploaded to satellite6 and be searchable. :CaseLevel: System """ if settings.rhel6_repo is None: self.skipTest('Missing configuration for rhel6_repo') rhel6_repo = settings.rhel6_repo if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo hgrp6_name = gen_string('alpha') hgrp7_name = gen_string('alpha') policy6_name = gen_string('alpha') policy7_name = gen_string('alpha') policy_values = [ { 'content': self.rhel6_content, 'hgrp': hgrp6_name, 'policy': policy6_name, 'profile': OSCAP_PROFILE['security6'] }, { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': policy7_name, 'profile': OSCAP_PROFILE['security7'] }, ] vm_values = [ { 'distro': DISTRO_RHEL6, 'hgrp': hgrp6_name, 'rhel_repo': rhel6_repo, 'policy': policy6_name, }, { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo, 'policy': policy7_name, }, ] # Creates host_group for both rhel6 and rhel7 for host_group in [hgrp6_name, hgrp7_name]: make_hostgroup({ 'content-source-id': 1, 'name': host_group, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'] }) # Creates oscap_policy for both rhel6 and rhel7. for value in policy_values: scap_id, scap_profile_id = self.fetch_scap_and_profile_id( value['content'], value['profile'] ) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': value['hgrp'], 'name': value['policy'], 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'] }) # Creates two vm's each for rhel6 and rhel7, runs # openscap scan and uploads report to satellite6. for value in vm_values: with VirtualMachine(distro=value['distro']) as vm: host = vm.hostname host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost( self.config_env['org_name'], self.config_env['ak_name'].get(value['distro']) ) self.assertTrue(vm.subscribed) vm.configure_puppet(value['rhel_repo']) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': value['hgrp'], 'openscap-proxy-id': 1, 'organization': self.config_env['org_name'], 'environment': 'production' }) # Run "puppet agent -t" twice so that it detects it's, # satellite6 and fetch katello SSL certs. for _ in range(2): vm.run(u'puppet agent -t 2> /dev/null') result = vm.run( u'cat /etc/foreman_scap_client/config.yaml' '| grep profile' ) self.assertEqual(result.return_code, 0) # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. self.assertIsNotNone(Arfreport.list({'search': 'host={0}'.format(host)}))
def test_positive_oscap_run_via_ansible_bz_1814988(module_org, default_proxy, content_view, lifecycle_env): """End-to-End Oscap run via ansible :id: 375f8f08-9299-4d16-91f9-9426eeecb9c5 :parametrized: yes :customerscenario: true :setup: scap content, scap policy, host group :steps: 1. Create a valid scap content 2. Import Ansible role theforeman.foreman_scap_client 3. Import Ansible Variables needed for the role 4. Create a scap policy with anisble as deploy option 5. Associate the policy with a hostgroup 6. Provision a host using the hostgroup 7. Harden the host by remediating it with DISA STIG security policy 8. Configure REX and associate the Ansible role to created host 9. Play roles for the host :expectedresults: REX job should be success and ARF report should be sent to satellite :BZ: 1814988 :CaseImportance: Critical """ hgrp_name = gen_string('alpha') policy_name = gen_string('alpha') # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': default_proxy, 'name': hgrp_name, 'organizations': module_org.name, }) # Creates oscap_policy. scap_id, scap_profile_id = fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel7_content'], OSCAP_PROFILE['dsrhel7']) Ansible.roles_import({'proxy-id': default_proxy}) Ansible.variables_import({'proxy-id': default_proxy}) role_id = Ansible.roles_list({'search': 'foreman_scap_client'})[0].get('id') make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': hgrp_name, 'deploy-by': 'ansible', 'name': policy_name, 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': module_org.name, }) with VMBroker(nick=DISTRO_RHEL7, host_classes={'host': ContentHost}) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(module_org.name, ak_name[DISTRO_RHEL7]) assert vm.subscribed Host.set_parameter({ 'host': vm.hostname.lower(), 'name': 'remote_execution_connect_by_ip', 'value': 'True', }) vm.configure_rhel_repo(settings.repos.rhel7_repo) # Harden the rhel7 client with DISA STIG security policy vm.run('yum install -y scap-security-guide') vm.run( 'oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_stig ' '--fetch-remote-resources --results-arf results.xml ' '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml', ) add_remote_execution_ssh_key(vm.ip_addr) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': lifecycle_env.name, 'content-view': content_view.name, 'hostgroup': hgrp_name, 'openscap-proxy-id': default_proxy, 'organization': module_org.name, 'ansible-role-ids': role_id, }) job_id = Host.ansible_roles_play({'name': vm.hostname.lower()})[0].get('id') wait_for_tasks( f'resource_type = JobInvocation and resource_id = {job_id} and action ~ "hosts job"' ) try: result = JobInvocation.info({'id': job_id})['success'] assert result == '1' except AssertionError: output = ' '.join( JobInvocation.get_output({ 'id': job_id, 'host': vm.hostname })) result = f'host output: {output}' raise AssertionError(result) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.status == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. result = Arfreport.list({'search': f'host={vm.hostname.lower()}'}) assert result is not None
def test_positive_associate_scap_policy_with_tailoringfiles( self, deploy, scap_content, tailoring_file_path): """Associate tailoring file by name/id to scap policy with all deployments :id: d0f9b244-b92d-4889-ba6a-8973ea05bf43 :parametrized: yes :steps: 1. Login to hammer shell. 2. Execute "policy" command with "create" as sub-command. 3. Pass valid parameters. 4. Associate tailoring file by name/id with policy :expectedresults: The policy is created and associated successfully. """ tailoring_file_a = make_tailoringfile( {'scap-file': tailoring_file_path['satellite']}) tailoring_file_profile_a_id = tailoring_file_a[ 'tailoring-file-profiles'][0]['id'] tailoring_file_b = make_tailoringfile( {'scap-file': tailoring_file_path['satellite']}) tailoring_file_profile_b_id = tailoring_file_b[ 'tailoring-file-profiles'][0]['id'] scap_policy = make_scap_policy({ 'scap-content-id': scap_content["scap_id"], 'deploy-by': deploy, 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file': tailoring_file_a['name'], 'tailoring-file-profile-id': tailoring_file_profile_a_id, }) assert scap_policy['deployment-option'] == deploy assert scap_policy['tailoring-file-id'] == tailoring_file_a['id'] assert scap_policy[ 'tailoring-file-profile-id'] == tailoring_file_profile_a_id Scappolicy.update({ 'name': scap_policy['name'], 'tailoring-file': tailoring_file_b['name'], 'tailoring-file-profile-id': tailoring_file_profile_b_id, }) scap_info = Scappolicy.info({'name': scap_policy['name']}) assert scap_info['tailoring-file-id'] == tailoring_file_b['id'] assert scap_info[ 'tailoring-file-profile-id'] == tailoring_file_profile_b_id Scappolicy.delete({'name': scap_policy['name']}) with pytest.raises(CLIReturnCodeError): Scapcontent.info({'name': scap_policy['name']}) scap_policy = make_scap_policy({ 'scap-content-id': scap_content["scap_id"], 'deploy-by': deploy, 'scap-content-profile-id': scap_content["scap_profile_id"], 'period': OSCAP_PERIOD['weekly'].lower(), 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailoring_file_a['id'], 'tailoring-file-profile-id': tailoring_file_profile_a_id, }) assert scap_policy['deployment-option'] == deploy assert scap_policy['tailoring-file-id'] == tailoring_file_a['id'] assert scap_policy[ 'tailoring-file-profile-id'] == tailoring_file_profile_a_id Scappolicy.update({ 'id': scap_policy['id'], 'tailoring-file-id': tailoring_file_b['id'], 'tailoring-file-profile-id': tailoring_file_profile_b_id, }) scap_info = Scappolicy.info({'id': scap_policy['id']}) assert scap_info['tailoring-file-id'] == tailoring_file_b['id'] assert scap_info[ 'tailoring-file-profile-id'] == tailoring_file_profile_b_id Scappolicy.delete({'id': scap_policy['id']}) with pytest.raises(CLIReturnCodeError): Scapcontent.info({'name': scap_policy['name']})
def test_positive_push_updated_content(self): """Perform end to end oscap test, and push the updated scap content after first run. :id: 7eb75ca5-2ea1-434e-bb43-1223fa4d8e9f :expectedresults: Satellite should push updated content to Clients and satellite should get updated reports :CaseLevel: System """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo content_update = OSCAP_DEFAULT_CONTENT['rhel_firefox'] hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'] } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo, } Scapcontent.update({ 'title': content_update, 'organizations': self.config_env['org_name'] }) # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': 1, 'name': hgrp7_name, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'] }) # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile') ) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': policy_values.get('hgrp'), 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'] }) # Creates two vm's each for rhel6 and rhel7, runs # openscap scan and uploads report to satellite6. distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: # host = vm.hostname host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost( self.config_env['org_name'], self.config_env['ak_name'].get(distro_os) ) self.assertTrue(vm.subscribed) vm.configure_puppet(vm_values.get('rhel_repo')) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': 1, 'organization': self.config_env['org_name'], 'environment': 'production' }) # Run "puppet agent -t" twice so that it detects it's, # satellite6 and fetch katello SSL certs. for _ in range(2): vm.run(u'puppet agent -t 2> /dev/null') result = vm.run( u'cat /etc/foreman_scap_client/config.yaml' '| grep content_path' ) self.assertEqual(result.return_code, 0) # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. arf_report = Arfreport.list( { 'search': 'host={0}'.format(vm.hostname.lower()), 'per-page': 1 }) self.assertIsNotNone(arf_report) scap_id, scap_profile_id = self.fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox'] ) Scappolicy.update({ 'scap-content-id': scap_id, 'name': policy_values.get('policy'), 'new-name': gen_string('alpha'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'] }) Arfreport.delete({'id': arf_report[0].get('id')}) for _ in range(2): vm.run(u'puppet agent -t 2> /dev/null') updated_result = vm.run( u'cat /etc/foreman_scap_client/config.yaml' '| grep content_path' ) self.assertIsNot(result, updated_result) self.assertEqual(updated_result.return_code, 0) # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() self.assertIsNotNone( Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_upload_to_satellite(self): """Perform end to end oscap test, and push the updated scap content via puppet after first run. :id: 17a0978d-64f9-44ad-8303-1f54ada08602 :expectedresults: Oscap reports from rhel6, rhel7 and rhel8 clients should be uploaded to Satellite and be searchable. Satellite should push updated content to Clients and satellite should get updated reports. :CaseLevel: System :BZ: 1479413, 1722475, 1420439, 1722475 """ if settings.rhel6_repo is None: self.skipTest('Missing configuration for rhel6_repo') rhel6_repo = settings.rhel6_repo if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') if settings.rhel8_repo is None: self.skipTest('Missing configuration for rhel8_repo') rhel8_repo = settings.rhel8_repo hgrp8_name = gen_string('alpha') rhel7_repo = settings.rhel7_repo hgrp6_name = gen_string('alpha') hgrp7_name = gen_string('alpha') policy6_name = gen_string('alpha') policy7_name = gen_string('alpha') policy8_name = gen_string('alpha') policy_values = [ { 'content': self.rhel6_content, 'hgrp': hgrp6_name, 'policy': policy6_name, 'profile': OSCAP_PROFILE['security6'], }, { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': policy7_name, 'profile': OSCAP_PROFILE['security7'], }, { 'content': self.rhel8_content, 'hgrp': hgrp8_name, 'policy': policy8_name, 'profile': OSCAP_PROFILE['cbrhel8'], }, ] vm_values = [ { 'distro': DISTRO_RHEL6, 'hgrp': hgrp6_name, 'rhel_repo': rhel6_repo, 'policy': policy6_name, }, { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo, 'policy': policy7_name, }, { 'distro': DISTRO_RHEL8, 'hgrp': hgrp8_name, 'rhel_repo': rhel8_repo, 'policy': policy8_name, }, ] # Creates host_group for both rhel6, rhel7 and rhel8. for host_group in [hgrp6_name, hgrp7_name, hgrp8_name]: make_hostgroup({ 'content-source': self.config_env['sat6_hostname'], 'name': host_group, 'puppet-environment-id': self.puppet_env.id, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'], 'puppet-classes': self.puppet_classes, }) # Creates oscap_policy for both rhel6, rhel7 and rhel8. for value in policy_values: scap_id, scap_profile_id = self.fetch_scap_and_profile_id( value['content'], value['profile']) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': value['hgrp'], 'deploy-by': 'puppet', 'name': value['policy'], 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'], }) # Creates two vm's each for rhel6, rhel7 and rhel8, runs # openscap scan and uploads report to satellite6. for value in vm_values: with VirtualMachine(distro=value['distro']) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost( self.config_env['org_name'], self.config_env['ak_name'].get(value['distro'])) assert vm.subscribed Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': value['hgrp'], 'openscap-proxy-id': self.proxy_id, 'organization': self.config_env['org_name'], 'puppet-environment-id': self.puppet_env.id, }) SmartClassParameter.update({ 'name': 'fetch_remote_resources', 'override': 1, 'parameter-type': 'boolean', 'default-value': 'true', 'puppet-class': 'foreman_scap_client', }) SmartClassParameter.add_matcher({ 'smart-class-parameter': 'fetch_remote_resources', 'match': f'fqdn={vm.hostname}', 'value': 'true', 'puppet-class': 'foreman_scap_client', }) vm.configure_puppet(value['rhel_repo']) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. arf_report = Arfreport.list({ 'search': f'host={vm.hostname.lower()}', 'per-page': 1 }) assert arf_report is not None scap_id, scap_profile_id = self.fetch_scap_and_profile_id( OSCAP_DEFAULT_CONTENT['rhel_firefox'], OSCAP_PROFILE['firefox']) Scappolicy.update({ 'scap-content-id': scap_id, 'deploy-by': 'puppet', 'name': value['policy'], 'new-name': gen_string('alpha'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'organizations': self.config_env['org_name'], }) Arfreport.delete({'id': arf_report[0].get('id')}) for _ in range(2): vm.run('puppet agent -t 2> /dev/null') updated_result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep content_path' ) assert result != updated_result assert updated_result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() result = Arfreport.list( {'search': f'host={vm.hostname.lower()}'}) assert result is not None
def test_positive_oscap_run_with_tailoring_file_with_ansible(self): """End-to-End Oscap run with tailoring files via ansible :id: c7ea56eb-6cf1-4e79-8d6a-fb872d1bb804 :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Import Ansible role theforeman.foreman_scap_client 4. Import Ansible Variables needed for the role 5. Create a scap policy with anisble as deploy option 6. Associate scap content with it's tailoring file 7. Associate the policy with a hostgroup 8. Provision a host using the hostgroup 9. Configure REX and associate the Ansible role to created host 10. Play roles for the host :expectedresults: REX job should be success and ARF report should be sent to satellite reflecting the changes done via tailoring files :BZ: 1716307 :CaseImportance: Critical """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'], } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo } tailoring_file_name = gen_string('alpha') tailor_path = file_downloader(file_url=settings.oscap.tailoring_path, hostname=settings.server.hostname)[0] # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': self.proxy_id, 'name': hgrp7_name, 'organizations': self.config_env['org_name'], }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': tailor_path, 'organization': self.config_env['org_name'], }) result = TailoringFiles.info({'name': tailoring_file_name}) assert result['name'] == tailoring_file_name # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile')) Ansible.roles_import({'proxy-id': self.proxy_id}) Ansible.variables_import({'proxy-id': self.proxy_id}) role_id = Ansible.roles_list({'search': 'foreman_scap_client'})[0].get('id') make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': policy_values.get('hgrp'), 'deploy-by': 'ansible', 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': self.config_env['org_name'], }) distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost(self.config_env['org_name'], self.config_env['ak_name'].get(distro_os)) assert vm.subscribed Host.set_parameter({ 'host': vm.hostname.lower(), 'name': 'remote_execution_connect_by_ip', 'value': 'True', }) vm.configure_rhel_repo(settings.rhel7_repo) add_remote_execution_ssh_key(vm.ip_addr) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': self.proxy_id, 'organization': self.config_env['org_name'], 'ansible-role-ids': role_id, }) job_id = Host.ansible_roles_play({'name': vm.hostname.lower() })[0].get('id') wait_for_tasks( f"resource_type = JobInvocation and resource_id = {job_id} and " "action ~ \"hosts job\"") try: result = JobInvocation.info({'id': job_id})['success'] assert result == '1' except AssertionError: output = ' '.join( JobInvocation.get_output({ 'id': job_id, 'host': vm.hostname })) result = f'host output: {output}' raise AssertionError(result) result = vm.run( 'cat /etc/foreman_scap_client/config.yaml | grep profile') assert result.return_code == 0 # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. result = Arfreport.list({'search': f'host={vm.hostname.lower()}'}) assert result is not None
def test_positive_oscap_run_with_tailoring_file_and_capsule(self): """ End-to-End Oscap run with tailoring files and default capsule :id: 346946ad-4f62-400e-9390-81817006048c :setup: scap content, scap policy, tailoring file, host group :steps: 1. Create a valid scap content 2. Upload a valid tailoring file 3. Create a scap policy 4. Associate scap content with it's tailoring file 5. Associate the policy with a hostgroup 6. Provision a host using the hostgroup 7. Puppet should configure and fetch the scap content and tailoring file :expectedresults: ARF report should be sent to satellite reflecting the changes done via tailoring files :CaseImportance: Critical """ if settings.rhel7_repo is None: self.skipTest('Missing configuration for rhel7_repo') rhel7_repo = settings.rhel7_repo hgrp7_name = gen_string('alpha') policy_values = { 'content': self.rhel7_content, 'hgrp': hgrp7_name, 'policy': gen_string('alpha'), 'profile': OSCAP_PROFILE['security7'] } vm_values = { 'distro': DISTRO_RHEL7, 'hgrp': hgrp7_name, 'rhel_repo': rhel7_repo, } tailoring_file_name = gen_string('alpha') tailor_path = get_data_file(settings.oscap.tailoring_path) file_name = tailor_path.split('/')[(len(tailor_path.split('/')) - 1)] ssh.upload_file( local_file=tailor_path, remote_file="/tmp/{0}".format(file_name) ) # Creates host_group for rhel7 make_hostgroup({ 'content-source-id': 1, 'name': hgrp7_name, 'puppet-ca-proxy': self.config_env['sat6_hostname'], 'puppet-proxy': self.config_env['sat6_hostname'], 'organizations': self.config_env['org_name'] }) tailor_result = make_tailoringfile({ 'name': tailoring_file_name, 'scap-file': '/tmp/{0}'.format(file_name), 'organization': self.config_env['org_name'] }) result = TailoringFiles.info({'name': tailoring_file_name}) self.assertEqual(result['name'], tailoring_file_name) # Creates oscap_policy for rhel7. scap_id, scap_profile_id = self.fetch_scap_and_profile_id( policy_values.get('content'), policy_values.get('profile') ) make_scap_policy({ 'scap-content-id': scap_id, 'hostgroups': policy_values.get('hgrp'), 'name': policy_values.get('policy'), 'period': OSCAP_PERIOD['weekly'].lower(), 'scap-content-profile-id': scap_profile_id, 'weekday': OSCAP_WEEKDAY['friday'].lower(), 'tailoring-file-id': tailor_result['id'], 'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'], 'organizations': self.config_env['org_name'] }) distro_os = vm_values.get('distro') with VirtualMachine(distro=distro_os) as vm: host_name, _, host_domain = vm.hostname.partition('.') vm.install_katello_ca() vm.register_contenthost( self.config_env['org_name'], self.config_env['ak_name'].get(distro_os) ) self.assertTrue(vm.subscribed) vm.configure_puppet(rhel7_repo) Host.update({ 'name': vm.hostname.lower(), 'lifecycle-environment': self.config_env['env_name'], 'content-view': self.config_env['cv_name'], 'hostgroup': vm_values.get('hgrp'), 'openscap-proxy-id': 1, 'organization': self.config_env['org_name'], 'environment': 'production' }) # Run "puppet agent -t" twice so that it detects it's, # satellite6 and fetch katello SSL certs. for _ in range(2): vm.run(u'puppet agent -t 2> /dev/null') result = vm.run( u'cat /etc/foreman_scap_client/config.yaml' '| grep profile' ) self.assertEqual(result.return_code, 0) # Runs the actual oscap scan on the vm/clients and # uploads report to Internal Capsule. vm.execute_foreman_scap_client() # Assert whether oscap reports are uploaded to # Satellite6. self.assertIsNotNone( Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))