def test_positive_download_tailoring_file(self):
""" Download the tailoring file from satellite
:id: 75d8c810-19a7-4285-bc3a-a1fb1a0e9088
:steps:
1.Create valid tailoring file with valid name
2.Execute "tailoring-file" command with "download" as sub-command
:expectedresults: The tailoring file should be downloaded
BZ: 1857572
:CaseImportance: Critical
"""
name = gen_string('alphanumeric')
file_path = f'/var/{self.tailoring_file_path}'
tailoring_file = make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path})
assert tailoring_file['name'] == name
result = TailoringFiles.download_tailoring_file({'name': name, 'path': '/var/tmp/'})
assert file_path in result[0]
result = ssh.command(f'find {file_path} 2> /dev/null')
assert result.return_code == 0
assert file_path == result.stdout[0]
def test_positive_download_tailoring_file(self, tailoring_file_path,
default_sat):
"""Download the tailoring file from satellite
:id: 75d8c810-19a7-4285-bc3a-a1fb1a0e9088
:steps:
1.Create valid tailoring file with valid name
2.Execute "tailoring-file" command with "download" as sub-command
:expectedresults: The tailoring file should be downloaded
BZ: 1857572
:CaseImportance: Medium
"""
name = gen_string('alphanumeric')
file_path = f'/var{tailoring_file_path["satellite"]}'
tailoring_file = make_tailoringfile({
'name':
name,
'scap-file':
tailoring_file_path['satellite']
})
assert tailoring_file['name'] == name
result = TailoringFiles.download_tailoring_file({
'name': name,
'path': '/var/tmp/'
})
assert file_path in result
result = default_sat.execute(f'find {file_path} 2> /dev/null')
assert result.status == 0
assert file_path == result.stdout.strip()
def test_positive_associate_scap_policy_with_tailoringfiles_name(self):
"""Associate tailoring file by name to scap policy
:id: d0f9b244-b92d-4889-ba6a-8973ea05bf43
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "create" as sub-command.
3. Pass valid parameters.
4. Associate tailoring file by "tailoring-file" with policy
:expectedresults: The policy is created and associated successfully.
"""
_, file_name = os.path.split(settings.oscap.tailoring_path)
ssh.upload_file(
local_file=settings.oscap.tailoring_path,
remote_file="/tmp/{0}".format(file_name)
)
tailoring_file = make_tailoringfile({
'scap-file': '/tmp/{0}'.format(file_name)
})
tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id']
scap_policy = make_scap_policy({
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file': tailoring_file['name'],
'tailoring-file-profile-id': tailor_profile_id
})
self.assertEqual(scap_policy['tailoring-file-id'],
tailoring_file['id'])
self.assertEqual(scap_policy['tailoring-file-profile-id'],
tailor_profile_id)
def test_positive_download_tailoring_file(self):
""" Download the tailoring file from satellite
:id: 75d8c810-19a7-4285-bc3a-a1fb1a0e9088
:steps:
1.Create valid tailoring file with valid name
2.Execute "tailoring-file" command with "download" as sub-command
:expectedresults: The tailoring file should be downloaded
:CaseImportance: Critical
"""
name = gen_string('alphanumeric')
file_path = '/tmp/{0}.xml'.format(name)
tailoring_file = make_tailoringfile({
'name': name,
'scap-file': '/tmp/{0}'.format(self.file_name)})
self.assertEqual(tailoring_file['name'], name)
result = TailoringFiles.download_tailoring_file({
'name': name,
'path': '/tmp/'
})
self.assertIn(file_path, result[0])
result = ssh.command('find {0}'.format(file_path))
self.assertEqual(result.return_code, 0)
self.assertIn(file_path, result.stdout)
def test_negative_create_with_invalid_name(self):
"""Create Tailoring files with invalid name
:id: 973eee82-9735-49bb-b534-0de619aa0279
:steps:
1. Attempt to create tailoring file with invalid name parameter
:expectedresults: Tailoring file will not be added to satellite
:CaseImportance: Critical
"""
for name in invalid_names_list():
with self.subTest(name):
with pytest.raises(CLIFactoryError):
make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path})
def test_negative_create_with_invalid_file(self):
"""Create Tailoring files with invalid file
:id: 86f5ce13-856c-4e58-997f-fa21093edd04
:steps:
1. Attempt to create tailoring file with invalid file
:expectedresults: Tailoring file will not be added to satellite
:CaseImportance: Critical
"""
ssh.upload_file(
local_file=get_data_file(SNIPPET_DATA_FILE), remote_file=f'/tmp/{SNIPPET_DATA_FILE}',
)
name = gen_string('alphanumeric')
with pytest.raises(CLIFactoryError):
make_tailoringfile({'name': name, 'scap-file': f'/tmp/{SNIPPET_DATA_FILE}'})
def test_negative_create_with_invalid_name(self):
"""Create Tailoring files with invalid name
:id: 973eee82-9735-49bb-b534-0de619aa0279
:steps:
1. Attempt to create tailoring file with invalid name parameter
:expectedresults: Tailoring file will not be added to satellite
:CaseImportance: Critical
"""
for name in invalid_names_list():
with self.subTest(name):
with self.assertRaises(CLIFactoryError):
make_tailoringfile({
'name': name,
'scap-file': '/tmp/{0}'.format(self.file_name)})
def test_positive_list_tailoring_file(self):
"""List all created tailoring files
:id: 2ea63c4b-eebe-468d-8153-807e86d1b6a2
:setup: tailoring file
:steps:
1. Create different tailoring file with different valid name
2. Execute "tailoring-file" command with "list" as sub-command
:expectedresults: Tailoring files list should be displayed
:CaseImportance: Critical
"""
name = gen_string('alphanumeric')
make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path})
result = TailoringFiles.list()
assert name in [tailoringfile['name'] for tailoringfile in result]
def test_negative_create_with_invalid_name(self, tailoring_file_path,
name):
"""Create Tailoring files with invalid name
:id: 973eee82-9735-49bb-b534-0de619aa0279
:steps:
1. Attempt to create tailoring file with invalid name parameter
:expectedresults: Tailoring file will not be added to satellite
:parametrized: yes
:CaseImportance: Medium
"""
with pytest.raises(CLIFactoryError):
make_tailoringfile({
'name': name,
'scap-file': tailoring_file_path['satellite']
})
def test_positive_get_info_of_tailoring_file(self):
"""Get information of tailoring file
:id: bc201194-e8c8-4385-a577-09f3455f5a4d
:setup: tailoring file
:steps:
1. Create tailoring file with valid parameters
2. Execute "tailoring-file" command with "info" as sub-command
with valid parameter
:expectedresults: Tailoring file information should be displayed
:CaseImportance: Critical
"""
name = gen_string('alphanumeric')
make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path})
result = TailoringFiles.info({'name': name})
assert result['name'] == name
def test_negative_create_with_invalid_file(self):
"""Create Tailoring files with invalid file
:id: 86f5ce13-856c-4e58-997f-fa21093edd04
:steps:
1. Attempt to create tailoring file with invalid file
:expectedresults: Tailoring file will not be added to satellite
:CaseImportance: Critical
"""
ssh.upload_file(
local_file=get_data_file(SNIPPET_DATA_FILE),
remote_file='/tmp/{0}'.format(SNIPPET_DATA_FILE)
)
name = gen_string('alphanumeric')
with self.assertRaises(CLIFactoryError):
make_tailoringfile({
'name': name,
'scap-file': '/tmp/{0}'.format(SNIPPET_DATA_FILE)
})
def test_positive_list_tailoring_file(self):
"""List all created tailoring files
:id: 2ea63c4b-eebe-468d-8153-807e86d1b6a2
:setup: tailoring file
:steps:
1. Create different tailoring file with different valid name
2. Execute "tailoring-file" command with "list" as sub-command
:expectedresults: Tailoring files list should be displayed
:CaseImportance: Critical
"""
name = gen_string('alphanumeric')
make_tailoringfile({
'name': name,
'scap-file': '/tmp/{0}'.format(self.file_name)})
result = TailoringFiles.list()
self.assertIn(
name, [tailoringfile['name'] for tailoringfile in result])
def test_positive_get_info_of_tailoring_file(self):
"""Get information of tailoring file
:id: bc201194-e8c8-4385-a577-09f3455f5a4d
:setup: tailoring file
:steps:
1. Create tailoring file with valid parameters
2. Execute "tailoring-file" command with "info" as sub-command
with valid parameter
:expectedresults: Tailoring file information should be displayed
:CaseImportance: Critical
"""
name = gen_string('alphanumeric')
make_tailoringfile({
'name': name,
'scap-file': '/tmp/{0}'.format(self.file_name)})
result = TailoringFiles.info({'name': name})
self.assertEqual(result['name'], name)
def test_positive_create_with_space(self):
"""Create tailoring files with space in name
:id: c98ef4e7-41c5-4a8b-8a0b-8d53100b75a8
:steps:
1. Create valid tailoring file with space in name
:expectedresults: Tailoring file will be added to satellite
:CaseImportance: Critical
"""
name = gen_string('alphanumeric') + ' ' + gen_string('alphanumeric')
tailoring_file = make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path})
assert tailoring_file['name'] == name
def test_positive_update_scap_policy_with_tailoringfiles_name(self):
"""Update the scap policy by updating the scap tailoring file name
associated with the policy
:id: a2403170-51df-4561-9a58-820f77a5e048
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass tailoring-file as parameter.
:expectedresults: The scap policy is updated.
"""
_, file_name = os.path.split(settings.oscap.tailoring_path)
ssh.upload_file(local_file=settings.oscap.tailoring_path,
remote_file="/tmp/{0}".format(file_name))
tailoring_file = make_tailoringfile(
{'scap-file': '/tmp/{0}'.format(file_name)})
tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id']
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name':
name,
'deploy-by':
'ansible',
'scap-content-id':
self.scap_id_rhel6,
'scap-content-profile-id':
self.scap_profile_id_rhel6,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
})
self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6)
Scappolicy.update({
'name': name,
'tailoring-file': tailoring_file['name'],
'tailoring-file-profile-id': tailor_profile_id
})
scap_info = Scappolicy.info({'name': name})
self.assertEqual(scap_info['tailoring-file-id'], tailoring_file['id'])
self.assertEqual(scap_info['tailoring-file-profile-id'],
tailor_profile_id)
def test_positive_create_with_space(self):
"""Create tailoring files with space in name
:id: c98ef4e7-41c5-4a8b-8a0b-8d53100b75a8
:steps:
1. Create valid tailoring file with space in name
:expectedresults: Tailoring file will be added to satellite
:CaseImportance: Critical
"""
name = gen_string('alphanumeric') + ' ' + gen_string('alphanumeric')
tailoring_file = make_tailoringfile({
'name': name,
'scap-file': '/tmp/{0}'.format(self.file_name)})
self.assertEqual(tailoring_file['name'], name)
def test_positive_delete_tailoring_file(self):
""" Delete tailoring file
:id: 8bab5478-1ef1-484f-aafd-98e5cba7b1e7
:steps:
1. Create valid tailoring file with valid parameter
2. Execute "tailoring-file" command with "delete" as sub-command
:expectedresults: Tailoring file should be deleted
:CaseImportance: Critical
"""
tailoring_file = make_tailoringfile({'scap-file': self.tailoring_file_path})
TailoringFiles.delete({'id': tailoring_file['id']})
with pytest.raises(CLIReturnCodeError):
TailoringFiles.info({'id': tailoring_file['id']})
def test_positive_create(self):
"""Create new Tailoring Files using different values types as name
:id: e1bb4de2-1b64-4904-bc7c-f0befa9dbd6f
:steps:
1. Create valid tailoring file with valid parameter
:expectedresults: Tailoring file will be added to satellite
:CaseImportance: Critical
"""
for name in valid_data_list():
with self.subTest(name):
tailoring_file = make_tailoringfile({
'name': name,
'scap-file': '/tmp/{0}'.format(self.file_name)})
self.assertEqual(tailoring_file['name'], name)
def test_positive_associate_scap_policy_with_tailoringfiles_name(self):
"""Associate tailoring file by name to scap policy with all deployments
:id: d0f9b244-b92d-4889-ba6a-8973ea05bf43
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "create" as sub-command.
3. Pass valid parameters.
4. Associate tailoring file by "tailoring-file" with policy
:expectedresults: The policy is created and associated successfully.
"""
_, file_name = os.path.split(settings.oscap.tailoring_path)
ssh.upload_file(local_file=settings.oscap.tailoring_path,
remote_file="/tmp/{0}".format(file_name))
tailoring_file = make_tailoringfile(
{'scap-file': '/tmp/{0}'.format(file_name)})
tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id']
for deploy in ['puppet', 'ansible', 'manual']:
with self.subTest(deploy):
scap_policy = make_scap_policy({
'scap-content-id':
self.scap_id_rhel6,
'deploy-by':
deploy,
'scap-content-profile-id':
self.scap_profile_id_rhel6,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file':
tailoring_file['name'],
'tailoring-file-profile-id':
tailor_profile_id
})
self.assertEqual(scap_policy['deployment-option'], deploy)
self.assertEqual(scap_policy['tailoring-file-id'],
tailoring_file['id'])
self.assertEqual(scap_policy['tailoring-file-profile-id'],
tailor_profile_id)
def test_positive_create(self):
"""Create new Tailoring Files using different values types as name
:id: e1bb4de2-1b64-4904-bc7c-f0befa9dbd6f
:steps:
1. Create valid tailoring file with valid parameter
:expectedresults: Tailoring file will be added to satellite
:CaseImportance: Critical
"""
for name in valid_data_list():
with self.subTest(name):
tailoring_file = make_tailoringfile({
'name': name,
'scap-file': '/tmp/{0}'.format(self.file_name)})
self.assertEqual(tailoring_file['name'], name)
def test_positive_delete_tailoring_file(self):
""" Delete tailoring file
:id: 8bab5478-1ef1-484f-aafd-98e5cba7b1e7
:steps:
1. Create valid tailoring file with valid parameter
2. Execute "tailoring-file" command with "delete" as sub-command
:expectedresults: Tailoring file should be deleted
:CaseImportance: Critical
"""
tailoring_file = make_tailoringfile({
'scap-file': '/tmp/{0}'.format(self.file_name)})
TailoringFiles.delete({'id': tailoring_file['id']})
with self.assertRaises(CLIReturnCodeError):
TailoringFiles.info({'id': tailoring_file['id']})
def test_positive_create(self, tailoring_file_path, name):
"""Create new Tailoring Files using different values types as name
:id: e1bb4de2-1b64-4904-bc7c-f0befa9dbd6f
:steps:
1. Create valid tailoring file with valid parameter
:expectedresults: Tailoring file will be added to satellite
:parametrized: yes
"""
tailoring_file = make_tailoringfile({
'name':
name,
'scap-file':
tailoring_file_path['satellite']
})
assert tailoring_file['name'] == name
def test_positive_update_scap_policy_with_tailoringfiles_id(self):
"""Update the scap policy by updating the scap tailoring file id
associated with the policy
:id: 91a25e0b-d5d2-49d8-a3cd-1f3836ac323c
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass tailoring-file-id as parameter.
:expectedresults: The scap policy is updated.
"""
_, file_name = os.path.split(settings.oscap.tailoring_path)
ssh.upload_file(
local_file=settings.oscap.tailoring_path,
remote_file="/tmp/{0}".format(file_name)
)
tailoring_file = make_tailoringfile({
'scap-file': '/tmp/{0}'.format(file_name)
})
tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id']
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name': name,
'scap-content-id': self.scap_id_rhel6,
'scap-content-profile-id': self.scap_profile_id_rhel6,
'period': OSCAP_PERIOD['weekly'].lower(),
'weekday': OSCAP_WEEKDAY['friday'].lower(),
})
self.assertEqual(scap_policy['scap-content-id'], self.scap_id_rhel6)
Scappolicy.update({
'name': name,
'tailoring-file-id': tailoring_file['id'],
'tailoring-file-profile-id': tailor_profile_id
})
scap_info = Scappolicy.info({'name': name})
self.assertEqual(scap_info['tailoring-file-id'], tailoring_file['id'])
self.assertEqual(scap_info['tailoring-file-profile-id'],
tailor_profile_id)
def test_positive_update_scap_policy_with_tailoringfiles_name(self):
"""Update the scap policy by updating the scap tailoring file name
associated with the policy
:id: a2403170-51df-4561-9a58-820f77a5e048
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "update" as sub-command.
3. Pass tailoring-file as parameter.
:expectedresults: The scap policy is updated.
"""
tailoring_file = make_tailoringfile(
{'scap-file': self.tailoring_file_path})
tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id']
name = gen_string('alphanumeric')
scap_policy = make_scap_policy({
'name':
name,
'deploy-by':
'ansible',
'scap-content-id':
self.scap_id_rhel7,
'scap-content-profile-id':
self.scap_profile_id_rhel7,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
})
assert scap_policy['scap-content-id'] == self.scap_id_rhel7
Scappolicy.update({
'name': name,
'tailoring-file': tailoring_file['name'],
'tailoring-file-profile-id': tailor_profile_id
})
scap_info = Scappolicy.info({'name': name})
assert scap_info['tailoring-file-id'] == tailoring_file['id']
assert scap_info['tailoring-file-profile-id'] == tailor_profile_id
def test_positive_associate_scap_policy_with_tailoringfiles_name(self):
"""Associate tailoring file by name to scap policy with all deployments
:id: d0f9b244-b92d-4889-ba6a-8973ea05bf43
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "create" as sub-command.
3. Pass valid parameters.
4. Associate tailoring file by "tailoring-file" with policy
:expectedresults: The policy is created and associated successfully.
"""
tailoring_file = make_tailoringfile(
{'scap-file': self.tailoring_file_path})
tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id']
for deploy in ['puppet', 'ansible', 'manual']:
with self.subTest(deploy):
scap_policy = make_scap_policy({
'scap-content-id':
self.scap_id_rhel7,
'deploy-by':
deploy,
'scap-content-profile-id':
self.scap_profile_id_rhel7,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file':
tailoring_file['name'],
'tailoring-file-profile-id':
tailor_profile_id
})
assert scap_policy['deployment-option'] == deploy
assert scap_policy['tailoring-file-id'] == tailoring_file['id']
assert scap_policy[
'tailoring-file-profile-id'] == tailor_profile_id
def test_positive_associate_scap_policy_with_tailoringfiles_id(self):
"""Associate tailoring file by id to scap policy
:id: 4d60333d-ffd7-4c6c-9ba5-6a311ccf2910
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "create" as sub-command.
3. Pass valid parameters.
4. Associate tailoring file by "tailoring-file-id" with policy
:expectedresults: The policy is created and associated successfully.
"""
_, file_name = os.path.split(settings.oscap.tailoring_path)
ssh.upload_file(local_file=settings.oscap.tailoring_path,
remote_file="/tmp/{0}".format(file_name))
tailoring_file = make_tailoringfile(
{'scap-file': '/tmp/{0}'.format(file_name)})
tailor_profile_id = tailoring_file['tailoring-file-profiles'][0]['id']
scap_policy = make_scap_policy({
'scap-content-id':
self.scap_id_rhel6,
'scap-content-profile-id':
self.scap_profile_id_rhel6,
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailoring_file['id'],
'tailoring-file-profile-id':
tailor_profile_id
})
self.assertEqual(scap_policy['tailoring-file-id'],
tailoring_file['id'])
self.assertEqual(scap_policy['tailoring-file-profile-id'],
tailor_profile_id)
def test_positive_oscap_run_with_tailoring_file_and_capsule(self):
""" End-to-End Oscap run with tailoring files and default capsule
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
tailoring_file_name = gen_string('alpha')
tailor_path = get_data_file(settings.oscap.tailoring_path)
file_name = tailor_path.split('/')[(len(tailor_path.split('/')) - 1)]
ssh.upload_file(
local_file=tailor_path,
remote_file="/tmp/{0}".format(file_name)
)
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
tailor_result = make_tailoringfile({
'name': tailoring_file_name,
'scap-file': '/tmp/{0}'.format(file_name),
'organization': self.config_env['org_name']
})
result = TailoringFiles.info({'name': tailoring_file_name})
self.assertEqual(result['name'], tailoring_file_name)
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'),
policy_values.get('profile')
)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id': tailor_result['id'],
'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'],
'organizations': self.config_env['org_name']
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os)
)
self.assertTrue(vm.subscribed)
vm.configure_puppet(rhel7_repo)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep profile'
)
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
self.assertIsNotNone(
Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_oscap_run_with_tailoring_file_with_ansible(self):
"""End-to-End Oscap run with tailoring files via ansible
:id: c7ea56eb-6cf1-4e79-8d6a-fb872d1bb804
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Import Ansible role theforeman.foreman_scap_client
4. Import Ansible Variables needed for the role
5. Create a scap policy with anisble as deploy option
6. Associate scap content with it's tailoring file
7. Associate the policy with a hostgroup
8. Provision a host using the hostgroup
9. Configure REX and associate the Ansible role to created host
10. Play roles for the host
:expectedresults: REX job should be success and ARF report should be sent to satellite
reflecting the changes done via tailoring files
:BZ: 1716307
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'organizations': self.config_env['org_name'],
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
tailor_path,
'organization':
self.config_env['org_name'],
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
Ansible.roles_import({'proxy-id': self.proxy_id})
Ansible.variables_import({'proxy-id': self.proxy_id})
role_id = Ansible.roles_list({'search':
'foreman_scap_client'})[0].get('id')
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
policy_values.get('hgrp'),
'deploy-by':
'ansible',
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name'],
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
assert vm.subscribed
Host.set_parameter({
'host': vm.hostname.lower(),
'name': 'remote_execution_connect_by_ip',
'value': 'True',
})
vm.configure_rhel_repo(settings.rhel7_repo)
add_remote_execution_ssh_key(vm.ip_addr)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'ansible-role-ids': role_id,
})
job_id = Host.ansible_roles_play({'name': vm.hostname.lower()
})[0].get('id')
wait_for_tasks(
f"resource_type = JobInvocation and resource_id = {job_id} and "
"action ~ \"hosts job\"")
try:
result = JobInvocation.info({'id': job_id})['success']
assert result == '1'
except AssertionError:
output = ' '.join(
JobInvocation.get_output({
'id': job_id,
'host': vm.hostname
}))
result = f'host output: {output}'
raise AssertionError(result)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_oscap_run_with_tailoring_file_and_capsule(self):
"""End-to-End Oscap run with tailoring files and default capsule via puppet
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:BZ: 1722475
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
'puppet-classes': self.puppet_classes,
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
tailor_path,
'organization':
self.config_env['org_name'],
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id':
scap_id,
'deploy-by':
'puppet',
'hostgroups':
policy_values.get('hgrp'),
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name'],
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'puppet-environment-id': self.puppet_env.id,
})
vm.configure_puppet(rhel7_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_associate_scap_policy_with_tailoringfiles(
self, deploy, scap_content, tailoring_file_path):
"""Associate tailoring file by name/id to scap policy with all deployments
:id: d0f9b244-b92d-4889-ba6a-8973ea05bf43
:parametrized: yes
:steps:
1. Login to hammer shell.
2. Execute "policy" command with "create" as sub-command.
3. Pass valid parameters.
4. Associate tailoring file by name/id with policy
:expectedresults: The policy is created and associated successfully.
"""
tailoring_file_a = make_tailoringfile(
{'scap-file': tailoring_file_path['satellite']})
tailoring_file_profile_a_id = tailoring_file_a[
'tailoring-file-profiles'][0]['id']
tailoring_file_b = make_tailoringfile(
{'scap-file': tailoring_file_path['satellite']})
tailoring_file_profile_b_id = tailoring_file_b[
'tailoring-file-profiles'][0]['id']
scap_policy = make_scap_policy({
'scap-content-id':
scap_content["scap_id"],
'deploy-by':
deploy,
'scap-content-profile-id':
scap_content["scap_profile_id"],
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file':
tailoring_file_a['name'],
'tailoring-file-profile-id':
tailoring_file_profile_a_id,
})
assert scap_policy['deployment-option'] == deploy
assert scap_policy['tailoring-file-id'] == tailoring_file_a['id']
assert scap_policy[
'tailoring-file-profile-id'] == tailoring_file_profile_a_id
Scappolicy.update({
'name':
scap_policy['name'],
'tailoring-file':
tailoring_file_b['name'],
'tailoring-file-profile-id':
tailoring_file_profile_b_id,
})
scap_info = Scappolicy.info({'name': scap_policy['name']})
assert scap_info['tailoring-file-id'] == tailoring_file_b['id']
assert scap_info[
'tailoring-file-profile-id'] == tailoring_file_profile_b_id
Scappolicy.delete({'name': scap_policy['name']})
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'name': scap_policy['name']})
scap_policy = make_scap_policy({
'scap-content-id':
scap_content["scap_id"],
'deploy-by':
deploy,
'scap-content-profile-id':
scap_content["scap_profile_id"],
'period':
OSCAP_PERIOD['weekly'].lower(),
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailoring_file_a['id'],
'tailoring-file-profile-id':
tailoring_file_profile_a_id,
})
assert scap_policy['deployment-option'] == deploy
assert scap_policy['tailoring-file-id'] == tailoring_file_a['id']
assert scap_policy[
'tailoring-file-profile-id'] == tailoring_file_profile_a_id
Scappolicy.update({
'id':
scap_policy['id'],
'tailoring-file-id':
tailoring_file_b['id'],
'tailoring-file-profile-id':
tailoring_file_profile_b_id,
})
scap_info = Scappolicy.info({'id': scap_policy['id']})
assert scap_info['tailoring-file-id'] == tailoring_file_b['id']
assert scap_info[
'tailoring-file-profile-id'] == tailoring_file_profile_b_id
Scappolicy.delete({'id': scap_policy['id']})
with pytest.raises(CLIReturnCodeError):
Scapcontent.info({'name': scap_policy['name']})
def test_positive_oscap_run_with_tailoring_file_and_capsule(
module_org, default_proxy, content_view, lifecycle_env, puppet_env):
"""End-to-End Oscap run with tailoring files and default capsule via puppet
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:BZ: 1722475
:CaseImportance: Critical
"""
hgrp_name = gen_string('alpha')
policy_name = gen_string('alpha')
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group.
make_hostgroup({
'content-source': settings.server.hostname,
'name': hgrp_name,
'puppet-environment-id': puppet_env.id,
'puppet-ca-proxy': settings.server.hostname,
'puppet-proxy': settings.server.hostname,
'organizations': module_org.name,
'puppet-classes': puppet_classes,
})
tailor_result = make_tailoringfile({
'name': tailoring_file_name,
'scap-file': tailor_path,
'organization': module_org.name,
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy.
scap_id, scap_profile_id = fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel7_content'], OSCAP_PROFILE['security7'])
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
hgrp_name,
'deploy-by':
'puppet',
'name':
policy_name,
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
module_org.name,
})
# Creates vm's and runs openscap scan and uploads report to satellite6.
with VMBroker(nick=DISTRO_RHEL7, host_classes={'host': ContentHost}) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(module_org.name, ak_name[DISTRO_RHEL7])
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': lifecycle_env.name,
'content-view': content_view.name,
'hostgroup': hgrp_name,
'openscap-proxy-id': default_proxy,
'organization': module_org.name,
'puppet-environment-id': puppet_env.id,
})
vm.configure_puppet(settings.repos.rhel7_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
Arfreport.delete({'id': arf_report[0].get('id')})
def test_positive_oscap_run_with_tailoring_file_and_capsule(self):
""" End-to-End Oscap run with tailoring files and default capsule
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
tailoring_file_name = gen_string('alpha')
tailor_path = get_data_file(settings.oscap.tailoring_path)
file_name = tailor_path.split('/')[(len(tailor_path.split('/')) - 1)]
ssh.upload_file(local_file=tailor_path,
remote_file="/tmp/{0}".format(file_name))
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
'/tmp/{0}'.format(file_name),
'organization':
self.config_env['org_name']
})
result = TailoringFiles.info({'name': tailoring_file_name})
self.assertEqual(result['name'], tailoring_file_name)
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
policy_values.get('hgrp'),
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name']
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
self.assertTrue(vm.subscribed)
vm.configure_puppet(rhel7_repo)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(u'cat /etc/foreman_scap_client/config.yaml'
'| grep profile')
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
self.assertIsNotNone(
Arfreport.list(
{'search': 'host={0}'.format(vm.hostname.lower())}))
