def test_positive_delete_tailoring_file(self):
""" Delete tailoring file
:id: 8bab5478-1ef1-484f-aafd-98e5cba7b1e7
:steps:
1. Create valid tailoring file with valid parameter
2. Execute "tailoring-file" command with "delete" as sub-command
:expectedresults: Tailoring file should be deleted
:CaseImportance: Critical
"""
tailoring_file = make_tailoringfile({'scap-file': self.tailoring_file_path})
TailoringFiles.delete({'id': tailoring_file['id']})
with pytest.raises(CLIReturnCodeError):
TailoringFiles.info({'id': tailoring_file['id']})
def test_positive_delete_tailoring_file(self):
""" Delete tailoring file
:id: 8bab5478-1ef1-484f-aafd-98e5cba7b1e7
:steps:
1. Create valid tailoring file with valid parameter
2. Execute "tailoring-file" command with "delete" as sub-command
:expectedresults: Tailoring file should be deleted
:CaseImportance: Critical
"""
tailoring_file = make_tailoringfile({
'scap-file': '/tmp/{0}'.format(self.file_name)})
TailoringFiles.delete({'id': tailoring_file['id']})
with self.assertRaises(CLIReturnCodeError):
TailoringFiles.info({'id': tailoring_file['id']})
def test_positive_get_info_of_tailoring_file(self):
"""Get information of tailoring file
:id: bc201194-e8c8-4385-a577-09f3455f5a4d
:setup: tailoring file
:steps:
1. Create tailoring file with valid parameters
2. Execute "tailoring-file" command with "info" as sub-command
with valid parameter
:expectedresults: Tailoring file information should be displayed
:CaseImportance: Critical
"""
name = gen_string('alphanumeric')
make_tailoringfile({'name': name, 'scap-file': self.tailoring_file_path})
result = TailoringFiles.info({'name': name})
assert result['name'] == name
def test_positive_get_info_of_tailoring_file(self):
"""Get information of tailoring file
:id: bc201194-e8c8-4385-a577-09f3455f5a4d
:setup: tailoring file
:steps:
1. Create tailoring file with valid parameters
2. Execute "tailoring-file" command with "info" as sub-command
with valid parameter
:expectedresults: Tailoring file information should be displayed
:CaseImportance: Critical
"""
name = gen_string('alphanumeric')
make_tailoringfile({
'name': name,
'scap-file': '/tmp/{0}'.format(self.file_name)})
result = TailoringFiles.info({'name': name})
self.assertEqual(result['name'], name)
def test_positive_oscap_run_with_tailoring_file_with_ansible(self):
"""End-to-End Oscap run with tailoring files via ansible
:id: c7ea56eb-6cf1-4e79-8d6a-fb872d1bb804
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Import Ansible role theforeman.foreman_scap_client
4. Import Ansible Variables needed for the role
5. Create a scap policy with anisble as deploy option
6. Associate scap content with it's tailoring file
7. Associate the policy with a hostgroup
8. Provision a host using the hostgroup
9. Configure REX and associate the Ansible role to created host
10. Play roles for the host
:expectedresults: REX job should be success and ARF report should be sent to satellite
reflecting the changes done via tailoring files
:BZ: 1716307
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'organizations': self.config_env['org_name'],
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
tailor_path,
'organization':
self.config_env['org_name'],
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
Ansible.roles_import({'proxy-id': self.proxy_id})
Ansible.variables_import({'proxy-id': self.proxy_id})
role_id = Ansible.roles_list({'search':
'foreman_scap_client'})[0].get('id')
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
policy_values.get('hgrp'),
'deploy-by':
'ansible',
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name'],
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
assert vm.subscribed
Host.set_parameter({
'host': vm.hostname.lower(),
'name': 'remote_execution_connect_by_ip',
'value': 'True',
})
vm.configure_rhel_repo(settings.rhel7_repo)
add_remote_execution_ssh_key(vm.ip_addr)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'ansible-role-ids': role_id,
})
job_id = Host.ansible_roles_play({'name': vm.hostname.lower()
})[0].get('id')
wait_for_tasks(
f"resource_type = JobInvocation and resource_id = {job_id} and "
"action ~ \"hosts job\"")
try:
result = JobInvocation.info({'id': job_id})['success']
assert result == '1'
except AssertionError:
output = ' '.join(
JobInvocation.get_output({
'id': job_id,
'host': vm.hostname
}))
result = f'host output: {output}'
raise AssertionError(result)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_oscap_run_with_tailoring_file_and_capsule(self):
"""End-to-End Oscap run with tailoring files and default capsule via puppet
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:BZ: 1722475
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7'],
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo
}
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': self.proxy_id,
'name': hgrp7_name,
'puppet-environment-id': self.puppet_env.id,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name'],
'puppet-classes': self.puppet_classes,
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
tailor_path,
'organization':
self.config_env['org_name'],
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id':
scap_id,
'deploy-by':
'puppet',
'hostgroups':
policy_values.get('hgrp'),
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name'],
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': self.proxy_id,
'organization': self.config_env['org_name'],
'puppet-environment-id': self.puppet_env.id,
})
vm.configure_puppet(rhel7_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.return_code == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
result = Arfreport.list({'search': f'host={vm.hostname.lower()}'})
assert result is not None
def test_positive_oscap_run_with_tailoring_file_and_capsule(
module_org, default_proxy, content_view, lifecycle_env, puppet_env):
"""End-to-End Oscap run with tailoring files and default capsule via puppet
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:BZ: 1722475
:CaseImportance: Critical
"""
hgrp_name = gen_string('alpha')
policy_name = gen_string('alpha')
tailoring_file_name = gen_string('alpha')
tailor_path = file_downloader(file_url=settings.oscap.tailoring_path,
hostname=settings.server.hostname)[0]
# Creates host_group.
make_hostgroup({
'content-source': settings.server.hostname,
'name': hgrp_name,
'puppet-environment-id': puppet_env.id,
'puppet-ca-proxy': settings.server.hostname,
'puppet-proxy': settings.server.hostname,
'organizations': module_org.name,
'puppet-classes': puppet_classes,
})
tailor_result = make_tailoringfile({
'name': tailoring_file_name,
'scap-file': tailor_path,
'organization': module_org.name,
})
result = TailoringFiles.info({'name': tailoring_file_name})
assert result['name'] == tailoring_file_name
# Creates oscap_policy.
scap_id, scap_profile_id = fetch_scap_and_profile_id(
OSCAP_DEFAULT_CONTENT['rhel7_content'], OSCAP_PROFILE['security7'])
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
hgrp_name,
'deploy-by':
'puppet',
'name':
policy_name,
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
module_org.name,
})
# Creates vm's and runs openscap scan and uploads report to satellite6.
with VMBroker(nick=DISTRO_RHEL7, host_classes={'host': ContentHost}) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(module_org.name, ak_name[DISTRO_RHEL7])
assert vm.subscribed
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': lifecycle_env.name,
'content-view': content_view.name,
'hostgroup': hgrp_name,
'openscap-proxy-id': default_proxy,
'organization': module_org.name,
'puppet-environment-id': puppet_env.id,
})
vm.configure_puppet(settings.repos.rhel7_repo)
result = vm.run(
'cat /etc/foreman_scap_client/config.yaml | grep profile')
assert result.status == 0
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
arf_report = Arfreport.list({
'search': f'host={vm.hostname.lower()}',
'per-page': 1
})
assert arf_report is not None
Arfreport.delete({'id': arf_report[0].get('id')})
def test_positive_oscap_run_with_tailoring_file_and_capsule(self):
""" End-to-End Oscap run with tailoring files and default capsule
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
tailoring_file_name = gen_string('alpha')
tailor_path = get_data_file(settings.oscap.tailoring_path)
file_name = tailor_path.split('/')[(len(tailor_path.split('/')) - 1)]
ssh.upload_file(local_file=tailor_path,
remote_file="/tmp/{0}".format(file_name))
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
tailor_result = make_tailoringfile({
'name':
tailoring_file_name,
'scap-file':
'/tmp/{0}'.format(file_name),
'organization':
self.config_env['org_name']
})
result = TailoringFiles.info({'name': tailoring_file_name})
self.assertEqual(result['name'], tailoring_file_name)
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'), policy_values.get('profile'))
make_scap_policy({
'scap-content-id':
scap_id,
'hostgroups':
policy_values.get('hgrp'),
'name':
policy_values.get('policy'),
'period':
OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id':
scap_profile_id,
'weekday':
OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id':
tailor_result['id'],
'tailoring-file-profile-id':
tailor_result['tailoring-file-profiles'][0]['id'],
'organizations':
self.config_env['org_name']
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os))
self.assertTrue(vm.subscribed)
vm.configure_puppet(rhel7_repo)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(u'cat /etc/foreman_scap_client/config.yaml'
'| grep profile')
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
self.assertIsNotNone(
Arfreport.list(
{'search': 'host={0}'.format(vm.hostname.lower())}))
def test_positive_oscap_run_with_tailoring_file_and_capsule(self):
""" End-to-End Oscap run with tailoring files and default capsule
:id: 346946ad-4f62-400e-9390-81817006048c
:setup: scap content, scap policy, tailoring file, host group
:steps:
1. Create a valid scap content
2. Upload a valid tailoring file
3. Create a scap policy
4. Associate scap content with it's tailoring file
5. Associate the policy with a hostgroup
6. Provision a host using the hostgroup
7. Puppet should configure and fetch the scap content
and tailoring file
:expectedresults: ARF report should be sent to satellite reflecting
the changes done via tailoring files
:CaseImportance: Critical
"""
if settings.rhel7_repo is None:
self.skipTest('Missing configuration for rhel7_repo')
rhel7_repo = settings.rhel7_repo
hgrp7_name = gen_string('alpha')
policy_values = {
'content': self.rhel7_content,
'hgrp': hgrp7_name,
'policy': gen_string('alpha'),
'profile': OSCAP_PROFILE['security7']
}
vm_values = {
'distro': DISTRO_RHEL7,
'hgrp': hgrp7_name,
'rhel_repo': rhel7_repo,
}
tailoring_file_name = gen_string('alpha')
tailor_path = get_data_file(settings.oscap.tailoring_path)
file_name = tailor_path.split('/')[(len(tailor_path.split('/')) - 1)]
ssh.upload_file(
local_file=tailor_path,
remote_file="/tmp/{0}".format(file_name)
)
# Creates host_group for rhel7
make_hostgroup({
'content-source-id': 1,
'name': hgrp7_name,
'puppet-ca-proxy': self.config_env['sat6_hostname'],
'puppet-proxy': self.config_env['sat6_hostname'],
'organizations': self.config_env['org_name']
})
tailor_result = make_tailoringfile({
'name': tailoring_file_name,
'scap-file': '/tmp/{0}'.format(file_name),
'organization': self.config_env['org_name']
})
result = TailoringFiles.info({'name': tailoring_file_name})
self.assertEqual(result['name'], tailoring_file_name)
# Creates oscap_policy for rhel7.
scap_id, scap_profile_id = self.fetch_scap_and_profile_id(
policy_values.get('content'),
policy_values.get('profile')
)
make_scap_policy({
'scap-content-id': scap_id,
'hostgroups': policy_values.get('hgrp'),
'name': policy_values.get('policy'),
'period': OSCAP_PERIOD['weekly'].lower(),
'scap-content-profile-id': scap_profile_id,
'weekday': OSCAP_WEEKDAY['friday'].lower(),
'tailoring-file-id': tailor_result['id'],
'tailoring-file-profile-id': tailor_result['tailoring-file-profiles'][0]['id'],
'organizations': self.config_env['org_name']
})
distro_os = vm_values.get('distro')
with VirtualMachine(distro=distro_os) as vm:
host_name, _, host_domain = vm.hostname.partition('.')
vm.install_katello_ca()
vm.register_contenthost(
self.config_env['org_name'],
self.config_env['ak_name'].get(distro_os)
)
self.assertTrue(vm.subscribed)
vm.configure_puppet(rhel7_repo)
Host.update({
'name': vm.hostname.lower(),
'lifecycle-environment': self.config_env['env_name'],
'content-view': self.config_env['cv_name'],
'hostgroup': vm_values.get('hgrp'),
'openscap-proxy-id': 1,
'organization': self.config_env['org_name'],
'environment': 'production'
})
# Run "puppet agent -t" twice so that it detects it's,
# satellite6 and fetch katello SSL certs.
for _ in range(2):
vm.run(u'puppet agent -t 2> /dev/null')
result = vm.run(
u'cat /etc/foreman_scap_client/config.yaml'
'| grep profile'
)
self.assertEqual(result.return_code, 0)
# Runs the actual oscap scan on the vm/clients and
# uploads report to Internal Capsule.
vm.execute_foreman_scap_client()
# Assert whether oscap reports are uploaded to
# Satellite6.
self.assertIsNotNone(
Arfreport.list({'search': 'host={0}'.format(vm.hostname.lower())}))