def testTailDefer(self):
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.global_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
with mock.patch.object(change_set, '_Whitelist'):
change_set._CommitBlockableChangeSet(self.binary.key)
# Tail defer should have been added.
self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 1)
# Only the local rule should have been committed first.
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertFalse(self.global_rule.key.get().is_committed)
self.assertEntityCount(rule_models.RuleChangeSet, 1)
# Run the deferred commit attempt.
self.RunDeferredTasks(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE)
# Tail defer should not have been added as there are no more changes.
self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 0)
# Both rules should now have been committed.
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertEntityCount(rule_models.RuleChangeSet, 0)
def testWhitelist_LocalRule_Fulfilled(self):
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
fi = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(self.local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self._PatchApiRequests([fi], fi)
change_set.CommitBlockableChangeSet(self.binary.key)
utils.CONTEXT.ExecuteRequest.assert_has_calls([
mock.call(
'GET',
api_route='fileInstance',
query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234']),
mock.call('POST',
api_route='fileInstance',
data={
'id': 9012,
'localState': 2,
'fileCatalogId': 1234,
'computerId': 5678
},
query_args=None)
])
self.assertTrue(self.local_rule.key.get().is_fulfilled)
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testFailure_RetryAndSucceed(self):
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
fi = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(self.local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
computer = api.Computer(id=5678, sync_percent=90)
computer.last_poll_date = datetime.datetime.utcnow()
self._PatchApiRequests([], computer, [], computer, [], computer, [fi],
fi)
change_set.CommitBlockableChangeSet(self.binary.key)
expected_call = mock.call('POST',
api_route='fileInstance',
data={
'id': 9012,
'localState': 2,
'fileCatalogId': 1234,
'computerId': 5678
},
query_args=None)
self.assertTrue(
expected_call in utils.CONTEXT.ExecuteRequest.mock_calls)
def setUp(self):
app = webapp2.WSGIApplication(
[webapp2.Route('/', handler=cron.CommitAllChangeSets)])
super(CommitAllChangeSetsTest, self).setUp(wsgi_app=app)
self.binary = test_utils.CreateBit9Binary()
self.change = test_utils.CreateRuleChangeSet(self.binary.key)
def testWhitelist_GlobalRule_Certificate(self):
cert = test_utils.CreateBit9Certificate(id='1a2b')
global_rule = test_utils.CreateBit9Rule(cert.key, host_id='')
change = test_utils.CreateRuleChangeSet(
cert.key,
rule_keys=[global_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
api_cert = api.Certificate(id=9012,
thumbprint='1a2b',
certificate_state=1)
self.PatchApiRequests([api_cert], api_cert)
change_set._CommitBlockableChangeSet(cert.key)
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call('GET',
api_route='certificate',
query_args=['q=thumbprint:1a2b']),
mock.call('POST',
api_route='certificate',
data={
'id': 9012,
'thumbprint': '1a2b',
'certificateState': 2
},
query_args=None)
])
self.assertTrue(global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testBlacklist_MixedRules(self):
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key, self.global_rule.key],
change_type=constants.RULE_POLICY.BLACKLIST)
with self.assertRaises(deferred.PermanentTaskFailure):
change_set._CommitBlockableChangeSet(self.binary.key)
def testRemove_MixedRules(self):
other_local_rule = test_utils.CreateBit9Rule(
self.binary.key, host_id='9012')
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[
self.local_rule.key, other_local_rule.key, self.global_rule.key],
change_type=constants.RULE_POLICY.REMOVE)
fi1 = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(self.local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.APPROVED)
fi2 = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(other_local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.APPROVED)
rule = api.FileRule(
file_catalog_id=1234, file_state=bit9_constants.APPROVAL_STATE.APPROVED)
self.PatchApiRequests([fi1], fi1, [fi2], fi2, rule)
change_set._CommitBlockableChangeSet(self.binary.key)
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'GET', api_route='fileInstance',
query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234']),
mock.call(
'POST', api_route='fileInstance',
data={'id': 9012,
'localState': 1,
'fileCatalogId': 1234,
'computerId': 5678},
query_args=None),
mock.call(
'GET', api_route='fileInstance',
query_args=[r'q=computerId:9012', 'q=fileCatalogId:1234']),
mock.call(
'POST', api_route='fileInstance',
data={'id': 9012,
'localState': 1,
'fileCatalogId': 1234,
'computerId': 9012},
query_args=None),
mock.call(
'POST', api_route='fileRule',
data={'fileCatalogId': 1234, 'fileState': 1}, query_args=None),
])
self.assertTrue(self.local_rule.key.get().is_fulfilled)
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertTrue(other_local_rule.key.get().is_fulfilled)
self.assertTrue(other_local_rule.key.get().is_committed)
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.RULE] * 2)
def testBlacklist_GlobalRule_Multiple(self):
other_global_rule = test_utils.CreateBit9Rule(self.binary.key)
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.global_rule.key, other_global_rule.key],
change_type=constants.RULE_POLICY.BLACKLIST)
with self.assertRaises(deferred.PermanentTaskFailure):
change_set._CommitBlockableChangeSet(self.binary.key)
def setUp(self):
app = webapp2.WSGIApplication([
webapp2.Route(
'/<blockable_id>',
handler=handlers.CommitBlockableChangeSet)])
super(CommitBlockableChangeSetTest, self).setUp(wsgi_app=app)
self.binary = test_utils.CreateBit9Binary()
self.change = test_utils.CreateRuleChangeSet(self.binary.key)
def setUp(self):
super(DeferCommitBlockableChangeSetTest, self).setUp()
self.binary = test_utils.CreateBit9Binary(file_catalog_id='1234')
self.local_rule = test_utils.CreateBit9Rule(self.binary.key, host_id='5678')
self.change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
def testAll(self, mock_metric):
binary = test_utils.CreateBit9Binary()
change = test_utils.CreateRuleChangeSet(binary.key)
other_binary = test_utils.CreateBit9Binary()
# Create two changesets so we're sure we're doing only 1 task per blockable.
real_change = test_utils.CreateRuleChangeSet(other_binary.key)
unused_change = test_utils.CreateRuleChangeSet(other_binary.key)
self.assertTrue(real_change.recorded_dt < unused_change.recorded_dt)
self.testapp.get('/')
self.assertEqual(2, mock_metric.Set.call_args_list[0][0][0])
self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 2)
with mock.patch.object(change_set, '_CommitChangeSet') as mock_commit:
self.RunDeferredTasks(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE)
expected_calls = [mock.call(change.key), mock.call(real_change.key)]
self.assertSameElements(expected_calls, mock_commit.mock_calls)
def testFailure_ExceedRetryLimit(self):
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
computer = api.Computer(id=5678, sync_percent=90)
computer.last_poll_date = datetime.datetime.utcnow()
self._PatchApiRequests([], computer, [], computer, [], computer, [],
computer)
with self.assertRaises(deferred.PermanentTaskFailure):
change_set.CommitBlockableChangeSet(self.binary.key)
def testTailDefer_MoreChanges(self):
test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.BLACKLIST)
with mock.patch.object(change_set, '_CommitChangeSet') as mock_commit:
change_set.DeferCommitBlockableChangeSet(self.binary.key)
self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 1)
self.RunDeferredTasks(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE)
# Tail defer task for remaining change.
self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 1)
mock_commit.assert_called_once_with(self.change.key)
def testWhitelist_LocalRule_Certificate(self):
cert = test_utils.CreateBit9Certificate()
local_rule = test_utils.CreateBit9Rule(cert.key, host_id='5678')
change = test_utils.CreateRuleChangeSet(
cert.key,
rule_keys=[local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
change_set._CommitBlockableChangeSet(cert.key)
self.assertIsNotNone(self.local_rule.key.get().is_fulfilled)
self.assertFalse(local_rule.key.get().is_fulfilled)
self.assertTrue(local_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testWhitelist_GlobalRule(self):
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.global_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
self.PatchApiRequests(api.Computer(id=5678))
change_set._CommitBlockableChangeSet(self.binary.key)
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'POST', api_route='fileRule',
data={'fileCatalogId': 1234, 'fileState': 2}, query_args=None)])
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testBlacklist_GlobalRule(self):
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.global_rule.key],
change_type=constants.RULE_POLICY.BLACKLIST)
rule = api.FileRule(
file_catalog_id=1234,
file_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self.PatchApiRequests(rule)
change_set._CommitBlockableChangeSet(self.binary.key)
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'POST', api_route='fileRule',
data={'fileCatalogId': 1234, 'fileState': 3}, query_args=None)])
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testWhitelist_LocalRule_NotFulfilled(self):
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
computer = api.Computer(id=5678, sync_percent=100)
computer.last_poll_date = datetime.datetime.utcnow()
self.PatchApiRequests([], computer)
change_set._CommitBlockableChangeSet(self.binary.key)
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'GET', api_route='fileInstance',
query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234'])])
self.assertIsNotNone(self.local_rule.key.get().is_fulfilled)
self.assertFalse(self.local_rule.key.get().is_fulfilled)
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
