foreman_openscap 0.6.3 → 0.6.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/app/assets/javascripts/foreman_openscap/openscap_proxy.js +7 -0
- data/app/assets/javascripts/foreman_openscap/policy_edit.js +15 -0
- data/app/controllers/api/v2/compliance/arf_reports_controller.rb +2 -2
- data/app/controllers/api/v2/compliance/policies_controller.rb +16 -4
- data/app/controllers/api/v2/compliance/scap_contents_controller.rb +2 -2
- data/app/controllers/api/v2/compliance/tailoring_files_controller.rb +92 -0
- data/app/controllers/concerns/foreman/controller/parameters/policy_api.rb +2 -2
- data/app/controllers/concerns/foreman/controller/parameters/tailoring_file.rb +15 -0
- data/app/controllers/openscap_proxies_controller.rb +31 -0
- data/app/controllers/policies_controller.rb +14 -15
- data/app/controllers/scap_contents_controller.rb +0 -10
- data/app/controllers/tailoring_files_controller.rb +75 -0
- data/app/helpers/compliance_dashboard_helper.rb +2 -2
- data/app/helpers/policies_helper.rb +29 -1
- data/app/helpers/tailoring_files_helper.rb +5 -0
- data/app/lib/proxy_api/openscap.rb +18 -2
- data/app/models/concerns/foreman_openscap/data_stream_content.rb +43 -0
- data/app/models/concerns/foreman_openscap/host_extensions.rb +1 -1
- data/app/models/concerns/foreman_openscap/hostgroup_extensions.rb +8 -0
- data/app/models/foreman_openscap/policy.rb +28 -3
- data/app/models/foreman_openscap/scap_content.rb +4 -72
- data/app/models/foreman_openscap/scap_content_profile.rb +2 -0
- data/app/models/foreman_openscap/tailoring_file.rb +19 -0
- data/app/services/foreman_openscap/openscap_proxy_version_check.rb +63 -0
- data/app/validators/foreman_openscap/data_stream_validator.rb +44 -0
- data/app/views/api/v2/compliance/policies/base.json.rabl +2 -1
- data/app/views/api/v2/compliance/tailoring_files/base.json.rabl +6 -0
- data/app/views/api/v2/compliance/tailoring_files/index.json.rabl +3 -0
- data/app/views/api/v2/compliance/tailoring_files/main.json.rabl +5 -0
- data/app/views/api/v2/compliance/tailoring_files/show.json.rabl +7 -0
- data/app/views/arf_reports/_list.html.erb +3 -2
- data/app/views/dashboard/_compliance_host_reports_widget.html.erb +3 -3
- data/app/views/policies/_form.html.erb +9 -0
- data/app/views/policies/_list.html.erb +16 -4
- data/app/views/policies/_tailoring_file_selected.html.erb +3 -0
- data/app/views/policies/steps/_scap_content_form.html.erb +8 -0
- data/app/views/policies/welcome.html.erb +12 -13
- data/app/views/scap_contents/_list.html.erb +1 -1
- data/app/views/scap_contents/welcome.html.erb +14 -13
- data/app/views/smart_proxies/_openscap_spool.html.erb +9 -0
- data/app/views/smart_proxies/plugins/_openscap.html.erb +12 -0
- data/app/views/tailoring_files/_form.html.erb +25 -0
- data/app/views/tailoring_files/_list.html.erb +29 -0
- data/app/views/tailoring_files/edit.html.erb +3 -0
- data/app/views/tailoring_files/index.html.erb +3 -0
- data/app/views/tailoring_files/new.html.erb +3 -0
- data/app/views/tailoring_files/welcome.html.erb +21 -0
- data/config/routes.rb +22 -0
- data/db/migrate/20161109155255_create_tailoring_files.rb +23 -0
- data/db/migrate/20161223153249_add_permissions_to_arf_report.rb +11 -0
- data/lib/foreman_openscap/engine.rb +30 -5
- data/lib/foreman_openscap/version.rb +1 -1
- data/test/factories/policy_factory.rb +2 -0
- data/test/factories/scap_content_related.rb +7 -0
- data/test/files/tailoring_files/ssg-firefox-ds-tailoring-2.xml +23 -0
- data/test/files/tailoring_files/ssg-firefox-ds-tailoring.xml +31 -0
- data/test/functional/api/v2/compliance/policies_controller_test.rb +35 -8
- data/test/functional/api/v2/compliance/scap_contents_controller_test.rb +1 -1
- data/test/functional/api/v2/compliance/tailoring_files_controller_test.rb +63 -0
- data/test/functional/openscap_proxies_controller_test.rb +14 -0
- data/test/functional/tailoring_files_controller_test.rb +38 -0
- data/test/test_plugin_helper.rb +18 -24
- data/test/unit/openscap_host_test.rb +11 -1
- data/test/unit/policy_test.rb +26 -0
- data/test/unit/services/tailoring_files_proxy_check_test.rb +27 -0
- data/test/unit/tailoring_file_test.rb +26 -0
- metadata +59 -20
@@ -12,4 +12,11 @@ FactoryGirl.define do
|
|
12
12
|
f.profile_id 'xccdf_org.test.common_test_profile'
|
13
13
|
f.title 'test Profile for testing'
|
14
14
|
end
|
15
|
+
|
16
|
+
factory :tailoring_file, :class => ForemanOpenscap::TailoringFile do |f|
|
17
|
+
f.sequence(:name) { |n| "tailoring_file_#{n}" }
|
18
|
+
f.original_filename 'original tailoring filename'
|
19
|
+
f.scap_file { File.new("#{ForemanOpenscap::Engine.root}/test/files/tailoring_files/ssg-firefox-ds-tailoring.xml", 'rb').read }
|
20
|
+
f.scap_content_profiles []
|
21
|
+
end
|
15
22
|
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
|
3
|
+
<xccdf:benchmark href="/usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml"/>
|
4
|
+
<xccdf:version time="2016-11-23T11:15:52">1</xccdf:version>
|
5
|
+
<xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized_again" extends="xccdf_org.ssgproject.content_profile_stig-firefox-upstream">
|
6
|
+
<xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Upstream Firefox STIG [CUSTOMIZED AGAIN]</xccdf:title>
|
7
|
+
<xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">This profile is developed under the DoD consensus model and DISA FSO Vendor STIG process,
|
8
|
+
serving as the upstream development environment for the Firefox STIG.
|
9
|
+
|
10
|
+
As a result of the upstream/downstream relationship between the SCAP Security Guide project
|
11
|
+
and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content.
|
12
|
+
For official DISA FSO STIG content, refer to http://iase.disa.mil/stigs/app-security/browser-guidance/Pages/index.aspx.
|
13
|
+
|
14
|
+
While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note
|
15
|
+
that commercial support of this SCAP content is NOT available. This profile is provided as example
|
16
|
+
SCAP content with no endorsement for suitability or production readiness. Support for this
|
17
|
+
profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The
|
18
|
+
upstream project homepage is https://fedorahosted.org/scap-security-guide/.
|
19
|
+
</xccdf:description>
|
20
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_context_menus" selected="false"/>
|
21
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-auto-download_actions" selected="false"/>
|
22
|
+
</xccdf:Profile>
|
23
|
+
</xccdf:Tailoring>
|
@@ -0,0 +1,31 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
|
3
|
+
<xccdf:benchmark href="/usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml"/>
|
4
|
+
<xccdf:version time="2016-11-10T11:24:26">1</xccdf:version>
|
5
|
+
<xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized" extends="xccdf_org.ssgproject.content_profile_stig-firefox-upstream">
|
6
|
+
<xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Upstream Firefox STIG [CUSTOMIZED]</xccdf:title>
|
7
|
+
<xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">This profile is developed under the DoD consensus model and DISA FSO Vendor STIG process,
|
8
|
+
serving as the upstream development environment for the Firefox STIG.
|
9
|
+
|
10
|
+
As a result of the upstream/downstream relationship between the SCAP Security Guide project
|
11
|
+
and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content.
|
12
|
+
For official DISA FSO STIG content, refer to http://iase.disa.mil/stigs/app-security/browser-guidance/Pages/index.aspx.
|
13
|
+
|
14
|
+
While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note
|
15
|
+
that commercial support of this SCAP content is NOT available. This profile is provided as example
|
16
|
+
SCAP content with no endorsement for suitability or production readiness. Support for this
|
17
|
+
profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The
|
18
|
+
upstream project homepage is https://fedorahosted.org/scap-security-guide/.
|
19
|
+
</xccdf:description>
|
20
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-non-secure_page_warning" selected="true"/>
|
21
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_text" selected="true"/>
|
22
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_context_menus" selected="true"/>
|
23
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_changes" selected="true"/>
|
24
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_resizing" selected="true"/>
|
25
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_changes" selected="true"/>
|
26
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-auto-update_of_firefox" selected="false"/>
|
27
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_passwords" selected="false"/>
|
28
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_forms" selected="false"/>
|
29
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-addons_plugin_updates" selected="false"/>
|
30
|
+
</xccdf:Profile>
|
31
|
+
</xccdf:Tailoring>
|
@@ -3,6 +3,12 @@ require 'test_plugin_helper'
|
|
3
3
|
class Api::V2::Compliance::PoliciesControllerTest < ActionController::TestCase
|
4
4
|
setup do
|
5
5
|
::ForemanOpenscap::Policy.any_instance.stubs(:ensure_needed_puppetclasses).returns(true)
|
6
|
+
@scap_content_profile = FactoryGirl.create(:scap_content_profile)
|
7
|
+
@attributes = { :policy => { :name => 'my_policy',
|
8
|
+
:scap_content_profile_id => @scap_content_profile.id,
|
9
|
+
:scap_content_id => @scap_content_profile.scap_content_id,
|
10
|
+
:period => 'weekly',
|
11
|
+
:weekday => 'friday' }}
|
6
12
|
end
|
7
13
|
|
8
14
|
test "should get index" do
|
@@ -36,18 +42,30 @@ class Api::V2::Compliance::PoliciesControllerTest < ActionController::TestCase
|
|
36
42
|
end
|
37
43
|
|
38
44
|
test "should create a policy" do
|
39
|
-
|
40
|
-
attributes = { :policy => { :name => 'my_policy',
|
41
|
-
:scap_content_profile_id => scap_content_profile.id,
|
42
|
-
:scap_content_id => scap_content_profile.scap_content_id,
|
43
|
-
:period => 'weekly',
|
44
|
-
:weekday => 'friday' }}
|
45
|
-
post :create, attributes, set_session_user
|
45
|
+
post :create, @attributes, set_session_user
|
46
46
|
response = ActiveSupport::JSON.decode(@response.body)
|
47
|
-
assert response['scap_content_profile_id'], scap_content_profile.to_param
|
47
|
+
assert response['scap_content_profile_id'], @scap_content_profile.to_param
|
48
48
|
assert_response :created
|
49
49
|
end
|
50
50
|
|
51
|
+
test "should not create a policy with tailoring file profile and without the actual file" do
|
52
|
+
tailoring_profile = FactoryGirl.create(:scap_content_profile, :profile_id => 'xccdf_org.test.tailoring_profile')
|
53
|
+
@attributes[:policy][:tailoring_file_profile_id] = tailoring_profile.id
|
54
|
+
post :create, @attributes, set_session_user
|
55
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
56
|
+
assert_not_nil response['error']['errors']['tailoring_file_id']
|
57
|
+
assert_response :unprocessable_entity
|
58
|
+
end
|
59
|
+
|
60
|
+
test "should not create a policy with tailoring file and without tailoring profile" do
|
61
|
+
tailoring_file = FactoryGirl.create(:tailoring_file)
|
62
|
+
@attributes[:policy][:tailoring_file_id] = tailoring_file.id
|
63
|
+
post :create, @attributes, set_session_user
|
64
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
65
|
+
assert_not_nil response['error']['errors']['tailoring_file_profile_id']
|
66
|
+
assert_response :unprocessable_entity
|
67
|
+
end
|
68
|
+
|
51
69
|
test "should not create invalid policy" do
|
52
70
|
post :create, {}, set_session_user
|
53
71
|
assert_response :unprocessable_entity
|
@@ -66,4 +84,13 @@ class Api::V2::Compliance::PoliciesControllerTest < ActionController::TestCase
|
|
66
84
|
assert(@response.header['Content-Type'], 'application/xml')
|
67
85
|
assert_response :success
|
68
86
|
end
|
87
|
+
|
88
|
+
test "should return xml of a tailoring file" do
|
89
|
+
tailoring_profile = FactoryGirl.create(:scap_content_profile)
|
90
|
+
policy = FactoryGirl.create(:policy, :tailoring_file => FactoryGirl.create(:tailoring_file, :scap_content_profiles => [tailoring_profile]),
|
91
|
+
:tailoring_file_profile => tailoring_profile)
|
92
|
+
get :tailoring, { :id => policy.id }, set_session_user
|
93
|
+
assert(@response.header['Content-Type'], 'application/xml')
|
94
|
+
assert_response :success
|
95
|
+
end
|
69
96
|
end
|
@@ -17,7 +17,7 @@ class Api::V2::Compliance::ScapContentsControllerTest < ActionController::TestCa
|
|
17
17
|
assert_response :success
|
18
18
|
end
|
19
19
|
|
20
|
-
test "should create invalid scap content" do
|
20
|
+
test "should not create invalid scap content" do
|
21
21
|
post :create, {}, set_session_user
|
22
22
|
assert_response :unprocessable_entity
|
23
23
|
end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class Api::V2::Compliance::TailoringFilesControllerTest < ActionController::TestCase
|
4
|
+
|
5
|
+
test "should get index" do
|
6
|
+
FactoryGirl.create(:tailoring_file)
|
7
|
+
get :index, {}, set_session_user
|
8
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
9
|
+
assert response['results'].any?
|
10
|
+
assert_response :success
|
11
|
+
end
|
12
|
+
|
13
|
+
test "should return xml of tailoring_file" do
|
14
|
+
tailoring_file = FactoryGirl.create(:tailoring_file)
|
15
|
+
get :show, { :id => tailoring_file.id }, set_session_user
|
16
|
+
assert(@response.header['Content-Type'], 'application/xml')
|
17
|
+
assert_response :success
|
18
|
+
end
|
19
|
+
|
20
|
+
test "should not create invalid tailoring_file" do
|
21
|
+
post :create, {}, set_session_user
|
22
|
+
assert_response :unprocessable_entity
|
23
|
+
end
|
24
|
+
|
25
|
+
test "should create tailoring_file" do
|
26
|
+
tf = FactoryGirl.build(:tailoring_file)
|
27
|
+
tf_params = { :name => tf.name, :original_filename => tf.original_filename, :scap_file => tf.scap_file }
|
28
|
+
ForemanOpenscap::OpenscapProxyVersionCheck.any_instance.stubs(:openscap_proxy_versions).
|
29
|
+
returns({})
|
30
|
+
post :create, tf_params, set_session_user
|
31
|
+
assert_response :success
|
32
|
+
end
|
33
|
+
|
34
|
+
test "should update tailoring_file" do
|
35
|
+
tailoring_file = FactoryGirl.create(:tailoring_file)
|
36
|
+
put :update, { :id => tailoring_file.id, :tailoring_file => { :name => 'RHEL7 SCAP' }}, set_session_user
|
37
|
+
assert_response :success
|
38
|
+
assert tailoring_file.name, 'RHEL7 SCAP'
|
39
|
+
end
|
40
|
+
|
41
|
+
test "should not update invalid tailoring_file" do
|
42
|
+
tailoring_file = FactoryGirl.create(:tailoring_file)
|
43
|
+
ProxyAPI::Openscap.any_instance.stubs(:validate_scap_file).returns({'errors' => ['Invalid file']})
|
44
|
+
put :update, { :id => tailoring_file.id, :tailoring_file => { :scap_file => '<xml>blah</xml>' }}, set_session_user
|
45
|
+
assert_response :unprocessable_entity
|
46
|
+
end
|
47
|
+
|
48
|
+
test "should destory tailoring_file" do
|
49
|
+
tailoring_file = FactoryGirl.create(:tailoring_file)
|
50
|
+
delete :destroy, { :id => tailoring_file.id }, set_session_user
|
51
|
+
assert_response :ok
|
52
|
+
refute ForemanOpenscap::ScapContent.exists?(tailoring_file.id)
|
53
|
+
end
|
54
|
+
|
55
|
+
test "should not create tailoring file when there is outdated proxy version" do
|
56
|
+
tf = FactoryGirl.build(:tailoring_file)
|
57
|
+
tf_params = { :name => tf.name, :original_filename => tf.original_filename, :scap_file => tf.scap_file }
|
58
|
+
ForemanOpenscap::OpenscapProxyVersionCheck.any_instance.stubs(:openscap_proxy_versions).
|
59
|
+
returns('test-proxy' => '0.5.4')
|
60
|
+
post :create, tf_params, set_session_user
|
61
|
+
assert_response :unprocessable_entity
|
62
|
+
end
|
63
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class OpenscapProxiesControllerTest < ActionController::TestCase
|
4
|
+
include ActionView::Helpers::DateHelper
|
5
|
+
|
6
|
+
test "should render spool error" do
|
7
|
+
spool_error = { "timestamp" => 1_487_144_633.951_368, "level" => "ERROR", "message"=> "Failed to parse Arf Report in test" }
|
8
|
+
OpenscapProxiesController.any_instance.stubs(:find_spool_error).returns(spool_error)
|
9
|
+
proxy = FactoryGirl.create(:openscap_proxy)
|
10
|
+
get :openscap_spool, { :id => proxy.id }, set_session_user
|
11
|
+
assert_template :partial => 'smart_proxies/_openscap_spool'
|
12
|
+
assert @response.body.match(time_ago_in_words(Time.at(spool_error["timestamp"])))
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class TailoringFilesControllerTest < ActionController::TestCase
|
4
|
+
setup do
|
5
|
+
@tailoring_file = FactoryGirl.create(:tailoring_file)
|
6
|
+
@scap_file = File.new("#{ForemanOpenscap::Engine.root}/test/files/tailoring_files/ssg-firefox-ds-tailoring.xml", 'rb')
|
7
|
+
end
|
8
|
+
|
9
|
+
test 'index' do
|
10
|
+
get :index, {}, set_session_user
|
11
|
+
assert_template 'index'
|
12
|
+
end
|
13
|
+
|
14
|
+
test 'new' do
|
15
|
+
get :new, {}, set_session_user
|
16
|
+
assert_template 'new'
|
17
|
+
end
|
18
|
+
|
19
|
+
test 'edit' do
|
20
|
+
get :edit, { :id => @tailoring_file.id }, set_session_user
|
21
|
+
assert_template 'edit'
|
22
|
+
end
|
23
|
+
|
24
|
+
test 'create' do
|
25
|
+
uploaded_file = ActionDispatch::Http::UploadedFile.new(:tempfile => @scap_file,
|
26
|
+
:content_type => 'text/xml')
|
27
|
+
uploaded_file.original_filename = 'uploaded-tailoring-file.xml'
|
28
|
+
post :create, { :tailoring_file => { :name => 'some_file', :scap_file => uploaded_file } }, set_session_user
|
29
|
+
assert_redirected_to tailoring_files_url
|
30
|
+
end
|
31
|
+
|
32
|
+
test 'destroy' do
|
33
|
+
tf = ForemanOpenscap::TailoringFile.first
|
34
|
+
delete :destroy, { :id => tf.id }, set_session_user
|
35
|
+
assert_redirected_to tailoring_files_url
|
36
|
+
refute ForemanOpenscap::TailoringFile.exists?(tf.id)
|
37
|
+
end
|
38
|
+
end
|
data/test/test_plugin_helper.rb
CHANGED
@@ -13,6 +13,22 @@ module ScapClientPuppetclass
|
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
16
|
+
module ScapTestProxy
|
17
|
+
private
|
18
|
+
|
19
|
+
def add_smart_proxy
|
20
|
+
FactoryGirl.create(:smart_proxy, :url => 'http://localhost:8443', :features => [FactoryGirl.create(:feature, :name => 'Openscap')])
|
21
|
+
ProxyAPI::Features.any_instance.stubs(:features).returns(%w(puppet openscap))
|
22
|
+
versions = { "version" => "1.11.0", "modules" => { "openscap" => "0.5.3" } }
|
23
|
+
ProxyAPI::Version.any_instance.stubs(:proxy_versions).returns(versions)
|
24
|
+
ProxyAPI::Openscap.any_instance.stubs(:validate_scap_file).returns({'errors' => []})
|
25
|
+
ProxyAPI::Openscap.any_instance.stubs(:fetch_policies_for_scap_content).
|
26
|
+
returns({'xccdf_org.ssgproject.content_profile_common' => 'Common Profile for General-Purpose Fedora Systems'})
|
27
|
+
ProxyAPI::Openscap.any_instance.stubs(:fetch_profiles_for_tailoring_file).
|
28
|
+
returns({'xccdf_org.ssgproject.test_profile_common' => 'Stubbed test profile'})
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
16
32
|
class ActionMailer::TestCase
|
17
33
|
include ScapClientPuppetclass
|
18
34
|
setup :skip_scap_callback
|
@@ -20,36 +36,14 @@ end
|
|
20
36
|
|
21
37
|
class ActionController::TestCase
|
22
38
|
include ScapClientPuppetclass
|
39
|
+
include ScapTestProxy
|
23
40
|
|
24
41
|
setup :add_smart_proxy, :skip_scap_callback
|
25
|
-
|
26
|
-
private
|
27
|
-
|
28
|
-
def add_smart_proxy
|
29
|
-
FactoryGirl.create(:smart_proxy, :url => 'http://localhost:8443', :features => [FactoryGirl.create(:feature, :name => 'Openscap')])
|
30
|
-
::ProxyAPI::Features.any_instance.stubs(:features).returns(%w(puppet openscap))
|
31
|
-
versions = { "version" => "1.11.0", "modules" => { "openscap" => "0.5.3" } }
|
32
|
-
::ProxyAPI::Version.any_instance.stubs(:proxy_versions).returns(versions)
|
33
|
-
ProxyAPI::Openscap.any_instance.stubs(:validate_scap_content).returns({'errors' => []})
|
34
|
-
ProxyAPI::Openscap.any_instance.stubs(:fetch_policies_for_scap_content)
|
35
|
-
.returns({'xccdf_org.ssgproject.content_profile_common' => 'Common Profile for General-Purpose Fedora Systems'})
|
36
|
-
end
|
37
42
|
end
|
38
43
|
|
39
44
|
class ActiveSupport::TestCase
|
40
45
|
include ScapClientPuppetclass
|
46
|
+
include ScapTestProxy
|
41
47
|
|
42
48
|
setup :add_smart_proxy, :skip_scap_callback
|
43
|
-
|
44
|
-
private
|
45
|
-
|
46
|
-
def add_smart_proxy
|
47
|
-
FactoryGirl.create(:smart_proxy, :url => 'http://localhost:8443', :features => [FactoryGirl.create(:feature, :name => 'Openscap')])
|
48
|
-
::ProxyAPI::Features.any_instance.stubs(:features).returns(%w(puppet openscap))
|
49
|
-
versions = { "version" => "1.11.0", "modules" => { "openscap" => "0.5.3" } }
|
50
|
-
::ProxyAPI::Version.any_instance.stubs(:proxy_versions).returns(versions)
|
51
|
-
ProxyAPI::Openscap.any_instance.stubs(:validate_scap_content).returns({'errors' => []})
|
52
|
-
ProxyAPI::Openscap.any_instance.stubs(:fetch_policies_for_scap_content)
|
53
|
-
.returns({'xccdf_org.ssgproject.content_profile_common' => 'Common Profile for General-Purpose Fedora Systems'})
|
54
|
-
end
|
55
49
|
end
|
@@ -20,7 +20,17 @@ class OpenscapHostTest < ActiveSupport::TestCase
|
|
20
20
|
test 'Host has policies via its hostgroup' do
|
21
21
|
host = FactoryGirl.create(:host, :with_hostgroup)
|
22
22
|
hostgroup = host.hostgroup
|
23
|
-
@policy.hostgroup_ids = [
|
23
|
+
@policy.hostgroup_ids = [ hostgroup.id ]
|
24
|
+
assert @policy.save
|
25
|
+
refute_empty(host.combined_policies)
|
26
|
+
assert_includes(host.combined_policies, @policy)
|
27
|
+
end
|
28
|
+
|
29
|
+
test 'Host has policies via its host group and its parent host groups' do
|
30
|
+
host = FactoryGirl.create(:host, :with_hostgroup)
|
31
|
+
hostgroup = host.hostgroup
|
32
|
+
hostgroup.parent = FactoryGirl.create(:hostgroup)
|
33
|
+
@policy.hostgroup_ids = [ hostgroup.parent.id ]
|
24
34
|
assert @policy.save
|
25
35
|
refute_empty(host.combined_policies)
|
26
36
|
assert_includes(host.combined_policies, @policy)
|
data/test/unit/policy_test.rb
CHANGED
@@ -3,6 +3,8 @@ require 'test_plugin_helper'
|
|
3
3
|
class PolicyTest < ActiveSupport::TestCase
|
4
4
|
setup do
|
5
5
|
ForemanOpenscap::Policy.any_instance.stubs(:ensure_needed_puppetclasses).returns(true)
|
6
|
+
ForemanOpenscap::DataStreamValidator.any_instance.stubs(:validate)
|
7
|
+
ForemanOpenscap::ScapContent.any_instance.stubs(:fetch_profiles).returns({ 'test_profile_key' => 'test_profile_title' })
|
6
8
|
@scap_content = FactoryGirl.create(:scap_content)
|
7
9
|
@scap_profile = FactoryGirl.create(:scap_content_profile)
|
8
10
|
end
|
@@ -140,4 +142,28 @@ class PolicyTest < ActiveSupport::TestCase
|
|
140
142
|
refute p.save
|
141
143
|
assert p.errors[:scap_content_profile_id].include?("can't be blank")
|
142
144
|
end
|
145
|
+
|
146
|
+
test "should have correct scap profile in enc" do
|
147
|
+
p = FactoryGirl.create(:policy)
|
148
|
+
profile_id = p.scap_content_profile.profile_id
|
149
|
+
assert_equal profile_id, p.to_enc['profile_id']
|
150
|
+
tailoring_profile = FactoryGirl.create(:scap_content_profile, :profile_id => 'xccdf_org.test.tailoring_test_profile')
|
151
|
+
p.tailoring_file_profile = tailoring_profile
|
152
|
+
assert_equal tailoring_profile.profile_id, p.to_enc['profile_id']
|
153
|
+
end
|
154
|
+
|
155
|
+
test "should not create policy with incorrect tailoring profile" do
|
156
|
+
tailoring_profile = FactoryGirl.create(:scap_content_profile, :profile_id => 'xccdf_org.test.common_tailoring_profile')
|
157
|
+
tailoring_file = FactoryGirl.create(:tailoring_file, :scap_content_profiles => [tailoring_profile])
|
158
|
+
p = ForemanOpenscap::Policy.create(:name => "custom_policy",
|
159
|
+
:period => 'monthly',
|
160
|
+
:day_of_month => '5',
|
161
|
+
:scap_content => @scap_content,
|
162
|
+
:scap_content_profile => @scap_profile,
|
163
|
+
:tailoring_file => tailoring_file,
|
164
|
+
:tailoring_file_profile => @scap_profile)
|
165
|
+
refute p.valid?
|
166
|
+
p.tailoring_file_profile = tailoring_profile
|
167
|
+
assert p.save
|
168
|
+
end
|
143
169
|
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class TailoringFilesProxyCheckTest < ActiveSupport::TestCase
|
4
|
+
test 'should find proxies with old versions' do
|
5
|
+
ForemanOpenscap::OpenscapProxyVersionCheck.any_instance.stubs(:openscap_proxy_versions).
|
6
|
+
returns('old-proxy.test.com' => "0.5.4", "outdate-proxy.test.com" => "0.6.0")
|
7
|
+
check = ForemanOpenscap::OpenscapProxyVersionCheck.new.run
|
8
|
+
refute check.pass?
|
9
|
+
refute check.message.empty?
|
10
|
+
end
|
11
|
+
|
12
|
+
test 'should not find any outdated proxies' do
|
13
|
+
ForemanOpenscap::OpenscapProxyVersionCheck.any_instance.stubs(:openscap_proxy_versions).
|
14
|
+
returns({})
|
15
|
+
check = ForemanOpenscap::OpenscapProxyVersionCheck.new.run
|
16
|
+
assert check.pass?
|
17
|
+
assert check.message.empty?
|
18
|
+
end
|
19
|
+
|
20
|
+
test 'should fail when proxy cannot be reached' do
|
21
|
+
ProxyStatus::Version.any_instance.stubs(:version).raises(Foreman::WrappedException.new(nil, 'test message'))
|
22
|
+
ForemanOpenscap::OpenscapProxyVersionCheck.any_instance.stubs(:get_openscap_proxies).returns([FactoryGirl.create(:openscap_proxy)])
|
23
|
+
check = ForemanOpenscap::OpenscapProxyVersionCheck.new.run
|
24
|
+
refute check.pass?
|
25
|
+
refute check.message.empty?
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class TailoringFileTest < ActiveSupport::TestCase
|
4
|
+
setup do
|
5
|
+
@scap_file = File.new("#{ForemanOpenscap::Engine.root}/test/files/tailoring_files/ssg-firefox-ds-tailoring.xml", 'rb').read
|
6
|
+
end
|
7
|
+
|
8
|
+
test 'should create tailoring file' do
|
9
|
+
tailoring_file = ForemanOpenscap::TailoringFile.create(:name => 'test_file', :scap_file => @scap_file, :original_filename => 'original name')
|
10
|
+
assert tailoring_file.valid?
|
11
|
+
end
|
12
|
+
|
13
|
+
test 'should not create tailoring_file without scap file' do
|
14
|
+
tailoring_file = ForemanOpenscap::TailoringFile.create(:name => 'test_file', :original_filename => 'original name')
|
15
|
+
refute tailoring_file.valid?
|
16
|
+
end
|
17
|
+
|
18
|
+
test 'should redigist when scap file changed' do
|
19
|
+
scap_file = File.new("#{ForemanOpenscap::Engine.root}/test/files/tailoring_files/ssg-firefox-ds-tailoring-2.xml", 'rb').read
|
20
|
+
tailoring_file = ForemanOpenscap::TailoringFile.create(:name => 'test_file', :scap_file => @scap_file, :original_filename => 'original name')
|
21
|
+
original_digest = tailoring_file.digest
|
22
|
+
tailoring_file.scap_file = scap_file
|
23
|
+
assert tailoring_file.save
|
24
|
+
refute_equal original_digest, tailoring_file.digest
|
25
|
+
end
|
26
|
+
end
|