| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230 |
- # -*- coding: utf-8 -*-
- # Import python libs
- from __future__ import absolute_import, print_function, unicode_literals
- from subprocess import PIPE
- # Import salt libs
- import salt.modules.openscap as openscap
- # Import 3rd-party libs
- from salt.ext import six
- from tests.support.mock import MagicMock, Mock, patch
- # Import salt test libs
- from tests.support.unit import TestCase
- class OpenscapTestCase(TestCase):
- random_temp_dir = "/tmp/unique-name"
- policy_file = "/usr/share/openscap/policy-file-xccdf.xml"
- def setUp(self):
- import salt.modules.openscap
- salt.modules.openscap.__salt__ = MagicMock()
- patchers = [
- patch("salt.modules.openscap.__salt__", MagicMock()),
- patch("salt.modules.openscap.shutil.rmtree", Mock()),
- patch(
- "salt.modules.openscap.tempfile.mkdtemp",
- Mock(return_value=self.random_temp_dir),
- ),
- ]
- for patcher in patchers:
- self.apply_patch(patcher)
- def apply_patch(self, patcher):
- patcher.start()
- self.addCleanup(patcher.stop)
- def test_openscap_xccdf_eval_success(self):
- with patch(
- "salt.modules.openscap.Popen",
- MagicMock(
- return_value=Mock(
- **{"returncode": 0, "communicate.return_value": ("", "")}
- )
- ),
- ):
- response = openscap.xccdf(
- "eval --profile Default {0}".format(self.policy_file)
- )
- self.assertEqual(openscap.tempfile.mkdtemp.call_count, 1)
- expected_cmd = [
- "oscap",
- "xccdf",
- "eval",
- "--oval-results",
- "--results",
- "results.xml",
- "--report",
- "report.html",
- "--profile",
- "Default",
- self.policy_file,
- ]
- openscap.Popen.assert_called_once_with(
- expected_cmd,
- cwd=openscap.tempfile.mkdtemp.return_value,
- stderr=PIPE,
- stdout=PIPE,
- )
- openscap.__salt__["cp.push_dir"].assert_called_once_with(
- self.random_temp_dir
- )
- self.assertEqual(openscap.shutil.rmtree.call_count, 1)
- self.assertEqual(
- response,
- {
- "upload_dir": self.random_temp_dir,
- "error": "",
- "success": True,
- "returncode": 0,
- },
- )
- def test_openscap_xccdf_eval_success_with_failing_rules(self):
- with patch(
- "salt.modules.openscap.Popen",
- MagicMock(
- return_value=Mock(
- **{"returncode": 2, "communicate.return_value": ("", "some error")}
- )
- ),
- ):
- response = openscap.xccdf(
- "eval --profile Default {0}".format(self.policy_file)
- )
- self.assertEqual(openscap.tempfile.mkdtemp.call_count, 1)
- expected_cmd = [
- "oscap",
- "xccdf",
- "eval",
- "--oval-results",
- "--results",
- "results.xml",
- "--report",
- "report.html",
- "--profile",
- "Default",
- self.policy_file,
- ]
- openscap.Popen.assert_called_once_with(
- expected_cmd,
- cwd=openscap.tempfile.mkdtemp.return_value,
- stderr=PIPE,
- stdout=PIPE,
- )
- openscap.__salt__["cp.push_dir"].assert_called_once_with(
- self.random_temp_dir
- )
- self.assertEqual(openscap.shutil.rmtree.call_count, 1)
- self.assertEqual(
- response,
- {
- "upload_dir": self.random_temp_dir,
- "error": "some error",
- "success": True,
- "returncode": 2,
- },
- )
- def test_openscap_xccdf_eval_fail_no_profile(self):
- response = openscap.xccdf("eval --param Default /unknown/param")
- if six.PY2:
- error = "argument --profile is required"
- else:
- error = "the following arguments are required: --profile"
- self.assertEqual(
- response,
- {"error": error, "upload_dir": None, "success": False, "returncode": None},
- )
- def test_openscap_xccdf_eval_success_ignore_unknown_params(self):
- with patch(
- "salt.modules.openscap.Popen",
- MagicMock(
- return_value=Mock(
- **{"returncode": 2, "communicate.return_value": ("", "some error")}
- )
- ),
- ):
- response = openscap.xccdf(
- "eval --profile Default --param Default /policy/file"
- )
- self.assertEqual(
- response,
- {
- "upload_dir": self.random_temp_dir,
- "error": "some error",
- "success": True,
- "returncode": 2,
- },
- )
- expected_cmd = [
- "oscap",
- "xccdf",
- "eval",
- "--oval-results",
- "--results",
- "results.xml",
- "--report",
- "report.html",
- "--profile",
- "Default",
- "/policy/file",
- ]
- openscap.Popen.assert_called_once_with(
- expected_cmd,
- cwd=openscap.tempfile.mkdtemp.return_value,
- stderr=PIPE,
- stdout=PIPE,
- )
- def test_openscap_xccdf_eval_evaluation_error(self):
- with patch(
- "salt.modules.openscap.Popen",
- MagicMock(
- return_value=Mock(
- **{
- "returncode": 1,
- "communicate.return_value": ("", "evaluation error"),
- }
- )
- ),
- ):
- response = openscap.xccdf(
- "eval --profile Default {0}".format(self.policy_file)
- )
- self.assertEqual(
- response,
- {
- "upload_dir": None,
- "error": "evaluation error",
- "success": False,
- "returncode": 1,
- },
- )
- def test_openscap_xccdf_eval_fail_not_implemented_action(self):
- response = openscap.xccdf("info {0}".format(self.policy_file))
- if six.PY2:
- mock_err = "argument action: invalid choice: 'info' (choose from u'eval')"
- else:
- mock_err = "argument action: invalid choice: 'info' (choose from 'eval')"
- self.assertEqual(
- response,
- {
- "upload_dir": None,
- "error": mock_err,
- "success": False,
- "returncode": None,
- },
- )
|
