mirror of
https://github.com/valitydev/salt.git
synced 2024-11-09 01:36:48 +00:00
3184168365
This PR is part of what will be an ongoing effort to use explicit unicode strings in Salt. Because Python 3 does not suport Python 2's raw unicode string syntax (i.e. `ur'\d+'`), we must use `salt.utils.locales.sdecode()` to ensure that the raw string is unicode. However, because of how `salt/utils/__init__.py` has evolved into the hulking monstrosity it is today, this means importing a large module in places where it is not needed, which could negatively impact performance. For this reason, this PR also breaks out some of the functions from `salt/utils/__init__.py` into new/existing modules under `salt/utils/`. The long term goal will be that the modules within this directory do not depend on importing `salt.utils`. A summary of the changes in this PR is as follows: * Moves the following functions from `salt.utils` to new locations (including a deprecation warning if invoked from `salt.utils`): `to_bytes`, `to_str`, `to_unicode`, `str_to_num`, `is_quoted`, `dequote`, `is_hex`, `is_bin_str`, `rand_string`, `contains_whitespace`, `clean_kwargs`, `invalid_kwargs`, `which`, `which_bin`, `path_join`, `shlex_split`, `rand_str`, `is_windows`, `is_proxy`, `is_linux`, `is_darwin`, `is_sunos`, `is_smartos`, `is_smartos_globalzone`, `is_smartos_zone`, `is_freebsd`, `is_netbsd`, `is_openbsd`, `is_aix` * Moves the functions already deprecated by @rallytime to the bottom of `salt/utils/__init__.py` for better organization, so we can keep the deprecated ones separate from the ones yet to be deprecated as we continue to break up `salt.utils` * Updates `salt/*.py` and all files under `salt/client/` to use explicit unicode string literals. * Gets rid of implicit imports of `salt.utils` (e.g. `from salt.utils import foo` becomes `import salt.utils.foo as foo`). * Renames the `test.rand_str` function to `test.random_hash` to more accurately reflect what it does * Modifies `salt.utils.stringutils.random()` (née `salt.utils.rand_string()`) such that it returns a string matching the passed size. Previously this function would get `size` bytes from `os.urandom()`, base64-encode it, and return the result, which would in most cases not be equal to the passed size.
203 lines
6.7 KiB
Python
203 lines
6.7 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
# Import python libs
|
|
from __future__ import absolute_import
|
|
from subprocess import PIPE
|
|
|
|
# Import salt libs
|
|
import salt.modules.openscap as openscap
|
|
|
|
# Import salt test libs
|
|
from tests.support.unit import skipIf, TestCase
|
|
from tests.support.mock import (
|
|
Mock,
|
|
MagicMock,
|
|
patch,
|
|
NO_MOCK,
|
|
NO_MOCK_REASON
|
|
)
|
|
|
|
# Import 3rd-party libs
|
|
from salt.ext import six
|
|
|
|
|
|
@skipIf(NO_MOCK, NO_MOCK_REASON)
|
|
class OpenscapTestCase(TestCase):
|
|
|
|
random_temp_dir = '/tmp/unique-name'
|
|
policy_file = '/usr/share/openscap/policy-file-xccdf.xml'
|
|
|
|
def setUp(self):
|
|
patchers = [
|
|
patch('salt.modules.openscap.Caller', MagicMock()),
|
|
patch('salt.modules.openscap.shutil.rmtree', Mock()),
|
|
patch(
|
|
'salt.modules.openscap.tempfile.mkdtemp',
|
|
Mock(return_value=self.random_temp_dir)
|
|
),
|
|
]
|
|
for patcher in patchers:
|
|
self.apply_patch(patcher)
|
|
|
|
def apply_patch(self, patcher):
|
|
patcher.start()
|
|
self.addCleanup(patcher.stop)
|
|
|
|
def test_openscap_xccdf_eval_success(self):
|
|
with patch('salt.modules.openscap.Popen',
|
|
MagicMock(
|
|
return_value=Mock(
|
|
**{'returncode': 0, 'communicate.return_value': ('', '')}
|
|
))):
|
|
response = openscap.xccdf(
|
|
'eval --profile Default {0}'.format(self.policy_file))
|
|
|
|
self.assertEqual(openscap.tempfile.mkdtemp.call_count, 1)
|
|
expected_cmd = [
|
|
'oscap',
|
|
'xccdf',
|
|
'eval',
|
|
'--oval-results',
|
|
'--results', 'results.xml',
|
|
'--report', 'report.html',
|
|
'--profile', 'Default',
|
|
self.policy_file
|
|
]
|
|
openscap.Popen.assert_called_once_with(
|
|
expected_cmd,
|
|
cwd=openscap.tempfile.mkdtemp.return_value,
|
|
stderr=PIPE,
|
|
stdout=PIPE)
|
|
openscap.Caller().cmd.assert_called_once_with(
|
|
'cp.push_dir', self.random_temp_dir)
|
|
self.assertEqual(openscap.shutil.rmtree.call_count, 1)
|
|
self.assertEqual(
|
|
response,
|
|
{
|
|
'upload_dir': self.random_temp_dir,
|
|
'error': '',
|
|
'success': True,
|
|
'returncode': 0
|
|
}
|
|
)
|
|
|
|
def test_openscap_xccdf_eval_success_with_failing_rules(self):
|
|
with patch('salt.modules.openscap.Popen',
|
|
MagicMock(
|
|
return_value=Mock(
|
|
**{'returncode': 2, 'communicate.return_value': ('', 'some error')}
|
|
))):
|
|
response = openscap.xccdf(
|
|
'eval --profile Default {0}'.format(self.policy_file))
|
|
|
|
self.assertEqual(openscap.tempfile.mkdtemp.call_count, 1)
|
|
expected_cmd = [
|
|
'oscap',
|
|
'xccdf',
|
|
'eval',
|
|
'--oval-results',
|
|
'--results', 'results.xml',
|
|
'--report', 'report.html',
|
|
'--profile', 'Default',
|
|
self.policy_file
|
|
]
|
|
openscap.Popen.assert_called_once_with(
|
|
expected_cmd,
|
|
cwd=openscap.tempfile.mkdtemp.return_value,
|
|
stderr=PIPE,
|
|
stdout=PIPE)
|
|
openscap.Caller().cmd.assert_called_once_with(
|
|
'cp.push_dir', self.random_temp_dir)
|
|
self.assertEqual(openscap.shutil.rmtree.call_count, 1)
|
|
self.assertEqual(
|
|
response,
|
|
{
|
|
'upload_dir': self.random_temp_dir,
|
|
'error': 'some error',
|
|
'success': True,
|
|
'returncode': 2
|
|
}
|
|
)
|
|
|
|
def test_openscap_xccdf_eval_fail_no_profile(self):
|
|
response = openscap.xccdf('eval --param Default /unknown/param')
|
|
if six.PY2:
|
|
error = 'argument --profile is required'
|
|
else:
|
|
error = 'the following arguments are required: --profile'
|
|
self.assertEqual(
|
|
response,
|
|
{
|
|
'error': error,
|
|
'upload_dir': None,
|
|
'success': False,
|
|
'returncode': None
|
|
}
|
|
)
|
|
|
|
def test_openscap_xccdf_eval_success_ignore_unknown_params(self):
|
|
with patch('salt.modules.openscap.Popen',
|
|
MagicMock(
|
|
return_value=Mock(
|
|
**{'returncode': 2, 'communicate.return_value': ('', 'some error')}
|
|
))):
|
|
response = openscap.xccdf(
|
|
'eval --profile Default --param Default /policy/file')
|
|
self.assertEqual(
|
|
response,
|
|
{
|
|
'upload_dir': self.random_temp_dir,
|
|
'error': 'some error',
|
|
'success': True,
|
|
'returncode': 2
|
|
}
|
|
)
|
|
expected_cmd = [
|
|
'oscap',
|
|
'xccdf',
|
|
'eval',
|
|
'--oval-results',
|
|
'--results', 'results.xml',
|
|
'--report', 'report.html',
|
|
'--profile', 'Default',
|
|
'/policy/file'
|
|
]
|
|
openscap.Popen.assert_called_once_with(
|
|
expected_cmd,
|
|
cwd=openscap.tempfile.mkdtemp.return_value,
|
|
stderr=PIPE,
|
|
stdout=PIPE)
|
|
|
|
def test_openscap_xccdf_eval_evaluation_error(self):
|
|
with patch('salt.modules.openscap.Popen',
|
|
MagicMock(
|
|
return_value=Mock(**{
|
|
'returncode': 1,
|
|
'communicate.return_value': ('', 'evaluation error')
|
|
}))):
|
|
response = openscap.xccdf(
|
|
'eval --profile Default {0}'.format(self.policy_file))
|
|
|
|
self.assertEqual(
|
|
response,
|
|
{
|
|
'upload_dir': None,
|
|
'error': 'evaluation error',
|
|
'success': False,
|
|
'returncode': 1
|
|
}
|
|
)
|
|
|
|
def test_openscap_xccdf_eval_fail_not_implemented_action(self):
|
|
response = openscap.xccdf('info {0}'.format(self.policy_file))
|
|
|
|
self.assertEqual(
|
|
response,
|
|
{
|
|
'upload_dir': None,
|
|
'error': "argument action: invalid choice: 'info' (choose from 'eval')",
|
|
'success': False,
|
|
'returncode': None
|
|
}
|
|
)
|