Merge pull request #2151 from wazuh/dev-2057-force_options-tests-impl…

…entation Force options tests implentation
wazuh · Nov 4, 2021 · 24c222b · 24c222b
2 parents 9f31ba6 + 017a1d1
commit 24c222b
Show file tree

Hide file tree

Showing 25 changed files with 991 additions and 682 deletions.
diff --git a/deps/wazuh_testing/wazuh_testing/authd.py b/deps/wazuh_testing/wazuh_testing/authd.py
@@ -9,8 +9,9 @@
 import re
 import pytest
 import time
-from wazuh_testing.tools import CLIENT_KEYS_PATH
+from wazuh_testing.tools import CLIENT_KEYS_PATH, LOG_FILE_PATH
 from wazuh_testing.wazuh_db import query_wdb
+from wazuh_testing.tools.monitoring import FileMonitor, make_callback, AUTHD_DETECTOR_PREFIX
 
 
 DAEMON_NAME = 'wazuh-authd'
@@ -53,6 +54,18 @@ def create_authd_request(input):
  return command
 
 
+# Functions
+def validate_authd_logs(expected_logs, log_monitor=None):
+ if not log_monitor:
+ log_monitor = FileMonitor(LOG_FILE_PATH)
+
+ for log in expected_logs:
+ log_monitor.start(timeout=AUTHD_KEY_REQUEST_TIMEOUT,
+ callback=make_callback(log, prefix=AUTHD_DETECTOR_PREFIX,
+ escape=True),
+ error_message=f"Expected log does not occured: '{log}'")
+
+
 def validate_argument(received, expected, argument_name):
  if received != expected:
  return 'error', f"Invalid '{argument_name}': '{received}' received, '{expected}' expected."
@@ -118,6 +131,7 @@ def validate_authd_response(response, expected):
 
  return result, err_msg
 
+
 def clean_agents_from_db():
  """
  Clean agents from DB
@@ -134,10 +148,12 @@ def insert_agent_in_db(id=1, name="TestAgent", ip="any", registration_time=0, co
  """
  Write agent in global.db
  """
- command = f'global insert-agent {{"id":{id},"name":"{name}","ip":"{ip}","date_add":{registration_time},\
- "connection_status":"{connection_status}", "disconnection_time":"{disconnection_time}"}}'
+ insert_command = f'global insert-agent {{"id":{id},"name":"{name}","ip":"{ip}","date_add":{registration_time}}}'
+ update_command = f'global sql UPDATE agent SET connection_status = "{connection_status}",\
+ disconnection_time = "{disconnection_time}" WHERE id = {id};'
  try:
- query_wdb(command)
+ query_wdb(insert_command)
+ query_wdb(update_command)
  except Exception:
  raise Exception(f'Unable to add agent {id}')
 
@@ -164,7 +180,7 @@ def insert_pre_existent_agents(get_current_test_case, stop_authd_function):
  elif 'disconnection_time' in agent and 'value' in agent['disconnection_time']:
  disconnection_time = agent['disconnection_time']['value']
  else:
- disconnection_time = 0
+ disconnection_time = time_now
  if 'registration_time' in agent and 'delta' in agent['registration_time']:
  registration_time = time_now + agent['registration_time']['delta']
  elif 'registration_time' in agent and 'value' in agent['registration_time']:
@@ -175,8 +191,7 @@ def insert_pre_existent_agents(get_current_test_case, stop_authd_function):
  # Write agent in client.keys
  keys_file.write(f'{id} {name} {ip} {key}\n')
 
- #Write agent in global.db
+ # Write agent in global.db
  insert_agent_in_db(id, name, ip, registration_time, connection_status, disconnection_time)
 
-
  keys_file.close()
diff --git a/deps/wazuh_testing/wazuh_testing/tools/services.py b/deps/wazuh_testing/wazuh_testing/tools/services.py
@@ -205,8 +205,10 @@ def check_daemon_status(target_daemon=None, running_condition=True, timeout=10,
  elapsed_time = 0
 
  while elapsed_time < timeout and not condition_met:
+
  control_status_output = subprocess.run([f'{WAZUH_PATH}/bin/wazuh-control', 'status'],
- stdout=subprocess.PIPE).stdout.decode()
+ stdout=subprocess.PIPE).stdout.decode()
+
  condition_met = True
  for lines in control_status_output.splitlines():
  daemon_status_tokens = lines.split()

diff --git a/tests/integration/test_authd/conftest.py b/tests/integration/test_authd/conftest.py
@@ -1,8 +1,11 @@
 import pytest
+import os
+import yaml
 from wazuh_testing.tools import LOG_FILE_PATH, CLIENT_KEYS_PATH
 from wazuh_testing.tools.file import truncate_file
 from wazuh_testing.tools.monitoring import FileMonitor, make_callback, AUTHD_DETECTOR_PREFIX
-from wazuh_testing.tools.configuration import write_wazuh_conf, get_wazuh_conf
+from wazuh_testing.tools.configuration import write_wazuh_conf, get_wazuh_conf, set_section_wazuh_conf,\
+ load_wazuh_configurations
 from wazuh_testing.tools.services import control_service, check_daemon_status, delete_dbs
 from wazuh_testing.tools.monitoring import QueueMonitor
 
@@ -98,6 +101,39 @@ def tear_down():
  control_service('start')
 
 
+def create_force_config_block(param, config_path):
+ """
+ Creates a temporal config file.
+ """
+ temp = os.path.join(os.path.dirname(config_path), 'temp.yaml')
+
+ with open(config_path, 'r') as conf_file:
+ temp_conf_file = yaml.safe_load(conf_file)
+ for elem in param:
+ temp_conf_file[0]['sections'][0]['elements'].append(elem)
+ with open(temp, 'w') as temp_file:
+ yaml.safe_dump(temp_conf_file, temp_file)
+ return temp
+
+
+@pytest.fixture(scope='function')
+def format_configuration(get_current_test_case, request):
+ """
+ Get configuration block from current test case
+ """
+ test_name = request.node.originalname
+ configuration = get_current_test_case.get('configuration', {})
+
+ # Configuration for testing
+ temp = create_force_config_block(configuration, request.module.configurations_path)
+ conf = load_wazuh_configurations(temp, test_name)
+ os.remove(temp)
+
+ test_config = set_section_wazuh_conf(conf[0]['sections'])
+
+ return test_config
+
+
 @pytest.fixture(scope='function')
 def override_authd_force_conf(format_configuration):
  """

diff --git a/tests/integration/test_authd/data/authd_key_hash.yaml b/tests/integration/test_authd/data/authd_key_hash.yaml
@@ -1,72 +1,65 @@
 # Tests with agent's key hash. Key generated
 -
- name: 'Testing general parsing options with key hash 1'
- description: 'Registering new agent with any hash'
+ name: 'Testing hash parsing options'
+ description: 'Registering new agent with hash'
+ pre_existent_agents:
+ -
+ id: '001'
+ name: 'test_user'
+ ip: 'any'
+ key: '48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db'
  test_case:
  -
- input: "OSSEC A:'NewUserWithKeyHash1' K:'123ABCD'"
- output: "OSSEC K:'001 NewUserWithKeyHash1"
--
- name: 'Testing general parsing options with key hash 2'
- description: 'Registering new agent with group, IP and any hash'
- pre_existent_keys:
- - '001 user1 any 48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db'
- groups:
- - 'GroupName'
- test_case:
- -
- input: "OSSEC A:'NewUserWithKeyHash2' G:'GroupName' IP:'100.100.10.1' K:'123ABCD'"
- output: "OSSEC K:'002 NewUserWithKeyHash2"
--
- name: 'Testing general parsing options with key hash 3'
- description: 'Testing group parsing with key and enrollment of an existing agent with wrong key hash'
- pre_existent_keys:
- - '001 user1 any 48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db'
- groups:
- - 'GroupName'
- test_case:
- -
- input: "OSSEC A:'user1' G:'GroupName' K:'123ABCD'"
- output: "OSSEC K:'002 user1"
+ # SHA1(001 test_user any 48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db)
+ # == 504f2f52d0e9d5fd9a12875aa86fa588dab2a43e
+ input: "OSSEC A:'test_user' K:'504f2f52d0e9d5fd9a12875aa86fa588dab2a43e'"
+ output: 'ERROR: Duplicate agent name:'
 -
- name: 'Testing general parsing options with key hash 4'
- description: 'Testing group/IP parsing with key and enrollment of an existing agent with wrong key hash'
- pre_existent_keys:
- - '001 user1 any 48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db'
+ name: 'Testing group, ip, and hash parsing options'
+ description: 'Registering new agent with group, IP and hash'
+ pre_existent_agents:
+ -
+ id: '001'
+ name: 'test_user'
+ ip: 'any'
+ key: '48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db'
  groups:
  - 'GroupName'
  test_case:
  -
- input: "OSSEC A:'user1' G:'GroupName' IP:'10.10.10.11' K:'123ABCD'"
- output: "OSSEC K:'002 user1"
+ # SHA1(001 test_user any 48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db)
+ # == 504f2f52d0e9d5fd9a12875aa86fa588dab2a43e
+ input: "OSSEC A:'test_user' G:'GroupName' IP:'100.100.10.1' K:'504f2f52d0e9d5fd9a12875aa86fa588dab2a43e'"
+ output: 'ERROR: Duplicate agent name:'
 -
- name: 'Testing general parsing options with key hash 5'
- description: 'Testing group/IP parsing with key and enrollment of an existing IP with wrong key hash'
- pre_existent_keys:
- - '001 user1 10.10.10.11 48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db'
+ name: 'Testing group and hash parsing options'
+ description: 'Testing group and hash parsing with key hash'
+ pre_existent_agents:
+ -
+ id: '001'
+ name: 'test_user'
+ ip: 'any'
+ key: '48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db'
  groups:
  - 'GroupName'
  test_case:
  -
- input: "OSSEC A:'NewNameExistentIP' G:'GroupName' IP:'10.10.10.11' K:'123ABCD'"
- output: "OSSEC K:'002 NewNameExistentIP"
-
-# Testing with agent's key hash. Key denied
--
- name: 'Testing general parsing options with key hash 6'
- description: 'Trying to enroll an existing agent with the right hash. Key denied'
- pre_existent_keys:
- - '002 user2 any ba91912059668f3229e852089cef1ced0368f9df4f25b71c6a00d2319eb8010c'
- test_case:
- -
- input: "OSSEC A:'user2' K:'13cdb438b53c1f46ec3edebb7c790c87a54b3c0d'"
+ # SHA1(001 test_user any 48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db)
+ # == 504f2f52d0e9d5fd9a12875aa86fa588dab2a43e
+ input: "OSSEC A:'test_user' G:'GroupName' K:'504f2f52d0e9d5fd9a12875aa86fa588dab2a43e'"
  output: 'ERROR: Duplicate agent name:'
 -
- name: 'Testing general parsing options with key hash 7'
- description: 'Trying to enroll an existing IP with right key hash. Key denied'
- pre_existent_keys:
- - '003 user3 192.168.0.100 fbc01326f0d13300d418085f826d986d06b6bd1e22257dca84d7477890ddc45c'
+ name: 'Testing ip and hash parsing options with different key'
+ description: 'Testing ip and hash parsing with key hash'
+ pre_existent_agents:
+ -
+ id: '001'
+ name: 'test_user'
+ ip: '192.168.0.100'
+ key: '48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db'
  test_case:
  -
- input: "OSSEC A:'userx' IP:'192.168.0.100' K:'aa06c24575fe8c474cd0c5386577eb974928dce3'"
+ # SHA1(001 test_user any 48a99873149358e48b13273c4ad07c44ed402bcb71fc94869f3e76b2f27637db)
+ # == 504f2f52d0e9d5fd9a12875aa86fa588dab2a43e
+ input: "OSSEC A:'userx' IP:'192.168.0.100' K:'504f2f52d0e9d5fd9a12875aa86fa588dab2a43e'"
  output: 'ERROR: Duplicate IP:'
diff --git a/tests/integration/test_authd/data/test_authd_force_insert.yaml b/tests/integration/test_authd/data/test_authd_force_insert.yaml
diff --git a/tests/integration/test_authd/data/wazuh_authd_configuration.yaml b/tests/integration/test_authd/data/wazuh_authd_configuration.yaml
@@ -42,39 +42,6 @@
  value: '/var/ossec/etc/sslmanager.key'
  - ssl_auto_negotiate:
  value: 'no'
- - tags:
- - all
- apply_to_modules:
- - test_authd_force_insert
- sections:
- - section: auth
- elements:
- - disabled:
- value: 'no'
- - port:
- value: 1515
- - use_source_ip:
- value: 'no'
- - force_insert:
- value: FORCE_INSERT
- - force_time:
- value: 0
- - purge:
- value: 'yes'
- - use_password:
- value: 'no'
- - limit_maxagents:
- value: 'yes'
- - ciphers:
- value: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
- - ssl_verify_host:
- value: 'no'
- - ssl_manager_cert:
- value: '/var/ossec/etc/sslmanager.cert'
- - ssl_manager_key:
- value: '/var/ossec/etc/sslmanager.key'
- - ssl_auto_negotiate:
- value: 'no'
  - tags:
  - all
  apply_to_modules:

diff --git a/tests/integration/test_authd/force_options/data/template_configuration.yaml b/tests/integration/test_authd/force_options/data/template_configuration.yaml
@@ -3,6 +3,7 @@
  - all
  apply_to_modules:
  - test_authd_force_options
+ - test_authd_force_options_invalid_config
  sections:
  - section: auth
  elements: