From 2cfac2999c9e0705b1e3d045918f0f3ddc539185 Mon Sep 17 00:00:00 2001 From: MiguelazoDS Cazajous-Miguel Date: Thu, 4 Nov 2021 14:04:17 -0300 Subject: [PATCH] Adding new test descriptions and revising already documented tests --- .../force_options/test_authd_force_options.py | 100 +++++++++++++++++- ...test_authd_force_options_invalid_config.py | 86 ++++++++++++++- tests/integration/test_authd/test_authd.py | 35 +++--- .../test_authd/test_authd_agents_ctx.py | 19 ++-- .../test_authd/test_authd_key_hash.py | 84 +++++++++------ .../test_authd/test_authd_local.py | 94 ++++++++-------- .../test_authd/test_authd_ssl_certs.py | 22 ++-- .../test_authd/test_authd_ssl_options.py | 17 +-- .../test_authd/test_authd_use_password.py | 36 ++++--- .../test_authd/test_authd_use_source_ip.py | 87 ++++++++------- .../test_authd/test_authd_valid_name_ip.py | 88 ++++++++------- .../test_authd/test_authd_worker.py | 82 +++++++------- .../test_authd/test_remote_enrollment.py | 21 ++-- 13 files changed, 514 insertions(+), 257 deletions(-) diff --git a/tests/integration/test_authd/force_options/test_authd_force_options.py b/tests/integration/test_authd/force_options/test_authd_force_options.py index fe09c171b9..4f913b20e6 100644 --- a/tests/integration/test_authd/force_options/test_authd_force_options.py +++ b/tests/integration/test_authd/force_options/test_authd_force_options.py @@ -1,3 +1,52 @@ +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: These tests will check if the 'wazuh-authd' daemon correctly responds to the enrollment requests + messages respecting the valid option values used in the force configuration block. + +tier: 0 + +modules: + - authd + +components: + - manager + +daemons: + - wazuh-authd + - wazuh-db + +os_platform: + - linux + +os_version: + - Arch Linux + - Amazon Linux 2 + - Amazon Linux 1 + - CentOS 8 + - CentOS 7 + - CentOS 6 + - Ubuntu Focal + - Ubuntu Bionic + - Ubuntu Xenial + - Ubuntu Trusty + - Debian Buster + - Debian Stretch + - Debian Jessie + - Debian Wheezy + - Red Hat 8 + - Red Hat 7 + - Red Hat 6 + +tags: + - enrollment +''' import os import time import pytest @@ -54,9 +103,56 @@ def get_current_test_case(request): def test_authd_force_options(get_current_test_case, configure_local_internal_options_module, override_authd_force_conf, insert_pre_existent_agents, file_monitoring, restart_authd_function, wait_for_authd_startup_function, connect_to_sockets_function, tear_down): + ''' + description: + Check that every input message in authd port generates the adequate output. + + wazuh_min_version: + 4.3.0 + + parameters: + - get_current_test_case: + type: fixture + brief: gets the current test case from the tests' list + - configure_local_internal_options_module: + type: fixture + brief: Configure the local internal options file. + - override_authd_force_conf: + type: fixture + brief: Modified the authd configuration options. + - insert_pre_existent_agents: + type: fixture + brief: adds the required agents to the client.keys and global.db + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + - restart_authd_function: + type: fixture + brief: stops the wazuh-authd daemon. + - wait_for_authd_startup_function: + type: fixture + brief: Waits until Authd is accepting connections. + - connect_to_sockets_function: + type: fixture + brief: Bind to the configured sockets at function scope. + - tear_down: + type: fixture + brief: Roll back the daemon and client.keys state after the test ends. + + assertions: + - The received output must match with expected. + - Verifies the registration responses. + + input_description: + Different test cases are contained in external YAML files (valid_config folder) which includes + different possible values for the current authd settings. + + expected_output: + - Registration request responses on Authd socket. + ''' authd_sock = receiver_sockets[0] - validate_authd_logs(get_current_test_case.get('log', []), log_monitor) + validate_authd_logs(get_current_test_case.get('log', [])) for stage in get_current_test_case['test_case']: # Reopen socket (socket is closed by manager after sending message with client key) @@ -70,4 +166,4 @@ def test_authd_force_options(get_current_test_case, configure_local_internal_opt raise ConnectionResetError('Manager did not respond to sent message!') result, err_msg = validate_authd_response(response, stage['output']) assert result == 'success', f"Failed stage '{stage['description']}': {err_msg} Complete response: '{response}'" - validate_authd_logs(stage.get('log', []), log_monitor) + validate_authd_logs(stage.get('log', [])) diff --git a/tests/integration/test_authd/force_options/test_authd_force_options_invalid_config.py b/tests/integration/test_authd/force_options/test_authd_force_options_invalid_config.py index f4b03dab07..cc527edbde 100644 --- a/tests/integration/test_authd/force_options/test_authd_force_options_invalid_config.py +++ b/tests/integration/test_authd/force_options/test_authd_force_options_invalid_config.py @@ -1,3 +1,51 @@ +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: These tests will check if a set of wrong configuration option values in the block force + are warned in the logs file. + +tier: 0 + +modules: + - authd + +components: + - manager + +daemons: + - wazuh-authd + +os_platform: + - linux + +os_version: + - Arch Linux + - Amazon Linux 2 + - Amazon Linux 1 + - CentOS 8 + - CentOS 7 + - CentOS 6 + - Ubuntu Focal + - Ubuntu Bionic + - Ubuntu Xenial + - Ubuntu Trusty + - Debian Buster + - Debian Stretch + - Debian Jessie + - Debian Wheezy + - Red Hat 8 + - Red Hat 7 + - Red Hat 6 + +tags: + - enrollment +''' import os import pytest from wazuh_testing.tools import LOG_FILE_PATH @@ -48,6 +96,42 @@ def get_current_test_case(request): def test_authd_force_options_invalid_config(get_current_test_case, configure_local_internal_options_module, override_authd_force_conf, file_monitoring, tear_down): + ''' + description: + Check that every input with a wrong configuration option value + matches the adequate output log. None force registration + or response message is made. + + wazuh_min_version: + 4.3.0 + + parameters: + - get_current_test_case: + type: fixture + brief: gets the current test case from the tests' list + - configure_local_internal_options_module: + type: fixture + brief: Configure the local internal options file. + - override_authd_force_conf: + type: fixture + brief: Modified the authd configuration options. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + - tear_down: + type: fixture + brief: Roll back the daemon and client.keys state after the test ends. + + assertions: + - The received output must match with expected due to wrong configuration options. + + input_description: + Different test cases are contained in an external YAML file (invalid_config folder) which includes + different possible wrong settings. + + expected_output: + - Invalid configuration values error. + ''' truncate_file(LOG_FILE_PATH) try: @@ -56,4 +140,4 @@ def test_authd_force_options_invalid_config(get_current_test_case, configure_loc pass else: raise Exception("Authd started when it was expected to fail") - validate_authd_logs(get_current_test_case.get('log', []), log_monitor) + validate_authd_logs(get_current_test_case.get('log', [])) diff --git a/tests/integration/test_authd/test_authd.py b/tests/integration/test_authd/test_authd.py index fe52856cbb..8f90509936 100755 --- a/tests/integration/test_authd/test_authd.py +++ b/tests/integration/test_authd/test_authd.py @@ -108,16 +108,15 @@ def test_ossec_auth_messages(get_configuration, set_up_groups, configure_environ clean_client_keys_file_module, restart_authd, wait_for_authd_startup_module, connect_to_sockets_module): ''' - description: Check if when the `wazuh-authd` daemon receives different kinds of enrollment requests, - it responds appropriately to them. In this case, the enrollment requests - are sent to an IP v4 network socket. + description: + Checks if when the `wazuh-authd` daemon receives different kinds of enrollment requests, + it responds appropriately to them. In this case, the enrollment requests + are sent to an IP v4 network socket. - wazuh_min_version: 4.2 + wazuh_min_version: + 4.2.0 parameters: - - clean_client_keys_file: - type: fixture - brief: Delete the agent keys stored in the `client.keys` file. - get_configuration: type: fixture brief: Get configurations from the module. @@ -130,18 +129,26 @@ def test_ossec_auth_messages(get_configuration, set_up_groups, configure_environ - configure_sockets_environment: type: fixture brief: Configure environment for sockets and MITM. - - connect_to_sockets_module: + - clean_client_keys_file_module: + type: fixture + brief: Stops Wazuh and cleans any previous key in client.keys file at module scope. + - restart_authd: type: fixture - brief: Module scope version of `connect_to_sockets` fixture. - - wait_for_agentd_startup: + brief: Restart the 'wazuh-authd' daemon, clear the 'ossec.log' file and start a new file monitor. + - wait_for_authd_startup_module: type: fixture - brief: Wait until the `wazuh-agentd` has begun. + brief: Waits until Authd is accepting connections. + - connect_to_sockets_module: + type: fixture + brief: Module scope version of 'connect_to_sockets' fixture. + assertions: - Verify that the response messages are consistent with the enrollment requests received. - input_description: Different test cases are contained in an external `YAML` file (enroll_messages.yaml) - that includes enrollment events and the expected output. + input_description: + Different test cases are contained in an external `YAML` file (enroll_messages.yaml) + that includes enrollment events and the expected output. expected_output: - Multiple values located in the `enroll_messages.yaml` file. @@ -156,7 +163,7 @@ def test_ossec_auth_messages(get_configuration, set_up_groups, configure_environ receiver_sockets[0].open() expected = stage['output'] message = stage['input'] - receiver_sockets[0].send(stage['input'], size=False) + receiver_sockets[0].send(message, size=False) timeout = time.time() + 10 response = '' while response == '': diff --git a/tests/integration/test_authd/test_authd_agents_ctx.py b/tests/integration/test_authd/test_authd_agents_ctx.py index ba2096bd49..cf51a2159d 100644 --- a/tests/integration/test_authd/test_authd_agents_ctx.py +++ b/tests/integration/test_authd/test_authd_agents_ctx.py @@ -289,7 +289,7 @@ def register_agent_main_server(Name, Group=None, IP=None): def register_agent_local_server(Name, Group=None, IP=None): message = ('{"arguments":{"force":{"enabled":true,"disconnected_time":{"enabled":true,"value":"0"},' - '"key_mismatch":true,"after_registration_time":"0"}') + '"key_mismatch":true,"after_registration_time":"0"}') message += ',"name":"{}"'.format(Name) if Group: message += ',"groups":"{}"'.format(Group) @@ -394,12 +394,14 @@ def duplicate_name_agent_delete_test(server): def test_ossec_authd_agents_ctx_main(get_configuration, set_up_groups, configure_environment, configure_sockets_environment, connect_to_sockets_module): ''' - description: Check if when the 'wazuh-authd' daemon receives an enrollment request from an agent - that has an IP address or name that is already registered, 'authd' creates a record - for the new agent and deletes the old one. In this case, the enrollment requests - are sent to an IP v4 network socket. + description: + Check if when the 'wazuh-authd' daemon receives an enrollment request from an agent + that has an IP address or name that is already registered, 'authd' creates a record + for the new agent and deletes the old one. In this case, the enrollment requests + are sent to an IP v4 network socket. - wazuh_min_version: 4.2.0 + wazuh_min_version: + 4.2.0 parameters: - get_configuration: @@ -422,8 +424,9 @@ def test_ossec_authd_agents_ctx_main(get_configuration, set_up_groups, configure - Verify that agents using an already registered IP address can successfully enroll. - Verify that agents using an already registered name can successfully enroll. - input_description: Different test cases are contained in an external YAML file (wazuh_conf.yaml) - which includes configuration settings for the 'wazuh-authd' daemon. + input_description: + Different test cases are contained in an external YAML file (wazuh_conf.yaml) + which includes configuration settings for the 'wazuh-authd' daemon. expected_output: - r'Accepting connections on port 1515' (When the 'wazuh-authd' daemon is ready to accept enrollments) diff --git a/tests/integration/test_authd/test_authd_key_hash.py b/tests/integration/test_authd/test_authd_key_hash.py index d40edf1862..1316847349 100755 --- a/tests/integration/test_authd/test_authd_key_hash.py +++ b/tests/integration/test_authd/test_authd_key_hash.py @@ -19,6 +19,8 @@ daemons: - wazuh-authd + - wazuh-db + - wazuh-modulesd os_platform: - linux @@ -114,40 +116,54 @@ def test_ossec_auth_messages_with_key_hash(configure_environment, configure_sock connect_to_sockets_function, set_up_groups, insert_pre_existent_agents, restart_authd_function, wait_for_authd_startup_function, get_current_test_case, tear_down): - """ - description: - "Check that every input message in authd port generates the adequate output" - wazuh_min_version: - 4.2 - parameters: - - configure_environment: - type: fixture - brief: Configure a custom environment for testing. - - configure_sockets_environment: - type: fixture - brief: Configure the socket listener to receive and send messages on the sockets. - - clean_client_keys_file_module: - type: fixture - brief: Stops Wazuh and cleans any previus key in client.keys file at module scope. - - set_up_groups: - type: fixture - brief: Set pre-existent groups. - - wait_for_authd_startup_function: - type: fixture - brief: Waits until Authd is accepting connections. - - connect_to_sockets_function: - type: fixture - brief: Bind to the configured sockets at function scope. - assertions: - - The received output must match with expected - - The enrollment messages are parsed as expected - - The agent keys are denied if the hash is the same than the manager's - input_description: - Different test cases are contained in an external YAML file (authd_key_hash.yaml) which includes - the different possible registration requests and the expected responses. - expected_output: - - Registration request responses on Authd socket - """ + ''' + description: + Checks that every input message in authd port generates the adequate output. + + wazuh_min_version: + 4.2.0 + + parameters: + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - configure_sockets_environment: + type: fixture + brief: Configure the socket listener to receive and send messages on the sockets. + - connect_to_sockets_function: + type: fixture + brief: Bind to the configured sockets at function scope. + - set_up_groups: + type: fixture + brief: Set pre-existent groups. + - insert_pre_existent_agents: + type: fixture + brief: adds the required agents to the client.keys and global.db + - restart_authd_function: + type: fixture + brief: stops the wazuh-authd daemon. + - wait_for_authd_startup_function: + type: fixture + brief: Waits until Authd is accepting connections. + - get_current_test_case: + type: fixture + brief: gets the current test case from the tests' list + - tear_down: + type: fixture + brief: cleans the client.keys file + + assertions: + - The received output must match with expected + - The enrollment messages are parsed as expected + - The agent keys are denied if the hash is the same than the manager's + + input_description: + Different test cases are contained in an external YAML file (authd_key_hash.yaml) which includes + the different possible registration requests and the expected responses. + + expected_output: + - Registration request responses on Authd socket + ''' case = get_current_test_case['test_case'] for index, stage in enumerate(case): diff --git a/tests/integration/test_authd/test_authd_local.py b/tests/integration/test_authd/test_authd_local.py index b8abb35b59..24946c765b 100755 --- a/tests/integration/test_authd/test_authd_local.py +++ b/tests/integration/test_authd/test_authd_local.py @@ -20,6 +20,7 @@ daemons: - wazuh-authd + - wazuh-db os_platform: - linux @@ -120,56 +121,61 @@ def set_up_groups(get_current_test_case, request): def test_authd_local_messages(configure_environment, configure_sockets_environment, connect_to_sockets_function, set_up_groups, insert_pre_existent_agents, restart_authd_function, wait_for_authd_startup_function, get_current_test_case, tear_down): - """ - description: - "Check that every input message in trough local authd port generates the adequate response to worker" - wazuh_min_version: - 4.2 - parameters: - - configure_environment: - type: fixture - brief: Configure a custom environment for testing. - - configure_sockets_environment: - type: fixture - brief: Configure the socket listener to receive and send messages on the sockets at function scope. - - connect_to_sockets_function: - type: fixture - brief: Bind to the configured sockets at function scope. - - set_up_groups - type: fixture - brief: Set the pre-defined groups. - - insert_pre_existent_agents: - type: fixture - brief: adds the required agents to the client.keys and global.db - - restart_authd_function: - type: fixture - brief: stops the wazuh-authd daemon - - wait_for_authd_startup_function: - type: fixture - brief: Waits until Authd is accepting connections. - - get_current_test_case: - type: fixture - brief: gets the current test case from the tests' list - - tear_down: - type: fixture - brief: cleans the client.keys file - assertions: - - The received output must match with expected - - The enrollment messages are parsed as expected - - The agent keys are denied if the hash is the same than the manager's - input_description: - Different test cases are contained in an external YAML file (local_enroll_messages.yaml) which includes - the different possible registration requests and the expected responses. - expected_output: - - Registration request responses on Authd socket - """ + ''' + description: + Checks that every input message in trough local authd port generates the adequate response to worker. + + wazuh_min_version: + 4.2.0 + + parameters: + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - configure_sockets_environment: + type: fixture + brief: Configure the socket listener to receive and send messages on the sockets at function scope. + - connect_to_sockets_function: + type: fixture + brief: Bind to the configured sockets at function scope. + - set_up_groups: + type: fixture + brief: Set the pre-defined groups. + - insert_pre_existent_agents: + type: fixture + brief: adds the required agents to the client.keys and global.db + - restart_authd_function: + type: fixture + brief: stops the wazuh-authd daemon + - wait_for_authd_startup_function: + type: fixture + brief: Waits until Authd is accepting connections. + - get_current_test_case: + type: fixture + brief: gets the current test case from the tests' list + - tear_down: + type: fixture + brief: cleans the client.keys file + + assertions: + - The received output must match with expected + - The enrollment messages are parsed as expected + - The agent keys are denied if the hash is the same as the manager's + + input_description: + Different test cases are contained in an external YAML file (local_enroll_messages.yaml) which includes + the different possible registration requests and the expected responses. + + expected_output: + - Registration request responses on Authd socket + ''' case = get_current_test_case['test_case'] for index, stage in enumerate(case): # Reopen socket (socket is closed by manager after sending message with client key) receiver_sockets[0].open() expected = stage['output'] message = stage['input'] - receiver_sockets[0].send(stage['input'], size=True) + receiver_sockets[0].send(message, size=True) response = receiver_sockets[0].receive(size=True).decode() assert response[:len(expected)] == expected, \ 'Failed stage "{}". Response was: {} instead of: {}' \ diff --git a/tests/integration/test_authd/test_authd_ssl_certs.py b/tests/integration/test_authd/test_authd_ssl_certs.py index 3c4029249a..8559453481 100644 --- a/tests/integration/test_authd/test_authd_ssl_certs.py +++ b/tests/integration/test_authd/test_authd_ssl_certs.py @@ -167,12 +167,14 @@ def callback_agentd_startup(line): def test_authd_ssl_certs(get_configuration, generate_ca_certificate, tear_down): ''' - description: Check if the 'wazuh-authd' daemon can manage 'SSL' connections with agents - and the 'host verification' feature is working properly. For this purpose, - it generates and signs the necessary certificates and builds the - enrollment requests using them. + description: + Checks if the 'wazuh-authd' daemon can manage 'SSL' connections with agents + and the 'host verification' feature is working properly. For this purpose, + it generates and signs the necessary certificates and builds the + enrollment requests using them. - wazuh_min_version: 4.2.0 + wazuh_min_version: + 4.2.0 parameters: - get_configuration: @@ -181,14 +183,18 @@ def test_authd_ssl_certs(get_configuration, generate_ca_certificate, tear_down): - generate_ca_certificate: type: fixture brief: Build the 'CA' (Certificate of Authority) and sign the certificate used by the testing agent. + - tear_down: + type: fixture + brief: cleans the client.keys file assertions: - Verify that the agent can only connect to the 'wazuh-authd' daemon socket using a valid certificate. - Verify that using a valid certificate the agent can only enroll using the IP address linked to it. - input_description: Different test cases are found in the test module and include - parameters for the environment setup, the requests - to be made, and the expected result. + input_description: + Different test cases are found in the test module and include + parameters for the environment setup, the requests + to be made, and the expected result. expected_output: - r'OSSEC K:' (When the agent has enrolled in the manager) diff --git a/tests/integration/test_authd/test_authd_ssl_options.py b/tests/integration/test_authd/test_authd_ssl_options.py index ad6f5cce73..2795f3ec93 100644 --- a/tests/integration/test_authd/test_authd_ssl_options.py +++ b/tests/integration/test_authd/test_authd_ssl_options.py @@ -156,12 +156,14 @@ def callback_agentd_startup(line): def test_ossec_auth_configurations(get_configuration, configure_environment, configure_sockets_environment): ''' - description: Check if the 'SSL' settings of the 'wazuh-authd' daemon work correctly by enrolling agents - that use different values for these settings. Different types of encryption and secure - connection protocols are tested, in addition to the 'ssl_auto_negotiate' option - that automatically chooses the protocol to be used. + description: + Checks if the 'SSL' settings of the 'wazuh-authd' daemon work correctly by enrolling agents + that use different values for these settings. Different types of encryption and secure + connection protocols are tested, in addition to the 'ssl_auto_negotiate' option + that automatically chooses the protocol to be used. - wazuh_min_version: 4.2.0 + wazuh_min_version: + 4.2.0 parameters: - get_configuration: @@ -177,8 +179,9 @@ def test_ossec_auth_configurations(get_configuration, configure_environment, con assertions: - Verify that the response messages are consistent with the enrollment requests received. - input_description: Different test cases are contained in an external YAML file (enroll_ssl_options_tests.yaml) - that includes enrollment events and the expected output. + input_description: + Different test cases are contained in an external YAML file (enroll_ssl_options_tests.yaml) + that includes enrollment events and the expected output. expected_output: - Multiple values located in the 'enroll_ssl_options_tests.yaml' file. diff --git a/tests/integration/test_authd/test_authd_use_password.py b/tests/integration/test_authd/test_authd_use_password.py index 37a8313693..f2ddb8a1af 100644 --- a/tests/integration/test_authd/test_authd_use_password.py +++ b/tests/integration/test_authd/test_authd_use_password.py @@ -19,6 +19,8 @@ daemons: - wazuh-authd + - wazuh-db + - wazuh-modulesd os_platform: - linux @@ -168,20 +170,13 @@ def test_authd_force_options(get_configuration, configure_environment, configure wait_for_authd_startup_function, connect_to_sockets_function, test_case, tear_down): ''' - description: Check that every input message in authd port generates the adequate output. + description: + Checks that every input message in authd port generates the adequate output. - wazuh_min_version: 4.2.0 + wazuh_min_version: + 4.2.0 parameters: - - clean_client_keys_file_module: - type: fixture - brief: Stops Wazuh and cleans any previus key in client.keys file at module scope. - - clean_client_keys_file_function: - type: fixture - brief: Cleans any previus key in client.keys file at function scope. - - reset_password: - type: fixture - brief: Write the password file. - get_configuration: type: fixture brief: Get the configuration of the test. @@ -191,15 +186,24 @@ def test_authd_force_options(get_configuration, configure_environment, configure - configure_sockets_environment: type: fixture brief: Configure the socket listener to receive and send messages on the sockets. - - connect_to_sockets_module: + - clean_client_keys_file_function: type: fixture - brief: Bind to the configured sockets at module scope. + brief: Cleans any previous key in client.keys file at function scope. + - reset_password: + type: fixture + brief: Write the password file. + - restart_authd_function: + type: fixture + brief: stops the wazuh-authd daemon. + - wait_for_authd_startup_function: + type: fixture + brief: Waits until Authd is accepting connections. + - connect_to_sockets_function: + type: fixture + brief: Bind to the configured sockets at function scope. - test_case: type: list brief: List with all the test cases for the test. - - register_previous_agent: - type: fixture - brief: Register agents to simulate a scenario with pre existent keys. - tear_down: type: fixture brief: Roll back the daemon and client.keys state after the test ends. diff --git a/tests/integration/test_authd/test_authd_use_source_ip.py b/tests/integration/test_authd/test_authd_use_source_ip.py index 5a9799a20c..8d16d139b6 100644 --- a/tests/integration/test_authd/test_authd_use_source_ip.py +++ b/tests/integration/test_authd/test_authd_use_source_ip.py @@ -19,6 +19,8 @@ daemons: - wazuh-authd + - wazuh-db + - wazuh-modulesd os_platform: - linux @@ -101,43 +103,54 @@ def get_configuration(request): def test_authd_force_options(get_configuration, configure_environment, configure_sockets_environment, clean_client_keys_file_function, restart_authd_function, wait_for_authd_startup_function, connect_to_sockets_function, test_case, tear_down): - """ - description: - "Check that every input message in authd port generates the adequate output" - wazuh_min_version: - 4.2 - parameters: - - get_configuration: - type: fixture - brief: Get the configuration of the test. - - configure_environment: - type: fixture - brief: Configure a custom environment for testing. - - configure_sockets_environment: - type: fixture - brief: Configure the socket listener to receive and send messages on the sockets. - - wait_for_authd_startup_function: - type: fixture - brief: Waits until Authd is accepting connections. - - connect_to_sockets_configuration: - type: fixture - brief: Bind to the configured sockets at configuration scope. - - test_case: - type: list - brief: List with all the test cases for the test. - - tear_down: - type: fixture - brief: Roll back the daemon and client.keys state after the test ends. - assertions: - - The manager uses the agent's IP as requested - - Setting an IP overrides the configuration - - If the IP is not defined an the setting is disabled, use 'any' - input_description: - Different test cases are contained in an external YAML file (test_authd_use_source_ip.yaml) which includes - the different possible registration requests and the expected responses. - expected_output: - - Registration request responses on Authd socket - """ + ''' + description: + Checks that every input message in authd port generates the adequate output + + wazuh_min_version: + 4.2.0 + + parameters: + - get_configuration: + type: fixture + brief: Get the configuration of the test. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - configure_sockets_environment: + type: fixture + brief: Configure the socket listener to receive and send messages on the sockets. + - clean_client_keys_file_function: + type: fixture + brief: Cleans any previous key in client.keys file at function scope. + - restart_authd_function: + type: fixture + brief: stops the wazuh-authd daemon + - wait_for_authd_startup_function: + type: fixture + brief: Waits until Authd is accepting connections. + - connect_to_sockets_function: + type: fixture + brief: Bind to the configured sockets at function scope. + - test_case: + type: list + brief: List all the test cases for the test. + - tear_down: + type: fixture + brief: Roll back the daemon and client.keys state after the test ends. + + assertions: + - The manager uses the agent's IP as requested + - Setting an IP overrides the configuration + - If the IP is not defined and the setting is disabled, use 'any' + + input_description: + Different test cases are contained in an external YAML file (test_authd_use_source_ip.yaml) which includes + the different possible registration requests and the expected responses. + + expected_output: + - Registration request responses on Authd socket + ''' metadata = get_configuration['metadata'] diff --git a/tests/integration/test_authd/test_authd_valid_name_ip.py b/tests/integration/test_authd/test_authd_valid_name_ip.py index ffdbecd21a..e0dc6b5fe6 100644 --- a/tests/integration/test_authd/test_authd_valid_name_ip.py +++ b/tests/integration/test_authd/test_authd_valid_name_ip.py @@ -19,6 +19,8 @@ daemons: - wazuh-authd + - wazuh-db + - wazuh-modulesd os_platform: - linux @@ -92,45 +94,53 @@ def get_configuration(request): def test_authd_force_options(get_configuration, configure_environment, configure_sockets_environment, clean_client_keys_file_module, restart_authd, wait_for_authd_startup_module, connect_to_sockets_module, test_case, tear_down): - """ - description: - "Check that every input message in authd port generates the adequate output" - wazuh_min_version: - 4.2 - parameters: - - clean_client_keys_file_module: - type: fixture - brief: Stops Wazuh and cleans any previus key in client.keys file at module scope. - - clean_client_keys_file_function: - type: fixture - brief: Cleans any previus key in client.keys file at function scope. - - get_configuration: - type: fixture - brief: Get the configuration of the test. - - configure_environment: - type: fixture - brief: Configure a custom environment for testing. - - configure_sockets_environment: - type: fixture - brief: Configure the socket listener to receive and send messages on the sockets. - - connect_to_sockets_module: - type: fixture - brief: Bind to the configured sockets at module scope. - - test_case: - type: list - brief: List with all the test cases for the test. - - tear_down: - type: fixture - brief: Roll back the daemon and client.keys state after the test ends. - assertions: - - The manager registers agents with valid IP and name - - The manager rejects invalid input - input_description: - Different test cases are contained in an external YAML file (test_authd_valid_name_ip.yaml) which includes - the different possible registration requests and the expected responses. - expected_output: - - Registration request responses on Authd socket - """ + ''' + description: + Checks that every input message in authd port generates the adequate output. + + wazuh_min_version: + 4.2.0 + + parameters: + - get_configuration: + type: fixture + brief: Get the configuration of the test. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - configure_sockets_environment: + type: fixture + brief: Configure the socket listener to receive and send messages on the sockets. + - clean_client_keys_file_module: + type: fixture + brief: Stops Wazuh and cleans any previous key in client.keys file at module scope. + - restart_authd: + type: fixture + brief: Restart the 'wazuh-authd' daemon, clear the 'ossec.log' file and start a new file monitor. + - wait_for_authd_startup_module: + type: fixture + brief: Waits until Authd is accepting connections. + - connect_to_sockets_module: + type: fixture + brief: Bind to the configured sockets at module scope. + - test_case: + type: list + brief: List all the test cases for the test. + - tear_down: + type: fixture + brief: Roll back the daemon and client.keys state after the test ends. + + assertions: + - The manager registers agents with valid IP and name + - The manager rejects invalid input + + input_description: + Different test cases are contained in an external YAML file (test_authd_valid_name_ip.yaml) which includes + the different possible registration requests and the expected responses. + + expected_output: + - Registration request responses on Authd socket + ''' for index, stage in enumerate(test_case['test_case']): # Reopen socket (socket is closed by manager after sending message with client key) diff --git a/tests/integration/test_authd/test_authd_worker.py b/tests/integration/test_authd/test_authd_worker.py index e1598adeae..1b394d810d 100644 --- a/tests/integration/test_authd/test_authd_worker.py +++ b/tests/integration/test_authd/test_authd_worker.py @@ -19,6 +19,7 @@ daemons: - wazuh-authd + - wazuh-clusterd os_platform: - linux @@ -149,43 +150,48 @@ def get_current_test_case(request): # Tests def test_ossec_auth_messages(get_configuration, set_up_groups, configure_environment, configure_sockets_environment, connect_to_sockets_module, wait_for_authd_startup_module, get_current_test_case): - """ - description: - "Check that every message from the agent is correctly formatted for master, and every master - response is correctly parsed for agent" - wazuh_min_version: - 4.2 - parameters: - - get_configuration: - type: fixture - brief: Get the configuration of the test. - - set_up_groups - type: fixture - brief: Set the pre-defined groups. - - configure_environment: - type: fixture - brief: Configure a custom environment for testing. - - configure_sockets_environment: - type: fixture - brief: Configure the socket listener to receive and send messages on the sockets. - - connect_to_sockets_module: - type: fixture - brief: Bind to the configured sockets at module scope. - - wait_for_authd_startup_module: - type: fixture - brief: Waits until Authd is accepting connections. - - get_current_test_case: - type: fixture - brief: gets the current test case from the tests' list - assertions: - - The 'port_input' from agent is formatted to 'cluster_input' for master - - The 'cluster_output' response from master is correctly parsed to 'port_output' for agent - input_description: - Different test cases are contained in an external YAML file (worker_messages.yaml) which includes - the different possible registration requests and the expected responses. - expected_output: - - Registration request responses on Authd socket - """ + ''' + description: + Checks that every message from the agent is correctly formatted for master, + and every master response is correctly parsed for agent. + + wazuh_min_version: + 4.2.0 + + parameters: + - get_configuration: + type: fixture + brief: Get the configuration of the test. + - set_up_groups: + type: fixture + brief: Set the pre-defined groups. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - configure_sockets_environment: + type: fixture + brief: Configure the socket listener to receive and send messages on the sockets. + - connect_to_sockets_module: + type: fixture + brief: Bind to the configured sockets at module scope. + - wait_for_authd_startup_module: + type: fixture + brief: Waits until Authd is accepting connections. + - get_current_test_case: + type: fixture + brief: gets the current test case from the tests' list + + assertions: + - The 'port_input' from agent is formatted to 'cluster_input' for master + - The 'cluster_output' response from master is correctly parsed to 'port_output' for agent + + input_description: + Different test cases are contained in an external YAML file (worker_messages.yaml) which includes + the different possible registration requests and the expected responses. + + expected_output: + - Registration request responses on Authd socket + ''' test_case = get_current_test_case['test_case'] for stage in test_case: @@ -196,7 +202,7 @@ def test_ossec_auth_messages(get_configuration, set_up_groups, configure_environ receiver_sockets[0].open() expected = stage['port_output'] message = stage['port_input'] - receiver_sockets[0].send(stage['port_input'], size=False) + receiver_sockets[0].send(message, size=False) timeout = time.time() + 10 response = '' while response == '': diff --git a/tests/integration/test_authd/test_remote_enrollment.py b/tests/integration/test_authd/test_remote_enrollment.py index 725a5f96d3..c5ed95430e 100644 --- a/tests/integration/test_authd/test_remote_enrollment.py +++ b/tests/integration/test_authd/test_remote_enrollment.py @@ -124,12 +124,14 @@ def not_raises(exception): def test_remote_enrollment(get_configuration, configure_environment, restart_authd, tear_down): ''' - description: Check if the 'wazuh-authd' daemon remote enrollment is enabled/disabled according - to the configuration. By default, remote enrollment is enabled. When disabled, - the 'authd' 'TLS' port (1515 by default) won't be listening to new connections, - but requests to the local socket will still be attended. + description: + Checks if the 'wazuh-authd' daemon remote enrollment is enabled/disabled according + to the configuration. By default, remote enrollment is enabled. When disabled, + the 'authd' 'TLS' port (1515 by default) won't be listening to new connections, + but requests to the local socket will still be attended. - wazuh_min_version: 4.2.0 + wazuh_min_version: + 4.2.0 parameters: - get_configuration: @@ -149,15 +151,16 @@ def test_remote_enrollment(get_configuration, configure_environment, restart_aut - Verify that the port '1515' opens or closes depending on the value of the 'remote_enrollment' option. - Verify that when a 'worker' node receives an enrollment request, it tries to connect to the 'master' node. - input_description: Different test cases are found in the test module and include - parameters for the environment setup, the requests - to be made, and the expected result. + input_description: + Different test cases are found in the test module and include + parameters for the environment setup, the requests + to be made, and the expected result. expected_output: - r'Accepting connections on port 1515. No password required.' (When the 'wazuh-authd' daemon) - r'OSSEC K:' (When the agent has enrolled in the manager) - r'.*Port 1515 was set as disabled.*' (When remote enrollment is disabled) - - r'ERROR: Cannot comunicate with master' + - r'ERROR: Cannot communicate with the master' tags: - keys