doc: Add of test_remoted documentation in QA Docs style

The following tests have been documentated: * test_active_response_send_ar.py * test_agent_pending_status.py The current scheme of the issue #1694 has been used. PEP-8 fixes. Related: #1816
wazuh · Nov 5, 2021 · c312b4d · c312b4d
1 parent 5b772b2
commit c312b4d
Show file tree

Hide file tree

Showing 2 changed files with 196 additions and 25 deletions.
diff --git a/tests/integration/test_remoted/test_active_response/test_active_response_send_ar.py b/tests/integration/test_remoted/test_active_response/test_active_response_send_ar.py
@@ -1,7 +1,58 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
-
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-remoted' program is the server side daemon that communicates with the agents.
+ Specifically, these tests will check if an active response command is sent correctly
+ to the Wazuh agent. Active responses perform various countermeasures to address active
+ threats, such as blocking access to an agent from the threat source when certain
+ criteria are met.
+
+tier: 1
+
+modules:
+ - remoted
+
+components:
+ - manager
+
+daemons:
+ - wazuh-remoted
+ - wazuh-execd
+
+os_platform:
+ - linux
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/remote.html
+
+tags:
+ - remoted_active_response
+'''
 import os
 import pytest
 import time
@@ -37,7 +88,7 @@
  {'protocol': TCP_UDP, 'port': '4565'}
 ]
 
-configurations = load_wazuh_configurations(configurations_path, __name__ ,
+configurations = load_wazuh_configurations(configurations_path, __name__,
  params=parameters, metadata=metadata)
 configuration_ids = [f"{x['PROTOCOL']}_{x['PORT']}" for x in parameters]
 
@@ -55,14 +106,44 @@ def get_configuration(request):
  "Sometimes it doesn't work properly when it sends keepalives "
  "messages causing the agent to never being in active status.")
 def test_active_response_ar_sending(get_configuration, configure_environment, restart_remoted):
- """Test if `wazuh-remoted` sends active response commands to the agent.
-
- Check if execd sends active response command to the remoted module in the manager. Then, it
- ensures that the agent receives the active command message from the manager.
-
- Raises:
- AssertionError: if `wazuh-remoted` does not send the active response command to the agent.
- """
+ '''
+ description: Check if the 'wazuh-remoted' daemon sends active response commands to the Wazuh agent.
+ For this purpose, the test will establish a connection with a simulated agent using
+ different ports and transport protocols. Then, it will send an active response to that
+ agent, and finally, the test will verify that the events indicating that the active
+ response has been sent by the manager and received it by the agent are generated.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - get_configuration:
+ type: fixture
+ brief: Get configurations from the module.
+ - configure_environment:
+ type: fixture
+ brief: Configure a custom environment for testing.
+ - restart_remoted:
+ type: fixture
+ brief: Clear the 'ossec.log' file and start a new monitor.
+
+ assertions:
+ - Verify that the 'wazuh-execd' daemon sends the active response to the 'wazuh-remoted' daemon.
+ - Verify that the 'wazuh-remoted' daemon receives the active response from the 'wazuh-execd' daemon.
+ - Verify that the Wazuh agent receives an active response message.
+
+ input_description: A configuration template (test_active_response_send_ar) is contained in an external YAML
+ file (wazuh_test_active_response.yaml). That template is combined with different
+ test cases defined in the module. Those include configuration settings for
+ the 'wazuh-remoted' daemon.
+
+ expected_output:
+ - r'.*Active response request received.*'
+ - r'.*Active response sent.*'
+
+ tags:
+ - active_response
+ - simulator
+ '''
  protocol_array = (get_configuration['metadata']['protocol']).split(',')
  manager_port = get_configuration['metadata']['port']
 
@@ -92,6 +173,7 @@ def test_active_response_ar_sending(get_configuration, configure_environment, re
  wazuh_log_monitor.start(timeout=10, callback=log_callback,
  error_message='The expected event has not been found in ossec.log')
 
- remote.check_agent_received_message(agent, f"#!-execd {remote.ACTIVE_RESPONSE_EXAMPLE_COMMAND}", escape=True)
+ remote.check_agent_received_message(agent, f"#!-execd {remote.ACTIVE_RESPONSE_EXAMPLE_COMMAND}",
+ escape=True)
  finally:
  injector.stop_receive()
diff --git a/tests/integration/test_remoted/test_agent_communication/test_agent_pending_status.py b/tests/integration/test_remoted/test_agent_communication/test_agent_pending_status.py
@@ -1,3 +1,58 @@
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-remoted' program is the server side daemon that communicates with the agents.
+ Specifically, these tests will check if the agent status appears as 'disconnected' after
+ just sending the 'start-up' event, sent by several agents using different protocols.
+ The 'disconnected' status is when the manager considers that the agent is disconnected
+ if it does not receive any keep alive messages.
+
+tier: 0
+
+modules:
+ - remoted
+
+components:
+ - manager
+
+daemons:
+ - wazuh-remoted
+
+os_platform:
+ - linux
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/remote.html
+ - https://documentation.wazuh.com/current/user-manual/agents/agent-life-cycle.html?highlight=status#agent-status
+
+tags:
+ - remoted_agent_communication
+'''
 import os
 import pytest
 
@@ -49,17 +104,51 @@
 
 def check_active_agents(num_agents=1, manager_address='127.0.0.1', agent_version='4.2.0', agent_os='debian7',
  manager_port=1514, protocol=TCP):
- """Check if the status of the agent is disable after sending only the start-up event.
- Args:
- num_agents (int): Number of agents to create and check their status.
- manager_address (str): Manager IP address.
- agent_version (str): Agent wazuh version.
- agent_os (str): Agent operating system.
- manager_port (int): Manager remote communication port.
- protocol (str): It can be TCP, UDP or TCP_UDP (both).
- Raises:
- AttributeError: If the agent status is not active.
- """
+ '''
+ description: Check if the status of the agent is 'disconnected' after sending only the start-up event.
+ For this purpose, the test will establish a connection with simulated agents using
+ different ports and transport protocols. Then, it will send initialization events to the
+ agents and check if the 'pending' status is active for each agent. Finally, the test
+ will verify that the 'disconnected' status is active on all agents.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - num_agents:
+ type: int
+ brief: Number of agents to create and check their status.
+ - manager_address:
+ type: str
+ brief: Manager IP address.
+ - agent_version:
+ type: str
+ brief: Wazuh agent version.
+ - agent_os:
+ type: str
+ brief: Agent operating system.
+ - manager_port:
+ type: int
+ brief: Manager remote communication port.
+ - protocol:
+ type: str
+ brief: It can be TCP, UDP or TCP_UDP (both).
+
+ assertions:
+ - Verify that the 'pending' status is active when a Wazuh agent is initialized.
+ - Verify that the 'disconnected' status is active after a Wazuh agent has a 'pending' status.
+
+ input_description: A configuration template (test_agent_pending_status) is contained in an external YAML
+ file (wazuh_agent_pending_status.yaml). That template is combined with different
+ test cases defined in the module. Those include configuration settings for
+ the 'wazuh-remoted' daemon.
+
+ expected_output:
+ - r'pending'
+ - r'disconnected'
+
+ tags:
+ - simulator
+ '''
  def send_initialization_events(agent, sender):
  """Send the start-up and keep-alive events"""
  try: