wazuh · DProvinciani · Nov 4, 2021 · Nov 4, 2021 · Nov 4, 2021 · DProvinciani
diff --git a/tests/integration/test_authd/force_options/test_authd_force_options.py b/tests/integration/test_authd/force_options/test_authd_force_options.py
@@ -1,3 +1,52 @@
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: These tests will check if the 'wazuh-authd' daemon correctly responds to the enrollment requests
+ messages respecting the valid option values used in the force configuration block.
+
+tier: 0
+
+modules:
+ - authd
+
+components:
+ - manager
+
+daemons:
+ - wazuh-authd
+ - wazuh-db
+
+os_platform:
+ - linux
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+
+tags:
+ - enrollment
+'''
 import os
 import time
 import pytest
@@ -54,9 +103,56 @@ def get_current_test_case(request):
 def test_authd_force_options(get_current_test_case, configure_local_internal_options_module, override_authd_force_conf,
  insert_pre_existent_agents, file_monitoring, restart_authd_function,
  wait_for_authd_startup_function, connect_to_sockets_function, tear_down):
+ '''
+ description:
+ Check that every input message in authd port generates the adequate output.
+
+ wazuh_min_version:
+ 4.3.0
+
+ parameters:
+ - get_current_test_case:
+ type: fixture
+ brief: gets the current test case from the tests' list
+ - configure_local_internal_options_module:
+ type: fixture
+ brief: Configure the local internal options file.
+ - override_authd_force_conf:
+ type: fixture
+ brief: Modified the authd configuration options.
+ - insert_pre_existent_agents:
+ type: fixture
+ brief: adds the required agents to the client.keys and global.db
+ - file_monitoring:
+ type: fixture
+ brief: Handle the monitoring of a specified file.
+ - restart_authd_function:
+ type: fixture
+ brief: stops the wazuh-authd daemon.
+ - wait_for_authd_startup_function:
+ type: fixture
+ brief: Waits until Authd is accepting connections.
+ - connect_to_sockets_function:
+ type: fixture
+ brief: Bind to the configured sockets at function scope.
+ - tear_down:
+ type: fixture
+ brief: Roll back the daemon and client.keys state after the test ends.
+
+ assertions:
+ - The received output must match with expected.
+ - Verifies the registration responses.
+
+ input_description:
+ Different test cases are contained in external YAML files (valid_config folder) which includes
+ different possible values for the current authd settings.
+
+ expected_output:
+ - Registration request responses on Authd socket.
+ '''
 
  authd_sock = receiver_sockets[0]
- validate_authd_logs(get_current_test_case.get('log', []), log_monitor)
+ validate_authd_logs(get_current_test_case.get('log', []))
 
  for stage in get_current_test_case['test_case']:
  # Reopen socket (socket is closed by manager after sending message with client key)
@@ -70,4 +166,4 @@ def test_authd_force_options(get_current_test_case, configure_local_internal_opt
  raise ConnectionResetError('Manager did not respond to sent message!')
  result, err_msg = validate_authd_response(response, stage['output'])
  assert result == 'success', f"Failed stage '{stage['description']}': {err_msg} Complete response: '{response}'"
- validate_authd_logs(stage.get('log', []), log_monitor)
+ validate_authd_logs(stage.get('log', []))
diff --git a/tests/integration/test_authd/force_options/test_authd_force_options_invalid_config.py b/tests/integration/test_authd/force_options/test_authd_force_options_invalid_config.py
@@ -1,3 +1,51 @@
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: These tests will check if a set of wrong configuration option values in the block force
+ are warned in the logs file.
+
+tier: 0
+
+modules:
+ - authd
+
+components:
+ - manager
+
+daemons:
+ - wazuh-authd
+
+os_platform:
+ - linux
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+
+tags:
+ - enrollment
+'''
 import os
 import pytest
 from wazuh_testing.tools import LOG_FILE_PATH
@@ -48,6 +96,42 @@ def get_current_test_case(request):
 
 def test_authd_force_options_invalid_config(get_current_test_case, configure_local_internal_options_module,
  override_authd_force_conf, file_monitoring, tear_down):
+ '''
+ description:
+ Check that every input with a wrong configuration option value
+ matches the adequate output log. None force registration
+ or response message is made.
+
+ wazuh_min_version:
+ 4.3.0
+
+ parameters:
+ - get_current_test_case:
+ type: fixture
+ brief: gets the current test case from the tests' list
+ - configure_local_internal_options_module:
+ type: fixture
+ brief: Configure the local internal options file.
+ - override_authd_force_conf:
+ type: fixture
+ brief: Modified the authd configuration options.
+ - file_monitoring:
+ type: fixture
+ brief: Handle the monitoring of a specified file.
+ - tear_down:
+ type: fixture
+ brief: Roll back the daemon and client.keys state after the test ends.
+
+ assertions:
+ - The received output must match with expected due to wrong configuration options.
+
+ input_description:
+ Different test cases are contained in an external YAML file (invalid_config folder) which includes
+ different possible wrong settings.
+
+ expected_output:
+ - Invalid configuration values error.
+ '''
 
  truncate_file(LOG_FILE_PATH)
  try:
@@ -56,4 +140,4 @@ def test_authd_force_options_invalid_config(get_current_test_case, configure_loc
  pass
  else:
  raise Exception("Authd started when it was expected to fail")
- validate_authd_logs(get_current_test_case.get('log', []), log_monitor)
+ validate_authd_logs(get_current_test_case.get('log', []))
diff --git a/tests/integration/test_authd/test_authd.py b/tests/integration/test_authd/test_authd.py
@@ -108,16 +108,15 @@ def test_ossec_auth_messages(get_configuration, set_up_groups, configure_environ
  clean_client_keys_file_module, restart_authd, wait_for_authd_startup_module,
  connect_to_sockets_module):
  '''
- description: Check if when the `wazuh-authd` daemon receives different kinds of enrollment requests,
- it responds appropriately to them. In this case, the enrollment requests
- are sent to an IP v4 network socket.
+ description:
+ Checks if when the `wazuh-authd` daemon receives different kinds of enrollment requests,
+ it responds appropriately to them. In this case, the enrollment requests
+ are sent to an IP v4 network socket.
 
- wazuh_min_version: 4.2
+ wazuh_min_version:
+ 4.2.0
 
  parameters:
- - clean_client_keys_file:
- type: fixture
- brief: Delete the agent keys stored in the `client.keys` file.
  - get_configuration:
  type: fixture
  brief: Get configurations from the module.
@@ -130,18 +129,26 @@ def test_ossec_auth_messages(get_configuration, set_up_groups, configure_environ
  - configure_sockets_environment:
  type: fixture
  brief: Configure environment for sockets and MITM.
- - connect_to_sockets_module:
+ - clean_client_keys_file_module:
+ type: fixture
+ brief: Stops Wazuh and cleans any previous key in client.keys file at module scope.
+ - restart_authd:
  type: fixture
- brief: Module scope version of `connect_to_sockets` fixture.
- - wait_for_agentd_startup:
+ brief: Restart the 'wazuh-authd' daemon, clear the 'ossec.log' file and start a new file monitor.
+ - wait_for_authd_startup_module:
  type: fixture
- brief: Wait until the `wazuh-agentd` has begun.
+ brief: Waits until Authd is accepting connections.
+ - connect_to_sockets_module:
+ type: fixture
+ brief: Module scope version of 'connect_to_sockets' fixture.
+
 
  assertions:
  - Verify that the response messages are consistent with the enrollment requests received.
 
- input_description: Different test cases are contained in an external `YAML` file (enroll_messages.yaml)
- that includes enrollment events and the expected output.
+ input_description:
+ Different test cases are contained in an external `YAML` file (enroll_messages.yaml)
+ that includes enrollment events and the expected output.
 
  expected_output:
  - Multiple values located in the `enroll_messages.yaml` file.
@@ -156,7 +163,7 @@ def test_ossec_auth_messages(get_configuration, set_up_groups, configure_environ
  receiver_sockets[0].open()
  expected = stage['output']
  message = stage['input']
- receiver_sockets[0].send(stage['input'], size=False)
+ receiver_sockets[0].send(message, size=False)
  timeout = time.time() + 10
  response = ''
  while response == '':

diff --git a/tests/integration/test_authd/test_authd_agents_ctx.py b/tests/integration/test_authd/test_authd_agents_ctx.py
@@ -394,12 +394,14 @@ def duplicate_name_agent_delete_test(server):
 def test_ossec_authd_agents_ctx_main(get_configuration, set_up_groups, configure_environment,
  configure_sockets_environment, connect_to_sockets_module):
  '''
- description: Check if when the 'wazuh-authd' daemon receives an enrollment request from an agent
- that has an IP address or name that is already registered, 'authd' creates a record
- for the new agent and deletes the old one. In this case, the enrollment requests
- are sent to an IP v4 network socket.
+ description:
+ Check if when the 'wazuh-authd' daemon receives an enrollment request from an agent
+ that has an IP address or name that is already registered, 'authd' creates a record
+ for the new agent and deletes the old one. In this case, the enrollment requests
+ are sent to an IP v4 network socket.
 
- wazuh_min_version: 4.2.0
+ wazuh_min_version:
+ 4.2.0
 
  parameters:
  - get_configuration:
@@ -422,8 +424,9 @@ def test_ossec_authd_agents_ctx_main(get_configuration, set_up_groups, configure
  - Verify that agents using an already registered IP address can successfully enroll.
  - Verify that agents using an already registered name can successfully enroll.
 
- input_description: Different test cases are contained in an external YAML file (wazuh_conf.yaml)
- which includes configuration settings for the 'wazuh-authd' daemon.
+ input_description:
+ Different test cases are contained in an external YAML file (wazuh_conf.yaml)
+ which includes configuration settings for the 'wazuh-authd' daemon.
 
  expected_output:
  - r'Accepting connections on port 1515' (When the 'wazuh-authd' daemon is ready to accept enrollments)