@skip_if_github_validation
@sle_minion
@scope_cve_audit
Feature: 0042 - CVE Audit on SLE Salt Minions
Description: In order to check if systems are patched against certain vulnerabilities
As an authorized user
I want to see the Salt Minions that need to be patched
File name: min_cve_audit.feature
Relative path: secondary/min_cve_audit.feature
@skip_if_github_validation
@sle_minion
@scope_cve_audit
Scenario: Pre-requisite: downgrade milkyway-dummy to lower version
When
I enable repository "test_repo_rpm_pool" on this "sle_minion"
00:00:00.965
And
I install old package "milkyway-dummy-1.0" on this "sle_minion"
00:00:01.627
And
I refresh the metadata for "sle_minion"
00:00:01.015
And
I follow the left menu "Admin > Task Schedules"
00:00:00.152
And
I follow "errata-cache-default"
00:00:01.234
And
I follow "errata-cache-bunch"
00:00:01.326
And
I click on "Single Run Schedule"
00:00:01.252
Then
I should see a "bunch was scheduled" text
00:00:00.269
And
I wait until the table contains "FINISHED" or "SKIPPED" followed by "FINISHED" in its first rows
00:00:01.223
@skip_if_github_validation
@sle_minion
@scope_cve_audit
Scenario: Schedule channel data refresh
When
I follow the left menu "Admin > Task Schedules"
00:00:00.072
And
I follow "cve-server-channels-default"
00:00:01.225
And
I follow "cve-server-channels-bunch"
00:00:01.251
And
I click on "Single Run Schedule"
00:00:01.395
Then
I should see a "bunch was scheduled" text
00:00:00.059
And
I wait until the table contains "FINISHED" or "SKIPPED" followed by "FINISHED" in its first rows
00:00:01.189
@skip_if_github_validation
@sle_minion
@scope_cve_audit
Scenario: Search for a known CVE number
When
I follow the left menu "Audit > CVE Audit"
00:00:00.061
And
I select "1999" from "cveIdentifierYear"
00:00:00.074
And
I enter "9999" as "cveIdentifierId"
00:00:00.071
And
I click on "Audit Servers"
00:00:00.064
Then
I should see "sle_minion" as link
00:00:00.821
And
I should see a "Affected, at least one patch available in an assigned channel" text
00:00:00.093
And
I should see a "Install a new patch on this system" link
00:00:00.011
And
I should see a "milkyway-dummy-2345" text
00:00:00.085
And
I should see a "Download CSV" link
00:00:00.014
And
I should see a "Status" button
00:00:00.021
And
I should see a "Name" button
00:00:00.022
And
I should see a "extra CVE data update" link
00:00:00.012
Then
I follow "Install a new patch on this system" on "sle_minion" row
00:00:20.093
And
I should see a "Relevant Patches" text
00:00:00.085
@skip_if_github_validation
@sle_minion
@scope_cve_audit
Scenario: Search for an unknown CVE number
When
I follow the left menu "Audit > CVE Audit"
00:00:00.118
And
I select "2012" from "cveIdentifierYear"
00:00:00.062
And
I enter "2806" as "cveIdentifierId"
00:00:00.060
And
I click on "Audit Servers"
00:00:00.056
Then
I should see a "The specified CVE number was not found" text
00:00:00.200
@skip_if_github_validation
@sle_minion
@scope_cve_audit
Scenario: Select a system for the System Set Manager
And
I click on the clear SSM button
00:00:00.060
And
I follow the left menu "Audit > CVE Audit"
00:00:00.068
And
I select "1999" from "cveIdentifierYear"
00:00:00.058
And
I enter "9999" as "cveIdentifierId"
00:00:00.055
And
I click on "Audit Servers"
00:00:00.056
Then
I should see a "Affected, at least one patch available in an assigned channel" text
00:00:00.070
When
I check the "sle_minion" client
00:00:00.918
Then
I should see a "system selected" text
00:00:00.357
When
I follow the left menu "Systems > System List > All"
00:00:00.212
Then
I should see "sle_minion" as link
00:00:00.455
And
I click on the clear SSM button
00:00:00.047
@skip_if_github_validation
@sle_minion
@scope_cve_audit
Scenario: List systems by patch status via API before patch
When
I follow the left menu "Admin > Task Schedules"
00:00:00.148
And
I follow "cve-server-channels-default"
00:00:01.380
And
I follow "cve-server-channels-bunch"
00:00:01.176
And
I click on "Single Run Schedule"
00:00:00.308
Then
I should see a "bunch was scheduled" text
00:00:00.068
And
I wait until the table contains "FINISHED" or "SKIPPED" followed by "FINISHED" in its first rows
00:00:01.346
When
I call audit.list_systems_by_patch_status() with CVE identifier "CVE-1999-9979"
00:00:01.725
+ Show Info
Result list: [{"errata_advisories"=>[], "system_id"=>1000010003, "channel_labels"=>[], "patch_status"=>"NOT_AFFECTED"}, {"errata_advisories"=>[], "system_id"=>1000010004, "channel_labels"=>[], "patch_status"=>"NOT_AFFECTED"}, {"errata_advisories"=>[], "system_id"=>1000010001, "channel_labels"=>[], "patch_status"=>"NOT_AFFECTED"}, {"errata_advisories"=>[], "system_id"=>1000010000, "channel_labels"=>[], "patch_status"=>"UNKNOWN"}, {"errata_advisories"=>[], "system_id"=>1000010002, "channel_labels"=>[], "patch_status"=>"UNKNOWN"}, {"errata_advisories"=>[], "system_id"=>1000010005, "channel_labels"=>[], "patch_status"=>"UNKNOWN"}]
Then
I should get status "NOT_AFFECTED" for "sle_minion"
00:00:00.963
When
I call audit.list_systems_by_patch_status() with CVE identifier "CVE-1999-9999"
00:00:01.628
+ Show Info
Result list: [{"errata_advisories"=>["milkyway-dummy-2345"], "system_id"=>1000010004, "channel_labels"=>["fake-rpm-suse-channel"], "patch_status"=>"AFFECTED_FULL_PATCH_APPLICABLE"}, {"errata_advisories"=>["milkyway-dummy-2345"], "system_id"=>1000010001, "channel_labels"=>["fake-base-channel-rh-like"], "patch_status"=>"AFFECTED_FULL_PATCH_APPLICABLE"}, {"errata_advisories"=>[], "system_id"=>1000010003, "channel_labels"=>[], "patch_status"=>"NOT_AFFECTED"}, {"errata_advisories"=>[], "system_id"=>1000010000, "channel_labels"=>[], "patch_status"=>"UNKNOWN"}, {"errata_advisories"=>[], "system_id"=>1000010002, "channel_labels"=>[], "patch_status"=>"UNKNOWN"}, {"errata_advisories"=>[], "system_id"=>1000010005, "channel_labels"=>[], "patch_status"=>"UNKNOWN"}]
Then
I should get status "AFFECTED_FULL_PATCH_APPLICABLE" for "sle_minion"
00:00:01.057
And
I should get the "fake-rpm-suse-channel" channel label
00:00:00.000
result: {"errata_advisories"=>["milkyway-dummy-2345"], "system_id"=>1000010004, "channel_labels"=>["fake-rpm-suse-channel"], "patch_status"=>"AFFECTED_FULL_PATCH_APPLICABLE"}
@skip_if_github_validation
@sle_minion
@scope_cve_audit
Scenario: Apply patches
Given
I am on the Systems overview page of this "sle_minion"
00:00:01.845
When
I follow "Software" in the content area
00:00:00.082
And
I follow "Patches" in the content area
00:00:00.089
And
I enter "milkyway" as the filtered synopsis
00:00:00.054
And
I click on the filter button
00:00:00.645
And
I check "milkyway-dummy-2345" in the list
00:00:00.065
And
I click on "Apply Patches"
00:00:00.724
And
I click on "Confirm"
00:00:01.032
Then
I should see a "patch update has been scheduled" text
00:00:00.086
And
I wait until event "Patch Update: milkyway-dummy-2345" is completed
00:00:38.911
@skip_if_github_validation
@sle_minion
@scope_cve_audit
Scenario: List systems by patch status via API after patch
And
I call audit.list_systems_by_patch_status() with CVE identifier "CVE-1999-9999"
00:00:01.503
+ Show Info
Result list: [{"errata_advisories"=>["milkyway-dummy-2345"], "system_id"=>1000010001, "channel_labels"=>["fake-base-channel-rh-like"], "patch_status"=>"AFFECTED_FULL_PATCH_APPLICABLE"}, {"errata_advisories"=>[], "system_id"=>1000010003, "channel_labels"=>[], "patch_status"=>"NOT_AFFECTED"}, {"errata_advisories"=>[], "system_id"=>1000010004, "channel_labels"=>[], "patch_status"=>"PATCHED"}, {"errata_advisories"=>[], "system_id"=>1000010000, "channel_labels"=>[], "patch_status"=>"UNKNOWN"}, {"errata_advisories"=>[], "system_id"=>1000010002, "channel_labels"=>[], "patch_status"=>"UNKNOWN"}, {"errata_advisories"=>[], "system_id"=>1000010005, "channel_labels"=>[], "patch_status"=>"UNKNOWN"}]
Then
I should get status "PATCHED" for "sle_minion"
00:00:00.965
@skip_if_github_validation
@sle_minion
@scope_cve_audit
Scenario: Cleanup: remove installed packages
When
I disable repository "test_repo_rpm_pool" on this "sle_minion" without error control
00:00:00.763
And
I remove package "milkyway-dummy" from this "sle_minion" without error control
00:00:01.665