@skip_if_github_validation
@scope_openscap
@scope_res
@rhlike_minion
Feature: 0043 - OpenSCAP audit of Red Hat-like Salt minion
Description: In order to audit a Red Hat-like Salt minion
As an authorized user
I want to run an OpenSCAP scan on it
File name: min_rhlike_openscap_audit.feature
Relative path: secondary/min_rhlike_openscap_audit.feature
@skip_if_github_validation
@scope_openscap
@scope_res
@rhlike_minion
Scenario: Enable repositories for openSCAP on the Red Hat-like minion
When
I enable the repositories "Rocky-BaseOS Rocky-AppStream" on this "rhlike_minion"
00:00:00.568
+ Show Error
+ Screenshot
FAIL: sed -i 's/enabled=.*/enabled=1/g' /etc/yum.repos.d/Rocky-BaseOS.repo && sed -i 's/enabled=.*/enabled=1/g' /etc/yum.repos.d/Rocky-AppStream.repo returned status code = 2. Output: (ScriptError) ./features/support/remote_node.rb:172:in `run_local' ./features/support/remote_node.rb:120:in `run' ./features/step_definitions/command_steps.rb:945:in `/^I (enable|disable) (the repositories|repository) "([^"]*)" on this "([^"]*)"((?: without error control)?)$/' features/secondary/min_rhlike_openscap_audit.feature:17:in `I enable the repositories "Rocky-BaseOS Rocky-AppStream" on this "rhlike_minion"'
And
I refresh the metadata for "rhlike_minion"
0s
@skip_if_github_validation
@scope_openscap
@scope_res
@rhlike_minion
Scenario: Install the OpenSCAP packages on the Red Hat-like minion
Given
I am on the Systems overview page of this "rhlike_minion"
00:00:01.525
FAIL: yum -y install openscap-utils scap-security-guide-redhat returned status code = 1. Output: Last metadata expiration check: 0:37:22 ago on Sun 07 Jun 2026 07:59:51 PM CEST. No match for argument: openscap-utils (ScriptError) ./features/support/remote_node.rb:172:in `run_local' ./features/support/remote_node.rb:120:in `run' ./features/step_definitions/command_steps.rb:1013:in `/^I install packages? "([^"]*)" on this "([^"]*)"((?: without error control)?)$/' ./features/step_definitions/command_steps.rb:991:in `/^I (install|remove) OpenSCAP dependencies (on|from) "([^"]*)"$/' features/secondary/min_rhlike_openscap_audit.feature:22:in `I install OpenSCAP dependencies on "rhlike_minion"'
And
I follow "Software" in the content area
0s
And
I click on "Update Package List"
0s
And
I wait until event "Package List Refresh" is completed
0s
@skip_if_github_validation
@scope_openscap
@scope_res
@rhlike_minion
Scenario: Schedule an OpenSCAP audit job on the Red Hat-like minion
Given
I am on the Systems overview page of this "rhlike_minion"
00:00:01.626
When
I follow "Audit" in the content area
00:00:00.076
And
I follow "OpenSCAP" in the content area
00:00:00.064
And
I follow "Schedule" in the content area
00:00:00.064
And
I wait at most 30 seconds until I do not see "This system does not yet have OpenSCAP scan capability." text, refreshing the page
00:00:33.000
+ Show Error
execution expired (Timeout::Error) ./features/support/commonlib.rb:89:in `repeat_until_timeout' ./features/step_definitions/navigation_steps.rb:80:in `/^I wait at most (\d+) seconds until I do not see "([^"]*)" text, refreshing the page$/' features/secondary/min_rhlike_openscap_audit.feature:32:in `I wait at most 30 seconds until I do not see "This system does not yet have OpenSCAP scan capability." text, refreshing the page'
And
I enter "--profile xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary" as "params"
0s
And
I enter "/usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml" as "path"
0s
And
I click on "Schedule"
0s
Then
I should see a "XCCDF scan has been scheduled" text
0s
And
I wait at most 500 seconds until event "OpenSCAP xccdf scanning" is completed
0s
@skip_if_github_validation
@scope_openscap
@scope_res
@rhlike_minion
Scenario: Check the results of the OpenSCAP scan on the Red Hat-like minion
Given
I am on the Systems overview page of this "rhlike_minion"
00:00:01.639
When
I follow "Audit" in the content area
00:00:00.077
And
I follow "OpenSCAP" in the content area
00:00:00.064
Unable to find link "xccdf_org.open-scap_testresult" (Capybara::ElementNotFound) ./features/support/commonlib.rb:190:in `click_link_and_wait' ./features/step_definitions/navigation_steps.rb:366:in `/^I follow "([^"]*)"$/' features/secondary/min_rhlike_openscap_audit.feature:43:in `I follow "xccdf_org.open-scap_testresult"'
Then
I should see a "Details of XCCDF Scan" text
0s
And
I should see a "RHEL-8" text
0s
And
I should see a "XCCDF Rule Results" text
0s
@skip_if_github_validation
@scope_openscap
@scope_res
@rhlike_minion
Scenario: Cleanup: remove audit scans retention period from Red Hat-like minion
When
I follow the left menu "Admin > Organizations"
00:00:00.138
When
I follow "SUSE Test" in the content area
00:00:00.077
And
I follow "Configuration" in the content area
00:00:00.063
And
I enter "0" as "scap_retention_period"
00:00:00.047
And
I click on "Update Organization"
00:00:00.402
Then
I should see a "Organization SUSE Test was successfully updated." text
00:00:00.067
@skip_if_github_validation
@scope_openscap
@scope_res
@rhlike_minion
Scenario: Cleanup: delete audit results from Red Hat-like minion
Given
I am on the Systems overview page of this "rhlike_minion"
00:00:01.614
When
I follow "Audit" in the content area
00:00:00.066
And
I follow "OpenSCAP" in the content area
00:00:00.068
And
I follow "List Scans" in the content area
00:00:00.064
Unable to find button "Select All" that is not disabled (Capybara::ElementNotFound) ./features/support/commonlib.rb:176:in `click_button_and_wait' ./features/step_definitions/navigation_steps.rb:315:in `/^I click on "([^"]*)"$/' features/secondary/min_rhlike_openscap_audit.feature:66:in `I click on "Select All"'
And
I click on "Remove"
0s
And
I click on "Confirm"
0s
Then
I should see a " SCAP Scan(s) deleted. 0 SCAP Scan(s) retained" text
0s
@skip_if_github_validation
@scope_openscap
@scope_res
@rhlike_minion
Scenario: Cleanup: restore audit scans retention period on Red Hat-like minion
When
I follow the left menu "Admin > Organizations"
00:00:00.136
When
I follow "SUSE Test" in the content area
00:00:00.076
And
I follow "Configuration" in the content area
00:00:00.064
And
I enter "90" as "scap_retention_period"
00:00:00.047
And
I click on "Update Organization"
00:00:00.058
Then
I should see a "Organization SUSE Test was successfully updated." text
00:00:00.069
@skip_if_github_validation
@scope_openscap
@scope_res
@rhlike_minion
Scenario: Cleanup: remove the OpenSCAP packages from the Red Hat-like minion
When
I remove OpenSCAP dependencies from "rhlike_minion"
00:00:00.914
And
I disable repository "Rocky-BaseOS" on this "rhlike_minion"
00:00:00.205
+ Show Error
+ Screenshot
FAIL: sed -i 's/enabled=.*/enabled=0/g' /etc/yum.repos.d/Rocky-BaseOS.repo returned status code = 2. Output: (ScriptError) ./features/support/remote_node.rb:172:in `run_local' ./features/support/remote_node.rb:120:in `run' ./features/step_definitions/command_steps.rb:945:in `/^I (enable|disable) (the repositories|repository) "([^"]*)" on this "([^"]*)"((?: without error control)?)$/' features/secondary/min_rhlike_openscap_audit.feature:81:in `I disable repository "Rocky-BaseOS" on this "rhlike_minion"'
@skip_if_github_validation
@scope_openscap
@scope_res
@rhlike_minion
Scenario: Cleanup: restore the base channel for the Red Hat-like minion
Given
I am on the Systems overview page of this "rhlike_minion"
00:00:01.484
When
I follow "Software" in the content area
00:00:00.068
And
I follow "Software Channels" in the content area
00:00:00.088
And
I wait until I do not see "Loading..." text
00:00:00.070
Warning: Radio button 'Fake-Base-Channel-RH-like' is already checked
And
I wait until I do not see "Loading..." text
00:00:00.406
And
I click on "Next"
00:00:00.060
Then
I should see a "Confirm Software Channel Change" text
00:00:00.058
When
I click on "Confirm"
00:00:00.057
Then
I should see a "Changing the channels has been scheduled." text
00:00:00.376
And
I wait until event "Subscribe channels scheduled" is completed
00:00:18.773