@skip_if_github_validation
@scope_openscap
@Uyuni
@susemanager
@uyuni
Feature: 0133 - OpenSCAP audit of Salt minion
Description: In order to audit a Salt minion
As an authorized user
I want to run an OpenSCAP scan on it
File name: min_salt_openscap_audit.feature
Relative path: secondary/min_salt_openscap_audit.feature
@skip_if_github_validation
@scope_openscap
Scenario: Install the OpenSCAP packages on the SLE minion
When
I refresh the metadata for "sle_minion"
00:00:00.871
FAIL: zypper --non-interactive install -y openscap-utils openscap-content scap-security-guide returned status code = 104. Output: Loading repository data... Reading installed packages... 'openscap-content' not found in package names. Trying capabilities. 'openscap-utils' not found in package names. Trying capabilities. 'scap-security-guide' not found in package names. Trying capabilities. (ScriptError) ./features/support/remote_node.rb:172:in `run_local' ./features/support/remote_node.rb:120:in `run' ./features/step_definitions/command_steps.rb:1013:in `/^I install packages? "([^"]*)" on this "([^"]*)"((?: without error control)?)$/' ./features/step_definitions/command_steps.rb:991:in `/^I (install|remove) OpenSCAP dependencies (on|from) "([^"]*)"$/' features/secondary/min_salt_openscap_audit.feature:25:in `I install OpenSCAP dependencies on "sle_minion"'
And
I follow "Software" in the content area
0s
And
I click on "Update Package List"
0s
And
I wait until event "Package List Refresh" is completed
0s
@skip_if_github_validation
@scope_openscap
@susemanager
Scenario: Schedule an OpenSCAP audit job on the SLE minion
When
I follow "Audit" in the content area
0s
And
I follow "OpenSCAP" in the content area
0s
And
I follow "Schedule" in the content area
0s
And
I wait at most 30 seconds until I do not see "This system does not yet have OpenSCAP scan capability." text, refreshing the page
0s
And
I enter "--profile standard" as "params"
0s
And
I enter "/usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml" as "path"
0s
And
I click on "Schedule"
0s
Then
I should see a "XCCDF scan has been scheduled" text
0s
And
I wait at most 500 seconds until event "OpenSCAP xccdf scanning" is completed
0s
@skip_if_github_validation
@scope_openscap
@uyuni
Scenario: Schedule an OpenSCAP audit job on the SLE minion
When
I follow "Audit" in the content area
00:00:00.073
And
I follow "OpenSCAP" in the content area
00:00:00.073
And
I follow "Schedule" in the content area
00:00:00.071
And
I wait at most 30 seconds until I do not see "This system does not yet have OpenSCAP scan capability." text, refreshing the page
00:00:33.066
+ Show Error
execution expired (Timeout::Error) ./features/support/commonlib.rb:89:in `repeat_until_timeout' ./features/step_definitions/navigation_steps.rb:80:in `/^I wait at most (\d+) seconds until I do not see "([^"]*)" text, refreshing the page$/' features/secondary/min_salt_openscap_audit.feature:47:in `I wait at most 30 seconds until I do not see "This system does not yet have OpenSCAP scan capability." text, refreshing the page'
And
I enter "--profile standard" as "params"
0s
And
I enter "/usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml" as "path"
0s
And
I click on "Schedule"
0s
Then
I should see a "XCCDF scan has been scheduled" text
0s
And
I wait at most 500 seconds until event "OpenSCAP xccdf scanning" is completed
0s
@skip_if_github_validation
@scope_openscap
@susemanager
Scenario: Check results of the audit job on the minion
When
I follow "Audit" in the content area
0s
And
I follow "OpenSCAP" in the content area
0s
And
I follow "xccdf_org.open-scap_testresult"
0s
Then
I should see a "Details of XCCDF Scan" text
0s
And
I should see a "profile standard" text
0s
And
I should see a "XCCDF Rule Results" text
0s
When
I enter "pass" as the filtered XCCDF result type
0s
And
I click on the filter button
0s
Then
I should see a "xccdf_org.ssgproject.content_rule_service_httpd_disabled" link
0s
@skip_if_github_validation
@scope_openscap
@uyuni
Scenario: Check results of the audit job on the minion
When
I follow "Audit" in the content area
00:00:00.091
And
I follow "OpenSCAP" in the content area
00:00:00.089
Unable to find link "xccdf_org.open-scap_testresult" (Capybara::ElementNotFound) ./features/support/commonlib.rb:190:in `click_link_and_wait' ./features/step_definitions/navigation_steps.rb:366:in `/^I follow "([^"]*)"$/' features/secondary/min_salt_openscap_audit.feature:70:in `I follow "xccdf_org.open-scap_testresult"'
Then
I should see a "Details of XCCDF Scan" text
0s
And
I should see a "profile standard" text
0s
And
I should see a "XCCDF Rule Results" text
0s
When
I enter "pass" as the filtered XCCDF result type
0s
And
I click on the filter button
0s
Then
I should see a "xccdf_org.ssgproject.content_rule_file_permissions_etc_passwd" link
0s
@skip_if_github_validation
@scope_openscap
@susemanager
Scenario: Create a second, almost identical, audit job
When
I follow "Audit" in the content area
0s
And
I follow "OpenSCAP" in the content area
0s
And
I follow "Schedule" in the content area
0s
And
I wait at most 30 seconds until I do not see "This system does not yet have OpenSCAP scan capability." text, refreshing the page
0s
And
I enter "--profile standard" as "params"
0s
And
I enter "/usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml" as "path"
0s
And
I click on "Schedule"
0s
Then
I should see a "XCCDF scan has been scheduled" text
0s
When
I wait for the OpenSCAP audit to finish
0s
@skip_if_github_validation
@scope_openscap
@uyuni
Scenario: Create a second, almost identical, audit job
When
I follow "Audit" in the content area
00:00:00.093
And
I follow "OpenSCAP" in the content area
00:00:00.075
And
I follow "Schedule" in the content area
00:00:00.076
And
I wait at most 30 seconds until I do not see "This system does not yet have OpenSCAP scan capability." text, refreshing the page
00:00:33.019
+ Show Error
execution expired (Timeout::Error) ./features/support/commonlib.rb:89:in `repeat_until_timeout' ./features/step_definitions/navigation_steps.rb:80:in `/^I wait at most (\d+) seconds until I do not see "([^"]*)" text, refreshing the page$/' features/secondary/min_salt_openscap_audit.feature:95:in `I wait at most 30 seconds until I do not see "This system does not yet have OpenSCAP scan capability." text, refreshing the page'
And
I enter "--profile standard" as "params"
0s
And
I enter "/usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml" as "path"
0s
And
I click on "Schedule"
0s
Then
I should see a "XCCDF scan has been scheduled" text
0s
When
I wait for the OpenSCAP audit to finish
0s
@skip_if_github_validation
@scope_openscap
Scenario: Compare audit results
When
I follow "Audit" in the content area
00:00:00.121
And
I follow "OpenSCAP" in the content area
00:00:00.083
And
I follow "List Scans" in the content area
00:00:00.073
Unable to find button "Select All" that is not disabled (Capybara::ElementNotFound) ./features/support/commonlib.rb:176:in `click_button_and_wait' ./features/step_definitions/navigation_steps.rb:315:in `/^I click on "([^"]*)"$/' features/secondary/min_salt_openscap_audit.feature:106:in `I click on "Select All"'
And
I click on "Compare"
0s
Then
I should see a "XCCDF Rule Results" text
0s
And
I should see a "None" text
0s
@skip_if_github_validation
@scope_openscap
Scenario: Cleanup: remove audit scans retention period
When
I follow the left menu "Admin > Organizations"
00:00:00.159
When
I follow "SUSE Test" in the content area
00:00:00.080
And
I follow "Configuration" in the content area
00:00:00.076
And
I enter "0" as "scap_retention_period"
00:00:00.061
And
I click on "Update Organization"
00:00:00.078
Then
I should see a "Organization SUSE Test was successfully updated." text
00:00:00.074
@skip_if_github_validation
@scope_openscap
Scenario: Cleanup: delete audit results
Given
I am on the Systems overview page of this "sle_minion"
00:00:01.590
When
I follow "Audit" in the content area
00:00:00.070
And
I follow "OpenSCAP" in the content area
00:00:00.078
And
I follow "List Scans" in the content area
00:00:00.068
Unable to find button "Select All" that is not disabled (Capybara::ElementNotFound) ./features/support/commonlib.rb:176:in `click_button_and_wait' ./features/step_definitions/navigation_steps.rb:315:in `/^I click on "([^"]*)"$/' features/secondary/min_salt_openscap_audit.feature:124:in `I click on "Select All"'
And
I click on "Remove"
0s
And
I click on "Confirm"
0s
Then
I should see a "2 SCAP Scan(s) deleted. 0 SCAP Scan(s) retained" text
0s
@skip_if_github_validation
@scope_openscap
Scenario: Cleanup: restore audit scans retention period
When
I follow the left menu "Admin > Organizations"
00:00:00.122
When
I follow "SUSE Test" in the content area
00:00:00.070
And
I follow "Configuration" in the content area
00:00:00.061
And
I enter "90" as "scap_retention_period"
00:00:00.047
And
I click on "Update Organization"
00:00:00.438
Then
I should see a "Organization SUSE Test was successfully updated." text
00:00:00.070