Add test for fapolicyd installation

SatelliteQE · Dec 22, 2023 · 558424f · 558424f
1 parent d0c8193
commit 558424f
Show file tree

Hide file tree

Showing 3 changed files with 93 additions and 38 deletions.
diff --git a/pytest_fixtures/core/sat_cap_factory.py b/pytest_fixtures/core/sat_cap_factory.py
@@ -277,7 +277,7 @@ def module_sat_ready_rhels(request):
 
 @pytest.fixture
 def cap_ready_rhel():
-    rhel_version = Version(settings.capsule.version.release)
+    rhel_version = Version(settings.capsule.version.rhel_version)
     deploy_args = {
         'deploy_rhel_version': rhel_version.base_version,
         'deploy_flavor': settings.flavors.default,

diff --git a/robottelo/hosts.py b/robottelo/hosts.py
@@ -108,7 +108,9 @@ def get_sat_rhel_version():
     return Version(rhel_version)
 
 
-def setup_capsule(satellite, capsule, org, registration_args=None, installation_args=None):
+def setup_capsule(
+    satellite, capsule, org, registration_args=None, installation_args=None, enable_fapolicyd=False
+):
     """Given satellite and capsule instances, run the commands needed to set up the capsule
 
     Note: This does not perform content setup actions on the Satellite
@@ -125,7 +127,7 @@ def setup_capsule(satellite, capsule, org, registration_args=None, installation_
     capsule.unregister()
 
     # Add a manifest to the Satellite
-    with Manifester(manifest_category=settings.manifest.golden_ticket) as manifest:
+    with Manifester(manifest_category=settings.manifest.entitlement) as manifest:
         satellite.upload_manifest(org.id, manifest.content)
 
     # Enable RHEL 8 BaseOS and AppStream repos and sync
@@ -152,6 +154,9 @@ def setup_capsule(satellite, capsule, org, registration_args=None, installation_
     )
     capsule.install_katello_ca(satellite)
     capsule.register_contenthost(**registration_args)
+    if enable_fapolicyd:
+        capsule.execute('dnf -y install fapolicyd && systemctl enable --now fapolicyd').status == 0
+        capsule.execute('rpm -q foreman-proxy-fapolicyd').status == 0
     return capsule.install(cmd_args)
 
 

diff --git a/tests/foreman/installer/test_installer.py b/tests/foreman/installer/test_installer.py
@@ -1343,19 +1343,29 @@ def common_sat_install_assertions(satellite):
     result = satellite.execute(r'grep -iR "error" /var/log/candlepin/*')
     assert len(result.stdout) == 0
 
+    httpd_log = satellite.execute('journalctl --unit=httpd')
+    assert "WARNING" not in httpd_log.stdout
+
     result = satellite.cli.Health.check()
     assert 'FAIL' not in result.stdout
 
 
-def install_satellite(satellite, installer_args):
+def install_satellite(satellite, installer_args, enable_fapolicyd=False):
     # Register for RHEL8 repos, get Ohsnap repofile, and enable and download satellite
     satellite.register_to_cdn()
     satellite.download_repofile(
         product='satellite',
         release=settings.server.version.release,
         snap=settings.server.version.snap,
     )
+    if enable_fapolicyd:
+        satellite.execute(
+            'dnf -y install fapolicyd && systemctl enable --now fapolicyd'
+        ).status == 0
     satellite.execute('dnf -y module enable satellite:el8 && dnf -y install satellite')
+    if enable_fapolicyd:
+        assert satellite.execute('rpm -q foreman-fapolicyd').status == 0
+        assert satellite.execute('rpm -q foreman-proxy-fapolicyd').status == 0
     # Configure Satellite firewall to open communication
     satellite.execute(
         'firewall-cmd --permanent --add-service RH-Satellite-6 && firewall-cmd --reload'
@@ -1368,36 +1378,48 @@ def install_satellite(satellite, installer_args):
 
 
 @pytest.fixture(scope='module')
-def sat_default_install(module_sat_ready_rhels):
+def sat_default_install(request, module_sat_ready_rhels):
     """Install Satellite with default options"""
+    enable_fapolicyd = False
+    if hasattr(request, 'param'):
+        enable_fapolicyd = request.param
     installer_args = [
         'scenario satellite',
         f'foreman-initial-admin-password {settings.server.admin_password}',
     ]
-    install_satellite(module_sat_ready_rhels[0], installer_args)
-    yield module_sat_ready_rhels[0]
+    install_satellite(module_sat_ready_rhels[0], installer_args, enable_fapolicyd=enable_fapolicyd)
+    yield {'sat': module_sat_ready_rhels[0], 'enable_fapolicyd': enable_fapolicyd}
     common_sat_install_assertions(module_sat_ready_rhels[0])
 
 
 @pytest.fixture(scope='module')
-def sat_non_default_install(module_sat_ready_rhels):
+def sat_non_default_install(request, module_sat_ready_rhels):
     """Install Satellite with various options"""
+    enable_fapolicyd = False
+    if hasattr(request, 'param'):
+        enable_fapolicyd = request.param
     installer_args = [
         'scenario satellite',
         f'foreman-initial-admin-password {settings.server.admin_password}',
         'foreman-rails-cache-store type:file',
         'foreman-proxy-content-pulpcore-hide-guarded-distributions false',
     ]
-    install_satellite(module_sat_ready_rhels[1], installer_args)
-    yield module_sat_ready_rhels[1]
+    install_satellite(module_sat_ready_rhels[1], installer_args, enable_fapolicyd=enable_fapolicyd)
+    yield {'sat': module_sat_ready_rhels[1], 'enable_fapolicyd': enable_fapolicyd}
     common_sat_install_assertions(module_sat_ready_rhels[1])
 
 
 @pytest.mark.e2e
 @pytest.mark.tier1
 @pytest.mark.pit_client
-def test_capsule_installation(sat_default_install, cap_ready_rhel, default_org):
-    """Run a basic Capsule installation
+@pytest.mark.parametrize(
+    'sat_non_default_install',
+    [True, False],
+    indirect=True,
+    ids=['fapolicyd_enabled', 'fapolicyd_disabled'],
+)
+def test_capsule_installation(sat_non_default_install, cap_ready_rhel, default_org):
+    """Run a basic Capsule installation w/ and w/o fapolicyd
 
     :id: 64fa85b6-96e6-4fea-bea4-a30539d59e65
 
@@ -1425,13 +1447,22 @@ def test_capsule_installation(sat_default_install, cap_ready_rhel, default_org):
         'dnf -y module enable satellite-capsule:el8 && dnf -y install satellite-capsule'
     )
     # Setup Capsule
-    org = sat_default_install.api.Organization().search(query={'search': f'name="{DEFAULT_ORG}"'})[
-        0
-    ]
-    setup_capsule(sat_default_install, cap_ready_rhel, org)
-    assert sat_default_install.api.Capsule().search(
-        query={'search': f'name={cap_ready_rhel.hostname}'}
-    )[0]
+    org = (
+        sat_non_default_install['sat']
+        .api.Organization()
+        .search(query={'search': f'name="{DEFAULT_ORG}"'})[0]
+    )
+    setup_capsule(
+        sat_non_default_install['sat'],
+        cap_ready_rhel,
+        org,
+        enable_fapolicyd=sat_non_default_install['enable_fapolicyd'],
+    )
+    assert (
+        sat_non_default_install['sat']
+        .api.Capsule()
+        .search(query={'search': f'name={cap_ready_rhel.hostname}'})[0]
+    )
 
     # no errors/failures in journald
     result = cap_ready_rhel.execute(
@@ -1455,14 +1486,23 @@ def test_capsule_installation(sat_default_install, cap_ready_rhel, default_org):
     result = cap_ready_rhel.execute(r'grep -iR "error" /var/log/foreman-proxy/*')
     assert len(result.stdout) == 0
 
+    httpd_log = cap_ready_rhel.execute('journalctl --unit=httpd')
+    assert "WARNING" not in httpd_log.stdout
+
     result = cap_ready_rhel.cli.Health.check()
     assert 'FAIL' not in result.stdout
 
 
 @pytest.mark.e2e
 @pytest.mark.tier1
+@pytest.mark.parametrize(
+    'sat_non_default_install',
+    [True, False],
+    indirect=True,
+    ids=['fapolicyd_enabled', 'fapolicyd_disabled'],
+)
 def test_foreman_rails_cache_store(sat_non_default_install):
-    """Test foreman-rails-cache-store option
+    """Test foreman-rails-cache-store option. Also tests installation w/ and w/o fapolicyd.
 
     :id: 379a2fe8-1085-4a7f-8ac3-24c421412f12
 
@@ -1475,11 +1515,11 @@ def test_foreman_rails_cache_store(sat_non_default_install):
 
     :customerscenario: true
 
-    :BZ: 2063717, 2165092
+    :BZ: 2063717, 2165092, 2244370
     """
     # Verify foreman-rails-cache-store option works
-    assert sat_non_default_install.execute('rpm -q foreman-redis').status == 1
-    settings_file = sat_non_default_install.load_remote_yaml_file(FOREMAN_SETTINGS_YML)
+    assert sat_non_default_install['sat'].execute('rpm -q foreman-redis').status == 1
+    settings_file = sat_non_default_install['sat'].load_remote_yaml_file(FOREMAN_SETTINGS_YML)
     assert settings_file.rails_cache_store.type == 'file'
 
 
@@ -1508,18 +1548,24 @@ def test_content_guarded_distributions_option(
     :BZ: 2063717, 2088559
     """
     # Verify that no content is listed on https://sat-fqdn/pulp/content/.
-    result = requests.get(f'https://{sat_default_install.hostname}/pulp/content/', verify=False)
+    result = requests.get(
+        f'https://{sat_non_default_install["sat"].hostname}/pulp/content/', verify=False
+    )
     assert 'Default_Organization' not in result.text
     # Verify that content is not downloadable when content guard setting is disabled.
-    org = sat_non_default_install.api.Organization().create()
-    sat_non_default_install.upload_manifest(org.id, module_sca_manifest.content)
+    org = sat_non_default_install['sat'].api.Organization().create()
+    sat_non_default_install['sat'].upload_manifest(org.id, module_sca_manifest.content)
     # sync ansible repo
-    product = sat_non_default_install.api.Product(name=PRDS['rhae'], organization=org.id).search()[
-        0
-    ]
-    r_set = sat_non_default_install.api.RepositorySet(
-        name=REPOSET['rhae2.9_el8'], product=product
-    ).search()[0]
+    product = (
+        sat_non_default_install['sat']
+        .api.Product(name=PRDS['rhae'], organization=org.id)
+        .search()[0]
+    )
+    r_set = (
+        sat_non_default_install['sat']
+        .api.RepositorySet(name=REPOSET['rhae2.9_el8'], product=product)
+        .search()[0]
+    )
     r_set.enable(
         data={
             'basearch': 'x86_64',
@@ -1529,16 +1575,20 @@ def test_content_guarded_distributions_option(
             'releasever': '8',
         }
     )
-    rh_repo = sat_non_default_install.api.Repository(name=REPOS['rhae2.9_el8']['name']).search(
-        query={'organization_id': org.id}
-    )[0]
+    rh_repo = (
+        sat_non_default_install['sat']
+        .api.Repository(name=REPOS['rhae2.9_el8']['name'])
+        .search(query={'organization_id': org.id})[0]
+    )
     rh_repo.sync()
     assert (
         "403: [('PEM routines', 'get_name', 'no start line')]"
-        in sat_non_default_install.execute(
-            f'curl https://{sat_non_default_install.hostname}/pulp/content/{org.label}'
+        in sat_non_default_install['sat']
+        .execute(
+            f'curl https://{sat_non_default_install["sat"].hostname}/pulp/content/{org.label}'
             f'/Library/content/dist/layered/rhel8/x86_64/ansible/2.9/os/'
-        ).stdout
+        )
+        .stdout
     )