mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-25 21:44:00 -07:00 
			
		
		
		
	Define netapp_e_auditlog storage module. (#42535)
This module allows NetApp E-Series storage system's audit-log feature to be configured.
This commit is contained in:
		
					parent
					
						
							
								7eda94dc8d
							
						
					
				
			
			
				commit
				
					
						cf41415bdf
					
				
			
		
					 2 changed files with 515 additions and 0 deletions
				
			
		
							
								
								
									
										281
									
								
								lib/ansible/modules/storage/netapp/netapp_e_auditlog.py
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										281
									
								
								lib/ansible/modules/storage/netapp/netapp_e_auditlog.py
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,281 @@ | ||||||
|  | #!/usr/bin/python | ||||||
|  | 
 | ||||||
|  | # (c) 2018, NetApp, Inc | ||||||
|  | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||||||
|  | 
 | ||||||
|  | from __future__ import absolute_import, division, print_function | ||||||
|  | 
 | ||||||
|  | __metaclass__ = type | ||||||
|  | 
 | ||||||
|  | ANSIBLE_METADATA = {'metadata_version': '1.1', | ||||||
|  |                     'status': ['preview'], | ||||||
|  |                     'supported_by': 'community'} | ||||||
|  | 
 | ||||||
|  | DOCUMENTATION = """ | ||||||
|  | --- | ||||||
|  | module: netapp_e_auditlog | ||||||
|  | short_description: NetApp E-Series manage audit-log configuration | ||||||
|  | description: | ||||||
|  |     - This module allows an e-series storage system owner to set audit-log configuration parameters. | ||||||
|  | version_added: '2.7' | ||||||
|  | author: Nathan Swartz (@ndswartz) | ||||||
|  | extends_documentation_fragment: | ||||||
|  |     - netapp.eseries | ||||||
|  | options: | ||||||
|  |     max_records: | ||||||
|  |         description: | ||||||
|  |             - The maximum number log messages audit-log will retain. | ||||||
|  |             - Max records must be between and including 100 and 50000. | ||||||
|  |         default: 50000 | ||||||
|  |     log_level: | ||||||
|  |         description: Filters the log messages according to the specified log level selection. | ||||||
|  |         choices: | ||||||
|  |             - all | ||||||
|  |             - writeOnly | ||||||
|  |         default: writeOnly | ||||||
|  |     full_policy: | ||||||
|  |         description: Specifies what audit-log should do once the number of entries approach the record limit. | ||||||
|  |         choices: | ||||||
|  |             - overWrite | ||||||
|  |             - preventSystemAccess | ||||||
|  |         default: overWrite | ||||||
|  |     threshold: | ||||||
|  |         description: | ||||||
|  |             - This is the memory full percent threshold that audit-log will start issuing warning messages. | ||||||
|  |             - Percent range must be between and including 60 and 90. | ||||||
|  |         default: 90 | ||||||
|  |     force: | ||||||
|  |         description: | ||||||
|  |             - Forces the audit-log configuration to delete log history when log messages fullness cause immediate | ||||||
|  |               warning or full condition. | ||||||
|  |             - Warning! This will cause any existing audit-log messages to be deleted. | ||||||
|  |             - This is only applicable for I(full_policy=preventSystemAccess). | ||||||
|  |         type: bool | ||||||
|  |         default: no | ||||||
|  |     log_path: | ||||||
|  |         description: A local path to a file to be used for debug logging. | ||||||
|  |         required: no | ||||||
|  | notes: | ||||||
|  |     - Check mode is supported. | ||||||
|  |     - This module is currently only supported with the Embedded Web Services API v3.0 and higher. | ||||||
|  | """ | ||||||
|  | 
 | ||||||
|  | EXAMPLES = """ | ||||||
|  | - name: Define audit-log to prevent system access if records exceed 50000 with warnings occurring at 60% capacity. | ||||||
|  |   netapp_e_auditlog: | ||||||
|  |      api_url: "https://{{ netapp_e_api_host }}/devmgr/v2" | ||||||
|  |      api_username: "{{ netapp_e_api_username }}" | ||||||
|  |      api_password: "{{ netapp_e_api_password }}" | ||||||
|  |      ssid: "{{ netapp_e_ssid }}" | ||||||
|  |      validate_certs: no | ||||||
|  |      max_records: 50000 | ||||||
|  |      log_level: all | ||||||
|  |      full_policy: preventSystemAccess | ||||||
|  |      threshold: 60 | ||||||
|  |      log_path: /path/to/log_file.log | ||||||
|  | - name: Define audit-log utilize the default values. | ||||||
|  |   netapp_e_auditlog: | ||||||
|  |      api_url: "https://{{ netapp_e_api_host }}/devmgr/v2" | ||||||
|  |      api_username: "{{ netapp_e_api_username }}" | ||||||
|  |      api_password: "{{ netapp_e_api_password }}" | ||||||
|  |      ssid: "{{ netapp_e_ssid }}" | ||||||
|  | - name: Force audit-log configuration when full or warning conditions occur while enacting preventSystemAccess policy. | ||||||
|  |   netapp_e_auditlog: | ||||||
|  |      api_url: "https://{{ netapp_e_api_host }}/devmgr/v2" | ||||||
|  |      api_username: "{{ netapp_e_api_username }}" | ||||||
|  |      api_password: "{{ netapp_e_api_password }}" | ||||||
|  |      ssid: "{{ netapp_e_ssid }}" | ||||||
|  |      max_records: 5000 | ||||||
|  |      log_level: all | ||||||
|  |      full_policy: preventSystemAccess | ||||||
|  |      threshold: 60 | ||||||
|  |      force: yes | ||||||
|  | """ | ||||||
|  | 
 | ||||||
|  | RETURN = """ | ||||||
|  | msg: | ||||||
|  |     description: Success message | ||||||
|  |     returned: on success | ||||||
|  |     type: string | ||||||
|  |     sample: The settings have been updated. | ||||||
|  | """ | ||||||
|  | 
 | ||||||
|  | import json | ||||||
|  | import logging | ||||||
|  | from pprint import pformat | ||||||
|  | 
 | ||||||
|  | from ansible.module_utils.basic import AnsibleModule | ||||||
|  | from ansible.module_utils.netapp import request, eseries_host_argument_spec | ||||||
|  | from ansible.module_utils._text import to_native | ||||||
|  | 
 | ||||||
|  | try: | ||||||
|  |     from urlparse import urlparse, urlunparse | ||||||
|  | except: | ||||||
|  |     from urllib.parse import urlparse, urlunparse | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class AuditLog(object): | ||||||
|  |     """Audit-log module configuration class.""" | ||||||
|  |     MAX_RECORDS = 50000 | ||||||
|  |     HEADERS = {"Content-Type": "application/json", | ||||||
|  |                "Accept": "application/json"} | ||||||
|  | 
 | ||||||
|  |     def __init__(self): | ||||||
|  |         argument_spec = eseries_host_argument_spec() | ||||||
|  |         argument_spec.update(dict( | ||||||
|  |             max_records=dict(type="int", default=50000), | ||||||
|  |             log_level=dict(type="str", default="writeOnly", choices=["all", "writeOnly"]), | ||||||
|  |             full_policy=dict(type="str", default="overWrite", choices=["overWrite", "preventSystemAccess"]), | ||||||
|  |             threshold=dict(type="int", default=90), | ||||||
|  |             force=dict(type="bool", default=False), | ||||||
|  |             log_path=dict(type='str', required=False))) | ||||||
|  | 
 | ||||||
|  |         self.module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) | ||||||
|  |         args = self.module.params | ||||||
|  | 
 | ||||||
|  |         self.max_records = args["max_records"] | ||||||
|  |         if self.max_records < 100 or self.max_records > self.MAX_RECORDS: | ||||||
|  |             self.module.fail_json(msg="Audit-log max_records count must be between 100 and 50000: [%s]" | ||||||
|  |                                       % self.max_records) | ||||||
|  |         self.threshold = args["threshold"] | ||||||
|  |         if self.threshold < 60 or self.threshold > 90: | ||||||
|  |             self.module.fail_json(msg="Audit-log percent threshold must be between 60 and 90: [%s]" % self.threshold) | ||||||
|  |         self.log_level = args["log_level"] | ||||||
|  |         self.full_policy = args["full_policy"] | ||||||
|  |         self.force = args["force"] | ||||||
|  |         self.ssid = args['ssid'] | ||||||
|  |         self.url = args['api_url'] | ||||||
|  |         if not self.url.endswith('/'): | ||||||
|  |             self.url += '/' | ||||||
|  |         self.creds = dict(url_password=args['api_password'], | ||||||
|  |                           validate_certs=args['validate_certs'], | ||||||
|  |                           url_username=args['api_username'], ) | ||||||
|  | 
 | ||||||
|  |         # logging setup | ||||||
|  |         log_path = args['log_path'] | ||||||
|  |         self._logger = logging.getLogger(self.__class__.__name__) | ||||||
|  | 
 | ||||||
|  |         if log_path: | ||||||
|  |             logging.basicConfig( | ||||||
|  |                 level=logging.DEBUG, filename=log_path, filemode='w', | ||||||
|  |                 format='%(relativeCreated)dms %(levelname)s %(module)s.%(funcName)s:%(lineno)d\n %(message)s') | ||||||
|  | 
 | ||||||
|  |         self.proxy_used = self.is_proxy() | ||||||
|  |         self._logger.info(self.proxy_used) | ||||||
|  |         self.check_mode = self.module.check_mode | ||||||
|  | 
 | ||||||
|  |     def is_proxy(self): | ||||||
|  |         """Determine whether the API is embedded or proxy.""" | ||||||
|  |         try: | ||||||
|  | 
 | ||||||
|  |             # replace http url path with devmgr/utils/about | ||||||
|  |             about_url = list(urlparse(self.url)) | ||||||
|  |             about_url[2] = "devmgr/utils/about" | ||||||
|  |             about_url = urlunparse(about_url) | ||||||
|  | 
 | ||||||
|  |             rc, data = request(about_url, timeout=300, headers=self.HEADERS, **self.creds) | ||||||
|  | 
 | ||||||
|  |             return data["runningAsProxy"] | ||||||
|  |         except Exception as err: | ||||||
|  |             self.module.fail_json(msg="Failed to retrieve the webservices about information! Array Id [%s]. Error [%s]." | ||||||
|  |                                       % (self.ssid, to_native(err))) | ||||||
|  | 
 | ||||||
|  |     def get_configuration(self): | ||||||
|  |         """Retrieve the existing audit-log configurations. | ||||||
|  | 
 | ||||||
|  |         :returns: dictionary containing current audit-log configuration | ||||||
|  |         """ | ||||||
|  |         try: | ||||||
|  |             if self.proxy_used: | ||||||
|  |                 rc, data = request(self.url + "audit-log/config", timeout=300, headers=self.HEADERS, **self.creds) | ||||||
|  |             else: | ||||||
|  |                 rc, data = request(self.url + "storage-systems/%s/audit-log/config" % self.ssid, | ||||||
|  |                                    timeout=300, headers=self.HEADERS, **self.creds) | ||||||
|  |             return data | ||||||
|  |         except Exception as err: | ||||||
|  |             self.module.fail_json(msg="Failed to retrieve the audit-log configuration! " | ||||||
|  |                                       "Array Id [%s]. Error [%s]." | ||||||
|  |                                       % (self.ssid, to_native(err))) | ||||||
|  | 
 | ||||||
|  |     def build_configuration(self): | ||||||
|  |         """Build audit-log expected configuration. | ||||||
|  | 
 | ||||||
|  |         :returns: Tuple containing update boolean value and dictionary of audit-log configuration | ||||||
|  |         """ | ||||||
|  |         config = self.get_configuration() | ||||||
|  | 
 | ||||||
|  |         current = dict(auditLogMaxRecords=config["auditLogMaxRecords"], | ||||||
|  |                        auditLogLevel=config["auditLogLevel"], | ||||||
|  |                        auditLogFullPolicy=config["auditLogFullPolicy"], | ||||||
|  |                        auditLogWarningThresholdPct=config["auditLogWarningThresholdPct"]) | ||||||
|  | 
 | ||||||
|  |         body = dict(auditLogMaxRecords=self.max_records, | ||||||
|  |                     auditLogLevel=self.log_level, | ||||||
|  |                     auditLogFullPolicy=self.full_policy, | ||||||
|  |                     auditLogWarningThresholdPct=self.threshold) | ||||||
|  | 
 | ||||||
|  |         update = current != body | ||||||
|  | 
 | ||||||
|  |         self._logger.info(pformat(update)) | ||||||
|  |         self._logger.info(pformat(body)) | ||||||
|  |         return update, body | ||||||
|  | 
 | ||||||
|  |     def delete_log_messages(self): | ||||||
|  |         """Delete all audit-log messages.""" | ||||||
|  |         self._logger.info("Deleting audit-log messages...") | ||||||
|  |         try: | ||||||
|  |             if self.proxy_used: | ||||||
|  |                 rc, result = request(self.url + "audit-log?clearAll=True", timeout=300, | ||||||
|  |                                      method="DELETE", headers=self.HEADERS, **self.creds) | ||||||
|  |             else: | ||||||
|  |                 rc, result = request(self.url + "storage-systems/%s/audit-log?clearAll=True" % self.ssid, timeout=300, | ||||||
|  |                                      method="DELETE", headers=self.HEADERS, **self.creds) | ||||||
|  |         except Exception as err: | ||||||
|  |             self.module.fail_json(msg="Failed to delete audit-log messages! Array Id [%s]. Error [%s]." | ||||||
|  |                                   % (self.ssid, to_native(err))) | ||||||
|  | 
 | ||||||
|  |     def update_configuration(self, update=None, body=None, attempt_recovery=True): | ||||||
|  |         """Update audit-log configuration.""" | ||||||
|  |         if update is None or body is None: | ||||||
|  |             update, body = self.build_configuration() | ||||||
|  | 
 | ||||||
|  |         if update and not self.check_mode: | ||||||
|  |             try: | ||||||
|  |                 if self.proxy_used: | ||||||
|  |                     rc, result = request(self.url + "storage-systems/audit-log/config", timeout=300, | ||||||
|  |                                          data=json.dumps(body), method='POST', headers=self.HEADERS, | ||||||
|  |                                          ignore_errors=True, **self.creds) | ||||||
|  |                 else: | ||||||
|  |                     rc, result = request(self.url + "storage-systems/%s/audit-log/config" % self.ssid, timeout=300, | ||||||
|  |                                          data=json.dumps(body), method='POST', headers=self.HEADERS, | ||||||
|  |                                          ignore_errors=True, **self.creds) | ||||||
|  | 
 | ||||||
|  |                 if rc == 422: | ||||||
|  |                     if self.force and attempt_recovery: | ||||||
|  |                         self.delete_log_messages() | ||||||
|  |                         update = self.update_configuration(update, body, False) | ||||||
|  |                     else: | ||||||
|  |                         self.module.fail_json(msg="Failed to update audit-log configuration! Array Id [%s]. Error [%s]." | ||||||
|  |                                               % (self.ssid, to_native(rc, result))) | ||||||
|  | 
 | ||||||
|  |             except Exception as error: | ||||||
|  |                 self.module.fail_json(msg="Failed to update audit-log configuration! Array Id [%s]. Error [%s]." | ||||||
|  |                                       % (self.ssid, to_native(error))) | ||||||
|  |         return update | ||||||
|  | 
 | ||||||
|  |     def update(self): | ||||||
|  |         """Update the audit-log configuration.""" | ||||||
|  |         update = self.update_configuration() | ||||||
|  |         self.module.exit_json(msg="Audit-log update complete", changed=update) | ||||||
|  | 
 | ||||||
|  |     def __call__(self): | ||||||
|  |         self.update() | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | def main(): | ||||||
|  |     auditlog = AuditLog() | ||||||
|  |     auditlog() | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | if __name__ == "__main__": | ||||||
|  |     main() | ||||||
							
								
								
									
										234
									
								
								test/units/modules/storage/netapp/test_netapp_e_auditlog.py
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										234
									
								
								test/units/modules/storage/netapp/test_netapp_e_auditlog.py
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,234 @@ | ||||||
|  | # (c) 2018, NetApp Inc. | ||||||
|  | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||||||
|  | 
 | ||||||
|  | from ansible.modules.storage.netapp.netapp_e_auditlog import AuditLog | ||||||
|  | from units.modules.utils import AnsibleFailJson, ModuleTestCase, set_module_args | ||||||
|  | 
 | ||||||
|  | __metaclass__ = type | ||||||
|  | from ansible.compat.tests import mock | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class AuditLogTests(ModuleTestCase): | ||||||
|  |     REQUIRED_PARAMS = {'api_username': 'rw', | ||||||
|  |                        'api_password': 'password', | ||||||
|  |                        'api_url': 'http://localhost', | ||||||
|  |                        'ssid': '1'} | ||||||
|  |     REQ_FUNC = 'ansible.modules.storage.netapp.netapp_e_auditlog.request' | ||||||
|  |     MAX_RECORDS_MAXIMUM = 50000 | ||||||
|  |     MAX_RECORDS_MINIMUM = 100 | ||||||
|  | 
 | ||||||
|  |     def _set_args(self, **kwargs): | ||||||
|  |         module_args = self.REQUIRED_PARAMS.copy() | ||||||
|  |         if kwargs is not None: | ||||||
|  |             module_args.update(kwargs) | ||||||
|  |         set_module_args(module_args) | ||||||
|  | 
 | ||||||
|  |     def test_max_records_argument_pass(self): | ||||||
|  |         """Verify AuditLog arument's max_records and threshold upper and lower boundaries.""" | ||||||
|  |         initial = {"max_records": 1000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90} | ||||||
|  |         max_records_set = (self.MAX_RECORDS_MINIMUM, 25000, self.MAX_RECORDS_MAXIMUM) | ||||||
|  | 
 | ||||||
|  |         for max_records in max_records_set: | ||||||
|  |             initial["max_records"] = max_records | ||||||
|  |             self._set_args(**initial) | ||||||
|  |             with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": False})): | ||||||
|  |                 audit_log = AuditLog() | ||||||
|  |                 self.assertTrue(audit_log.max_records == max_records) | ||||||
|  | 
 | ||||||
|  |     def test_max_records_argument_fail(self): | ||||||
|  |         """Verify AuditLog arument's max_records and threshold upper and lower boundaries.""" | ||||||
|  |         initial = {"max_records": 1000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90} | ||||||
|  |         max_records_set = (self.MAX_RECORDS_MINIMUM - 1, self.MAX_RECORDS_MAXIMUM + 1) | ||||||
|  | 
 | ||||||
|  |         for max_records in max_records_set: | ||||||
|  |             with self.assertRaisesRegexp(AnsibleFailJson, r"Audit-log max_records count must be between 100 and 50000"): | ||||||
|  |                 initial["max_records"] = max_records | ||||||
|  |                 self._set_args(**initial) | ||||||
|  |                 AuditLog() | ||||||
|  | 
 | ||||||
|  |     def test_threshold_argument_pass(self): | ||||||
|  |         """Verify AuditLog arument's max_records and threshold upper and lower boundaries.""" | ||||||
|  |         initial = {"max_records": 1000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90} | ||||||
|  |         threshold_set = (60, 75, 90) | ||||||
|  | 
 | ||||||
|  |         for threshold in threshold_set: | ||||||
|  |             initial["threshold"] = threshold | ||||||
|  |             self._set_args(**initial) | ||||||
|  |             with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": False})): | ||||||
|  |                 audit_log = AuditLog() | ||||||
|  |                 self.assertTrue(audit_log.threshold == threshold) | ||||||
|  | 
 | ||||||
|  |     def test_threshold_argument_fail(self): | ||||||
|  |         """Verify AuditLog arument's max_records and threshold upper and lower boundaries.""" | ||||||
|  |         initial = {"max_records": 1000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90} | ||||||
|  |         threshold_set = (59, 91) | ||||||
|  | 
 | ||||||
|  |         for threshold in threshold_set: | ||||||
|  |             with self.assertRaisesRegexp(AnsibleFailJson, r"Audit-log percent threshold must be between 60 and 90"): | ||||||
|  |                 initial["threshold"] = threshold | ||||||
|  |                 self._set_args(**initial) | ||||||
|  |                 with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": False})): | ||||||
|  |                     AuditLog() | ||||||
|  | 
 | ||||||
|  |     def test_is_proxy_pass(self): | ||||||
|  |         """Verify that True is returned when proxy is used to communicate with storage.""" | ||||||
|  |         initial = {"max_records": 1000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90, | ||||||
|  |                    "api_url": "https://10.1.1.10/devmgr/v2"} | ||||||
|  | 
 | ||||||
|  |         self._set_args(**initial) | ||||||
|  |         with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": True})): | ||||||
|  |             audit_log = AuditLog() | ||||||
|  | 
 | ||||||
|  |         with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": True})): | ||||||
|  |             self.assertTrue(audit_log.is_proxy()) | ||||||
|  | 
 | ||||||
|  |     def test_is_proxy_fail(self): | ||||||
|  |         """Verify that AnsibleJsonFail exception is thrown when exception occurs.""" | ||||||
|  |         initial = {"max_records": 1000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90} | ||||||
|  | 
 | ||||||
|  |         self._set_args(**initial) | ||||||
|  |         with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": True})): | ||||||
|  |             audit_log = AuditLog() | ||||||
|  | 
 | ||||||
|  |         with self.assertRaisesRegexp(AnsibleFailJson, r"Failed to retrieve the webservices about information"): | ||||||
|  |             with mock.patch(self.REQ_FUNC, return_value=Exception()): | ||||||
|  |                 audit_log.is_proxy() | ||||||
|  | 
 | ||||||
|  |     def test_get_configuration_pass(self): | ||||||
|  |         """Validate get configuration does not throw exception when normal request is returned.""" | ||||||
|  |         initial = {"max_records": 1000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90} | ||||||
|  |         expected = {"auditLogMaxRecords": 1000, | ||||||
|  |                     "auditLogLevel": "writeOnly", | ||||||
|  |                     "auditLogFullPolicy": "overWrite", | ||||||
|  |                     "auditLogWarningThresholdPct": 90} | ||||||
|  | 
 | ||||||
|  |         self._set_args(**initial) | ||||||
|  |         with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": True})): | ||||||
|  |             audit_log = AuditLog() | ||||||
|  | 
 | ||||||
|  |         with mock.patch(self.REQ_FUNC, return_value=(200, expected)): | ||||||
|  |             body = audit_log.get_configuration() | ||||||
|  |             self.assertTrue(body == expected) | ||||||
|  | 
 | ||||||
|  |     def test_get_configuration_fail(self): | ||||||
|  |         """Verify AnsibleJsonFail exception is thrown.""" | ||||||
|  |         initial = {"max_records": 1000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90} | ||||||
|  | 
 | ||||||
|  |         self._set_args(**initial) | ||||||
|  |         with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": True})): | ||||||
|  |             audit_log = AuditLog() | ||||||
|  | 
 | ||||||
|  |         with self.assertRaisesRegexp(AnsibleFailJson, r"Failed to retrieve the audit-log configuration!"): | ||||||
|  |             with mock.patch(self.REQ_FUNC, return_value=Exception()): | ||||||
|  |                 audit_log.get_configuration() | ||||||
|  | 
 | ||||||
|  |     def test_build_configuration_pass(self): | ||||||
|  |         """Validate configuration changes will force an update.""" | ||||||
|  |         response = {"auditLogMaxRecords": 1000, | ||||||
|  |                     "auditLogLevel": "writeOnly", | ||||||
|  |                     "auditLogFullPolicy": "overWrite", | ||||||
|  |                     "auditLogWarningThresholdPct": 90} | ||||||
|  |         initial = {"max_records": 1000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90} | ||||||
|  |         changes = [{"max_records": 50000}, | ||||||
|  |                    {"log_level": "all"}, | ||||||
|  |                    {"full_policy": "preventSystemAccess"}, | ||||||
|  |                    {"threshold": 75}] | ||||||
|  | 
 | ||||||
|  |         for change in changes: | ||||||
|  |             initial_with_changes = initial.copy() | ||||||
|  |             initial_with_changes.update(change) | ||||||
|  |             self._set_args(**initial_with_changes) | ||||||
|  |             with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": True})): | ||||||
|  |                 audit_log = AuditLog() | ||||||
|  | 
 | ||||||
|  |             with mock.patch(self.REQ_FUNC, return_value=(200, response)): | ||||||
|  |                 update = audit_log.build_configuration() | ||||||
|  |                 self.assertTrue(update) | ||||||
|  | 
 | ||||||
|  |     def test_delete_log_messages_fail(self): | ||||||
|  |         """Verify AnsibleJsonFail exception is thrown.""" | ||||||
|  |         initial = {"max_records": 1000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90} | ||||||
|  | 
 | ||||||
|  |         self._set_args(**initial) | ||||||
|  |         with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": True})): | ||||||
|  |             audit_log = AuditLog() | ||||||
|  | 
 | ||||||
|  |         with self.assertRaisesRegexp(AnsibleFailJson, r"Failed to delete audit-log messages!"): | ||||||
|  |             with mock.patch(self.REQ_FUNC, return_value=Exception()): | ||||||
|  |                 audit_log.delete_log_messages() | ||||||
|  | 
 | ||||||
|  |     def test_update_configuration_delete_pass(self): | ||||||
|  |         """Verify 422 and force successfully returns True.""" | ||||||
|  |         body = {"auditLogMaxRecords": 1000, | ||||||
|  |                 "auditLogLevel": "writeOnly", | ||||||
|  |                 "auditLogFullPolicy": "overWrite", | ||||||
|  |                 "auditLogWarningThresholdPct": 90} | ||||||
|  |         initial = {"max_records": 2000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90, | ||||||
|  |                    "force": True} | ||||||
|  | 
 | ||||||
|  |         self._set_args(**initial) | ||||||
|  |         with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": True})): | ||||||
|  |             audit_log = AuditLog() | ||||||
|  |             with mock.patch(self.REQ_FUNC, side_effect=[(200, body), | ||||||
|  |                                                         (422, {u"invalidFieldsIfKnown": None, | ||||||
|  |                                                                u"errorMessage": u"Configuration change...", | ||||||
|  |                                                                u"localizedMessage": u"Configuration change...", | ||||||
|  |                                                                u"retcode": u"auditLogImmediateFullCondition", | ||||||
|  |                                                                u"codeType": u"devicemgrerror"}), | ||||||
|  |                                                         (200, None), | ||||||
|  |                                                         (200, None)]): | ||||||
|  |                 self.assertTrue(audit_log.update_configuration()) | ||||||
|  | 
 | ||||||
|  |     def test_update_configuration_delete_skip_fail(self): | ||||||
|  |         """Verify 422 and no force results in AnsibleJsonFail exception.""" | ||||||
|  |         body = {"auditLogMaxRecords": 1000, | ||||||
|  |                 "auditLogLevel": "writeOnly", | ||||||
|  |                 "auditLogFullPolicy": "overWrite", | ||||||
|  |                 "auditLogWarningThresholdPct": 90} | ||||||
|  |         initial = {"max_records": 2000, | ||||||
|  |                    "log_level": "writeOnly", | ||||||
|  |                    "full_policy": "overWrite", | ||||||
|  |                    "threshold": 90, | ||||||
|  |                    "force": False} | ||||||
|  | 
 | ||||||
|  |         self._set_args(**initial) | ||||||
|  |         with mock.patch(self.REQ_FUNC, return_value=(200, {"runningAsProxy": True})): | ||||||
|  |             audit_log = AuditLog() | ||||||
|  | 
 | ||||||
|  |         with self.assertRaisesRegexp(AnsibleFailJson, r"Failed to update audit-log configuration!"): | ||||||
|  |             with mock.patch(self.REQ_FUNC, side_effect=[(200, body), Exception(422, {"errorMessage": "error"}), | ||||||
|  |                                                         (200, None), (200, None)]): | ||||||
|  |                 audit_log.update_configuration() | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue