diff --git a/CHANGELOG.md b/CHANGELOG.md index e63d71791c..51ce720f40 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,10 @@ All notable changes to this project will be documented in this file. - Fix agentd IT for python3.10 AMI ([#3973](https://github.com/wazuh/wazuh-qa/pull/3973)) \- (Tests) - Fix unstable system tests ([#4080](https://github.com/wazuh/wazuh-qa/pull/4080)) \- (Tests) +### Changed + +- Modify authd ITs test_authd_valid_name_ip to avoid flackyness. ([#4164](https://github.com/wazuh/wazuh-qa/pull/4164)) \- (Tests) + ## [4.4.1] - 12-04-2023 Wazuh commit: https://github.com/wazuh/wazuh/commit/63a0580562007c4ba9c117f4a232ce90160481ff \ diff --git a/tests/integration/test_authd/data/test_authd_valid_name_ip.yaml b/tests/integration/test_authd/data/test_authd_valid_name_ip.yaml index dc928b5ea7..5f378fd21f 100644 --- a/tests/integration/test_authd/data/test_authd_valid_name_ip.yaml +++ b/tests/integration/test_authd/data/test_authd_valid_name_ip.yaml @@ -1,259 +1,236 @@ ---- - - - name: 'Agent name same as Manager' - description: 'Check for register an agent with name same as manager: rejected' - test_case: - - - input: "OSSEC A:'{}'" - output: - status: 'error' - message: 'Invalid agent name: {}' - insert_hostname_in_query: 'yes' - - - name: 'Register with Default config' - description: 'Default manager configuration: registered' - test_case: - - - input: "OSSEC A:'user1'" - output: - status: 'success' - name: 'user1' - ip: 'any' - - - name: 'Too short agent name' - description: 'Agent name too short < 2: rejected' - test_case: - - - input: "OSSEC A:'n'" - output: - status: 'error' - message: 'Invalid agent name: n' - - - name: 'Min len agent name' - description: 'Agent name length = 2: registered' - test_case: - - - input: "OSSEC A:'nn'" - output: - status: 'success' - name: 'nn' - ip: 'any' - - - name: 'Max len agent name' - description: 'Agent name length = 128: registered' - test_case: - - - input: "OSSEC A:'userxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'" - output: - status: 'success' - name: 'userxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' - ip: 'any' - - - name: 'Too long agent name' - description: 'Agent name length = 129: rejected' - test_case: - - - input: "OSSEC A:'userxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'" - output: - status: 'error' - message: 'Invalid agent name: userxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' - - - name: "Check non-alphanumeric '*'" - description: "Agent name with '*': rejected" - test_case: - - - input: "OSSEC A:'user*1'" - output: - status: 'error' - message: 'Invalid agent name: user\*1' - - - name: "Check non-alphanumeric '-'" - description: "Agent name with '-': registered" - test_case: - - - input: "OSSEC A:'user-1'" - output: - status: 'success' - name: 'user-1' - ip: 'any' - - - name: "Check non-alphanumeric '_'" - description: "Agent name with '_': registered" - test_case: - - - input: "OSSEC A:'user_1'" - output: - status: 'success' - name: 'user_1' - ip: 'any' - - - name: "Check non-alphanumeric '.'" - description: "Agent name with '.': registered" - test_case: - - - input: "OSSEC A:'user.1'" - output: - status: 'success' - name: 'user.1' - ip: 'any' - - - name: 'Valid IP' - description: 'Try register an agent with valid IP: register' - test_case: - - - input: "OSSEC A:'user1' IP:'10.10.10.10'" - output: - status: 'success' - name: 'user1' - ip: '10.10.10.10' - - - name: 'Invalid IP: incomplete' - description: 'Try register an agent with invalid IP: rejected' - test_case: - - - input: "OSSEC A:'user1' IP:'10.10.10'" - output: - status: 'error' - message: 'Invalid IP: 10.10.10' - - - name: 'Invalid IP: alphabetic character' - description: 'Try register an agent with invalid IP: rejected' - test_case: - - - input: "OSSEC A:'user1' IP:'10.10.10.nn'" - output: - status: 'error' - message: 'Invalid IP: 10.10.10.nn' - - - name: 'Invalid IP: greater than 255: 1' - description: 'Try register an agent with invalid IP' - # The manager should validate the IP https://github.com/wazuh/wazuh/issues/4965 - test_case: - - - input: "OSSEC A:'user1' IP:'10.10.10.257'" - output: - status: 'error' - message: 'Invalid IP: 10.10.10.257' - - - name: 'Invalid IP: greater than 255: 2' - description: 'Try register an agent with invalid IP' - # The manager should validate the IP https://github.com/wazuh/wazuh/issues/4965 - test_case: - - - input: "OSSEC A:'user1' IP:'257.257.257.257'" - output: - status: 'error' - message: 'Invalid IP: 257.257.257.257' - - - name: 'Invalid IP: 4 digits' - description: 'Try register an agent with invalid IP: rejected' - test_case: - - - input: "OSSEC A:'user1' IP:'999.9999.999.999'" - output: - status: 'error' - message: 'Invalid IP: 999.9999.999.999' - - - name: 'Ip with mask/0' - description: 'Ip with mask: register' - test_case: - - - input: "OSSEC A:'user1' IP:'10.10.10.10/0'" - output: - status: 'success' - name: 'user1' - ip: '10.10.10.10/0' - - - name: 'Ip with mask /24 ' - description: 'Ip with mask /24: register' - test_case: - - - input: "OSSEC A:'user1' IP:'10.10.10.1/24'" - output: - status: 'success' - name: 'user1' - ip: '10.10.10.1/24' - - - name: 'Ip with mask /32' - description: 'Ip with mask /32: register' - test_case: - - - input: "OSSEC A:'user1' IP:'10.10.10.1/32'" - output: - status: 'success' - name: 'user1' - ip: '10.10.10.1/32' - - - name: 'Invalid mask' - description: 'Invalid mask: rejected' - test_case: - - - input: "OSSEC A:'user1' IP:'10.10.10.1/55'" - output: - status: 'error' - message: 'Invalid IP: 10.10.10.1' - - - name: 'Invalid mask, wrong character' - description: 'Invalid mask, wrong character: rejected' - test_case: - - - input: "OSSEC A:'user1' IP:'10.10.10.1/2{'" - output: - status: 'error' - message: 'Invalid IP: 10.10.10.1' - - - name: 'Invalid mask, wrong character' - description: 'Invalid mask, wrong character: rejected' - test_case: - - - input: "OSSEC A:'user1' IP:'10.10.10.1/<'" - output: - status: 'error' - message: 'Invalid IP: 10.10.10.1' - - - name: 'Valid IPv6' - description: 'Try register an agent with valid IPv6: register' - test_case: - - - input: "OSSEC A:'user1' IP:'02db:4660:46af:e523:d05e:a62e:4ca7:8e58'" - output: - status: 'success' - name: 'user1' - ip: '02DB:4660:46AF:E523:D05E:A62E:4CA7:8E58' - - - name: 'Valid compressed IPv6' - description: 'Try register an agent with valid compressed IPv6: register' - test_case: - - - input: "OSSEC A:'user1' IP:'2001:db8:0:b::1A'" - output: - status: 'success' - name: 'user1' - ip: '2001:0DB8:0000:000B:0000:0000:0000:001A' - - - name: 'Invalid IPv6: 2 double colons' - description: 'Try register an agent with invalid IPv6: rejected' - test_case: - - - input: "OSSEC A:'user1' IP:'56FE::2159:5BBC::6594'" - output: - status: 'error' - message: 'Invalid IP: 56FE::2159:5BBC::6594' - - - name: "Invalid long agent IPv6 address" - description: "Try register an agent with valid compressed IPv6" - test_case: - - - input: "OSSEC A:'user1' IP:'11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA'" - output: - status: 'error' - message: 'Invalid IP: 11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA' - - - name: "Invalid Agent IPv6 address with words" - description: "Try to register an invalid agent_address" - test_case: - - - input: "OSSEC A:'user1' IP:'02db:4660:46af:invalid:d05e:a62e:4ca7:8e58'" - output: - status: 'error' - message: 'Invalid IP: 02db:4660:46af:invalid:d05e:a62e:4ca7:8e58' +- + name: Agent name same as Manager + description: 'Check for register an agent with name same as manager: rejected' + test_case: + input: OSSEC A:'{}' + output: + status: error + message: 'Invalid agent name: {}' + insert_hostname_in_query: true +- + name: Register with Default config + description: 'Default manager configuration: registered' + test_case: + input: OSSEC A:'user1' + output: + status: success + name: user1 + ip: any +- + name: Too short agent name + description: 'Agent name too short < 2: rejected' + test_case: + input: OSSEC A:'n' + output: + status: error + message: 'Invalid agent name: n' +- + name: Min len agent name + description: 'Agent name length = 2: registered' + test_case: + input: OSSEC A:'nn' + output: + status: success + name: nn + ip: any +- + name: Max len agent name + description: 'Agent name length = 128: registered' + test_case: + input: "OSSEC A:'userxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ + xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'" + output: + status: success + name: userxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + ip: any +- + name: Too long agent name + description: 'Agent name length = 129: rejected' + test_case: + input: "OSSEC A:'userxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ + xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'" + output: + status: error + message: "Invalid agent name: userxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ + xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +- + name: Check non-alphanumeric '*' + description: "Agent name with '*': rejected" + test_case: + input: OSSEC A:'user*1' + output: + status: error + message: 'Invalid agent name: user\*1' +- + name: Check non-alphanumeric '-' + description: "Agent name with '-': registered" + test_case: + input: OSSEC A:'user-1' + output: + status: success + name: user-1 + ip: any +- + name: Check non-alphanumeric '_' + description: "Agent name with '_': registered" + test_case: + input: OSSEC A:'user_1' + output: + status: success + name: user_1 + ip: any +- + name: Check non-alphanumeric '.' + description: "Agent name with '.': registered" + test_case: + input: OSSEC A:'user.1' + output: + status: success + name: user.1 + ip: any +- + name: Valid IP + description: 'Try register an agent with valid IP: register' + test_case: + input: OSSEC A:'user1' IP:'10.10.10.10' + output: + status: success + name: user1 + ip: 10.10.10.10 +- + name: 'Invalid IP: incomplete' + description: 'Try register an agent with invalid IP: rejected' + test_case: + input: OSSEC A:'user1' IP:'10.10.10' + output: + status: error + message: 'Invalid IP: 10.10.10' +- + name: 'Invalid IP: alphabetic character' + description: 'Try register an agent with invalid IP: rejected' + test_case: + input: OSSEC A:'user1' IP:'10.10.10.nn' + output: + status: error + message: 'Invalid IP: 10.10.10.nn' +- + name: 'Invalid IP: greater than 255: 1' + description: Try register an agent with invalid IP + # The manager should validate the IP https://github.com/wazuh/wazuh/issues/4965 + test_case: + input: OSSEC A:'user1' IP:'10.10.10.257' + output: + status: error + message: 'Invalid IP: 10.10.10.257' + expected_fail: true +- + name: 'Invalid IP: greater than 255: 2' + description: Try register an agent with invalid IP + # The manager should validate the IP https://github.com/wazuh/wazuh/issues/4965 + test_case: + input: OSSEC A:'user1' IP:'257.257.257.257' + output: + status: error + message: 'Invalid IP: 257.257.257.257' + expected_fail: true +- + name: 'Invalid IP: 4 digits' + description: 'Try register an agent with invalid IP: rejected' + test_case: + input: OSSEC A:'user1' IP:'999.9999.999.999' + output: + status: error + message: 'Invalid IP: 999.9999.999.999' +- + name: Ip with mask/0 + description: 'Ip with mask: register' + test_case: + input: OSSEC A:'user1' IP:'10.10.10.10/0' + output: + status: success + name: user1 + ip: 10.10.10.10/0 +- + name: Ip with mask /24 + description: 'Ip with mask /24: register' + test_case: + input: OSSEC A:'user1' IP:'10.10.10.1/24' + output: + status: success + name: user1 + ip: 10.10.10.1/24 +- + name: Ip with mask /32 + description: 'Ip with mask /32: register' + test_case: + input: OSSEC A:'user1' IP:'10.10.10.1/32' + output: + status: success + name: user1 + ip: 10.10.10.1/32 +- + name: Invalid mask + description: 'Invalid mask: rejected' + test_case: + input: OSSEC A:'user1' IP:'10.10.10.1/55' + output: + status: error + message: 'Invalid IP: 10.10.10.1' +- + name: Invalid mask, wrong character + description: 'Invalid mask, wrong character: rejected' + test_case: + input: OSSEC A:'user1' IP:'10.10.10.1/2{' + output: + status: error + message: 'Invalid IP: 10.10.10.1' +- + name: Invalid mask, wrong character + description: 'Invalid mask, wrong character: rejected' + test_case: + input: OSSEC A:'user1' IP:'10.10.10.1/<' + output: + status: error + message: 'Invalid IP: 10.10.10.1' +- + name: Valid IPv6 + description: 'Try register an agent with valid IPv6: register' + test_case: + input: OSSEC A:'user1' IP:'02db:4660:46af:e523:d05e:a62e:4ca7:8e58' + output: + status: success + name: user1 + ip: 02DB:4660:46AF:E523:D05E:A62E:4CA7:8E58 +- + name: Valid compressed IPv6 + description: 'Try register an agent with valid compressed IPv6: register' + test_case: + input: OSSEC A:'user1' IP:'2001:db8:0:b::1A' + output: + status: success + name: user1 + ip: 2001:0DB8:0000:000B:0000:0000:0000:001A +- + name: 'Invalid IPv6: 2 double colons' + description: 'Try register an agent with invalid IPv6: rejected' + test_case: + input: OSSEC A:'user1' IP:'56FE::2159:5BBC::6594' + output: + status: error + message: 'Invalid IP: 56FE::2159:5BBC::6594' +- + name: Invalid long agent IPv6 address + description: Try register an agent with valid compressed IPv6 + test_case: + input: OSSEC A:'user1' IP:'11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA' + output: + status: error + message: 'Invalid IP: 11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA' +- + name: Invalid Agent IPv6 address with words + description: Try to register an invalid agent_address + test_case: + input: OSSEC A:'user1' IP:'02db:4660:46af:invalid:d05e:a62e:4ca7:8e58' + output: + status: error + message: 'Invalid IP: 02db:4660:46af:invalid:d05e:a62e:4ca7:8e58' diff --git a/tests/integration/test_authd/test_authd_valid_name_ip.py b/tests/integration/test_authd/test_authd_valid_name_ip.py index 4138356697..cc0c6d7701 100644 --- a/tests/integration/test_authd/test_authd_valid_name_ip.py +++ b/tests/integration/test_authd/test_authd_valid_name_ip.py @@ -1,5 +1,5 @@ ''' -copyright: Copyright (C) 2015-2022, Wazuh Inc. +copyright: Copyright (C) 2015-2023, Wazuh Inc. Created by Wazuh, Inc. . @@ -55,7 +55,7 @@ test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') configurations_path = os.path.join(test_data_path, 'wazuh_authd_configuration.yaml') client_keys_path = os.path.join(WAZUH_PATH, 'etc', 'client.keys') -test_authd_valid_name_ip_tests = read_yaml(os.path.join(test_data_path, 'test_authd_valid_name_ip.yaml')) +test_cases = read_yaml(os.path.join(test_data_path, 'test_authd_valid_name_ip.yaml')) configurations = load_wazuh_configurations(configurations_path, __name__) # Variables @@ -65,7 +65,7 @@ monitored_sockets_params = [('wazuh-modulesd', None, True), ('wazuh-db', None, True), ('wazuh-authd', None, True)] receiver_sockets, monitored_sockets, log_monitors = None, None, None # Set in the fixtures hostname = socket.gethostname() -daemons_handler_configuration = {'all_daemons': True} + # Fixtures @@ -80,11 +80,11 @@ def get_configuration(request): # Test -@pytest.mark.parametrize('test_case', [case for case in test_authd_valid_name_ip_tests], - ids=[test_case['name'] for test_case in test_authd_valid_name_ip_tests]) -def test_authd_force_options(get_configuration, configure_environment, configure_sockets_environment, - clean_client_keys_file_module, restart_wazuh_daemon, wait_for_authd_startup_module, - connect_to_sockets_module, test_case, tear_down): +@pytest.mark.parametrize('test_case', [case['test_case'] for case in test_cases], + ids=[case['name'] for case in test_cases]) +def test_authd_valid_name_ip(get_configuration, configure_environment, configure_sockets_environment, + clean_client_keys_file_function, connect_to_sockets_module, test_case, + restart_authd_function, wait_for_authd_startup_function, tear_down): ''' description: Checks that every input message in authd port generates the adequate output. @@ -104,13 +104,13 @@ def test_authd_force_options(get_configuration, configure_environment, configure - configure_sockets_environment: type: fixture brief: Configure the socket listener to receive and send messages on the sockets. - - clean_client_keys_file_module: + - clean_client_keys_file_function: type: fixture - brief: Stops Wazuh and cleans any previous key in client.keys file at module scope. - - restart_authd: + brief: Stops Wazuh and cleans any previous key in client.keys file at function scope. + - restart_authd_function: type: fixture brief: Restart the 'wazuh-authd' daemon, clear the 'ossec.log' file and start a new file monitor. - - wait_for_authd_startup_module: + - wait_for_authd_startup_function: type: fixture brief: Waits until Authd is accepting connections. - connect_to_sockets_module: @@ -135,27 +135,33 @@ def test_authd_force_options(get_configuration, configure_environment, configure - Registration request responses on Authd socket ''' - for index, stage in enumerate(test_case['test_case']): - # Reopen socket (socket is closed by manager after sending message with client key) - receiver_sockets[0].open() - # Checking 'hostname' test case - try: - if stage['insert_hostname_in_query'] == 'yes': - stage['input'] = stage['input'].format(hostname) - if 'message' in stage['output']: - stage['output']['message'] = stage['output']['message'].format(hostname) - except KeyError: - pass - except IndexError: - raise - - receiver_sockets[0].send(stage['input'], size=False) - timeout = time.time() + 10 - response = '' - while response == '': - response = receiver_sockets[0].receive().decode() - if time.time() > timeout: - assert response != '', 'The manager did not respond to the message sent.' - - result, err_msg = validate_authd_response(response, stage['output']) - assert result == 'success', f"Failed stage '{index+1}': {err_msg} Complete response: '{response}'" + # Reopen socket (socket is closed by manager after sending message with client key). + receiver_sockets[0].open() + + # Set 'hostname' in test case's expected output message. + if test_case.get('insert_hostname_in_query'): + test_case['input'] = test_case.get('input').format(hostname) + if 'message' in test_case.get('output'): + test_case['output']['message'] = test_case['output'].get('message').format(hostname) + + # Send the message to the socket. + receiver_sockets[0].send(test_case['input'], size=False) + # Set the timeout and the empty response str. + timeout = time.time() + 10 + response = '' + + # Wait the socket response or raise an error if timeout. + while response == '': + if time.time() > timeout: + raise ConnectionResetError('Manager did not respond to sent message!') + response = receiver_sockets[0].receive().decode() + + # Get the validated authd response. + result, err_msg = validate_authd_response(response, test_case['output']) + + # ASSERTIONS. + if test_case.get('expected_fail'): + with pytest.raises(Exception): + assert "ERROR" in result, f"No error raised. Complete response: '{response}'" + else: + assert result == 'success', f"Failed with {err_msg} Complete response: '{response}'"