armosec · kooomix · Aug 1, 2024 · Aug 1, 2024 · Aug 1, 2024
diff --git a/configurations/expected-result/kdr/runtime_policies_default.json b/configurations/expected-result/kdr/runtime_policies_default.json
@@ -0,0 +1,39 @@
+{
+    "total": {
+        "value": 2,
+        "relation": "eq"
+    },
+    "response": [
+        {
+            "guid": "301aaa48-1217-4da2-ac62-626cb59d47f2",
+            "name": "Malware",
+            "updatedTime": "2024-08-01T04:10:43Z",
+            "description": "Default Malware RuleSet",
+            "enabled": true,
+            "scope": {},
+            "ruleSetType": "Managed",
+            "managedRuleSetIDs": [
+                "c9fe6345-c393-4595-bd7b-22110dbafe62"
+            ],
+            "updatedBy": "ARMO",
+            "notifications": [],
+            "actions": []
+        },
+        {
+            "guid": "7af24eca-75e6-48dd-a244-de530f736bda",
+            "name": "Anomaly",
+            "updatedTime": "2024-08-01T04:10:43Z",
+            "description": "Default Anomaly RuleSet",
+            "enabled": true,
+            "scope": {},
+            "ruleSetType": "Managed",
+            "managedRuleSetIDs": [
+                "c9fe6345-c393-4595-bd7b-22110dbafe61"
+            ],
+            "updatedBy": "ARMO",
+            "notifications": [],
+            "actions": []
+        }
+    ],
+    "cursor": ""
+}
diff --git a/configurations/expected-result/kdr/runtime_policies_unique_values.json b/configurations/expected-result/kdr/runtime_policies_unique_values.json
@@ -0,0 +1,33 @@
+{
+    "fields": {
+        "name": [
+            "Anomaly",
+            "Malware"
+        ],
+        "ruleSetType": [
+            "Managed"
+        ],
+        "scope.designators.cluster": [],
+        "scope.designators.namespace": []
+    },
+    "fieldsCount": {
+        "name": [
+            {
+                "key": "Anomaly",
+                "count": 1
+            },
+            {
+                "key": "Malware",
+                "count": 1
+            }
+        ],
+        "ruleSetType": [
+            {
+                "key": "Managed",
+                "count": 2
+            }
+        ],
+        "scope.designators.cluster": [],
+        "scope.designators.namespace": []
+    }
+}
diff --git a/configurations/expected-result/kdr/runtime_rulesets.json b/configurations/expected-result/kdr/runtime_rulesets.json
@@ -0,0 +1,49 @@
+{
+    "total": {
+        "value": 2,
+        "relation": ""
+    },
+    "response": [
+        {
+            "guid": "c9fe6345-c393-4595-bd7b-22110dbafe61",
+            "name": "Anomaly",
+            "updatedTime": "2024-07-09T12:11:19Z",
+            "incidentTypeIDs": [
+                "I006",
+                "I007",
+                "I008",
+                "I010",
+                "I011",
+                "I012",
+                "I013",
+                "I014",
+                "I015",
+                "I017",
+                "I018",
+                "I019",
+                "I020",
+                "I021",
+                "I022"
+            ],
+            "updatedBy": "ARMO",
+            "description": "Default Anomaly RuleSet"
+        },
+        {
+            "guid": "c9fe6345-c393-4595-bd7b-22110dbafe62",
+            "name": "Malware",
+            "updatedTime": "2024-07-09T12:11:19Z",
+            "incidentTypeIDs": [
+                "I001",
+                "I002",
+                "I003",
+                "I004",
+                "I005",
+                "I009",
+                "I016"
+            ],
+            "updatedBy": "ARMO",
+            "description": "Default Malware RuleSet"
+        }
+    ],
+    "cursor": ""
+}
diff --git a/configurations/system/tests_cases/runtime_tests.py b/configurations/system/tests_cases/runtime_tests.py
@@ -15,4 +15,13 @@ def basic_incident_presented():
             test_obj=Incidents,
             deployments=join(DEFAULT_DEPLOYMENT_PATH, "redis_sleep_long"),
             # create_test_tenant=True,
+        )
+
+    @staticmethod
+    def kdr_runtime_policies_configurations():
+        from tests_scripts.runtime.policies import RuntimePoliciesConfigurations
+        return KubescapeConfiguration(
+            name=inspect.currentframe().f_code.co_name,
+            test_obj=RuntimePoliciesConfigurations,
+            create_test_tenant=True,
         )
diff --git a/infrastructure/backend_api.py b/infrastructure/backend_api.py
@@ -121,6 +121,11 @@ class NotExistingCustomer(Exception):
 
 API_RUNTIME_INCIDENTSPERSEVERITY = "/api/v1/runtime/incidentsPerSeverity"
 API_RUNTIME_INCIDENTSOVERTIME = "/api/v1/runtime/incidentsOvertime"
+API_RUNTIME_INCIDENTSRULESET = "/api/v1/runtime/incidentsRuleSet"
+API_RUNTIME_INCIDENTTYPES = "/api/v1/runtime/incidentTypes"
+API_RUNTIME_POLICIES_LIST = "/api/v1/runtime/policies/list"
+API_RUNTIME_POLICIES = "/api/v1/runtime/policies"
+API_RUNTIME_POLICIES_UNIQUEVALUES = "/api/v1/uniqueValues/runtimeIncidentPolicy"
 
 API_SECCOMP_LIST = "/api/v1/seccomp/list"
 API_SECCOMP_GENERATE = "/api/v1/seccomp/generate"
@@ -2611,6 +2616,154 @@ def delete_security_risks_exception(self, exception_id):
 
         return r
 
+    def get_runtime_incidents_rulesets(self, body = None):
+        params = {"customerGUID": self.selected_tenant_id}
+
+        if body is None:
+            body = {"pageSize": 50, "pageNum": 1}
+
+        Logger.logger.info("get_runtime_incidents_rulesets body: %s" % body)
+        r = self.post(API_RUNTIME_INCIDENTSRULESET, params=params, json=body)
+
+        if not 200 <= r.status_code < 300:
+            raise Exception(
+                'Error accessing dashboard. Request: get_runtime_incidents_rules "%s" (code: %d, message: %s)' % (
+                    self.customer, r.status_code, r.text))
+        return r
+
+    def get_runtime_incident_types(self, body = None):
+        params = {"customerGUID": self.selected_tenant_id}
+
+        if body is None:
+            body = {"pageSize": 50, "pageNum": 1}
+
+        Logger.logger.info("get_runtime_incident_types body: %s" % body)
+        r = self.post(API_RUNTIME_INCIDENTTYPES, params=params, json=body)
+
+        if not 200 <= r.status_code < 300:
+            raise Exception(
+                'Error accessing dashboard. Request: get_runtime_incident_types "%s" (code: %d, message: %s)' % (
+                    self.customer, r.status_code, r.text))
+        return r
+
+
+
+    def get_runtime_policies_list(self, body = None):
+        """
+        payload example:
+
+        {
+        "pageSize": 50,
+        "pageNum": 1,
+        "innerFilters": [
+            {
+            "scope.designators.cluster": "arn-aws-eks-eu-west-1-015253967648-cluster-ca-terraform-eks-dev-stage"
+            }
+        ]
+        }
+        """
+        params = {"customerGUID": self.selected_tenant_id}
+
+        if body is None:
+            body = {"pageSize": 50, "pageNum": 1}
+
+        Logger.logger.info("get_runtime_policies_list body: %s" % body)
+        r = self.post(API_RUNTIME_POLICIES_LIST, params=params, json=body)
+
+        if not 200 <= r.status_code < 300:
+            raise Exception(
+                'Error accessing dashboard. Request: get_runtime_policies_list "%s" (code: %d, message: %s)' % (
+                    self.customer, r.status_code, r.text))
+        return r
+
+    def delete_runtime_policies(self, body):
+        params = {"customerGUID": self.selected_tenant_id}
+
+        Logger.logger.info("delete_runtime_policies body: %s" % body)
+        r = self.delete(API_RUNTIME_POLICIES, params=params, json=body)
+
+        if not 200 <= r.status_code < 300:
+            raise Exception(
+                'Error accessing dashboard. Request: delete_runtime_policies "%s" (code: %d, message: %s)' % (
+                    self.customer, r.status_code, r.text))
+        return r
+
+
+    def new_runtime_policy(self, body):
+        """
+        mandatory fields: name, ruleSetType (Custom or Managed)
+
+        if "ruleSetType": "Managed" then you have to have at least 1 ruleset
+
+        example:
+        {    
+            "name": "Malware-new",    
+            "description": "Default Malware RuleSet",
+            "enabled": true,
+            "scope": {"riskFactors":["Internet facing"],"designators":[{"cluster":"bla"}]},
+            "ruleSetType": "Managed",
+            "managedRuleSetIDs": [
+                "c9fe6345-c393-4595-bd7b-22110dbafe62"
+            ],    
+            "notifications": [],
+            "actions": []
+        }
+        """
+        params = {"customerGUID": self.selected_tenant_id}
+
+        Logger.logger.info("new_runtime_policy body: %s" % body)
+        r = self.post(API_RUNTIME_POLICIES, params=params, json=body)
+
+        if not 200 <= r.status_code < 300:
+            raise Exception(
+                'Error accessing dashboard. Request: new_runtime_policy "%s" (code: %d, message: %s)' % (
+                    self.customer, r.status_code, r.text))
+        return r
+
+    def update_runtime_policy(self, body):
+
+        """
+        mandatory fields: guid, name, ruleSetType (Custom or Managed)
+
+        if "ruleSetType": "Managed" then you have to have at least 1 ruleset
+
+        {
+            "guid": "093c28b1-894f-4aa2-a8b8-8ed71cb9ddf0",
+            "name": "Malware-new",
+            "description": "Default Malware RuleSet",
+            "enabled": true,
+            "scope": {"riskFactors":["Internet facing"],"designators":[{"cluster":"bla"}]},
+            "ruleSetType": "Custom",
+            "IncidentTypeIDs":["I001","I002"],
+            "notifications": [],
+            "actions": []
+        }
+        """
+        params = {"customerGUID": self.selected_tenant_id}
+
+        Logger.logger.info("update_runtime_policy body: %s" % body)
+
+        r = self.put(API_RUNTIME_POLICIES, params=params, json=body)
+
+        if not 200 <= r.status_code < 300:
+            raise Exception(
+                'Error accessing dashboard. Request: update_runtime_policy "%s" (code: %d, message: %s)' % (
+                    self.customer, r.status_code, r.text))
+        return r
+
+    def get_runtime_policies_uniquevalues(self, body):
+        params = {"customerGUID": self.selected_tenant_id}
+
+        Logger.logger.info("get_runtime_policies_uniquevalues body: %s" % body)
+
+        r = self.post(API_RUNTIME_POLICIES_UNIQUEVALUES, params=params, json=body)
+
+        if not 200 <= r.status_code < 300:
+            raise Exception(
+                'Error accessing dashboard. Request: get_runtime_policies_uniquevalues "%s" (code: %d, message: %s)' % (
+                    self.customer, r.status_code, r.text))
+        return r
+
     def get_integration_status(self, provider: str):
         url = API_INTEGRATIONS + "/connection/status"
         r = self.get(url, params={"customerGUID": self.selected_tenant_id, "provider": provider})

diff --git a/readme.md b/readme.md
@@ -95,6 +95,7 @@ Please ensure all these details are accurately filled to maintain the effectiven
 | `sr_with_exceptions`             | helm-chart |                                    | in-cluster kubescape, backend |
 | `basic_incident_presented`         | helm-chart |  basic incident from in cluster presented in BE API | in-cluster , backend |
 | `smart_remediation_all_controls` | helm-chart | Test all smart remediation controls | in-cluster , backend |
+| `kdr_runtime_policies_configurations`  | helm-chart | Test runtime policy configurations - list, create, update, delete, unique values | backend |
 
 ### Install:
 * download/clone repository

diff --git a/system_test_mapping.json b/system_test_mapping.json
@@ -1453,6 +1453,19 @@
     "skip_on_environment": "production",
     "owner": ""
   },
+  "kdr_runtime_policies_configurations": {
+    "target": [
+      "Backend"
+    ],
+    "target_repositories": [
+      "cadashboardbe",
+      "event-ingester-service",
+      "config-service"
+    ],
+    "description": "Test kdr runtime policy configurations - list, create, update, delete, unique values ",
+    "skip_on_environment": "",
+    "owner": ""
+  },
   "sr_ac_scan_status": {
     "target": [
       "In cluster",

diff --git a/systest_utils/systests_utilities.py b/systest_utils/systests_utilities.py
@@ -380,7 +380,7 @@ def get_class_methods(class_name):
     @staticmethod
     def save_expceted_json(expected_json, path):
         with open(path, 'w') as f:
-            json.dump(expected_json, f)
+            json.dump(expected_json, f, indent=4)
 
     @staticmethod
     def get_expected_json(path):

diff --git a/tests_scripts/base_test.py b/tests_scripts/base_test.py
@@ -260,7 +260,7 @@ def wait_for_report(report_type, timeout=120, sleep_interval=30, ignore_agent: b
 
     def cleanup(self, wlid: str = None, display_wt: bool = False):
         self.delete_tenants()
-        return "", ""
+        return statics.SUCCESS, ""
 
     def validate_microservice_is_inactive(self, wlid, tries_num=5):
         for i in range(tries_num):