Bugfix/disable rhel8+ security plugin (#266)

* add logic to skip security plugin for rhel8+ images

* add log and ut for disable security plug for rhel8+

* refactor and remove prints and extra lines

* remove semicolon and reformat ut test_yumpkgmanager

* modify the log output

* refactor code

Author: feng-j678

src/core/src/package_managers/YumPackageManager.py

@@ -143,7 +143,10 @@ def get_all_updates(self, cached=False):
     def get_security_updates(self):
         """Get missing security updates"""
         self.composite_logger.log("\nDiscovering 'security' packages...")
-        self.install_yum_security_prerequisite()
+
+        if not self.__is_image_rhel8_or_higher():
+            self.install_yum_security_prerequisite()
+
         out = self.invoke_package_manager(self.yum_check_security)
         security_packages, security_package_versions = self.extract_packages_and_versions(out)
 
@@ -176,6 +179,17 @@ def get_other_updates(self):
         self.composite_logger.log("Discovered " + str(len(other_packages)) + " 'other' package entries.")
         return other_packages, other_package_versions
 
+    def __is_image_rhel8_or_higher(self):
+        """ Check if image is RHEL8+ return true else false """
+        if self.env_layer.platform.linux_distribution() is not None:
+            os_offer, os_version, os_code = self.env_layer.platform.linux_distribution()
+
+            if "Red Hat Enterprise Linux" in os_offer and int(os_version.split('.')[0]) >= 8:
+                self.composite_logger.log_debug("Verify RHEL image version: " + str(os_version))
+                return True
+
+        return False
+
     def set_max_patch_publish_date(self, max_patch_publish_date=str()):
         pass
 

src/core/tests/Test_YumPackageManager.py

@@ -18,6 +18,7 @@
 import unittest
 from core.src.bootstrap.Constants import Constants
 from core.tests.library.ArgumentComposer import ArgumentComposer
+from core.tests.library.LegacyEnvLayerExtensions import LegacyEnvLayerExtensions
 from core.tests.library.RuntimeCompositor import RuntimeCompositor
 
 
@@ -35,6 +36,12 @@ def mock_do_processes_require_restart(self):
 
     def mock_write_with_retry_raise_exception(self, file_path_or_handle, data, mode='a+'):
         raise Exception
+
+    def mock_linux7_distribution_to_return_redhat(self):
+        return ['Red Hat Enterprise Linux Server', '7', 'Maipo']
+
+    def mock_linux8_distribution_to_return_redhat(self):
+        return ['Red Hat Enterprise Linux Server', '8', 'Ootpa']
     #endregion Mocks
 
     def mock_do_processes_require_restart_raise_exception(self):
@@ -619,5 +626,55 @@ def test_obsolete_packages_should_not_considered_in_available_updates(self):
         self.assertTrue(available_updates[0] == "grub2-tools.x86_64")
         self.assertTrue(package_versions[0] == "1:2.02-142.el8")
 
+    def test_rhel7_image_with_security_plugin(self):
+        """Unit test for yum package manager rhel images below 8 and Classification = Security"""
+        # mock linux_distribution
+        backup_envlayer_platform_linux_distribution = LegacyEnvLayerExtensions.LegacyPlatform.linux_distribution
+        LegacyEnvLayerExtensions.LegacyPlatform.linux_distribution = self.mock_linux7_distribution_to_return_redhat
+
+        self.__assert_test_rhel8_image()
+
+        # restore linux_distribution
+        LegacyEnvLayerExtensions.LegacyPlatform.linux_distribution = backup_envlayer_platform_linux_distribution
+
+    def test_rhel8_image_higher_no_security_plugin(self):
+        """Unit test for yum package manager rhel images >= 8 and Classification = Security"""
+        # mock linux_distribution
+        backup_envlayer_platform_linux_distribution = LegacyEnvLayerExtensions.LegacyPlatform.linux_distribution
+        LegacyEnvLayerExtensions.LegacyPlatform.linux_distribution = self.mock_linux8_distribution_to_return_redhat
+
+        self.__assert_test_rhel8_image()
+
+        # restore linux_distribution
+        LegacyEnvLayerExtensions.LegacyPlatform.linux_distribution = backup_envlayer_platform_linux_distribution
+
+    def __assert_test_rhel8_image(self):
+        self.runtime.set_legacy_test_type('HappyPath')
+        package_manager = self.container.get('package_manager')
+        self.assertIsNotNone(package_manager)
+        self.runtime.stop()
+
+        argument_composer = ArgumentComposer()
+        argument_composer.classifications_to_include = [Constants.PackageClassification.SECURITY]
+        argument_composer.patches_to_include = ["ssh", "tcpdump"]
+        argument_composer.patches_to_exclude = ["ssh*", "test"]
+        self.runtime = RuntimeCompositor(argument_composer.get_composed_arguments(), True, Constants.YUM)
+        self.container = self.runtime.container
+
+        package_filter = self.container.get('package_filter')
+        self.assertIsNotNone(package_filter)
+
+        available_updates, package_versions = package_manager.get_available_updates(package_filter)
+
+        # test for get_available_updates
+        self.assertIsNotNone(available_updates)
+        self.assertIsNotNone(package_versions)
+        self.assertEqual(len(available_updates), 2)
+        self.assertEqual(len(package_versions), 2)
+        self.assertEqual(available_updates[0], "libgcc.i686")
+        self.assertEqual(package_versions[0], "4.8.5-28.el7")
+        self.assertEqual(available_updates[1], "tcpdump.x86_64")
+        self.assertEqual(package_versions[1], "14:4.9.2-3.el7")
+
 if __name__ == '__main__':
     unittest.main()