Merge "Update testapi presentation"

author Morgan Richomme <morgan.richomme@orange.com>

Mon, 13 Jun 2016 07:25:51 +0000 (07:25 +0000)

committer Gerrit Code Review <gerrit@172.30.200.206>

Mon, 13 Jun 2016 07:25:51 +0000 (07:25 +0000)
author Morgan Richomme <morgan.richomme@orange.com>
Mon, 13 Jun 2016 07:25:51 +0000 (07:25 +0000)
committer Gerrit Code Review <gerrit@172.30.200.206>
Mon, 13 Jun 2016 07:25:51 +0000 (07:25 +0000)
diff --git a/testcases/security_scan/config.ini b/testcases/security_scan/config.ini

index 440b23c..992ca7e 100644 (file)
--- a/testcases/security_scan/config.ini
+++ b/testcases/security_scan/config.ini
@@ -1,7 +1,12 @@
+[undercloud]
+port = 22
+user = stack
+remotekey = /home/stack/.ssh/id_rsa
+localkey = /home/opnfv/.ssh/overCloudKey
+
  [controller]
  port = 22
  user = heat-admin
-user_key = /root/.ssh/stackkey
  scantype = xccdf
  secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
  cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
@@ -14,7 +19,6 @@ clean = True
  [compute]
  port = 22
  user = heat-admin
-user_key = /root/.ssh/stackkey
  scantype = xccdf
  secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
  cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
diff --git a/testcases/security_scan/connect.py b/testcases/security_scan/connect.py

index e040de1..d0ef02d 100644 (file)
--- a/testcases/security_scan/connect.py
+++ b/testcases/security_scan/connect.py
@@ -21,13 +21,9 @@ INSTALLER_IP = os.getenv('INSTALLER_IP')
  
  # Set up loggers
  logger = ft_logger.Logger("security_scan").getLogger()
-
-paramiko.util.log_to_file("/var/log/paramiko.log")
-
  paramiko.util.log_to_file("/var/log/paramiko.log")
  
-
-class novaManager:
+class setup:
      def __init__(self, *args):
          self.args = args
  
@@ -48,14 +44,35 @@ class novaManager:
                           "undercloud host: {0}".format(INSTALLER_IP))
          stdin, stdout, stderr = client.exec_command(com)
          return stdout.read()
+        client.close()
+
+    def getOCKey(self):
+        remotekey = self.args[0]
+        localkey = self.args[1]
+        client = paramiko.SSHClient()
+        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        try:
+            client.connect(INSTALLER_IP, port=22, username='stack')
+            sftp = client.open_sftp()
+            sftp.get(remotekey, localkey)
+        except paramiko.SSHException:
+            logger.error("Authentication failed for "
+                         "host: {0}".format(self.host))
+        except paramiko.AuthenticationException:
+            logger.error("Authentication failed for "
+                         "host: {0}".format(self.host))
+        except socket.error:
+            logger.error("Socker Connection failed for "
+                         "undercloud host: {0}".format(self.host))
+        client.close()
  
  
  class connectionManager:
-    def __init__(self, host, port, user, user_key, *args):
+    def __init__(self, host, port, user, localkey, *args):
          self.host = host
          self.port = port
          self.user = user
-        self.user_key = user_key
+        self.localkey = localkey
          self.args = args
  
      def remotescript(self):
@@ -88,7 +105,7 @@ class connectionManager:
          # Tunnel to overcloud
          try:
              remote_client.connect('127.0.0.1', port=22, username=self.user,
-                                  key_filename=self.user_key, sock=channel)
+                                  key_filename=self.localkey, sock=channel)
              sftp = remote_client.open_sftp()
              sftp.put(localpath, remotepath)
          except paramiko.SSHException:
@@ -142,7 +159,7 @@ class connectionManager:
          # Tunnel to overcloud
          try:
              remote_client.connect('127.0.0.1', port=22, username=self.user,
-                                  key_filename=self.user_key, sock=channel)
+                                  key_filename=self.localkey, sock=channel)
          except paramiko.SSHException:
              logger.error("Authentication failed for "
                           "host: {0}".format(self.host))
@@ -192,7 +209,7 @@ class connectionManager:
          # Tunnel to overcloud
          try:
              remote_client.connect('127.0.0.1', port=22, username=self.user,
-                                  key_filename=self.user_key, sock=channel)
+                                  key_filename=self.localkey, sock=channel)
          except paramiko.SSHException:
              logger.error("Authentication failed for "
                           "host: {0}".format(self.host))
@@ -204,9 +221,9 @@ class connectionManager:
                           "undercloud host: {0}".format(self.host))
          # Download the reports
          sftp = remote_client.open_sftp()
-        logger.info("Downloading \"{0}\"...\n".format(reportname))
+        logger.info("Downloading \"{0}\"...".format(reportname))
          sftp.get(reportfile, ('{0}/{1}'.format(dl_folder, reportname)))
-        logger.info("Downloading \"{0}\"...\n".format(resultsname))
+        logger.info("Downloading \"{0}\"...".format(resultsname))
          sftp.get(reportfile, ('{0}/{1}'.format(dl_folder, resultsname)))
          sftp.close()
          transport.close()
diff --git a/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini b/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini

index cd5d4d2..9d12fa2 100644 (file)
--- a/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini
+++ b/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini
@@ -1,7 +1,12 @@
+[undercloud]
+port = 22
+user = stack
+remotekey = /home/stack/.ssh/id_rsa
+localkey = /home/opnfv/.ssh/overCloudKey
+
  [controller]
  port = 22
  user = heat-admin
-user_key = /root/.ssh/stackkey
  scantype = xccdf
  secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
  cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
@@ -14,7 +19,6 @@ clean = True
  [compute]
  port = 22
  user = heat-admin
-user_key = /root/.ssh/stackkey
  scantype = xccdf
  secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
  cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
diff --git a/testcases/security_scan/examples/xccdf-standard.ini b/testcases/security_scan/examples/xccdf-standard.ini

index 440b23c..992ca7e 100644 (file)
--- a/testcases/security_scan/examples/xccdf-standard.ini
+++ b/testcases/security_scan/examples/xccdf-standard.ini
@@ -1,7 +1,12 @@
+[undercloud]
+port = 22
+user = stack
+remotekey = /home/stack/.ssh/id_rsa
+localkey = /home/opnfv/.ssh/overCloudKey
+
  [controller]
  port = 22
  user = heat-admin
-user_key = /root/.ssh/stackkey
  scantype = xccdf
  secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
  cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
@@ -14,7 +19,6 @@ clean = True
  [compute]
  port = 22
  user = heat-admin
-user_key = /root/.ssh/stackkey
  scantype = xccdf
  secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
  cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
diff --git a/testcases/security_scan/security_scan.py b/testcases/security_scan/security_scan.py

index 25b5b29..9803dd3 100644 (file)
--- a/testcases/security_scan/security_scan.py
+++ b/testcases/security_scan/security_scan.py
@@ -22,8 +22,6 @@ from keystoneclient.auth.identity import v2
  from keystoneclient import session
  from novaclient import client
  
-import functest.utils.functest_logger as ft_logger
-
  __version__ = 0.1
  __author__ = 'Luke Hinds (lhinds@redhat.com)'
  __url__ = 'https://wiki.opnfv.org/display/functest/Functest+Security'
@@ -32,52 +30,54 @@ __url__ = 'https://wiki.opnfv.org/display/functest/Functest+Security'
  INSTALLER_IP = os.getenv('INSTALLER_IP')
  oscapbin = 'sudo /bin/oscap'
  
-# Configure Nova Credentials
-com = 'sudo hiera admin_password'
-connect = connect.novaManager(com)
-keypass = connect.keystonepass()
-auth = v2.Password(auth_url='http://{0}:5000/v2.0'.format(INSTALLER_IP),
-                   username='admin',
-                   password=str(keypass).rstrip(),
-                   tenant_name='admin')
-sess = session.Session(auth=auth)
-nova = client.Client(2, session=sess)
-
-
  # args
  parser = argparse.ArgumentParser(description='OPNFV OpenSCAP Scanner')
  parser.add_argument('--config', action='store', dest='cfgfile',
                      help='Config file', required=True)
  args = parser.parse_args()
  
-# functest logger
-logger = ft_logger.Logger("security_scan").getLogger()
-
  # Config Parser
  cfgparse = SafeConfigParser()
  cfgparse.read(args.cfgfile)
  
+#  Grab Undercloud key
+remotekey = cfgparse.get('undercloud', 'remotekey')
+localkey = cfgparse.get('undercloud', 'localkey')
+setup = connect.setup(remotekey, localkey)
+setup.getOCKey()
+
+
+# Configure Nova Credentials
+com = 'sudo hiera admin_password'
+setup = connect.setup(com)
+keypass = setup.keystonepass()
+auth = v2.Password(auth_url='http://{0}:5000/v2.0'.format(INSTALLER_IP),
+                   username='admin',
+                   password=str(keypass).rstrip(),
+                   tenant_name='admin')
+sess = session.Session(auth=auth)
+nova = client.Client(2, session=sess)
+
  
  def run_tests(host, nodetype):
-    port = cfgparse.get(nodetype, 'port')
      user = cfgparse.get(nodetype, 'user')
-    user_key = cfgparse.get(nodetype, 'user_key')
-    logger.info("Host: {0} Selected Profile: {1}").format(host, nodetype)
-    logger.info("Creating temp file structure..")
-    createfiles(host, port, user, user_key)
-    logger.info("Installing OpenSCAP...")
-    install_pkg(host, port, user, user_key)
-    logger.info("Running scan...")
-    run_scanner(host, port, user, user_key, nodetype)
+    port = cfgparse.get(nodetype, 'port')
+    connect.logger.info("Host: {0} Selected Profile: {1}".format(host, nodetype))
+    connect.logger.info("Creating temp file structure..")
+    createfiles(host, port, user, localkey)
+    connect.logger.info("Installing OpenSCAP...")
+    install_pkg(host, port, user, localkey)
+    connect.logger.info("Running scan...")
+    run_scanner(host, port, user, localkey, nodetype)
      clean = cfgparse.get(nodetype, 'clean')
-    logger.info("Post installation tasks....")
-    post_tasks(host, port, user, user_key, nodetype)
+    connect.logger.info("Post installation tasks....")
+    post_tasks(host, port, user, localkey, nodetype)
      if clean:
-        logger.info("Cleaning down environment....")
-        logger.info("Removing OpenSCAP....")
-        removepkg(host, port, user, user_key, nodetype)
-        logger.info("Deleting tmp file and reports (remote)...")
-        cleandir(host, port, user, user_key, nodetype)
+        connect.logger.info("Cleaning down environment....")
+        connect.logger.info("Removing OpenSCAP....")
+        removepkg(host, port, user, localkey, nodetype)
+        connect.logger.info("Deleting tmp file and reports (remote)...")
+        cleandir(host, port, user, localkey, nodetype)
  
  
  def nova_iterate():
@@ -96,25 +96,25 @@ def nova_iterate():
                  run_tests(host, nodetype)
  
  
-def createfiles(host, port, user, user_key):
+def createfiles(host, port, user, localkey):
      import connect
      global tmpdir
      localpath = os.getcwd() + '/scripts/createfiles.py'
      remotepath = '/tmp/createfiles.py'
      com = 'python /tmp/createfiles.py'
-    connect = connect.connectionManager(host, port, user, user_key,
+    connect = connect.connectionManager(host, port, user, localkey,
                                          localpath, remotepath, com)
      tmpdir = connect.remotescript()
  
  
-def install_pkg(host, port, user, user_key):
+def install_pkg(host, port, user, localkey):
      import connect
      com = 'sudo yum -y install openscap-scanner scap-security-guide'
-    connect = connect.connectionManager(host, port, user, user_key, com)
+    connect = connect.connectionManager(host, port, user, localkey, com)
      connect.remotecmd()
  
  
-def run_scanner(host, port, user, user_key, nodetype):
+def run_scanner(host, port, user, localkey, nodetype):
      import connect
      scantype = cfgparse.get(nodetype, 'scantype')
      profile = cfgparse.get(nodetype, 'profile')
@@ -132,47 +132,47 @@ def run_scanner(host, port, user, user_key, nodetype):
                                                         report,
                                                         cpe,
                                                         secpolicy)
-        connect = connect.connectionManager(host, port, user, user_key, com)
+        connect = connect.connectionManager(host, port, user, localkey, com)
          connect.remotecmd()
      elif scantype == 'oval':
          com = '{0} oval eval --results {1}/{2} '
          '--report {1}/{3} {4}'.format(oscapbin, tmpdir.rstrip(),
                                        results, report, secpolicy)
-        connect = connect.connectionManager(host, port, user, user_key, com)
+        connect = connect.connectionManager(host, port, user, localkey, com)
          connect.remotecmd()
      else:
          com = '{0} oval-collect '.format(oscapbin)
-        connect = connect.connectionManager(host, port, user, user_key, com)
+        connect = connect.connectionManager(host, port, user, localkey, com)
          connect.remotecmd()
  
  
-def post_tasks(host, port, user, user_key, nodetype):
+def post_tasks(host, port, user, localkey, nodetype):
      import connect
      # Create the download folder for functest dashboard and download reports
      reports_dir = cfgparse.get(nodetype, 'reports_dir')
      dl_folder = os.path.join(reports_dir, host + "_" +
                               datetime.datetime.
                               now().strftime('%Y-%m-%d_%H-%M-%S'))
-    os.makesdir(dl_folder, 0755)
+    os.makedirs(dl_folder, 0755)
      report = cfgparse.get(nodetype, 'report')
      results = cfgparse.get(nodetype, 'results')
      reportfile = '{0}/{1}'.format(tmpdir.rstrip(), report)
-    connect = connect.connectionManager(host, port, user, user_key, dl_folder,
+    connect = connect.connectionManager(host, port, user, localkey, dl_folder,
                                          reportfile, report, results)
      connect.download_reports()
  
  
-def removepkg(host, port, user, user_key, nodetype):
+def removepkg(host, port, user, localkey, nodetype):
      import connect
      com = 'sudo yum -y remove openscap-scanner scap-security-guide'
-    connect = connect.connectionManager(host, port, user, user_key, com)
+    connect = connect.connectionManager(host, port, user, localkey, com)
      connect.remotecmd()
  
  
-def cleandir(host, port, user, user_key, nodetype):
+def cleandir(host, port, user, localkey, nodetype):
      import connect
      com = 'sudo rm -r {0}'.format(tmpdir.rstrip())
-    connect = connect.connectionManager(host, port, user, user_key, com)
+    connect = connect.connectionManager(host, port, user, localkey, com)
      connect.remotecmd()
author	Morgan Richomme <morgan.richomme@orange.com>
	Mon, 13 Jun 2016 07:25:51 +0000 (07:25 +0000)
committer	Gerrit Code Review <gerrit@172.30.200.206>
	Mon, 13 Jun 2016 07:25:51 +0000 (07:25 +0000)
testcases/security_scan/config.ini		patch \| blob \| history
testcases/security_scan/connect.py		patch \| blob \| history
testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini		patch \| blob \| history
testcases/security_scan/examples/xccdf-standard.ini		patch \| blob \| history
testcases/security_scan/security_scan.py		patch \| blob \| history