def test_ssl(cfy, manager, module_tmpdir, attributes, ssh_key, logger):
    cert_path = join(module_tmpdir, '.cloudify', 'profiles',
                     manager.ip_address, 'public_rest_cert.crt')
    _generate_external_cert(manager, logger)
    _download_external_cert(manager, logger, local_cert_path=cert_path)

    cfy.profiles.set('-c', cert_path)

    assert 'SSL disabled' in cfy.ssl.status()
    current_profile = cfy.profiles.show()
    assert ' 80 ' in current_profile
    assert ' http ' in current_profile

    cfy.ssl.enable()
    cfy.profiles.set('--ssl', 'on', '--skip-credentials-validation')
    time.sleep(5)
    assert 'SSL enabled' in cfy.ssl.status()

    current_profile = cfy.profiles.show()
    assert ' 443 ' in current_profile
    assert ' https ' in current_profile

    _manager_client = manager.client
    ssl_client = CloudifyClient(username='******',
                                password='******',
                                host=manager.ip_address,
                                tenant='default_tenant',
                                protocol='https',
                                cert=cert_path)
    manager.client = ssl_client

    if not is_community():
        tenant_name = 'ssl_tenant'
        cfy.users.create('ssl_user', '-p', 'ssl_pass')
        cfy.tenants.create(tenant_name)

        cfy.tenants('add-user',
                    'ssl_user',
                    '-t',
                    tenant_name,
                    '-r',
                    DEFAULT_TENANT_ROLE)

    hello_world = centos_hello_world(cfy, manager, attributes, ssh_key,
                                     logger, module_tmpdir)

    hello_world.upload_and_verify_install()

    cfy.ssl.disable()
    cfy.profiles.set('--ssl', 'off', '--skip-credentials-validation')
    time.sleep(5)
    assert 'SSL disabled' in cfy.ssl.status()

    current_profile = cfy.profiles.show()
    assert ' 80 ' in current_profile
    assert ' http ' in current_profile

    manager.client = _manager_client
    hello_world.uninstall()
    hello_world.delete_deployment()
def test_cfy_manager_configure(manager, logger, tmpdir):
    logger.info('Putting code to get decrypted passwords on manager...')
    manager.put_remote_file_content(
        remote_path=GET_MQ_PASSWORDS_CODE_PATH,
        content=GET_MQ_PASSWORDS_CODE
    )

    logger.info('Getting current CA cert from the manager...')
    old_cert = manager.get_remote_file_content(REMOTE_CERT_PATH)

    tenants_to_check = [DEFAULT_TENANT_NAME]

    # Creating new tenants is a premium-only feature
    if not is_community():
        logger.info('Creating new tenant and '
                    'validating RMQ user was created...')
        manager.client.tenants.create(NEW_TENANT)
        tenants_to_check.append(NEW_TENANT)

    mq_passwords = _get_mq_passwords(manager)

    for tenant in tenants_to_check:
        assert 'rabbitmq_user_{0}'.format(tenant) in mq_passwords

    logger.info('Editing security config file on the manager...')
    _edit_security_config(manager)

    logger.info('Editing hooks.conf file on the manager...')
    manager.put_remote_file_content(REMOTE_HOOKS_PATH, NEW_HOOKS)

    logger.info('Running `cfy_manager configure`...')
    manager.run_command('cfy_manager configure')

    logger.info('Verifying certificates unchanged after configure...')
    new_cert = manager.get_remote_file_content(REMOTE_CERT_PATH)
    assert old_cert == new_cert

    logger.info('Validating security config file on the manager persists...')
    security_config = json.loads(
        manager.get_remote_file_content(REMOTE_CONF_PATH)
    )

    assert NEW_KEY in security_config
    assert security_config[NEW_KEY] == NEW_VALUE

    logger.info('Validating hooks.conf file unchanged after configure...')
    hooks_content = manager.get_remote_file_content(REMOTE_HOOKS_PATH)

    assert hooks_content == NEW_HOOKS

    logger.info('Validating MQ passwords unchanged after configure...')
    # We expect the command to fail if the password has changed or
    # if the any of the users weren't recreated in RMQ
    for mq_user, mq_password in mq_passwords.items():
        manager.run_command(
            AUTH_MQ_USER_CMD.format(user=mq_user, password=mq_password),
            use_sudo=True
        )
def test_ssl(cfy, manager, module_tmpdir, attributes, ssh_key, logger):
    cert_path = join(module_tmpdir, '.cloudify', 'profiles',
                     manager.ip_address, 'public_rest_cert.crt')
    _generate_external_cert(manager, logger)
    _download_external_cert(manager, logger, local_cert_path=cert_path)

    cfy.profiles.set('-c', cert_path)

    assert 'SSL disabled' in cfy.ssl.status()
    current_profile = cfy.profiles.show()
    assert ' 80 ' in current_profile
    assert ' http ' in current_profile

    cfy.ssl.enable()
    cfy.profiles.set('--ssl', 'on', '--skip-credentials-validation')
    time.sleep(5)
    assert 'SSL enabled' in cfy.ssl.status()

    current_profile = cfy.profiles.show()
    assert ' 443 ' in current_profile
    assert ' https ' in current_profile

    _manager_client = manager.client
    ssl_client = CloudifyClient(username='******',
                                password='******',
                                host=manager.ip_address,
                                tenant='default_tenant',
                                protocol='https',
                                cert=cert_path)
    manager.client = ssl_client

    if not is_community():
        tenant_name = 'ssl_tenant'
        cfy.users.create('ssl_user', '-p', 'ssl_pass')
        cfy.tenants.create(tenant_name)

        cfy.tenants('add-user', 'ssl_user', '-t', tenant_name, '-r',
                    DEFAULT_TENANT_ROLE)

    hello_world = centos_hello_world(cfy, manager, attributes, ssh_key, logger,
                                     module_tmpdir)

    hello_world.upload_and_verify_install()

    cfy.ssl.disable()
    cfy.profiles.set('--ssl', 'off', '--skip-credentials-validation')
    time.sleep(5)
    assert 'SSL disabled' in cfy.ssl.status()

    current_profile = cfy.profiles.show()
    assert ' 80 ' in current_profile
    assert ' http ' in current_profile

    manager.client = _manager_client
    hello_world.uninstall()
    hello_world.delete_deployment()
def test_cfy_manager_configure(manager, logger, tmpdir):
    logger.info('Putting code to get decrypted passwords on manager...')
    manager.put_remote_file_content(remote_path=GET_MQ_PASSWORDS_CODE_PATH,
                                    content=GET_MQ_PASSWORDS_CODE)

    logger.info('Getting current CA cert from the manager...')
    old_cert = manager.get_remote_file_content(REMOTE_CERT_PATH)

    tenants_to_check = [DEFAULT_TENANT_NAME]

    # Creating new tenants is a premium-only feature
    if not is_community():
        logger.info('Creating new tenant and '
                    'validating RMQ user was created...')
        manager.client.tenants.create(NEW_TENANT)
        tenants_to_check.append(NEW_TENANT)

    mq_passwords = _get_mq_passwords(manager)

    for tenant in tenants_to_check:
        assert 'rabbitmq_user_{0}'.format(tenant) in mq_passwords

    logger.info('Editing security config file on the manager...')
    _edit_security_config(manager)

    logger.info('Editing hooks.conf file on the manager...')
    manager.put_remote_file_content(REMOTE_HOOKS_PATH, NEW_HOOKS)

    logger.info('Running `cfy_manager configure`...')
    manager.run_command('cfy_manager configure')

    logger.info('Verifying certificates unchanged after configure...')
    new_cert = manager.get_remote_file_content(REMOTE_CERT_PATH)
    assert old_cert == new_cert

    logger.info('Validating security config file on the manager persists...')
    security_config = json.loads(
        manager.get_remote_file_content(REMOTE_CONF_PATH))

    assert NEW_KEY in security_config
    assert security_config[NEW_KEY] == NEW_VALUE

    logger.info('Validating hooks.conf file unchanged after configure...')
    hooks_content = manager.get_remote_file_content(REMOTE_HOOKS_PATH)

    assert hooks_content == NEW_HOOKS

    logger.info('Validating MQ passwords unchanged after configure...')
    # We expect the command to fail if the password has changed or
    # if the any of the users weren't recreated in RMQ
    for mq_user, mq_password in mq_passwords.items():
        manager.run_command(AUTH_MQ_USER_CMD.format(user=mq_user,
                                                    password=mq_password),
                            use_sudo=True)
Beispiel #5
0
def get_hello_worlds(cfy, manager, attributes, ssh_key, tmpdir, logger):
    if is_community():
        tenants = ['default_tenant']
    else:
        tenants = [
            prepare_and_get_test_tenant(name, manager, cfy)
            for name in ('hello1', 'hello2')
        ]
    hellos = []
    for tenant in tenants:
        hello = centos_hello_world(cfy, manager, attributes, ssh_key,
                                   logger, tmpdir, tenant, suffix=tenant)
        hellos.append(hello)
    return hellos
def upgrade_agents(cfy, manager, logger):
    logger.info('Upgrading agents')
    args = [] if is_community() else ['--all-tenants']
    cfy.agents.install(args)
def get_multi_tenant_versions_list():
    if is_community():
        # Community only works single tenanted
        return ()
    else:
        return MULTI_TENANT_MANAGERS
def manager_supports_users_in_snapshot_creation(manager):
    # You probably don't want to change this, unless somebody broke snapshots
    # for users in a recent manager version and we decided to release anyway
    return (manager.branch_name
            not in ('3.4.2', '4.0', '4.0.1', '4.1', '4.1.1')
            and not is_community())
Beispiel #9
0
import pytest
from cosmo_tester.framework.util import is_community

skip_community = pytest.mark.skipif(
    is_community(),
    reason='Cloudify Community version does not support clustering')
def upgrade_agents(cfy, manager, logger):
    logger.info('Upgrading agents')
    args = [] if is_community() else ['--all-tenants']
    cfy.agents.install(args)
def get_multi_tenant_versions_list():
    if is_community():
        # Community only works single tenanted
        return ()
    else:
        return MULTI_TENANT_MANAGERS
def manager_supports_users_in_snapshot_creation(manager):
    """Premium managers starting 4.2 support users in snapshot creation."""
    return not is_community()
    for i in range(number_of_deps):
        cluster = cluster_class(
            cfy, tier_2_manager, attributes,
            ssh_key, logger, tmpdir, suffix=resource_id
        )
        cluster.blueprint_id = '{0}_bp'.format(resource_id)
        cluster.deployment_id = '{0}_dep_{1}'.format(resource_id, i)
        cluster.blueprint_file = 'blueprint.yaml'
        clusters.append(cluster)

    return clusters


@pytest.mark.skipif(util.is_redhat(),
                    reason='MoM plugin is only available on Centos')
@pytest.mark.skipif(util.is_community(),
                    reason='Cloudify Community version does '
                           'not support clustering')
def test_tier_1_cluster_staged_upgrade(floating_ip_2_tier_1_clusters):
    """
    In this scenario the second cluster is created _alongside_ the first one
    with different floating IPs
    """
    first_cluster = floating_ip_2_tier_1_clusters[0]
    second_cluster = floating_ip_2_tier_1_clusters[1]

    first_cluster.deploy_and_validate()

    # Install hello world deployment on Tier 1 cluster
    first_cluster.execute_hello_world_workflow('install')
                                attributes,
                                ssh_key,
                                logger,
                                tmpdir,
                                suffix=resource_id)
        cluster.blueprint_id = '{0}_bp'.format(resource_id)
        cluster.deployment_id = '{0}_dep_{1}'.format(resource_id, i)
        cluster.blueprint_file = 'blueprint.yaml'
        clusters.append(cluster)

    return clusters


@pytest.mark.skipif(util.is_redhat(),
                    reason='MoM plugin is only available on Centos')
@pytest.mark.skipif(util.is_community(),
                    reason='Cloudify Community version does '
                    'not support clustering')
def test_tier_1_cluster_staged_upgrade(floating_ip_2_tier_1_clusters):
    """
    In this scenario the second cluster is created _alongside_ the first one
    with different floating IPs
    """
    first_cluster = floating_ip_2_tier_1_clusters[0]
    second_cluster = floating_ip_2_tier_1_clusters[1]

    first_cluster.deploy_and_validate()

    # Install hello world deployment on Tier 1 cluster
    first_cluster.execute_hello_world_workflow('install')