def email(self, virtue_ip, key_path, appIds): if not os.path.exists(os.path.join("/mnt/ost", self.username)): try: ret = subprocess.check_call("sudo mkdir -p /mnt/ost/{}".format( self.username), shell=True) assert ret == 0 ret = subprocess.check_call( "sudo chown nobody:nogroup /mnt/ost/{}".format( self.username), shell=True) assert ret == 0 except Exception as e: print("Failed to create ost user directory with error: {}". format(e)) return try: ssh = ssh_tool('virtue', virtue_ip, key_path) ssh.ssh('sudo mkdir /ost') ssh.ssh(('sudo mount -t nfs excalibur.galahad.com:/mnt/ost/{}' ' /ost').format(self.username)) except Exception as e: print("Failed to mount ost NFS directory on virtue with error: {}". format(e))
def remove_drive(self, virtue_ip, key_path, appIds): for appId in appIds: try: ssh = ssh_tool('virtue', virtue_ip, key_path) ssh.ssh('sudo umount /home/virtue/{}'.format(appId)) except Exception as e: print("Failed to unmount shared drive on virtue with error: {}".format(e))
def __setup_virtue(): global virtue_id global virtue_ssh global new_virtue global role_id virtue_ip = None # Read the Virtue IP and ID from a file (if they have been provided) if os.path.isfile('virtue_ip') and os.path.isfile('virtue_id'): new_virtue = False with open('virtue_ip', 'r') as infile: virtue_ip = infile.read().strip() with open('virtue_id', 'r') as infile: virtue_id = infile.read().strip() # Otherwise, create a new Virtue else: new_virtue = True role = integration_common.create_new_role('SecurityTestRole') virtue = integration_common.create_new_virtue('slapd', role['id']) virtue_ip = virtue['ipAddress'] virtue_id = virtue['id'] role_id = virtue['roleId'] assert virtue_ip is not None virtue_ssh = ssh_tool('virtue', virtue_ip, sshkey=KEY_PATH) # Check that the virtue is ready and reachable via ssh assert virtue_ssh.check_access()
def virtue_application_stop(self, username, virtueId, applicationId, use_ssh=True): try: virtue = self.inst.get_obj('cid', virtueId, 'OpenLDAPvirtue', True) if (virtue == ()): return json.dumps(ErrorCodes.user['invalidVirtueId']) ldap_tools.parse_ldap(virtue) if (virtue['username'] != username): return json.dumps(ErrorCodes.user['userNotAuthorized']) if ('RUNNING' not in virtue['state'] and use_ssh): return json.dumps(ErrorCodes.user['virtueNotRunning']) app = self.inst.get_obj('cid', applicationId, 'OpenLDAPapplication', True) if (app == ()): return json.dumps(ErrorCodes.user['invalidApplicationId']) ldap_tools.parse_ldap(app) role = self.inst.get_obj('cid', virtue['roleId'], 'OpenLDAProle') if (role == None or role == ()): return json.dumps(ErrorCodes.user['unspecifiedError']) ldap_tools.parse_ldap(role) if (app['id'] not in role['applicationIds']): return json.dumps(ErrorCodes.user['applicationNotInVirtue']) if (app['id'] not in virtue['applicationIds']): return json.dumps(ErrorCodes.user['applicationAlreadyStopped']) if (use_ssh): ssh = ssh_tool('virtue', virtue['ipAddress'], '{0}/user-keys/{1}.pem'.format( os.environ['HOME'], username)) docker_exit = ssh.ssh(('sudo docker stop $(sudo docker ps -af ' 'name="{0}" -q)').format(app['id']), test=False) if (docker_exit != 0): return json.dumps(ErrorCodes.user['serverStopError']) virtue['applicationIds'].remove(applicationId) del virtue['state'] del virtue['ipAddress'] ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue') assert 0 == self.inst.modify_obj('cid', virtue['id'], ldap_virtue, objectClass='OpenLDAPvirtue', throw_error=True) return json.dumps(ErrorCodes.user['success']) except: print('Error:\n{0}'.format(traceback.format_exc())) return json.dumps(ErrorCodes.user['unspecifiedError'])
def virtue_stop(self, username, virtueId, use_valor=True): try: virtue = self.inst.get_obj('cid', virtueId, 'OpenLDAPvirtue', True) if (virtue == ()): return json.dumps(ErrorCodes.user['invalidId']) ldap_tools.parse_ldap(virtue) if (virtue['username'] != username): return json.dumps(ErrorCodes.user['userNotAuthorized']) if (virtue['state'] == 'STOPPED'): return json.dumps(ErrorCodes.user['virtueAlreadyStopped']) elif ('RUNNING' not in virtue['state']): return json.dumps( ErrorCodes.user['virtueStateCannotBeStopped']) try: if (use_valor): if len(virtue['resourceIds']) is not 0: role = self.inst.get_obj('cid', virtue['roleId'], 'openLDAProle') ldap_tools.parse_ldap(role) for res in virtue['resourceIds']: resource = self.inst.get_obj('cid', res, 'openLDAPresource') ldap_tools.parse_ldap(resource) resource_manager = ResourceManager(username, resource) call = 'remove_' + resource['type'].lower() getattr(resource_manager, call)( virtue['ipAddress'], os.environ['HOME'] + '/user-keys/default-virtue-key.pem', role['applicationIds']) ssh = ssh_tool('virtue', virtue['ipAddress'], os.environ['HOME'] + \ '/user-keys/default-virtue-key.pem') ssh.ssh('sudo rm /tmp/krb5cc_0') rdb_manager = RethinkDbManager() rdb_manager.remove_virtue(virtue['id']) except AssertionError: return json.dumps(ErrorCodes.user['serverStopError']) except: print('Error:\n{}'.format(traceback.format_exc())) return json.dumps(ErrorCodes.user['unspecifiedError']) else: virtue['state'] = 'STOPPED' ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue') self.inst.modify_obj( 'cid', virtue['id'], ldap_virtue, objectClass='OpenLDAPvirtue', throw_error=True) return json.dumps(ErrorCodes.user['success']) except: print('Error:\n{0}'.format(traceback.format_exc())) return json.dumps(ErrorCodes.user['unspecifiedError'])
def setup_module(): global settings global session global base_url global inst global aggregator_ssh with open('test_config.json', 'r') as infile: settings = json.load(infile) with open('../aws_instance_info.json', 'r') as infile: tmp = json.load(infile) settings['subnet'] = tmp['subnet_id'] settings['sec_group'] = tmp['sec_group'] ip = EXCALIBUR_HOSTNAME + ':' + settings['port'] aggregator_ip = AGGREGATOR_HOSTNAME inst = LDAP('', '') dn = 'cn=admin,dc=canvas,dc=virtue,dc=com' inst.get_ldap_connection() inst.conn.simple_bind_s(dn, 'Test123!') redirect = settings['redirect'].format(ip) sso = sso_tool(ip) assert sso.login(settings['user'], settings['password']) client_id = sso.get_app_client_id(settings['app_name']) if (client_id == None): client_id = sso.create_app(settings['app_name'], redirect) assert client_id code = sso.get_oauth_code(client_id, redirect) assert code token = sso.get_oauth_token(client_id, code, redirect) assert 'access_token' in token session = requests.Session() session.headers = { 'Authorization': 'Bearer {0}'.format(token['access_token']) } session.verify = settings['verify'] base_url = 'https://{0}/virtue/admin'.format(ip) subprocess.call(['sudo', 'mkdir', '-p', '/mnt/efs/images/tests']) subprocess.check_call([ 'sudo', 'rsync', '/mnt/efs/images/unities/8GB.img', '/mnt/efs/images/tests/8GB.img' ]) aggregator_ssh = ssh_tool('ubuntu', aggregator_ip, sshkey='~/user-keys/default-virtue-key.pem')
def connect_with_ssh(self): self.client = ssh_tool('ubuntu', self.ip_address, sshkey=os.environ['HOME'] + '/user-keys/default-virtue-key.pem') if not self.client.check_access(): print('ERROR: Failed to connect to valor with IP {} using SSH'. format(self.ip_address)) raise Exception( 'ERROR: Failed to connect to valor with IP {} using SSH'. format(self.ip_address))
def drive(self, virtue_ip, key_path, appIds): # map resource # map to different directory than /home/virtue - causing key error print("drive") for appId in appIds: try: ssh = ssh_tool('virtue', virtue_ip, key_path) ssh.ssh(('sudo mount.cifs {} /home/virtue/{}' ' -o sec=krb5,user=VIRTUE\{}').format( self.resource['unc'], appId, self.username)) except Exception as e: print("Failed to mount shared drive on virtue with error: {}". format(e))
def setup_module(): global virtue_ssh global virtue_id global aggregator_ssh global session global security_url session, admin_url, security_url, user_url = integration_common.create_session( ) virtue_id = None virtue_ssh = None aggregator_ssh = ssh_tool('ubuntu', AGGREGATOR_HOSTNAME, sshkey=KEY_PATH)
def remove_email(self, virtue_ip, key_path, appIds): ssh = ssh_tool('virtue', virtue_ip, key_path) ssh.ssh('sudo umount /ost') ssh.ssh('sudo rm -r /ost')
logger.warn( '\nWarning: a new Virtue will be created\n') if args.virtue_id != None: virtue_id = args.virtue_id else: logger.warn( '\nWarning: a new Virtue will be created\n') elif args.test_type == 'unit': pass else: logger.error( '\nERROR: Invalid Test type specified - Please specify "integration" or "unit"\n') sys.exit() ssh_inst = ssh_tool('ubuntu', deploy_server_ip, sshkey=args.sshkey) # Run the specified Test command try: if args.list_tests: ssh_inst.ssh( 'cd galahad/tests && python {0}.py -i ~/user-keys/starlab-virtue-te.pem --list_tests'.format( args.test_type)) if args.run_test: ssh_inst.ssh( 'cd galahad/tests && python {0}.py -i ~/user-keys/starlab-virtue-te.pem --run_test {1}'.format( args.test_type, args.run_test)) if args.run_all_tests: ssh_inst.ssh('cd galahad/tests && python {0}.py -i ~/user-keys/starlab-virtue-te.pem ' '--run_all_tests'.format(args.test_type))
def virtue_application_launch(self, username, virtueId, applicationId, use_ssh=True): try: virtue = self.inst.get_obj('cid', virtueId, 'OpenLDAPvirtue', True) if (virtue == ()): return json.dumps(ErrorCodes.user['invalidVirtueId']) ldap_tools.parse_ldap(virtue) if (virtue['username'] != username): return json.dumps(ErrorCodes.user['userNotAuthorized']) if ('RUNNING' not in virtue['state'] and use_ssh): return json.dumps(ErrorCodes.user['virtueNotRunning']) app = self.inst.get_obj('cid', applicationId, 'OpenLDAPapplication', True) if (app == ()): return json.dumps(ErrorCodes.user['invalidApplicationId']) ldap_tools.parse_ldap(app) role = self.inst.get_obj('cid', virtue['roleId'], 'OpenLDAProle') if (role == None or role == ()): return json.dumps(ErrorCodes.user['unspecifiedError']) ldap_tools.parse_ldap(role) if (app['id'] not in role['applicationIds']): return json.dumps(ErrorCodes.user['applicationNotInVirtue']) if (app['id'] in virtue['applicationIds']): return json.dumps( ErrorCodes.user['applicationAlreadyLaunched']) if (use_ssh): ssh = ssh_tool('virtue', virtue['ipAddress'], '{0}/user-keys/{1}.pem'.format( os.environ['HOME'], username)) start_docker_container = ('sudo docker start $(sudo docker ps' + ' -af name="{0}" -q)').format( app['id']) # Copy the network Rules file. copy_network_rules = ( 'sudo docker cp /etc/networkRules $(sudo docker ps -af' + ' name="{0}" -q):/etc/networkRules').format(app['id']) ssh.ssh(copy_network_rules) # Copy the authorized keys file auth_keys_path = '/home/virtue/.ssh/authorized_keys' copy_authorized_keys_cmd = ( 'sudo docker cp {0}' ' {1}:{0}').format(auth_keys_path, app['id']) ssh.ssh(copy_authorized_keys_cmd) docker_exit = ssh.ssh(start_docker_container, test=False, silent=True) if (docker_exit != 0): # This is an issue with docker where if the docker daemon exits # uncleanly then a system file is locked and docker start fails # with the error: # Error response from daemon: id already in use # Error: failed to start containers: # The current workaround is to issue the docker start command # twice. Tne first time it fails with the above error and the # second time it succeeds. docker_exit = ssh.ssh(start_docker_container, test=False) if (docker_exit != 0): print( "Docker start command for launching application {} Failed".format( app['id'])) return json.dumps(ErrorCodes.user['serverLaunchError']) docker_chown_cmd = ( 'sudo docker exec {0}' ' chown virtue:virtue {1}').format( app['id'], auth_keys_path) ssh.ssh(docker_chown_cmd) docker_chmod_cmd = ( 'sudo docker exec {0}' ' which chmod 600 {1}').format(app['id'], auth_keys_path) ssh.ssh(docker_chmod_cmd) virtue['applicationIds'].append(applicationId) del virtue['state'] del virtue['ipAddress'] ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue') assert 0 == self.inst.modify_obj('cid', virtue['id'], ldap_virtue, objectClass='OpenLDAPvirtue', throw_error=True) return json.dumps(ErrorCodes.user['success']) except: print('Error:\n{0}'.format(traceback.format_exc())) return json.dumps(ErrorCodes.user['unspecifiedError'])
def virtue_launch(self, username, virtueId, use_valor=True): try: virtue = self.inst.get_obj('cid', virtueId, 'OpenLDAPvirtue', True) if (virtue == ()): return json.dumps(ErrorCodes.user['invalidId']) ldap_tools.parse_ldap(virtue) if (virtue['username'] != username): return json.dumps(ErrorCodes.user['userNotAuthorized']) if ('RUNNING' in virtue['state'] or virtue['state'] == 'LAUNCHING'): return json.dumps(ErrorCodes.user['virtueAlreadyLaunched']) elif (virtue['state'] != 'STOPPED'): return json.dumps( ErrorCodes.user['virtueStateCannotBeLaunched']) if (use_valor): valor_manager = ValorManager() valor = valor_manager.get_empty_valor() try: virtue['ipAddress'] = valor_manager.add_virtue( valor['address'], valor['valor_id'], virtue['id'], 'images/provisioned_virtues/' + virtue['id'] + '.img') except AssertionError: return json.dumps(ErrorCodes.user['virtueAlreadyLaunched']) virtue['state'] = 'LAUNCHING' ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue') self.inst.modify_obj('cid', virtue['id'], ldap_virtue, objectClass='OpenLDAPvirtue', throw_error=True) # wait until sshable success = False max_attempts = 5 # TODO: Remove this variable before merging into master see_no_evil = False if not use_valor: virtue['state'] = 'RUNNING' elif see_no_evil: virtue['state'] = 'RUNNING (Unverified)' else: for attempt_number in range(max_attempts): try: time.sleep(30) ssh = ssh_tool( 'virtue', virtue['ipAddress'], os.environ['HOME'] + '/user-keys/default-virtue-key.pem') ssh.ssh('echo test') print('Successfully connected to {}'.format( virtue['ipAddress'])) # KL --- add if resIDs not empty run: # Kerberos tgt setup for resource management if len(virtue['resourceIds']) is not 0: krb5cc_src = '/tmp/krb5cc_{}'.format(username) krb5cc_dest = '/tmp/krb5cc_0' ssh.scp_to(krb5cc_src, krb5cc_dest) role = self.inst.get_obj('cid', virtue['roleId'], 'openLDAProle') ldap_tools.parse_ldap(role) for res in virtue['resourceIds']: resource = self.inst.get_obj('cid', res, 'openLDAPresource') ldap_tools.parse_ldap(resource) resource_manager = ResourceManager(username, resource) getattr(resource_manager, resource['type'].lower())( virtue['ipAddress'], os.environ['HOME'] + '/user-keys/default-virtue-key.pem', role['applicationIds']) success = True break except Exception as e: print(e) print('Attempt {0} failed to connect').format(attempt_number+1) if (not success): valor_manager.rethinkdb_manager.remove_virtue(virtue['id']) virtue['state'] = 'STOPPED' ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue') self.inst.modify_obj( 'cid', virtue['id'], ldap_virtue, objectClass='OpenLDAPvirtue', throw_error=True) return json.dumps(ErrorCodes.user['serverLaunchError']) virtue['state'] = 'RUNNING' ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue') self.inst.modify_obj('cid', virtue['id'], ldap_virtue, objectClass='OpenLDAPvirtue', throw_error=True) return json.dumps(ErrorCodes.user['success']) except: print('Error:\n{0}'.format(traceback.format_exc())) return json.dumps(ErrorCodes.user['unspecifiedError'])
parser.add_argument( '--run_all_tests', action='store_true', help='Run All available unit Tests') arg = parser.parse_args() return arg if (__name__ == '__main__'): args = parse_args() ssh_inst = ssh_tool('ubuntu', EXCALIBUR_HOSTNAME, sshkey=args.sshkey) # Now Run the specified Test command if args.verbose: verbose_tag = '--verbose' else: verbose_tag = '' if args.profile: profile_tag = '--profile' else: profile_tag = '' try: