def email(self, virtue_ip, key_path, appIds):
if not os.path.exists(os.path.join("/mnt/ost", self.username)):
try:
ret = subprocess.check_call("sudo mkdir -p /mnt/ost/{}".format(
self.username),
shell=True)
assert ret == 0
ret = subprocess.check_call(
"sudo chown nobody:nogroup /mnt/ost/{}".format(
self.username),
shell=True)
assert ret == 0
except Exception as e:
print("Failed to create ost user directory with error: {}".
format(e))
return
try:
ssh = ssh_tool('virtue', virtue_ip, key_path)
ssh.ssh('sudo mkdir /ost')
ssh.ssh(('sudo mount -t nfs excalibur.galahad.com:/mnt/ost/{}'
' /ost').format(self.username))
except Exception as e:
print("Failed to mount ost NFS directory on virtue with error: {}".
format(e))
def remove_drive(self, virtue_ip, key_path, appIds):
for appId in appIds:
try:
ssh = ssh_tool('virtue', virtue_ip, key_path)
ssh.ssh('sudo umount /home/virtue/{}'.format(appId))
except Exception as e:
print("Failed to unmount shared drive on virtue with error: {}".format(e))
def __setup_virtue():
global virtue_id
global virtue_ssh
global new_virtue
global role_id
virtue_ip = None
# Read the Virtue IP and ID from a file (if they have been provided)
if os.path.isfile('virtue_ip') and os.path.isfile('virtue_id'):
new_virtue = False
with open('virtue_ip', 'r') as infile:
virtue_ip = infile.read().strip()
with open('virtue_id', 'r') as infile:
virtue_id = infile.read().strip()
# Otherwise, create a new Virtue
else:
new_virtue = True
role = integration_common.create_new_role('SecurityTestRole')
virtue = integration_common.create_new_virtue('slapd', role['id'])
virtue_ip = virtue['ipAddress']
virtue_id = virtue['id']
role_id = virtue['roleId']
assert virtue_ip is not None
virtue_ssh = ssh_tool('virtue', virtue_ip, sshkey=KEY_PATH)
# Check that the virtue is ready and reachable via ssh
assert virtue_ssh.check_access()
def virtue_application_stop(self, username, virtueId, applicationId, use_ssh=True):
try:
virtue = self.inst.get_obj('cid', virtueId, 'OpenLDAPvirtue', True)
if (virtue == ()):
return json.dumps(ErrorCodes.user['invalidVirtueId'])
ldap_tools.parse_ldap(virtue)
if (virtue['username'] != username):
return json.dumps(ErrorCodes.user['userNotAuthorized'])
if ('RUNNING' not in virtue['state'] and use_ssh):
return json.dumps(ErrorCodes.user['virtueNotRunning'])
app = self.inst.get_obj('cid', applicationId,
'OpenLDAPapplication', True)
if (app == ()):
return json.dumps(ErrorCodes.user['invalidApplicationId'])
ldap_tools.parse_ldap(app)
role = self.inst.get_obj('cid', virtue['roleId'], 'OpenLDAProle')
if (role == None or role == ()):
return json.dumps(ErrorCodes.user['unspecifiedError'])
ldap_tools.parse_ldap(role)
if (app['id'] not in role['applicationIds']):
return json.dumps(ErrorCodes.user['applicationNotInVirtue'])
if (app['id'] not in virtue['applicationIds']):
return json.dumps(ErrorCodes.user['applicationAlreadyStopped'])
if (use_ssh):
ssh = ssh_tool('virtue', virtue['ipAddress'],
'{0}/user-keys/{1}.pem'.format(
os.environ['HOME'], username))
docker_exit = ssh.ssh(('sudo docker stop $(sudo docker ps -af '
'name="{0}" -q)').format(app['id']),
test=False)
if (docker_exit != 0):
return json.dumps(ErrorCodes.user['serverStopError'])
virtue['applicationIds'].remove(applicationId)
del virtue['state']
del virtue['ipAddress']
ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue')
assert 0 == self.inst.modify_obj('cid', virtue['id'], ldap_virtue,
objectClass='OpenLDAPvirtue',
throw_error=True)
return json.dumps(ErrorCodes.user['success'])
except:
print('Error:\n{0}'.format(traceback.format_exc()))
return json.dumps(ErrorCodes.user['unspecifiedError'])
def virtue_stop(self, username, virtueId, use_valor=True):
try:
virtue = self.inst.get_obj('cid', virtueId, 'OpenLDAPvirtue', True)
if (virtue == ()):
return json.dumps(ErrorCodes.user['invalidId'])
ldap_tools.parse_ldap(virtue)
if (virtue['username'] != username):
return json.dumps(ErrorCodes.user['userNotAuthorized'])
if (virtue['state'] == 'STOPPED'):
return json.dumps(ErrorCodes.user['virtueAlreadyStopped'])
elif ('RUNNING' not in virtue['state']):
return json.dumps(
ErrorCodes.user['virtueStateCannotBeStopped'])
try:
if (use_valor):
if len(virtue['resourceIds']) is not 0:
role = self.inst.get_obj('cid', virtue['roleId'], 'openLDAProle')
ldap_tools.parse_ldap(role)
for res in virtue['resourceIds']:
resource = self.inst.get_obj('cid', res, 'openLDAPresource')
ldap_tools.parse_ldap(resource)
resource_manager = ResourceManager(username, resource)
call = 'remove_' + resource['type'].lower()
getattr(resource_manager, call)(
virtue['ipAddress'],
os.environ['HOME'] + '/user-keys/default-virtue-key.pem',
role['applicationIds'])
ssh = ssh_tool('virtue', virtue['ipAddress'],
os.environ['HOME'] + \
'/user-keys/default-virtue-key.pem')
ssh.ssh('sudo rm /tmp/krb5cc_0')
rdb_manager = RethinkDbManager()
rdb_manager.remove_virtue(virtue['id'])
except AssertionError:
return json.dumps(ErrorCodes.user['serverStopError'])
except:
print('Error:\n{}'.format(traceback.format_exc()))
return json.dumps(ErrorCodes.user['unspecifiedError'])
else:
virtue['state'] = 'STOPPED'
ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue')
self.inst.modify_obj(
'cid', virtue['id'], ldap_virtue,
objectClass='OpenLDAPvirtue', throw_error=True)
return json.dumps(ErrorCodes.user['success'])
except:
print('Error:\n{0}'.format(traceback.format_exc()))
return json.dumps(ErrorCodes.user['unspecifiedError'])
def setup_module():
global settings
global session
global base_url
global inst
global aggregator_ssh
with open('test_config.json', 'r') as infile:
settings = json.load(infile)
with open('../aws_instance_info.json', 'r') as infile:
tmp = json.load(infile)
settings['subnet'] = tmp['subnet_id']
settings['sec_group'] = tmp['sec_group']
ip = EXCALIBUR_HOSTNAME + ':' + settings['port']
aggregator_ip = AGGREGATOR_HOSTNAME
inst = LDAP('', '')
dn = 'cn=admin,dc=canvas,dc=virtue,dc=com'
inst.get_ldap_connection()
inst.conn.simple_bind_s(dn, 'Test123!')
redirect = settings['redirect'].format(ip)
sso = sso_tool(ip)
assert sso.login(settings['user'], settings['password'])
client_id = sso.get_app_client_id(settings['app_name'])
if (client_id == None):
client_id = sso.create_app(settings['app_name'], redirect)
assert client_id
code = sso.get_oauth_code(client_id, redirect)
assert code
token = sso.get_oauth_token(client_id, code, redirect)
assert 'access_token' in token
session = requests.Session()
session.headers = {
'Authorization': 'Bearer {0}'.format(token['access_token'])
}
session.verify = settings['verify']
base_url = 'https://{0}/virtue/admin'.format(ip)
subprocess.call(['sudo', 'mkdir', '-p', '/mnt/efs/images/tests'])
subprocess.check_call([
'sudo', 'rsync', '/mnt/efs/images/unities/8GB.img',
'/mnt/efs/images/tests/8GB.img'
])
aggregator_ssh = ssh_tool('ubuntu',
aggregator_ip,
sshkey='~/user-keys/default-virtue-key.pem')
def connect_with_ssh(self):
self.client = ssh_tool('ubuntu',
self.ip_address,
sshkey=os.environ['HOME'] +
'/user-keys/default-virtue-key.pem')
if not self.client.check_access():
print('ERROR: Failed to connect to valor with IP {} using SSH'.
format(self.ip_address))
raise Exception(
'ERROR: Failed to connect to valor with IP {} using SSH'.
format(self.ip_address))
def drive(self, virtue_ip, key_path, appIds):
# map resource
# map to different directory than /home/virtue - causing key error
print("drive")
for appId in appIds:
try:
ssh = ssh_tool('virtue', virtue_ip, key_path)
ssh.ssh(('sudo mount.cifs {} /home/virtue/{}'
' -o sec=krb5,user=VIRTUE\{}').format(
self.resource['unc'], appId, self.username))
except Exception as e:
print("Failed to mount shared drive on virtue with error: {}".
format(e))
def setup_module():
global virtue_ssh
global virtue_id
global aggregator_ssh
global session
global security_url
session, admin_url, security_url, user_url = integration_common.create_session(
)
virtue_id = None
virtue_ssh = None
aggregator_ssh = ssh_tool('ubuntu', AGGREGATOR_HOSTNAME, sshkey=KEY_PATH)
def remove_email(self, virtue_ip, key_path, appIds):
ssh = ssh_tool('virtue', virtue_ip, key_path)
ssh.ssh('sudo umount /ost')
ssh.ssh('sudo rm -r /ost')
logger.warn(
'\nWarning: a new Virtue will be created\n')
if args.virtue_id != None:
virtue_id = args.virtue_id
else:
logger.warn(
'\nWarning: a new Virtue will be created\n')
elif args.test_type == 'unit':
pass
else:
logger.error(
'\nERROR: Invalid Test type specified - Please specify "integration" or "unit"\n')
sys.exit()
ssh_inst = ssh_tool('ubuntu', deploy_server_ip, sshkey=args.sshkey)
# Run the specified Test command
try:
if args.list_tests:
ssh_inst.ssh(
'cd galahad/tests && python {0}.py -i ~/user-keys/starlab-virtue-te.pem --list_tests'.format(
args.test_type))
if args.run_test:
ssh_inst.ssh(
'cd galahad/tests && python {0}.py -i ~/user-keys/starlab-virtue-te.pem --run_test {1}'.format(
args.test_type, args.run_test))
if args.run_all_tests:
ssh_inst.ssh('cd galahad/tests && python {0}.py -i ~/user-keys/starlab-virtue-te.pem '
'--run_all_tests'.format(args.test_type))
def virtue_application_launch(self, username, virtueId, applicationId, use_ssh=True):
try:
virtue = self.inst.get_obj('cid', virtueId, 'OpenLDAPvirtue', True)
if (virtue == ()):
return json.dumps(ErrorCodes.user['invalidVirtueId'])
ldap_tools.parse_ldap(virtue)
if (virtue['username'] != username):
return json.dumps(ErrorCodes.user['userNotAuthorized'])
if ('RUNNING' not in virtue['state'] and use_ssh):
return json.dumps(ErrorCodes.user['virtueNotRunning'])
app = self.inst.get_obj('cid', applicationId,
'OpenLDAPapplication', True)
if (app == ()):
return json.dumps(ErrorCodes.user['invalidApplicationId'])
ldap_tools.parse_ldap(app)
role = self.inst.get_obj('cid', virtue['roleId'], 'OpenLDAProle')
if (role == None or role == ()):
return json.dumps(ErrorCodes.user['unspecifiedError'])
ldap_tools.parse_ldap(role)
if (app['id'] not in role['applicationIds']):
return json.dumps(ErrorCodes.user['applicationNotInVirtue'])
if (app['id'] in virtue['applicationIds']):
return json.dumps(
ErrorCodes.user['applicationAlreadyLaunched'])
if (use_ssh):
ssh = ssh_tool('virtue', virtue['ipAddress'],
'{0}/user-keys/{1}.pem'.format(
os.environ['HOME'], username))
start_docker_container = ('sudo docker start $(sudo docker ps' +
' -af name="{0}" -q)').format(
app['id'])
# Copy the network Rules file.
copy_network_rules = (
'sudo docker cp /etc/networkRules $(sudo docker ps -af' +
' name="{0}" -q):/etc/networkRules').format(app['id'])
ssh.ssh(copy_network_rules)
# Copy the authorized keys file
auth_keys_path = '/home/virtue/.ssh/authorized_keys'
copy_authorized_keys_cmd = (
'sudo docker cp {0}'
' {1}:{0}').format(auth_keys_path, app['id'])
ssh.ssh(copy_authorized_keys_cmd)
docker_exit = ssh.ssh(start_docker_container,
test=False, silent=True)
if (docker_exit != 0):
# This is an issue with docker where if the docker daemon exits
# uncleanly then a system file is locked and docker start fails
# with the error:
# Error response from daemon: id already in use
# Error: failed to start containers:
# The current workaround is to issue the docker start command
# twice. Tne first time it fails with the above error and the
# second time it succeeds.
docker_exit = ssh.ssh(start_docker_container, test=False)
if (docker_exit != 0):
print(
"Docker start command for launching application {} Failed".format(
app['id']))
return json.dumps(ErrorCodes.user['serverLaunchError'])
docker_chown_cmd = (
'sudo docker exec {0}'
' chown virtue:virtue {1}').format(
app['id'], auth_keys_path)
ssh.ssh(docker_chown_cmd)
docker_chmod_cmd = (
'sudo docker exec {0}'
' which chmod 600 {1}').format(app['id'], auth_keys_path)
ssh.ssh(docker_chmod_cmd)
virtue['applicationIds'].append(applicationId)
del virtue['state']
del virtue['ipAddress']
ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue')
assert 0 == self.inst.modify_obj('cid', virtue['id'], ldap_virtue,
objectClass='OpenLDAPvirtue',
throw_error=True)
return json.dumps(ErrorCodes.user['success'])
except:
print('Error:\n{0}'.format(traceback.format_exc()))
return json.dumps(ErrorCodes.user['unspecifiedError'])
def virtue_launch(self, username, virtueId, use_valor=True):
try:
virtue = self.inst.get_obj('cid', virtueId, 'OpenLDAPvirtue', True)
if (virtue == ()):
return json.dumps(ErrorCodes.user['invalidId'])
ldap_tools.parse_ldap(virtue)
if (virtue['username'] != username):
return json.dumps(ErrorCodes.user['userNotAuthorized'])
if ('RUNNING' in virtue['state']
or virtue['state'] == 'LAUNCHING'):
return json.dumps(ErrorCodes.user['virtueAlreadyLaunched'])
elif (virtue['state'] != 'STOPPED'):
return json.dumps(
ErrorCodes.user['virtueStateCannotBeLaunched'])
if (use_valor):
valor_manager = ValorManager()
valor = valor_manager.get_empty_valor()
try:
virtue['ipAddress'] = valor_manager.add_virtue(
valor['address'],
valor['valor_id'],
virtue['id'],
'images/provisioned_virtues/' + virtue['id'] + '.img')
except AssertionError:
return json.dumps(ErrorCodes.user['virtueAlreadyLaunched'])
virtue['state'] = 'LAUNCHING'
ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue')
self.inst.modify_obj('cid', virtue['id'], ldap_virtue,
objectClass='OpenLDAPvirtue', throw_error=True)
# wait until sshable
success = False
max_attempts = 5
# TODO: Remove this variable before merging into master
see_no_evil = False
if not use_valor:
virtue['state'] = 'RUNNING'
elif see_no_evil:
virtue['state'] = 'RUNNING (Unverified)'
else:
for attempt_number in range(max_attempts):
try:
time.sleep(30)
ssh = ssh_tool(
'virtue', virtue['ipAddress'],
os.environ['HOME'] + '/user-keys/default-virtue-key.pem')
ssh.ssh('echo test')
print('Successfully connected to {}'.format(
virtue['ipAddress']))
# KL --- add if resIDs not empty run:
# Kerberos tgt setup for resource management
if len(virtue['resourceIds']) is not 0:
krb5cc_src = '/tmp/krb5cc_{}'.format(username)
krb5cc_dest = '/tmp/krb5cc_0'
ssh.scp_to(krb5cc_src, krb5cc_dest)
role = self.inst.get_obj('cid', virtue['roleId'], 'openLDAProle')
ldap_tools.parse_ldap(role)
for res in virtue['resourceIds']:
resource = self.inst.get_obj('cid', res, 'openLDAPresource')
ldap_tools.parse_ldap(resource)
resource_manager = ResourceManager(username, resource)
getattr(resource_manager, resource['type'].lower())(
virtue['ipAddress'],
os.environ['HOME'] + '/user-keys/default-virtue-key.pem',
role['applicationIds'])
success = True
break
except Exception as e:
print(e)
print('Attempt {0} failed to connect').format(attempt_number+1)
if (not success):
valor_manager.rethinkdb_manager.remove_virtue(virtue['id'])
virtue['state'] = 'STOPPED'
ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue')
self.inst.modify_obj(
'cid', virtue['id'], ldap_virtue,
objectClass='OpenLDAPvirtue', throw_error=True)
return json.dumps(ErrorCodes.user['serverLaunchError'])
virtue['state'] = 'RUNNING'
ldap_virtue = ldap_tools.to_ldap(virtue, 'OpenLDAPvirtue')
self.inst.modify_obj('cid', virtue['id'], ldap_virtue,
objectClass='OpenLDAPvirtue', throw_error=True)
return json.dumps(ErrorCodes.user['success'])
except:
print('Error:\n{0}'.format(traceback.format_exc()))
return json.dumps(ErrorCodes.user['unspecifiedError'])
parser.add_argument(
'--run_all_tests',
action='store_true',
help='Run All available unit Tests')
arg = parser.parse_args()
return arg
if (__name__ == '__main__'):
args = parse_args()
ssh_inst = ssh_tool('ubuntu', EXCALIBUR_HOSTNAME, sshkey=args.sshkey)
# Now Run the specified Test command
if args.verbose:
verbose_tag = '--verbose'
else:
verbose_tag = ''
if args.profile:
profile_tag = '--profile'
else:
profile_tag = ''
try:
