def test_tokens_expire(self, mock_get):
mock_get.return_value = None
# NOTE(danms): Get the faked InstanceMapping from the SingleCellSimple
# fixture so we can return it from our own mock to verify
# that it was called
fake_im = objects.InstanceMapping.get_by_instance_uuid(self.context,
'fake')
# Test that tokens expire correctly.
self.useFixture(test.TimeOverride())
token = u'mytok'
self.flags(token_ttl=1, group='consoleauth')
self._stub_validate_console_port(True)
self.manager_api.authorize_console(self.context, token, 'novnc',
'127.0.0.1', '8080', 'host',
self.instance_uuid)
with mock.patch('nova.objects.InstanceMapping.'
'get_by_instance_uuid') as mock_get:
mock_get.return_value = fake_im
self.assertIsNotNone(self.manager_api.check_token(self.context,
token))
timeutils.advance_time_seconds(1)
self.assertIsNone(self.manager_api.check_token(self.context,
token))
if not self.is_cells:
mock_get.assert_called_once_with(self.context,
self.instance_uuid)
def test_trusted_filter_update_cache(self, req_mock):
oat_data = {"hosts": [{"host_name": "node1",
"trust_lvl": "untrusted",
"vtime": utils.isotime()}]}
req_mock.return_value = requests.codes.OK, oat_data
extra_specs = {'trust:trusted_host': 'untrusted'}
filter_properties = {'context': mock.sentinel.ctx,
'instance_type': {'memory_mb': 1024,
'extra_specs': extra_specs}}
host = fakes.FakeHostState('host1', 'node1', {})
self.filt_cls.host_passes(host, filter_properties) # Fill the caches
req_mock.reset_mock()
self.filt_cls.host_passes(host, filter_properties)
self.assertFalse(req_mock.called)
req_mock.reset_mock()
timeutils.set_time_override(timeutils.utcnow())
timeutils.advance_time_seconds(
CONF.trusted_computing.attestation_auth_timeout + 80)
self.filt_cls.host_passes(host, filter_properties)
self.assertTrue(req_mock.called)
timeutils.clear_time_override()
def test_multiple_keys(self):
self._send_bad_attempts('test1', CONF.lockout_attempts)
self.assertTrue(self._is_locked_out('test1'))
self.assertFalse(self._is_locked_out('test2'))
timeutils.advance_time_seconds(CONF.lockout_minutes * 60)
self.assertFalse(self._is_locked_out('test1'))
self.assertFalse(self._is_locked_out('test2'))
def test_tokens_expire(self, mock_get):
mock_get.return_value = None
# NOTE(danms): Get the faked InstanceMapping from the SingleCellSimple
# fixture so we can return it from our own mock to verify
# that it was called
fake_im = objects.InstanceMapping.get_by_instance_uuid(self.context,
uuids.instance)
# Test that tokens expire correctly.
self.useFixture(test.TimeOverride())
token = u'mytok'
self.flags(token_ttl=1, group='consoleauth')
self._stub_validate_console_port(True)
self.manager_api.authorize_console(self.context, token, 'novnc',
'127.0.0.1', '8080', 'host',
self.instance_uuid)
with mock.patch('nova.objects.InstanceMapping.'
'get_by_instance_uuid') as mock_get:
mock_get.return_value = fake_im
self.assertIsNotNone(self.manager_api.check_token(self.context,
token))
timeutils.advance_time_seconds(1)
self.assertIsNone(self.manager_api.check_token(self.context,
token))
if not self.is_cells:
mock_get.assert_called_once_with(self.context,
self.instance_uuid)
def test_memcached_driver(self):
serv = self.useFixture(
ServiceFixture(self._host, self._binary, self._topic)).serv
serv.start()
service_ref = db.service_get_by_args(self._ctx,
self._host,
self._binary)
hostkey = str("%s:%s" % (self._topic, self._host))
self.servicegroup_api._driver.mc.set(hostkey,
timeutils.utcnow(),
time=self.down_time)
self.assertTrue(self.servicegroup_api.service_is_up(service_ref))
self.useFixture(test.TimeOverride())
timeutils.advance_time_seconds(self.down_time + 1)
self.servicegroup_api._driver._report_state(serv)
service_ref = db.service_get_by_args(self._ctx,
self._host,
self._binary)
self.assertTrue(self.servicegroup_api.service_is_up(service_ref))
serv.stop()
timeutils.advance_time_seconds(self.down_time + 1)
service_ref = db.service_get_by_args(self._ctx,
self._host,
self._binary)
self.assertFalse(self.servicegroup_api.service_is_up(service_ref))
def test_trusted_filter_update_cache_timezone(self, req_mock):
oat_data = {"hosts": [{"host_name": "node1",
"trust_lvl": "untrusted",
"vtime": "2012-09-09T05:10:40-04:00"}]}
req_mock.return_value = requests.codes.OK, oat_data
extra_specs = {'trust:trusted_host': 'untrusted'}
filter_properties = {'context': mock.sentinel.ctx,
'instance_type': {'memory_mb': 1024,
'extra_specs': extra_specs}}
host = fakes.FakeHostState('host1', 'node1', {})
timeutils.set_time_override(
timeutils.normalize_time(
timeutils.parse_isotime("2012-09-09T09:10:40Z")))
self.filt_cls.host_passes(host, filter_properties) # Fill the caches
req_mock.reset_mock()
self.filt_cls.host_passes(host, filter_properties)
self.assertFalse(req_mock.called)
req_mock.reset_mock()
timeutils.advance_time_seconds(
CONF.trusted_computing.attestation_auth_timeout - 10)
self.filt_cls.host_passes(host, filter_properties)
self.assertFalse(req_mock.called)
timeutils.clear_time_override()
def test_trusted_filter_update_cache_timezone(self, req_mock):
oat_data = {"hosts": [{"host_name": "node1",
"trust_lvl": "untrusted",
"vtime": "2012-09-09T05:10:40-04:00"}]}
req_mock.return_value = requests.codes.OK, oat_data
extra_specs = {'trust:trusted_host': 'untrusted'}
spec_obj = objects.RequestSpec(
context=mock.sentinel.ctx,
flavor=objects.Flavor(memory_mb=1024,
extra_specs=extra_specs))
host = fakes.FakeHostState('host1', 'node1', {})
timeutils.set_time_override(
timeutils.normalize_time(
timeutils.parse_isotime("2012-09-09T09:10:40Z")))
self.filt_cls.host_passes(host, spec_obj) # Fill the caches
req_mock.reset_mock()
self.filt_cls.host_passes(host, spec_obj)
self.assertFalse(req_mock.called)
req_mock.reset_mock()
timeutils.advance_time_seconds(
CONF.trusted_computing.attestation_auth_timeout - 10)
self.filt_cls.host_passes(host, spec_obj)
self.assertFalse(req_mock.called)
timeutils.clear_time_override()
def test_shelved_poll_not_timedout(self):
instance = self._create_fake_instance_obj()
sys_meta = instance.system_metadata
shelved_time = timeutils.utcnow()
timeutils.set_time_override(shelved_time)
timeutils.advance_time_seconds(CONF.shelved_offload_time - 1)
sys_meta['shelved_at'] = timeutils.strtime(at=shelved_time)
db.instance_update_and_get_original(self.context, instance['uuid'],
{'vm_state': vm_states.SHELVED, 'system_metadata': sys_meta})
self.mox.StubOutWithMock(self.compute.driver, 'destroy')
self.mox.ReplayAll()
self.compute._poll_shelved_instances(self.context)
def test_tokens_expire(self):
# Test that tokens expire correctly.
self.useFixture(test.TimeOverride())
token = u'mytok'
self.flags(console_token_ttl=1)
self._stub_validate_console_port(True)
self.manager_api.authorize_console(self.context, token, 'novnc',
'127.0.0.1', '8080', 'host',
self.instance['uuid'])
self.assertTrue(self.manager_api.check_token(self.context, token))
timeutils.advance_time_seconds(1)
self.assertFalse(self.manager_api.check_token(self.context, token))
def test_scaling_not_in_progress(self):
awhile_after = timeutils.utcnow() + datetime.timedelta(seconds=60)
previous_meta = {
'cooldown_end': {
awhile_after.isoformat(): 'ChangeInCapacity : 1'
},
'scaling_in_progress': False
}
timeutils.set_time_override()
timeutils.advance_time_seconds(100)
self.patchobject(self.group, 'metadata_get',
return_value=previous_meta)
self.assertIsNone(self.group._check_scaling_allowed(60))
timeutils.clear_time_override()
def test_cooldown_not_in_progress(self):
awhile_after = timeutils.utcnow() + datetime.timedelta(seconds=60)
previous_meta = {
'cooldown_end': {
awhile_after.isoformat(): 'change_in_capacity : 1'
},
'scaling_in_progress': False
}
timeutils.set_time_override()
timeutils.advance_time_seconds(100)
self.patchobject(self.group, 'metadata_get',
return_value=previous_meta)
self.assertIsNone(self.group._check_scaling_allowed(60))
timeutils.clear_time_override()
def test_on_wait_task_expired(self):
now = timeutils.utcnow()
self.request_inst_mock.expired = True
self.request_inst_mock.created_on = now
timeutils.set_time_override(now)
self.addCleanup(timeutils.clear_time_override)
timeutils.advance_time_seconds(120)
ex = self.executor()
ex._requests_cache[self.task_uuid] = self.request_inst_mock
self.assertEqual(len(ex._requests_cache), 1)
ex._on_wait()
self.assertEqual(len(ex._requests_cache), 0)
def test_on_wait_task_expired(self):
now = timeutils.utcnow()
self.request_inst_mock.expired = True
self.request_inst_mock.created_on = now
timeutils.set_time_override(now)
self.addCleanup(timeutils.clear_time_override)
timeutils.advance_time_seconds(120)
ex = self.executor()
ex._requests_cache[self.task_uuid] = self.request_inst_mock
self.assertEqual(len(ex._requests_cache), 1)
ex._on_wait()
self.assertEqual(len(ex._requests_cache), 0)
def test_tokens_expire(self, mock_get):
mock_get.return_value = None
# Test that tokens expire correctly.
self.useFixture(test.TimeOverride())
token = u'mytok'
self.flags(token_ttl=1, group='consoleauth')
self._stub_validate_console_port(True)
self.manager_api.authorize_console(self.context, token, 'novnc',
'127.0.0.1', '8080', 'host',
self.instance_uuid)
self.assertIsNotNone(self.manager_api.check_token(self.context, token))
timeutils.advance_time_seconds(1)
self.assertIsNone(self.manager_api.check_token(self.context, token))
def test_tokens_expire(self, mock_get):
mock_get.return_value = None
# Test that tokens expire correctly.
self.useFixture(test.TimeOverride())
token = u'mytok'
self.flags(token_ttl=1, group='consoleauth')
self._stub_validate_console_port(True)
self.manager_api.authorize_console(self.context, token, 'novnc',
'127.0.0.1', '8080', 'host',
self.instance_uuid)
self.assertIsNotNone(self.manager_api.check_token(self.context, token))
timeutils.advance_time_seconds(1)
self.assertIsNone(self.manager_api.check_token(self.context, token))
def test_shelved_poll_not_timedout(self, mock_older):
mock_older.return_value = False
self.flags(shelved_offload_time=1)
shelved_time = timeutils.utcnow()
timeutils.set_time_override(shelved_time)
timeutils.advance_time_seconds(CONF.shelved_offload_time - 1)
instance = self._create_fake_instance_obj()
instance.vm_state = vm_states.SHELVED
instance.task_state = None
instance.host = self.compute.host
sys_meta = instance.system_metadata
sys_meta['shelved_at'] = shelved_time.isoformat()
instance.save()
with mock.patch.object(self.compute, 'shelve_offload_instance') as soi:
self.compute._poll_shelved_instances(self.context)
self.assertFalse(soi.called)
self.assertTrue(mock_older.called)
def test_shelved_poll_timedout(self):
instance = self._create_fake_instance_obj()
sys_meta = instance.system_metadata
shelved_time = timeutils.utcnow()
timeutils.set_time_override(shelved_time)
timeutils.advance_time_seconds(CONF.shelved_offload_time + 1)
sys_meta["shelved_at"] = timeutils.strtime(at=shelved_time)
(old, instance) = db.instance_update_and_get_original(
self.context, instance["uuid"], {"vm_state": vm_states.SHELVED, "system_metadata": sys_meta}
)
def fake_destroy(inst, nw_info, bdm):
# NOTE(alaski) There are too many differences between an instance
# as returned by instance_update_and_get_original and
# instance_get_all_by_filters so just compare the uuid.
self.assertEqual(instance["uuid"], inst["uuid"])
self.stubs.Set(self.compute.driver, "destroy", fake_destroy)
self.compute._poll_shelved_instances(self.context)
def test_shelved_poll_timedout(self):
instance = self._create_fake_instance_obj()
sys_meta = instance.system_metadata
shelved_time = timeutils.utcnow()
timeutils.set_time_override(shelved_time)
timeutils.advance_time_seconds(CONF.shelved_offload_time + 1)
sys_meta['shelved_at'] = timeutils.strtime(at=shelved_time)
(old, instance) = db.instance_update_and_get_original(self.context,
instance['uuid'], {'vm_state': vm_states.SHELVED,
'system_metadata': sys_meta})
def fake_destroy(inst, nw_info, bdm):
# NOTE(alaski) There are too many differences between an instance
# as returned by instance_update_and_get_original and
# instance_get_all_by_filters so just compare the uuid.
self.assertEqual(instance['uuid'], inst['uuid'])
self.stubs.Set(self.compute.driver, 'destroy', fake_destroy)
self.compute._poll_shelved_instances(self.context)
def test_DB_driver(self):
serv = self.useFixture(
ServiceFixture(self._host, self._binary, self._topic)).serv
serv.start()
service_ref = db.service_get_by_args(self._ctx, self._host,
self._binary)
self.assertTrue(self.servicegroup_api.service_is_up(service_ref))
self.useFixture(test.TimeOverride())
timeutils.advance_time_seconds(self.down_time + 1)
self.servicegroup_api._driver._report_state(serv)
service_ref = db.service_get_by_args(self._ctx, self._host,
self._binary)
self.assertTrue(self.servicegroup_api.service_is_up(service_ref))
serv.stop()
timeutils.advance_time_seconds(self.down_time + 1)
service_ref = db.service_get_by_args(self._ctx, self._host,
self._binary)
self.assertFalse(self.servicegroup_api.service_is_up(service_ref))
def test_delete_expired_tokens(self):
self.useFixture(test.TimeOverride())
token = u'mytok'
self.flags(console_token_ttl=1)
self._stub_validate_console_port(True)
self.manager_api.authorize_console(self.context, token, 'novnc',
'127.0.0.1', '8080', 'host',
self.instance_uuid)
timeutils.advance_time_seconds(1)
self.assertFalse(self.manager_api.check_token(self.context, token))
token1 = u'mytok2'
self.manager_api.authorize_console(self.context, token1, 'novnc',
'127.0.0.1', '8080', 'host',
self.instance_uuid)
stored_tokens = self.manager._get_tokens_for_instance(
self.instance_uuid)
# when trying to store token1, expired token is removed fist.
self.assertEqual(len(stored_tokens), 1)
self.assertEqual(stored_tokens[0], token1)
def test_delete_expired_tokens(self):
self.useFixture(test.TimeOverride())
token = u'mytok'
self.flags(token_ttl=1, group='consoleauth')
self._stub_validate_console_port(True)
self.manager_api.authorize_console(self.context, token, 'novnc',
'127.0.0.1', '8080', 'host',
self.instance_uuid)
timeutils.advance_time_seconds(1)
self.assertIsNone(self.manager_api.check_token(self.context, token))
token1 = u'mytok2'
self.manager_api.authorize_console(self.context, token1, 'novnc',
'127.0.0.1', '8080', 'host',
self.instance_uuid)
stored_tokens = self.manager._get_tokens_for_instance(
self.instance_uuid)
# when trying to store token1, expired token is removed fist.
self.assertEqual(len(stored_tokens), 1)
self.assertEqual(stored_tokens[0], token1)
def test_DB_driver(self):
serv = self.useFixture(
ServiceFixture(self._host, self._binary, self._topic)).serv
serv.start()
service_ref = db.service_get_by_args(self._ctx,
self._host,
self._binary)
self.assertTrue(self.servicegroup_api.service_is_up(service_ref))
self.useFixture(test.TimeOverride())
timeutils.advance_time_seconds(self.down_time + 1)
self.servicegroup_api._driver._report_state(serv)
service_ref = db.service_get_by_args(self._ctx,
self._host,
self._binary)
self.assertTrue(self.servicegroup_api.service_is_up(service_ref))
serv.stop()
timeutils.advance_time_seconds(self.down_time + 1)
service_ref = db.service_get_by_args(self._ctx,
self._host,
self._binary)
self.assertFalse(self.servicegroup_api.service_is_up(service_ref))
def test_shelved_poll_timedout(self):
self.flags(shelved_offload_time=1)
shelved_time = timeutils.utcnow()
timeutils.set_time_override(shelved_time)
timeutils.advance_time_seconds(CONF.shelved_offload_time + 10)
instance = self._create_fake_instance_obj()
instance.vm_state = vm_states.SHELVED
instance.task_state = None
instance.host = self.compute.host
sys_meta = instance.system_metadata
sys_meta['shelved_at'] = shelved_time.isoformat()
instance.save()
data = []
def fake_soi(context, instance, **kwargs):
data.append(instance.uuid)
with mock.patch.object(self.compute, 'shelve_offload_instance') as soi:
soi.side_effect = fake_soi
self.compute._poll_shelved_instances(self.context)
self.assertTrue(soi.called)
self.assertEqual(instance.uuid, data[0])
def test_memcached_driver(self):
serv = self.useFixture(
ServiceFixture(self._host, self._binary, self._topic)).serv
serv.start()
service_ref = db.service_get_by_args(self._ctx, self._host,
self._binary)
hostkey = str("%s:%s" % (self._topic, self._host))
self.servicegroup_api._driver.mc.set(hostkey,
timeutils.utcnow(),
time=self.down_time)
self.assertTrue(self.servicegroup_api.service_is_up(service_ref))
self.useFixture(test.TimeOverride())
timeutils.advance_time_seconds(self.down_time + 1)
self.servicegroup_api._driver._report_state(serv)
service_ref = db.service_get_by_args(self._ctx, self._host,
self._binary)
self.assertTrue(self.servicegroup_api.service_is_up(service_ref))
serv.stop()
timeutils.advance_time_seconds(self.down_time + 1)
service_ref = db.service_get_by_args(self._ctx, self._host,
self._binary)
self.assertFalse(self.servicegroup_api.service_is_up(service_ref))
def test_timeout(self):
self._send_bad_attempts("test", CONF.lockout_attempts)
self.assertTrue(self._is_locked_out("test"))
timeutils.advance_time_seconds(CONF.lockout_minutes * 60)
self.assertFalse(self._is_locked_out("test"))
def test_advance_time_seconds(self):
timeutils.set_time_override(self.one_minute_before)
timeutils.advance_time_seconds(60)
self.assertEqual(timeutils.utcnow(), self.skynet_self_aware_time)
def test_advance_time_seconds(self):
timeutils.set_time_override(self.one_minute_before)
timeutils.advance_time_seconds(60)
self.assertEqual(timeutils.utcnow(), self.skynet_self_aware_time)
def advance_time_seconds(self, seconds):
"""Advance overridden time by seconds."""
timeutils.advance_time_seconds(seconds)
def test_window_timeout(self):
self._send_bad_attempts('test', CONF.lockout_attempts - 1)
self.assertFalse(self._is_locked_out('test'))
timeutils.advance_time_seconds(CONF.lockout_window * 60)
self._send_bad_attempts('test', CONF.lockout_attempts - 1)
self.assertFalse(self._is_locked_out('test'))
def advance_time_seconds(self, seconds):
"""Advance overridden time by seconds."""
timeutils.advance_time_seconds(seconds)