class Euca(unittest.TestCase):
def setUp(self):
self.conf = "../cloud.conf"
self.tester = Eucaops(config_file=self.conf, password="******")
self.doAuth()
self.STARTC = '\033[1m\033[1m\033[42m'
self.ENDC = '\033[0m'
self.account = "9959-account"
self.groupname = "9959-group"
self.username = "******"
def tearDown(self):
self.tester.delete_account(self.account, recursive=True)
self.tester.sys('rm -rf role-describe-instances-principle.json')
self.tester.sys('rm -rf role-trust.json')
self.tester.cleanup_artifacts()
self.tester.delete_keypair(self.keypair)
self.tester.local("rm " + self.keypair.name + ".pem")
shutil.rmtree(self.tester.credpath)
def runSysCmd(self, cmd):
self.source = "source " + self.tester.credpath + "/eucarc && "
self.out = self.tester.sys(self.source + cmd)
def doAuth(self):
self.keypair = self.tester.add_keypair()
self.group = self.tester.add_group()
self.tester.authorize_group(self.group)
def test(self):
# create account, group and user
self.tester.create_account(account_name=self.account)
self.tester.create_group(self.groupname, "/", self.account)
self.tester.create_user(self.username, "/", self.account)
self.tester.add_user_to_group(self.groupname, self.username,
self.account)
# copy json to clc
self.clc_ip = str(self.tester.clc.hostname)
os.system('scp role-describe-instances-principle.json root@' +
self.clc_ip + ':role-describe-instances-principle.json')
os.system('scp role-trust.json root@' + self.clc_ip +
':role-trust.json')
# create user role
self.runSysCmd(
"euare-rolecreate -r describe-instances -f role-trust.json --region "
+ self.account + "-" + self.username)
self.runSysCmd(
"euare-roleuploadpolicy -r describe-instances -p describe-instances-policy -f role-describe-instances-principle.json --region "
+ self.account + "-" + self.username)
print self.STARTC + "Success " + str(
self.out) + " ENABLED " + self.ENDC
# Check to see that the error message was thrown and not the text from the json file.
count = str(
self.out).count("Policy document should not specify a principal.")
if count > 0:
self.tester.debug("SUCCESS")
pass
else:
self.fail("FAILED : correct error message not thrown")
class Euca(unittest.TestCase):
def setUp(self):
self.conf = "../cloud.conf"
self.tester = Eucaops(config_file=self.conf, password="******")
self.doAuth()
self.STARTC = '\033[1m\033[1m\033[42m'
self.ENDC = '\033[0m'
self.account = "9959-account"
self.groupname = "9959-group"
self.username ="******"
def tearDown(self):
self.tester.delete_account(self.account, recursive=True)
self.tester.sys('rm -rf role-describe-instances-principle.json')
self.tester.sys('rm -rf role-trust.json')
self.tester.cleanup_artifacts()
self.tester.delete_keypair(self.keypair)
self.tester.local("rm " + self.keypair.name + ".pem")
shutil.rmtree(self.tester.credpath)
def runSysCmd(self, cmd):
self.source = "source " + self.tester.credpath + "/eucarc && "
self.out = self.tester.sys(self.source + cmd)
def doAuth(self):
self.keypair = self.tester.add_keypair()
self.group = self.tester.add_group()
self.tester.authorize_group(self.group)
def test(self):
# create account, group and user
self.tester.create_account(account_name=self.account)
self.tester.create_group(self.groupname, "/", self.account)
self.tester.create_user(self.username, "/", self.account)
self.tester.add_user_to_group(self.groupname,self.username,self.account)
# copy json to clc
self.clc_ip = str(self.tester.clc.hostname)
os.system('scp role-describe-instances-principle.json root@' + self.clc_ip + ':role-describe-instances-principle.json')
os.system('scp role-trust.json root@' + self.clc_ip + ':role-trust.json')
# create user role
self.runSysCmd("euare-rolecreate -r describe-instances -f role-trust.json --region " + self.account + "-" + self.username)
self.runSysCmd("euare-roleuploadpolicy -r describe-instances -p describe-instances-policy -f role-describe-instances-principle.json --region " + self.account + "-" + self.username)
print self.STARTC + "Success " + str(self.out) + " ENABLED " + self.ENDC
# Check to see that the error message was thrown and not the text from the json file.
count = str(self.out).count("Policy document should not specify a principal.")
if count > 0 :
self.tester.debug("SUCCESS")
pass
else:
self.fail("FAILED : correct error message not thrown")
class SampleTest(EutesterTestCase):
def __init__(self):
self.setuptestcase()
self.setup_parser()
self.parser.add_argument("--account-number", default=1)
self.parser.add_argument("--account-prefix", default="test-account-")
self.parser.add_argument("--group-prefix", default="test-group-")
self.parser.add_argument("--user-prefix", default="test-user-")
self.parser.add_argument("--password-prefix", default="mypassword")
self.parser.add_argument("--user-number", default=1)
self.get_args()
# Setup basic eutester object
self.tester = Eucaops(config_file=self.args.config,
password=self.args.password,
credpath=self.args.credpath)
def clean_method(self):
pass
def CreateUsers(self):
"""
This is where the test description goes
"""
allow_all_policy = """{
"Statement": [
{
"Action": "*",
"Effect": "Allow",
"Resource": "*"
}]
}"""
for i in xrange(self.args.account_number):
account_name = self.args.account_prefix + str(i)
group_name = self.args.group_prefix + str(i)
password = self.args.password_prefix + str(i)
self.tester.create_account(account_name)
self.tester.create_group(group_name, "/", account_name)
self.tester.attach_policy_group(group_name, "allow-all",
allow_all_policy, account_name)
for k in xrange(self.args.user_number):
user_name = self.args.user_prefix + str(k)
self.tester.create_user(user_name, "/", account_name)
self.tester.add_user_to_group(group_name, user_name,
account_name)
self.tester.create_login_profile(user_name, password,
account_name)
class SampleTest(EutesterTestCase):
def __init__(self):
self.setuptestcase()
self.setup_parser()
self.parser.add_argument("--account-number",default=1)
self.parser.add_argument("--account-prefix",default="test-account-")
self.parser.add_argument("--group-prefix",default="test-group-")
self.parser.add_argument("--user-prefix",default="test-user-")
self.parser.add_argument("--user-number",default=2)
self.get_args()
# Setup basic eutester object
self.tester = Eucaops(config_file=self.args.config, password=self.args.password, credpath=self.args.credpath)
def clean_method(self):
pass
def CreateUsers(self):
"""
This is where the test description goes
"""
allow_all_policy = """{
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": "*"
}]
}"""
for i in xrange(self.args.account_number):
account_name = self.args.account_prefix + str(i)
group_name = self.args.group_prefix + str(i)
self.tester.create_account(account_name)
self.tester.create_group(group_name, "/",account_name)
self.tester.attach_policy_group(group_name,"allow-all", allow_all_policy, account_name)
for k in xrange(self.args.user_number):
user_name = self.args.user_prefix + str(k)
self.tester.create_user(user_name, "/", account_name)
self.tester.add_user_to_group(group_name, user_name, account_name)
class Euca3932(unittest.TestCase):
def setUp(self):
self.conf = "cloud.conf"
self.acctName = "test-account"
self.cmdMod = " euca-modify-image-attribute --launch-permission "
self.cmdDes = " euca-describe-image-attribute --launch-permission "
self.tester = Eucaops( config_file=self.conf, password="******" )
self.out = self.tester.create_account(self.acctName)
self.source = "source " + self.tester.credpath + "/eucarc && "
self.doAuth()
def tearDown(self):
self.tester.delete_account(self.acctName,recursive=True)
self.tester.cleanup_artifacts()
self.tester.delete_keypair(self.keypair)
self.tester.local("rm " + self.keypair.name + ".pem")
shutil.rmtree(self.tester.credpath)
def doAuth(self):
self.keypair = self.tester.add_keypair()
self.group = self.tester.add_group()
self.tester.authorize_group(self.group)
def testLaunchPermission(self):
self.emi = self.tester.get_emi()
#Get new userId (AccountId)
self.outAccts = self.tester.get_all_accounts(account_name=self.acctName)
for u in self.outAccts:
self.testAccountId = u.account_id
# Add --launch-permission
self.tester.sys(self.source + self.cmdMod + " -a " + self.testAccountId + " " + self.emi.id)
# Describe --launch-permissions
self.outDes = self.tester.sys(self.source + self.cmdDes + self.emi.id)
# Check --launch-permissions for added userId
self.count = str(self.outDes).count(self.testAccountId)
# Remove added --launch-permission
self.tester.sys(self.source + self.cmdMod + " -r " + self.testAccountId + " " + self.emi.id)
if self.count==1:
self.tester.debug("SUCCESS The --launch-permission for " + self.testAccountId + " was added.")
pass
else:
self.fail("FAIL The --launch-permission for " + self.testAccountId + " not added.")
class StsUI(unittest.TestCase):
"""
Tests for STS UI Authentication.
Available tests are:
- testIssueToken - basic test for token issuance
"""
account_name = 'test-sts-ui-account'
admin_password = '******'
def setUp(self):
self.tester = Eucaops(credpath=arg_credpath)
self.createTestUser()
def tearDown(self):
self.deleteTestUser()
self.tester = None
def testIssueToken(self):
"""
Test basic token issuance
"""
ip = self.tester.tokens.region.endpoint
port = self.tester.tokens.port
path = self.tester.tokens.path
api_version = self.tester.tokens.APIVersion
url_template = '{0}?Version={1}&Action=GetSessionToken'
sts_url = url_template.format(path, api_version)
account = self.account_name
username = '******'
password = self.admin_password
user_b64 = base64.b64encode(username)
account_b64 = base64.b64encode(account)
user_account = '{0}@{1}'.format(user_b64, account_b64)
creds = '{0}:{1}'.format(user_account, password)
basic_header = "Basic {0}".format(
base64.b64encode(creds.encode('utf8')))
headers = {"Authorization": basic_header}
conn = httplib.HTTPConnection(ip, port=port, timeout=30000)
conn.request("GET", sts_url, headers=headers)
response = conn.getresponse()
self.assertEquals(
200,
response.status,
msg='Get token failed, bad HTTP status code: {0}'.format(
response.status))
data = response.read()
response.close()
conn.close()
rootElement = ElementTree.fromstring(data)
resultElement = self.childElement(rootElement, 'GetSessionTokenResult')
credentialsElement = self.childElement(resultElement, 'Credentials')
accessKeyIdElement = self.childElement(credentialsElement,
'AccessKeyId')
secretAccessKeyElement = self.childElement(credentialsElement,
'SecretAccessKey')
sessionTokenElement = self.childElement(credentialsElement,
'SessionToken')
expirationElement = self.childElement(credentialsElement, 'Expiration')
self.assertTrue(len(accessKeyIdElement.text) > 0,
msg='Missing accessKeyId')
self.assertTrue(len(secretAccessKeyElement.text) > 0,
msg='Missing secretAccessKey')
self.assertTrue(len(sessionTokenElement.text) > 0,
msg='Missing sessionToken')
self.assertTrue(len(expirationElement.text) > 0,
msg='Missing expiration')
self.tester.debug("Got session token with access key: " +
accessKeyIdElement.text)
self.tester.debug("Got session token with expiration: " +
expirationElement.text)
def childElement(self, parentElement, name):
childElement = parentElement.find(
'{{https://sts.amazonaws.com/doc/2011-06-15/}}{0}'.format(name))
self.assertTrue(
childElement is not None,
msg='STS response invalid, could not find {0}'.format(name))
return childElement
def createTestUser(self):
self.tester.create_account(self.account_name)
self.tester.euare.get_response(
'UpdateLoginProfile', {
'DelegateAccount': self.account_name,
'UserName': '******',
'Password': self.admin_password
})
self.tester.euare.get_response('CreateAccessKey', {
'DelegateAccount': self.account_name,
'UserName': '******',
})
def deleteTestUser(self):
self.tester.delete_account(self.account_name, recursive=True)
parser.add_argument("--group-prefix", default="test-group-")
args = parser.parse_args()
tester = Eucaops(credpath=args.credpath)
allow_all_policy = """{
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": "*"
}
]
}"""
for i in xrange(args.account_number):
account_name = args.account_prefix + str(i)
group_name = args.group_prefix + str(i)
tester.create_account(account_name)
tester.create_group(group_name, "/",account_name)
tester.attach_policy_group(group_name,"allow-all", allow_all_policy, account_name)
for k in xrange(args.user_number):
user_name = args.user_prefix + str(k)
tester.create_user(user_name, "/", account_name)
tester.add_user_to_group(group_name, user_name, account_name)
class StsUI(unittest.TestCase):
"""
Tests for STS UI Authentication.
Available tests are:
- testIssueToken - basic test for token issuance
"""
account_name = 'test-sts-ui-account'
admin_password = '******'
def setUp(self):
self.tester = Eucaops( credpath=arg_credpath )
self.createTestUser()
def tearDown(self):
self.deleteTestUser()
self.tester = None
def testIssueToken(self):
"""
Test basic token issuance
"""
ip = self.tester.tokens.region.endpoint
port = self.tester.tokens.port
path = self.tester.tokens.path
api_version = self.tester.tokens.APIVersion
url_template = '{0}?Version={1}&Action=GetSessionToken'
sts_url = url_template.format( path, api_version )
account = self.account_name
username = '******'
password = self.admin_password
user_b64 = base64.b64encode( username )
account_b64 = base64.b64encode( account )
user_account = '{0}@{1}'.format( user_b64, account_b64 )
creds = '{0}:{1}'.format( user_account, password )
basic_header = "Basic {0}".format( base64.b64encode( creds.encode('utf8') ) )
headers = {
"Authorization": basic_header
}
conn = httplib.HTTPConnection( ip, port=port, timeout=30000 )
conn.request( "GET", sts_url, headers=headers )
response = conn.getresponse()
self.assertEquals( 200, response.status, msg='Get token failed, bad HTTP status code: {0}'.format(response.status) )
data = response.read()
response.close()
conn.close()
rootElement = ElementTree.fromstring( data )
resultElement = self.childElement( rootElement, 'GetSessionTokenResult' )
credentialsElement = self.childElement( resultElement, 'Credentials')
accessKeyIdElement = self.childElement( credentialsElement, 'AccessKeyId')
secretAccessKeyElement = self.childElement( credentialsElement, 'SecretAccessKey')
sessionTokenElement = self.childElement( credentialsElement, 'SessionToken')
expirationElement = self.childElement( credentialsElement, 'Expiration')
self.assertTrue( len( accessKeyIdElement.text ) > 0, msg='Missing accessKeyId' )
self.assertTrue( len( secretAccessKeyElement.text ) > 0, msg='Missing secretAccessKey' )
self.assertTrue( len( sessionTokenElement.text ) > 0, msg='Missing sessionToken' )
self.assertTrue( len( expirationElement.text ) > 0, msg='Missing expiration' )
self.tester.debug( "Got session token with access key: " + accessKeyIdElement.text )
self.tester.debug( "Got session token with expiration: " + expirationElement.text )
def childElement( self, parentElement, name ):
childElement = parentElement.find( '{{https://sts.amazonaws.com/doc/2011-06-15/}}{0}'.format( name ) )
self.assertTrue( childElement is not None, msg='STS response invalid, could not find {0}'.format( name ) )
return childElement
def createTestUser(self):
self.tester.create_account(self.account_name)
self.tester.euare.get_response('UpdateLoginProfile', {
'DelegateAccount': self.account_name,
'UserName': '******',
'Password': self.admin_password
})
self.tester.euare.get_response('CreateAccessKey', {
'DelegateAccount': self.account_name,
'UserName': '******',
})
def deleteTestUser(self):
self.tester.delete_account(self.account_name,recursive=True)
class EucaTest(unittest.TestCase):
def setUp(self):
self.conf = 'cloud.conf'
self.tester = Eucaops(config_file=self.conf, password='******')
self.STARTC = '\033[1m\033[1m\033[42m'
self.ENDC = '\033[0m'
self.acct_name='testacct'
self.acct_dir='/root/' + self.acct_name
self.asg_instance_count = 'euscale-describe-auto-scaling-instances | grep -c INSTANCE'
self.asg_name='testScaling'
self.quota=3
def tearDown(self):
self.runTestCmd('euscale-delete-policy -g ' + self.asg_name + ' shutdown')
self.runTestCmd('euscale-delete-auto-scaling-group ' + self.asg_name +' --force-delete')
self.runTestCmd('euscale-delete-launch-config testLaunch')
self.tester.delete_account(self.acct_name,recursive=True)
self.runSysCmd('rm -rf testacct')
def runSysCmd(self, cmd):
self.source = 'source ' + self.tester.credpath + '/eucarc && '
self.out = self.tester.sys(self.source + cmd)
def runTestCmd(self, cmd):
self.source = 'source ' + self.acct_dir + '/eucarc && '
self.out = self.tester.sys(self.source + cmd)
def wait_for_asg_instances_to_stop(self):
count = self.quota
while (count > 0):
self.tester.debug('Waiting for all instances to stop, still running = ' + str(count))
self.tester.sleep(10)
self.runTestCmd(self.asg_instance_count)
count = int(self.out[0])
def wait_for_asg_instances_to_start(self):
count = 0
while (count < self.quota):
self.tester.debug('Waiting for Quota instances to start, count = ' + str(count))
self.tester.sleep(10)
self.runTestCmd(self.asg_instance_count)
count = int(self.out[0])
def test(self):
self.emi = self.tester.get_emi()
self.clc_ip = str(self.tester.clc.hostname)
self.tester.create_account(self.acct_name)
self.runSysCmd('mkdir ' + self.acct_dir)
self.runSysCmd('/opt/eucalyptus/usr/sbin/euca_conf --cred-account ' + self.acct_name + ' --cred-user admin --get-credentials ' + self.acct_dir + '/' + self.acct_name + '.zip')
os.system('scp test_policy.txt root@' + self.clc_ip + ':' + self.acct_name)
self.runSysCmd('euare-accountuploadpolicy -a ' + self.acct_name + ' -p test-quota -f ' + self.acct_dir + '/test_policy.txt')
self.runSysCmd('cd ' + self.acct_dir + ' && unzip -o ' + self.acct_dir + '/' + self.acct_name + '.zip')
self.runTestCmd('euca-create-keypair ' + self.acct_name + ' > ' + self.acct_dir + '/' + self.acct_name + '.private')
self.runTestCmd(self.asg_instance_count)
self.tester.debug(self.STARTC + 'Original Count = ' + str(self.out[0]) + self.ENDC)
self.runTestCmd('euscale-create-launch-config testLaunch -t m1.small --key ' + self.acct_name + ' --group default --image ' + self.emi.id )
self.runTestCmd('euscale-create-auto-scaling-group -l testLaunch -m 0 -M 4 --desired-capacity 4 -z PARTI00 ' + self.asg_name)
# Wait for AS instances to launch
self.wait_for_asg_instances_to_start()
# Check number of AS Instances started.
self.runTestCmd(self.asg_instance_count)
assert int(self.out[0]) == self.quota
self.tester.debug(self.STARTC + 'Success Quota = 3 number of ASG instances started = ' + str(self.out[0]) + self.ENDC)
self.runTestCmd('euscale-put-scaling-policy shutdown -g ' + self.asg_name + ' -a -4 -t ChangeInCapacity ')
self.runTestCmd('euscale-execute-policy shutdown -g ' + self.asg_name)
self.wait_for_asg_instances_to_stop()