def _test_compromising_ssh(self, rc, check): fixture = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG)) fake_stdin = six.StringIO() fake_stdout = mock.Mock() fake_stdout.channel.recv_exit_status.return_value = rc fake_stdout.read.return_value = 'password="******"' fake_stderr = six.StringIO('password="******"') command = 'ls --password="******"' connection = mock.Mock() connection.exec_command.return_value = (fake_stdin, fake_stdout, fake_stderr) if check and rc != -1 and rc != 0: err = self.assertRaises(processutils.ProcessExecutionError, processutils.ssh_execute, connection, command, check_exit_code=check) self.assertEqual(rc, err.exit_code) self.assertEqual(err.stdout, 'password="******"') self.assertEqual(err.stderr, 'password="******"') self.assertEqual(err.cmd, 'ls --password="******"') self.assertNotIn('secret', str(err)) self.assertNotIn('foobar', str(err)) else: o, e = processutils.ssh_execute(connection, command, check_exit_code=check) self.assertEqual('password="******"', o) self.assertEqual('password="******"', e) self.assertIn('password="******"', fixture.output) self.assertNotIn('bar', fixture.output)
def test_exec_ssh_command_good(self): class Channel(object): def recv_exit_status(self): return 0 class Stream(object): def __init__(self, buffer=''): self.buffer = buffer self.channel = Channel() def read(self): return self.buffer def close(self): pass with mock.patch.object(self.sshclient, 'exec_command') as exec_command_mock: exec_command_mock.return_value = (Stream(), Stream('hello'), Stream()) stdout, stderr = processutils.ssh_execute(self.sshclient, "command") self.assertEqual('hello', stdout) exec_command_mock.assert_called_once_with("command")
def _run_ssh(self, cmd_list, check_exit_code=True, attempts=1): utils.check_ssh_injection(cmd_list) command = ' '. join(cmd_list) if not self.sshpool: password = self.configuration.san_password privatekey = self.configuration.san_private_key min_size = self.configuration.ssh_min_pool_conn max_size = self.configuration.ssh_max_pool_conn self.sshpool = ssh_utils.SSHPool( self.configuration.san_ip, self.configuration.san_ssh_port, self.configuration.ssh_conn_timeout, self.configuration.san_login, password=password, privatekey=privatekey, min_size=min_size, max_size=max_size) last_exception = None try: with self.sshpool.item() as ssh: while attempts > 0: attempts -= 1 try: return processutils.ssh_execute( ssh, command, check_exit_code=check_exit_code) except Exception as e: LOG.error(e) last_exception = e greenthread.sleep(random.randint(20, 500) / 100.0) try: raise processutils.ProcessExecutionError( exit_code=last_exception.exit_code, stdout=last_exception.stdout, stderr=last_exception.stderr, cmd=last_exception.cmd) except AttributeError: raise processutils.ProcessExecutionError( exit_code=-1, stdout="", stderr="Error running SSH command", cmd=command) except Exception: with excutils.save_and_reraise_exception(): LOG.error(_("Error running SSH command: %s") % command)
def _run_ssh(self, cmd_list, check_exit_code=True, attempts=1): # TODO(skolathur): Need to implement ssh_injection check # currently, the check will fail for zonecreate command # as zone members are separated by ';'which is a danger char command = ' '. join(cmd_list) if not self.sshpool: self.sshpool = ssh_utils.SSHPool(self.switch_ip, self.switch_port, None, self.switch_user, self.switch_pwd, min_size=1, max_size=5) last_exception = None try: with self.sshpool.item() as ssh: while attempts > 0: attempts -= 1 try: return processutils.ssh_execute( ssh, command, check_exit_code=check_exit_code) except Exception as e: LOG.error(e) last_exception = e greenthread.sleep(random.randint(20, 500) / 100.0) try: raise processutils.ProcessExecutionError( exit_code=last_exception.exit_code, stdout=last_exception.stdout, stderr=last_exception.stderr, cmd=last_exception.cmd) except AttributeError: raise processutils.ProcessExecutionError( exit_code=-1, stdout="", stderr="Error running SSH command", cmd=command) except Exception: with excutils.save_and_reraise_exception(): LOG.error(_LE("Error running SSH command: %s") % command)
def _run_ssh(self, cmd_list, check_exit_code=True, attempts=1): command = ' '.join(cmd_list) if not self.sshpool: self.sshpool = ssh_utils.SSHPool(self.switch_ip, self.switch_port, None, self.switch_user, self.switch_pwd, min_size=1, max_size=5) last_exception = None try: with self.sshpool.item() as ssh: while attempts > 0: attempts -= 1 try: return processutils.ssh_execute( ssh, command, check_exit_code=check_exit_code) except Exception as e: msg = _("Exception: %s") % six.text_type(e) LOG.error(msg) last_exception = e greenthread.sleep(random.randint(20, 500) / 100.0) try: raise processutils.ProcessExecutionError( exit_code=last_exception.exit_code, stdout=last_exception.stdout, stderr=last_exception.stderr, cmd=last_exception.cmd) except AttributeError: raise processutils.ProcessExecutionError( exit_code=-1, stdout="", stderr="Error running SSH command", cmd=command) except Exception: with excutils.save_and_reraise_exception(): LOG.error(_("Error running SSH command: %s") % command)
def _ssh_execute(ssh_obj, cmd_to_exec): """Executes a command via ssh. Executes a command via ssh and returns a list of the lines of the output from the command. :param ssh_obj: paramiko.SSHClient, an active ssh connection. :param cmd_to_exec: command to execute. :returns: list of the lines of output from the command. :raises: SSHCommandFailed on an error from ssh. """ try: output_list = processutils.ssh_execute(ssh_obj, cmd_to_exec)[0].split('\n') except Exception as e: LOG.debug("Cannot execute SSH cmd %(cmd)s. Reason: %(err)s." % {'cmd': cmd_to_exec, 'err': e}) raise exception.SSHCommandFailed(cmd=cmd_to_exec) return output_list
def test_works(self): o, e = processutils.ssh_execute(FakeSshConnection(0), 'ls') self.assertEqual('stdout', o) self.assertEqual('stderr', e)