aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLuke Hinds <lukehinds@gmail.com>2016-06-13 14:00:57 +0100
committerJose Lausuch <jose.lausuch@ericsson.com>2016-06-13 15:02:15 +0000
commit3b3804faa0f729827a09b396e9a0ed909644d2bd (patch)
tree6fd6c0a11550afcf56b11765fbb5a01b45ac0a0d
parentcaaf1129d6ed40484b68d4eec4ed2da0d8fca98b (diff)
SSH key key type select improvements and jump host rename
JIRA: FUNCTEST-310 Change-Id: I7adca57febfe8e6861d22de18858c6afd97b5199 Signed-off-by: Luke Hinds <lukehinds@gmail.com>
-rw-r--r--testcases/security_scan/config.ini2
-rw-r--r--testcases/security_scan/connect.py50
-rw-r--r--testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini2
-rw-r--r--testcases/security_scan/examples/xccdf-standard.ini2
-rw-r--r--testcases/security_scan/security_scan.py22
5 files changed, 46 insertions, 32 deletions
diff --git a/testcases/security_scan/config.ini b/testcases/security_scan/config.ini
index 992ca7e34..bfbcf82d3 100644
--- a/testcases/security_scan/config.ini
+++ b/testcases/security_scan/config.ini
@@ -2,7 +2,7 @@
port = 22
user = stack
remotekey = /home/stack/.ssh/id_rsa
-localkey = /home/opnfv/.ssh/overCloudKey
+localkey = /root/.ssh/overCloudKey
[controller]
port = 22
diff --git a/testcases/security_scan/connect.py b/testcases/security_scan/connect.py
index cee83ddc5..18ca96d80 100644
--- a/testcases/security_scan/connect.py
+++ b/testcases/security_scan/connect.py
@@ -24,16 +24,19 @@ logger = ft_logger.Logger("security_scan").getLogger()
paramiko.util.log_to_file("/var/log/paramiko.log")
-class setup:
+class SetUp:
def __init__(self, *args):
self.args = args
def keystonepass(self):
com = self.args[0]
client = paramiko.SSHClient()
+ privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa')
+ selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
- client.connect(INSTALLER_IP, port=22, username='stack')
+ client.connect(INSTALLER_IP, port=22, username='stack',
+ pkey=selectedkey)
except paramiko.SSHException:
logger.error("Password is invalid for "
"undercloud host: {0}".format(INSTALLER_IP))
@@ -47,28 +50,30 @@ class setup:
return stdout.read()
client.close()
- def getOCKey(self):
+ def getockey(self):
remotekey = self.args[0]
localkey = self.args[1]
- client = paramiko.SSHClient()
- client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+ privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa')
+ selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
+ transport = paramiko.Transport((INSTALLER_IP, 22))
+ transport.connect(username='stack', pkey=selectedkey)
try:
- client.connect(INSTALLER_IP, port=22, username='stack')
- sftp = client.open_sftp()
- sftp.get(remotekey, localkey)
+ sftp = paramiko.SFTPClient.from_transport(transport)
except paramiko.SSHException:
logger.error("Authentication failed for "
- "host: {0}".format(self.host))
+ "host: {0}".format(INSTALLER_IP))
except paramiko.AuthenticationException:
logger.error("Authentication failed for "
- "host: {0}".format(self.host))
+ "host: {0}".format(INSTALLER_IP))
except socket.error:
logger.error("Socker Connection failed for "
- "undercloud host: {0}".format(self.host))
- client.close()
+ "undercloud host: {0}".format(INSTALLER_IP))
+ sftp.get(remotekey, localkey)
+ sftp.close()
+ transport.close()
-class connectionManager:
+class ConnectionManager:
def __init__(self, host, port, user, localkey, *args):
self.host = host
self.port = port
@@ -82,10 +87,13 @@ class connectionManager:
com = self.args[2]
client = paramiko.SSHClient()
+ privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa')
+ selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Connection to undercloud
try:
- client.connect(INSTALLER_IP, port=22, username='stack')
+ client.connect(INSTALLER_IP, port=22, username='stack',
+ pkey=selectedkey)
except paramiko.SSHException:
logger.error("Authentication failed for "
"host: {0}".format(self.host))
@@ -136,10 +144,13 @@ class connectionManager:
com = self.args[0]
client = paramiko.SSHClient()
+ privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa')
+ selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Connection to undercloud
try:
- client.connect(INSTALLER_IP, port=22, username='stack')
+ client.connect(INSTALLER_IP, port=22, username='stack',
+ pkey=selectedkey)
except paramiko.SSHException:
logger.error("Authentication failed for "
"host: {0}".format(self.host))
@@ -173,9 +184,9 @@ class connectionManager:
chan = remote_client.get_transport().open_session()
chan.get_pty()
- f = chan.makefile()
+ feed = chan.makefile()
chan.exec_command(com)
- print f.read()
+ print feed.read()
remote_client.close()
client.close()
@@ -186,10 +197,13 @@ class connectionManager:
reportname = self.args[2]
resultsname = self.args[3]
client = paramiko.SSHClient()
+ privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa')
+ selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Connection to overcloud
try:
- client.connect(INSTALLER_IP, port=22, username='stack')
+ client.connect(INSTALLER_IP, port=22, username='stack',
+ pkey=selectedkey)
except paramiko.SSHException:
logger.error("Authentication failed for "
"host: {0}".format(self.host))
diff --git a/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini b/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini
index 9d12fa27b..43b2e82d6 100644
--- a/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini
+++ b/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini
@@ -2,7 +2,7 @@
port = 22
user = stack
remotekey = /home/stack/.ssh/id_rsa
-localkey = /home/opnfv/.ssh/overCloudKey
+localkey = /root/.ssh/overCloudKey
[controller]
port = 22
diff --git a/testcases/security_scan/examples/xccdf-standard.ini b/testcases/security_scan/examples/xccdf-standard.ini
index 992ca7e34..bfbcf82d3 100644
--- a/testcases/security_scan/examples/xccdf-standard.ini
+++ b/testcases/security_scan/examples/xccdf-standard.ini
@@ -2,7 +2,7 @@
port = 22
user = stack
remotekey = /home/stack/.ssh/id_rsa
-localkey = /home/opnfv/.ssh/overCloudKey
+localkey = /root/.ssh/overCloudKey
[controller]
port = 22
diff --git a/testcases/security_scan/security_scan.py b/testcases/security_scan/security_scan.py
index 797b564d4..e6fc5a8ce 100644
--- a/testcases/security_scan/security_scan.py
+++ b/testcases/security_scan/security_scan.py
@@ -43,13 +43,13 @@ cfgparse.read(args.cfgfile)
# Grab Undercloud key
remotekey = cfgparse.get('undercloud', 'remotekey')
localkey = cfgparse.get('undercloud', 'localkey')
-setup = connect.setup(remotekey, localkey)
-setup.getOCKey()
+setup = connect.SetUp(remotekey, localkey)
+setup.getockey()
# Configure Nova Credentials
com = 'sudo hiera admin_password'
-setup = connect.setup(com)
+setup = connect.SetUp(com)
keypass = setup.keystonepass()
auth = v2.Password(auth_url='http://{0}:5000/v2.0'.format(INSTALLER_IP),
username='admin',
@@ -103,7 +103,7 @@ def createfiles(host, port, user, localkey):
localpath = os.getcwd() + '/scripts/createfiles.py'
remotepath = '/tmp/createfiles.py'
com = 'python /tmp/createfiles.py'
- connect = connect.connectionManager(host, port, user, localkey,
+ connect = connect.ConnectionManager(host, port, user, localkey,
localpath, remotepath, com)
tmpdir = connect.remotescript()
@@ -111,7 +111,7 @@ def createfiles(host, port, user, localkey):
def install_pkg(host, port, user, localkey):
import connect
com = 'sudo yum -y install openscap-scanner scap-security-guide'
- connect = connect.connectionManager(host, port, user, localkey, com)
+ connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
@@ -133,17 +133,17 @@ def run_scanner(host, port, user, localkey, nodetype):
report,
cpe,
secpolicy)
- connect = connect.connectionManager(host, port, user, localkey, com)
+ connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
elif scantype == 'oval':
com = '{0} oval eval --results {1}/{2} '
'--report {1}/{3} {4}'.format(oscapbin, tmpdir.rstrip(),
results, report, secpolicy)
- connect = connect.connectionManager(host, port, user, localkey, com)
+ connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
else:
com = '{0} oval-collect '.format(oscapbin)
- connect = connect.connectionManager(host, port, user, localkey, com)
+ connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
@@ -158,7 +158,7 @@ def post_tasks(host, port, user, localkey, nodetype):
report = cfgparse.get(nodetype, 'report')
results = cfgparse.get(nodetype, 'results')
reportfile = '{0}/{1}'.format(tmpdir.rstrip(), report)
- connect = connect.connectionManager(host, port, user, localkey, dl_folder,
+ connect = connect.ConnectionManager(host, port, user, localkey, dl_folder,
reportfile, report, results)
connect.download_reports()
@@ -166,14 +166,14 @@ def post_tasks(host, port, user, localkey, nodetype):
def removepkg(host, port, user, localkey, nodetype):
import connect
com = 'sudo yum -y remove openscap-scanner scap-security-guide'
- connect = connect.connectionManager(host, port, user, localkey, com)
+ connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
def cleandir(host, port, user, localkey, nodetype):
import connect
com = 'sudo rm -r {0}'.format(tmpdir.rstrip())
- connect = connect.connectionManager(host, port, user, localkey, com)
+ connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()