From 3b3804faa0f729827a09b396e9a0ed909644d2bd Mon Sep 17 00:00:00 2001 From: Luke Hinds Date: Mon, 13 Jun 2016 14:00:57 +0100 Subject: SSH key key type select improvements and jump host rename JIRA: FUNCTEST-310 Change-Id: I7adca57febfe8e6861d22de18858c6afd97b5199 Signed-off-by: Luke Hinds --- testcases/security_scan/config.ini | 2 +- testcases/security_scan/connect.py | 50 ++++++++++++++-------- .../examples/xccdf-rhel7-server-upstream.ini | 2 +- .../security_scan/examples/xccdf-standard.ini | 2 +- testcases/security_scan/security_scan.py | 22 +++++----- 5 files changed, 46 insertions(+), 32 deletions(-) (limited to 'testcases') diff --git a/testcases/security_scan/config.ini b/testcases/security_scan/config.ini index 992ca7e3..bfbcf82d 100644 --- a/testcases/security_scan/config.ini +++ b/testcases/security_scan/config.ini @@ -2,7 +2,7 @@ port = 22 user = stack remotekey = /home/stack/.ssh/id_rsa -localkey = /home/opnfv/.ssh/overCloudKey +localkey = /root/.ssh/overCloudKey [controller] port = 22 diff --git a/testcases/security_scan/connect.py b/testcases/security_scan/connect.py index cee83ddc..18ca96d8 100644 --- a/testcases/security_scan/connect.py +++ b/testcases/security_scan/connect.py @@ -24,16 +24,19 @@ logger = ft_logger.Logger("security_scan").getLogger() paramiko.util.log_to_file("/var/log/paramiko.log") -class setup: +class SetUp: def __init__(self, *args): self.args = args def keystonepass(self): com = self.args[0] client = paramiko.SSHClient() + privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa') + selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile) client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: - client.connect(INSTALLER_IP, port=22, username='stack') + client.connect(INSTALLER_IP, port=22, username='stack', + pkey=selectedkey) except paramiko.SSHException: logger.error("Password is invalid for " "undercloud host: {0}".format(INSTALLER_IP)) @@ -47,28 +50,30 @@ class setup: return stdout.read() client.close() - def getOCKey(self): + def getockey(self): remotekey = self.args[0] localkey = self.args[1] - client = paramiko.SSHClient() - client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) + privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa') + selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile) + transport = paramiko.Transport((INSTALLER_IP, 22)) + transport.connect(username='stack', pkey=selectedkey) try: - client.connect(INSTALLER_IP, port=22, username='stack') - sftp = client.open_sftp() - sftp.get(remotekey, localkey) + sftp = paramiko.SFTPClient.from_transport(transport) except paramiko.SSHException: logger.error("Authentication failed for " - "host: {0}".format(self.host)) + "host: {0}".format(INSTALLER_IP)) except paramiko.AuthenticationException: logger.error("Authentication failed for " - "host: {0}".format(self.host)) + "host: {0}".format(INSTALLER_IP)) except socket.error: logger.error("Socker Connection failed for " - "undercloud host: {0}".format(self.host)) - client.close() + "undercloud host: {0}".format(INSTALLER_IP)) + sftp.get(remotekey, localkey) + sftp.close() + transport.close() -class connectionManager: +class ConnectionManager: def __init__(self, host, port, user, localkey, *args): self.host = host self.port = port @@ -82,10 +87,13 @@ class connectionManager: com = self.args[2] client = paramiko.SSHClient() + privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa') + selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile) client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) # Connection to undercloud try: - client.connect(INSTALLER_IP, port=22, username='stack') + client.connect(INSTALLER_IP, port=22, username='stack', + pkey=selectedkey) except paramiko.SSHException: logger.error("Authentication failed for " "host: {0}".format(self.host)) @@ -136,10 +144,13 @@ class connectionManager: com = self.args[0] client = paramiko.SSHClient() + privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa') + selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile) client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) # Connection to undercloud try: - client.connect(INSTALLER_IP, port=22, username='stack') + client.connect(INSTALLER_IP, port=22, username='stack', + pkey=selectedkey) except paramiko.SSHException: logger.error("Authentication failed for " "host: {0}".format(self.host)) @@ -173,9 +184,9 @@ class connectionManager: chan = remote_client.get_transport().open_session() chan.get_pty() - f = chan.makefile() + feed = chan.makefile() chan.exec_command(com) - print f.read() + print feed.read() remote_client.close() client.close() @@ -186,10 +197,13 @@ class connectionManager: reportname = self.args[2] resultsname = self.args[3] client = paramiko.SSHClient() + privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa') + selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile) client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) # Connection to overcloud try: - client.connect(INSTALLER_IP, port=22, username='stack') + client.connect(INSTALLER_IP, port=22, username='stack', + pkey=selectedkey) except paramiko.SSHException: logger.error("Authentication failed for " "host: {0}".format(self.host)) diff --git a/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini b/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini index 9d12fa27..43b2e82d 100644 --- a/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini +++ b/testcases/security_scan/examples/xccdf-rhel7-server-upstream.ini @@ -2,7 +2,7 @@ port = 22 user = stack remotekey = /home/stack/.ssh/id_rsa -localkey = /home/opnfv/.ssh/overCloudKey +localkey = /root/.ssh/overCloudKey [controller] port = 22 diff --git a/testcases/security_scan/examples/xccdf-standard.ini b/testcases/security_scan/examples/xccdf-standard.ini index 992ca7e3..bfbcf82d 100644 --- a/testcases/security_scan/examples/xccdf-standard.ini +++ b/testcases/security_scan/examples/xccdf-standard.ini @@ -2,7 +2,7 @@ port = 22 user = stack remotekey = /home/stack/.ssh/id_rsa -localkey = /home/opnfv/.ssh/overCloudKey +localkey = /root/.ssh/overCloudKey [controller] port = 22 diff --git a/testcases/security_scan/security_scan.py b/testcases/security_scan/security_scan.py index 797b564d..e6fc5a8c 100644 --- a/testcases/security_scan/security_scan.py +++ b/testcases/security_scan/security_scan.py @@ -43,13 +43,13 @@ cfgparse.read(args.cfgfile) # Grab Undercloud key remotekey = cfgparse.get('undercloud', 'remotekey') localkey = cfgparse.get('undercloud', 'localkey') -setup = connect.setup(remotekey, localkey) -setup.getOCKey() +setup = connect.SetUp(remotekey, localkey) +setup.getockey() # Configure Nova Credentials com = 'sudo hiera admin_password' -setup = connect.setup(com) +setup = connect.SetUp(com) keypass = setup.keystonepass() auth = v2.Password(auth_url='http://{0}:5000/v2.0'.format(INSTALLER_IP), username='admin', @@ -103,7 +103,7 @@ def createfiles(host, port, user, localkey): localpath = os.getcwd() + '/scripts/createfiles.py' remotepath = '/tmp/createfiles.py' com = 'python /tmp/createfiles.py' - connect = connect.connectionManager(host, port, user, localkey, + connect = connect.ConnectionManager(host, port, user, localkey, localpath, remotepath, com) tmpdir = connect.remotescript() @@ -111,7 +111,7 @@ def createfiles(host, port, user, localkey): def install_pkg(host, port, user, localkey): import connect com = 'sudo yum -y install openscap-scanner scap-security-guide' - connect = connect.connectionManager(host, port, user, localkey, com) + connect = connect.ConnectionManager(host, port, user, localkey, com) connect.remotecmd() @@ -133,17 +133,17 @@ def run_scanner(host, port, user, localkey, nodetype): report, cpe, secpolicy) - connect = connect.connectionManager(host, port, user, localkey, com) + connect = connect.ConnectionManager(host, port, user, localkey, com) connect.remotecmd() elif scantype == 'oval': com = '{0} oval eval --results {1}/{2} ' '--report {1}/{3} {4}'.format(oscapbin, tmpdir.rstrip(), results, report, secpolicy) - connect = connect.connectionManager(host, port, user, localkey, com) + connect = connect.ConnectionManager(host, port, user, localkey, com) connect.remotecmd() else: com = '{0} oval-collect '.format(oscapbin) - connect = connect.connectionManager(host, port, user, localkey, com) + connect = connect.ConnectionManager(host, port, user, localkey, com) connect.remotecmd() @@ -158,7 +158,7 @@ def post_tasks(host, port, user, localkey, nodetype): report = cfgparse.get(nodetype, 'report') results = cfgparse.get(nodetype, 'results') reportfile = '{0}/{1}'.format(tmpdir.rstrip(), report) - connect = connect.connectionManager(host, port, user, localkey, dl_folder, + connect = connect.ConnectionManager(host, port, user, localkey, dl_folder, reportfile, report, results) connect.download_reports() @@ -166,14 +166,14 @@ def post_tasks(host, port, user, localkey, nodetype): def removepkg(host, port, user, localkey, nodetype): import connect com = 'sudo yum -y remove openscap-scanner scap-security-guide' - connect = connect.connectionManager(host, port, user, localkey, com) + connect = connect.ConnectionManager(host, port, user, localkey, com) connect.remotecmd() def cleandir(host, port, user, localkey, nodetype): import connect com = 'sudo rm -r {0}'.format(tmpdir.rstrip()) - connect = connect.connectionManager(host, port, user, localkey, com) + connect = connect.ConnectionManager(host, port, user, localkey, com) connect.remotecmd() -- cgit 1.2.3-korg