Audit on behalf changes for nsx eclipse

Change-Id: Id8b355b47502ef984b29d4077619cab6395f5275
This commit is contained in:
Deepthi Kandavara Jayarama 2018-07-02 17:36:39 +00:00
parent 2574cc9450
commit 437f3509b2
2 changed files with 80 additions and 84 deletions

View File

@ -75,6 +75,8 @@ SLEEP_BETWEEN_VIRTUAL_SEREVRS_OPEARTIONS = 120
REDIRECT_TO_POOL = "REDIRECT_TO_POOL"
REJECT = "REJECT"
#AUDIT LOG WAIT TIME
AUDIT_WAIT_TIME = 300
# ZONE Designate
ZONE_WAIT_TIME = 120
# VPN

View File

@ -19,6 +19,7 @@ from oslo_log import log as logging
from tempest import config
from tempest.lib import decorators
from vmware_nsx_tempest.common import constants as const
from vmware_nsx_tempest.lib import feature_manager
from vmware_nsx_tempest.services import nsx_client
@ -26,10 +27,6 @@ CONF = config.CONF
LOG = logging.getLogger(__name__)
USERNAME = "UserName:'com.vmware.nsx.openstack'"
WAIT_TIME = 300
class TestAuditSetUp(feature_manager.FeatureManager):
@ -78,25 +75,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
audit_userid, audit_tenantid = self.get_user_id('network')
#verify backend for audit log
#Sleep: Takes a while for network info to be captured in the logs
time.sleep(WAIT_TIME)
time.sleep(const.AUDIT_WAIT_TIME)
audit_info = self.nsx_client.get_audit_log_info(audit_network['id'])
if audit_info['result_count'] == 0:
LOG.error('No audit log matching the openstack network id %s'
% audit_network['id'])
raise Exception('No openstack network audit logs collected')
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
USERNAME]
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
for data in audit_info['results']:
if "CreateLogicalSwitch" in data['full_log']:
if all(x in data['full_log'] for x in match_str):
LOG.info('Audit log captured for openstack user:%s \
creating logical switch:%s'
if match_str in data['full_log']:
LOG.info('Audit log captured for openstack user:%s '
'creating logical switch:%s'
% (audit_userid, audit_network['id']))
self.success = 1
break
if self.success != 1:
raise Exception('Create network log does not contain entry for \
openstack user id %s' % audit_userid)
raise Exception('Create network log does not contain entry for'
'openstack user id %s' % audit_userid)
@decorators.idempotent_id('a35ce30e-09dd-4c22-bcb7-06ae42a0bd18')
def test_audit_log_update_network(self):
@ -113,25 +109,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
updated_ntwk = self.update_topology_network(audit_network['id'],
**updated_network_body)
self.assertEqual(updated_ntwk['network']['name'], updated_name)
time.sleep(WAIT_TIME)
time.sleep(const.AUDIT_WAIT_TIME)
audit_info = self.nsx_client.get_audit_log_info(audit_network['id'])
if audit_info['result_count'] == 0:
LOG.error('No audit log matching the openstack \
network id %s' % audit_network['id'])
LOG.error('No audit log matching the openstack'
' network id %s' % audit_network['id'])
raise Exception('No openstack network audit logs collected')
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
USERNAME]
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
for data in audit_info['results']:
if "UpdateLogicalSwitch" in data['full_log']:
if all(x in data['full_log'] for x in match_str):
if match_str in data['full_log']:
self.success = 1
LOG.info('Audit log captured for openstack user:%s \
updating logical switch:%s'
LOG.info('Audit log captured for openstack user:%s'
' updating logical switch:%s'
% (audit_userid, audit_network['id']))
break
if self.success != 1:
raise Exception("Update network log does not contain entry \
for openstack user id %s" % audit_userid)
raise Exception("Update network log does not contain entry"
" for openstack user id %s" % audit_userid)
@decorators.idempotent_id('c95856d1-f8df-4373-ae8d-1272aa58f867')
def test_audit_log_delete_network(self):
@ -144,25 +139,26 @@ class TestAuditOnBehalf(TestAuditSetUp):
audit_userid, audit_tenantid = self.get_user_id('network')
# delete the network
self.delete_topology_network(audit_network['id'])
time.sleep(WAIT_TIME)
audit_info = self.nsx_client.get_audit_log_info(str(audit_userid))
time.sleep(const.AUDIT_WAIT_TIME)
filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
audit_info = self.nsx_client.get_audit_log_info(filter_str)
if audit_info['result_count'] == 0:
LOG.error('No audit log matching delete operation \
of openstack network id %s' % audit_network['id'])
LOG.error('No audit log matching delete operation'
'of openstack network id %s' % audit_network['id'])
raise Exception('No openstack network audit logs collected')
match_str = ['DeleteLogicalSwitch', USERNAME]
match_str = 'DeleteLogicalSwitch'
for data in audit_info['results']:
if all(x in data['full_log'] for x in match_str):
if match_str in data['full_log']:
self.success = 1
LOG.info('Audit log captured for openstack user:%s \
deleting logical switch:%s'
LOG.info('Audit log captured for openstack user:%s'
'deleting logical switch:%s'
% (audit_userid, audit_network['id']))
else:
continue
break
if self.success != 1:
raise Exception('Delete log does not contain entry for \
the openstack user id %s' % audit_userid)
raise Exception('Delete log does not contain entry for'
'the openstack user id %s' % audit_userid)
@decorators.idempotent_id('11617fd0-6052-4b39-be20-a3f981ea2636')
def test_audit_log_create_router(self):
@ -175,25 +171,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
audit_userid, audit_tenantid = self.get_user_id('router')
#verify backend for audit log
#Sleep: Takes a while for router info to be captured in the logs
time.sleep(WAIT_TIME)
time.sleep(const.AUDIT_WAIT_TIME)
audit_info = self.nsx_client.get_audit_log_info(audit_router['id'])
if audit_info['result_count'] == 0:
LOG.error('No audit log matching the openstack router id %s'
% audit_router['id'])
raise Exception('No openstack router audit logs collected')
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
USERNAME]
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
for data in audit_info['results']:
if "CreateLogicalRouter" in data['full_log']:
if all(x in data['full_log'] for x in match_str):
LOG.info('Audit log captured for openstack user:%s \
creating logical router:%s'
if match_str in data['full_log']:
LOG.info('Audit log captured for openstack user:%s'
'creating logical router:%s'
% (audit_userid, audit_router['id']))
self.success = 1
break
if self.success != 1:
raise Exception('Create router log does not contain entry \
for openstack user id %s' % audit_userid)
raise Exception('Create router log does not contain entry'
'for openstack user id %s' % audit_userid)
@decorators.idempotent_id('909d6970-53c6-4402-a3f1-1ff3dc733209')
def test_audit_log_update_router(self):
@ -210,25 +205,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
updated_rtr = self.update_topology_router(audit_router['id'],
**updated_rtr_body)
self.assertEqual(updated_rtr['router']['name'], updated_name)
time.sleep(WAIT_TIME)
time.sleep(const.AUDIT_WAIT_TIME)
audit_info = self.nsx_client.get_audit_log_info(audit_router['id'])
if audit_info['result_count'] == 0:
LOG.error('No audit log matching the openstack \
router id %s' % audit_router['id'])
LOG.error('No audit log matching the openstack'
'router id %s' % audit_router['id'])
raise Exception('No openstack router audit logs collected')
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
USERNAME]
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
for data in audit_info['results']:
if "UpdateLogicalRouter" in data['full_log']:
if all(x in data['full_log'] for x in match_str):
if match_str in data['full_log']:
self.success = 1
LOG.info('Audit log captured for openstack user:%s \
updating logical router:%s'
LOG.info('Audit log captured for openstack user:%s'
'updating logical router:%s'
% (audit_userid, audit_router['id']))
break
if self.success != 1:
raise Exception("Update router log does not contain entry \
for openstack user id %s" % audit_userid)
raise Exception("Update router log does not contain entry"
"for openstack user id %s" % audit_userid)
@decorators.idempotent_id('90761c77-ab7b-44c5-9974-cfc922c00d07')
def test_audit_log_delete_router(self):
@ -241,18 +235,19 @@ class TestAuditOnBehalf(TestAuditSetUp):
audit_userid, audit_tenantid = self.get_user_id('router')
# delete the network
self.delete_topology_router(audit_router['id'])
time.sleep(WAIT_TIME)
audit_info = self.nsx_client.get_audit_log_info(str(audit_userid))
time.sleep(const.AUDIT_WAIT_TIME)
filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
audit_info = self.nsx_client.get_audit_log_info(filter_str)
if audit_info['result_count'] == 0:
LOG.error('No audit log matching delete operation \
of openstack router id %s' % audit_router['id'])
LOG.error('No audit log matching delete operation'
'of openstack router id %s' % audit_router['id'])
raise Exception('No openstack router audit logs collected')
match_str = ['DeleteLogicalRouter', USERNAME]
match_str = 'DeleteLogicalRouter'
for data in audit_info['results']:
if all(x in data['full_log'] for x in match_str):
if match_str in data['full_log']:
self.success = 1
LOG.info('Audit log captured for openstack user:%s \
deleting logical router:%s' %
LOG.info('Audit log captured for openstack user:%s'
'deleting logical router:%s' %
(audit_userid, audit_router['id']))
break
else:
@ -272,25 +267,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
audit_userid, audit_tenantid = self.get_user_id('sg')
#verify backend for audit log
#Sleep: Takes a while for sg info to be captured in the logs
time.sleep(WAIT_TIME)
time.sleep(const.AUDIT_WAIT_TIME)
audit_info = self.nsx_client.get_audit_log_info(audit_sg['id'])
if audit_info['result_count'] == 0:
LOG.error('No audit log matching the openstack sg id %s'
% audit_sg['id'])
raise Exception('No openstack sg audit logs collected')
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
USERNAME]
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
for data in audit_info['results']:
if "CreateNSGroup" in data['full_log']:
if all(x in data['full_log'] for x in match_str):
LOG.info('Audit log captured for openstack user:%s \
creating security group:%s'
if match_str in data['full_log']:
LOG.info('Audit log captured for openstack user:%s '
'creating security group:%s'
% (audit_userid, audit_sg['id']))
self.success = 1
break
if self.success != 1:
raise Exception('Create security group log does not contain entry \
for openstack user id %s' % audit_userid)
raise Exception('Create security group log does not contain entry '
'for openstack user id %s' % audit_userid)
@decorators.idempotent_id('76bd1ad0-4ecd-47e8-99f9-fb88a8058ff4')
def test_audit_log_update_security_group(self):
@ -307,25 +301,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
updated_sg = self.update_topology_security_group(audit_sg['id'],
**updated_sg_body)
self.assertEqual(updated_sg['security_group']['name'], updated_name)
time.sleep(WAIT_TIME)
time.sleep(const.AUDIT_WAIT_TIME)
audit_info = self.nsx_client.get_audit_log_info(audit_sg['id'])
if audit_info['result_count'] == 0:
LOG.error('No audit log matching the openstack \
security group id %s' % audit_sg['id'])
LOG.error('No audit log matching the openstack'
' security group id %s' % audit_sg['id'])
raise Exception('No openstack security group audit logs collected')
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
USERNAME]
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
for data in audit_info['results']:
if "UpdateNSGroup" in data['full_log']:
if all(x in data['full_log'] for x in match_str):
if match_str in data['full_log']:
self.success = 1
LOG.info('Audit log captured for openstack user:%s \
updating security group:%s'
LOG.info('Audit log captured for openstack user:%s'
' updating security group:%s'
% (audit_userid, audit_sg['id']))
break
if self.success != 1:
raise Exception("Update sg log does not contain entry \
for openstack user id %s" % audit_userid)
raise Exception("Update sg log does not contain entry"
" for openstack user id %s" % audit_userid)
@decorators.idempotent_id('a20bebc7-5773-4086-9ccc-54d8548e37ae')
def test_audit_log_delete_security_group(self):
@ -338,18 +331,19 @@ class TestAuditOnBehalf(TestAuditSetUp):
audit_userid, audit_tenantid = self.get_user_id('sg')
# delete the security group
self.delete_topology_security_group(audit_sg['id'])
time.sleep(WAIT_TIME)
audit_info = self.nsx_client.get_audit_log_info(str(audit_userid))
time.sleep(const.AUDIT_WAIT_TIME)
filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
audit_info = self.nsx_client.get_audit_log_info(filter_str)
if audit_info['result_count'] == 0:
LOG.error('No audit log matching delete operation \
of openstack security group id %s' % audit_sg['id'])
LOG.error('No audit log matching delete operation'
' of openstack security group id %s' % audit_sg['id'])
raise Exception('No openstack security group logs collected')
match_str = ['DeleteNSGroup', USERNAME]
match_str = 'DeleteNSGroup'
for data in audit_info['results']:
if all(x in data['full_log'] for x in match_str):
if match_str in data['full_log']:
self.success = 1
LOG.info('Audit log captured for openstack user:%s \
deleting security group:%s' %
LOG.info('Audit log captured for openstack user:%s'
' deleting security group:%s' %
(audit_userid, audit_sg['id']))
break
else: