Audit on behalf changes for nsx eclipse
Change-Id: Id8b355b47502ef984b29d4077619cab6395f5275
This commit is contained in:
parent
2574cc9450
commit
437f3509b2
@ -75,6 +75,8 @@ SLEEP_BETWEEN_VIRTUAL_SEREVRS_OPEARTIONS = 120
|
||||
REDIRECT_TO_POOL = "REDIRECT_TO_POOL"
|
||||
REJECT = "REJECT"
|
||||
|
||||
#AUDIT LOG WAIT TIME
|
||||
AUDIT_WAIT_TIME = 300
|
||||
# ZONE Designate
|
||||
ZONE_WAIT_TIME = 120
|
||||
# VPN
|
||||
|
@ -19,6 +19,7 @@ from oslo_log import log as logging
|
||||
from tempest import config
|
||||
from tempest.lib import decorators
|
||||
|
||||
from vmware_nsx_tempest.common import constants as const
|
||||
from vmware_nsx_tempest.lib import feature_manager
|
||||
from vmware_nsx_tempest.services import nsx_client
|
||||
|
||||
@ -26,10 +27,6 @@ CONF = config.CONF
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
USERNAME = "UserName:'com.vmware.nsx.openstack'"
|
||||
|
||||
WAIT_TIME = 300
|
||||
|
||||
|
||||
class TestAuditSetUp(feature_manager.FeatureManager):
|
||||
|
||||
@ -78,25 +75,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
|
||||
audit_userid, audit_tenantid = self.get_user_id('network')
|
||||
#verify backend for audit log
|
||||
#Sleep: Takes a while for network info to be captured in the logs
|
||||
time.sleep(WAIT_TIME)
|
||||
time.sleep(const.AUDIT_WAIT_TIME)
|
||||
audit_info = self.nsx_client.get_audit_log_info(audit_network['id'])
|
||||
if audit_info['result_count'] == 0:
|
||||
LOG.error('No audit log matching the openstack network id %s'
|
||||
% audit_network['id'])
|
||||
raise Exception('No openstack network audit logs collected')
|
||||
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
|
||||
USERNAME]
|
||||
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
|
||||
for data in audit_info['results']:
|
||||
if "CreateLogicalSwitch" in data['full_log']:
|
||||
if all(x in data['full_log'] for x in match_str):
|
||||
LOG.info('Audit log captured for openstack user:%s \
|
||||
creating logical switch:%s'
|
||||
if match_str in data['full_log']:
|
||||
LOG.info('Audit log captured for openstack user:%s '
|
||||
'creating logical switch:%s'
|
||||
% (audit_userid, audit_network['id']))
|
||||
self.success = 1
|
||||
break
|
||||
if self.success != 1:
|
||||
raise Exception('Create network log does not contain entry for \
|
||||
openstack user id %s' % audit_userid)
|
||||
raise Exception('Create network log does not contain entry for'
|
||||
'openstack user id %s' % audit_userid)
|
||||
|
||||
@decorators.idempotent_id('a35ce30e-09dd-4c22-bcb7-06ae42a0bd18')
|
||||
def test_audit_log_update_network(self):
|
||||
@ -113,25 +109,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
|
||||
updated_ntwk = self.update_topology_network(audit_network['id'],
|
||||
**updated_network_body)
|
||||
self.assertEqual(updated_ntwk['network']['name'], updated_name)
|
||||
time.sleep(WAIT_TIME)
|
||||
time.sleep(const.AUDIT_WAIT_TIME)
|
||||
audit_info = self.nsx_client.get_audit_log_info(audit_network['id'])
|
||||
if audit_info['result_count'] == 0:
|
||||
LOG.error('No audit log matching the openstack \
|
||||
network id %s' % audit_network['id'])
|
||||
LOG.error('No audit log matching the openstack'
|
||||
' network id %s' % audit_network['id'])
|
||||
raise Exception('No openstack network audit logs collected')
|
||||
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
|
||||
USERNAME]
|
||||
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
|
||||
for data in audit_info['results']:
|
||||
if "UpdateLogicalSwitch" in data['full_log']:
|
||||
if all(x in data['full_log'] for x in match_str):
|
||||
if match_str in data['full_log']:
|
||||
self.success = 1
|
||||
LOG.info('Audit log captured for openstack user:%s \
|
||||
updating logical switch:%s'
|
||||
LOG.info('Audit log captured for openstack user:%s'
|
||||
' updating logical switch:%s'
|
||||
% (audit_userid, audit_network['id']))
|
||||
break
|
||||
if self.success != 1:
|
||||
raise Exception("Update network log does not contain entry \
|
||||
for openstack user id %s" % audit_userid)
|
||||
raise Exception("Update network log does not contain entry"
|
||||
" for openstack user id %s" % audit_userid)
|
||||
|
||||
@decorators.idempotent_id('c95856d1-f8df-4373-ae8d-1272aa58f867')
|
||||
def test_audit_log_delete_network(self):
|
||||
@ -144,25 +139,26 @@ class TestAuditOnBehalf(TestAuditSetUp):
|
||||
audit_userid, audit_tenantid = self.get_user_id('network')
|
||||
# delete the network
|
||||
self.delete_topology_network(audit_network['id'])
|
||||
time.sleep(WAIT_TIME)
|
||||
audit_info = self.nsx_client.get_audit_log_info(str(audit_userid))
|
||||
time.sleep(const.AUDIT_WAIT_TIME)
|
||||
filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
|
||||
audit_info = self.nsx_client.get_audit_log_info(filter_str)
|
||||
if audit_info['result_count'] == 0:
|
||||
LOG.error('No audit log matching delete operation \
|
||||
of openstack network id %s' % audit_network['id'])
|
||||
LOG.error('No audit log matching delete operation'
|
||||
'of openstack network id %s' % audit_network['id'])
|
||||
raise Exception('No openstack network audit logs collected')
|
||||
match_str = ['DeleteLogicalSwitch', USERNAME]
|
||||
match_str = 'DeleteLogicalSwitch'
|
||||
for data in audit_info['results']:
|
||||
if all(x in data['full_log'] for x in match_str):
|
||||
if match_str in data['full_log']:
|
||||
self.success = 1
|
||||
LOG.info('Audit log captured for openstack user:%s \
|
||||
deleting logical switch:%s'
|
||||
LOG.info('Audit log captured for openstack user:%s'
|
||||
'deleting logical switch:%s'
|
||||
% (audit_userid, audit_network['id']))
|
||||
else:
|
||||
continue
|
||||
break
|
||||
if self.success != 1:
|
||||
raise Exception('Delete log does not contain entry for \
|
||||
the openstack user id %s' % audit_userid)
|
||||
raise Exception('Delete log does not contain entry for'
|
||||
'the openstack user id %s' % audit_userid)
|
||||
|
||||
@decorators.idempotent_id('11617fd0-6052-4b39-be20-a3f981ea2636')
|
||||
def test_audit_log_create_router(self):
|
||||
@ -175,25 +171,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
|
||||
audit_userid, audit_tenantid = self.get_user_id('router')
|
||||
#verify backend for audit log
|
||||
#Sleep: Takes a while for router info to be captured in the logs
|
||||
time.sleep(WAIT_TIME)
|
||||
time.sleep(const.AUDIT_WAIT_TIME)
|
||||
audit_info = self.nsx_client.get_audit_log_info(audit_router['id'])
|
||||
if audit_info['result_count'] == 0:
|
||||
LOG.error('No audit log matching the openstack router id %s'
|
||||
% audit_router['id'])
|
||||
raise Exception('No openstack router audit logs collected')
|
||||
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
|
||||
USERNAME]
|
||||
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
|
||||
for data in audit_info['results']:
|
||||
if "CreateLogicalRouter" in data['full_log']:
|
||||
if all(x in data['full_log'] for x in match_str):
|
||||
LOG.info('Audit log captured for openstack user:%s \
|
||||
creating logical router:%s'
|
||||
if match_str in data['full_log']:
|
||||
LOG.info('Audit log captured for openstack user:%s'
|
||||
'creating logical router:%s'
|
||||
% (audit_userid, audit_router['id']))
|
||||
self.success = 1
|
||||
break
|
||||
if self.success != 1:
|
||||
raise Exception('Create router log does not contain entry \
|
||||
for openstack user id %s' % audit_userid)
|
||||
raise Exception('Create router log does not contain entry'
|
||||
'for openstack user id %s' % audit_userid)
|
||||
|
||||
@decorators.idempotent_id('909d6970-53c6-4402-a3f1-1ff3dc733209')
|
||||
def test_audit_log_update_router(self):
|
||||
@ -210,25 +205,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
|
||||
updated_rtr = self.update_topology_router(audit_router['id'],
|
||||
**updated_rtr_body)
|
||||
self.assertEqual(updated_rtr['router']['name'], updated_name)
|
||||
time.sleep(WAIT_TIME)
|
||||
time.sleep(const.AUDIT_WAIT_TIME)
|
||||
audit_info = self.nsx_client.get_audit_log_info(audit_router['id'])
|
||||
if audit_info['result_count'] == 0:
|
||||
LOG.error('No audit log matching the openstack \
|
||||
router id %s' % audit_router['id'])
|
||||
LOG.error('No audit log matching the openstack'
|
||||
'router id %s' % audit_router['id'])
|
||||
raise Exception('No openstack router audit logs collected')
|
||||
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
|
||||
USERNAME]
|
||||
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
|
||||
for data in audit_info['results']:
|
||||
if "UpdateLogicalRouter" in data['full_log']:
|
||||
if all(x in data['full_log'] for x in match_str):
|
||||
if match_str in data['full_log']:
|
||||
self.success = 1
|
||||
LOG.info('Audit log captured for openstack user:%s \
|
||||
updating logical router:%s'
|
||||
LOG.info('Audit log captured for openstack user:%s'
|
||||
'updating logical router:%s'
|
||||
% (audit_userid, audit_router['id']))
|
||||
break
|
||||
if self.success != 1:
|
||||
raise Exception("Update router log does not contain entry \
|
||||
for openstack user id %s" % audit_userid)
|
||||
raise Exception("Update router log does not contain entry"
|
||||
"for openstack user id %s" % audit_userid)
|
||||
|
||||
@decorators.idempotent_id('90761c77-ab7b-44c5-9974-cfc922c00d07')
|
||||
def test_audit_log_delete_router(self):
|
||||
@ -241,18 +235,19 @@ class TestAuditOnBehalf(TestAuditSetUp):
|
||||
audit_userid, audit_tenantid = self.get_user_id('router')
|
||||
# delete the network
|
||||
self.delete_topology_router(audit_router['id'])
|
||||
time.sleep(WAIT_TIME)
|
||||
audit_info = self.nsx_client.get_audit_log_info(str(audit_userid))
|
||||
time.sleep(const.AUDIT_WAIT_TIME)
|
||||
filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
|
||||
audit_info = self.nsx_client.get_audit_log_info(filter_str)
|
||||
if audit_info['result_count'] == 0:
|
||||
LOG.error('No audit log matching delete operation \
|
||||
of openstack router id %s' % audit_router['id'])
|
||||
LOG.error('No audit log matching delete operation'
|
||||
'of openstack router id %s' % audit_router['id'])
|
||||
raise Exception('No openstack router audit logs collected')
|
||||
match_str = ['DeleteLogicalRouter', USERNAME]
|
||||
match_str = 'DeleteLogicalRouter'
|
||||
for data in audit_info['results']:
|
||||
if all(x in data['full_log'] for x in match_str):
|
||||
if match_str in data['full_log']:
|
||||
self.success = 1
|
||||
LOG.info('Audit log captured for openstack user:%s \
|
||||
deleting logical router:%s' %
|
||||
LOG.info('Audit log captured for openstack user:%s'
|
||||
'deleting logical router:%s' %
|
||||
(audit_userid, audit_router['id']))
|
||||
break
|
||||
else:
|
||||
@ -272,25 +267,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
|
||||
audit_userid, audit_tenantid = self.get_user_id('sg')
|
||||
#verify backend for audit log
|
||||
#Sleep: Takes a while for sg info to be captured in the logs
|
||||
time.sleep(WAIT_TIME)
|
||||
time.sleep(const.AUDIT_WAIT_TIME)
|
||||
audit_info = self.nsx_client.get_audit_log_info(audit_sg['id'])
|
||||
if audit_info['result_count'] == 0:
|
||||
LOG.error('No audit log matching the openstack sg id %s'
|
||||
% audit_sg['id'])
|
||||
raise Exception('No openstack sg audit logs collected')
|
||||
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
|
||||
USERNAME]
|
||||
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
|
||||
for data in audit_info['results']:
|
||||
if "CreateNSGroup" in data['full_log']:
|
||||
if all(x in data['full_log'] for x in match_str):
|
||||
LOG.info('Audit log captured for openstack user:%s \
|
||||
creating security group:%s'
|
||||
if match_str in data['full_log']:
|
||||
LOG.info('Audit log captured for openstack user:%s '
|
||||
'creating security group:%s'
|
||||
% (audit_userid, audit_sg['id']))
|
||||
self.success = 1
|
||||
break
|
||||
if self.success != 1:
|
||||
raise Exception('Create security group log does not contain entry \
|
||||
for openstack user id %s' % audit_userid)
|
||||
raise Exception('Create security group log does not contain entry '
|
||||
'for openstack user id %s' % audit_userid)
|
||||
|
||||
@decorators.idempotent_id('76bd1ad0-4ecd-47e8-99f9-fb88a8058ff4')
|
||||
def test_audit_log_update_security_group(self):
|
||||
@ -307,25 +301,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
|
||||
updated_sg = self.update_topology_security_group(audit_sg['id'],
|
||||
**updated_sg_body)
|
||||
self.assertEqual(updated_sg['security_group']['name'], updated_name)
|
||||
time.sleep(WAIT_TIME)
|
||||
time.sleep(const.AUDIT_WAIT_TIME)
|
||||
audit_info = self.nsx_client.get_audit_log_info(audit_sg['id'])
|
||||
if audit_info['result_count'] == 0:
|
||||
LOG.error('No audit log matching the openstack \
|
||||
security group id %s' % audit_sg['id'])
|
||||
LOG.error('No audit log matching the openstack'
|
||||
' security group id %s' % audit_sg['id'])
|
||||
raise Exception('No openstack security group audit logs collected')
|
||||
match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
|
||||
USERNAME]
|
||||
match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
|
||||
for data in audit_info['results']:
|
||||
if "UpdateNSGroup" in data['full_log']:
|
||||
if all(x in data['full_log'] for x in match_str):
|
||||
if match_str in data['full_log']:
|
||||
self.success = 1
|
||||
LOG.info('Audit log captured for openstack user:%s \
|
||||
updating security group:%s'
|
||||
LOG.info('Audit log captured for openstack user:%s'
|
||||
' updating security group:%s'
|
||||
% (audit_userid, audit_sg['id']))
|
||||
break
|
||||
if self.success != 1:
|
||||
raise Exception("Update sg log does not contain entry \
|
||||
for openstack user id %s" % audit_userid)
|
||||
raise Exception("Update sg log does not contain entry"
|
||||
" for openstack user id %s" % audit_userid)
|
||||
|
||||
@decorators.idempotent_id('a20bebc7-5773-4086-9ccc-54d8548e37ae')
|
||||
def test_audit_log_delete_security_group(self):
|
||||
@ -338,18 +331,19 @@ class TestAuditOnBehalf(TestAuditSetUp):
|
||||
audit_userid, audit_tenantid = self.get_user_id('sg')
|
||||
# delete the security group
|
||||
self.delete_topology_security_group(audit_sg['id'])
|
||||
time.sleep(WAIT_TIME)
|
||||
audit_info = self.nsx_client.get_audit_log_info(str(audit_userid))
|
||||
time.sleep(const.AUDIT_WAIT_TIME)
|
||||
filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
|
||||
audit_info = self.nsx_client.get_audit_log_info(filter_str)
|
||||
if audit_info['result_count'] == 0:
|
||||
LOG.error('No audit log matching delete operation \
|
||||
of openstack security group id %s' % audit_sg['id'])
|
||||
LOG.error('No audit log matching delete operation'
|
||||
' of openstack security group id %s' % audit_sg['id'])
|
||||
raise Exception('No openstack security group logs collected')
|
||||
match_str = ['DeleteNSGroup', USERNAME]
|
||||
match_str = 'DeleteNSGroup'
|
||||
for data in audit_info['results']:
|
||||
if all(x in data['full_log'] for x in match_str):
|
||||
if match_str in data['full_log']:
|
||||
self.success = 1
|
||||
LOG.info('Audit log captured for openstack user:%s \
|
||||
deleting security group:%s' %
|
||||
LOG.info('Audit log captured for openstack user:%s'
|
||||
' deleting security group:%s' %
|
||||
(audit_userid, audit_sg['id']))
|
||||
break
|
||||
else:
|
||||
|
Loading…
Reference in New Issue
Block a user