From 437f3509b283233e0dff6fae08e0f104cd5c4b20 Mon Sep 17 00:00:00 2001 From: Deepthi Kandavara Jayarama Date: Mon, 2 Jul 2018 17:36:39 +0000 Subject: [PATCH] Audit on behalf changes for nsx eclipse Change-Id: Id8b355b47502ef984b29d4077619cab6395f5275 --- vmware_nsx_tempest/common/constants.py | 2 + .../nsxv3/scenario/test_audit_on_behalf.py | 162 +++++++++--------- 2 files changed, 80 insertions(+), 84 deletions(-) diff --git a/vmware_nsx_tempest/common/constants.py b/vmware_nsx_tempest/common/constants.py index 925438b..dcd68ae 100644 --- a/vmware_nsx_tempest/common/constants.py +++ b/vmware_nsx_tempest/common/constants.py @@ -75,6 +75,8 @@ SLEEP_BETWEEN_VIRTUAL_SEREVRS_OPEARTIONS = 120 REDIRECT_TO_POOL = "REDIRECT_TO_POOL" REJECT = "REJECT" +#AUDIT LOG WAIT TIME +AUDIT_WAIT_TIME = 300 # ZONE Designate ZONE_WAIT_TIME = 120 # VPN diff --git a/vmware_nsx_tempest/tests/nsxv3/scenario/test_audit_on_behalf.py b/vmware_nsx_tempest/tests/nsxv3/scenario/test_audit_on_behalf.py index a4d5bd8..fb6bc95 100644 --- a/vmware_nsx_tempest/tests/nsxv3/scenario/test_audit_on_behalf.py +++ b/vmware_nsx_tempest/tests/nsxv3/scenario/test_audit_on_behalf.py @@ -19,6 +19,7 @@ from oslo_log import log as logging from tempest import config from tempest.lib import decorators +from vmware_nsx_tempest.common import constants as const from vmware_nsx_tempest.lib import feature_manager from vmware_nsx_tempest.services import nsx_client @@ -26,10 +27,6 @@ CONF = config.CONF LOG = logging.getLogger(__name__) -USERNAME = "UserName:'com.vmware.nsx.openstack'" - -WAIT_TIME = 300 - class TestAuditSetUp(feature_manager.FeatureManager): @@ -78,25 +75,24 @@ class TestAuditOnBehalf(TestAuditSetUp): audit_userid, audit_tenantid = self.get_user_id('network') #verify backend for audit log #Sleep: Takes a while for network info to be captured in the logs - time.sleep(WAIT_TIME) + time.sleep(const.AUDIT_WAIT_TIME) audit_info = self.nsx_client.get_audit_log_info(audit_network['id']) if audit_info['result_count'] == 0: LOG.error('No audit log matching the openstack network id %s' % audit_network['id']) raise Exception('No openstack network audit logs collected') - match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)), - USERNAME] + match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid) for data in audit_info['results']: if "CreateLogicalSwitch" in data['full_log']: - if all(x in data['full_log'] for x in match_str): - LOG.info('Audit log captured for openstack user:%s \ - creating logical switch:%s' + if match_str in data['full_log']: + LOG.info('Audit log captured for openstack user:%s ' + 'creating logical switch:%s' % (audit_userid, audit_network['id'])) self.success = 1 break if self.success != 1: - raise Exception('Create network log does not contain entry for \ - openstack user id %s' % audit_userid) + raise Exception('Create network log does not contain entry for' + 'openstack user id %s' % audit_userid) @decorators.idempotent_id('a35ce30e-09dd-4c22-bcb7-06ae42a0bd18') def test_audit_log_update_network(self): @@ -113,25 +109,24 @@ class TestAuditOnBehalf(TestAuditSetUp): updated_ntwk = self.update_topology_network(audit_network['id'], **updated_network_body) self.assertEqual(updated_ntwk['network']['name'], updated_name) - time.sleep(WAIT_TIME) + time.sleep(const.AUDIT_WAIT_TIME) audit_info = self.nsx_client.get_audit_log_info(audit_network['id']) if audit_info['result_count'] == 0: - LOG.error('No audit log matching the openstack \ - network id %s' % audit_network['id']) + LOG.error('No audit log matching the openstack' + ' network id %s' % audit_network['id']) raise Exception('No openstack network audit logs collected') - match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)), - USERNAME] + match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid) for data in audit_info['results']: if "UpdateLogicalSwitch" in data['full_log']: - if all(x in data['full_log'] for x in match_str): + if match_str in data['full_log']: self.success = 1 - LOG.info('Audit log captured for openstack user:%s \ - updating logical switch:%s' + LOG.info('Audit log captured for openstack user:%s' + ' updating logical switch:%s' % (audit_userid, audit_network['id'])) break if self.success != 1: - raise Exception("Update network log does not contain entry \ - for openstack user id %s" % audit_userid) + raise Exception("Update network log does not contain entry" + " for openstack user id %s" % audit_userid) @decorators.idempotent_id('c95856d1-f8df-4373-ae8d-1272aa58f867') def test_audit_log_delete_network(self): @@ -144,25 +139,26 @@ class TestAuditOnBehalf(TestAuditSetUp): audit_userid, audit_tenantid = self.get_user_id('network') # delete the network self.delete_topology_network(audit_network['id']) - time.sleep(WAIT_TIME) - audit_info = self.nsx_client.get_audit_log_info(str(audit_userid)) + time.sleep(const.AUDIT_WAIT_TIME) + filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid) + audit_info = self.nsx_client.get_audit_log_info(filter_str) if audit_info['result_count'] == 0: - LOG.error('No audit log matching delete operation \ - of openstack network id %s' % audit_network['id']) + LOG.error('No audit log matching delete operation' + 'of openstack network id %s' % audit_network['id']) raise Exception('No openstack network audit logs collected') - match_str = ['DeleteLogicalSwitch', USERNAME] + match_str = 'DeleteLogicalSwitch' for data in audit_info['results']: - if all(x in data['full_log'] for x in match_str): + if match_str in data['full_log']: self.success = 1 - LOG.info('Audit log captured for openstack user:%s \ - deleting logical switch:%s' + LOG.info('Audit log captured for openstack user:%s' + 'deleting logical switch:%s' % (audit_userid, audit_network['id'])) else: continue break if self.success != 1: - raise Exception('Delete log does not contain entry for \ - the openstack user id %s' % audit_userid) + raise Exception('Delete log does not contain entry for' + 'the openstack user id %s' % audit_userid) @decorators.idempotent_id('11617fd0-6052-4b39-be20-a3f981ea2636') def test_audit_log_create_router(self): @@ -175,25 +171,24 @@ class TestAuditOnBehalf(TestAuditSetUp): audit_userid, audit_tenantid = self.get_user_id('router') #verify backend for audit log #Sleep: Takes a while for router info to be captured in the logs - time.sleep(WAIT_TIME) + time.sleep(const.AUDIT_WAIT_TIME) audit_info = self.nsx_client.get_audit_log_info(audit_router['id']) if audit_info['result_count'] == 0: LOG.error('No audit log matching the openstack router id %s' % audit_router['id']) raise Exception('No openstack router audit logs collected') - match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)), - USERNAME] + match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid) for data in audit_info['results']: if "CreateLogicalRouter" in data['full_log']: - if all(x in data['full_log'] for x in match_str): - LOG.info('Audit log captured for openstack user:%s \ - creating logical router:%s' + if match_str in data['full_log']: + LOG.info('Audit log captured for openstack user:%s' + 'creating logical router:%s' % (audit_userid, audit_router['id'])) self.success = 1 break if self.success != 1: - raise Exception('Create router log does not contain entry \ - for openstack user id %s' % audit_userid) + raise Exception('Create router log does not contain entry' + 'for openstack user id %s' % audit_userid) @decorators.idempotent_id('909d6970-53c6-4402-a3f1-1ff3dc733209') def test_audit_log_update_router(self): @@ -210,25 +205,24 @@ class TestAuditOnBehalf(TestAuditSetUp): updated_rtr = self.update_topology_router(audit_router['id'], **updated_rtr_body) self.assertEqual(updated_rtr['router']['name'], updated_name) - time.sleep(WAIT_TIME) + time.sleep(const.AUDIT_WAIT_TIME) audit_info = self.nsx_client.get_audit_log_info(audit_router['id']) if audit_info['result_count'] == 0: - LOG.error('No audit log matching the openstack \ - router id %s' % audit_router['id']) + LOG.error('No audit log matching the openstack' + 'router id %s' % audit_router['id']) raise Exception('No openstack router audit logs collected') - match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)), - USERNAME] + match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid) for data in audit_info['results']: if "UpdateLogicalRouter" in data['full_log']: - if all(x in data['full_log'] for x in match_str): + if match_str in data['full_log']: self.success = 1 - LOG.info('Audit log captured for openstack user:%s \ - updating logical router:%s' + LOG.info('Audit log captured for openstack user:%s' + 'updating logical router:%s' % (audit_userid, audit_router['id'])) break if self.success != 1: - raise Exception("Update router log does not contain entry \ - for openstack user id %s" % audit_userid) + raise Exception("Update router log does not contain entry" + "for openstack user id %s" % audit_userid) @decorators.idempotent_id('90761c77-ab7b-44c5-9974-cfc922c00d07') def test_audit_log_delete_router(self): @@ -241,18 +235,19 @@ class TestAuditOnBehalf(TestAuditSetUp): audit_userid, audit_tenantid = self.get_user_id('router') # delete the network self.delete_topology_router(audit_router['id']) - time.sleep(WAIT_TIME) - audit_info = self.nsx_client.get_audit_log_info(str(audit_userid)) + time.sleep(const.AUDIT_WAIT_TIME) + filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid) + audit_info = self.nsx_client.get_audit_log_info(filter_str) if audit_info['result_count'] == 0: - LOG.error('No audit log matching delete operation \ - of openstack router id %s' % audit_router['id']) + LOG.error('No audit log matching delete operation' + 'of openstack router id %s' % audit_router['id']) raise Exception('No openstack router audit logs collected') - match_str = ['DeleteLogicalRouter', USERNAME] + match_str = 'DeleteLogicalRouter' for data in audit_info['results']: - if all(x in data['full_log'] for x in match_str): + if match_str in data['full_log']: self.success = 1 - LOG.info('Audit log captured for openstack user:%s \ - deleting logical router:%s' % + LOG.info('Audit log captured for openstack user:%s' + 'deleting logical router:%s' % (audit_userid, audit_router['id'])) break else: @@ -272,25 +267,24 @@ class TestAuditOnBehalf(TestAuditSetUp): audit_userid, audit_tenantid = self.get_user_id('sg') #verify backend for audit log #Sleep: Takes a while for sg info to be captured in the logs - time.sleep(WAIT_TIME) + time.sleep(const.AUDIT_WAIT_TIME) audit_info = self.nsx_client.get_audit_log_info(audit_sg['id']) if audit_info['result_count'] == 0: LOG.error('No audit log matching the openstack sg id %s' % audit_sg['id']) raise Exception('No openstack sg audit logs collected') - match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)), - USERNAME] + match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid) for data in audit_info['results']: if "CreateNSGroup" in data['full_log']: - if all(x in data['full_log'] for x in match_str): - LOG.info('Audit log captured for openstack user:%s \ - creating security group:%s' + if match_str in data['full_log']: + LOG.info('Audit log captured for openstack user:%s ' + 'creating security group:%s' % (audit_userid, audit_sg['id'])) self.success = 1 break if self.success != 1: - raise Exception('Create security group log does not contain entry \ - for openstack user id %s' % audit_userid) + raise Exception('Create security group log does not contain entry ' + 'for openstack user id %s' % audit_userid) @decorators.idempotent_id('76bd1ad0-4ecd-47e8-99f9-fb88a8058ff4') def test_audit_log_update_security_group(self): @@ -307,25 +301,24 @@ class TestAuditOnBehalf(TestAuditSetUp): updated_sg = self.update_topology_security_group(audit_sg['id'], **updated_sg_body) self.assertEqual(updated_sg['security_group']['name'], updated_name) - time.sleep(WAIT_TIME) + time.sleep(const.AUDIT_WAIT_TIME) audit_info = self.nsx_client.get_audit_log_info(audit_sg['id']) if audit_info['result_count'] == 0: - LOG.error('No audit log matching the openstack \ - security group id %s' % audit_sg['id']) + LOG.error('No audit log matching the openstack' + ' security group id %s' % audit_sg['id']) raise Exception('No openstack security group audit logs collected') - match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)), - USERNAME] + match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid) for data in audit_info['results']: if "UpdateNSGroup" in data['full_log']: - if all(x in data['full_log'] for x in match_str): + if match_str in data['full_log']: self.success = 1 - LOG.info('Audit log captured for openstack user:%s \ - updating security group:%s' + LOG.info('Audit log captured for openstack user:%s' + ' updating security group:%s' % (audit_userid, audit_sg['id'])) break if self.success != 1: - raise Exception("Update sg log does not contain entry \ - for openstack user id %s" % audit_userid) + raise Exception("Update sg log does not contain entry" + " for openstack user id %s" % audit_userid) @decorators.idempotent_id('a20bebc7-5773-4086-9ccc-54d8548e37ae') def test_audit_log_delete_security_group(self): @@ -338,18 +331,19 @@ class TestAuditOnBehalf(TestAuditSetUp): audit_userid, audit_tenantid = self.get_user_id('sg') # delete the security group self.delete_topology_security_group(audit_sg['id']) - time.sleep(WAIT_TIME) - audit_info = self.nsx_client.get_audit_log_info(str(audit_userid)) + time.sleep(const.AUDIT_WAIT_TIME) + filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid) + audit_info = self.nsx_client.get_audit_log_info(filter_str) if audit_info['result_count'] == 0: - LOG.error('No audit log matching delete operation \ - of openstack security group id %s' % audit_sg['id']) + LOG.error('No audit log matching delete operation' + ' of openstack security group id %s' % audit_sg['id']) raise Exception('No openstack security group logs collected') - match_str = ['DeleteNSGroup', USERNAME] + match_str = 'DeleteNSGroup' for data in audit_info['results']: - if all(x in data['full_log'] for x in match_str): + if match_str in data['full_log']: self.success = 1 - LOG.info('Audit log captured for openstack user:%s \ - deleting security group:%s' % + LOG.info('Audit log captured for openstack user:%s' + ' deleting security group:%s' % (audit_userid, audit_sg['id'])) break else: