From a14f66c2642ff43c2cc497b0597bfb17d19a7139 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 15 Apr 2014 09:47:07 +0200 Subject: refactor nagios tests, remove parse --- test/nagios/soledad_sync.py | 2 +- test/nagios/webapp_login.py | 19 +++++-------------- 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/test/nagios/soledad_sync.py b/test/nagios/soledad_sync.py index 94679b1..faf552a 100755 --- a/test/nagios/soledad_sync.py +++ b/test/nagios/soledad_sync.py @@ -52,7 +52,7 @@ def get_soledad_info(config, tempdir): api = config['api'] usr = srp.User( user['username'], user['password'], srp.SHA256, srp.NG_1024 ) try: - auth = webapp_login.parse(webapp_login.authenticate(api, usr)) + auth = webapp_login.authenticate(api, usr) except requests.exceptions.ConnectionError: fail('no connection to server') # get soledad server url diff --git a/test/nagios/webapp_login.py b/test/nagios/webapp_login.py index 1711238..86a4045 100755 --- a/test/nagios/webapp_login.py +++ b/test/nagios/webapp_login.py @@ -33,21 +33,11 @@ def run_tests(config): api = config['api'] usr = srp.User(user['username'], user['password'], srp.SHA256, srp.NG_1024) try: - auth = parse(authenticate(api, usr)) + auth = authenticate(api, usr) except requests.exceptions.ConnectionError: fail('no connection to server') exit(report(auth, usr)) -# parse the server responses - - -def parse(response): - request = response.request - try: - return json.loads(response.text) - except ValueError: - return None - def authenticate(api, usr): api_url = "https://{domain}:{port}/{version}".format(**api) @@ -57,14 +47,15 @@ def authenticate(api, usr): 'login': uname, 'A': binascii.hexlify(A) } - init = parse( - session.post(api_url + '/sessions', data=params, verify=False)) + response = session.post(api_url + '/sessions', data=params, verify=False) + init = response.json() if ('errors' in init): fail('test user not found') M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B'])) - return session.put(api_url + '/sessions/' + uname, verify=False, + response = session.put(api_url + '/sessions/' + uname, verify=False, data={'client_auth': binascii.hexlify(M)}) + return response.json() def report(auth, usr): -- cgit v1.2.3 From 44d2d031555c889b94e9738cb45740b16a4071ce Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 15 Apr 2014 12:51:06 +0200 Subject: refactor reporting in webapp login nagios test --- test/nagios/report.py | 19 +++++++++++++++++++ test/nagios/soledad_sync.py | 2 +- test/nagios/webapp_login.py | 35 ++++++++++++----------------------- 3 files changed, 32 insertions(+), 24 deletions(-) create mode 100644 test/nagios/report.py diff --git a/test/nagios/report.py b/test/nagios/report.py new file mode 100644 index 0000000..d2720a5 --- /dev/null +++ b/test/nagios/report.py @@ -0,0 +1,19 @@ +system = 'undefined' + +def report(code, message): + codes = {0: 'OK', 1: 'WARNING', 2: 'CRITICAL', 3: 'UNKNOWN'} + print "%d %s - %s - %s" % \ + (code, system, codes[code], message) + exit(code) + +def fail(message): + report(2, message) + +def warn(message): + report(1, message) + +def ok(message): + report(0, message) + +def unknown(message): + report(3, message) diff --git a/test/nagios/soledad_sync.py b/test/nagios/soledad_sync.py index faf552a..a3c2d5a 100755 --- a/test/nagios/soledad_sync.py +++ b/test/nagios/soledad_sync.py @@ -58,7 +58,7 @@ def get_soledad_info(config, tempdir): # get soledad server url service_url = 'https://%s:%d/%d/config/soledad-service.json' % \ (api['domain'], api['port'], api['version']) - soledad_hosts = requests.get(service_url).json['hosts'] + soledad_hosts = requests.get(service_url).json()['hosts'] host = soledad_hosts.keys()[0] server_url = 'https://%s:%d/user-%s' % \ (soledad_hosts[host]['hostname'], soledad_hosts[host]['port'], diff --git a/test/nagios/webapp_login.py b/test/nagios/webapp_login.py index 86a4045..a7e3473 100755 --- a/test/nagios/webapp_login.py +++ b/test/nagios/webapp_login.py @@ -9,20 +9,21 @@ import random import srp._pysrp as srp import binascii import yaml - +import report safe_unhexlify = lambda x: binascii.unhexlify(x) if ( len(x) % 2 == 0) else binascii.unhexlify('0' + x) +report.system = 'webapp login' def read_config(): with open("/etc/leap/hiera.yaml", 'r') as stream: config = yaml.load(stream) user = config['webapp']['nagios_test_user'] if 'username' not in user: - fail('nagios test user lacks username') + report.fail('nagios test user lacks username') if 'password' not in user: - fail('nagios test user lacks password') + report.fail('nagios test user lacks password') api = config['api'] api['version'] = config['webapp']['api_version'] return {'api': api, 'user': user} @@ -35,9 +36,13 @@ def run_tests(config): try: auth = authenticate(api, usr) except requests.exceptions.ConnectionError: - fail('no connection to server') - exit(report(auth, usr)) - + report.fail('no connection to server') + if ('errors' in auth): + report.fail('srp password auth failed') + usr.verify_session(safe_unhexlify(auth["M2"])) + if usr.authenticated(): + report.ok('can login to webapp fine') + report.warn('failed to verify webapp server') def authenticate(api, usr): api_url = "https://{domain}:{port}/{version}".format(**api) @@ -50,28 +55,12 @@ def authenticate(api, usr): response = session.post(api_url + '/sessions', data=params, verify=False) init = response.json() if ('errors' in init): - fail('test user not found') + report.fail('test user not found') M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B'])) response = session.put(api_url + '/sessions/' + uname, verify=False, data={'client_auth': binascii.hexlify(M)}) return response.json() - -def report(auth, usr): - if ('errors' in auth): - fail('srp password auth failed') - usr.verify_session(safe_unhexlify(auth["M2"])) - if usr.authenticated(): - print '0 webapp_login - OK - can login to webapp fine' - return 0 - print '1 webapp_login - WARNING - failed to verify webapp server' - return 1 - - -def fail(reason): - print '2 webapp_login - CRITICAL - ' + reason - exit(2) - if __name__ == '__main__': run_tests(read_config()) -- cgit v1.2.3 From be2971c2e615cc8a808822317d049e99f5183bdc Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 15 Apr 2014 17:17:36 +0200 Subject: refactor: move nagios specifs to nagios_test nagios_test.run takes a function and executes it. If it returns nothing or 0 and OK nagios message is printed. If it returns sth. else this will be printed a a warning If it raises an exception that will result in a CRITICAL report. This way we can keep the nagios things outside the test cases and just write simple functions that either return 0, a warnign or raise a meaningful exception --- test/nagios/nagios_report.py | 24 +++++++++++ test/nagios/nagios_test.py | 49 ++++++++++++++++++++++ test/nagios/report.py | 19 --------- test/nagios/soledad_sync.py | 96 +++++++++++++++++--------------------------- test/nagios/webapp_login.py | 28 ++++++------- 5 files changed, 121 insertions(+), 95 deletions(-) create mode 100644 test/nagios/nagios_report.py create mode 100644 test/nagios/nagios_test.py delete mode 100644 test/nagios/report.py diff --git a/test/nagios/nagios_report.py b/test/nagios/nagios_report.py new file mode 100644 index 0000000..13cd551 --- /dev/null +++ b/test/nagios/nagios_report.py @@ -0,0 +1,24 @@ +def functions_for_system(under_test): + """ + returns a set of functions to use for nagios reporting: + >>> ok, warn, critical, unknown = functions_for_system("tested system") + + each of them will print a nagios line with its argument and + return the exit code: + >>> warn("that looks strange") + 1 tested system - WARNING - that looks strange + 1 + """ + def report_function(code): + return lambda message : report(under_test, code, message) + return map(report_function, [0,1,2,3]) + +def report(system, code, message): + codes = {0: 'OK', 1: 'WARNING', 2: 'CRITICAL', 3: 'UNKNOWN'} + print "%d %s - %s - %s" % \ + (code, system, codes[code], message) + return code + +if __name__ == "__main__": + import doctest + doctest.testmod() diff --git a/test/nagios/nagios_test.py b/test/nagios/nagios_test.py new file mode 100644 index 0000000..3eb8d55 --- /dev/null +++ b/test/nagios/nagios_test.py @@ -0,0 +1,49 @@ +import __main__ as main +import os +import sys +import nagios_report + +def run(test): + """ + run takes a function and tries it out. + If it returns nothing or 0 everything is fine and run prints an OK message + with the function name. + >>> def this_works_fine(): return + >>> run(this_works_fine) + 0 nagios_test.py - OK - this_works_fine + 0 + >>> def this_also_works_fine(): return 0 + >>> run(this_also_works_fine) + 0 nagios_test.py - OK - this_also_works_fine + 0 + + If the function returns something else it will be printed as a warning. + >>> run(lambda : "this is a warning") + 1 nagios_test.py - WARNING - this is a warning + 1 + + Errors raised will result in a CRITICAL nagios string. + >>> def failure(): raise Exception("something went wrong") + >>> run(failure) + 2 nagios_test.py - CRITICAL - something went wrong + 2 + """ + try: + name = os.path.basename(main.__file__) + except AttributeError: + name = sys.argv[0] + ok, warn, fail, unknown = nagios_report.functions_for_system(name) + try: + warning = test() + if warning and warning != 0: + code = warn(warning) + else: + code = ok(test.__name__) + except Exception as exc: + code = fail(exc.message or str(exc)) + return code + + +if __name__ == "__main__": + import doctest + doctest.testmod() diff --git a/test/nagios/report.py b/test/nagios/report.py deleted file mode 100644 index d2720a5..0000000 --- a/test/nagios/report.py +++ /dev/null @@ -1,19 +0,0 @@ -system = 'undefined' - -def report(code, message): - codes = {0: 'OK', 1: 'WARNING', 2: 'CRITICAL', 3: 'UNKNOWN'} - print "%d %s - %s - %s" % \ - (code, system, codes[code], message) - exit(code) - -def fail(message): - report(2, message) - -def warn(message): - report(1, message) - -def ok(message): - report(0, message) - -def unknown(message): - report(3, message) diff --git a/test/nagios/soledad_sync.py b/test/nagios/soledad_sync.py index a3c2d5a..9f51fd1 100755 --- a/test/nagios/soledad_sync.py +++ b/test/nagios/soledad_sync.py @@ -32,14 +32,6 @@ HTTPSyncTarget.set_token_credentials = set_token_credentials HTTPSyncTarget._sign_request = _sign_request -def fail(reason): - print '2 soledad_sync - CRITICAL - ' + reason - exit(2) - -# monkey patch webapp_login's fail function to report as soledad -webapp_login.fail = fail - - # The following function could fetch all info needed to sync using soledad. # Despite that, we won't use all that info because we are instead faking a # Soledad sync by using U1DB slightly modified syncing capabilities. Part of @@ -47,58 +39,42 @@ webapp_login.fail = fail # to actually use the Soledad client in the future. def get_soledad_info(config, tempdir): - # get login and get user info - user = config['user'] - api = config['api'] - usr = srp.User( user['username'], user['password'], srp.SHA256, srp.NG_1024 ) - try: + # get login and get user info + user = config['user'] + api = config['api'] + usr = srp.User( user['username'], user['password'], srp.SHA256, srp.NG_1024 ) auth = webapp_login.authenticate(api, usr) - except requests.exceptions.ConnectionError: - fail('no connection to server') - # get soledad server url - service_url = 'https://%s:%d/%d/config/soledad-service.json' % \ - (api['domain'], api['port'], api['version']) - soledad_hosts = requests.get(service_url).json()['hosts'] - host = soledad_hosts.keys()[0] - server_url = 'https://%s:%d/user-%s' % \ - (soledad_hosts[host]['hostname'], soledad_hosts[host]['port'], - auth['id']) - # get provider ca certificate - #ca_cert = requests.get('https://127.0.0.1/ca.crt', verify=False).text - #cert_file = os.path.join(tempdir, 'ca.crt') - cert_file = None # not used for now - #with open(cert_file, 'w') as f: - # f.write(ca_cert) - return auth['id'], user['password'], server_url, cert_file, auth['token'] - - -def run_tests(): - tempdir = tempfile.mkdtemp() - uuid, password, server_url, cert_file, token = \ - get_soledad_info(webapp_login.read_config(), tempdir) - exc = None - try: - # in the future, we can replace the following by an actual Soledad - # client sync, if needed - db = u1db.open(os.path.join(tempdir, '%s.db' % uuid), True) - creds = {'token': {'uuid': uuid, 'token': token}} - db.sync(server_url, creds=creds, autocreate=False) - except Exception as e: - exc = e - shutil.rmtree(tempdir) - exit(report(exc)) - - -def report(exc): - if exc is None: - print '0 soledad_sync - OK - can sync soledad fine' - return 0 - if isinstance(exc, u1db.errors.U1DBError): - print '2 soledad_sync - CRITICAL - ' + exc.message - else: - print '2 soledad_sync - CRITICAL - ' + str(exc) - return 2 - + # get soledad server url + service_url = 'https://%s:%d/%d/config/soledad-service.json' % \ + (api['domain'], api['port'], api['version']) + soledad_hosts = requests.get(service_url).json()['hosts'] + host = soledad_hosts.keys()[0] + server_url = 'https://%s:%d/user-%s' % \ + (soledad_hosts[host]['hostname'], soledad_hosts[host]['port'], + auth['id']) + # get provider ca certificate + #ca_cert = requests.get('https://127.0.0.1/ca.crt', verify=False).text + #cert_file = os.path.join(tempdir, 'ca.crt') + cert_file = None # not used for now + #with open(cert_file, 'w') as f: + # f.write(ca_cert) + return auth['id'], user['password'], server_url, cert_file, auth['token'] + + +def can_sync_soledad_fine(): + tempdir = tempfile.mkdtemp() + try: + uuid, password, server_url, cert_file, token = \ + get_soledad_info(webapp_login.read_config(), tempdir) + # in the future, we can replace the following by an actual Soledad + # client sync, if needed + db = u1db.open(os.path.join(tempdir, '%s.db' % uuid), True) + creds = {'token': {'uuid': uuid, 'token': token}} + db.sync(server_url, creds=creds, autocreate=False) + finally: + shutil.rmtree(tempdir) if __name__ == '__main__': - run_tests() + import nagios_test + exit_code = nagios_test.run(can_sync_soledad_fine) + exit(exit_code) diff --git a/test/nagios/webapp_login.py b/test/nagios/webapp_login.py index a7e3473..6d06438 100755 --- a/test/nagios/webapp_login.py +++ b/test/nagios/webapp_login.py @@ -9,40 +9,34 @@ import random import srp._pysrp as srp import binascii import yaml -import report safe_unhexlify = lambda x: binascii.unhexlify(x) if ( len(x) % 2 == 0) else binascii.unhexlify('0' + x) -report.system = 'webapp login' - def read_config(): with open("/etc/leap/hiera.yaml", 'r') as stream: config = yaml.load(stream) user = config['webapp']['nagios_test_user'] if 'username' not in user: - report.fail('nagios test user lacks username') + raise Exception('nagios test user lacks username') if 'password' not in user: - report.fail('nagios test user lacks password') + raise Exception('nagios test user lacks password') api = config['api'] api['version'] = config['webapp']['api_version'] return {'api': api, 'user': user} -def run_tests(config): +def login_successfully(config=None): + config = config or read_config() user = config['user'] api = config['api'] usr = srp.User(user['username'], user['password'], srp.SHA256, srp.NG_1024) - try: - auth = authenticate(api, usr) - except requests.exceptions.ConnectionError: - report.fail('no connection to server') + auth = authenticate(api, usr) if ('errors' in auth): - report.fail('srp password auth failed') + raise Exception('srp password auth failed') usr.verify_session(safe_unhexlify(auth["M2"])) - if usr.authenticated(): - report.ok('can login to webapp fine') - report.warn('failed to verify webapp server') + if not usr.authenticated(): + return 'failed to verify webapp server' def authenticate(api, usr): api_url = "https://{domain}:{port}/{version}".format(**api) @@ -55,7 +49,7 @@ def authenticate(api, usr): response = session.post(api_url + '/sessions', data=params, verify=False) init = response.json() if ('errors' in init): - report.fail('test user not found') + raise Exception('test user not found') M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B'])) response = session.put(api_url + '/sessions/' + uname, verify=False, @@ -63,4 +57,6 @@ def authenticate(api, usr): return response.json() if __name__ == '__main__': - run_tests(read_config()) + import nagios_test + exit_code = nagios_test.run(login_successfully) + exit(exit_code) -- cgit v1.2.3 From 73bdb9a9ea8932e9a14f996391d348690da1a63c Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 16 Apr 2014 10:13:28 +0200 Subject: nagios test: refactor webapp_login with classes --- test/nagios/support/nagios_report.py | 24 +++++++ test/nagios/support/nagios_test.py | 49 ++++++++++++++ test/nagios/webapp_login.py | 127 +++++++++++++++++++++++------------ 3 files changed, 158 insertions(+), 42 deletions(-) create mode 100644 test/nagios/support/nagios_report.py create mode 100644 test/nagios/support/nagios_test.py diff --git a/test/nagios/support/nagios_report.py b/test/nagios/support/nagios_report.py new file mode 100644 index 0000000..13cd551 --- /dev/null +++ b/test/nagios/support/nagios_report.py @@ -0,0 +1,24 @@ +def functions_for_system(under_test): + """ + returns a set of functions to use for nagios reporting: + >>> ok, warn, critical, unknown = functions_for_system("tested system") + + each of them will print a nagios line with its argument and + return the exit code: + >>> warn("that looks strange") + 1 tested system - WARNING - that looks strange + 1 + """ + def report_function(code): + return lambda message : report(under_test, code, message) + return map(report_function, [0,1,2,3]) + +def report(system, code, message): + codes = {0: 'OK', 1: 'WARNING', 2: 'CRITICAL', 3: 'UNKNOWN'} + print "%d %s - %s - %s" % \ + (code, system, codes[code], message) + return code + +if __name__ == "__main__": + import doctest + doctest.testmod() diff --git a/test/nagios/support/nagios_test.py b/test/nagios/support/nagios_test.py new file mode 100644 index 0000000..3eb8d55 --- /dev/null +++ b/test/nagios/support/nagios_test.py @@ -0,0 +1,49 @@ +import __main__ as main +import os +import sys +import nagios_report + +def run(test): + """ + run takes a function and tries it out. + If it returns nothing or 0 everything is fine and run prints an OK message + with the function name. + >>> def this_works_fine(): return + >>> run(this_works_fine) + 0 nagios_test.py - OK - this_works_fine + 0 + >>> def this_also_works_fine(): return 0 + >>> run(this_also_works_fine) + 0 nagios_test.py - OK - this_also_works_fine + 0 + + If the function returns something else it will be printed as a warning. + >>> run(lambda : "this is a warning") + 1 nagios_test.py - WARNING - this is a warning + 1 + + Errors raised will result in a CRITICAL nagios string. + >>> def failure(): raise Exception("something went wrong") + >>> run(failure) + 2 nagios_test.py - CRITICAL - something went wrong + 2 + """ + try: + name = os.path.basename(main.__file__) + except AttributeError: + name = sys.argv[0] + ok, warn, fail, unknown = nagios_report.functions_for_system(name) + try: + warning = test() + if warning and warning != 0: + code = warn(warning) + else: + code = ok(test.__name__) + except Exception as exc: + code = fail(exc.message or str(exc)) + return code + + +if __name__ == "__main__": + import doctest + doctest.testmod() diff --git a/test/nagios/webapp_login.py b/test/nagios/webapp_login.py index 6d06438..7e2efd7 100755 --- a/test/nagios/webapp_login.py +++ b/test/nagios/webapp_login.py @@ -13,48 +13,91 @@ import yaml safe_unhexlify = lambda x: binascii.unhexlify(x) if ( len(x) % 2 == 0) else binascii.unhexlify('0' + x) -def read_config(): - with open("/etc/leap/hiera.yaml", 'r') as stream: - config = yaml.load(stream) - user = config['webapp']['nagios_test_user'] - if 'username' not in user: - raise Exception('nagios test user lacks username') - if 'password' not in user: - raise Exception('nagios test user lacks password') - api = config['api'] - api['version'] = config['webapp']['api_version'] - return {'api': api, 'user': user} - - -def login_successfully(config=None): - config = config or read_config() - user = config['user'] - api = config['api'] - usr = srp.User(user['username'], user['password'], srp.SHA256, srp.NG_1024) - auth = authenticate(api, usr) - if ('errors' in auth): - raise Exception('srp password auth failed') - usr.verify_session(safe_unhexlify(auth["M2"])) - if not usr.authenticated(): - return 'failed to verify webapp server' - -def authenticate(api, usr): - api_url = "https://{domain}:{port}/{version}".format(**api) - session = requests.session() - uname, A = usr.start_authentication() - params = { - 'login': uname, - 'A': binascii.hexlify(A) - } - response = session.post(api_url + '/sessions', data=params, verify=False) - init = response.json() - if ('errors' in init): - raise Exception('test user not found') - M = usr.process_challenge( - safe_unhexlify(init['salt']), safe_unhexlify(init['B'])) - response = session.put(api_url + '/sessions/' + uname, verify=False, - data={'client_auth': binascii.hexlify(M)}) - return response.json() +class Config(): + def __init__(self, filename="/etc/leap/hiera.yaml"): + with open("/etc/leap/hiera.yaml", 'r') as stream: + config = yaml.load(stream) + self.user = config['webapp']['nagios_test_user'] + if 'username' not in self.user: + raise Exception('nagios test user lacks username') + if 'password' not in self.user: + raise Exception('nagios test user lacks password') + self.api = config['api'] + self.api['version'] = config['webapp']['api_version'] + +class Api(): + def __init__(self, config, verify=True): + self.config = config.api + self.session = requests.session() + self.verify = verify + + def api_url(self, path): + return self.api_root() + path + + def api_root(self): + return "https://{domain}:{port}/{version}/".format(**self.config) + + def get(self, path, **args): + response = self.session.get(self.api_url(path), + verify=self.verify, + **args) + return response.json() + + def post(self, path, **args): + response = self.session.post(self.api_url(path), + verify=self.verify, + **args) + return response.json() + + def put(self, path, **args): + response = self.session.put(self.api_url(path), + verify=self.verify, + **args) + return response.json() + +class User(): + def __init__(self, config): + self.config = config.user + self.srp_user = srp.User(self.config['username'], self.config['password'], srp.SHA256, srp.NG_1024) + + def login(self, api): + init=self.init_authentication(api) + if ('errors' in init): + raise Exception('test user not found') + auth=self.authenticate(api, init) + if ('errors' in auth): + raise Exception('srp password auth failed') + self.verify_server(auth) + if not self.is_authenticated(): + raise Exception('user is not authenticated') + + def init_authentication(self, api): + uname, A = self.srp_user.start_authentication() + params = { + 'login': uname, + 'A': binascii.hexlify(A) + } + return api.post('sessions', data=params) + + def authenticate(self, api, init): + M = self.srp_user.process_challenge( + safe_unhexlify(init['salt']), safe_unhexlify(init['B'])) + auth = api.put('sessions/' + self.config["username"], + data={'client_auth': binascii.hexlify(M)}) + return auth + + def verify_server(self, auth): + self.srp_user.verify_session(safe_unhexlify(auth["M2"])) + + def is_authenticated(self): + return self.srp_user.authenticated() + + +def login_successfully(): + config = Config() + user = User(config) + api = Api(config, verify=False) + user.login(api) if __name__ == '__main__': import nagios_test -- cgit v1.2.3 From 0f0057e65c6bfcb98ce53e1a48aa1460d3a6716a Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 16 Apr 2014 11:14:55 +0200 Subject: move support classes into their own package now the webapp_login test looks nice and clean. soledad next. --- test/nagios/nagios_report.py | 24 ----------- test/nagios/nagios_test.py | 49 ---------------------- test/nagios/support/__init__.py | 0 test/nagios/support/api.py | 33 +++++++++++++++ test/nagios/support/config.py | 14 +++++++ test/nagios/support/user.py | 43 +++++++++++++++++++ test/nagios/webapp_login.py | 93 ++--------------------------------------- 7 files changed, 94 insertions(+), 162 deletions(-) delete mode 100644 test/nagios/nagios_report.py delete mode 100644 test/nagios/nagios_test.py create mode 100644 test/nagios/support/__init__.py create mode 100644 test/nagios/support/api.py create mode 100644 test/nagios/support/config.py create mode 100644 test/nagios/support/user.py diff --git a/test/nagios/nagios_report.py b/test/nagios/nagios_report.py deleted file mode 100644 index 13cd551..0000000 --- a/test/nagios/nagios_report.py +++ /dev/null @@ -1,24 +0,0 @@ -def functions_for_system(under_test): - """ - returns a set of functions to use for nagios reporting: - >>> ok, warn, critical, unknown = functions_for_system("tested system") - - each of them will print a nagios line with its argument and - return the exit code: - >>> warn("that looks strange") - 1 tested system - WARNING - that looks strange - 1 - """ - def report_function(code): - return lambda message : report(under_test, code, message) - return map(report_function, [0,1,2,3]) - -def report(system, code, message): - codes = {0: 'OK', 1: 'WARNING', 2: 'CRITICAL', 3: 'UNKNOWN'} - print "%d %s - %s - %s" % \ - (code, system, codes[code], message) - return code - -if __name__ == "__main__": - import doctest - doctest.testmod() diff --git a/test/nagios/nagios_test.py b/test/nagios/nagios_test.py deleted file mode 100644 index 3eb8d55..0000000 --- a/test/nagios/nagios_test.py +++ /dev/null @@ -1,49 +0,0 @@ -import __main__ as main -import os -import sys -import nagios_report - -def run(test): - """ - run takes a function and tries it out. - If it returns nothing or 0 everything is fine and run prints an OK message - with the function name. - >>> def this_works_fine(): return - >>> run(this_works_fine) - 0 nagios_test.py - OK - this_works_fine - 0 - >>> def this_also_works_fine(): return 0 - >>> run(this_also_works_fine) - 0 nagios_test.py - OK - this_also_works_fine - 0 - - If the function returns something else it will be printed as a warning. - >>> run(lambda : "this is a warning") - 1 nagios_test.py - WARNING - this is a warning - 1 - - Errors raised will result in a CRITICAL nagios string. - >>> def failure(): raise Exception("something went wrong") - >>> run(failure) - 2 nagios_test.py - CRITICAL - something went wrong - 2 - """ - try: - name = os.path.basename(main.__file__) - except AttributeError: - name = sys.argv[0] - ok, warn, fail, unknown = nagios_report.functions_for_system(name) - try: - warning = test() - if warning and warning != 0: - code = warn(warning) - else: - code = ok(test.__name__) - except Exception as exc: - code = fail(exc.message or str(exc)) - return code - - -if __name__ == "__main__": - import doctest - doctest.testmod() diff --git a/test/nagios/support/__init__.py b/test/nagios/support/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/test/nagios/support/api.py b/test/nagios/support/api.py new file mode 100644 index 0000000..3b6a90f --- /dev/null +++ b/test/nagios/support/api.py @@ -0,0 +1,33 @@ +import requests +import json + +class Api(): + def __init__(self, config, verify=True): + self.config = config.api + self.session = requests.session() + self.verify = verify + + def api_url(self, path): + return self.api_root() + path + + def api_root(self): + return "https://{domain}:{port}/{version}/".format(**self.config) + + def get(self, path, **args): + response = self.session.get(self.api_url(path), + verify=self.verify, + **args) + return response.json() + + def post(self, path, **args): + response = self.session.post(self.api_url(path), + verify=self.verify, + **args) + return response.json() + + def put(self, path, **args): + response = self.session.put(self.api_url(path), + verify=self.verify, + **args) + return response.json() + diff --git a/test/nagios/support/config.py b/test/nagios/support/config.py new file mode 100644 index 0000000..afb4464 --- /dev/null +++ b/test/nagios/support/config.py @@ -0,0 +1,14 @@ +import yaml + +class Config(): + def __init__(self, filename="/etc/leap/hiera.yaml"): + with open("/etc/leap/hiera.yaml", 'r') as stream: + config = yaml.load(stream) + self.user = config['webapp']['nagios_test_user'] + if 'username' not in self.user: + raise Exception('nagios test user lacks username') + if 'password' not in self.user: + raise Exception('nagios test user lacks password') + self.api = config['api'] + self.api['version'] = config['webapp']['api_version'] + diff --git a/test/nagios/support/user.py b/test/nagios/support/user.py new file mode 100644 index 0000000..8e49c4b --- /dev/null +++ b/test/nagios/support/user.py @@ -0,0 +1,43 @@ +import srp._pysrp as srp +import binascii + +safe_unhexlify = lambda x: binascii.unhexlify(x) if ( + len(x) % 2 == 0) else binascii.unhexlify('0' + x) + +class User(): + def __init__(self, config): + self.config = config.user + self.srp_user = srp.User(self.config['username'], self.config['password'], srp.SHA256, srp.NG_1024) + + def login(self, api): + init=self.init_authentication(api) + if ('errors' in init): + raise Exception('test user not found') + auth=self.authenticate(api, init) + if ('errors' in auth): + raise Exception('srp password auth failed') + self.verify_server(auth) + if not self.is_authenticated(): + raise Exception('user is not authenticated') + + def init_authentication(self, api): + uname, A = self.srp_user.start_authentication() + params = { + 'login': uname, + 'A': binascii.hexlify(A) + } + return api.post('sessions', data=params) + + def authenticate(self, api, init): + M = self.srp_user.process_challenge( + safe_unhexlify(init['salt']), safe_unhexlify(init['B'])) + auth = api.put('sessions/' + self.config["username"], + data={'client_auth': binascii.hexlify(M)}) + return auth + + def verify_server(self, auth): + self.srp_user.verify_session(safe_unhexlify(auth["M2"])) + + def is_authenticated(self): + return self.srp_user.authenticated() + diff --git a/test/nagios/webapp_login.py b/test/nagios/webapp_login.py index 7e2efd7..4e78836 100755 --- a/test/nagios/webapp_login.py +++ b/test/nagios/webapp_login.py @@ -2,96 +2,11 @@ # Test Authentication with the webapp API works. -import requests -import json import string import random -import srp._pysrp as srp -import binascii -import yaml - -safe_unhexlify = lambda x: binascii.unhexlify(x) if ( - len(x) % 2 == 0) else binascii.unhexlify('0' + x) - -class Config(): - def __init__(self, filename="/etc/leap/hiera.yaml"): - with open("/etc/leap/hiera.yaml", 'r') as stream: - config = yaml.load(stream) - self.user = config['webapp']['nagios_test_user'] - if 'username' not in self.user: - raise Exception('nagios test user lacks username') - if 'password' not in self.user: - raise Exception('nagios test user lacks password') - self.api = config['api'] - self.api['version'] = config['webapp']['api_version'] - -class Api(): - def __init__(self, config, verify=True): - self.config = config.api - self.session = requests.session() - self.verify = verify - - def api_url(self, path): - return self.api_root() + path - - def api_root(self): - return "https://{domain}:{port}/{version}/".format(**self.config) - - def get(self, path, **args): - response = self.session.get(self.api_url(path), - verify=self.verify, - **args) - return response.json() - - def post(self, path, **args): - response = self.session.post(self.api_url(path), - verify=self.verify, - **args) - return response.json() - - def put(self, path, **args): - response = self.session.put(self.api_url(path), - verify=self.verify, - **args) - return response.json() - -class User(): - def __init__(self, config): - self.config = config.user - self.srp_user = srp.User(self.config['username'], self.config['password'], srp.SHA256, srp.NG_1024) - - def login(self, api): - init=self.init_authentication(api) - if ('errors' in init): - raise Exception('test user not found') - auth=self.authenticate(api, init) - if ('errors' in auth): - raise Exception('srp password auth failed') - self.verify_server(auth) - if not self.is_authenticated(): - raise Exception('user is not authenticated') - - def init_authentication(self, api): - uname, A = self.srp_user.start_authentication() - params = { - 'login': uname, - 'A': binascii.hexlify(A) - } - return api.post('sessions', data=params) - - def authenticate(self, api, init): - M = self.srp_user.process_challenge( - safe_unhexlify(init['salt']), safe_unhexlify(init['B'])) - auth = api.put('sessions/' + self.config["username"], - data={'client_auth': binascii.hexlify(M)}) - return auth - - def verify_server(self, auth): - self.srp_user.verify_session(safe_unhexlify(auth["M2"])) - - def is_authenticated(self): - return self.srp_user.authenticated() - +from support.api import Api +from support.config import Config +from support.user import User def login_successfully(): config = Config() @@ -100,6 +15,6 @@ def login_successfully(): user.login(api) if __name__ == '__main__': - import nagios_test + from support import nagios_test exit_code = nagios_test.run(login_successfully) exit(exit_code) -- cgit v1.2.3 From bfda2c55bd4824d94d384a39960c91b6e1f8d14b Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 16 Apr 2014 11:16:00 +0200 Subject: remove unneeded imports --- test/nagios/webapp_login.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/nagios/webapp_login.py b/test/nagios/webapp_login.py index 4e78836..7741325 100755 --- a/test/nagios/webapp_login.py +++ b/test/nagios/webapp_login.py @@ -2,8 +2,6 @@ # Test Authentication with the webapp API works. -import string -import random from support.api import Api from support.config import Config from support.user import User -- cgit v1.2.3 From 2822aff5c22fb79490fd82426d81e68813417543 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 16 Apr 2014 11:16:13 +0200 Subject: gitignore *.pyc --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index ae80164..d2c630c 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,7 @@ bin */Gemfile.lock test/dummy/log/* test/dummy/tmp/* +*.pyc # ignore all deploy specific configuration config/couchdb.yml -- cgit v1.2.3 From 8907100f3ffe99a2a9110c90418c9e5844b4ab03 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 16 Apr 2014 11:26:13 +0200 Subject: nagios test: use support classes in soledad sync --- test/nagios/soledad_sync.py | 25 +++++++++++-------------- test/nagios/support/user.py | 1 + 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/test/nagios/soledad_sync.py b/test/nagios/soledad_sync.py index 9f51fd1..617dd3a 100755 --- a/test/nagios/soledad_sync.py +++ b/test/nagios/soledad_sync.py @@ -7,12 +7,12 @@ import tempfile -import requests import os -import srp._pysrp as srp import shutil import u1db -import webapp_login +from support.api import Api +from support.config import Config +from support.user import User from u1db.remote.http_target import HTTPSyncTarget @@ -40,14 +40,11 @@ HTTPSyncTarget._sign_request = _sign_request def get_soledad_info(config, tempdir): # get login and get user info - user = config['user'] - api = config['api'] - usr = srp.User( user['username'], user['password'], srp.SHA256, srp.NG_1024 ) - auth = webapp_login.authenticate(api, usr) + user = User(config) + api = Api(config, verify=False) + auth = user.login(api) # get soledad server url - service_url = 'https://%s:%d/%d/config/soledad-service.json' % \ - (api['domain'], api['port'], api['version']) - soledad_hosts = requests.get(service_url).json()['hosts'] + soledad_hosts = api.get('config/soledad-service.json')['hosts'] host = soledad_hosts.keys()[0] server_url = 'https://%s:%d/user-%s' % \ (soledad_hosts[host]['hostname'], soledad_hosts[host]['port'], @@ -58,14 +55,14 @@ def get_soledad_info(config, tempdir): cert_file = None # not used for now #with open(cert_file, 'w') as f: # f.write(ca_cert) - return auth['id'], user['password'], server_url, cert_file, auth['token'] + return auth['id'], server_url, cert_file, auth['token'] def can_sync_soledad_fine(): tempdir = tempfile.mkdtemp() try: - uuid, password, server_url, cert_file, token = \ - get_soledad_info(webapp_login.read_config(), tempdir) + uuid, server_url, cert_file, token = \ + get_soledad_info(Config(), tempdir) # in the future, we can replace the following by an actual Soledad # client sync, if needed db = u1db.open(os.path.join(tempdir, '%s.db' % uuid), True) @@ -75,6 +72,6 @@ def can_sync_soledad_fine(): shutil.rmtree(tempdir) if __name__ == '__main__': - import nagios_test + from support import nagios_test exit_code = nagios_test.run(can_sync_soledad_fine) exit(exit_code) diff --git a/test/nagios/support/user.py b/test/nagios/support/user.py index 8e49c4b..912de89 100644 --- a/test/nagios/support/user.py +++ b/test/nagios/support/user.py @@ -19,6 +19,7 @@ class User(): self.verify_server(auth) if not self.is_authenticated(): raise Exception('user is not authenticated') + return auth def init_authentication(self, api): uname, A = self.srp_user.start_authentication() -- cgit v1.2.3 From 36e99d8b23263cffcd58988c40ca3217349a94f2 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 16 Apr 2014 12:37:03 +0200 Subject: nagios test: also test registering new users --- test/nagios/support/user.py | 28 ++++++++++++++++++++++++---- test/nagios/webapp_signup.py | 19 +++++++++++++++++++ 2 files changed, 43 insertions(+), 4 deletions(-) create mode 100755 test/nagios/webapp_signup.py diff --git a/test/nagios/support/user.py b/test/nagios/support/user.py index 912de89..9bf1d0a 100644 --- a/test/nagios/support/user.py +++ b/test/nagios/support/user.py @@ -1,13 +1,33 @@ import srp._pysrp as srp import binascii +import string +import random safe_unhexlify = lambda x: binascii.unhexlify(x) if ( len(x) % 2 == 0) else binascii.unhexlify('0' + x) +# let's have some random name and password +def id_generator(size=6, chars=string.ascii_lowercase + string.digits): + return ''.join(random.choice(chars) for x in range(size)) + class User(): - def __init__(self, config): - self.config = config.user - self.srp_user = srp.User(self.config['username'], self.config['password'], srp.SHA256, srp.NG_1024) + def __init__(self, config = None): + if config and config.user: + self.username = config.user["username"] + self.password = config.user["password"] + else: + self.username = 'test_' + id_generator() + self.password = id_generator() + id_generator() + self.srp_user = srp.User(self.username, self.password, srp.SHA256, srp.NG_1024) + + def signup(self, api): + salt, vkey = srp.create_salted_verification_key( self.username, self.password, srp.SHA256, srp.NG_1024 ) + user_params = { + 'user[login]': self.username, + 'user[password_verifier]': binascii.hexlify(vkey), + 'user[password_salt]': binascii.hexlify(salt) + } + return api.post('users.json', data = user_params) def login(self, api): init=self.init_authentication(api) @@ -32,7 +52,7 @@ class User(): def authenticate(self, api, init): M = self.srp_user.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B'])) - auth = api.put('sessions/' + self.config["username"], + auth = api.put('sessions/' + self.username, data={'client_auth': binascii.hexlify(M)}) return auth diff --git a/test/nagios/webapp_signup.py b/test/nagios/webapp_signup.py new file mode 100755 index 0000000..3e7283e --- /dev/null +++ b/test/nagios/webapp_signup.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python + +# Test Signup and Login with the webapp API works. + +from support.api import Api +from support.config import Config +from support.user import User + +def signup_successfully(): + config = Config() + user = User() + api = Api(config, verify=False) + user.signup(api) + user.login(api) + +if __name__ == '__main__': + from support import nagios_test + exit_code = nagios_test.run(signup_successfully) + exit(exit_code) -- cgit v1.2.3 From d639e0a48599b30777b80c2809ded1efb3a6d926 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 17 Apr 2014 10:04:12 +0200 Subject: add a try/except for older versions of requests they have response.json as a dict instead of response.json() --- test/nagios/support/api.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/test/nagios/support/api.py b/test/nagios/support/api.py index 3b6a90f..ec1af99 100644 --- a/test/nagios/support/api.py +++ b/test/nagios/support/api.py @@ -17,17 +17,23 @@ class Api(): response = self.session.get(self.api_url(path), verify=self.verify, **args) - return response.json() + return self.parse_json(response) def post(self, path, **args): response = self.session.post(self.api_url(path), verify=self.verify, **args) - return response.json() + return self.parse_json(response) def put(self, path, **args): response = self.session.put(self.api_url(path), verify=self.verify, **args) - return response.json() + return self.parse_json(response) + + def parse_json(self, response): + try: + return response.json() + except TypeError: + return response.json # older versions of requests -- cgit v1.2.3