diff --git a/novajoin_tempest_plugin/tests/scenario/novajoin_manager.py b/novajoin_tempest_plugin/tests/scenario/novajoin_manager.py index ed41519..64c64c0 100644 --- a/novajoin_tempest_plugin/tests/scenario/novajoin_manager.py +++ b/novajoin_tempest_plugin/tests/scenario/novajoin_manager.py @@ -231,22 +231,54 @@ class NovajoinScenarioTest(manager.ScenarioTest): return self.execute_on_controller(user, controller_ip, cmd) def get_rabbitmq_host(self, user, controller_ip): - cmd = 'sudo hiera -c /etc/puppet/hiera.yaml rabbitmq::ssl_interface' - return self.execute_on_controller(user, controller_ip, cmd).rstrip() + return self.get_hiera(user, controller_ip, 'rabbitmq::ssl_interface') def get_rabbitmq_port(self, user, controller_ip): - cmd = 'sudo hiera -c /etc/puppet/hiera.yaml rabbitmq::ssl_port' - return self.execute_on_controller(user, controller_ip, cmd).rstrip() + return self.get_hiera(user, controller_ip, 'rabbitmq::ssl_port') def get_libvirt_port(self, user, compute_ip): # TODO(alee) Get from hiera nova::migration::libvirt::listen_address return "16514" + def get_hiera(self, user, host_ip, parameter): + cmd = ('sudo hiera -c /etc/puppet/hiera.yaml ' + '{parameter}'.format(parameter=parameter)) + return self.execute_on_controller(user, host_ip, cmd).rstrip() + def verify_mysql_tls_connection(self, user, host_ip): cmd = "sudo mysql --ssl -e \"SHOW SESSION STATUS LIKE 'Ssl_version';\"" result = self.execute_on_controller(user, host_ip, cmd) self.assertTrue('TLS' in result) + def verify_mysql_access_with_ssl(self, + user, + host_ip, + dbuser, + dbhost, + dbpassword): + sql = "SHOW SESSION STATUS LIKE \'Ssl_version\';" + cmd = ('sudo mysql --ssl -u {user} -h {host} --password={password} ' + '-e \"{sql}\"'.format(user=dbuser, + host=dbhost, + password=dbpassword, + sql=sql)) + result = self.execute_on_controller(user, host_ip, cmd) + self.assertTrue('TLS' in result) + + def verify_mysql_access_without_ssl(self, + user, + host_ip, + dbuser, + dbhost, + dbpassword): + cmd = ('sudo mysql -u {user} -h {host} --password={password} ' + '-e \"SHOW DATABASES;\"'.format(user=dbuser, + host=dbhost, + password=dbpassword)) + self.assertRaises(subprocess.CalledProcessError, + self.execute_on_controller, + user, host_ip, cmd) + def execute_on_controller(self, user, hostip, target_cmd): keypair = '/home/stack/.ssh/id_rsa' cmd = ['ssh', '-i', keypair, diff --git a/novajoin_tempest_plugin/tests/scenario/test_tripleo_tls.py b/novajoin_tempest_plugin/tests/scenario/test_tripleo_tls.py index ffd4684..aaf18a0 100644 --- a/novajoin_tempest_plugin/tests/scenario/test_tripleo_tls.py +++ b/novajoin_tempest_plugin/tests/scenario/test_tripleo_tls.py @@ -29,6 +29,10 @@ TLS_EXCEPTIONS = [ ("horizon", "80") ] +NOVADB_USER = 'nova::db::mysql::user' +NOVADB_HOST = 'nova::db::mysql::host' +NOVADB_PASSWORD = 'nova::db::mysql::password' + class TripleOTLSTest(novajoin_manager.NovajoinScenarioTest): @@ -108,8 +112,10 @@ class TripleOTLSTest(novajoin_manager.NovajoinScenarioTest): def test_rabbitmq_tls_connection(self): for controller in CONF.novajoin.tripleo_controllers: controller_ip = self.get_overcloud_server_ip(controller) - rabbitmq_host = self.get_rabbitmq_host('heat-admin', controller_ip) - rabbitmq_port = self.get_rabbitmq_port('heat-admin', controller_ip) + rabbitmq_host = self.get_rabbitmq_host('heat-admin', + controller_ip) + rabbitmq_port = self.get_rabbitmq_port('heat-admin', + controller_ip) self.verify_overcloud_tls_connection( controller_ip=controller_ip, user='heat-admin', @@ -134,3 +140,39 @@ class TripleOTLSTest(novajoin_manager.NovajoinScenarioTest): for controller in CONF.novajoin.tripleo_controllers: controller_ip = self.get_overcloud_server_ip(controller) self.verify_mysql_tls_connection('heat-admin', controller_ip) + + def test_mysql_nova_connection_with_ssl(self): + for controller in CONF.novajoin.tripleo_controllers: + controller_ip = self.get_overcloud_server_ip(controller) + dbuser = self.get_hiera('heat-admin', + controller_ip, + NOVADB_USER) + dbhost = self.get_hiera('heat-admin', + controller_ip, + NOVADB_HOST) + dbpassword = self.get_hiera('heat-admin', + controller_ip, + NOVADB_PASSWORD) + self.verify_mysql_access_with_ssl('heat-admin', + controller_ip, + dbuser, + dbhost, + dbpassword) + + def test_mysql_nova_connection_without_ssl(self): + for controller in CONF.novajoin.tripleo_controllers: + controller_ip = self.get_overcloud_server_ip(controller) + dbuser = self.get_hiera('heat-admin', + controller_ip, + NOVADB_USER) + dbhost = self.get_hiera('heat-admin', + controller_ip, + NOVADB_HOST) + dbpassword = self.get_hiera('heat-admin', + controller_ip, + NOVADB_PASSWORD) + self.verify_mysql_access_without_ssl('heat-admin', + controller_ip, + dbuser, + dbhost, + dbpassword)