CLOUDSTACK-4832. Added support for https to marvin.

Santhosh Edukulla · Prasanna Santhanam · commit a1b979da86c3 · 2013-10-22T11:32:10.000+05:30
advanced.cfg: Contains three additional flags "useHttps,certCAPath,certPath"
for https usage in marvin for establishing cs connection. We will use the
configuraiton under advanced.cfg provided by user to establish connection over
https. If establishing the connection over https failed, then the default certs
will be used.  or else raise the exception, the existing http will work as it
is when useHttps flag set to "False"

Signed-off-by: Santhosh Edukulla &lt;Santhosh.Edukulla@citrix.com&gt;
Signed-off-by: Prasanna Santhanam &lt;tsp@apache.org&gt;
diff --git a/setup/dev/advanced.cfg b/setup/dev/advanced.cfg
@@ -14,7 +14,6 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-
 {
     "zones": [
         {
@@ -220,7 +219,10 @@
             "passwd": "password",
             "user": "root",
             "port": 8096,
-            "hypervisor" : "simulator"
+            "hypervisor": "simulator",
+       "useHttps": "True",
+       "certCAPath":  "NA",
+       "certPath":  "NA"
         }
     ]
 }
diff --git a/tools/marvin/marvin/cloudstackConnection.py b/tools/marvin/marvin/cloudstackConnection.py
@@ -35,29 +35,27 @@ class cloudConnection(object):
 
     """ Connections to make API calls to the cloudstack management server
     """
-
-    def __init__(self, mgtSvr, port=8096, user=None, passwd=None,
-                 apiKey=None, securityKey=None,
-                 asyncTimeout=3600, logging=None, scheme='http',
-                 path='client/api'):
+    def __init__(self, mgmtDet,asyncTimeout=3600, logging=None, scheme='http',path='client/api'):
         self.loglevel()  # Turn off requests logs
-        self.apiKey = apiKey
-        self.securityKey = securityKey
-        self.mgtSvr = mgtSvr
-        self.port = port
-        self.user = user
-        self.passwd = passwd
+        self.apiKey = mgmtDet.apiKey
+        self.securityKey = mgmtDet.securityKey
+        self.mgtSvr = mgmtDet.mgtSvrIp
+        self.port = mgmtDet.port
+        self.user = mgmtDet.user
+        self.passwd = mgmtDet.passwd
+   self.certCAPath = mgmtDet.certCAPath
+   self.certPath = mgmtDet.certPath
         self.logging = logging
         self.path = path
         self.retries = 5
+   self.protocol = "http"
         self.asyncTimeout = asyncTimeout
         self.auth = True
-        if port == 8096 or \
+        if self.port == 8096 or \
            (self.apiKey is None and self.securityKey is None):
             self.auth = False
-        if scheme not in ['http', 'https']:
-                raise RequestException("Protocol must be HTTP")
-        self.protocol = scheme
+        if mgmtDet.useHttps == "True":
+           self.protocol = "https"
         self.baseurl = "%s://%s:%d/%s"\
                        % (self.protocol, self.mgtSvr, self.port, self.path)
 
@@ -145,15 +143,52 @@ def request(self, command, auth=True, payload={}, method='GET'):
             payload["signature"] = signature
 
         try:
-            if method == 'POST':
-                response = requests.post(
-                    self.baseurl, params=payload, verify=False)
+       '''
+       https_flag : Signifies whether to verify connection over http or https, if set to true uses https otherwise http
+       cert_path  : Signifies ca and cert path required by requests library for the connection
+       '''
+       https_flag  = False
+       cert_path    = ()
+       if self.protocol == "https":
+       https_flag = True
+           if self.certCAPath != "NA" and self.certPath  != "NA":
+           cert_path = ( self.certCAPath,self.certPath )
+
+       '''
+       Verify whether protocol is "http", then call the request over http
+            '''
+       if self.protocol == "http":
+               if method == 'POST':
+                   response = requests.post(self.baseurl, params=payload, verify=https_flag)
+               else:
+                   response = requests.get(self.baseurl, params=payload,  verify=https_flag)
             else:
-                response = requests.get(
-                    self.baseurl, params=payload, verify=False)
+       exception_check = False
+       exception_info  = None
+           '''
+       If protocol is https, then request the url with user provided certificates provided as part of cert
+       '''
+           try:
+                   if method == 'POST':
+                       response = requests.post(self.baseurl, params=payload, cert=cert_path, verify=https_flag)
+                   else:
+                       response = requests.get(self.baseurl, params=payload,  cert=cert_path, verify=https_flag)
+           except Exception,e:
+           '''
+           If an exception occurs with current CA certs, then try with default certs path, we dont need to mention here the cert path
+           '''
+           self.logging.debug( "Creating CS connection over https didnt worked with user provided certs %s"%e )
+           exception_check  = True
+           exception_info = e
+           if method == 'POST':
+                               response = requests.post(self.baseurl, params=payload, verify=https_flag)
+                   else:
+                               response = requests.get(self.baseurl, params=payload,  verify=https_flag)
+       finally:
+           if exception_check == True and exception_info is not None:
+               raise exception_info
         except ConnectionError, c:
-            self.logging.debug("Connection refused. Reason: %s : %s" %
-                               (self.baseurl, c))
+            self.logging.debug("Connection refused. Reason: %s : %s" %(self.baseurl, c))
             raise c
         except HTTPError, h:
             self.logging.debug("Server returned error code: %s" % h)
diff --git a/tools/marvin/marvin/cloudstackTestClient.py b/tools/marvin/marvin/cloudstackTestClient.py
@@ -25,13 +25,9 @@
 
 
 class cloudstackTestClient(object):
-    def __init__(self, mgtSvr=None, port=8096, user=None, passwd=None,
-                 apiKey=None, securityKey=None, asyncTimeout=3600,
-                 defaultWorkerThreads=10, logging=None):
+    def __init__(self,mgmtDetails,asyncTimeout=3600,defaultWorkerThreads=10, logging=None):
         self.connection = \
-            cloudstackConnection.cloudConnection(mgtSvr, port, user, passwd,
-                                                 apiKey, securityKey,
-                                                 asyncTimeout, logging)
+            cloudstackConnection.cloudConnection( mgmtDetails,asyncTimeout,logging)
         self.apiClient =\
             cloudstackAPIClient.CloudStackAPIClient(self.connection)
         self.dbConnection = None
diff --git a/tools/marvin/marvin/configGenerator.py b/tools/marvin/marvin/configGenerator.py
@@ -27,6 +27,9 @@ def __init__(self):
         self.port = 8096
         self.apiKey = None
         self.securityKey = None
+   self.useHttps = None
+   self.certCAPath = None
+   self.certPath = None
 
 
 class dbServer(object):
@@ -830,15 +833,17 @@ def generate_setup_config(config, file=None):
 def get_setup_config(file):
     if not os.path.exists(file):
         raise IOError("config file %s not found. \
-please specify a valid config file" % file)
+                      please specify a valid config file" % file)
     config = cloudstackConfiguration()
     configLines = []
     with open(file, 'r') as fp:
         for line in fp:
             ws = line.strip()
             if not ws.startswith("#"):
                 configLines.append(ws)
-    config = json.loads("\n".join(configLines))
+    k = json.loads("\n".join(configLines))
+    #config = json.loads("\n".join(configLines))
+    config = k
     return jsonHelper.jsonLoader(config)
 
 if __name__ == "__main__":
diff --git a/tools/marvin/marvin/deployDataCenter.py b/tools/marvin/marvin/deployDataCenter.py
@@ -512,11 +512,9 @@ def loadCfg(self):
         try:
             self.config = configGenerator.get_setup_config(self.configFile)
         except:
-            raise cloudstackException.InvalidParameterException(
-                "Failed to load config %s" % self.configFile)
-
-        mgt = self.config.mgtSvr[0]
+            raise cloudstackException.InvalidParameterException("Failed to load config %s" % self.configFile)
 
+        mgtDetails = self.config.mgtSvr[0]
         loggers = self.config.logger
         testClientLogFile = None
         self.testCaseLogFile = None
@@ -535,38 +533,35 @@ def loadCfg(self):
             testClientLogger = logging.getLogger("testclient.testengine.run")
             fh = logging.FileHandler(testClientLogFile)
             fh.setFormatter(logging.
-                            Formatter("%(asctime)s - %(levelname)s - %(name)s\
- - %(message)s"))
+            Formatter("%(asctime)s - %(levelname)s - %(name)s\
+           - %(message)s"))
             testClientLogger.addHandler(fh)
             testClientLogger.setLevel(logging.INFO)
         self.testClientLogger = testClientLogger
 
         self.testClient = \
             cloudstackTestClient.\
-            cloudstackTestClient(mgt.mgtSvrIp, mgt.port, mgt.user, mgt.passwd,
-                                 mgt.apiKey, mgt.securityKey,
-                                 logging=self.testClientLogger)
-        if mgt.apiKey is None:
-            apiKey, securityKey = self.registerApiKey()
-            self.testClient = cloudstackTestClient.cloudstackTestClient(
-                mgt.mgtSvrIp, 8080,
-                mgt.user, mgt.passwd,
-                apiKey, securityKey,
-                logging=self.testClientLogger)
+            cloudstackTestClient( mgtDetails,logging=self.testClientLogger)
+
+        if mgtDetails.apiKey is None:
+           mgtDetails.apiKey,mgtDetails.securityKey = self.registerApiKey()
+           mgtDetails.port  = 8080
+                self.testClient = cloudstackTestClient.cloudstackTestClient( mgtDetails,logging=self.testClientLogger)
 
         """config database"""
         dbSvr = self.config.dbSvr
         if dbSvr is not None:
-            self.testClient.dbConfigure(dbSvr.dbSvr, dbSvr.port, dbSvr.user,
+            self.testClient.dbConfigure(dbSvr.dbSvr, dbSvr.port, dbSvr.user, \
                                         dbSvr.passwd, dbSvr.db)
 
         self.apiClient = self.testClient.getApiClient()
         """set hypervisor"""
-        if mgt.hypervisor:
-            self.apiClient.hypervisor = mgt.hypervisor
+        if mgtDetails.hypervisor:
+            self.apiClient.hypervisor = mgtDetails.hypervisor
         else:
             self.apiClient.hypervisor = "XenServer"  # Defaults to Xenserver
 
+
     def updateConfiguration(self, globalCfg):
         if globalCfg is None:
             return None
@@ -578,15 +573,13 @@ def updateConfiguration(self, globalCfg):
             self.apiClient.updateConfiguration(updateCfg)
 
     def copyAttributesToCommand(self, source, command):
-
         map(lambda attr: setattr(command, attr, getattr(source, attr, None)),
             filter(lambda attr: not attr.startswith("__") and attr not in
                    ["required", "isAsync"], dir(command)))
 
     def configureS3(self, s3):
         if s3 is None:
             return
-
         command = addS3.addS3Cmd()
         self.copyAttributesToCommand(s3, command)
         self.apiClient.addS3(command)

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,6 @@`
`14`	`14`	`# KIND, either express or implied. See the License for the`
`15`	`15`	`# specific language governing permissions and limitations`
`16`	`16`	`# under the License.`
`17`		`-`
`18`	`17`	`{`
`19`	`18`	`"zones": [`
`20`	`19`	`{`
`@@ -220,7 +219,10 @@`
`220`	`219`	`"passwd": "password",`
`221`	`220`	`"user": "root",`
`222`	`221`	`"port": 8096,`
`223`		`- "hypervisor" : "simulator"`
	`222`	`+ "hypervisor": "simulator",`
	`223`	`+ "useHttps": "True",`
	`224`	`+ "certCAPath": "NA",`
	`225`	`+ "certPath": "NA"`
`224`	`226`	`}`
`225`	`227`	`]`
`226`	`228`	`}`