debuggers.hg

view tools/xm-test/tests/security-acm/01_security-acm_basic.py @ 16559:5255eac35270

Implement legacy XML-RPC interface for ACM commands.

This patch implements a (non Xen-API) legacy XML-RPC interface for the
ACM commands and funnels the calls into code introduced by the Xen-API
support for ACM security management. Since some of the functionality
has changed, also the xm applications have changed. In particular the
following old commands have been removed along with some tools the
have become obsolete now:

- loadpolicy (included in: setpolicy)
- makepolicy (included in: setpolicy)
- cfgbootpolicy (included in: setpolicy)

and the following commands been introduced:

- setpolicy
- getpolicy
- resetpolicy

All tools have been adapted to work in Xen-API and legacy XML-RPC
mode. Both modes support the same functionality.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Dec 05 09:44:20 2007 +0000 (2007-12-05)
parents 9813c9c79055
children
line source
1 #!/usr/bin/python
3 # Copyright (C) International Business Machines Corp., 2006
4 # Author: Stefan Berger <stefanb@us.ibm.com>
5 #
6 # A couple of simple tests that test ACM security extensions
7 # for the xm tool. The following xm subcommands are tested:
8 #
9 # - labels
10 # - rmlabel
11 # - addlabel
12 # - getlabel
13 # - resources
15 from XmTestLib import *
16 import xen.util.xsm.xsm as security
17 from xen.util import xsconstants
18 import commands
19 import os
20 import re
22 testpolicy = "xm-test"
23 testlabel = "blue"
24 vmconfigfile = "/tmp/xm-test.conf"
25 testresource = "phy:ram0"
27 if not isACMEnabled():
28 SKIP("Not running this test since ACM not enabled.")
30 status, output = traceCommand("xm labels %s" % (testpolicy))
31 if status != 0:
32 FAIL("'xm labels' failed with status %d.\n" % status)
34 #Need to get a vm config file - just have it written to a file
35 domain = XmTestDomain()
36 domain.config.write(vmconfigfile)
38 #Whatever label it might have - remove it
39 status, output = traceCommand("xm rmlabel dom %s" %
40 (vmconfigfile))
42 status, output = traceCommand("xm addlabel %s dom %s %s" %
43 (testlabel, vmconfigfile, testpolicy))
44 if status != 0:
45 FAIL("(1) 'xm addlabel' failed with status %d.\n" % status)
47 status, output = traceCommand("xm getlabel dom %s" %
48 (vmconfigfile))
50 if status != 0:
51 FAIL("'xm getlabel' failed with status %d, output:\n%s" %
52 (status, output))
53 if output != "policytype=%s,policy=%s,label=%s" % \
54 (xsconstants.ACM_POLICY_ID, testpolicy, testlabel):
55 FAIL("(1) Received unexpected output from 'xm getlabel dom': \n%s" %
56 (output))
59 status, output = traceCommand("xm rmlabel dom %s" %
60 (vmconfigfile))
62 if status != 0:
63 FAIL("'xm rmlabel' failed with status %d, output: \n%s" %
64 (status,output))
65 if output != "":
66 FAIL("Received unexpected output from 'xm rmlabel': \n%s" %
67 (output))
69 status, output = traceCommand("xm getlabel dom %s" %
70 (vmconfigfile))
72 if output != "Error: 'Domain not labeled'":
73 FAIL("(2) Received unexpected output from 'xm getlabel dom': \n%s" %
74 (output))
76 #Whatever label the resource might have, remove it
77 status, output = traceCommand("xm rmlabel res %s" %
78 (testresource))
79 if status != 0:
80 FAIL("'xm rmlabel' on resource failed with status %d.\n" % status)
82 status, output = traceCommand("xm addlabel %s res %s %s" %
83 (testlabel, testresource, testpolicy))
84 if status != 0:
85 FAIL("(2) 'xm addlabel' on resource failed with status %d.\n" % status)
87 status, output = traceCommand("xm getlabel res %s" % (testresource))
89 if status != 0:
90 FAIL("'xm getlabel' on resource failed with status %d, output:\n%s" %
91 (status, output))
92 if output != "%s:%s:%s" % (xsconstants.ACM_POLICY_ID,\
93 testpolicy,testlabel):
94 FAIL("Received unexpected output from 'xm getlabel res': \n%s" %
95 (output))
97 status, output = traceCommand("xm resources")
99 if status != 0:
100 print "status = %s" % str(status)
101 FAIL("'xm resources' did not run properly")
102 if not re.search(security.unify_resname(testresource), output):
103 FAIL("'xm resources' did not show the tested resource '%s'." %
104 testresource)
106 status, output = traceCommand("xm rmlabel res %s" %
107 (testresource))
109 if status != 0:
110 FAIL("'xm rmlabel' on resource failed with status %d, output: \n%s" %
111 (status,output))
112 if output != "":
113 FAIL("Received unexpected output from 'xm rmlabel': \n%s" %
114 (output))
116 status, output = traceCommand("xm getlabel res %s" %
117 (testresource))
119 if output != "Error: 'Resource not labeled'":
120 FAIL("Received unexpected output from 'xm getlabel res': \n%s" %
121 (output))