Audit on behalf changes for nsx eclipse

Change-Id: Id8b355b47502ef984b29d4077619cab6395f5275

vmware_nsx_tempest/common/constants.py

@@ -75,6 +75,8 @@ SLEEP_BETWEEN_VIRTUAL_SEREVRS_OPEARTIONS = 120
 REDIRECT_TO_POOL = "REDIRECT_TO_POOL"
 REJECT = "REJECT"
 
+#AUDIT LOG WAIT TIME
+AUDIT_WAIT_TIME = 300
 # ZONE Designate
 ZONE_WAIT_TIME = 120
 # VPN

vmware_nsx_tempest/tests/nsxv3/scenario/test_audit_on_behalf.py

@@ -19,6 +19,7 @@ from oslo_log import log as logging
 from tempest import config
 from tempest.lib import decorators
 
+from vmware_nsx_tempest.common import constants as const
 from vmware_nsx_tempest.lib import feature_manager
 from vmware_nsx_tempest.services import nsx_client
 
@@ -26,10 +27,6 @@ CONF = config.CONF
 
 LOG = logging.getLogger(__name__)
 
-USERNAME = "UserName:'com.vmware.nsx.openstack'"
-
-WAIT_TIME = 300
-
 
 class TestAuditSetUp(feature_manager.FeatureManager):
 
@@ -78,25 +75,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
         audit_userid, audit_tenantid = self.get_user_id('network')
         #verify backend for audit log
         #Sleep: Takes a while for network info to be captured in the logs
-        time.sleep(WAIT_TIME)
+        time.sleep(const.AUDIT_WAIT_TIME)
         audit_info = self.nsx_client.get_audit_log_info(audit_network['id'])
         if audit_info['result_count'] == 0:
             LOG.error('No audit log matching the openstack network id %s'
                       % audit_network['id'])
             raise Exception('No openstack network audit logs collected')
-        match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
+        match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
-                     USERNAME]
         for data in audit_info['results']:
             if "CreateLogicalSwitch" in data['full_log']:
-                if all(x in data['full_log'] for x in match_str):
+                if match_str in data['full_log']:
-                    LOG.info('Audit log captured for openstack user:%s \
+                    LOG.info('Audit log captured for openstack user:%s '
-                             creating logical switch:%s'
+                             'creating logical switch:%s'
                              % (audit_userid, audit_network['id']))
                     self.success = 1
                     break
         if self.success != 1:
-            raise Exception('Create network log does not contain entry for \
+            raise Exception('Create network log does not contain entry for'
-                            openstack user id %s' % audit_userid)
+                            'openstack user id %s' % audit_userid)
 
     @decorators.idempotent_id('a35ce30e-09dd-4c22-bcb7-06ae42a0bd18')
     def test_audit_log_update_network(self):
@@ -113,25 +109,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
         updated_ntwk = self.update_topology_network(audit_network['id'],
                                      **updated_network_body)
         self.assertEqual(updated_ntwk['network']['name'], updated_name)
-        time.sleep(WAIT_TIME)
+        time.sleep(const.AUDIT_WAIT_TIME)
         audit_info = self.nsx_client.get_audit_log_info(audit_network['id'])
         if audit_info['result_count'] == 0:
-            LOG.error('No audit log matching the openstack \
+            LOG.error('No audit log matching the openstack'
-                       network id %s' % audit_network['id'])
+                      ' network id %s' % audit_network['id'])
             raise Exception('No openstack network audit logs collected')
-        match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
+        match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
-                     USERNAME]
         for data in audit_info['results']:
             if "UpdateLogicalSwitch" in data['full_log']:
-                if all(x in data['full_log'] for x in match_str):
+                if match_str in data['full_log']:
                     self.success = 1
-                    LOG.info('Audit log captured for openstack user:%s \
+                    LOG.info('Audit log captured for openstack user:%s'
-                             updating logical switch:%s'
+                             ' updating logical switch:%s'
                              % (audit_userid, audit_network['id']))
                     break
         if self.success != 1:
-            raise Exception("Update network log does not contain entry \
+            raise Exception("Update network log does not contain entry"
-                            for openstack user id %s" % audit_userid)
+                            " for openstack user id %s" % audit_userid)
 
     @decorators.idempotent_id('c95856d1-f8df-4373-ae8d-1272aa58f867')
     def test_audit_log_delete_network(self):
@@ -144,25 +139,26 @@ class TestAuditOnBehalf(TestAuditSetUp):
         audit_userid, audit_tenantid = self.get_user_id('network')
         # delete the network
         self.delete_topology_network(audit_network['id'])
-        time.sleep(WAIT_TIME)
+        time.sleep(const.AUDIT_WAIT_TIME)
-        audit_info = self.nsx_client.get_audit_log_info(str(audit_userid))
+        filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
+        audit_info = self.nsx_client.get_audit_log_info(filter_str)
         if audit_info['result_count'] == 0:
-            LOG.error('No audit log matching delete operation \
+            LOG.error('No audit log matching delete operation'
-                       of openstack network id %s' % audit_network['id'])
+                      'of openstack network id %s' % audit_network['id'])
             raise Exception('No openstack network audit logs collected')
-        match_str = ['DeleteLogicalSwitch', USERNAME]
+        match_str = 'DeleteLogicalSwitch'
         for data in audit_info['results']:
-            if all(x in data['full_log'] for x in match_str):
+            if match_str in data['full_log']:
                 self.success = 1
-                LOG.info('Audit log captured for openstack user:%s \
+                LOG.info('Audit log captured for openstack user:%s'
-                         deleting logical switch:%s'
+                         'deleting logical switch:%s'
                          % (audit_userid, audit_network['id']))
             else:
                 continue
             break
         if self.success != 1:
-            raise Exception('Delete log does not contain entry for \
+            raise Exception('Delete log does not contain entry for'
-                            the openstack user id %s' % audit_userid)
+                            'the openstack user id %s' % audit_userid)
 
     @decorators.idempotent_id('11617fd0-6052-4b39-be20-a3f981ea2636')
     def test_audit_log_create_router(self):
@@ -175,25 +171,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
         audit_userid, audit_tenantid = self.get_user_id('router')
         #verify backend for audit log
         #Sleep: Takes a while for router info to be captured in the logs
-        time.sleep(WAIT_TIME)
+        time.sleep(const.AUDIT_WAIT_TIME)
         audit_info = self.nsx_client.get_audit_log_info(audit_router['id'])
         if audit_info['result_count'] == 0:
             LOG.error('No audit log matching the openstack router id %s'
                       % audit_router['id'])
             raise Exception('No openstack router audit logs collected')
-        match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
+        match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
-                     USERNAME]
         for data in audit_info['results']:
             if "CreateLogicalRouter" in data['full_log']:
-                if all(x in data['full_log'] for x in match_str):
+                if match_str in data['full_log']:
-                    LOG.info('Audit log captured for openstack user:%s \
+                    LOG.info('Audit log captured for openstack user:%s'
-                             creating logical router:%s'
+                             'creating logical router:%s'
                              % (audit_userid, audit_router['id']))
                     self.success = 1
                     break
         if self.success != 1:
-            raise Exception('Create router log does not contain entry \
+            raise Exception('Create router log does not contain entry'
-                            for openstack user id %s' % audit_userid)
+                            'for openstack user id %s' % audit_userid)
 
     @decorators.idempotent_id('909d6970-53c6-4402-a3f1-1ff3dc733209')
     def test_audit_log_update_router(self):
@@ -210,25 +205,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
         updated_rtr = self.update_topology_router(audit_router['id'],
                                      **updated_rtr_body)
         self.assertEqual(updated_rtr['router']['name'], updated_name)
-        time.sleep(WAIT_TIME)
+        time.sleep(const.AUDIT_WAIT_TIME)
         audit_info = self.nsx_client.get_audit_log_info(audit_router['id'])
         if audit_info['result_count'] == 0:
-            LOG.error('No audit log matching the openstack \
+            LOG.error('No audit log matching the openstack'
-                       router id %s' % audit_router['id'])
+                      'router id %s' % audit_router['id'])
             raise Exception('No openstack router audit logs collected')
-        match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
+        match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
-                     USERNAME]
         for data in audit_info['results']:
             if "UpdateLogicalRouter" in data['full_log']:
-                if all(x in data['full_log'] for x in match_str):
+                if match_str in data['full_log']:
                     self.success = 1
-                    LOG.info('Audit log captured for openstack user:%s \
+                    LOG.info('Audit log captured for openstack user:%s'
-                             updating logical router:%s'
+                             'updating logical router:%s'
                              % (audit_userid, audit_router['id']))
                     break
         if self.success != 1:
-            raise Exception("Update router log does not contain entry \
+            raise Exception("Update router log does not contain entry"
-                            for openstack user id %s" % audit_userid)
+                            "for openstack user id %s" % audit_userid)
 
     @decorators.idempotent_id('90761c77-ab7b-44c5-9974-cfc922c00d07')
     def test_audit_log_delete_router(self):
@@ -241,18 +235,19 @@ class TestAuditOnBehalf(TestAuditSetUp):
         audit_userid, audit_tenantid = self.get_user_id('router')
         # delete the network
         self.delete_topology_router(audit_router['id'])
-        time.sleep(WAIT_TIME)
+        time.sleep(const.AUDIT_WAIT_TIME)
-        audit_info = self.nsx_client.get_audit_log_info(str(audit_userid))
+        filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
+        audit_info = self.nsx_client.get_audit_log_info(filter_str)
         if audit_info['result_count'] == 0:
-            LOG.error('No audit log matching delete operation \
+            LOG.error('No audit log matching delete operation'
-                      of openstack router id %s' % audit_router['id'])
+                      'of openstack router id %s' % audit_router['id'])
             raise Exception('No openstack router audit logs collected')
-        match_str = ['DeleteLogicalRouter', USERNAME]
+        match_str = 'DeleteLogicalRouter'
         for data in audit_info['results']:
-            if all(x in data['full_log'] for x in match_str):
+            if match_str in data['full_log']:
                 self.success = 1
-                LOG.info('Audit log captured for openstack user:%s \
+                LOG.info('Audit log captured for openstack user:%s'
-                         deleting logical router:%s' %
+                         'deleting logical router:%s' %
                          (audit_userid, audit_router['id']))
                 break
             else:
@@ -272,25 +267,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
         audit_userid, audit_tenantid = self.get_user_id('sg')
         #verify backend for audit log
         #Sleep: Takes a while for sg info to be captured in the logs
-        time.sleep(WAIT_TIME)
+        time.sleep(const.AUDIT_WAIT_TIME)
         audit_info = self.nsx_client.get_audit_log_info(audit_sg['id'])
         if audit_info['result_count'] == 0:
             LOG.error('No audit log matching the openstack sg id %s'
                       % audit_sg['id'])
             raise Exception('No openstack sg audit logs collected')
-        match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
+        match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
-                     USERNAME]
         for data in audit_info['results']:
             if "CreateNSGroup" in data['full_log']:
-                if all(x in data['full_log'] for x in match_str):
+                if match_str in data['full_log']:
-                    LOG.info('Audit log captured for openstack user:%s \
+                    LOG.info('Audit log captured for openstack user:%s '
-                             creating security group:%s'
+                             'creating security group:%s'
                              % (audit_userid, audit_sg['id']))
                     self.success = 1
                     break
         if self.success != 1:
-            raise Exception('Create security group log does not contain entry \
+            raise Exception('Create security group log does not contain entry '
-                            for openstack user id %s' % audit_userid)
+                            'for openstack user id %s' % audit_userid)
 
     @decorators.idempotent_id('76bd1ad0-4ecd-47e8-99f9-fb88a8058ff4')
     def test_audit_log_update_security_group(self):
@@ -307,25 +301,24 @@ class TestAuditOnBehalf(TestAuditSetUp):
         updated_sg = self.update_topology_security_group(audit_sg['id'],
                                      **updated_sg_body)
         self.assertEqual(updated_sg['security_group']['name'], updated_name)
-        time.sleep(WAIT_TIME)
+        time.sleep(const.AUDIT_WAIT_TIME)
         audit_info = self.nsx_client.get_audit_log_info(audit_sg['id'])
         if audit_info['result_count'] == 0:
-            LOG.error('No audit log matching the openstack \
+            LOG.error('No audit log matching the openstack'
-                       security group id %s' % audit_sg['id'])
+                      ' security group id %s' % audit_sg['id'])
             raise Exception('No openstack security group audit logs collected')
-        match_str = [("euser=\"%s %s" % (audit_userid, audit_tenantid)),
+        match_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
-                     USERNAME]
         for data in audit_info['results']:
             if "UpdateNSGroup" in data['full_log']:
-                if all(x in data['full_log'] for x in match_str):
+                if match_str in data['full_log']:
                     self.success = 1
-                    LOG.info('Audit log captured for openstack user:%s \
+                    LOG.info('Audit log captured for openstack user:%s'
-                             updating security group:%s'
+                             ' updating security group:%s'
                              % (audit_userid, audit_sg['id']))
                     break
         if self.success != 1:
-            raise Exception("Update sg log does not contain entry \
+            raise Exception("Update sg log does not contain entry"
-                            for openstack user id %s" % audit_userid)
+                            " for openstack user id %s" % audit_userid)
 
     @decorators.idempotent_id('a20bebc7-5773-4086-9ccc-54d8548e37ae')
     def test_audit_log_delete_security_group(self):
@@ -338,18 +331,19 @@ class TestAuditOnBehalf(TestAuditSetUp):
         audit_userid, audit_tenantid = self.get_user_id('sg')
         # delete the security group
         self.delete_topology_security_group(audit_sg['id'])
-        time.sleep(WAIT_TIME)
+        time.sleep(const.AUDIT_WAIT_TIME)
-        audit_info = self.nsx_client.get_audit_log_info(str(audit_userid))
+        filter_str = "euser=\"%s %s" % (audit_userid, audit_tenantid)
+        audit_info = self.nsx_client.get_audit_log_info(filter_str)
         if audit_info['result_count'] == 0:
-            LOG.error('No audit log matching delete operation \
+            LOG.error('No audit log matching delete operation'
-                      of openstack security group id %s' % audit_sg['id'])
+                      ' of openstack security group id %s' % audit_sg['id'])
             raise Exception('No openstack security group logs collected')
-        match_str = ['DeleteNSGroup', USERNAME]
+        match_str = 'DeleteNSGroup'
         for data in audit_info['results']:
-            if all(x in data['full_log'] for x in match_str):
+            if match_str in data['full_log']:
                 self.success = 1
-                LOG.info('Audit log captured for openstack user:%s \
+                LOG.info('Audit log captured for openstack user:%s'
-                         deleting security group:%s' %
+                         ' deleting security group:%s' %
                          (audit_userid, audit_sg['id']))
                 break
             else: