1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
#!/usr/bin/python
"""
Copyright (C) International Business Machines Corp., 2006
Author: Stefan Berger <stefanb@us.ibm.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; under version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
"""
from Test import *
import xen.util.xsm.xsm as security
from xen.xm.main import server
from xen.util import xsconstants
import re
try:
from acm_config import *
except:
ACM_LABEL_RESOURCES = False
labeled_resources = {}
acm_verbose = False
def isACMEnabled():
return security.on()
def getSystemPolicyName():
s,o = traceCommand("xm getpolicy")
m = re.compile("Policy name[\s]*: ([A-z\-]+)").search(o)
if m:
polname = m.group(1)
return polname
return ""
def ACMLoadPolicy_XenAPI(policy='xm-test'):
polname = getSystemPolicyName()
if polname != policy:
# Try it, maybe it's not activated
traceCommand("xm setpolicy %s %s" %
(xsconstants.XS_POLICY_ACM, policy))
polname = getSystemPolicyName()
if polname != policy:
FAIL("Need to have a system with no or policy '%s' active, "
"not %s" % (policy,polname))
else:
s, o = traceCommand("xm activatepolicy --load")
else:
s, o = traceCommand("xm activatepolicy --load")
if not re.search("Successfully", o):
FAIL("Could not set the policy '%s'." % policy)
def ACMLoadPolicy(policy='xm-test'):
from xen.xm import main
if main.serverType == main.SERVER_XEN_API:
ACMLoadPolicy_XenAPI()
else:
cmd='xm dumppolicy | grep -E "^POLICY REFERENCE = ' + policy + '.$"'
s, o = traceCommand(cmd)
if o != "":
return
s, o = traceCommand("xm makepolicy %s" % (policy))
if s != 0:
FAIL("Need to be able to do 'xm makepolicy %s' but could not" %
(policy))
s, o = traceCommand("xm loadpolicy %s" % (policy))
if s != 0:
FAIL("Could not load the required policy '%s'.\n"
"Start the system without any policy.\n%s" %
(policy, o))
def ACMPrepareSystem(resources):
if isACMEnabled():
ACMLoadPolicy()
ACMLabelResources(resources)
def ACMLabelResources(resources):
for k, v in resources.items():
if k == "disk":
for vv in v:
res = vv.split(',')[0]
ACMLabelResource(res)
# Applications may label resources explicitly by calling this function
def ACMLabelResource(resource, label='red'):
if not isACMEnabled():
return
if acm_verbose:
print "labeling resource %s with label %s" % (resource, label)
if not ACM_LABEL_RESOURCES:
SKIP("Skipping test since not allowed to label resources in "
"test suite")
if not isACMResourceLabeled(resource):
ACMUnlabelResource(resource)
s, o = traceCommand("xm addlabel %s res %s" % (label, resource))
if s != 0:
FAIL("Could not add label to resource")
else:
labeled_resources["%s" % resource] = 1
# Application may remove a label from a resource. It has to call this
# function and must do so once a resource for re-labeling a resource
def ACMUnlabelResource(resource):
s, o = traceCommand("xm rmlabel res %s" % (resource))
labeled_resources["%s" % resource] = 0
def isACMResourceLabeled(resource):
""" Check whether a resource has been labeled using this API
and while running the application """
try:
if labeled_resources["%s" % resource] == 1:
if acm_verbose:
print "resource %s already labeled!" % resource
return True
except:
return False
return False
|