Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

networking tests: fix ssh auth, clean up code #1060

Merged
merged 2 commits into from
Jan 22, 2024
Merged

networking tests: fix ssh auth, clean up code #1060

merged 2 commits into from
Jan 22, 2024

Conversation

m-ildefons
Copy link
Contributor

  • Fix SSH auth using password. Paramiko can get confused when using password authentication while having SSH keys in the SSH agent. In case the test suite is being run using password based authentication, the options allow_agent=False and look_for_key=False prevent paramiko from trying to get keys from the SSH agent, allowing password based authentication to proceed without error.

  • Clean up duplicated fixture vlan_id and vlan_nic. These pytest fixtures were copy-and-pasted into several places, so to simplify the code they are consolidated in a single place where other network fixtures can be kept in the future as well.

@m-ildefons
networking tests: fix ssh auth, clean up code
478ad82 
- Fix SSH auth using password. Paramiko can get confused when using
  password authentication while having SSH keys in the SSH agent. In
  case the test suite is being run using password based authentication,
  the options `allow_agent=False` and `look_for_key=False` prevent
  paramiko from trying to get keys from the SSH agent, allowing password
  based authentication to proceed without error.

- Clean up duplicated fixture `vlan_id` and `vlan_nic`. These pytest
  fixtures were copy-and-pasted into several places, so to simplify the
  code they are consolidated in a single place where other network
  fixtures can be kept in the future as well.

Signed-off-by: Moritz Röhrich <[email protected]>
@m-ildefons m-ildefons self-assigned this Jan 17, 2024
@innobead innobead requested a review from albinsun January 17, 2024 14:25
@lanfon72 lanfon72 requested a review from a team January 17, 2024 19:04
lanfon72
lanfon72 requested changes Jan 17, 2024
View reviewed changes
Copy link
Member

@lanfon72 lanfon72 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please run a test on all changed test files especially VM having a test with jumphost (use fixture vm_shell_from_host) to make sure the allow_agent will not break any exisiting tests.

harvester_e2e_tests/fixtures/api_client.py Outdated
# prevents paramiko from getting confused by ssh keys in the ssh
# agent:
if self.password and not self.pkey:
kws.update(dict(allow_agent=False, look_for_keys=False))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The implement will implicit overwrite allow_agent and look_for_keys when call the method as

login("IP", allow_agent=True, look_for_keys=True)

So please update the method signature to add parameters allow_agent and look_for_keys with default False and merge them into kws.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok done, but calling login("IP", allow_agent=True, look_for_keys=True) makes no sense because the authentication will still fail if they want to use password authentication but have an SSH key in their ssh agent.

Keep in mind that some people have an SSH key in their agent that has nothing to do with these tests.

@m-ildefons
networking tests: give ssh params defaults
2e15ec7 
Make ssh parameters `allow_agent` and `look_for_keys` default to
`False`, but let them be overridden on method call if necessary.

Signed-off-by: Moritz Röhrich <[email protected]>
@m-ildefons
Copy link
Contributor Author

Works fine for me:

│ ~/repos/harvester/tests │ 1 ► pytest harvester_e2e_tests/ -m networks
=============================================================================================== test session starts ================================================================================================
platform linux -- Python 3.6.15, pytest-7.0.1, pluggy-1.0.0
rootdir: /home/moritz/repos/harvester/tests, configfile: tox.ini
plugins: drop-dup-tests-0.3.0, ordering-0.6, metadata-1.11.0, html-3.2.0, json-report-1.5.0, dependency-0.6.0
collected 226 items / 212 deselected / 14 selected                                                                                                                                                                 

harvester_e2e_tests/apis/test_networks.py ..ss..s...                                                                                                                                                         [ 71%]
harvester_e2e_tests/integration/test_0_storage_network.py .                                                                                                                                                  [ 78%]
harvester_e2e_tests/integration/test_vm_networks.py ...                                                                                                                                                      [100%]

================================================================================================= warnings summary =================================================================================================
.venv/lib64/python3.6/site-packages/paramiko/transport.py:32
  /home/moritz/repos/harvester/tests/.venv/lib64/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for
 it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
    from cryptography.hazmat.backends import default_backend

harvester_e2e_tests/apis/test_networks.py: 8 warnings
harvester_e2e_tests/integration/test_0_storage_network.py: 1 warning
harvester_e2e_tests/integration/test_vm_networks.py: 3 warnings
  /home/moritz/repos/harvester/tests/.venv/lib64/python3.6/site-packages/urllib3/connectionpool.py:1068: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.84.102.31'. Adding certificate v
erification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
    InsecureRequestWarning,

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
====================================================================== 11 passed, 3 skipped, 212 deselected, 13 warnings in 480.07s (0:08:00) ======================================================================
│ ~/repos/harvester/tests │►

@m-ildefons m-ildefons requested a review from lanfon72 January 19, 2024 13:45
lanfon72
lanfon72 approved these changes Jan 22, 2024
View reviewed changes
Copy link
Member

@lanfon72 lanfon72 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general LGTM

@lanfon72 lanfon72 merged commit 89e289c into harvester:main Jan 22, 2024
2 checks passed
@m-ildefons m-ildefons mentioned this pull request Jan 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lanfon72 lanfon72 lanfon72 approved these changes

@khushboo-rancher khushboo-rancher Awaiting requested review from khushboo-rancher

@albinsun albinsun Awaiting requested review from albinsun

Assignees

@m-ildefons m-ildefons

Labels
area/backend-automation Implement with pytest func/network
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@m-ildefons @lanfon72