def test_set_property_validation_integer(self): output, returnVal = pcs( temp_cib, "property set migration-limit=0" ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: migration-limit: 0 """ ) output, returnVal = pcs( temp_cib, "property set migration-limit=-10" ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: migration-limit: -10 """ ) output, returnVal = pcs( temp_cib, "property set migration-limit=0 --force" ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: migration-limit: 0 """ ) output, returnVal = pcs( temp_cib, "property set migration-limit=0.1" ) ac( output, "Error: invalid value of property: " "'migration-limit=0.1', (use --force to override)\n" ) self.assertEqual(returnVal, 1) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: migration-limit: 0 """ ) output, returnVal = pcs( temp_cib, "property set migration-limit=0.1 --force" ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: migration-limit: 0.1 """ )
def test_set_property_validation_boolean(self): output, returnVal = pcs(temp_cib, "property set enable-acl=TRUE") ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: enable-acl: TRUE """ ) output, returnVal = pcs(temp_cib, "property set enable-acl=no") ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: enable-acl: no """ ) output, returnVal = pcs( temp_cib, "property set enable-acl=TRUE --force" ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: enable-acl: TRUE """ ) output, returnVal = pcs( temp_cib, "property set enable-acl=not_valid_value" ) ac( output, "Error: invalid value of property: " "'enable-acl=not_valid_value', (use --force to override)\n" ) self.assertEqual(returnVal, 1) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: enable-acl: TRUE """ ) output, returnVal = pcs( temp_cib, "property set enable-acl=not_valid_value --force" ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: enable-acl: not_valid_value """ )
def test_set_property_validation_enum(self): output, returnVal = pcs(self.temp_cib.name, "property set no-quorum-policy=freeze".split()) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(self.temp_cib.name, "property config".split()) ac( o, """Cluster Properties: no-quorum-policy: freeze """, ) output, returnVal = pcs( self.temp_cib.name, "property set no-quorum-policy=freeze --force".split(), ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(self.temp_cib.name, "property config".split()) ac( o, """Cluster Properties: no-quorum-policy: freeze """, ) output, returnVal = pcs( self.temp_cib.name, "property set no-quorum-policy=not_valid_value".split(), ) ac( output, "Error: invalid value of property: " "'no-quorum-policy=not_valid_value', (use --force to override)\n", ) self.assertEqual(returnVal, 1) o, _ = pcs(self.temp_cib.name, "property config".split()) ac( o, """Cluster Properties: no-quorum-policy: freeze """, ) output, returnVal = pcs( self.temp_cib.name, "property set no-quorum-policy=not_valid_value --force".split(), ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(self.temp_cib.name, "property config".split()) ac( o, """Cluster Properties: no-quorum-policy: not_valid_value """, )
def test_dont_create_nvset_on_removal(self): # pcs does not actually do cib editing, it passes it to crm_node. So # this behaves differently than the rest of pcs - instead of doing # nothing it returns an error. # Should be changed to be consistent with the rest of pcs. output, retval = pcs(self.temp_cib.name, "node attribute rh7-1 test=") self.assertEqual( output, "Error: attribute: 'test' doesn't exist for node: 'rh7-1'\n" ) self.assertEqual(retval, 2)
def test_dont_create_nvset_on_removal(self): # pcs does not actually do cib editing, it passes it to crm_node. So # this behaves differently than the rest of pcs - instead of doing # nothing it returns an error. # Should be changed to be consistent with the rest of pcs. output, retval = pcs(self.temp_cib, "node attribute rh7-1 test=") self.assertEqual( output, "Error: attribute: 'test' doesn't exist for node: 'rh7-1'\n" ) self.assertEqual(retval, 2)
def testClusterUpgrade(self): # pylint: disable=no-self-use with open(temp_cib) as myfile: data = myfile.read() assert data.find("pacemaker-1.2") != -1 assert data.find("pacemaker-2.") == -1 o, r = pcs(temp_cib, "cluster cib-upgrade") ac(o, "Cluster CIB has been upgraded to latest version\n") assert r == 0 with open(temp_cib) as myfile: data = myfile.read() assert data.find("pacemaker-1.2") == -1 assert data.find("pacemaker-2.") == -1 assert data.find("pacemaker-3.") != -1 o, r = pcs(temp_cib, "cluster cib-upgrade") ac(o, "Cluster CIB has been upgraded to latest version\n") assert r == 0
def test_cluster_upgrade(self): # pylint: disable=invalid-name self.temp_cib.seek(0) data = self.temp_cib.read() assert data.find("pacemaker-1.2") != -1 assert data.find("pacemaker-2.") == -1 o, r = pcs(self.temp_cib.name, "cluster cib-upgrade".split()) ac(o, "Cluster CIB has been upgraded to latest version\n") assert r == 0 self.temp_cib.seek(0) data = self.temp_cib.read() assert data.find("pacemaker-1.2") == -1 assert data.find("pacemaker-2.") == -1 assert data.find("pacemaker-3.") != -1 o, r = pcs(self.temp_cib.name, "cluster cib-upgrade".split()) ac(o, "Cluster CIB has been upgraded to latest version\n") assert r == 0
def test_cluster_upgrade(self): # pylint: disable=no-self-use # pylint: disable=invalid-name with open(self.temp_cib) as myfile: data = myfile.read() assert data.find("pacemaker-1.2") != -1 assert data.find("pacemaker-2.") == -1 o, r = pcs(self.temp_cib, "cluster cib-upgrade") ac(o, "Cluster CIB has been upgraded to latest version\n") assert r == 0 with open(self.temp_cib) as myfile: data = myfile.read() assert data.find("pacemaker-1.2") == -1 assert data.find("pacemaker-2.") == -1 assert data.find("pacemaker-3.") != -1 o, r = pcs(self.temp_cib, "cluster cib-upgrade") ac(o, "Cluster CIB has been upgraded to latest version\n") assert r == 0
def testDefaults(self): output, returnVal = pcs(self.temp_cib.name, "property --defaults".split()) prop_defaults = output assert returnVal == 0, "Unable to list resources" assert output.startswith("Cluster Properties:\n batch-limit") output, returnVal = pcs(self.temp_cib.name, "property --all".split()) assert returnVal == 0, "Unable to list resources" assert output.startswith("Cluster Properties:\n batch-limit") ac(output, prop_defaults) output, returnVal = pcs(self.temp_cib.name, "property set blahblah=blah".split()) assert returnVal == 1 assert ( # pylint: disable=line-too-long output == "Error: unknown cluster property: 'blahblah', (use --force to override)\n" ), [output] output, returnVal = pcs(self.temp_cib.name, "property set blahblah=blah --force".split()) assert returnVal == 0, output assert output == "", output output, returnVal = pcs(self.temp_cib.name, "property set stonith-enabled=false".split()) assert returnVal == 0, output assert output == "", output output, returnVal = pcs(self.temp_cib.name, ["property"]) assert returnVal == 0 assert ( output == "Cluster Properties:\n blahblah: blah\n stonith-enabled: false\n" ), [output] output, returnVal = pcs(self.temp_cib.name, "property --defaults".split()) assert returnVal == 0, "Unable to list resources" assert output.startswith("Cluster Properties:\n batch-limit") ac(output, prop_defaults) output, returnVal = pcs(self.temp_cib.name, "property --all".split()) assert returnVal == 0, "Unable to list resources" assert "blahblah: blah" in output assert "stonith-enabled: false" in output assert output.startswith("Cluster Properties:\n batch-limit")
def test_set_property_validation_enum(self): output, returnVal = pcs( temp_cib, "property set no-quorum-policy=freeze" ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: no-quorum-policy: freeze """ ) output, returnVal = pcs( temp_cib, "property set no-quorum-policy=freeze --force" ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: no-quorum-policy: freeze """ ) output, returnVal = pcs( temp_cib, "property set no-quorum-policy=not_valid_value" ) ac( output, "Error: invalid value of property: " "'no-quorum-policy=not_valid_value', (use --force to override)\n" ) self.assertEqual(returnVal, 1) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: no-quorum-policy: freeze """ ) output, returnVal = pcs( temp_cib, "property set no-quorum-policy=not_valid_value --force" ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(temp_cib, "property list") ac(o, """Cluster Properties: no-quorum-policy: not_valid_value """ )
def testDefaults(self): output, returnVal = pcs(temp_cib, "property --defaults") prop_defaults = output assert returnVal == 0, 'Unable to list resources' assert output.startswith('Cluster Properties:\n batch-limit') output, returnVal = pcs(temp_cib, "property --all") assert returnVal == 0, 'Unable to list resources' assert output.startswith('Cluster Properties:\n batch-limit') ac(output,prop_defaults) output, returnVal = pcs(temp_cib, "property set blahblah=blah") assert returnVal == 1 assert output == "Error: unknown cluster property: 'blahblah', (use --force to override)\n",[output] output, returnVal = pcs(temp_cib, "property set blahblah=blah --force") assert returnVal == 0,output assert output == "",output output, returnVal = pcs(temp_cib, "property set stonith-enabled=false") assert returnVal == 0,output assert output == "",output output, returnVal = pcs(temp_cib, "property") assert returnVal == 0 assert output == "Cluster Properties:\n blahblah: blah\n stonith-enabled: false\n", [output] output, returnVal = pcs(temp_cib, "property --defaults") assert returnVal == 0, 'Unable to list resources' assert output.startswith('Cluster Properties:\n batch-limit') ac(output,prop_defaults) output, returnVal = pcs(temp_cib, "property --all") assert returnVal == 0, 'Unable to list resources' assert "blahblah: blah" in output assert "stonith-enabled: false" in output assert output.startswith('Cluster Properties:\n batch-limit')
def testEnableDisable(self): o, r = pcs(temp_cib, "acl disable") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") assert r == 0 ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n") o, r = pcs(temp_cib, "acl enable") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") assert r == 0 ac(o, "ACLs are enabled\n\n") o, r = pcs(temp_cib, "acl disable") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") assert r == 0 ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n")
def testEnableDisable(self): o, r = pcs(self.temp_cib.name, "acl disable".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) assert r == 0 ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n") o, r = pcs(self.temp_cib.name, "acl enable".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) assert r == 0 ac(o, "ACLs are enabled\n\n") o, r = pcs(self.temp_cib.name, "acl disable".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) assert r == 0 ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n")
def testEmpty(self): output, returnVal = pcs(temp_cib, "property") assert returnVal == 0, 'Unable to list resources' assert output == "Cluster Properties:\n", [output]
def testPermissionAddDelete(self): o, r = pcs( self.temp_cib.name, "acl role create role1 read xpath /xpath1/ write xpath /xpath2/". split(), ) ac(o, "") assert r == 0 o, r = pcs( self.temp_cib.name, "acl role create role2 read xpath /xpath3/ write xpath /xpath4/". split(), ) ac(o, "") assert r == 0 o, r = pcs( self.temp_cib.name, "acl role create role3 read xpath /xpath5/ write xpath /xpath6/". split(), ) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, "acl show".split()) assert r == 0 ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: read xpath /xpath3/ (role2-read) Permission: write xpath /xpath4/ (role2-write) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: write xpath /xpath6/ (role3-write) """, ) o, r = pcs( self.temp_cib.name, "acl permission add role1 deny xpath /myxpath1/".split(), ) ac(o, "") assert r == 0 o, r = pcs( self.temp_cib.name, "acl permission add role4 deny xpath /myxpath2/".split(), ) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, "acl show".split()) assert r == 0 ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Permission: deny xpath /myxpath1/ (role1-deny) Role: role2 Permission: read xpath /xpath3/ (role2-read) Permission: write xpath /xpath4/ (role2-write) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: write xpath /xpath6/ (role3-write) Role: role4 Permission: deny xpath /myxpath2/ (role4-deny) """, ) o, r = pcs(self.temp_cib.name, "acl permission delete role4-deny".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, "acl permission delete role4-deny".split()) ac(o, "Error: ACL permission 'role4-deny' does not exist\n") assert r == 1 o, r = pcs(self.temp_cib.name, "acl permission remove role4-deny".split()) ac(o, "Error: ACL permission 'role4-deny' does not exist\n") assert r == 1 o, r = pcs(self.temp_cib.name, "acl show".split()) assert r == 0 ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Permission: deny xpath /myxpath1/ (role1-deny) Role: role2 Permission: read xpath /xpath3/ (role2-read) Permission: write xpath /xpath4/ (role2-write) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: write xpath /xpath6/ (role3-write) Role: role4 """, ) o, r = pcs(self.temp_cib.name, "acl permission delete role3-read".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, "acl permission delete role3-write".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Permission: deny xpath /myxpath1/ (role1-deny) Role: role2 Permission: read xpath /xpath3/ (role2-read) Permission: write xpath /xpath4/ (role2-write) Role: role3 Role: role4 """, ) assert r == 0 o, r = pcs(self.temp_cib.name, "acl permission remove role1-read".split()) ac(o, "") self.assertEqual(0, r) o, r = pcs(self.temp_cib.name, "acl permission remove role1-write".split()) ac(o, "") self.assertEqual(0, r) o, r = pcs(self.temp_cib.name, "acl permission remove role1-deny".split()) ac(o, "") self.assertEqual(0, r) o, r = pcs(self.temp_cib.name, "acl permission remove role2-read".split()) ac(o, "") self.assertEqual(0, r) o, r = pcs(self.temp_cib.name, "acl permission remove role2-write".split()) ac(o, "") self.assertEqual(0, r) o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Role: role2 Role: role3 Role: role4 """, ) self.assertEqual(0, r) o, r = pcs(self.temp_cib.name, "acl permission add role1 read".split()) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl permission add role1 read //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl permission add role1 read xpath".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl permission add role1 read id".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl permission add role1 readX xpath //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl permission add role1 read xpathX //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl permission add role1 read id dummy read".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl permission add role1 read id dummy read //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl permission add role1 read id dummy read xpath".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl permission add role1 read id dummy read id".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) self.assert_pcs_fail( "acl permission add role1 read id dummy readX xpath //resources". split(), stdout_start="\nUsage: pcs acl permission add...", ) self.assert_pcs_fail( "acl permission add role1 read id dummy read xpathX //resources". split(), stdout_start="\nUsage: pcs acl permission add...", ) o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Role: role2 Role: role3 Role: role4 """, ) self.assertEqual(0, r)
def testUserGroupCreateDeleteWithRoles(self): o, r = pcs( self.temp_cib.name, "acl role create role1 read xpath /xpath1/ write xpath /xpath2/". split(), ) assert r == 0 ac(o, "") o, r = pcs( self.temp_cib.name, "acl role create role2 deny xpath /xpath3/ deny xpath /xpath4/". split(), ) assert r == 0 ac(o, "") o, r = pcs( self.temp_cib.name, "acl role create role3 read xpath /xpath5/ read xpath /xpath6/". split(), ) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, "acl user create user1 roleX".split()) ac(o, "Error: ACL role 'roleX' does not exist\n") self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl user create user1 role1 roleX".split(), ) ac(o, "Error: ACL role 'roleX' does not exist\n") self.assertEqual(1, r) o, r = pcs(self.temp_cib.name, "acl group create group1 roleX".split()) ac(o, "Error: ACL role 'roleX' does not exist\n") self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl group create group1 role1 roleX".split(), ) ac(o, "Error: ACL role 'roleX' does not exist\n") self.assertEqual(1, r) o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: read xpath /xpath6/ (role3-read-1) """, ) self.assertEqual(0, r) o, r = pcs( self.temp_cib.name, "acl user create user1 role1 role2".split(), ) assert r == 0 ac(o, "") o, r = pcs( self.temp_cib.name, "acl group create group1 role1 role3".split(), ) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) assert r == 0 ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role1 role2 Group: group1 Roles: role1 role3 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: read xpath /xpath6/ (role3-read-1) """, ) o, r = pcs(self.temp_cib.name, "acl role create group1".split()) assert r == 1 ac(o, "Error: 'group1' already exists\n") o, r = pcs(self.temp_cib.name, "acl role create role1".split()) assert r == 1 ac(o, "Error: 'role1' already exists\n") o, r = pcs(self.temp_cib.name, "acl user create user1".split()) assert r == 1 ac(o, "Error: 'user1' already exists\n") o, r = pcs(self.temp_cib.name, "acl group create group1".split()) assert r == 1 ac(o, "Error: 'group1' already exists\n") o, r = pcs(self.temp_cib.name, "acl group create role1".split()) assert r == 1 ac(o, "Error: 'role1' already exists\n") o, r = pcs( self.temp_cib.name, "acl role assign role1 to noexist".split(), ) assert r == 1 ac(o, "Error: ACL group/ACL user 'noexist' does not exist\n") o, r = pcs( self.temp_cib.name, "acl role assign noexist to user1".split(), ) assert r == 1 ac(o, "Error: ACL role 'noexist' does not exist\n") o, r = pcs( self.temp_cib.name, "acl role assign role3 to user1".split(), ) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) assert r == 0 ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role1 role2 role3 Group: group1 Roles: role1 role3 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: read xpath /xpath6/ (role3-read-1) """, ) o, r = pcs( self.temp_cib.name, "acl role unassign noexist from user1".split(), ) assert r == 1 ac(o, "Error: Role 'noexist' is not assigned to 'user1'\n") o, r = pcs( self.temp_cib.name, "acl role unassign role3 from noexist".split(), ) assert r == 1 ac(o, "Error: ACL group/ACL user 'noexist' does not exist\n") o, r = pcs( self.temp_cib.name, "acl role unassign role3 from user1".split(), ) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) assert r == 0 ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role1 role2 Group: group1 Roles: role1 role3 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: read xpath /xpath6/ (role3-read-1) """, ) o, r = pcs( self.temp_cib.name, "acl role unassign role2 from user1".split(), ) assert r == 0 ac(o, "") o, r = pcs( self.temp_cib.name, "acl role unassign role1 from user1".split(), ) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: Group: group1 Roles: role1 role3 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: read xpath /xpath6/ (role3-read-1) """, ) assert r == 0 o, r = pcs(self.temp_cib.name, "acl role delete role3".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """, ) assert r == 0 o, r = pcs( self.temp_cib.name, "acl role assign role2 to user1".split(), ) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) assert r == 0 ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role2 Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """, ) o, r = pcs(self.temp_cib.name, "acl role assign role1 user1".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role2 role1 Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """, ) assert r == 0 o, r = pcs( self.temp_cib.name, "acl role unassign role2 from user1 --autodelete".split(), ) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role1 Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """, ) assert r == 0 o, r = pcs( self.temp_cib.name, "acl role unassign role1 from user1 --autodelete".split(), ) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """, ) assert r == 0 o, r = pcs( self.temp_cib.name, "acl user create user1 role1 role2".split(), ) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role1 role2 Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """, ) assert r == 0 o, r = pcs( self.temp_cib.name, "acl role delete role1 --autodelete".split(), ) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role2 Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """, ) assert r == 0 o, r = pcs(self.temp_cib.name, "acl role delete role2".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: """, ) assert r == 0
def testRoleCreateDelete(self): o, r = pcs(self.temp_cib.name, "acl role create role0 read".split()) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 read //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 read xpath".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(self.temp_cib.name, "acl role create role0 read id".split()) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 readX xpath //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 read xpathX //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 description=test read".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 description=test read //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 description=test read xpath".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 description=test read id".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 description=test readX xpath //resources". split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 description=test read xpathX //resources". split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 desc=test read".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 desc=test read //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 desc=test read xpath".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 desc=test read id".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 desc=test readX xpath //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( self.temp_cib.name, "acl role create role0 desc=test read xpathX //resources".split(), ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(self.temp_cib.name, ["acl"]) ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n") self.assertEqual(0, r) o, r = pcs(self.temp_cib.name, "acl role create role0".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, "acl role create role0".split()) ac(o, "Error: 'role0' already exists\n") assert r == 1 o, r = pcs( self.temp_cib.name, ["acl", "role", "create", "role0d", "description=empty role"], ) ac(o, "") assert r == 0 o, r = pcs( self.temp_cib.name, "acl role create role1 read xpath /xpath/".split(), ) ac(o, "") assert r == 0 o, r = pcs( self.temp_cib.name, [ "acl", "role", "create", "role2", "description=with description", "READ", "XPATH", "/xpath/", ], ) assert r == 0 ac(o, "") o, r = pcs( self.temp_cib.name, ("acl role create role3 Read XPath /xpath_query/ wRiTe xpATH " "/xpath_query2/ deny xpath /xpath_query3/").split(), ) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role0 Role: role0d Description: empty role Role: role1 Permission: read xpath /xpath/ (role1-read) Role: role2 Description: with description Permission: read xpath /xpath/ (role2-read) Role: role3 Permission: read xpath /xpath_query/ (role3-read) Permission: write xpath /xpath_query2/ (role3-write) Permission: deny xpath /xpath_query3/ (role3-deny) """, ) assert r == 0 o, r = pcs(self.temp_cib.name, "acl role delete role2".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role0 Role: role0d Description: empty role Role: role1 Permission: read xpath /xpath/ (role1-read) Role: role3 Permission: read xpath /xpath_query/ (role3-read) Permission: write xpath /xpath_query2/ (role3-write) Permission: deny xpath /xpath_query3/ (role3-deny) """, ) assert r == 0 o, r = pcs(self.temp_cib.name, "acl role delete role2".split()) assert r == 1 ac(o, "Error: ACL role 'role2' does not exist\n") o, r = pcs(self.temp_cib.name, "acl role delete role1".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, "acl role remove role3".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, "acl role remove role0".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, "acl role remove role0d".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, ["acl"]) ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n") assert r == 0
def testUserGroupCreateDelete(self): o, r = pcs(self.temp_cib.name, ["acl"]) assert r == 0 ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n") o, r = pcs(self.temp_cib.name, "acl user create user1".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, "acl user create user2".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, "acl user create user1".split()) assert r == 1 ac(o, "Error: 'user1' already exists\n") o, r = pcs(self.temp_cib.name, "acl group create group1".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, "acl group create group2".split()) assert r == 0 ac(o, "") o, r = pcs(self.temp_cib.name, "acl group create group1".split()) assert r == 1 ac(o, "Error: 'group1' already exists\n") o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: User: user2 Roles: Group: group1 Roles: Group: group2 Roles: """, ) assert r == 0 o, r = pcs(self.temp_cib.name, "acl group delete user1".split()) assert r == 1 ac(o, "Error: ACL group 'user1' does not exist\n") o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: User: user2 Roles: Group: group1 Roles: Group: group2 Roles: """, ) assert r == 0 o, r = pcs(self.temp_cib.name, "acl group delete group2".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: User: user2 Roles: Group: group1 Roles: """, ) assert r == 0 o, r = pcs(self.temp_cib.name, "acl group remove group1".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: User: user2 Roles: """, ) assert r == 0 o, r = pcs(self.temp_cib.name, "acl user delete user1".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user2 Roles: """, ) assert r == 0 o, r = pcs(self.temp_cib.name, "acl user remove user2".split()) ac(o, "") assert r == 0 o, r = pcs(self.temp_cib.name, ["acl"]) assert r == 0 ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n")
def testBadProperties(self): o,r = pcs(temp_cib, "property set xxxx=zzzz") self.assertEqual(r, 1) ac(o,"Error: unknown cluster property: 'xxxx', (use --force to override)\n") o, _ = pcs(temp_cib, "property list") ac(o, "Cluster Properties:\n") output, returnVal = pcs(temp_cib, "property set =5678 --force") ac(output, "Error: empty property name: '=5678'\n") self.assertEqual(returnVal, 1) o, _ = pcs(temp_cib, "property list") ac(o, "Cluster Properties:\n") output, returnVal = pcs(temp_cib, "property set =5678") ac(output, "Error: empty property name: '=5678'\n") self.assertEqual(returnVal, 1) o, _ = pcs(temp_cib, "property list") ac(o, "Cluster Properties:\n") output, returnVal = pcs(temp_cib, "property set bad_format") ac(output, "Error: invalid property format: 'bad_format'\n") self.assertEqual(returnVal, 1) o, _ = pcs(temp_cib, "property list") ac(o, "Cluster Properties:\n") output, returnVal = pcs(temp_cib, "property set bad_format --force") ac(output, "Error: invalid property format: 'bad_format'\n") self.assertEqual(returnVal, 1) o, _ = pcs(temp_cib, "property list") ac(o, "Cluster Properties:\n") o,r = pcs(temp_cib, "property unset zzzzz") self.assertEqual(r, 1) ac(o,"Error: can't remove property: 'zzzzz' that doesn't exist\n") o, _ = pcs(temp_cib, "property list") ac(o, "Cluster Properties:\n") o,r = pcs(temp_cib, "property unset zzzz --force") self.assertEqual(r, 0) ac(o,"") o, _ = pcs(temp_cib, "property list") ac(o, "Cluster Properties:\n")
def test_set_property_validation_integer(self): output, returnVal = pcs(self.temp_cib.name, "property set migration-limit=0".split()) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(self.temp_cib.name, "property config".split()) ac( o, """Cluster Properties: migration-limit: 0 """, ) output, returnVal = pcs(self.temp_cib.name, "property set migration-limit=-10".split()) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(self.temp_cib.name, "property config".split()) ac( o, """Cluster Properties: migration-limit: -10 """, ) output, returnVal = pcs( self.temp_cib.name, "property set migration-limit=0 --force".split(), ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(self.temp_cib.name, "property config".split()) ac( o, """Cluster Properties: migration-limit: 0 """, ) output, returnVal = pcs(self.temp_cib.name, "property set migration-limit=0.1".split()) ac( output, "Error: invalid value of property: " "'migration-limit=0.1', (use --force to override)\n", ) self.assertEqual(returnVal, 1) o, _ = pcs(self.temp_cib.name, "property config".split()) ac( o, """Cluster Properties: migration-limit: 0 """, ) output, returnVal = pcs( self.temp_cib.name, "property set migration-limit=0.1 --force".split(), ) ac(output, "") self.assertEqual(returnVal, 0) o, _ = pcs(self.temp_cib.name, "property config".split()) ac( o, """Cluster Properties: migration-limit: 0.1 """, )
def test_node_utilization_set(self): output, returnVal = pcs(self.temp_cib.name, "node utilization rh7-1 test1=10".split()) ac("", output) self.assertEqual(0, returnVal) output, returnVal = pcs(self.temp_cib.name, "node utilization rh7-2".split()) expected_out = """\ Node Utilization: """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs(self.temp_cib.name, "node utilization rh7-1".split()) expected_out = """\ Node Utilization: rh7-1: test1=10 """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs( self.temp_cib.name, "node utilization rh7-1 test1=-10 test4=1234".split(), ) ac("", output) self.assertEqual(0, returnVal) output, returnVal = pcs(self.temp_cib.name, "node utilization rh7-1".split()) expected_out = """\ Node Utilization: rh7-1: test1=-10 test4=1234 """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs( self.temp_cib.name, "node utilization rh7-2 test2=321 empty=".split(), ) ac("", output) self.assertEqual(0, returnVal) output, returnVal = pcs(self.temp_cib.name, "node utilization rh7-2".split()) expected_out = """\ Node Utilization: rh7-2: test2=321 """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs(self.temp_cib.name, "node utilization".split()) expected_out = """\ Node Utilization: rh7-1: test1=-10 test4=1234 rh7-2: test2=321 """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs(self.temp_cib.name, "node utilization rh7-2 test1=-20".split()) ac("", output) self.assertEqual(0, returnVal) output, returnVal = pcs(self.temp_cib.name, "node utilization --name test1".split()) expected_out = """\ Node Utilization: rh7-1: test1=-10 rh7-2: test1=-20 """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs( self.temp_cib.name, "node utilization --name test1 rh7-2".split(), ) expected_out = """\ Node Utilization: rh7-2: test1=-20 """ ac(expected_out, output) self.assertEqual(0, returnVal)
def testUserGroupCreateDelete(self): o, r = pcs(temp_cib, "acl") assert r == 0 ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n") o, r = pcs(temp_cib, "acl user create user1") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl user create user2") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl user create user1") assert r == 1 ac(o, "Error: 'user1' already exists\n") o, r = pcs(temp_cib, "acl group create group1") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl group create group2") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl group create group1") assert r == 1 ac(o, "Error: 'group1' already exists\n") o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: User: user2 Roles: Group: group1 Roles: Group: group2 Roles: """) assert r == 0 o, r = pcs(temp_cib, "acl group delete user1") assert r == 1 ac(o, "Error: 'user1' is not an ACL group\n") o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: User: user2 Roles: Group: group1 Roles: Group: group2 Roles: """) assert r == 0 o, r = pcs(temp_cib, "acl group delete group2") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: User: user2 Roles: Group: group1 Roles: """) assert r == 0 o, r = pcs(temp_cib, "acl group remove group1") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: User: user2 Roles: """) assert r == 0 o, r = pcs(temp_cib, "acl user delete user1") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user2 Roles: """) assert r == 0 o, r = pcs(temp_cib, "acl user remove user2") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") assert r == 0 ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n")
def testRoleCreateDelete(self): o, r = pcs(temp_cib, "acl role create role0 read") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 read //resources") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 read xpath") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 read id") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 readX xpath //resources") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 read xpathX //resources") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 description=test read") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( temp_cib, "acl role create role0 description=test read //resources" ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( temp_cib, "acl role create role0 description=test read xpath" ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 description=test read id") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 description=test readX xpath //resources" ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 description=test read xpathX //resources" ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 desc=test read") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 desc=test read //resources") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 desc=test read xpath") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl role create role0 desc=test read id") self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( temp_cib, "acl role create role0 desc=test readX xpath //resources" ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs( temp_cib, "acl role create role0 desc=test read xpathX //resources" ) self.assertTrue(o.startswith("\nUsage: pcs acl role create...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl") ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n") self.assertEqual(0, r) o, r = pcs(temp_cib, "acl role create role0") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl role create role0") ac(o, "Error: 'role0' already exists\n") assert r == 1 o, r = pcs(temp_cib, "acl role create role0d description='empty role'") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl role create role1 read xpath /xpath/") ac(o, "") assert r == 0 o, r = pcs( temp_cib, "acl role create role2 description='with description' " "READ XPATH /xpath/" ) assert r == 0 ac(o, "") o, r = pcs( temp_cib, "acl role create role3 Read XPath /xpath_query/ wRiTe xpATH " "/xpath_query2/ deny xpath /xpath_query3/" ) assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role0 Role: role0d Description: empty role Role: role1 Permission: read xpath /xpath/ (role1-read) Role: role2 Description: with description Permission: read xpath /xpath/ (role2-read) Role: role3 Permission: read xpath /xpath_query/ (role3-read) Permission: write xpath /xpath_query2/ (role3-write) Permission: deny xpath /xpath_query3/ (role3-deny) """) assert r == 0 o, r = pcs(temp_cib, "acl role delete role2") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role0 Role: role0d Description: empty role Role: role1 Permission: read xpath /xpath/ (role1-read) Role: role3 Permission: read xpath /xpath_query/ (role3-read) Permission: write xpath /xpath_query2/ (role3-write) Permission: deny xpath /xpath_query3/ (role3-deny) """) assert r == 0 o, r = pcs(temp_cib, "acl role delete role2") assert r == 1 ac(o, "Error: ACL role 'role2' does not exist\n") o, r = pcs(temp_cib, "acl role delete role1") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl role remove role3") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl role remove role0") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl role remove role0d") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") ac(o, "ACLs are disabled, run 'pcs acl enable' to enable\n\n") assert r == 0
def testUserGroupCreateDeleteWithRoles(self): o, r = pcs( temp_cib, "acl role create role1 read xpath /xpath1/ write xpath /xpath2/" ) assert r == 0 ac(o, "") o, r = pcs( temp_cib, "acl role create role2 deny xpath /xpath3/ deny xpath /xpath4/" ) assert r == 0 ac(o, "") o, r = pcs( temp_cib, "acl role create role3 read xpath /xpath5/ read xpath /xpath6/" ) assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl user create user1 roleX") ac(o, "Error: ACL role 'roleX' does not exist\n") self.assertEqual(1, r) o, r = pcs(temp_cib, "acl user create user1 role1 roleX") ac(o, "Error: ACL role 'roleX' does not exist\n") self.assertEqual(1, r) o, r = pcs(temp_cib, "acl group create group1 roleX") ac(o, "Error: ACL role 'roleX' does not exist\n") self.assertEqual(1, r) o, r = pcs(temp_cib, "acl group create group1 role1 roleX") ac(o, "Error: ACL role 'roleX' does not exist\n") self.assertEqual(1, r) o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: read xpath /xpath6/ (role3-read-1) """) self.assertEqual(0, r) o, r = pcs(temp_cib, "acl user create user1 role1 role2") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl group create group1 role1 role3") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") assert r == 0 ac( o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role1 role2 Group: group1 Roles: role1 role3 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: read xpath /xpath6/ (role3-read-1) """ ) o, r = pcs(temp_cib, "acl role create group1") assert r == 1 ac(o, "Error: 'group1' already exists\n") o, r = pcs(temp_cib, "acl role create role1") assert r == 1 ac(o, "Error: 'role1' already exists\n") o, r = pcs(temp_cib, "acl user create user1") assert r == 1 ac(o, "Error: 'user1' already exists\n") o, r = pcs(temp_cib, "acl group create group1") assert r == 1 ac(o, "Error: 'group1' already exists\n") o, r = pcs(temp_cib, "acl group create role1") assert r == 1 ac(o, "Error: 'role1' already exists\n") o, r = pcs(temp_cib, "acl role assign role1 to noexist") assert r == 1 ac(o, "Error: ACL group/ACL user 'noexist' does not exist\n") o, r = pcs(temp_cib, "acl role assign noexist to user1") assert r == 1 ac(o, "Error: ACL role 'noexist' does not exist\n") o, r = pcs(temp_cib, "acl role assign role3 to user1") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") assert r == 0 ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role1 role2 role3 Group: group1 Roles: role1 role3 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: read xpath /xpath6/ (role3-read-1) """) o, r = pcs(temp_cib, "acl role unassign noexist from user1") assert r == 1 ac(o, "Error: Role 'noexist' is not assigned to 'user1'\n") o, r = pcs(temp_cib, "acl role unassign role3 from noexist") assert r == 1 ac(o, "Error: ACL group/ACL user 'noexist' does not exist\n") o, r = pcs(temp_cib, "acl role unassign role3 from user1") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") assert r == 0 ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role1 role2 Group: group1 Roles: role1 role3 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: read xpath /xpath6/ (role3-read-1) """) o, r = pcs(temp_cib, "acl role unassign role2 from user1") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl role unassign role1 from user1") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: Group: group1 Roles: role1 role3 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: read xpath /xpath6/ (role3-read-1) """) assert r == 0 o, r = pcs(temp_cib, "acl role delete role3") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """) assert r == 0 o, r = pcs(temp_cib, "acl role assign role2 to user1") assert r == 0 ac(o, "") o, r = pcs(temp_cib, "acl") assert r == 0 ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role2 Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """) o, r = pcs(temp_cib, "acl role assign role1 user1") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role2 role1 Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """) assert r == 0 o, r = pcs(temp_cib, "acl role unassign role2 from user1 --autodelete") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role1 Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """) assert r == 0 o, r = pcs(temp_cib, "acl role unassign role1 from user1 --autodelete") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """) assert r == 0 o, r = pcs(temp_cib, "acl user create user1 role1 role2") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role1 role2 Group: group1 Roles: role1 Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """) assert r == 0 o, r = pcs(temp_cib, "acl role delete role1 --autodelete") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: role2 Role: role2 Permission: deny xpath /xpath3/ (role2-deny) Permission: deny xpath /xpath4/ (role2-deny-1) """) assert r == 0 o, r = pcs(temp_cib, "acl role delete role2") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable User: user1 Roles: """) assert r == 0
def testEmpty(self): output, returnVal = pcs(self.temp_cib.name, ["property"]) assert returnVal == 0, "Unable to list resources" assert output == "Cluster Properties:\n", [output]
def testPermissionAddDelete(self): o, r = pcs( temp_cib, "acl role create role1 read xpath /xpath1/ write xpath /xpath2/" ) ac(o, "") assert r == 0 o, r = pcs( temp_cib, "acl role create role2 read xpath /xpath3/ write xpath /xpath4/" ) ac(o, "") assert r == 0 o, r = pcs( temp_cib, "acl role create role3 read xpath /xpath5/ write xpath /xpath6/" ) ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl show") assert r == 0 ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Role: role2 Permission: read xpath /xpath3/ (role2-read) Permission: write xpath /xpath4/ (role2-write) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: write xpath /xpath6/ (role3-write) """) o, r = pcs(temp_cib, "acl permission add role1 deny xpath /myxpath1/") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl permission add role4 deny xpath /myxpath2/") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl show") assert r == 0 ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Permission: deny xpath /myxpath1/ (role1-deny) Role: role2 Permission: read xpath /xpath3/ (role2-read) Permission: write xpath /xpath4/ (role2-write) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: write xpath /xpath6/ (role3-write) Role: role4 Permission: deny xpath /myxpath2/ (role4-deny) """) o, r = pcs(temp_cib, "acl permission delete role4-deny") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl permission delete role4-deny") ac(o, "Error: ACL permission 'role4-deny' does not exist\n") assert r == 1 o, r = pcs(temp_cib, "acl permission remove role4-deny") ac(o, "Error: ACL permission 'role4-deny' does not exist\n") assert r == 1 o, r = pcs(temp_cib, "acl show") assert r == 0 ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Permission: deny xpath /myxpath1/ (role1-deny) Role: role2 Permission: read xpath /xpath3/ (role2-read) Permission: write xpath /xpath4/ (role2-write) Role: role3 Permission: read xpath /xpath5/ (role3-read) Permission: write xpath /xpath6/ (role3-write) Role: role4 """) o, r = pcs(temp_cib, "acl permission delete role3-read") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl permission delete role3-write") ac(o, "") assert r == 0 o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Permission: read xpath /xpath1/ (role1-read) Permission: write xpath /xpath2/ (role1-write) Permission: deny xpath /myxpath1/ (role1-deny) Role: role2 Permission: read xpath /xpath3/ (role2-read) Permission: write xpath /xpath4/ (role2-write) Role: role3 Role: role4 """) assert r == 0 o, r = pcs(temp_cib, "acl permission remove role1-read") ac(o, "") self.assertEqual(0, r) o, r = pcs(temp_cib, "acl permission remove role1-write") ac(o, "") self.assertEqual(0, r) o, r = pcs(temp_cib, "acl permission remove role1-deny") ac(o, "") self.assertEqual(0, r) o, r = pcs(temp_cib, "acl permission remove role2-read") ac(o, "") self.assertEqual(0, r) o, r = pcs(temp_cib, "acl permission remove role2-write") ac(o, "") self.assertEqual(0, r) o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Role: role2 Role: role3 Role: role4 """) self.assertEqual(0, r) o, r = pcs(temp_cib, "acl permission add role1 read") self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl permission add role1 read //resources") self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl permission add role1 read xpath") self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl permission add role1 read id") self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl permission add role1 readX xpath //resources") self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl permission add role1 read xpathX //resources") self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl permission add role1 read id dummy read") self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( temp_cib, "acl permission add role1 read id dummy read //resources" ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs( temp_cib, "acl permission add role1 read id dummy read xpath" ) self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) o, r = pcs(temp_cib, "acl permission add role1 read id dummy read id") self.assertTrue(o.startswith("\nUsage: pcs acl permission add...")) self.assertEqual(1, r) self.assert_pcs_fail( "acl permission add role1 read id dummy readX xpath //resources", stdout_start='\nUsage: pcs acl permission add...' ) self.assert_pcs_fail( "acl permission add role1 read id dummy read xpathX //resources", stdout_start='\nUsage: pcs acl permission add...' ) o, r = pcs(temp_cib, "acl") ac(o, """\ ACLs are disabled, run 'pcs acl enable' to enable Role: role1 Role: role2 Role: role3 Role: role4 """) self.assertEqual(0, r)
def testBadProperties(self): o, r = pcs(self.temp_cib.name, "property set xxxx=zzzz".split()) self.assertEqual(r, 1) ac( # pylint: disable=line-too-long o, "Error: unknown cluster property: 'xxxx', (use --force to override)\n", ) o, _ = pcs(self.temp_cib.name, "property config".split()) ac(o, "Cluster Properties:\n") output, returnVal = pcs(self.temp_cib.name, "property set =5678 --force".split()) ac(output, "Error: empty property name: '=5678'\n") self.assertEqual(returnVal, 1) o, _ = pcs(self.temp_cib.name, "property config".split()) ac(o, "Cluster Properties:\n") output, returnVal = pcs(self.temp_cib.name, "property set =5678".split()) ac(output, "Error: empty property name: '=5678'\n") self.assertEqual(returnVal, 1) o, _ = pcs(self.temp_cib.name, "property config".split()) ac(o, "Cluster Properties:\n") output, returnVal = pcs(self.temp_cib.name, "property set bad_format".split()) ac(output, "Error: invalid property format: 'bad_format'\n") self.assertEqual(returnVal, 1) o, _ = pcs(self.temp_cib.name, "property config".split()) ac(o, "Cluster Properties:\n") output, returnVal = pcs(self.temp_cib.name, "property set bad_format --force".split()) ac(output, "Error: invalid property format: 'bad_format'\n") self.assertEqual(returnVal, 1) o, _ = pcs(self.temp_cib.name, "property config".split()) ac(o, "Cluster Properties:\n") o, r = pcs(self.temp_cib.name, "property unset zzzzz".split()) self.assertEqual(r, 1) ac(o, "Error: can't remove property: 'zzzzz' that doesn't exist\n") o, _ = pcs(self.temp_cib.name, "property config".split()) ac(o, "Cluster Properties:\n") o, r = pcs(self.temp_cib.name, "property unset zzzz --force".split()) self.assertEqual(r, 0) ac(o, "") o, _ = pcs(self.temp_cib.name, "property config".split()) ac(o, "Cluster Properties:\n")
def test_node_utilization_set(self): output, returnVal = pcs(temp_cib, "node utilization rh7-1 test1=10") ac("", output) self.assertEqual(0, returnVal) output, returnVal = pcs(temp_cib, "node utilization rh7-2") expected_out = """\ Node Utilization: """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs(temp_cib, "node utilization rh7-1") expected_out = """\ Node Utilization: rh7-1: test1=10 """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs( temp_cib, "node utilization rh7-1 test1=-10 test4=1234" ) ac("", output) self.assertEqual(0, returnVal) output, returnVal = pcs(temp_cib, "node utilization rh7-1") expected_out = """\ Node Utilization: rh7-1: test1=-10 test4=1234 """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs( temp_cib, "node utilization rh7-2 test2=321 empty=" ) ac("", output) self.assertEqual(0, returnVal) output, returnVal = pcs(temp_cib, "node utilization rh7-2") expected_out = """\ Node Utilization: rh7-2: test2=321 """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs(temp_cib, "node utilization") expected_out = """\ Node Utilization: rh7-1: test1=-10 test4=1234 rh7-2: test2=321 """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs( temp_cib, "node utilization rh7-2 test1=-20" ) ac("", output) self.assertEqual(0, returnVal) output, returnVal = pcs(temp_cib, "node utilization --name test1") expected_out = """\ Node Utilization: rh7-1: test1=-10 rh7-2: test1=-20 """ ac(expected_out, output) self.assertEqual(0, returnVal) output, returnVal = pcs( temp_cib, "node utilization --name test1 rh7-2" ) expected_out = """\ Node Utilization: rh7-2: test1=-20 """ ac(expected_out, output) self.assertEqual(0, returnVal)