def test_auth_reject_allow(self):
        """
        Verify auth.reject and auth.allow volume options in volume level using
        both client ip and hostname.
        Verify auth.reject and auth.allow volume options in sub-directory
        level using both client ip and hostname.
        Steps:
        1. Create and start volume.
        2. Set auth.reject on volume for client1 using ip of client1.
        3. Set auth.allow on volume for client2 using ip of client2.
        4. Try to mount volume on client1. This should fail.
        5. Check the client1 log for AUTH_FAILED event.
        6. Mount volume on client2.
        7. Unmount the volume from client2.
        8. Set auth.reject on volume for client1 using hostname of client1.
        9. Set auth.allow on volume for client2 using hostname of client2.
        10. Repeat steps 4 to 6
        11. Create directory d1 on client2 mountpoint.
        12. Unmount the volume from client2.
        13. Set auth.reject on d1 for client1 using ip of client1.
        14. Set auth.allow on d1 for client2 using ip of client2.
        15. Try to mount d1 on client1. This should fail.
        16. Check the client1 log for AUTH_FAILED event.
        17. Mount d1 on client2.
        18. Unmount d1 from client2.
        19. Set auth.reject on d1 for client1 using hostname of client1.
        20. Set auth.allow on d1 for client2 using hostname of client2.
        21. Repeat steps 15 to 18.
        """
        # pylint: disable = too-many-statements
        # Setting auth.reject on volume for client1 using ip
        auth_dict = {'all': [self.mounts[0].client_system]}
        ret = set_auth_reject(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.reject volume option.")
        g.log.info("Successfully set auth.reject option on volume")

        # Setting auth.allow on volume for client2 using ip
        auth_dict = {'all': [self.mounts[1].client_system]}
        ret = set_auth_allow(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.allow volume option")
        g.log.info("Successfully set auth.allow option on volume")

        # Trying to mount volume on client1
        self.unauthenticated_mount(self.mounts[0])

        # Verify whether mount failure on client1 is due to auth error
        log_msg = self.is_auth_failure(self.mounts[0].client_system)
        prev_log_statement = log_msg

        # Mounting volume on client2
        self.authenticated_mount(self.mounts[1])

        g.log.info("Verification of auth.reject and auth.allow options on "
                   "volume using client IP is successful")

        # Unmount volume from client2
        ret = self.mounts[1].unmount()
        self.assertTrue(ret, ("Failed to unmount volume %s from client %s" %
                              (self.volname, self.mounts[1].client_system)))

        # Obtain hostname of client1
        ret, hostname_client1, _ = g.run(self.mounts[0].client_system,
                                         "hostname")
        self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
                                  self.mounts[0].client_system))
        g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
                   self.mounts[0].client_system, hostname_client1.strip())

        # Obtain hostname of client2
        ret, hostname_client2, _ = g.run(self.mounts[1].client_system,
                                         "hostname")
        self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
                                  self.mounts[1].client_system))
        g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
                   self.mounts[1].client_system, hostname_client2.strip())

        # Setting auth.reject on volume for client1 using hostname
        auth_dict = {'all': [hostname_client1.strip()]}
        ret = set_auth_reject(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.reject volume option.")
        g.log.info("Successfully set auth.reject option on volume")

        # Setting auth.allow on volume for client2 using hostname
        auth_dict = {'all': [hostname_client2.strip()]}
        ret = set_auth_allow(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.allow volume option")
        g.log.info("Successfully set auth.allow option on volume")

        # Trying to mount volume on client1
        self.unauthenticated_mount(self.mounts[0])

        # Verify whether mount failure on client1 is due to auth error
        log_msg = self.is_auth_failure(self.mounts[0].client_system,
                                       prev_log_statement)
        prev_log_statement = log_msg

        # Mounting volume on client2
        self.authenticated_mount(self.mounts[1])

        g.log.info("Verification of auth.reject and auth.allow options on "
                   "volume using client hostname is successful")

        # Creating sub directory d1 on mounted volume
        ret = mkdir(self.mounts[1].client_system,
                    "%s/d1" % self.mounts[1].mountpoint)
        self.assertTrue(ret, ("Failed to create directory 'd1' in volume %s "
                              "from client %s" %
                              (self.volname, self.mounts[1].client_system)))

        # Unmount volume from client2
        ret = self.mounts[1].unmount()
        self.assertTrue(ret, ("Failed to unmount volume %s from client %s" %
                              (self.volname, self.mounts[1].client_system)))

        # Setting auth.reject on d1 for client1 using ip
        auth_dict = {'/d1': [self.mounts[0].client_system]}
        ret = set_auth_reject(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.reject volume option.")
        g.log.info("Successfully set auth.reject option.")

        # Setting auth.allow on d1 for client2 using ip
        auth_dict = {'/d1': [self.mounts[1].client_system]}
        ret = set_auth_allow(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.allow volume option")
        g.log.info("Successfully set auth.allow option.")

        # Creating mount object for sub-directory mount on client1
        mount_obj_client1 = copy.deepcopy(self.mounts[0])
        mount_obj_client1.volname = "%s/d1" % self.volname

        # Creating mount object for sub-directory mount on client2
        mount_obj_client2 = copy.deepcopy(self.mounts[1])
        mount_obj_client2.volname = "%s/d1" % self.volname

        # Trying to mount d1 on client1
        self.unauthenticated_mount(mount_obj_client1)

        # Verify whether mount failure on client1 is due to auth error
        log_msg = self.is_auth_failure(mount_obj_client1.client_system,
                                       prev_log_statement)
        prev_log_statement = log_msg

        # Mounting d1 on client2
        self.authenticated_mount(mount_obj_client2)

        g.log.info("Verification of auth.reject and auth.allow options on "
                   "sub-directory level using client IP is successful")

        # Unmount d1 from client2
        ret = mount_obj_client2.unmount()
        self.assertTrue(
            ret,
            ("Failed to unmount %s from client %s" %
             (mount_obj_client2.volname, mount_obj_client2.client_system)))

        # Setting auth.reject on d1 for client1 using hostname
        auth_dict = {'/d1': [hostname_client1.strip()]}
        ret = set_auth_reject(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.reject volume option.")
        g.log.info("Successfully set auth.reject option.")

        # Setting auth.allow on d1 for client2 using hostname
        auth_dict = {'/d1': [hostname_client2.strip()]}
        ret = set_auth_allow(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.allow volume option")
        g.log.info("Successfully set auth.allow option.")

        # Trying to mount d1 on client1
        self.unauthenticated_mount(mount_obj_client1)

        # Verify whether mount failure on client1 is due to auth error
        self.is_auth_failure(mount_obj_client1.client_system,
                             prev_log_statement)

        # Mounting d1 on client2
        self.authenticated_mount(mount_obj_client2)

        g.log.info("Verification of auth.reject and auth.allow options on "
                   "sub-directory level using client hostname is successful")

        # Unmount d1 from client2
        ret = mount_obj_client2.unmount()
        self.assertTrue(
            ret,
            ("Failed to unmount %s from client %s" %
             (mount_obj_client2.volname, mount_obj_client2.client_system)))
Ejemplo n.º 2
0
    def test_auth_reject(self):
        """
        Check sub dir auth.reject functionality

        Steps:
        1. Create two sub directories on mounted volume
        2. Unmount volume from clients
        3. Set auth.reject on sub dir d1 for client1 and d2 for client2
        4. Mount d2 on client1 and d1 on client2. This should pass.
        5. Try to mount d2 on client2 and d1 on client1. This should fail.
        """
        # Creating sub directories on mounted volume
        ret = mkdir(self.mounts[0].client_system,
                    "%s/d1" % self.mounts[0].mountpoint)
        self.assertTrue(ret, ("Failed to create directory 'd1' in volume %s "
                              "from client %s" %
                              (self.volname, self.mounts[0].client_system)))
        ret = mkdir(self.mounts[0].client_system,
                    "%s/d2" % self.mounts[0].mountpoint)
        self.assertTrue(ret, ("Failed to create directory 'd2' in volume %s "
                              "from client %s" %
                              (self.volname, self.mounts[0].client_system)))

        # Unmounting volumes
        ret = self.unmount_volume(self.mounts)
        self.assertTrue(ret, "Failed to unmount one or more volumes")
        g.log.info("Successfully unmounted all volumes")

        # Setting authentication (auth.reject) for directories
        auth_dict = {
            '/d1': [self.mounts[0].client_system],
            '/d2': [self.mounts[1].client_system]
        }
        ret = set_auth_reject(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set authentication")
        g.log.info("Successfully set authentication on sub directories")

        # Creating mounts list for authenticated client
        self.subdir_mounts = [
            copy.deepcopy(self.mounts[0]),
            copy.deepcopy(self.mounts[1])
        ]
        self.subdir_mounts[0].volname = "%s/d2" % self.volname
        self.subdir_mounts[1].volname = "%s/d1" % self.volname

        # Mounting sub directories on authenticated client
        for mount_obj in self.subdir_mounts:

            ret = mount_obj.mount()
            self.assertTrue(
                ret, ("Failed to mount sub directory %s on client"
                      " %s" % (mount_obj.volname, mount_obj.client_system)))
            g.log.info("Successfully mounted sub directory %s on client %s",
                       mount_obj.volname, mount_obj.client_system)
        g.log.info("Successfully mounted sub directories to allowed clients")

        # Creating mounts list for rejected client
        self.unauth_subdir_mounts = [
            copy.deepcopy(self.mounts[0]),
            copy.deepcopy(self.mounts[1])
        ]
        self.unauth_subdir_mounts[0].volname = "%s/d1" % self.volname
        self.unauth_subdir_mounts[1].volname = "%s/d2" % self.volname
        self.unauth_subdir_mounts[0].mountpoint \
            = "%s_unauth" % self.unauth_subdir_mounts[0].mountpoint
        self.unauth_subdir_mounts[1].mountpoint \
            = "%s_unauth" % self.unauth_subdir_mounts[1].mountpoint

        # Trying to mount sub directories on rejected client
        for mount_obj in self.unauth_subdir_mounts:
            if mount_obj.mount():
                g.log.warning(
                    "Mount command did not fail as expected. "
                    "sub-dir: %s, client: %s, mount point: %s",
                    mount_obj.volname, mount_obj.client_system,
                    mount_obj.mountpoint)
                ret = mount_obj.is_mounted()
                if ret:
                    self.subdir_mounts.append(mount_obj)
                    self.assertFalse(
                        ret, ("Mount operation did not fail as "
                              "expected. Mount operation of sub "
                              "directory %s on client %s passed."
                              "Mount point: %s" %
                              (mount_obj.volname, mount_obj.client_system,
                               mount_obj.mountpoint)))
                g.log.info(
                    "Mount command passed. But sub directory "
                    "is not mounted. This is expected. "
                    "sub-dir: %s, client: %s, mount point: %s",
                    mount_obj.volname, mount_obj.client_system,
                    mount_obj.mountpoint)
            g.log.info(
                "Mount operation of sub directory %s on client %s "
                "failed as expected.", mount_obj.volname,
                mount_obj.client_system)
        g.log.info("Verified mount operation of sub-dirs on "
                   "rejected client. "
                   "Mount operation failed as expected.")

        # Unmount sub directories
        ret = self.unmount_volume(self.subdir_mounts)
        self.assertTrue(ret, "Failed to unmount one or more sub-directories")
        g.log.info("Successfully unmounted all sub-directories")
Ejemplo n.º 3
0
    def test_verify_auth_reject_precedence(self):
        """
        This testcase verifies the precedence of auth.reject volume option
        over auth.allow volume option.
        Verification will be done in volume level and sub-directory level
        using both IP and hostname.
        Steps:
        1. Create and start volume.
        2. Mount volume on client1.
        3. Create directory d1 on client1 mountpoint.
        4. Unmount volume from client1.
        5. Set auth.reject on volume for all clients(*).
        6. Set auth.allow on volume for client1 and client2 using ip.
        7. Try to mount volume on client1. This should fail.
        8. Check the client1 log for AUTH_FAILED event.
        9. Try to mount volume on client2. This should fail.
        10. Check the client2 log for AUTH_FAILED event.
        11. Set auth.allow on volume for client1 and client2 using hostname.
        12. Repeat steps 7 to 10.
        13. Set auth.reject on sub-directory d1 for all clients(*).
        14. Set auth.allow on sub-directory d1 for client1 and client2 using
            ip.
        15. Try to mount d1 on client1. This should fail.
        16. Check the client1 log for AUTH_FAILED event.
        17. Try to mount d1 on client2. This should fail.
        18. Check the client2 log for AUTH_FAILED event.
        19. Set auth.allow on sub-directory d1 for client1 and client2 using
            hostname.
        20. Repeat steps 15 to 18.
        """
        # pylint: disable = too-many-statements
        # Mounting volume on client1
        self.authenticated_mount(self.mounts[0])

        # Creating sub directory d1 on mounted volume
        ret = mkdir(self.mounts[0].client_system,
                    "%s/d1" % self.mounts[0].mountpoint)
        self.assertTrue(ret, ("Failed to create directory 'd1' in volume %s "
                              "from client %s" %
                              (self.volname, self.mounts[0].client_system)))

        # Unmount volume from client1
        ret = self.mounts[0].unmount()
        self.assertTrue(ret, ("Failed to unmount volume %s from client %s" %
                              (self.volname, self.mounts[0].client_system)))

        # Setting auth.reject on volume for all clients
        auth_dict = {'all': ['*']}
        ret = set_auth_reject(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.reject volume option.")
        g.log.info("Successfully set auth.reject option on volume")

        # Setting auth.allow on volume for client1 and client2 using ip
        auth_dict = {
            'all':
            [self.mounts[0].client_system, self.mounts[0].client_system]
        }
        ret = set_auth_allow(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.allow volume option")
        g.log.info("Successfully set auth.allow option on volume")

        # Trying to mount volume on client1
        self.unauthenticated_mount(self.mounts[0])

        # Verify whether mount failure on client1 is due to auth error
        log_msg = self.is_auth_failure(self.mounts[0].client_system)
        prev_log_statement_c1 = log_msg

        # Trying to mount volume on client2
        self.unauthenticated_mount(self.mounts[1])

        # Verify whether mount failure on client2 is due to auth error
        log_msg = self.is_auth_failure(self.mounts[1].client_system)
        prev_log_statement_c2 = log_msg

        g.log.info("Verification of auth.reject precedence over auth.allow"
                   "option on volume using clients' ip is successful")

        # Obtain hostname of client1
        ret, hostname_client1, _ = g.run(self.mounts[0].client_system,
                                         "hostname")
        hostname_client1 = hostname_client1.strip()
        self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
                                  self.mounts[0].client_system))
        g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
                   self.mounts[0].client_system, hostname_client1)

        # Obtain hostname of client2
        ret, hostname_client2, _ = g.run(self.mounts[1].client_system,
                                         "hostname")
        hostname_client2 = hostname_client2.strip()
        self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
                                  self.mounts[1].client_system))
        g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
                   self.mounts[1].client_system, hostname_client2)

        # Setting auth.allow on volume for client1 and client2 using hostname
        auth_dict = {'all': [hostname_client1, hostname_client2]}
        ret = set_auth_allow(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.allow volume option")
        g.log.info("Successfully set auth.allow option on volume")

        # Trying to mount volume on client1
        self.unauthenticated_mount(self.mounts[0])

        # Verify whether mount failure on client1 is due to auth error
        log_msg = self.is_auth_failure(self.mounts[0].client_system,
                                       prev_log_statement_c1)
        prev_log_statement_c1 = log_msg

        # Trying to mount volume on client2
        self.unauthenticated_mount(self.mounts[1])

        # Verify whether mount failure on client2 is due to auth error
        log_msg = self.is_auth_failure(self.mounts[1].client_system,
                                       prev_log_statement_c2)
        prev_log_statement_c2 = log_msg

        g.log.info("Verification of auth.reject precedence over auth.allow"
                   "option on volume using clients' hostname is successful")

        # Setting auth.reject on d1 for all clients
        auth_dict = {'/d1': ['*']}
        ret = set_auth_reject(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.reject volume option.")
        g.log.info("Successfully set auth.reject option.")

        # Setting auth.allow on d1 for client1 and client2 using ip
        auth_dict = {
            '/d1':
            [self.mounts[0].client_system, self.mounts[1].client_system]
        }
        ret = set_auth_allow(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.allow volume option")
        g.log.info("Successfully set auth.allow option.")

        # Creating mount object for sub-directory mount on client1
        mount_obj_client1 = copy.deepcopy(self.mounts[0])
        mount_obj_client1.volname = "%s/d1" % self.volname

        # Creating mount object for sub-directory mount on client2
        mount_obj_client2 = copy.deepcopy(self.mounts[1])
        mount_obj_client2.volname = "%s/d1" % self.volname

        # Trying to mount d1 on client1
        self.unauthenticated_mount(mount_obj_client1)

        # Verify whether mount failure on client1 is due to auth error
        log_msg = self.is_auth_failure(mount_obj_client1.client_system,
                                       prev_log_statement_c1)
        prev_log_statement_c1 = log_msg

        # Trying to mount d1 on client2
        self.unauthenticated_mount(mount_obj_client2)

        # Verify whether mount failure on client2 is due to auth error
        log_msg = self.is_auth_failure(mount_obj_client2.client_system,
                                       prev_log_statement_c2)
        prev_log_statement_c2 = log_msg

        g.log.info("Verification of auth.reject precedence over auth.allow"
                   "option on sub-directory level using clients' ip is "
                   "successful")

        # Setting auth.allow on d1 for client1 and client2 using hostname
        auth_dict = {'/d1': [hostname_client1, hostname_client2]}
        ret = set_auth_allow(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.allow volume option")
        g.log.info("Successfully set auth.allow option.")

        # Trying to mount d1 on client1
        self.unauthenticated_mount(mount_obj_client1)

        # Verify whether mount failure on client1 is due to auth error
        self.is_auth_failure(mount_obj_client1.client_system,
                             prev_log_statement_c1)

        # Trying to mount d1 on client2
        self.unauthenticated_mount(mount_obj_client2)

        # Verify whether mount failure on client2 is due to auth error
        self.is_auth_failure(mount_obj_client2.client_system,
                             prev_log_statement_c2)

        g.log.info("Verification of auth.reject precedence over auth.allow"
                   "option on sub-directory level using clients' hostname is "
                   "successful")
Ejemplo n.º 4
0
    def test_auth_reject_allow_same_client(self):
        """
        Verify auth.reject and auth.allow volume options in volume level using
        both client ip and hostname.
        Steps:
        1. Create and start volume.
        2. Set auth.reject on volume for client1 using ip of client1.
        3. Set auth.allow on volume for client1 using ip of client1.
        4. Try to mount volume on client1. This should fail.
        5. Check the client1 log for AUTH_FAILED event.
        6. Mount volume on client2.This should fail.
        7. Check the client2 log for AUTH_FAILED event.
        8. Set auth.reject on volume for client1 using hostname of client1.
        9. Set auth.allow on volume for client1 using hostname of client1.
        10. Repeat steps 4 to 7
        """
        # pylint: disable = too-many-statements
        # Setting auth.reject on volume for client1 using ip
        auth_dict = {'all': [self.mounts[0].client_system]}
        ret = set_auth_reject(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.reject volume option.")

        # Setting auth.allow on volume for client1 using ip
        auth_dict = {'all': [self.mounts[0].client_system]}
        ret = set_auth_allow(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.allow volume option")

        # Trying to mount volume on client1
        self.unauthenticated_mount(self.mounts[0])

        # Verify whether mount failure on client1 is due to auth error
        log_msg = self.is_auth_failure(self.mounts[0].client_system)
        prev_log_statement = log_msg

        # Mounting volume on client2
        self.unauthenticated_mount(self.mounts[1])

        g.log.info("Verification of auth.reject and auth.allow options on "
                   "volume using client IP is successful")

        # Obtain hostname of client1
        ret, hostname_client1, _ = g.run(self.mounts[0].client_system,
                                         "hostname")
        self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
                                  self.mounts[0].client_system))
        g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
                   self.mounts[0].client_system, hostname_client1.strip())

        # Obtain hostname of client2
        ret, hostname_client2, _ = g.run(self.mounts[1].client_system,
                                         "hostname")
        self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
                                  self.mounts[1].client_system))
        g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
                   self.mounts[1].client_system, hostname_client2.strip())

        # Setting auth.reject on volume for client1 using hostname
        auth_dict = {'all': [hostname_client1.strip()]}
        ret = set_auth_reject(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.reject volume option.")

        # Setting auth.allow on volume for client1 using hostname
        auth_dict = {'all': [hostname_client1.strip()]}
        ret = set_auth_allow(self.volname, self.mnode, auth_dict)
        self.assertTrue(ret, "Failed to set auth.allow volume option")

        # Trying to mount volume on client1
        self.unauthenticated_mount(self.mounts[0])

        # Verify whether mount failure on client1 is due to auth error
        log_msg = self.is_auth_failure(self.mounts[0].client_system,
                                       prev_log_statement)
        prev_log_statement = log_msg

        # Mounting volume on client2
        self.unauthenticated_mount(self.mounts[1])

        # Verify whether mount failure on client2 is due to auth error
        log_msg = self.is_auth_failure(self.mounts[1].client_system)
        prev_log_statement = log_msg