def check_analytics_cluster_restart(self, host): helper = BucketHelper(host) if not helper.bucket_exists('default'): helper.create_bucket(bucket='default', ramQuotaMB=100) if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster/restart', port=18095, headers='', client_cert=True, curl=True, verb='POST') else: output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster/restart', port=18095, headers=' -u Administrator:password ', client_cert=False, curl=True, verb='POST') self.assertEqual( json.loads(output)['status'], "SHUTTING_DOWN", "/analytics/cluster/restart API failed")
def check_analytics_node_config(self, host): helper = BucketHelper(host) if not helper.bucket_exists('default'): helper.create_bucket(bucket='default', ramQuotaMB=100) if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/analytics/node/config', port=18095, headers='', client_cert=True, curl=True) else: output = x509main()._execute_command_clientcert( host.ip, url='/analytics/node/config', port=18095, headers=' -u Administrator:password ', client_cert=False, curl=True) self.assertTrue( json.loads(output)['analyticsCcHttpPort'], "Cannot execute command on port 18095")
def test_limited_access_user(self): servs_inout = self.servers[1:4] rest = RestConnection(self.master) services_in = [] self.log.info("list of services to be added {0}".format( self.services_in)) for service in self.services_in.split("-"): services_in.append(service.split(":")[0]) self.log.info( "list of services to be added after formatting {0}".format( services_in)) #add nodes to the cluster rebalance = self.cluster.async_rebalance( self.servers[:self.nodes_init], servs_inout, [], services=services_in) self.task_manager.get_task_result(rebalance) self.sleep(20) #check for analytics services, for Vulcan check on http port cbas_node = self.get_nodes_from_services_map(service_type='cbas') if cbas_node is not None: helper = BucketHelper(cbas_node) if not helper.bucket_exists('default'): helper.create_bucket(bucket='default', ramQuotaMB=100) query = "'statement=create dataset default_ds on default'" if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( cbas_node.ip, url='/analytics/service', port=18095, headers=' --data pretty=true --data-urlencode ' + query, client_cert=True, curl=True, verb='POST') else: output = x509main()._execute_command_clientcert( cbas_node.ip, url='/analytics/service', port=18095, headers=' --data pretty=true --data-urlencode ' + query + ' -u Administrator:password ', client_cert=False, curl=True, verb='POST') self.assertEqual( json.loads(output)['status'], "fatal", "Create Index Failed") self.assertEqual( json.loads(output)['errors'][0]['msg'], 'User must have permission (cluster.analytics!select)', "Incorrect error message.") self.assertEqual( json.loads(output)['errors'][0]['code'], 20001, "Incorrect code.")
def check_analytics_service(self, host): helper = BucketHelper(host) if not helper.bucket_exists('default'): helper.create_bucket(bucket='default', ramQuotaMB=100) query = "'statement=create dataset default_ds on default'" if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/analytics/service', port=18095, headers=' --data pretty=true --data-urlencode ' + query, client_cert=True, curl=True, verb='POST') else: output = x509main()._execute_command_clientcert( host.ip, url='/analytics/service', port=18095, headers=' --data pretty=true --data-urlencode ' + query + ' -u Administrator:password ', client_cert=False, curl=True, verb='POST') self.assertEqual( json.loads(output)['status'], "success", "Create Index Failed") query = "'statement=create dataset default_ds1 on default'" if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/analytics/service', port=8095, headers=' --data pretty=true --data-urlencode ' + query + ' -u Administrator:password ', client_cert=True, curl=True, verb='POST', plain_curl=True) else: output = x509main()._execute_command_clientcert( host.ip, url='/analytics/service', port=8095, headers=' --data pretty=true --data-urlencode ' + query + ' -u Administrator:password ', client_cert=False, curl=True, verb='POST', plain_curl=True) self.assertEqual( json.loads(output)['status'], "success", "Create Index Failed")
def _reset_original(self): self.log.info( "Reverting to original state - regenerating certificate and removing inbox folder" ) tmp_path = "/tmp/abcd.pem" for servers in self.servers: cli_command = "ssl-manage" remote_client = RemoteMachineShellConnection(servers) options = "--regenerate-cert={0}".format(tmp_path) output, error = remote_client.execute_couchbase_cli( cli_command=cli_command, options=options, cluster_host=servers.ip, user="******", password="******") x509main(servers)._delete_inbox_folder()
def check_analytics_cluster(self, host): helper = BucketHelper(host) if not helper.bucket_exists('default'): helper.create_bucket(bucket='default', ramQuotaMB=100) if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster', port=18095, headers='', client_cert=True, curl=True) else: output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster', port=18095, headers=' -u Administrator:password ', client_cert=False, curl=True) self.assertEqual( json.loads(output)['state'], "ACTIVE", "Create Index Failed")
def test_incorrect_user(self): host = self.master rest = BucketHelper(self.master) rest.create_bucket(bucket='default', ramQuotaMB=100) query = "'statement=create dataset default_ds on default'" servs_inout = self.servers[1:4] self.log.info("list of services to be added {0}".format( self.services_in)) services_in = [] for service in self.services_in.split("-"): services_in.append(service.split(":")[0]) self.log.info( "list of services to be added after formatting {0}".format( services_in)) #add nodes to the cluster rebalance = self.cluster.async_rebalance( self.servers[:self.nodes_init], servs_inout, [], services=services_in) self.task_manager.get_task_result(rebalance) self.sleep(20) cbas_node = self.get_nodes_from_services_map(service_type='cbas') output = x509main()._execute_command_clientcert( cbas_node.ip, url='/analytics/service', port=18095, headers=' --data pretty=true --data-urlencode ' + query, client_cert=True, curl=True, verb='POST') self.assertEqual( json.loads(output)['errors'][0]['msg'], "Unauthorized user.", "Incorrect user logged in successfully.")
def check_analytics_cluster_cc(self, host): helper = BucketHelper(host) if not helper.bucket_exists('default'): helper.create_bucket(bucket='default', ramQuotaMB=100) if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster/cc', port=18095, headers='', client_cert=True, curl=True) else: output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster/cc', port=18095, headers=' -u Administrator:password ', client_cert=False, curl=True) self.assertTrue( json.loads(output)['configUri'], "Cannot execute command on port 18095") if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster/cc/config', port=18095, headers='', client_cert=True, curl=True) else: output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster/cc/config', port=18095, headers=' -u Administrator:password ', client_cert=False, curl=True) self.assertTrue( json.loads(output)['os_name'], "Cannot execute command on port 18095") if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster/cc/stats', port=18095, headers='', client_cert=True, curl=True) else: output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster/cc/stats', port=18095, headers=' -u Administrator:password ', client_cert=False, curl=True) self.assertTrue( json.loads(output)['thread_count'], "Cannot execute command on port 18095") if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster/cc/threaddump', port=18095, headers='', client_cert=True, curl=True) else: output = x509main()._execute_command_clientcert( host.ip, url='/analytics/cluster/cc/threaddump', port=18095, headers=' -u Administrator:password ', client_cert=False, curl=True) self.assertTrue( json.loads(output)['date'], "Cannot execute command on port 18095")
def check_ns_server_rest_api(self, host): helper = BucketHelper(host) if not helper.bucket_exists('default'): helper.create_bucket(bucket='default', ramQuotaMB=100) self.sleep(10) if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/pools/default', port=18091, headers="", client_cert=True, curl=True) else: output = x509main()._execute_command_clientcert( host.ip, url='/pools/default', port=18091, headers=' -u Administrator:password ', client_cert=False, curl=True) output = json.loads(output) self.log.info("Print output of command is {0}".format(output)) self.assertEqual(output['rebalanceStatus'], 'none', " The Web request has failed on port 18091 ") if self.client_cert_state == 'enable': output = x509main()._execute_command_clientcert( host.ip, url='/pools/default', port=18091, headers=None, client_cert=True, curl=True, verb='POST', data='memoryQuota=400') else: output = x509main()._execute_command_clientcert( host.ip, url='/pools/default', port=18091, headers=' -u Administrator:password ', client_cert=False, curl=True, verb='POST', data='memoryQuota=400') if output == "": self.assertTrue(True, "Issue with post on /pools/default") output = x509main()._execute_command_clientcert( host.ip, url='/pools/default', port=8091, headers=" -u Administrator:password ", client_cert=False, curl=True, verb='GET', plain_curl=True) self.assertEqual( json.loads(output)['rebalanceStatus'], 'none', " The Web request has failed on port 8091 ") output = x509main()._execute_command_clientcert( host.ip, url='/pools/default', port=8091, headers=" -u Administrator:password ", client_cert=True, curl=True, verb='POST', plain_curl=True, data='memoryQuota=400') if output == "": self.assertTrue(True, "Issue with post on /pools/default")
def setUp(self): super(x509tests, self).setUp() self._reset_original() self.ip_address = self.getLocalIPAddress() self.ip_address = '172.16.1.174' self.root_ca_path = x509main.CACERTFILEPATH + x509main.CACERTFILE self.client_cert_pem = x509main.CACERTFILEPATH + self.ip_address + ".pem" self.client_cert_key = x509main.CACERTFILEPATH + self.ip_address + ".key" SSLtype = "openssl" encryption_type = self.input.param('encryption_type', "") key_length = self.input.param("key_length", 1024) #Input parameters for state, path, delimeters and prefixes self.client_cert_state = self.input.param("client_cert_state", "disable") self.paths = self.input.param( 'paths', "subject.cn:san.dnsname:san.uri").split(":") self.prefixs = self.input.param('prefixs', 'www.cb-:us.:www.').split(":") self.delimeters = self.input.param('delimeter', '.:.:.').split(":") self.setup_once = self.input.param("setup_once", False) self.dns = self.input.param('dns', None) self.uri = self.input.param('uri', None) copy_servers = copy.deepcopy(self.servers) self.rbac_user = self.input.param('rbac_user', None) if self.rbac_user: self.rbac_util = rbac_utils(self.master) self.rbac_util._create_user_and_grant_role("ro_admin", "ro_admin") #Generate cert and pass on the client ip for cert generation if (self.dns is not None) or (self.uri is not None): x509main(self.master)._generate_cert(copy_servers, type=SSLtype, encryption=encryption_type, key_length=key_length, client_ip=self.ip_address, alt_names='non_default', dns=self.dns, uri=self.uri) else: x509main(self.master)._generate_cert(copy_servers, type=SSLtype, encryption=encryption_type, key_length=key_length, client_ip=self.ip_address) self.log.info( " Path is {0} - Prefixs - {1} -- Delimeters - {2}".format( self.paths, self.prefixs, self.delimeters)) if (self.setup_once): x509main(self.master).setup_master(self.client_cert_state, self.paths, self.prefixs, self.delimeters) x509main().setup_cluster_nodes_ssl(self.servers) #reset the severs to ipv6 if there were ipv6 ''' for server in self.servers: if server.ip.count(':') > 0: # raw ipv6? enclose in square brackets server.ip = '[' + server.ip + ']' ''' self.log.info(" list of server {0}".format(self.servers)) self.log.info(" list of server {0}".format(copy_servers))