def test_auth_reject_allow(self):
"""
Verify auth.reject and auth.allow volume options in volume level using
both client ip and hostname.
Verify auth.reject and auth.allow volume options in sub-directory
level using both client ip and hostname.
Steps:
1. Create and start volume.
2. Set auth.reject on volume for client1 using ip of client1.
3. Set auth.allow on volume for client2 using ip of client2.
4. Try to mount volume on client1. This should fail.
5. Check the client1 log for AUTH_FAILED event.
6. Mount volume on client2.
7. Unmount the volume from client2.
8. Set auth.reject on volume for client1 using hostname of client1.
9. Set auth.allow on volume for client2 using hostname of client2.
10. Repeat steps 4 to 6
11. Create directory d1 on client2 mountpoint.
12. Unmount the volume from client2.
13. Set auth.reject on d1 for client1 using ip of client1.
14. Set auth.allow on d1 for client2 using ip of client2.
15. Try to mount d1 on client1. This should fail.
16. Check the client1 log for AUTH_FAILED event.
17. Mount d1 on client2.
18. Unmount d1 from client2.
19. Set auth.reject on d1 for client1 using hostname of client1.
20. Set auth.allow on d1 for client2 using hostname of client2.
21. Repeat steps 15 to 18.
"""
# pylint: disable = too-many-statements
# Setting auth.reject on volume for client1 using ip
auth_dict = {'all': [self.mounts[0].client_system]}
ret = set_auth_reject(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.reject volume option.")
g.log.info("Successfully set auth.reject option on volume")
# Setting auth.allow on volume for client2 using ip
auth_dict = {'all': [self.mounts[1].client_system]}
ret = set_auth_allow(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.allow volume option")
g.log.info("Successfully set auth.allow option on volume")
# Trying to mount volume on client1
self.unauthenticated_mount(self.mounts[0])
# Verify whether mount failure on client1 is due to auth error
log_msg = self.is_auth_failure(self.mounts[0].client_system)
prev_log_statement = log_msg
# Mounting volume on client2
self.authenticated_mount(self.mounts[1])
g.log.info("Verification of auth.reject and auth.allow options on "
"volume using client IP is successful")
# Unmount volume from client2
ret = self.mounts[1].unmount()
self.assertTrue(ret, ("Failed to unmount volume %s from client %s" %
(self.volname, self.mounts[1].client_system)))
# Obtain hostname of client1
ret, hostname_client1, _ = g.run(self.mounts[0].client_system,
"hostname")
self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
self.mounts[0].client_system))
g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
self.mounts[0].client_system, hostname_client1.strip())
# Obtain hostname of client2
ret, hostname_client2, _ = g.run(self.mounts[1].client_system,
"hostname")
self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
self.mounts[1].client_system))
g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
self.mounts[1].client_system, hostname_client2.strip())
# Setting auth.reject on volume for client1 using hostname
auth_dict = {'all': [hostname_client1.strip()]}
ret = set_auth_reject(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.reject volume option.")
g.log.info("Successfully set auth.reject option on volume")
# Setting auth.allow on volume for client2 using hostname
auth_dict = {'all': [hostname_client2.strip()]}
ret = set_auth_allow(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.allow volume option")
g.log.info("Successfully set auth.allow option on volume")
# Trying to mount volume on client1
self.unauthenticated_mount(self.mounts[0])
# Verify whether mount failure on client1 is due to auth error
log_msg = self.is_auth_failure(self.mounts[0].client_system,
prev_log_statement)
prev_log_statement = log_msg
# Mounting volume on client2
self.authenticated_mount(self.mounts[1])
g.log.info("Verification of auth.reject and auth.allow options on "
"volume using client hostname is successful")
# Creating sub directory d1 on mounted volume
ret = mkdir(self.mounts[1].client_system,
"%s/d1" % self.mounts[1].mountpoint)
self.assertTrue(ret, ("Failed to create directory 'd1' in volume %s "
"from client %s" %
(self.volname, self.mounts[1].client_system)))
# Unmount volume from client2
ret = self.mounts[1].unmount()
self.assertTrue(ret, ("Failed to unmount volume %s from client %s" %
(self.volname, self.mounts[1].client_system)))
# Setting auth.reject on d1 for client1 using ip
auth_dict = {'/d1': [self.mounts[0].client_system]}
ret = set_auth_reject(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.reject volume option.")
g.log.info("Successfully set auth.reject option.")
# Setting auth.allow on d1 for client2 using ip
auth_dict = {'/d1': [self.mounts[1].client_system]}
ret = set_auth_allow(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.allow volume option")
g.log.info("Successfully set auth.allow option.")
# Creating mount object for sub-directory mount on client1
mount_obj_client1 = copy.deepcopy(self.mounts[0])
mount_obj_client1.volname = "%s/d1" % self.volname
# Creating mount object for sub-directory mount on client2
mount_obj_client2 = copy.deepcopy(self.mounts[1])
mount_obj_client2.volname = "%s/d1" % self.volname
# Trying to mount d1 on client1
self.unauthenticated_mount(mount_obj_client1)
# Verify whether mount failure on client1 is due to auth error
log_msg = self.is_auth_failure(mount_obj_client1.client_system,
prev_log_statement)
prev_log_statement = log_msg
# Mounting d1 on client2
self.authenticated_mount(mount_obj_client2)
g.log.info("Verification of auth.reject and auth.allow options on "
"sub-directory level using client IP is successful")
# Unmount d1 from client2
ret = mount_obj_client2.unmount()
self.assertTrue(
ret,
("Failed to unmount %s from client %s" %
(mount_obj_client2.volname, mount_obj_client2.client_system)))
# Setting auth.reject on d1 for client1 using hostname
auth_dict = {'/d1': [hostname_client1.strip()]}
ret = set_auth_reject(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.reject volume option.")
g.log.info("Successfully set auth.reject option.")
# Setting auth.allow on d1 for client2 using hostname
auth_dict = {'/d1': [hostname_client2.strip()]}
ret = set_auth_allow(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.allow volume option")
g.log.info("Successfully set auth.allow option.")
# Trying to mount d1 on client1
self.unauthenticated_mount(mount_obj_client1)
# Verify whether mount failure on client1 is due to auth error
self.is_auth_failure(mount_obj_client1.client_system,
prev_log_statement)
# Mounting d1 on client2
self.authenticated_mount(mount_obj_client2)
g.log.info("Verification of auth.reject and auth.allow options on "
"sub-directory level using client hostname is successful")
# Unmount d1 from client2
ret = mount_obj_client2.unmount()
self.assertTrue(
ret,
("Failed to unmount %s from client %s" %
(mount_obj_client2.volname, mount_obj_client2.client_system)))
def test_auth_reject(self):
"""
Check sub dir auth.reject functionality
Steps:
1. Create two sub directories on mounted volume
2. Unmount volume from clients
3. Set auth.reject on sub dir d1 for client1 and d2 for client2
4. Mount d2 on client1 and d1 on client2. This should pass.
5. Try to mount d2 on client2 and d1 on client1. This should fail.
"""
# Creating sub directories on mounted volume
ret = mkdir(self.mounts[0].client_system,
"%s/d1" % self.mounts[0].mountpoint)
self.assertTrue(ret, ("Failed to create directory 'd1' in volume %s "
"from client %s" %
(self.volname, self.mounts[0].client_system)))
ret = mkdir(self.mounts[0].client_system,
"%s/d2" % self.mounts[0].mountpoint)
self.assertTrue(ret, ("Failed to create directory 'd2' in volume %s "
"from client %s" %
(self.volname, self.mounts[0].client_system)))
# Unmounting volumes
ret = self.unmount_volume(self.mounts)
self.assertTrue(ret, "Failed to unmount one or more volumes")
g.log.info("Successfully unmounted all volumes")
# Setting authentication (auth.reject) for directories
auth_dict = {
'/d1': [self.mounts[0].client_system],
'/d2': [self.mounts[1].client_system]
}
ret = set_auth_reject(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set authentication")
g.log.info("Successfully set authentication on sub directories")
# Creating mounts list for authenticated client
self.subdir_mounts = [
copy.deepcopy(self.mounts[0]),
copy.deepcopy(self.mounts[1])
]
self.subdir_mounts[0].volname = "%s/d2" % self.volname
self.subdir_mounts[1].volname = "%s/d1" % self.volname
# Mounting sub directories on authenticated client
for mount_obj in self.subdir_mounts:
ret = mount_obj.mount()
self.assertTrue(
ret, ("Failed to mount sub directory %s on client"
" %s" % (mount_obj.volname, mount_obj.client_system)))
g.log.info("Successfully mounted sub directory %s on client %s",
mount_obj.volname, mount_obj.client_system)
g.log.info("Successfully mounted sub directories to allowed clients")
# Creating mounts list for rejected client
self.unauth_subdir_mounts = [
copy.deepcopy(self.mounts[0]),
copy.deepcopy(self.mounts[1])
]
self.unauth_subdir_mounts[0].volname = "%s/d1" % self.volname
self.unauth_subdir_mounts[1].volname = "%s/d2" % self.volname
self.unauth_subdir_mounts[0].mountpoint \
= "%s_unauth" % self.unauth_subdir_mounts[0].mountpoint
self.unauth_subdir_mounts[1].mountpoint \
= "%s_unauth" % self.unauth_subdir_mounts[1].mountpoint
# Trying to mount sub directories on rejected client
for mount_obj in self.unauth_subdir_mounts:
if mount_obj.mount():
g.log.warning(
"Mount command did not fail as expected. "
"sub-dir: %s, client: %s, mount point: %s",
mount_obj.volname, mount_obj.client_system,
mount_obj.mountpoint)
ret = mount_obj.is_mounted()
if ret:
self.subdir_mounts.append(mount_obj)
self.assertFalse(
ret, ("Mount operation did not fail as "
"expected. Mount operation of sub "
"directory %s on client %s passed."
"Mount point: %s" %
(mount_obj.volname, mount_obj.client_system,
mount_obj.mountpoint)))
g.log.info(
"Mount command passed. But sub directory "
"is not mounted. This is expected. "
"sub-dir: %s, client: %s, mount point: %s",
mount_obj.volname, mount_obj.client_system,
mount_obj.mountpoint)
g.log.info(
"Mount operation of sub directory %s on client %s "
"failed as expected.", mount_obj.volname,
mount_obj.client_system)
g.log.info("Verified mount operation of sub-dirs on "
"rejected client. "
"Mount operation failed as expected.")
# Unmount sub directories
ret = self.unmount_volume(self.subdir_mounts)
self.assertTrue(ret, "Failed to unmount one or more sub-directories")
g.log.info("Successfully unmounted all sub-directories")
def test_verify_auth_reject_precedence(self):
"""
This testcase verifies the precedence of auth.reject volume option
over auth.allow volume option.
Verification will be done in volume level and sub-directory level
using both IP and hostname.
Steps:
1. Create and start volume.
2. Mount volume on client1.
3. Create directory d1 on client1 mountpoint.
4. Unmount volume from client1.
5. Set auth.reject on volume for all clients(*).
6. Set auth.allow on volume for client1 and client2 using ip.
7. Try to mount volume on client1. This should fail.
8. Check the client1 log for AUTH_FAILED event.
9. Try to mount volume on client2. This should fail.
10. Check the client2 log for AUTH_FAILED event.
11. Set auth.allow on volume for client1 and client2 using hostname.
12. Repeat steps 7 to 10.
13. Set auth.reject on sub-directory d1 for all clients(*).
14. Set auth.allow on sub-directory d1 for client1 and client2 using
ip.
15. Try to mount d1 on client1. This should fail.
16. Check the client1 log for AUTH_FAILED event.
17. Try to mount d1 on client2. This should fail.
18. Check the client2 log for AUTH_FAILED event.
19. Set auth.allow on sub-directory d1 for client1 and client2 using
hostname.
20. Repeat steps 15 to 18.
"""
# pylint: disable = too-many-statements
# Mounting volume on client1
self.authenticated_mount(self.mounts[0])
# Creating sub directory d1 on mounted volume
ret = mkdir(self.mounts[0].client_system,
"%s/d1" % self.mounts[0].mountpoint)
self.assertTrue(ret, ("Failed to create directory 'd1' in volume %s "
"from client %s" %
(self.volname, self.mounts[0].client_system)))
# Unmount volume from client1
ret = self.mounts[0].unmount()
self.assertTrue(ret, ("Failed to unmount volume %s from client %s" %
(self.volname, self.mounts[0].client_system)))
# Setting auth.reject on volume for all clients
auth_dict = {'all': ['*']}
ret = set_auth_reject(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.reject volume option.")
g.log.info("Successfully set auth.reject option on volume")
# Setting auth.allow on volume for client1 and client2 using ip
auth_dict = {
'all':
[self.mounts[0].client_system, self.mounts[0].client_system]
}
ret = set_auth_allow(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.allow volume option")
g.log.info("Successfully set auth.allow option on volume")
# Trying to mount volume on client1
self.unauthenticated_mount(self.mounts[0])
# Verify whether mount failure on client1 is due to auth error
log_msg = self.is_auth_failure(self.mounts[0].client_system)
prev_log_statement_c1 = log_msg
# Trying to mount volume on client2
self.unauthenticated_mount(self.mounts[1])
# Verify whether mount failure on client2 is due to auth error
log_msg = self.is_auth_failure(self.mounts[1].client_system)
prev_log_statement_c2 = log_msg
g.log.info("Verification of auth.reject precedence over auth.allow"
"option on volume using clients' ip is successful")
# Obtain hostname of client1
ret, hostname_client1, _ = g.run(self.mounts[0].client_system,
"hostname")
hostname_client1 = hostname_client1.strip()
self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
self.mounts[0].client_system))
g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
self.mounts[0].client_system, hostname_client1)
# Obtain hostname of client2
ret, hostname_client2, _ = g.run(self.mounts[1].client_system,
"hostname")
hostname_client2 = hostname_client2.strip()
self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
self.mounts[1].client_system))
g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
self.mounts[1].client_system, hostname_client2)
# Setting auth.allow on volume for client1 and client2 using hostname
auth_dict = {'all': [hostname_client1, hostname_client2]}
ret = set_auth_allow(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.allow volume option")
g.log.info("Successfully set auth.allow option on volume")
# Trying to mount volume on client1
self.unauthenticated_mount(self.mounts[0])
# Verify whether mount failure on client1 is due to auth error
log_msg = self.is_auth_failure(self.mounts[0].client_system,
prev_log_statement_c1)
prev_log_statement_c1 = log_msg
# Trying to mount volume on client2
self.unauthenticated_mount(self.mounts[1])
# Verify whether mount failure on client2 is due to auth error
log_msg = self.is_auth_failure(self.mounts[1].client_system,
prev_log_statement_c2)
prev_log_statement_c2 = log_msg
g.log.info("Verification of auth.reject precedence over auth.allow"
"option on volume using clients' hostname is successful")
# Setting auth.reject on d1 for all clients
auth_dict = {'/d1': ['*']}
ret = set_auth_reject(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.reject volume option.")
g.log.info("Successfully set auth.reject option.")
# Setting auth.allow on d1 for client1 and client2 using ip
auth_dict = {
'/d1':
[self.mounts[0].client_system, self.mounts[1].client_system]
}
ret = set_auth_allow(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.allow volume option")
g.log.info("Successfully set auth.allow option.")
# Creating mount object for sub-directory mount on client1
mount_obj_client1 = copy.deepcopy(self.mounts[0])
mount_obj_client1.volname = "%s/d1" % self.volname
# Creating mount object for sub-directory mount on client2
mount_obj_client2 = copy.deepcopy(self.mounts[1])
mount_obj_client2.volname = "%s/d1" % self.volname
# Trying to mount d1 on client1
self.unauthenticated_mount(mount_obj_client1)
# Verify whether mount failure on client1 is due to auth error
log_msg = self.is_auth_failure(mount_obj_client1.client_system,
prev_log_statement_c1)
prev_log_statement_c1 = log_msg
# Trying to mount d1 on client2
self.unauthenticated_mount(mount_obj_client2)
# Verify whether mount failure on client2 is due to auth error
log_msg = self.is_auth_failure(mount_obj_client2.client_system,
prev_log_statement_c2)
prev_log_statement_c2 = log_msg
g.log.info("Verification of auth.reject precedence over auth.allow"
"option on sub-directory level using clients' ip is "
"successful")
# Setting auth.allow on d1 for client1 and client2 using hostname
auth_dict = {'/d1': [hostname_client1, hostname_client2]}
ret = set_auth_allow(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.allow volume option")
g.log.info("Successfully set auth.allow option.")
# Trying to mount d1 on client1
self.unauthenticated_mount(mount_obj_client1)
# Verify whether mount failure on client1 is due to auth error
self.is_auth_failure(mount_obj_client1.client_system,
prev_log_statement_c1)
# Trying to mount d1 on client2
self.unauthenticated_mount(mount_obj_client2)
# Verify whether mount failure on client2 is due to auth error
self.is_auth_failure(mount_obj_client2.client_system,
prev_log_statement_c2)
g.log.info("Verification of auth.reject precedence over auth.allow"
"option on sub-directory level using clients' hostname is "
"successful")
def test_auth_reject_allow_same_client(self):
"""
Verify auth.reject and auth.allow volume options in volume level using
both client ip and hostname.
Steps:
1. Create and start volume.
2. Set auth.reject on volume for client1 using ip of client1.
3. Set auth.allow on volume for client1 using ip of client1.
4. Try to mount volume on client1. This should fail.
5. Check the client1 log for AUTH_FAILED event.
6. Mount volume on client2.This should fail.
7. Check the client2 log for AUTH_FAILED event.
8. Set auth.reject on volume for client1 using hostname of client1.
9. Set auth.allow on volume for client1 using hostname of client1.
10. Repeat steps 4 to 7
"""
# pylint: disable = too-many-statements
# Setting auth.reject on volume for client1 using ip
auth_dict = {'all': [self.mounts[0].client_system]}
ret = set_auth_reject(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.reject volume option.")
# Setting auth.allow on volume for client1 using ip
auth_dict = {'all': [self.mounts[0].client_system]}
ret = set_auth_allow(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.allow volume option")
# Trying to mount volume on client1
self.unauthenticated_mount(self.mounts[0])
# Verify whether mount failure on client1 is due to auth error
log_msg = self.is_auth_failure(self.mounts[0].client_system)
prev_log_statement = log_msg
# Mounting volume on client2
self.unauthenticated_mount(self.mounts[1])
g.log.info("Verification of auth.reject and auth.allow options on "
"volume using client IP is successful")
# Obtain hostname of client1
ret, hostname_client1, _ = g.run(self.mounts[0].client_system,
"hostname")
self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
self.mounts[0].client_system))
g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
self.mounts[0].client_system, hostname_client1.strip())
# Obtain hostname of client2
ret, hostname_client2, _ = g.run(self.mounts[1].client_system,
"hostname")
self.assertEqual(ret, 0, ("Failed to obtain hostname of client %s" %
self.mounts[1].client_system))
g.log.info("Obtained hostname of client. IP- %s, hostname- %s",
self.mounts[1].client_system, hostname_client2.strip())
# Setting auth.reject on volume for client1 using hostname
auth_dict = {'all': [hostname_client1.strip()]}
ret = set_auth_reject(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.reject volume option.")
# Setting auth.allow on volume for client1 using hostname
auth_dict = {'all': [hostname_client1.strip()]}
ret = set_auth_allow(self.volname, self.mnode, auth_dict)
self.assertTrue(ret, "Failed to set auth.allow volume option")
# Trying to mount volume on client1
self.unauthenticated_mount(self.mounts[0])
# Verify whether mount failure on client1 is due to auth error
log_msg = self.is_auth_failure(self.mounts[0].client_system,
prev_log_statement)
prev_log_statement = log_msg
# Mounting volume on client2
self.unauthenticated_mount(self.mounts[1])
# Verify whether mount failure on client2 is due to auth error
log_msg = self.is_auth_failure(self.mounts[1].client_system)
prev_log_statement = log_msg