def error_cleanup():
global ldap_server_uuid
global new_account_uuid
if ldap_server_uuid:
ldp_ops.delete_ldap_server(ldap_server_uuid)
if new_account_uuid:
acc_ops.delete_account(new_account_uuid)
def error_cleanup():
global ldap_server_uuid
global new_account_uuid
if ldap_server_uuid:
ldp_ops.delete_ldap_server(ldap_server_uuid)
if new_account_uuid:
acc_ops.delete_account(new_account_uuid)
def env_recover():
global ldap_server_uuid
global new_account_uuid
if ldap_server_uuid:
ldp_ops.delete_ldap_server(ldap_server_uuid)
if new_account_uuid:
acc_ops.delete_account(new_account_uuid)
def test():
global ldap_server_uuid
global new_account_uuid
system_tag = ["ldapUseAsLoginName::uid"]
ldap_server = ldp_ops.add_ldap_server('ldap1',
'ldap for test',
os.environ.get('ldapServerUrl'),
os.environ.get('ldapServerBase'),
os.environ.get('ldapServerUsername'),
os.environ.get('ldapServerPassword'),
'TLS',
systemtags=system_tag)
ldap_server_uuid = ldap_server.inventory.uuid
conditions = res_ops.gen_query_conditions('type', '=', 'SystemAdmin')
account = res_ops.query_resource(res_ops.ACCOUNT, conditions)[0]
new_account = acc_ops.create_account('new_account', 'password', 'Normal')
new_account_uuid = new_account.uuid
ldap_account = ldp_ops.bind_ldap_account(os.environ.get('ldapDn'),
new_account.uuid)
ldap_account_uuid = ldap_account.inventory.uuid
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'),
os.environ.get('ldapPassword'))
acc_ops.logout(session_uuid)
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(
os.environ.get('ldapUid'),
os.environ.get('ldapPassword') + '1')
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login with wrong password')
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'), '')
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login with blank password')
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'), None)
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login without password')
ldp_ops.unbind_ldap_account(ldap_account_uuid)
acc_ops.delete_account(new_account.uuid)
ldp_ops.delete_ldap_server(ldap_server_uuid)
test_util.test_pass('Create VM by normal user account Success')
acc_ops.logout(session_uuid)
def env_recover():
global ldap_server_uuid
global new_account_uuid
if ldap_server_uuid:
ldp_ops.delete_ldap_server(ldap_server_uuid)
if new_account_uuid:
acc_ops.delete_account(new_account_uuid)
def test():
global ldap_server_uuid
global new_account_uuid
ldap_server = ldp_ops.add_ldap_server('ldap1', 'ldap for test', os.environ.get('ldapServerUrl'), os.environ.get('ldapServerBase'), os.environ.get('ldapServerUsername'), os.environ.get('ldapServerPassword'), 'TLS')
ldap_server_uuid = ldap_server.inventory.uuid
conditions = res_ops.gen_query_conditions('type', '=', 'SystemAdmin')
account = res_ops.query_resource(res_ops.ACCOUNT, conditions)[0]
get_expected_exception = False
try:
ldap_account = ldp_ops.bind_ldap_account(os.environ.get('ldapUid'), account.uuid)
except:
get_expected_exception = True
if not get_expected_exception:
test_util.test_fail('should not be able to bind ldapuid to admin account')
new_account = acc_ops.create_account('new_account', 'password', 'Normal')
new_account_uuid = new_account.uuid
ldap_account = ldp_ops.bind_ldap_account(os.environ.get('ldapUid'), new_account.uuid)
ldap_account_uuid = ldap_account.inventory.uuid
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'), os.environ.get('ldapPassword'))
acc_ops.logout(session_uuid)
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'), os.environ.get('ldapPassword')+'1')
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login with wrong password')
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'), '')
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login with blank password')
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'), None)
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login without password')
ldp_ops.unbind_ldap_account(ldap_account_uuid)
acc_ops.delete_account(new_account.uuid)
ldp_ops.delete_ldap_server(ldap_server_uuid)
test_util.test_pass('Create VM by normal user account Success')
acc_ops.logout(session_uuid)
def error_cleanup():
global ldap_server_uuid
global new_account_uuid
if ldap_server_uuid:
ldp_ops.delete_ldap_server(ldap_server_uuid)
if new_account_uuid:
acc_ops.delete_account(new_account_uuid)
ldp_ops.unbind_ldap_account(ldap_account_uuid)
acc_ops.delete_account(new_account.uuid)
ldp_ops.delete_ldap_server(ldap_server_uuid)
test_util.test_pass('Create VM by normal user account Success')
acc_ops.logout(session_uuid)
def error_cleanup():
global ldap_server_uuid
global new_account_uuid
if ldap_server_uuid:
ldp_ops.delete_ldap_server(ldap_server_uuid)
if new_account_uuid:
acc_ops.delete_account(new_account_uuid)
ldp_ops.unbind_ldap_account(ldap_account_uuid)
acc_ops.delete_account(new_account.uuid)
ldp_ops.delete_ldap_server(ldap_server_uuid)
test_util.test_pass('Create VM by normal user account Success')
acc_ops.logout(session_uuid)
def test():
global ad_server_uuid
global new_account_uuid
system_tag = ["ldapUseAsLoginName::cn"]
ad_server = ldp_ops.add_ldap_server('ad1', 'ad for test', os.environ.get('adServerUrl'), os.environ.get('adServerBase'), os.environ.get('adServerUsername'), os.environ.get('adServerPassword'), systemtags=system_tag)
ad_server_uuid = ad_server.inventory.uuid
conditions = res_ops.gen_query_conditions('type', '=', 'SystemAdmin')
account = res_ops.query_resource(res_ops.ACCOUNT, conditions)[0]
account_uuid = account.uuid
new_account = acc_ops.create_account('new_account', 'password', 'Normal')
new_account_uuid = new_account.uuid
ad_account = ldp_ops.bind_ldap_account(os.environ.get('adUserDn'), account.uuid)
ad_account_uuid = ad_account.inventory.uuid
session_uuid = acc_ops.login_by_ldap(os.environ.get('adUserCn'), os.environ.get('adPassword'))
new_account2 = acc_ops.create_account('new_account2', 'password', 'Normal', session_uuid)
acc_ops.delete_account(new_account2.uuid)
acc_ops.logout(session_uuid)
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('adUserCn'), os.environ.get('adPassword')+'1')
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login with wrong password')
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('adUserCn'), '')
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login with blank password')
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('adUserCn'), None)
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login without password')
ldp_ops.unbind_ldap_account(ad_account_uuid)
acc_ops.delete_account(new_account.uuid)
ldp_ops.delete_ldap_server(ad_server_uuid)
test_util.test_pass('Login zstack admin by AD Success')
acc_ops.logout(session_uuid)
def test():
global ldap_server_uuid
global new_account_uuid
global new_account_uuid2
system_tag = "ldapUseAsLoginName::uid"
ldap_server = ldp_ops.add_ldap_server('ldap1', 'ldap for test', os.environ.get('ldapServerUrl'), os.environ.get('ldapServerBase'), os.environ.get('ldapServerUsername'), os.environ.get('ldapServerPassword'), systemtags=[system_tag])
ldap_server_uuid = ldap_server.inventory.uuid
conditions = res_ops.gen_query_conditions('type', '=', 'SystemAdmin')
account = res_ops.query_resource(res_ops.ACCOUNT, conditions)[0]
new_account = acc_ops.create_account('new_account', 'password', 'Normal')
new_account_uuid = new_account.uuid
new_account2 = acc_ops.create_account('new_account2', 'password', 'Normal')
new_account_uuid2 = new_account2.uuid
ldap_account = ldp_ops.bind_ldap_account(os.environ.get('ldapDn'), new_account.uuid)
ldap_account_uuid = ldap_account.inventory.uuid
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'), os.environ.get('ldapPassword'))
acc_ops.logout(session_uuid)
ldap_account2 = ldp_ops.bind_ldap_account('uid=ldapuser3,ou=People,dc=mevoco,dc=com', new_account2.uuid)
ldap_account_uuid2 = ldap_account2.inventory.uuid
session_uuid2 = acc_ops.login_by_ldap('ldapuser3', 'password')
acc_ops.logout(session_uuid)
#Update multi ldap filters
system_tags = ["ldapCleanBindingFilter::(&(loginShell=/bin/bash)(|(homeDirectory=/home/mldapuser)(homeDirectory=/home/ldapuser3)))", "ldapUseAsLoginName::uid"]
ldap_filter = ldp_ops.update_ldap_server(ldap_server_uuid, system_tags)
ldp_ops.clean_invalid_ldap_binding()
get_excepted_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'), os.environ.get('ldapPassword'))
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login with filter account')
get_excepted_exception = False
try:
session_uuid = acc_ops.login_by_ldap('ldapuser3','password')
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login with filter account')
cond = res_ops.gen_query_conditions('resourceUuid', '=', ldap_server_uuid)
ldap_clean_binding_filter_tag_uuid = res_ops.query_resource(res_ops.SYSTEM_TAG, cond)[0].uuid
#Clear filter
tag_ops.delete_tag(ldap_clean_binding_filter_tag_uuid)
ldap_filter = ldp_ops.update_ldap_server(ldap_server_uuid, [system_tag])
ldap_account = ldp_ops.bind_ldap_account(os.environ.get('ldapDn'), new_account.uuid)
ldap_account_uuid = ldap_account.inventory.uuid
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'), os.environ.get('ldapPassword'))
acc_ops.logout(session_uuid)
ldap_account2 = ldp_ops.bind_ldap_account('uid=ldapuser3,ou=People,dc=mevoco,dc=com', new_account2.uuid)
ldap_account_uuid2 = ldap_account2.inventory.uuid
session_uuid2 = acc_ops.login_by_ldap('ldapuser3', 'password')
acc_ops.logout(session_uuid)
ldp_ops.clean_invalid_ldap_binding()
get_excepted_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('ldapUid'), os.environ.get('ldapPassword'))
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if get_excepted_exception:
test_util.test_fail('should be able to login after removed filter but login failed')
get_excepted_exception = False
try:
session_uuid = acc_ops.login_by_ldap('ldapuser3','password')
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if get_excepted_exception:
test_util.test_fail('should be able to login after removed filter but login failed')
ldp_ops.unbind_ldap_account(ldap_account_uuid)
ldp_ops.unbind_ldap_account(ldap_account_uuid2)
acc_ops.delete_account(new_account_uuid)
acc_ops.delete_account(new_account_uuid2)
ldp_ops.delete_ldap_server(ldap_server_uuid)
test_util.test_pass('Create VM by normal user account Success')
acc_ops.logout(session_uuid)
def test():
global ad_server_uuid
global new_account_uuid
system_tag = ["ldapUseAsLoginName::cn"]
ad_server = ldp_ops.add_ldap_server('ad1',
'ad for test',
os.environ.get('adServerUrl'),
os.environ.get('adServerBase'),
os.environ.get('adServerUsername'),
os.environ.get('adServerPassword'),
systemtags=system_tag)
ad_server_uuid = ad_server.inventory.uuid
conditions = res_ops.gen_query_conditions('type', '=', 'SystemAdmin')
account = res_ops.query_resource(res_ops.ACCOUNT, conditions)[0]
account_uuid = account.uuid
new_account = acc_ops.create_account('new_account', 'password', 'Normal')
new_account_uuid = new_account.uuid
ad_account = ldp_ops.bind_ldap_account(os.environ.get('adUserDn'),
account.uuid)
ad_account_uuid = ad_account.inventory.uuid
session_uuid = acc_ops.login_by_ldap(os.environ.get('adUserCn'),
os.environ.get('adPassword'))
new_account2 = acc_ops.create_account('new_account2', 'password', 'Normal',
session_uuid)
acc_ops.delete_account(new_account2.uuid)
acc_ops.logout(session_uuid)
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(
os.environ.get('adUserCn'),
os.environ.get('adPassword') + '1')
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login with wrong password')
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('adUserCn'), '')
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login with blank password')
get_expected_exception = False
try:
session_uuid = acc_ops.login_by_ldap(os.environ.get('adUserCn'), None)
acc_ops.logout(session_uuid)
except:
get_excepted_exception = True
if not get_excepted_exception:
test_util.test_fail('should not be able to login without password')
ldp_ops.unbind_ldap_account(ad_account_uuid)
acc_ops.delete_account(new_account.uuid)
ldp_ops.delete_ldap_server(ad_server_uuid)
test_util.test_pass('Login zstack admin by AD Success')
acc_ops.logout(session_uuid)
