def _revert():
# revert password
LOG.fixture_step("Reverting admin password to '{}'".format(prev_pswd))
keystone_helper.set_user('admin', password=prev_pswd,
auth_info=Tenant.get('admin_platform'))
LOG.fixture_step("Sleep for 180 seconds after admin password change")
time.sleep(180) # CGTS-6928
assert prev_pswd == security_helper.get_admin_password_in_keyring()
def revert_pswd():
LOG.fixture_step(
"(Session) Reverting admin password to {}".format(prev_pswd))
keystone_helper.set_user('admin', password=prev_pswd)
_lock_unlock_controllers()
LOG.fixture_step("(Session) Check admin password is reverted to {} in "
"keyring".format(prev_pswd))
assert prev_pswd == security_helper.get_admin_password_in_keyring()
def change_admin_password_session(request, wait_for_con_drbd_sync_complete):
more_than_one_controllers = wait_for_con_drbd_sync_complete
prev_pswd = Tenant.get('admin')['password']
post_pswd = '!{}9'.format(prev_pswd)
LOG.fixture_step(
'(Session) Changing admin password to {}'.format(post_pswd))
keystone_helper.set_user('admin', password=post_pswd)
def _lock_unlock_controllers():
LOG.fixture_step("Sleep for 120 seconds after admin password change")
time.sleep(300) # CGTS-6928
if more_than_one_controllers:
active, standby = system_helper.get_active_standby_controllers()
if standby:
LOG.fixture_step(
"(Session) Locking unlocking controllers to complete action"
)
host_helper.lock_host(standby)
host_helper.unlock_host(standby)
host_helper.lock_host(active, swact=True)
host_helper.unlock_host(active)
else:
LOG.warning(
"Standby controller unavailable. Skip lock unlock controllers post admin password change."
)
elif system_helper.is_aio_simplex():
LOG.fixture_step(
"(Session) Simplex lab - lock/unlock controller to complete action"
)
host_helper.lock_host('controller-0', swact=False)
host_helper.unlock_host('controller-0')
def revert_pswd():
LOG.fixture_step(
"(Session) Reverting admin password to {}".format(prev_pswd))
keystone_helper.set_user('admin', password=prev_pswd)
_lock_unlock_controllers()
LOG.fixture_step(
"(Session) Check admin password is reverted to {} in keyring".
format(prev_pswd))
assert prev_pswd == security_helper.get_admin_password_in_keyring()
request.addfinalizer(revert_pswd)
_lock_unlock_controllers()
LOG.fixture_step(
"(Session) Check admin password is changed to {} in keyring".format(
post_pswd))
assert post_pswd == security_helper.get_admin_password_in_keyring()
return post_pswd
def test_admin_password(scenario, less_than_two_cons, _revert_admin_pw):
"""
Test the admin password change
Test Steps:
- lock standby controller change password and unlock
- change password and swact
- check alarms
"""
if 'swact' in scenario and less_than_two_cons:
skip(SkipSysType.LESS_THAN_TWO_CONTROLLERS)
host = system_helper.get_standby_controller_name()
assert host, "No standby controller on system"
if scenario == "lock_standby_change_pswd":
# lock the standby
LOG.tc_step("Attempting to lock {}".format(host))
res, out = host_helper.lock_host(host=host)
LOG.tc_step("Result of the lock was: {}".format(res))
# change password
prev_pswd = Tenant.get('admin')['password']
post_pswd = '!{}9'.format(prev_pswd)
LOG.tc_step('Changing admin password to {}'.format(post_pswd))
keystone_helper.set_user('admin', password=post_pswd, auth_info=Tenant.get(
'admin_platform'))
# assert "Warning: 'admin' password changed. Please wait 5 minutes before Locking/Unlocking
# the controllers" in output
LOG.tc_step("Sleep for 180 seconds after admin password change")
time.sleep(180)
LOG.tc_step("Check admin password is updated in keyring")
assert post_pswd == security_helper.get_admin_password_in_keyring()
if scenario == "change_pswd_swact":
LOG.tc_step("Swact active controller")
host_helper.swact_host()
else:
LOG.tc_step("Unlock host {}".format(host))
res = host_helper.unlock_host(host)
LOG.info("Unlock hosts result: {}".format(res))
LOG.tc_step("Check admin password is updated in keyring")
assert post_pswd == security_helper.get_admin_password_in_keyring()
def change_user_password(user_name,
password,
keystone,
by_admin=True,
expect_fail=None):
scenario = 'Change platform keystone user password with rule {} unsatisfied'.format(
expect_fail
) if expect_fail else 'Change platform keyword user password to a valid password'
if by_admin and expect_fail == 'not_last_used':
scenario += ', but still allowed when operated by admin user'
expect_fail = None
LOG.info(scenario)
dict_name = '{}_platform'.format(
user_name) if keystone == 'platform' else user_name
user_auth = Tenant.get(dict_name)
original_password = user_auth['password']
if by_admin:
admin_auth = Tenant.get(
'admin_platform') if keystone == 'platform' else Tenant.get(
'admin')
code, output = keystone_helper.set_user(user=user_name,
password=password,
project='admin',
auth_info=admin_auth,
fail_ok=expect_fail)
else:
code, output = keystone_helper.set_current_user_password(
fail_ok=expect_fail,
original_password=original_password,
new_password=password,
auth_info=user_auth)
if code == 0:
save_used_password(keystone, password=password)
if expect_fail:
assert 1 == code, "{} keystone user password change accepted unexpectedly with " \
"password rule violated: {}".format(keystone, password)
LOG.info('{} keystone password change {} as expected'.format(
keystone, 'rejected' if expect_fail else 'accepted'))
return code, output