def test_authentication_PAM_without_negotiation(self):
## set up client and server side for ssl handshake
# server side certificate setup
os.system("openssl genrsa -out server.key")
# os.system("openssl req -batch -new -key server.key -out server.csr") # if use external CA
# self-signed certificate
os.system("openssl req -batch -new -x509 -key server.key -out server.crt -days 365")
os.system("mv server.crt chain.pem")
os.system("openssl dhparam -2 -out dhparams.pem 100") # normally 2048, but smaller size here for speed
# server side environment variables
os.environ['irodsSSLCertificateChainFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/chain.pem'
os.environ['irodsSSLCertificateKeyFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/server.key'
os.environ['irodsSSLDHParamsFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/dhparams.pem'
# client side environment variables
self.auth_session.environment_file_contents['irods_ssl_verify_server'] = 'none'
self.auth_session.environment_file_contents['irods_authentication_scheme'] = 'PaM'
# server reboot to pick up new irodsEnv settings
lib.restart_irods_server()
# do the reauth
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
# connect and list some files
self.auth_session.assert_icommand('icd')
self.auth_session.assert_icommand('ils -L', 'STDOUT', 'home')
# reset client environment to original
del self.auth_session.environment_file_contents['irods_authentication_scheme']
# clean up
for file in ['server.key', 'chain.pem', 'dhparams.pem']:
os.unlink(file)
def test_ssl_iput_with_rods_env(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_client_server_policy': 'CS_NEG_REQUIRE',
'irods_ssl_verify_server': 'none',
}
session_env_backup = copy.deepcopy(self.admin.environment_file_contents)
self.admin.environment_file_contents.update(client_update)
filename = 'encryptedfile.txt'
filepath = lib.create_local_testfile(filename)
self.admin.assert_icommand(['iinit', self.admin.password])
self.admin.assert_icommand(['iput', filename])
self.admin.assert_icommand(['ils', '-L', filename], 'STDOUT', filename)
self.admin.environment_file_contents = session_env_backup
for f in ['server.key', 'server.csr', 'chain.pem', 'dhparams.pem']:
os.unlink(f)
lib.restart_irods_server()
def tearDown(self):
super(Test_Compound_with_S3_Resource, self).tearDown()
with lib.make_session_for_existing_admin() as admin_session:
admin_session.assert_icommand("iadmin rmchildfromresc demoResc archiveResc")
admin_session.assert_icommand("iadmin rmchildfromresc demoResc cacheResc")
admin_session.assert_icommand("iadmin rmresc archiveResc")
admin_session.assert_icommand("iadmin rmresc cacheResc")
admin_session.assert_icommand("iadmin rmresc demoResc")
admin_session.assert_icommand("iadmin modresc origResc name demoResc", 'STDOUT_SINGLELINE', 'rename', stdin_string='yes\n')
shutil.rmtree(lib.get_irods_top_level_dir() + "/archiveRescVault", ignore_errors=True)
shutil.rmtree(lib.get_irods_top_level_dir() + "/cacheRescVault", ignore_errors=True)
def test_ssl_iput_small_and_large_files(self):
# set up client and server side for ssl handshake
# server side certificate setup
os.system("openssl genrsa -out server.key 2> /dev/null")
os.system("openssl req -batch -new -key server.key -out server.csr")
os.system("openssl req -batch -new -x509 -key server.key -out server.crt -days 365")
os.system("mv server.crt chain.pem")
# normally 2048, but smaller size here for speed
os.system("openssl dhparam -2 -out dhparams.pem 100 2> /dev/null")
# server side environment variables
os.environ['irodsSSLCertificateChainFile'] = lib.get_irods_top_level_dir() + "/tests/pydevtest/chain.pem"
os.environ['irodsSSLCertificateKeyFile'] = lib.get_irods_top_level_dir() + "/tests/pydevtest/server.key"
os.environ['irodsSSLDHParamsFile'] = lib.get_irods_top_level_dir() + "/tests/pydevtest/dhparams.pem"
# client side environment variables
os.environ['irodsSSLVerifyServer'] = "none"
# add client irodsEnv settings
clientEnvFile = self.admin.local_session_dir + "/irods_environment.json"
os.system("cp %s %sOrig" % (clientEnvFile, clientEnvFile))
env = {}
env['irods_client_server_policy'] = 'CS_NEG_REQUIRE'
lib.update_json_file_from_dict(clientEnvFile, env)
# server reboot to pick up new irodsEnv settings
lib.restart_irods_server()
# do the encrypted put
filename = "encryptedfile.txt"
filepath = lib.create_local_testfile(filename)
self.admin.assert_icommand(['iinit', self.admin.password]) # reinitialize
# small file
self.admin.assert_icommand("iput " + filename) # encrypted put - small file
self.admin.assert_icommand("ils -L " + filename, 'STDOUT', filename) # should be listed
# large file
largefilename = "BIGencryptedfile.txt"
output = commands.getstatusoutput('dd if=/dev/zero of=' + largefilename + ' bs=1M count=60')
assert output[0] == 0, "dd did not successfully exit"
#os.system("ls -al "+largefilename)
self.admin.assert_icommand("iput " + largefilename) # encrypted put - large file
self.admin.assert_icommand("ils -L " + largefilename, 'STDOUT', largefilename) # should be listed
# reset client environment to not require SSL
os.system("mv %sOrig %s" % (clientEnvFile, clientEnvFile))
# clean up
os.system("rm server.key server.csr chain.pem dhparams.pem")
os.remove(filename)
os.remove(largefilename)
# restart iRODS server without altered environment
lib.restart_irods_server()
def tearDown(self):
super(Test_LoadBalanced_Resource, self).tearDown()
with lib.make_session_for_existing_admin() as admin_session:
admin_session.assert_icommand("iadmin rmchildfromresc demoResc rescA")
admin_session.assert_icommand("iadmin rmchildfromresc demoResc rescB")
admin_session.assert_icommand("iadmin rmchildfromresc demoResc rescC")
admin_session.assert_icommand("iadmin rmresc rescA")
admin_session.assert_icommand("iadmin rmresc rescB")
admin_session.assert_icommand("iadmin rmresc rescC")
admin_session.assert_icommand("iadmin rmresc demoResc")
admin_session.assert_icommand("iadmin modresc origResc name demoResc", 'STDOUT_SINGLELINE', 'rename', stdin_string='yes\n')
shutil.rmtree(lib.get_irods_top_level_dir() + "/rescAVault", ignore_errors=True)
shutil.rmtree(lib.get_irods_top_level_dir() + "/rescBVault", ignore_errors=True)
shutil.rmtree(lib.get_irods_top_level_dir() + "/rescCVault", ignore_errors=True)
def tearDown(self):
super(Test_LoadBalanced_Resource, self).tearDown()
with lib.make_session_for_existing_admin() as admin_session:
admin_session.assert_icommand("iadmin rmchildfromresc demoResc rescA")
admin_session.assert_icommand("iadmin rmchildfromresc demoResc rescB")
admin_session.assert_icommand("iadmin rmchildfromresc demoResc rescC")
admin_session.assert_icommand("iadmin rmresc rescA")
admin_session.assert_icommand("iadmin rmresc rescB")
admin_session.assert_icommand("iadmin rmresc rescC")
admin_session.assert_icommand("iadmin rmresc demoResc")
admin_session.assert_icommand("iadmin modresc origResc name demoResc", 'STDOUT', 'rename', stdin_string='yes\n')
shutil.rmtree(lib.get_irods_top_level_dir() + "/rescAVault", ignore_errors=True)
shutil.rmtree(lib.get_irods_top_level_dir() + "/rescBVault", ignore_errors=True)
shutil.rmtree(lib.get_irods_top_level_dir() + "/rescCVault", ignore_errors=True)
def test_configuration_schema_validation_from_file(self):
schemas_git_dir = tempfile.mkdtemp(prefix='irods-test_configuration_schema_validation_from_file-git')
with lib.directory_deleter(schemas_git_dir):
schemas_repo = 'https://github.com/irods/irods_schema_configuration'
lib.run_command(['git', 'clone', schemas_repo, schemas_git_dir])
schemas_branch = 'v3'
lib.run_command(['git', 'checkout', schemas_branch], cwd=schemas_git_dir)
schemas_deploy_dir = tempfile.mkdtemp(prefix='irods-test_configuration_schema_validation_from_file-schemas')
with lib.directory_deleter(schemas_deploy_dir):
lib.assert_command(['python', os.path.join(schemas_git_dir, 'deploy_schemas_locally.py'), '--output_directory_base', schemas_deploy_dir])
with lib.file_backed_up(os.path.join(lib.get_irods_config_dir(), 'server_config.json')) as server_config_filename:
with open(server_config_filename) as f:
server_config = json.load(f)
server_config['schema_validation_base_uri'] = 'file://' + schemas_deploy_dir
lib.update_json_file_from_dict(server_config_filename, server_config)
irodsctl_fullpath = os.path.join(lib.get_irods_top_level_dir(), 'iRODS', 'irodsctl')
if lib.is_jsonschema_installed():
expected_lines = ['Validating [{0}]... Success'.format(os.path.expanduser('~/.irods/irods_environment.json')),
'Validating [{0}/server_config.json]... Success'.format(lib.get_irods_config_dir()),
'Validating [{0}/VERSION.json]... Success'.format(lib.get_irods_top_level_dir()),
'Validating [{0}/hosts_config.json]... Success'.format(lib.get_irods_config_dir()),
'Validating [{0}/host_access_control_config.json]... Success'.format(lib.get_irods_config_dir())]
if not configuration.TOPOLOGY_FROM_RESOURCE_SERVER:
expected_lines.append('Validating [{0}/database_config.json]... Success'.format(lib.get_irods_config_dir()))
lib.assert_command([irodsctl_fullpath, 'restart'], 'STDOUT_MULTILINE', expected_lines)
else:
lib.assert_command([irodsctl_fullpath, 'restart'], 'STDERR_SINGLELINE', 'jsonschema not installed', desired_rc=0)
def test_re_shm_cleanup(self):
irodsctl_fullpath = os.path.join(lib.get_irods_top_level_dir(),
'iRODS', 'irodsctl')
lib.assert_command([irodsctl_fullpath, 'stop'], 'STDOUT_SINGLELINE',
'Stopping iRODS server')
assert not lib.re_shm_exists(), lib.re_shm_exists()
lib.start_irods_server()
def setUp(self):
with lib.make_session_for_existing_admin() as admin_session:
context_prefix = lib.get_hostname(
) + ':' + lib.get_irods_top_level_dir()
admin_session.assert_icommand(
'iadmin modresc demoResc name origResc',
'STDOUT_SINGLELINE',
'rename',
stdin_string='yes\n')
admin_session.assert_icommand(
'iadmin mkresc demoResc load_balanced', 'STDOUT_SINGLELINE',
'load_balanced')
admin_session.assert_icommand(
'iadmin mkresc rescA "unixfilesystem" ' + context_prefix +
'/rescAVault', 'STDOUT_SINGLELINE', 'unixfilesystem')
admin_session.assert_icommand(
'iadmin mkresc rescB "unixfilesystem" ' + context_prefix +
'/rescBVault', 'STDOUT_SINGLELINE', 'unixfilesystem')
admin_session.assert_icommand(
'iadmin mkresc rescC "unixfilesystem" ' + context_prefix +
'/rescCVault', 'STDOUT_SINGLELINE', 'unixfilesystem')
admin_session.assert_icommand(
'iadmin addchildtoresc demoResc rescA')
admin_session.assert_icommand(
'iadmin addchildtoresc demoResc rescB')
admin_session.assert_icommand(
'iadmin addchildtoresc demoResc rescC')
super(Test_LoadBalanced_Resource, self).setUp()
def setUp(self):
super(Test_Auth, self).setUp()
cfg_file = os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/test_framework_configuration.json')
with open(cfg_file,'r') as f:
cfg = json.load(f)
auth_user = cfg['irods_authuser_name']
auth_pass = cfg['irods_authuser_password']
self.auth_session = lib.mkuser_and_return_session('rodsuser', auth_user, auth_pass, lib.get_hostname())
def tearDown(self):
super(Test_MSOSuite, self).tearDown()
with lib.make_session_for_existing_admin() as admin_session:
admin_session.assert_icommand("iadmin rmchildfromresc demoResc archiveResc")
admin_session.assert_icommand("iadmin rmchildfromresc demoResc cacheResc")
admin_session.assert_icommand("iadmin rmresc archiveResc")
admin_session.assert_icommand("iadmin rmresc cacheResc")
admin_session.assert_icommand("iadmin rmresc demoResc")
admin_session.assert_icommand("iadmin modresc origResc name demoResc", 'STDOUT', 'rename', stdin_string='yes\n')
shutil.rmtree(lib.get_irods_top_level_dir() + "/cacheRescVault")
def tearDown(self):
super(Test_DeferredToDeferred, self).tearDown()
with lib.make_session_for_existing_admin() as admin_session:
admin_session.assert_icommand("iadmin rmchildfromresc defResc3 rescA")
admin_session.assert_icommand("iadmin rmchildfromresc defResc4 rescB")
admin_session.assert_icommand("iadmin rmchildfromresc defResc1 defResc3")
admin_session.assert_icommand("iadmin rmchildfromresc defResc2 defResc4")
admin_session.assert_icommand("iadmin rmchildfromresc demoResc defResc1")
admin_session.assert_icommand("iadmin rmchildfromresc demoResc defResc2")
admin_session.assert_icommand("iadmin rmresc rescA")
admin_session.assert_icommand("iadmin rmresc rescB")
admin_session.assert_icommand("iadmin rmresc defResc1")
admin_session.assert_icommand("iadmin rmresc defResc2")
admin_session.assert_icommand("iadmin rmresc defResc3")
admin_session.assert_icommand("iadmin rmresc defResc4")
admin_session.assert_icommand("iadmin rmresc demoResc")
admin_session.assert_icommand("iadmin modresc origResc name demoResc", 'STDOUT_SINGLELINE', 'rename', stdin_string='yes\n')
shutil.rmtree(lib.get_irods_top_level_dir() + "/rescAVault", ignore_errors=True)
shutil.rmtree(lib.get_irods_top_level_dir() + "/rescBVault", ignore_errors=True)
def setUp(self):
super(Test_Auth, self).setUp()
cfg_file = os.path.join(
lib.get_irods_top_level_dir(),
'tests/pydevtest/test_framework_configuration.json')
with open(cfg_file, 'r') as f:
cfg = json.load(f)
auth_user = cfg['irods_authuser_name']
auth_pass = cfg['irods_authuser_password']
self.auth_session = lib.mkuser_and_return_session(
'rodsuser', auth_user, auth_pass, lib.get_hostname())
def setUp(self):
hostname = lib.get_hostname()
with lib.make_session_for_existing_admin() as admin_session:
admin_session.assert_icommand("iadmin modresc demoResc name origResc", 'STDOUT_SINGLELINE', 'rename', stdin_string='yes\n')
admin_session.assert_icommand("iadmin mkresc demoResc compound", 'STDOUT_SINGLELINE', 'compound')
admin_session.assert_icommand("iadmin mkresc cacheResc 'unixfilesystem' " + hostname + ":" +
lib.get_irods_top_level_dir() + "/cacheRescVault", 'STDOUT_SINGLELINE', 'unixfilesystem')
admin_session.assert_icommand("iadmin mkresc archiveResc mso " + hostname + ":/fake/vault/", 'STDOUT_SINGLELINE', 'mso')
admin_session.assert_icommand("iadmin addchildtoresc demoResc cacheResc cache")
admin_session.assert_icommand("iadmin addchildtoresc demoResc archiveResc archive")
super(Test_MSOSuite, self).setUp()
def test_local_iput_physicalpath(self):
# local setup
datafilename = "newfile.txt"
with open(datafilename, 'w') as f:
f.write("TESTFILE -- [" + datafilename + "]")
# assertions
fullpath = lib.get_irods_top_level_dir() + "/newphysicalpath.txt"
self.admin.assert_icommand("iput -p " + fullpath + " " + datafilename) # should complete
self.admin.assert_icommand("ils -L " + datafilename, 'STDOUT', datafilename) # should be listed
self.admin.assert_icommand("ils -L " + datafilename, 'STDOUT', fullpath) # should be listed
# local cleanup
output = commands.getstatusoutput('rm ' + datafilename)
def setUp(self):
with lib.make_session_for_existing_admin() as admin_session:
context_prefix = lib.get_hostname() + ':' + lib.get_irods_top_level_dir()
admin_session.assert_icommand('iadmin modresc demoResc name origResc', 'STDOUT', 'rename', stdin_string='yes\n')
admin_session.assert_icommand('iadmin mkresc demoResc load_balanced', 'STDOUT', 'load_balanced')
admin_session.assert_icommand('iadmin mkresc rescA "unixfilesystem" ' + context_prefix + '/rescAVault', 'STDOUT', 'unixfilesystem')
admin_session.assert_icommand('iadmin mkresc rescB "unixfilesystem" ' + context_prefix + '/rescBVault', 'STDOUT', 'unixfilesystem')
admin_session.assert_icommand('iadmin mkresc rescC "unixfilesystem" ' + context_prefix + '/rescCVault', 'STDOUT', 'unixfilesystem')
admin_session.assert_icommand('iadmin addchildtoresc demoResc rescA')
admin_session.assert_icommand('iadmin addchildtoresc demoResc rescB')
admin_session.assert_icommand('iadmin addchildtoresc demoResc rescC')
super(Test_LoadBalanced_Resource, self).setUp()
def test_iphymv_to_resc_hier__2933(self):
self.admin.assert_icommand("iadmin mkresc rrResc roundrobin", 'STDOUT_SINGLELINE', 'roundrobin')
self.admin.assert_icommand("iadmin mkresc unix1Resc 'unixfilesystem' " + configuration.HOSTNAME_1 + ":" +
lib.get_irods_top_level_dir() + "/unix1RescVault", 'STDOUT_SINGLELINE', 'unixfilesystem')
self.admin.assert_icommand("iadmin mkresc unix2Resc 'unixfilesystem' " + configuration.HOSTNAME_2 + ":" +
lib.get_irods_top_level_dir() + "/unix2RescVault", 'STDOUT_SINGLELINE', 'unixfilesystem')
self.admin.assert_icommand("iadmin addchildtoresc rrResc unix1Resc")
self.admin.assert_icommand("iadmin addchildtoresc rrResc unix2Resc")
filepath = os.path.join(self.admin.local_session_dir, 'file')
lib.make_file(filepath, 1)
dest_path = self.admin.session_collection + '/file'
self.admin.assert_icommand('iput -fR rrResc ' + filepath + ' ' + dest_path)
self.admin.assert_icommand('ils -L ' + dest_path, 'STDOUT_SINGLELINE', 'rrResc')
self.admin.assert_icommand('iphymv -S "rrResc;unix1Resc" -R "rrResc;unix2Resc" ' + dest_path)
self.admin.assert_icommand('irm -f ' + dest_path)
self.admin.assert_icommand("iadmin rmchildfromresc rrResc unix2Resc")
self.admin.assert_icommand("iadmin rmchildfromresc rrResc unix1Resc")
self.admin.assert_icommand("iadmin rmresc unix2Resc")
self.admin.assert_icommand("iadmin rmresc unix1Resc")
self.admin.assert_icommand("iadmin rmresc rrResc")
def test_configuration_schema_validation_from_file(self):
schemas_git_dir = tempfile.mkdtemp(
prefix='irods-test_configuration_schema_validation_from_file-git')
with lib.directory_deleter(schemas_git_dir):
schemas_repo = 'https://github.com/irods/irods_schema_configuration'
lib.run_command(['git', 'clone', schemas_repo, schemas_git_dir])
schemas_branch = 'v3'
lib.run_command(['git', 'checkout', schemas_branch],
cwd=schemas_git_dir)
schemas_deploy_dir = tempfile.mkdtemp(
prefix=
'irods-test_configuration_schema_validation_from_file-schemas')
with lib.directory_deleter(schemas_deploy_dir):
lib.assert_command([
'python',
os.path.join(schemas_git_dir, 'deploy_schemas_locally.py'),
'--output_directory_base', schemas_deploy_dir
])
with lib.file_backed_up(
os.path.join(
lib.get_irods_config_dir(),
'server_config.json')) as server_config_filename:
with open(server_config_filename) as f:
server_config = json.load(f)
server_config[
'schema_validation_base_uri'] = 'file://' + schemas_deploy_dir
lib.update_json_file_from_dict(server_config_filename,
server_config)
irodsctl_fullpath = os.path.join(
lib.get_irods_top_level_dir(), 'iRODS', 'irodsctl')
if lib.is_jsonschema_installed():
expected_lines = [
'Validating [/var/lib/irods/.irods/irods_environment.json]... Success',
'Validating [/etc/irods/server_config.json]... Success',
'Validating [/var/lib/irods/VERSION.json]... Success',
'Validating [/etc/irods/hosts_config.json]... Success',
'Validating [/etc/irods/host_access_control_config.json]... Success'
]
if not configuration.TOPOLOGY_FROM_RESOURCE_SERVER:
expected_lines.append(
'Validating [/etc/irods/database_config.json]... Success'
)
lib.assert_command([irodsctl_fullpath, 'restart'],
'STDOUT_MULTILINE', expected_lines)
else:
lib.assert_command([irodsctl_fullpath, 'restart'],
'STDERR_SINGLELINE',
'jsonschema not installed',
desired_rc=0)
def tearDown(self):
super(Test_MSOSuite, self).tearDown()
with lib.make_session_for_existing_admin() as admin_session:
admin_session.assert_icommand(
"iadmin rmchildfromresc demoResc archiveResc")
admin_session.assert_icommand(
"iadmin rmchildfromresc demoResc cacheResc")
admin_session.assert_icommand("iadmin rmresc archiveResc")
admin_session.assert_icommand("iadmin rmresc cacheResc")
admin_session.assert_icommand("iadmin rmresc demoResc")
admin_session.assert_icommand(
"iadmin modresc origResc name demoResc",
'STDOUT_SINGLELINE',
'rename',
stdin_string='yes\n')
shutil.rmtree(lib.get_irods_top_level_dir() + "/cacheRescVault")
def test_authentication_PAM_with_server_params(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 1024') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
'irods_client_server_policy': 'CS_NEG_REQUIRE',
}
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
server_config_filename = lib.get_irods_config_dir() + '/server_config.json'
with lib.file_backed_up(server_config_filename):
server_config_update = {
'pam_password_length': 20,
'pam_no_extend': False,
'pam_password_min_time': 121,
'pam_password_max_time': 1209600,
}
lib.update_json_file_from_dict(server_config_filename, server_config_update)
lib.restart_irods_server()
# the test
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
self.auth_session.assert_icommand("icd")
self.auth_session.assert_icommand("ils -L", 'STDOUT_SINGLELINE', "home")
self.auth_session.environment_file_contents = auth_session_env_backup
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
lib.restart_irods_server()
def test_authentication_PAM_with_server_params(self):
## set up client and server side for ssl handshake
# server side certificate setup
os.system('openssl genrsa -out server.key')
os.system('openssl req -batch -new -x509 -key server.key -out server.crt -days 365')
os.system('mv server.crt chain.pem')
os.system('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
# server side environment variables
os.environ['irodsSSLCertificateChainFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/chain.pem'
os.environ['irodsSSLCertificateKeyFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/server.key'
os.environ['irodsSSLDHParamsFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/dhparams.pem'
# client side environment variables
backup_env_contents = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents['irods_ssl_verify_server'] = 'none'
self.auth_session.environment_file_contents['irods_client_server_policy'] = 'CS_NEG_REQUIRE'
self.auth_session.environment_file_contents['irods_authentication_scheme'] = 'PaM'
# add server_config.json settings
serverConfigFile = lib.get_irods_config_dir() + "/server_config.json"
with open(serverConfigFile) as f:
contents = json.load(f)
os.system("cp %s %sOrig" % (serverConfigFile, serverConfigFile))
contents['pam_password_length'] = 20
contents['pam_no_extend'] = False
contents['pam_password_min_time'] = 121
contents['pam_password_max_time'] = 1209600
with open(serverConfigFile, 'w') as f:
json.dump(contents, f)
# server reboot to pick up new irodsEnv and server settings
lib.restart_irods_server()
# do the reauth
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
# connect and list some files
self.auth_session.assert_icommand("icd")
self.auth_session.assert_icommand("ils -L", 'STDOUT', "home")
# reset client environment to original
self.auth_session.environment_file_contents = backup_env_contents
# clean up
for file in ['server.key', 'chain.pem', 'dhparams.pem']:
os.unlink(file)
# reset server_config.json to original
os.system('mv %sOrig %s' % (serverConfigFile, serverConfigFile))
# server reboot to revert to previous server configuration
os.system(lib.get_irods_top_level_dir() + '/iRODS/irodsctl stop')
os.system(lib.get_irods_top_level_dir() + '/tests/zombiereaper.sh')
os.system(lib.get_irods_top_level_dir() + '/iRODS/irodsctl start')
def test_authentication_PAM_with_server_params(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
'irods_client_server_policy': 'CS_NEG_REQUIRE',
}
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
server_config_filename = lib.get_irods_config_dir() + '/server_config.json'
with lib.file_backed_up(server_config_filename):
server_config_update = {
'pam_password_length': 20,
'pam_no_extend': False,
'pam_password_min_time': 121,
'pam_password_max_time': 1209600,
}
lib.update_json_file_from_dict(server_config_filename, server_config_update)
lib.restart_irods_server()
# the test
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
self.auth_session.assert_icommand("icd")
self.auth_session.assert_icommand("ils -L", 'STDOUT_SINGLELINE', "home")
self.auth_session.environment_file_contents = auth_session_env_backup
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
lib.restart_irods_server()
def setUp(self):
with lib.make_session_for_existing_admin() as admin_session:
context_prefix = lib.get_hostname() + ':' + lib.get_irods_top_level_dir()
admin_session.assert_icommand('iadmin modresc demoResc name origResc', 'STDOUT_SINGLELINE', 'rename', stdin_string='yes\n')
admin_session.assert_icommand('iadmin mkresc demoResc deferred', 'STDOUT_SINGLELINE', 'deferred')
admin_session.assert_icommand('iadmin mkresc defResc1 deferred', 'STDOUT_SINGLELINE', 'deferred')
admin_session.assert_icommand('iadmin mkresc defResc2 deferred', 'STDOUT_SINGLELINE', 'deferred')
admin_session.assert_icommand('iadmin mkresc defResc3 deferred', 'STDOUT_SINGLELINE', 'deferred')
admin_session.assert_icommand('iadmin mkresc defResc4 deferred', 'STDOUT_SINGLELINE', 'deferred')
admin_session.assert_icommand('iadmin mkresc rescA "unixfilesystem" ' + context_prefix + '/rescAVault', 'STDOUT_SINGLELINE', 'unixfilesystem')
admin_session.assert_icommand('iadmin mkresc rescB "unixfilesystem" ' + context_prefix + '/rescBVault', 'STDOUT_SINGLELINE', 'unixfilesystem')
admin_session.assert_icommand('iadmin addchildtoresc defResc3 rescA')
admin_session.assert_icommand('iadmin addchildtoresc defResc4 rescB')
admin_session.assert_icommand('iadmin addchildtoresc demoResc defResc1')
admin_session.assert_icommand('iadmin addchildtoresc demoResc defResc2')
admin_session.assert_icommand('iadmin addchildtoresc defResc1 defResc3')
admin_session.assert_icommand('iadmin addchildtoresc defResc2 defResc4')
super(Test_DeferredToDeferred, self).setUp()
def test_authentication_PAM_without_negotiation(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
}
# now the actual test
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
# server reboot to pick up new irodsEnv settings
lib.restart_irods_server()
# do the reauth
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
# connect and list some files
self.auth_session.assert_icommand('icd')
self.auth_session.assert_icommand('ils -L', 'STDOUT_SINGLELINE', 'home')
# reset client environment to original
self.auth_session.environment_file_contents = auth_session_env_backup
# clean up
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
# server reboot to pick up new irodsEnv and server settings
lib.restart_irods_server()
def test_authentication_PAM_without_negotiation(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 1024') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
}
# now the actual test
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
# server reboot to pick up new irodsEnv settings
lib.restart_irods_server()
# do the reauth
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
# connect and list some files
self.auth_session.assert_icommand('icd')
self.auth_session.assert_icommand('ils -L', 'STDOUT_SINGLELINE', 'home')
# reset client environment to original
self.auth_session.environment_file_contents = auth_session_env_backup
# clean up
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
# server reboot to pick up new irodsEnv and server settings
lib.restart_irods_server()
def setUp(self):
super(Test_MSOSuite, self).setUp()
hostname = lib.get_hostname()
self.admin.assert_icommand("iadmin modresc demoResc name origResc",
'STDOUT_SINGLELINE',
'rename',
stdin_string='yes\n')
self.admin.assert_icommand("iadmin mkresc demoResc compound",
'STDOUT_SINGLELINE', 'compound')
self.admin.assert_icommand(
"iadmin mkresc cacheResc 'unixfilesystem' " + hostname + ":" +
lib.get_irods_top_level_dir() + "/cacheRescVault",
'STDOUT_SINGLELINE', 'unixfilesystem')
self.admin.assert_icommand(
"iadmin mkresc archiveResc mso " + hostname + ":/fake/vault/",
'STDOUT_SINGLELINE', 'mso')
self.admin.assert_icommand(
"iadmin addchildtoresc demoResc cacheResc cache")
self.admin.assert_icommand(
"iadmin addchildtoresc demoResc archiveResc archive")
def test_acSetChkFilePathPerm__3024(self):
test_re = os.path.join(lib.get_core_re_dir(), 'test.re')
server_config_filename = lib.get_irods_config_dir() + '/server_config.json'
# test file for ireg
testfile = os.path.join(lib.get_irods_top_level_dir(), 'VERSION.json')
# get PEP name from function name
pep_name = inspect.stack()[0][3].split('_')[1]
# user session
sesh = self.user0
# query for resource properties
columns = ('RESC_ZONE_NAME, '
'RESC_FREE_SPACE, '
'RESC_STATUS, '
'RESC_ID, '
'RESC_NAME, '
'RESC_TYPE_NAME, '
'RESC_LOC, '
'RESC_CLASS_NAME, '
'RESC_VAULT_PATH, '
'RESC_INFO, '
'RESC_COMMENT, '
'RESC_CREATE_TIME, '
'RESC_MODIFY_TIME')
resource = sesh.default_resource
query = '''iquest "SELECT {columns} WHERE RESC_NAME ='{resource}'"'''.format(**locals())
result = sesh.run_icommand(query)[1]
# last line is iquest default formatting separator
resource_property_list = result.splitlines()[:-1]
with lib.file_backed_up(server_config_filename):
# prepare rule
# rule will write PEP name as well as
# resource related rule session vars to server log
rule_body = 'writeLine("serverLog", "{pep_name}");'.format(**locals())
rule_body += ('writeLine("serverLog", $KVPairs.zoneName);'
'writeLine("serverLog", $KVPairs.freeSpace);'
'writeLine("serverLog", $KVPairs.quotaLimit);'
'writeLine("serverLog", $KVPairs.rescStatus);'
'writeLine("serverLog", $KVPairs.rescId);'
'writeLine("serverLog", $KVPairs.rescName);'
'writeLine("serverLog", $KVPairs.rescType);'
'writeLine("serverLog", $KVPairs.rescLoc);'
'writeLine("serverLog", $KVPairs.rescClass);'
'writeLine("serverLog", $KVPairs.rescVaultPath);'
'writeLine("serverLog", $KVPairs.rescInfo);'
'writeLine("serverLog", $KVPairs.rescComments);'
'writeLine("serverLog", $KVPairs.rescCreate);'
'writeLine("serverLog", $KVPairs.rescModify);')
test_rule = '{pep_name} {{ {rule_body} }}'.format(**locals())
# write new rule file
with open(test_re, 'w') as f:
f.write(test_rule)
# update server config with additional rule file
server_config_update = {
"re_rulebase_set": [{"filename": "test"}, {"filename": "core"}]
}
lib.update_json_file_from_dict(server_config_filename, server_config_update)
# checkpoint log to know where to look for the string
initial_log_size = lib.get_log_size('server')
# ireg test file to trigger PEP
target_obj = os.path.join(sesh.home_collection, os.path.basename(testfile))
sesh.assert_icommand('ireg {testfile} {target_obj}'.format(**locals()), 'STDERR_SINGLELINE', 'PATH_REG_NOT_ALLOWED')
# confirm that PEP was hit by looking for pep name in server log
assert lib.count_occurrences_of_string_in_log('server', pep_name, start_index=initial_log_size)
# check that resource session vars were written to the server log
for line in resource_property_list:
column = line.rsplit('=', 1)[0].strip()
property = line.rsplit('=', 1)[1].strip()
if property:
if column != 'RESC_MODIFY_TIME':
assert lib.count_occurrences_of_string_in_log('server', property, start_index=initial_log_size)
# cleanup
os.unlink(test_re)
def test_re_shm_cleanup(self):
irodsctl_fullpath = os.path.join(lib.get_irods_top_level_dir(), 'iRODS', 'irodsctl')
lib.assert_command([irodsctl_fullpath, 'stop'], 'STDOUT_SINGLELINE', 'Stopping iRODS server')
assert not lib.re_shm_exists(), lib.re_shm_exists()
lib.start_irods_server()
def test_iphymv_root(self):
self.admin.assert_icommand('iadmin mkresc test1 unixfilesystem ' + lib.get_hostname() + ':' + lib.get_irods_top_level_dir() + '/test1',
'STDOUT_SINGLELINE', '')
self.admin.assert_icommand('iadmin mkresc test2 unixfilesystem ' + lib.get_hostname() + ':' + lib.get_irods_top_level_dir() + '/test2',
'STDOUT_SINGLELINE', '')
self.admin.assert_icommand('iphymv -S test1 -R test2 -r /', 'STDERR_SINGLELINE',
'ERROR: phymvUtil: \'/\' does not specify a zone; physical move only makes sense within a zone.')
self.admin.assert_icommand('iadmin rmresc test1')
self.admin.assert_icommand('iadmin rmresc test2')
import sys
import shutil
import os
if sys.version_info >= (2, 7):
import unittest
else:
import unittest2 as unittest
import os
import datetime
import socket
import configuration
import lib
import resource_suite
RODSHOME = lib.get_irods_top_level_dir() + "/iRODS/"
ABSPATHTESTDIR = os.path.abspath(os.path.dirname(sys.argv[0]))
RODSHOME = ABSPATHTESTDIR + "/../../iRODS"
@unittest.skipIf(configuration.TOPOLOGY_FROM_RESOURCE_SERVER,
'Registers files on remote resources')
class Test_Ireg(resource_suite.ResourceBase, unittest.TestCase):
def setUp(self):
super(Test_Ireg, self).setUp()
shutil.copy2(ABSPATHTESTDIR + '/test_ireg.py',
ABSPATHTESTDIR + '/file0')
shutil.copy2(ABSPATHTESTDIR + '/test_ireg.py',
ABSPATHTESTDIR + '/file1')
shutil.copy2(ABSPATHTESTDIR + '/test_ireg.py',
ABSPATHTESTDIR + '/file2')
import sys
import shutil
import os
if sys.version_info >= (2, 7):
import unittest
else:
import unittest2 as unittest
import os
import datetime
import socket
import lib
import resource_suite
RODSHOME = lib.get_irods_top_level_dir() + "/iRODS/"
ABSPATHTESTDIR = os.path.abspath(os.path.dirname(sys.argv[0]))
RODSHOME = ABSPATHTESTDIR + "/../../iRODS"
class Test_ireg_Suite(resource_suite.ResourceBase, unittest.TestCase):
def setUp(self):
super(Test_ireg_Suite, self).setUp()
shutil.copy2(ABSPATHTESTDIR + '/test_ireg_suite.py', ABSPATHTESTDIR + '/file0')
shutil.copy2(ABSPATHTESTDIR + '/test_ireg_suite.py', ABSPATHTESTDIR + '/file1')
shutil.copy2(ABSPATHTESTDIR + '/test_ireg_suite.py', ABSPATHTESTDIR + '/file2')
shutil.copy2(ABSPATHTESTDIR + '/test_ireg_suite.py', ABSPATHTESTDIR + '/file3')
self.admin.assert_icommand('iadmin mkresc r_resc passthru', 'STDOUT', "Creating")
self.admin.assert_icommand('iadmin mkresc m_resc passthru', 'STDOUT', "Creating")
hostname = socket.gethostname()
self.admin.assert_icommand('iadmin mkresc l_resc unixfilesystem ' + hostname + ':/tmp/l_resc', 'STDOUT', "Creating")
def setUp(self):
super(Test_MSOSuite, self).setUp()
hostname = lib.get_hostname()
self.admin.assert_icommand("iadmin modresc demoResc name origResc", 'STDOUT', 'rename', stdin_string='yes\n')
self.admin.assert_icommand("iadmin mkresc demoResc compound", 'STDOUT', 'compound')
self.admin.assert_icommand("iadmin mkresc cacheResc 'unixfilesystem' " + hostname + ":" + lib.get_irods_top_level_dir() + "/cacheRescVault", 'STDOUT', 'unixfilesystem')
self.admin.assert_icommand("iadmin mkresc archiveResc mso " + hostname + ":/fake/vault/", 'STDOUT', 'mso')
self.admin.assert_icommand("iadmin addchildtoresc demoResc cacheResc cache")
self.admin.assert_icommand("iadmin addchildtoresc demoResc archiveResc archive")