def test_get_singlevalue(topo, entry_dn):
"""Check that we can get an attribute value under different suffixes"""
dse_ldif = DSEldif(topo.standalone)
log.info("Get 'cn' attr from {}".format(entry_dn))
attr_values = dse_ldif.get(entry_dn, "cn")
assert attr_values == ["config"]
log.info("Get 'nonexistent' attr from {}".format(entry_dn))
attr_values = dse_ldif.get(entry_dn, "nonexistent")
assert not attr_values
def get_ldapurl_from_serverid(instance):
""" Take an instance name, and get the host/port/protocol from dse.ldif
and return a LDAP URL to use in the CLI tools (dsconf)
:param instance: The server ID of a server instance
:return tuple of LDAPURL and certificate directory (for LDAPS)
"""
try:
dse_ldif = DSEldif(None, instance)
except:
return (None, None)
port = dse_ldif.get("cn=config", "nsslapd-port", single=True)
secureport = dse_ldif.get("cn=config", "nsslapd-secureport", single=True)
host = dse_ldif.get("cn=config", "nsslapd-localhost", single=True)
sec = dse_ldif.get("cn=config", "nsslapd-security", single=True)
ldapi_listen = dse_ldif.get("cn=config", "nsslapd-ldapilisten", single=True)
ldapi_autobind = dse_ldif.get("cn=config", "nsslapd-ldapiautobind", single=True)
ldapi_socket = dse_ldif.get("cn=config", "nsslapd-ldapifilepath", single=True)
certdir = dse_ldif.get("cn=config", "nsslapd-certdir", single=True)
if ldapi_listen is not None and ldapi_listen.lower() == "on" and \
ldapi_autobind is not None and ldapi_autobind.lower() == "on" and \
ldapi_socket is not None:
# Use LDAPI
socket = ldapi_socket.replace("/", "%2f") # Escape the path
return ("ldapi://" + socket, None)
elif sec is not None and sec.lower() == "on" and secureport is not None:
# Use LDAPS
return ("ldaps://{}:{}".format(host, secureport), certdir)
else:
# Use LDAP
return ("ldap://{}:{}".format(host, port), None)
def test_add(topo, fake_attr_value):
"""Check that we can add an attribute to a given suffix"""
dse_ldif = DSEldif(topo.standalone)
fake_attr = "fakeAttr"
log.info("Add {} to {}".format(fake_attr, DN_CONFIG))
dse_ldif.add(DN_CONFIG, fake_attr, fake_attr_value)
attr_values = dse_ldif.get(DN_CONFIG, fake_attr)
assert attr_values == [fake_attr_value]
log.info("Clean up")
dse_ldif.delete(DN_CONFIG, fake_attr)
assert not dse_ldif.get(DN_CONFIG, fake_attr)
def test_replace(topo):
"""Check that we can replace an attribute to a given suffix"""
dse_ldif = DSEldif(topo.standalone)
port_attr = "nsslapd-port"
port_value = "390"
log.info("Get default value of {}".format(port_attr))
default_value = dse_ldif.get(DN_CONFIG, port_attr)[0]
log.info("Replace {} with {}".format(port_attr, port_value))
dse_ldif.replace(DN_CONFIG, port_attr, port_value)
attr_values = dse_ldif.get(DN_CONFIG, port_attr)
assert attr_values == [port_value]
log.info("Restore default value")
dse_ldif.replace(DN_CONFIG, port_attr, default_value)
def test_cl_encryption_setup_process(topo):
"""Take an already working replication deployment, and setup changelog
encryption
:id: 1a1b7d29-69f5-4f0e-91c4-e7f66140ff17
:setup: Master Instance, Consumer Instance
:steps:
1. Enable TLS for the server
2. Export changelog
3. Enable changelog encryption
4. Import changelog
5. Verify replication is still working
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
"""
supplier = topo.ms['master1']
consumer = topo.cs['consumer1']
# Enable TLS
log.info('Enable TLS ...')
supplier.enable_tls()
consumer.enable_tls()
# Export changelog
log.info('Export changelog ...')
replicas = Replicas(supplier)
replica = replicas.get(DEFAULT_SUFFIX)
replica.begin_task_cl2ldif()
replica.task_finished()
# Enable changelog encryption
log.info('Enable changelog encryption ...')
dse_ldif = DSEldif(supplier)
supplier.stop()
if ds_supports_new_changelog():
changelog = 'cn=changelog,{}'.format(DN_USERROOT_LDBM)
else:
changelog = DN_CHANGELOG
dse_ldif.replace(changelog, 'nsslapd-encryptionalgorithm', 'AES')
if dse_ldif.get(changelog, 'nsSymmetricKey'):
dse_ldif.delete(changelog, 'nsSymmetricKey')
supplier.start()
# Import changelog
log.info('Import changelog ...')
replica.begin_task_ldif2cl()
replica.task_finished()
# Verify replication is still working
log.info('Test replication is still working ...')
assert replica.test_replication([consumer])
def test_get_multivalue(topo):
"""Check that we can get attribute values"""
dse_ldif = DSEldif(topo.standalone)
log.info("Get objectClass from {}".format(DN_CONFIG))
attr_values = dse_ldif.get(DN_CONFIG, "objectClass")
assert len(attr_values) == 3
assert "top" in attr_values
assert "extensibleObject" in attr_values
assert "nsslapdConfig" in attr_values
def _enable_changelog_encryption(inst, encrypt_algorithm):
"""Configure changelog encryption for master"""
dse_ldif = DSEldif(inst)
log.info('Configuring changelog encryption:{} for: {}'.format(
inst.serverid, encrypt_algorithm))
inst.stop()
dse_ldif.replace(DN_CHANGELOG, 'nsslapd-encryptionalgorithm',
encrypt_algorithm)
if dse_ldif.get(DN_CHANGELOG, 'nsSymmetricKey'):
dse_ldif.delete(DN_CHANGELOG, 'nsSymmetricKey')
inst.start()
def test_delete_singlevalue(topo):
"""Check that we can delete an attribute from a given suffix"""
dse_ldif = DSEldif(topo.standalone)
fake_attr = "fakeAttr"
fake_attr_values = ["fake1", "fake2", "fake3"]
log.info("Add multivalued {} to {}".format(fake_attr, DN_CONFIG))
for value in fake_attr_values:
dse_ldif.add(DN_CONFIG, fake_attr, value)
log.info("Delete {}".format(fake_attr_values[0]))
dse_ldif.delete(DN_CONFIG, fake_attr, fake_attr_values[0])
attr_values = dse_ldif.get(DN_CONFIG, fake_attr)
assert len(attr_values) == 2
assert fake_attr_values[0] not in attr_values
assert fake_attr_values[1] in attr_values
assert fake_attr_values[2] in attr_values
log.info("Clean up")
dse_ldif.delete(DN_CONFIG, fake_attr)
assert not dse_ldif.get(DN_CONFIG, fake_attr)
def test_delete_multivalue(topo):
"""Check that we can delete attributes from a given suffix"""
dse_ldif = DSEldif(topo.standalone)
fake_attr = "fakeAttr"
fake_attr_values = ["fake1", "fake2", "fake3"]
log.info("Add multivalued {} to {}".format(fake_attr, DN_CONFIG))
for value in fake_attr_values:
dse_ldif.add(DN_CONFIG, fake_attr, value)
log.info("Delete all values of {}".format(fake_attr))
dse_ldif.delete(DN_CONFIG, fake_attr)
assert not dse_ldif.get(DN_CONFIG, fake_attr)
def _enable_changelog_encryption(inst, encrypt_algorithm):
"""Configure changelog encryption for supplier"""
dse_ldif = DSEldif(inst)
log.info('Configuring changelog encryption:{} for: {}'.format(inst.serverid, encrypt_algorithm))
inst.stop()
if ds_supports_new_changelog():
changelog = 'cn=changelog,{}'.format(DN_USERROOT_LDBM)
else:
changelog = DN_CHANGELOG
dse_ldif.replace(changelog, 'nsslapd-encryptionalgorithm', encrypt_algorithm)
if dse_ldif.get(changelog, 'nsSymmetricKey'):
dse_ldif.delete(changelog, 'nsSymmetricKey')
inst.start()
