def test_002_policyd_bad_yaml(self):
"""Test bad yaml file in the zip file is handled."""
bad = self.bad
bad_zip_path = self._make_zip_file_from('bad.zip', bad)
logging.info("Attaching bad zip file as a resource")
zaza_model.attach_resource(self.application_name,
'policyd-override',
bad_zip_path)
zaza_model.block_until_all_units_idle()
logging.debug("Now setting config to true")
self._set_config(True)
# ensure that the workload status info line starts with PO (broken):
# to show that it didn't work
logging.info(
"Checking for workload status line starts with PO (broken):")
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO (broken):")
logging.debug("App status is valid for broken yaml file")
zaza_model.block_until_all_units_idle()
# now verify that no file got landed on the machine
if self.path_infix:
path = os.path.join(
"/etc", self._service_name, "policy.d", self.path_infix,
'file2.yaml')
else:
path = os.path.join(
"/etc", self._service_name, "policy.d", 'file2.yaml')
logging.info("Now checking that file {} is not present.".format(path))
zaza_model.block_until_file_missing(self.application_name, path)
self._set_config(False)
zaza_model.block_until_all_units_idle()
logging.info("OK")
def _set_policy_with(self, rules, filename='rules.zip'):
rules_zip_path = self._make_zip_file_from(filename, rules)
zaza_model.attach_resource(self.application_name, 'policyd-override',
rules_zip_path)
self._set_config(True)
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO:", negate_match=False)
def test_001_policyd_good_yaml(self):
"""Test that the policyd with a good zipped yaml file."""
good = self.good
good_zip_path = self._make_zip_file_from('good.zip', good)
logging.info("Attaching good zip file as a resource.")
zaza_model.attach_resource(self.application_name,
'policyd-override',
good_zip_path)
zaza_model.block_until_all_units_idle()
logging.debug("Now setting config to true")
self._set_config(True)
# check that the file gets to the right location
if self.path_infix:
path = os.path.join(
"/etc", self._service_name, "policy.d", self.path_infix,
'file1.yaml')
else:
path = os.path.join(
"/etc", self._service_name, "policy.d", 'file1.yaml')
logging.info("Now checking for file contents: {}".format(path))
zaza_model.block_until_file_has_contents(self.application_name,
path,
"rule1: '!'")
# ensure that the workload status info line starts with PO:
logging.info("Checking for workload status line starts with PO:")
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO:")
logging.debug("App status is valid")
# disable the policy override
logging.info("Disabling policy override by setting config to false")
self._set_config(False)
# check that the status no longer has "PO:" on it.
# we have to do it twice due to async races and that some info lines
# erase the PO: bit prior to actuall getting back to idle. The double
# check verifies that the charms have started, the idle waits until it
# is finished, and then the final check really makes sure they got
# switched off.
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO:", negate_match=True)
zaza_model.block_until_all_units_idle()
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO:", negate_match=True)
# verify that the file no longer exists
logging.info("Checking that {} has been removed".format(path))
zaza_model.block_until_file_missing(self.application_name, path)
logging.info("OK")
def test_003_test_overide_is_observed(self):
"""Test that the override is observed by the underlying service."""
if self._test_name is None:
logging.info("Doing policyd override for {}"
.format(self._service_name))
else:
logging.info(self._test_name)
# note policyd override only works with Xenial-queens and so keystone
# is already v3
# Allow the overriden class to setup the environment before the policyd
# test is performed.
self.setup_for_attempt_operation(self.keystone_ips[0])
# verify that the operation works before performing the policyd
# override.
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO:", negate_match=True)
zaza_model.block_until_all_units_idle()
logging.info("First verify that operation works prior to override")
try:
self.get_client_and_attempt_operation(self.keystone_ips[0])
except Exception as e:
self.cleanup_for_attempt_operation(self.keystone_ips[0])
raise zaza_exceptions.PolicydError(
'Service action failed and should have passed. "{}"'
.format(str(e)))
# now do the policyd override.
logging.info("Doing policyd override with: {}".format(self._rule))
self._set_policy_with(self._rule)
zaza_model.block_until_all_units_idle()
# now make sure the operation fails
logging.info("Now verify that operation doesn't work with override")
try:
self.get_client_and_attempt_operation(self.keystone_ips[0])
raise zaza_exceptions.PolicydError(
"Service action passed and should have failed.")
except PolicydOperationFailedException:
pass
except zaza_exceptions.PolicydError as e:
logging.info("{}".format(str(e)))
raise
except Exception as e:
logging.info("exception was: {}".format(e.__class__.__name__))
import traceback
logging.info(traceback.format_exc())
self.cleanup_for_attempt_operation(self.keystone_ips[0])
raise zaza_exceptions.PolicydError(
'Service action failed in an unexpected way: {}'
.format(str(e)))
# clean out the policy and wait
self._set_config(False)
# check that the status no longer has "PO:" on it.
# we have to do it twice due to async races and that some info lines
# erase the PO: bit prior to actuall getting back to idle. The double
# check verifies that the charms have started, the idle waits until it
# is finished, and then the final check really makes sure they got
# switched off.
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO:", negate_match=True)
zaza_model.block_until_all_units_idle()
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO:", negate_match=True)
# Finally make sure it works again!
logging.info("Finally verify that operation works after removing the "
"override.")
try:
self.get_client_and_attempt_operation(self.keystone_ips[0])
except Exception as e:
raise zaza_exceptions.PolicydError(
'Service action failed and should have passed after removing '
'policy override: "{}"'
.format(str(e)))
finally:
self.cleanup_for_attempt_operation(self.keystone_ips[0])
