def disable_n2n_encryption_cli_on_nodes(self, nodes):
self.set_n2n_encryption_level_on_nodes(nodes=nodes, level="control")
self.log.info("Disabling n2n encryption on nodes {0}".format(nodes))
for node in nodes:
shell_conn = RemoteMachineShellConnection(node)
cb_cli = CbCli(shell_conn, no_ssl_verify=True)
o = cb_cli.disable_n2n_encryption()
self.log.info(o)
shell_conn.disconnect()
def test_security_config_changed_event(self):
_ = self.rest.update_autofailover_settings(False, 120)
shell_conn = RemoteMachineShellConnection(self.cluster.master)
cb_cli = CbCli(shell_conn)
o = cb_cli.enable_n2n_encryption()
self.log.info(o)
shell_conn.disconnect()
self.rest.set_encryption_level(level="control")
settings = {"tlsMinVersion": "tlsv1.1", "clusterEncryptionLevel": "all"}
self.rest.set_security_settings(settings)
old_settings = {"ssl_minimum_protocol": "tlsv1.2", "cluster_encryption_level": "control"}
new_settings = {"ssl_minimum_protocol": "tlsv1.1", "cluster_encryption_level": "all"}
# Get the last event
event = self.get_event_from_cluster()
user_event = SecurityEvents.security_config_changed(self.cluster.master.ip,
old_settings, new_settings)
# Test NON Extra Attributes fields & NON generic fields
for param, value in user_event.items():
if param == Event.Fields.EXTRA_ATTRS:
continue
if event[param] != value:
self.fail("Value mismatch for '%s'. Expected %s != %s Actual"
% (param, value, event[param]))
# Test generic fields
self.generic_fields_check(event)
# Test Extra Attributes fields
for param in ["old_settings", "new_settings"]:
expected_settings = user_event[Event.Fields.EXTRA_ATTRS][param]
actual_settings = event[Event.Fields.EXTRA_ATTRS][param]
for i_param in ["ssl_minimum_protocol", "cluster_encryption_level"]:
act_val = actual_settings[i_param]
exp_val = expected_settings[i_param]
if act_val != exp_val:
self.fail("Mismatch in %s. Expected %s != %s Actual"
% (param, exp_val, act_val))
def set_n2n_encryption_level_on_nodes(self, nodes, level="control"):
self.log.info("Enabling n2n encryption and setting level to "
"{0} on nodes {1}".format(level, nodes))
for node in nodes:
shell_conn = RemoteMachineShellConnection(node)
cb_cli = CbCli(shell_conn, no_ssl_verify=True)
cb_cli.enable_n2n_encryption()
cb_cli.set_n2n_encryption_level(level=level)
shell_conn.disconnect()
def setUp(self):
self.input = TestInputSingleton.input
self.input.test_params.update({"default_bucket": False})
self.backup_service_test = self.input.param("backup_service_test", False)
if self.backup_service_test:
self.backup_service = BackupServiceTest(self.input.servers)
super(volume, self).setUp()
self.bucket_util._expiry_pager(self.cluster, val=5)
self.rest = RestConnection(self.servers[0])
self.available_servers = self.cluster.servers[self.nodes_init:]
self.exclude_nodes = [self.cluster.master]
self.skip_check_logs = False
self.iterations = self.input.param("iterations", 2)
self.vbucket_check = self.input.param("vbucket_check", True)
self.retry_get_process_num = self.input.param("retry_get_process_num", 400)
self.data_load_spec = self.input.param("data_load_spec", "volume_test_load_for_volume_test")
self.perform_quorum_failover = self.input.param("perform_quorum_failover", True)
self.rebalance_moves_per_node = self.input.param("rebalance_moves_per_node", 4)
self.cluster_util.set_rebalance_moves_per_nodes(
self.cluster.master,
rebalanceMovesPerNode=self.rebalance_moves_per_node)
self.scrape_interval = self.input.param("scrape_interval", None)
if self.scrape_interval:
self.log.info("Changing scrape interval and scrape_timeout to {0}".format(self.scrape_interval))
StatsHelper(self.cluster.master).change_scrape_timeout(self.scrape_interval)
StatsHelper(self.cluster.master).change_scrape_interval(self.scrape_interval)
# Change high cardinality services' scrape_interval
value = "[{S, [{high_cardinality_enabled, true}, {high_cardinality_scrape_interval, %s}]} " \
"|| S <- [index, fts, kv, cbas, eventing]]" % self.scrape_interval
StatsHelper(self.cluster.master).configure_stats_settings_from_diag_eval("services", value)
self.enable_n2n_encryption = self.input.param("enable_n2n_encryption", False)
if self.enable_n2n_encryption:
shell_conn = RemoteMachineShellConnection(self.cluster.master)
cb_cli = CbCli(shell_conn)
cb_cli.enable_n2n_encryption()
cb_cli.set_n2n_encryption_level(level="all")
shell_conn.disconnect()
self.doc_and_collection_ttl = self.input.param("doc_and_collection_ttl", False) # For using doc_ttl + coll_ttl
self.skip_validations = self.input.param("skip_validations", True)
# Services to be added on rebalance-in nodes during the volume test
self.services_for_rebalance_in = self.input.param("services_for_rebalance_in", None)
self.index_and_query_setup()
self.fts_setup()
self.query_thread_flag = False
self.query_thread = None
self.ui_stats_thread_flag = False
self.ui_stats_thread = None
# Setup the backup service
if self.backup_service_test:
self.backup_service.setup()
def get_encryption_level_on_node(node):
shell_conn = RemoteMachineShellConnection(node)
cb_cli = CbCli(shell_conn, no_ssl_verify=True)
level = cb_cli.get_n2n_encryption_level()
shell_conn.disconnect()
return level