def generate_security_service_data(self):
data = {
"name": data_utils.rand_name("ss-name"),
"description": data_utils.rand_name("ss-desc"),
"dns_ip": utils.rand_ip(),
"server": utils.rand_ip(),
"domain": data_utils.rand_name("ss-domain"),
"user": data_utils.rand_name("ss-user"),
"password": data_utils.rand_name("ss-password"),
}
return data
def generate_security_service_data(self):
data = {
"name": data_utils.rand_name("ss-name"),
"description": data_utils.rand_name("ss-desc"),
"dns_ip": utils.rand_ip(),
"server": utils.rand_ip(),
"domain": data_utils.rand_name("ss-domain"),
"user": data_utils.rand_name("ss-user"),
"password": data_utils.rand_name("ss-password"),
}
return data
def generate_security_service_data(self, set_ou=False):
data = {
"name": data_utils.rand_name("ss-name"),
"description": data_utils.rand_name("ss-desc"),
"dns_ip": utils.rand_ip(),
"server": utils.rand_ip(),
"domain": data_utils.rand_name("ss-domain"),
"user": data_utils.rand_name("ss-user"),
"password": data_utils.rand_name("ss-password"),
}
if set_ou:
data["ou"] = data_utils.rand_name("ss-ou")
return data
def test_create_delete_access_rules_with_one_ip(self, version, ip_version):
if ip_version == 4:
access_to = utils.rand_ip()
else:
access_to = utils.rand_ipv6_ip()
if utils.is_microversion_le(version, '2.9'):
client = self.shares_client
else:
client = self.shares_v2_client
# create rule
rule = self.allow_access(self.share["id"],
client=client,
access_type=self.access_type,
access_to=access_to,
version=version)
self.assertEqual('rw', rule['access_level'])
for key in ('deleted', 'deleted_at', 'instance_mappings'):
self.assertNotIn(key, rule.keys())
# rules must start out in 'new' until 2.28 & 'queued_to_apply' after
if utils.is_microversion_le(version, "2.27"):
self.assertEqual("new", rule['state'])
else:
self.assertEqual("queued_to_apply", rule['state'])
def _get_access_rule_data_from_config(self):
"""Get the first available access type/to combination from config.
This method opportunistically picks the first configured protocol
to create the share. Do not use this method in tests where you need
to test depth and breadth in the access types and access recipients.
"""
protocol = self.shares_v2_client.share_protocol
if protocol in CONF.share.enable_ip_rules_for_protocols:
access_type = "ip"
access_to = utils.rand_ip()
elif protocol in CONF.share.enable_user_rules_for_protocols:
access_type = "user"
access_to = CONF.share.username_for_user_rules
elif protocol in CONF.share.enable_cert_rules_for_protocols:
access_type = "cert"
access_to = "client3.com"
elif protocol in CONF.share.enable_cephx_rules_for_protocols:
access_type = "cephx"
access_to = "eve"
else:
message = "Unrecognized protocol and access rules configuration."
raise self.skipException(message)
return access_type, access_to
def _get_access_rule_data_from_config(self):
"""Get the first available access type/to combination from config.
This method opportunistically picks the first configured protocol
to create the share. Do not use this method in tests where you need
to test depth and breadth in the access types and access recipients.
"""
protocol = self.shares_v2_client.share_protocol
if protocol in CONF.share.enable_ip_rules_for_protocols:
access_type = "ip"
access_to = utils.rand_ip()
elif protocol in CONF.share.enable_user_rules_for_protocols:
access_type = "user"
access_to = CONF.share.username_for_user_rules
elif protocol in CONF.share.enable_cert_rules_for_protocols:
access_type = "cert"
access_to = "client3.com"
elif protocol in CONF.share.enable_cephx_rules_for_protocols:
access_type = "cephx"
access_to = "eve"
else:
message = "Unrecognized protocol and access rules configuration."
raise self.skipException(message)
return access_type, access_to
def test_create_delete_access_rules_with_one_ip(self, version, ip_version):
if ip_version == 4:
access_to = utils.rand_ip()
else:
access_to = utils.rand_ipv6_ip()
# create rule
if utils.is_microversion_eq(version, '1.0'):
rule = self.shares_client.create_access_rule(
self.share["id"], self.access_type, access_to)['access']
else:
rule = self.shares_v2_client.create_access_rule(
self.share["id"], self.access_type, access_to,
version=version)['access']
self.assertEqual('rw', rule['access_level'])
for key in ('deleted', 'deleted_at', 'instance_mappings'):
self.assertNotIn(key, rule.keys())
# rules must start out in 'new' until 2.28 & 'queued_to_apply' after
if utils.is_microversion_le(version, "2.27"):
self.assertEqual("new", rule['state'])
else:
self.assertEqual("queued_to_apply", rule['state'])
if utils.is_microversion_eq(version, '1.0'):
waiters.wait_for_resource_status(self.shares_client,
self.share["id"],
"active",
resource_name='access_rule',
rule_id=rule["id"])
elif utils.is_microversion_eq(version, '2.9'):
waiters.wait_for_resource_status(self.shares_v2_client,
self.share["id"],
"active",
resource_name='access_rule',
rule_id=rule["id"])
else:
waiters.wait_for_resource_status(self.shares_v2_client,
self.share["id"],
"active",
status_attr='access_rules_status',
version=version)
# delete rule and wait for deletion
if utils.is_microversion_eq(version, '1.0'):
self.shares_client.delete_access_rule(self.share["id"], rule["id"])
self.shares_client.wait_for_resource_deletion(
rule_id=rule["id"], share_id=self.share['id'])
else:
self.shares_v2_client.delete_access_rule(self.share["id"],
rule["id"],
version=version)
self.shares_v2_client.wait_for_resource_deletion(
rule_id=rule["id"], share_id=self.share['id'], version=version)
def resource_setup(cls):
super(MigrationShareServerBase, cls).resource_setup()
cls.all_hosts = cls.shares_v2_client.list_pools(detail=True)
cls.backends = set()
for pool in cls.all_hosts['pools']:
if pool['capabilities'].get('driver_handles_share_servers'):
cls.backends.add(pool['name'].split('#')[0])
if len(cls.backends) < 2:
msg = ("Could not find the necessary backends. At least two"
" are needed to run the tests of share server migration")
raise cls.skipException(msg)
# create share type (generic)
extra_specs = {}
if CONF.share.capability_snapshot_support:
extra_specs.update({'snapshot_support': True})
cls.share_type = cls.create_share_type(extra_specs=extra_specs)
# create two non routable IPs to be used in NFS access rulesi
cls.access_rules_ip_rw = utils.rand_ip()
cls.access_rules_ip_ro = utils.rand_ip()
def _verify_config_and_set_access_rule_data(self):
"""Verify the access rule configuration is enabled for NFS.
Set the data after verification.
"""
protocol = self.shares_v2_client.share_protocol
# TODO(Yogi1): Add access rules for other protocols.
if not ((protocol.lower() == 'nfs') and
(protocol in CONF.share.enable_ip_rules_for_protocols) and
CONF.share.enable_ip_rules_for_protocols):
message = "IP access rules are not supported for this protocol."
raise self.skipException(message)
access_type = "ip"
access_to = utils.rand_ip()
return access_type, access_to
def _verify_config_and_set_access_rule_data(self):
"""Verify the access rule configuration is enabled for NFS.
Set the data after verification.
"""
protocol = self.shares_v2_client.share_protocol
# TODO(Yogi1): Add access rules for other protocols.
if not ((protocol.lower() == 'nfs') and
(protocol in CONF.share.enable_ip_rules_for_protocols)
and CONF.share.enable_ip_rules_for_protocols):
message = "IP access rules are not supported for this protocol."
raise self.skipException(message)
access_type = "ip"
access_to = utils.rand_ip()
return access_type, access_to
def test_create_delete_access_rule_with_cidr(self, version, ip_version):
if ip_version == 4:
access_to = utils.rand_ip(network=True)
else:
access_to = utils.rand_ipv6_ip(network=True)
if utils.is_microversion_le(version, '2.9'):
client = self.shares_client
else:
client = self.shares_v2_client
# create rule
rule = self.allow_access(self.share["id"],
client=client,
access_type=self.access_type,
access_to=access_to,
version=version)
for key in ('deleted', 'deleted_at', 'instance_mappings'):
self.assertNotIn(key, rule.keys())
self.assertEqual('rw', rule['access_level'])
def resource_setup(cls):
super(AccessesMetadataNegativeTest, cls).resource_setup()
if not (any(p in CONF.share.enable_ip_rules_for_protocols
for p in cls.protocols)
or any(p in CONF.share.enable_user_rules_for_protocols
for p in cls.protocols)
or any(p in CONF.share.enable_cert_rules_for_protocols
for p in cls.protocols)
or any(p in CONF.share.enable_cephx_rules_for_protocols
for p in cls.protocols)):
cls.message = "Rule tests are disabled"
raise cls.skipException(cls.message)
if CONF.share.enable_ip_rules_for_protocols:
cls.protocol = CONF.share.enable_ip_rules_for_protocols[0]
cls.access_type = "ip"
cls.access_to = utils.rand_ip()
elif CONF.share.enable_user_rules_for_protocols:
cls.protocol = CONF.share.enable_user_rules_for_protocols[0]
cls.access_type = "user"
cls.access_to = CONF.share.username_for_user_rules
elif CONF.share.enable_cert_rules_for_protocols:
cls.protocol = CONF.share.enable_cert_rules_for_protocols[0]
cls.access_type = "cert"
cls.access_to = "client3.com"
elif CONF.share.enable_cephx_rules_for_protocols:
cls.protocol = CONF.share.enable_cephx_rules_for_protocols[0]
cls.access_type = "cephx"
cls.access_to = "eve"
cls.shares_v2_client.share_protocol = cls.protocol
# create share type
cls.share_type = cls._create_share_type()
cls.share_type_id = cls.share_type['id']
# create share
cls.share = cls.create_share(share_type_id=cls.share_type_id)
cls.access = cls.shares_v2_client.create_access_rule(
cls.share["id"],
cls.access_type,
cls.access_to,
'rw',
metadata={u"key1": u"value1"})
def resource_setup(cls):
super(ReplicationTest, cls).resource_setup()
# Create share_type
name = data_utils.rand_name(constants.TEMPEST_MANILA_PREFIX)
cls.admin_client = cls.admin_shares_v2_client
cls.replication_type = CONF.share.backend_replication_type
if cls.replication_type not in constants.REPLICATION_TYPE_CHOICES:
raise share_exceptions.ShareReplicationTypeException(
replication_type=cls.replication_type)
cls.zones = cls.get_availability_zones(client=cls.admin_client)
cls.share_zone = cls.zones[0]
cls.replica_zone = cls.zones[-1]
cls.extra_specs = cls.add_required_extra_specs_to_dict(
{"replication_type": cls.replication_type})
share_type = cls.create_share_type(name,
extra_specs=cls.extra_specs,
client=cls.admin_client)
cls.share_type = share_type["share_type"]
# Create share with above share_type
cls.creation_data = {
'kwargs': {
'share_type_id': cls.share_type['id'],
'availability_zone': cls.share_zone,
}
}
# Data for creating shares in parallel
data = [cls.creation_data, cls.creation_data]
cls.shares = cls.create_shares(data)
cls.shares = [
cls.shares_v2_client.get_share(s['id']) for s in cls.shares
]
cls.instance_id1 = cls._get_instance(cls.shares[0])
cls.instance_id2 = cls._get_instance(cls.shares[1])
cls.access_type = "ip"
cls.access_to = utils.rand_ip()
def resource_setup(cls):
super(ReplicationTest, cls).resource_setup()
# Create share_type
name = data_utils.rand_name(constants.TEMPEST_MANILA_PREFIX)
cls.admin_client = clients.AdminManager().shares_v2_client
cls.replication_type = CONF.share.backend_replication_type
if cls.replication_type not in constants.REPLICATION_TYPE_CHOICES:
raise share_exceptions.ShareReplicationTypeException(
replication_type=cls.replication_type
)
cls.zones = cls.get_availability_zones(client=cls.admin_client)
cls.share_zone = cls.zones[0]
cls.replica_zone = cls.zones[-1]
cls.extra_specs = cls.add_required_extra_specs_to_dict(
{"replication_type": cls.replication_type})
share_type = cls.create_share_type(
name,
extra_specs=cls.extra_specs,
client=cls.admin_client)
cls.share_type = share_type["share_type"]
# Create share with above share_type
cls.creation_data = {'kwargs': {
'share_type_id': cls.share_type['id'],
'availability_zone': cls.share_zone,
}}
# Data for creating shares in parallel
data = [cls.creation_data, cls.creation_data]
cls.shares = cls.create_shares(data)
cls.shares = [cls.shares_v2_client.get_share(s['id']) for s in
cls.shares]
cls.instance_id1 = cls._get_instance(cls.shares[0])
cls.instance_id2 = cls._get_instance(cls.shares[1])
cls.access_type = "ip"
cls.access_to = utils.rand_ip()
