def test_check_authorization_high_cardinality_metrics(self): """ Check high cardinality prometheus metrics endpoint is accessible only by cluster.admin.internal.stats!read Check with cluster admin role - it should fail, and then try it with Full admin - it should pass """ rbac_util = RbacUtils(self.cluster.master) self.log.info("Create a user with role cluster admin") rbac_util._create_user_and_grant_role("cluster_admin", "cluster_admin") for server in self.cluster.servers[:self.nodes_init]: server_services = self.get_services_from_node(server) stats_helper_object = StatsHelper(server) for component in server_services: try: stats_helper_object.username = "******" _ = stats_helper_object.get_prometheus_metrics_high( component=component, parse=False) self.fail( "Metrics was accessible without necessary permissions on {0} for component {1}" .format(server.ip, component)) except Exception as e: self.log.info( "Accessing metrics with cluster admin failed as expected {0}" .format(e)) self.log.info("trying again with Administrator privilages") stats_helper_object.username = "******" content = stats_helper_object.get_prometheus_metrics_high( component=component, parse=False) StatsHelper(server)._validate_metrics(content)
def test_check_authorization_low_cardinality_metrics(self): """ Check low cardinality prometheus metrics endpoint is accessible only by cluster.admin.internal.stats!read Check with cluster admin role - it should fail, and then try it with Full admin - it should pass """ rbac_util = RbacUtils(self.cluster.master) self.log.info("Create a user with role cluster admin") rbac_util._create_user_and_grant_role("cluster_admin", "cluster_admin") for server in self.cluster.servers[:self.nodes_init]: stats_helper_object = StatsHelper(server) try: stats_helper_object.username = "******" _ = stats_helper_object.get_prometheus_metrics() self.fail( "Metrics was accessible without necessary permissions") except Exception as e: self.log.info( "Accessing metrics with cluster admin failed as expected {0}" .format(e)) self.log.info("trying again with Administrator privilages") stats_helper_object.username = "******" map = stats_helper_object.get_prometheus_metrics() number_of_metrics = len(map) self.log.info( "Got metrics with user Full admin. Number of metrics: {0}". format(number_of_metrics))