def test_create_failed_not_in_correct_state_updatecerts_in_progress(self): # Test creation failed when user tries this phase after the overall # update already passes this phase. create_dict = {'phase': self.phase} # overall update is in updateCerts phase dbutils.create_test_kube_rootca_update( state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_UPDATECERTS) # root CA update phase updateCerts completed on this host dbutils.create_test_kube_rootca_host_update( host_id=self.host.id, state=kubernetes.KUBE_ROOTCA_UPDATED_HOST_UPDATECERTS) # but client make a call to perform update phase trust-both-cas result = self.post_json(self.post_url, create_dict, headers=self.headers, expect_errors=True) self.assertEqual(http_client.BAD_REQUEST, result.status_int) self.assertIn( "kube-rootca-host-update rejected: not allowed when " "cluster update is in state: %s" % kubernetes.KUBE_ROOTCA_UPDATING_HOST_UPDATECERTS, result.json['error_message'])
def test_create_failed_retry(self): # Test creation of kubernetes rootca host update # Allow retry update if update on this host ever failed create_dict = {'phase': self.phase} # overall update in progress with some hosts updated dbutils.create_test_kube_rootca_update( state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS_FAILED) # root CA update on host ever failed dbutils.create_test_kube_rootca_host_update( host_id=self.host.id, state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS_FAILED) result = self.post_json(self.post_url, create_dict, headers=self.headers) # Verify that the rootca host update has the expected attributes self.assertEqual(result.json['state'], kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS) # Verify that the overall rootca update has the expected attributes result = dbutils.get_kube_rootca_update() self.assertEqual(result.state, kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS)
def test_upload_rootca(self): dbutils.create_test_kube_rootca_update( state=kubernetes.KUBE_ROOTCA_UPDATE_STARTED) certfile = os.path.join(os.path.dirname(__file__), "data", 'rootca-with-key.pem') fake_save_rootca_return = {'success': '137813-123', 'error': ''} self.fake_conductor_api.\ setup_config_certificate(fake_save_rootca_return) files = [('file', certfile)] response = self.post_with_files('%s/%s' % ('/kube_rootca_update', 'upload'), {}, upload_files=files, headers={'User-Agent': 'sysinv-test'}, expect_errors=False) self.assertEqual(response.content_type, 'application/json') self.assertEqual(response.status_code, http_client.OK) resp = json.loads(response.body) self.assertTrue(resp.get('success')) self.assertEqual(resp.get('success'), fake_save_rootca_return.get('success')) self.assertFalse(resp.get('error'))
def test_create_rootca_update_exists(self): # Test creation of rootca update when a kubernetes rootca update already exists dbutils.create_test_kube_rootca_update() create_dict = dbutils.post_get_test_kube_rootca_update( state=kubernetes.KUBE_ROOTCA_UPDATE_STARTED) result = self.post_json('/kube_rootca_update', create_dict, headers={'User-Agent': 'sysinv-test'}, expect_errors=True) # Verify the failure self.assertEqual(result.content_type, 'application/json') self.assertEqual(http_client.BAD_REQUEST, result.status_int) self.assertIn("A kubernetes rootca update is already in progress", result.json['error_message'])
def test_create_failed_no_cert_available(self): # Test creation failed since no new cert uploaded or generated create_dict = {'phase': self.phase} dbutils.create_test_kube_rootca_update( state=kubernetes.KUBE_ROOTCA_UPDATE_STARTED) result = self.post_json(self.post_url, create_dict, headers=self.headers, expect_errors=True) self.assertEqual(http_client.BAD_REQUEST, result.status_int) self.assertIn( "kube-rootca-host-update rejected: No new certificate " "available", result.json['error_message'])
def test_create_from_generated_cert(self): # Test creation of kubernetes rootca host update create_dict = {'phase': self.phase} dbutils.create_test_kube_rootca_update( state=kubernetes.KUBE_ROOTCA_UPDATE_CERT_GENERATED) result = self.post_json(self.post_url, create_dict, headers=self.headers) # Verify that the rootca host update has the expected attributes self.assertEqual(result.json['state'], kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS) # Verify that the overall rootca update has the expected attributes result = dbutils.get_kube_rootca_update() self.assertEqual(result.state, kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS)
def test_create_failed_hosts_update_in_progress(self): # Test creation failed since there is update in progess on a host create_dict = {'phase': self.phase} # overall update in progress with some hosts updated dbutils.create_test_kube_rootca_update( state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS) # root CA update on host2 is in progress dbutils.create_test_kube_rootca_host_update( host_id=self.host2.id, state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS) result = self.post_json(self.post_url, create_dict, headers=self.headers, expect_errors=True) self.assertEqual(http_client.BAD_REQUEST, result.status_int) self.assertIn( "kube-rootca-host-update rejected: update in progess " "on host %s" % self.host2.hostname, result.json['error_message'])
def test_create_failed_host_update_completed(self): # Test creation failed since this host already updated create_dict = {'phase': self.phase} # Overall update is in progress dbutils.create_test_kube_rootca_update( state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS) # This host has been updated dbutils.create_test_kube_rootca_host_update( host_id=self.host.id, state=kubernetes.KUBE_ROOTCA_UPDATED_HOST_TRUSTBOTHCAS) result = self.post_json(self.post_url, create_dict, headers=self.headers, expect_errors=True) self.assertEqual(http_client.BAD_REQUEST, result.status_int) self.assertIn( "kube-rootca-host-update rejected: update already " "completed on host %s" % self.host.hostname, result.json['error_message'])