def test_create_failed_not_in_correct_state_updatecerts_in_progress(self):
# Test creation failed when user tries this phase after the overall
# update already passes this phase.
create_dict = {'phase': self.phase}
# overall update is in updateCerts phase
dbutils.create_test_kube_rootca_update(
state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_UPDATECERTS)
# root CA update phase updateCerts completed on this host
dbutils.create_test_kube_rootca_host_update(
host_id=self.host.id,
state=kubernetes.KUBE_ROOTCA_UPDATED_HOST_UPDATECERTS)
# but client make a call to perform update phase trust-both-cas
result = self.post_json(self.post_url,
create_dict,
headers=self.headers,
expect_errors=True)
self.assertEqual(http_client.BAD_REQUEST, result.status_int)
self.assertIn(
"kube-rootca-host-update rejected: not allowed when "
"cluster update is in state: %s" %
kubernetes.KUBE_ROOTCA_UPDATING_HOST_UPDATECERTS,
result.json['error_message'])
def test_create_failed_retry(self):
# Test creation of kubernetes rootca host update
# Allow retry update if update on this host ever failed
create_dict = {'phase': self.phase}
# overall update in progress with some hosts updated
dbutils.create_test_kube_rootca_update(
state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS_FAILED)
# root CA update on host ever failed
dbutils.create_test_kube_rootca_host_update(
host_id=self.host.id,
state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS_FAILED)
result = self.post_json(self.post_url,
create_dict,
headers=self.headers)
# Verify that the rootca host update has the expected attributes
self.assertEqual(result.json['state'],
kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS)
# Verify that the overall rootca update has the expected attributes
result = dbutils.get_kube_rootca_update()
self.assertEqual(result.state,
kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS)
def test_upload_rootca(self):
dbutils.create_test_kube_rootca_update(
state=kubernetes.KUBE_ROOTCA_UPDATE_STARTED)
certfile = os.path.join(os.path.dirname(__file__), "data",
'rootca-with-key.pem')
fake_save_rootca_return = {'success': '137813-123', 'error': ''}
self.fake_conductor_api.\
setup_config_certificate(fake_save_rootca_return)
files = [('file', certfile)]
response = self.post_with_files('%s/%s' %
('/kube_rootca_update', 'upload'), {},
upload_files=files,
headers={'User-Agent': 'sysinv-test'},
expect_errors=False)
self.assertEqual(response.content_type, 'application/json')
self.assertEqual(response.status_code, http_client.OK)
resp = json.loads(response.body)
self.assertTrue(resp.get('success'))
self.assertEqual(resp.get('success'),
fake_save_rootca_return.get('success'))
self.assertFalse(resp.get('error'))
def test_create_rootca_update_exists(self):
# Test creation of rootca update when a kubernetes rootca update already exists
dbutils.create_test_kube_rootca_update()
create_dict = dbutils.post_get_test_kube_rootca_update(
state=kubernetes.KUBE_ROOTCA_UPDATE_STARTED)
result = self.post_json('/kube_rootca_update',
create_dict,
headers={'User-Agent': 'sysinv-test'},
expect_errors=True)
# Verify the failure
self.assertEqual(result.content_type, 'application/json')
self.assertEqual(http_client.BAD_REQUEST, result.status_int)
self.assertIn("A kubernetes rootca update is already in progress",
result.json['error_message'])
def test_create_failed_no_cert_available(self):
# Test creation failed since no new cert uploaded or generated
create_dict = {'phase': self.phase}
dbutils.create_test_kube_rootca_update(
state=kubernetes.KUBE_ROOTCA_UPDATE_STARTED)
result = self.post_json(self.post_url,
create_dict,
headers=self.headers,
expect_errors=True)
self.assertEqual(http_client.BAD_REQUEST, result.status_int)
self.assertIn(
"kube-rootca-host-update rejected: No new certificate "
"available", result.json['error_message'])
def test_create_from_generated_cert(self):
# Test creation of kubernetes rootca host update
create_dict = {'phase': self.phase}
dbutils.create_test_kube_rootca_update(
state=kubernetes.KUBE_ROOTCA_UPDATE_CERT_GENERATED)
result = self.post_json(self.post_url,
create_dict,
headers=self.headers)
# Verify that the rootca host update has the expected attributes
self.assertEqual(result.json['state'],
kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS)
# Verify that the overall rootca update has the expected attributes
result = dbutils.get_kube_rootca_update()
self.assertEqual(result.state,
kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS)
def test_create_failed_hosts_update_in_progress(self):
# Test creation failed since there is update in progess on a host
create_dict = {'phase': self.phase}
# overall update in progress with some hosts updated
dbutils.create_test_kube_rootca_update(
state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS)
# root CA update on host2 is in progress
dbutils.create_test_kube_rootca_host_update(
host_id=self.host2.id,
state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS)
result = self.post_json(self.post_url,
create_dict,
headers=self.headers,
expect_errors=True)
self.assertEqual(http_client.BAD_REQUEST, result.status_int)
self.assertIn(
"kube-rootca-host-update rejected: update in progess "
"on host %s" % self.host2.hostname, result.json['error_message'])
def test_create_failed_host_update_completed(self):
# Test creation failed since this host already updated
create_dict = {'phase': self.phase}
# Overall update is in progress
dbutils.create_test_kube_rootca_update(
state=kubernetes.KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS)
# This host has been updated
dbutils.create_test_kube_rootca_host_update(
host_id=self.host.id,
state=kubernetes.KUBE_ROOTCA_UPDATED_HOST_TRUSTBOTHCAS)
result = self.post_json(self.post_url,
create_dict,
headers=self.headers,
expect_errors=True)
self.assertEqual(http_client.BAD_REQUEST, result.status_int)
self.assertIn(
"kube-rootca-host-update rejected: update already "
"completed on host %s" % self.host.hostname,
result.json['error_message'])
