Exemplo n.º 1
0
def test_standby_neg_cli_management():
    """
    title: Blocking management commands in standby state
    description: |
      Try executing management commands for a cache in standby state
    pass_criteria:
      - The execution is unsuccessful for blocked management commands
      - The execution is successful for allowed management commands
      - A proper error message is displayed for unsuccessful executions
    """
    with TestRun.step("Prepare the device for the cache."):
        device = TestRun.disks["cache"]
        device.create_partitions(
            [Size(500, Unit.MebiByte),
             Size(500, Unit.MebiByte)])
        cache_device = device.partitions[0]
        core_device = device.partitions[1]

    with TestRun.step("Prepare the standby instance"):
        cache_id = 1
        cache = casadm.standby_init(cache_dev=cache_device,
                                    cache_id=cache_id,
                                    cache_line_size=32,
                                    force=True)

        ioclass_config_path = "/tmp/standby_cli_neg_mngt_test_ioclass_config_file.csv"
        TestRun.executor.run(f"rm -rf {ioclass_config_path}")
        random_ioclass_config = IoClass.generate_random_ioclass_list(5)
        IoClass.save_list_to_config_file(
            random_ioclass_config, ioclass_config_path=ioclass_config_path)

        blocked_mngt_commands = [
            cli.get_param_cutoff_cmd(str(cache_id), "1"),
            cli.get_param_cleaning_cmd(str(cache_id)),
            cli.get_param_cleaning_alru_cmd(str(cache_id)),
            cli.get_param_cleaning_acp_cmd(str(cache_id)),
            cli.set_param_cutoff_cmd(str(cache_id), "1", threshold="1"),
            cli.set_param_cutoff_cmd(str(cache_id), policy="never"),
            cli.set_param_cleaning_cmd(str(cache_id), policy="nop"),
            cli.set_param_cleaning_alru_cmd(str(cache_id), wake_up="30"),
            cli.set_param_cleaning_acp_cmd(str(cache_id), wake_up="100"),
            cli.set_param_promotion_cmd(str(cache_id), policy="nhit"),
            cli.set_param_promotion_nhit_cmd(str(cache_id), threshold="5"),
            cli.set_cache_mode_cmd("wb", str(cache_id)),
            cli.add_core_cmd(str(cache_id), core_device.path),
            cli.remove_core_cmd(str(cache_id), "1"),
            cli.remove_inactive_cmd(str(cache_id), "1"),
            cli.reset_counters_cmd(str(cache_id)),
            cli.flush_cache_cmd(str(cache_id)),
            cli.flush_core_cmd(str(cache_id), "1"),
            cli.load_io_classes_cmd(str(cache_id), ioclass_config_path),
            cli.list_io_classes_cmd(str(cache_id), output_format="csv"),
            cli.script_try_add_cmd(str(cache_id), core_device.path, core_id=1),
            cli.script_purge_cache_cmd(str(cache_id)),
            cli.script_purge_core_cmd(str(cache_id), "1"),
            cli.script_detach_core_cmd(str(cache_id), "1"),
            cli.script_remove_core_cmd(str(cache_id), "1"),
        ]

    with TestRun.step(
            "Try to execute forbidden management commands in standby mode"):
        for cmd in blocked_mngt_commands:

            TestRun.LOGGER.info(f"Verify {cmd}")
            output = TestRun.executor.run_expect_fail(cmd)
            if not check_stderr_msg(output, operation_forbiden_in_standby):
                TestRun.LOGGER.error(
                    f'Expected the following error message "{operation_forbiden_in_standby[0]}" '
                    f'Got "{output.stderr}" instead.')

    with TestRun.step("Stop the standby instance"):
        TestRun.executor.run(f"rm -rf {ioclass_config_path}")
        cache.stop()
Exemplo n.º 2
0
def test_user_cli():
    """
        title: Test that OpenCAS does not allow to change parameters in CLI by non-root user.
        description: |
          Checking if changing parameters in CLI by non-root user is forbidden by OpenCAS,
          but is permitted with 'sudo' command.
        pass_criteria:
          - Non-root user can only print help and CAS version.
          - Sudoer user is allowed to change OpenCAS parameters in CLI with sudo.
    """
    with TestRun.step("Prepare cache and core devices."):
        cache_dev = TestRun.disks['cache']
        cache_dev.create_partitions([Size(256, Unit.MebiByte)])
        cache_dev = cache_dev.partitions[0]
        core_dev = TestRun.disks['core']
        core_dev.create_partitions([Size(1, Unit.GibiByte), Size(256, Unit.MebiByte)])
        core_part1 = core_dev.partitions[0]
        core_part2 = core_dev.partitions[1]

    with TestRun.step("Start cache."):
        cache = casadm.start_cache(cache_dev, force=True)

    with TestRun.step("Add core to cache and mount it."):
        core_part1.create_filesystem(Filesystem.ext3)
        core = cache.add_core(core_part1)
        core.mount(mount_point)

    with TestRun.step(f"Copy casadm bin from {system_casadm_bin_path} "
                      f"to {user_casadm_bin_dest_path}."):
        casadm_bin = fs_utils.parse_ls_output(fs_utils.ls_item(f"{system_casadm_bin_path}"))[0]
        casadm_bin_copy = casadm_bin.copy(user_casadm_bin_dest_path, True)
        casadm_bin_copy.chmod_numerical(777)

    with TestRun.step("Copy IO class config."):
        io_conf = fs_utils.parse_ls_output(fs_utils.ls_item(f"{ioclass_config_path}"))[0]
        io_conf_copy = io_conf.copy(ioclass_config_copy_path, force=True)

    with TestRun.step("Unmount core."):
        core.unmount()

    with TestRun.step("Stop cache."):
        casadm.stop_all_caches()

    with TestRun.step("Add non-root user account."):
        TestRun.executor.run(f"useradd -N -r -l {user_name}")
        user_home_dir = fs_utils.parse_ls_output(fs_utils.ls_item(f"/home/{user_name}"))[0]
        user_home_dir.chmod_numerical(777, True)

    with TestRun.step("Try to start cache."):
        try:
            output = run_as_other_user(cli.start_cmd(cache_dev.path), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Starting cache should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot start cache.")

    with TestRun.step("Start cache again."):
        casadm.load_cache(cache_dev)

    with TestRun.step("Try to stop cache."):
        try:
            output = run_as_other_user(cli.stop_cmd(str(cache.cache_id)), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Stopping cache should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot stop cache.")

    with TestRun.step("Try to set cache mode."):
        try:
            output = run_as_other_user(cli.set_cache_mode_cmd(CacheMode.WB,
                                                              str(cache.cache_id)), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Setting cache mode should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot set cache mode.")

    with TestRun.step("Try to add core to cache."):
        try:
            output = run_as_other_user(cli.add_core_cmd(str(cache.cache_id),
                                                        core_part2.path), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Adding core to cache should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot add core.")

    with TestRun.step("Try to remove core from cache."):
        try:
            output = run_as_other_user(cli.remove_core_cmd(str(cache.cache_id),
                                                           str(core.core_id)), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Removing core from cache should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot remove core.")

    with TestRun.step("Try to zero metadata."):
        try:
            output = run_as_other_user(cli.zero_metadata_cmd(str(cache_dev)), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Zeroing metadata should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot zero metadata.")

    with TestRun.step("Try to list caches."):
        try:
            output = run_as_other_user(cli.list_cmd(), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Listing caches should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot list caches.")

    with TestRun.step("Try to print stats."):
        try:
            output = run_as_other_user(cli.print_statistics_cmd(str(cache.cache_id)), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Printing stats should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot print statistics.")

    with TestRun.step("Try to reset stats."):
        try:
            output = run_as_other_user(cli.reset_counters_cmd(str(cache.cache_id)), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Resetting stats should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot reset statistics.")

    with TestRun.step("Try to flush cache."):
        try:
            output = run_as_other_user(cli.flush_cache_cmd(str(cache.cache_id)), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Flushing cache should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot flush cache.")

    with TestRun.step("Try to flush core."):
        try:
            output = run_as_other_user(cli.flush_core_cmd(str(cache.cache_id),
                                                          str(core.core_id)), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Flushing core should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot flush core.")

    with TestRun.step("Try to set cleaning policy and its parameters."):
        try:
            output = run_as_other_user(cli.set_param_cleaning_cmd(
                str(cache.cache_id), "nop"), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Setting cleaning policy should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot set cleaning policy as nop.")
        try:
            output = run_as_other_user(cli.set_param_cleaning_cmd(
                str(cache.cache_id), "alru"), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Setting cleaning policy should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot set cleaning policy as alru.")
        try:
            output = run_as_other_user(cli.set_param_cleaning_alru_cmd(str(cache.cache_id),
                                                                       "15",
                                                                       "60",
                                                                       "1000",
                                                                       "8000"), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Setting cleaning policy parameters should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot set alru cleaning policy parameters.")
        try:
            output = run_as_other_user(cli.set_param_cleaning_cmd(
                str(cache.cache_id), "acp"), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Setting cleaning policy should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot set cleaning policy as acp.")
        try:
            output = run_as_other_user(cli.set_param_cleaning_acp_cmd(str(cache.cache_id),
                                                                      "15",
                                                                      "1000"), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Setting cleaning policy parameters should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot set acp cleaning policy parameters.")

    with TestRun.step("Try to list IO class configuration."):
        try:
            output = run_as_other_user(cli.list_io_classes_cmd(
                str(cache.cache_id), OutputFormat.table.name), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Listing IO class configuration should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot list IO class configuration.")

    with TestRun.step("Try to load IO class configuration."):
        try:
            output = run_as_other_user(cli.load_io_classes_cmd(
                str(cache.cache_id), io_conf_copy), user_name)
            if output.exit_code == 0:
                TestRun.LOGGER.error("Loading IO class configuration should fail!")
        except CmdException:
            TestRun.LOGGER.info("Non-root user cannot load IO class configuration.")

    with TestRun.step("Try to print help for casadm."):
        try:
            run_as_other_user(cli.help_cmd(), user_name)
        except CmdException:
            TestRun.LOGGER.error("Non-root user should be able to print help for casadm.")

    with TestRun.step("Try to print version of OpenCAS."):
        try:
            run_as_other_user(cli.version_cmd(), user_name)
        except CmdException:
            TestRun.LOGGER.error("Non-root user should be able to print version of OpenCAS.")

    with TestRun.step("Add non-root user account to sudoers group."):
        TestRun.executor.run(f'echo "{user_name} ALL = (root) NOPASSWD:ALL" '
                             f'| sudo tee /etc/sudoers.d/{user_name}')

    with TestRun.step("Try to stop cache with 'sudo'."):
        try:
            run_as_other_user(cli.stop_cmd(str(cache.cache_id)), user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to stop cache.")

    with TestRun.step("Try to start cache with 'sudo'."):
        try:
            run_as_other_user(cli.start_cmd(cache_dev.path, force=True), user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to start cache.")

    with TestRun.step("Try to set cache mode with 'sudo'."):
        try:
            run_as_other_user(
                cli.set_cache_mode_cmd(str(CacheMode.WB.name).lower(), str(cache.cache_id)),
                user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to set cache mode.")

    with TestRun.step("Try to add core to cache with 'sudo'."):
        try:
            run_as_other_user(cli.add_core_cmd(str(cache.cache_id),
                                               core_part1.path), user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to add core to cache.")

    with TestRun.step("Try to list caches with 'sudo'."):
        try:
            run_as_other_user(cli.list_cmd(), user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to list caches.")

    with TestRun.step("Try to print stats with 'sudo'."):
        try:
            run_as_other_user(cli.print_statistics_cmd(str(cache.cache_id)), user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to print stats.")

    with TestRun.step("Try to reset stats with 'sudo'."):
        try:
            run_as_other_user(cli.reset_counters_cmd(str(cache.cache_id)), user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to reset stats.")

    with TestRun.step("Try to flush cache with 'sudo'."):
        try:
            run_as_other_user(cli.flush_cache_cmd(str(cache.cache_id)), user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to flush cache.")

    with TestRun.step("Try to flush core with 'sudo'."):
        try:
            run_as_other_user(cli.flush_core_cmd(str(cache.cache_id),
                                                 str(core.core_id)), user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to flush core.")

    with TestRun.step("Try to set cleaning policy and its parameters with 'sudo'."):
        try:
            run_as_other_user(cli.set_param_cleaning_cmd(str(cache.cache_id), "nop"),
                              user_name, True)
            run_as_other_user(cli.set_param_cleaning_cmd(str(cache.cache_id), "alru"),
                              user_name, True)
            try:
                run_as_other_user(cli.set_param_cleaning_alru_cmd(str(cache.cache_id),
                                                                  "15",
                                                                  "60",
                                                                  "1000",
                                                                  "8000"), user_name, True)
            except CmdException:
                TestRun.LOGGER.error("Non-root sudoer user should be able to "
                                     "set alru cleaning policy parameters.")
            run_as_other_user(cli.set_param_cleaning_cmd(str(cache.cache_id), "acp"),
                              user_name, True)
            try:
                run_as_other_user(cli.set_param_cleaning_acp_cmd(str(cache.cache_id),
                                                                 "15",
                                                                 "1000"), user_name, True)
            except CmdException:
                TestRun.LOGGER.error("Non-root sudoer user should be able to "
                                     "set acp cleaning policy parameters.")
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to "
                                 "set cleaning policy and its parameters.")

    with TestRun.step("Try to list IO class with 'sudo'."):
        try:
            run_as_other_user(cli.list_io_classes_cmd(str(cache.cache_id), OutputFormat.table.name),
                              user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to list IO class.")

    with TestRun.step("Try to load IO class configuration with 'sudo'."):
        try:
            run_as_other_user(cli.load_io_classes_cmd(str(cache.cache_id), io_conf_copy),
                              user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to "
                                 "load IO class configuration.")

    with TestRun.step("Try to remove core from cache with 'sudo'."):
        try:
            run_as_other_user(cli.remove_core_cmd(str(cache.cache_id), str(core.core_id)),
                              user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to remove core from cache.")

    with TestRun.step("Try to zero metadata with 'sudo'."):
        try:
            run_as_other_user(cli.zero_metadata_cmd(str(cache_dev)),
                              user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to zero metadata.")

    with TestRun.step("Try to print help for casadm with 'sudo'."):
        try:
            run_as_other_user(cli.help_cmd(), user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to print help for casadm.")

    with TestRun.step("Try to print version of OpenCAS with 'sudo'."):
        try:
            run_as_other_user(cli.version_cmd(), user_name, True)
        except CmdException:
            TestRun.LOGGER.error("Non-root sudoer user should be able to print version of OpenCAS.")

    with TestRun.step("Stop caches."):
        casadm.stop_all_caches()

    with TestRun.step("Remove user account."):
        TestRun.executor.run(f"userdel -r -Z {user_name}")