def setUp(self): self.log = logger.Logger.get_logger() self.master = TestInputSingleton.input.servers[0] ClusterOperationHelper.cleanup_cluster([self.master]) BucketOperationHelper.delete_all_buckets_or_assert([self.master], self) self._bucket_name = 'default' serverInfo = self.master rest = RestConnection(serverInfo) info = rest.get_nodes_self() self._bucket_port = info.moxi rest.init_cluster(username=serverInfo.rest_username, password=serverInfo.rest_password) rest.init_cluster_memoryQuota(memoryQuota=info.mcdMemoryReserved) bucket_ram = info.memoryQuota * 2 / 3 # Add built-in user testuser = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******' }] RbacBase().create_user_source(testuser, 'builtin', self.master) # Assign user to role role_list = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin' }] RbacBase().add_user_role(role_list, RestConnection(self.master), 'builtin') rest.create_bucket(bucket=self._bucket_name, ramQuotaMB=bucket_ram, proxyPort=info.memcached) msg = 'create_bucket succeeded but bucket "default" does not exist' if (testconstants.TESTRUNNER_CLIENT in os.environ.keys() ) and os.environ[ testconstants.TESTRUNNER_CLIENT] == testconstants.PYTHON_SDK: self.client = SDKSmartClient( serverInfo, self._bucket_name, compression=TestInputSingleton.input.param( "sdk_compression", True)) else: self.client = MemcachedClientHelper.direct_client( serverInfo, self._bucket_name) self.assertTrue(BucketOperationHelper.wait_for_bucket_creation( self._bucket_name, rest), msg=msg) ready = BucketOperationHelper.wait_for_memcached( serverInfo, self._bucket_name) self.assertTrue(ready, "wait_for_memcached failed") self._log_start()
def setUp_bucket(self, unittest): self.log = logger.Logger.get_logger() self.input = TestInputSingleton.input unittest.assertTrue(self.input, msg="input parameters missing...") self.test = unittest self.master = self.input.servers[0] rest = RestConnection(self.master) rest.init_cluster(username=self.master.rest_username, password=self.master.rest_password) rest.init_cluster_memoryQuota(memoryQuota=rest.get_nodes_self().mcdMemoryReserved) ClusterOperationHelper.cleanup_cluster([self.master]) BucketOperationHelper.delete_all_buckets_or_assert([self.master], self.test) serverInfo = self.master rest = RestConnection(serverInfo) info = rest.get_nodes_self() rest.init_cluster(username=serverInfo.rest_username, password=serverInfo.rest_password) rest.init_cluster_memoryQuota(memoryQuota=info.memoryQuota) # Add built-in user testuser = [{'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******'}] RbacBase().create_user_source(testuser, 'builtin', self.master) # Assign user to role role_list = [{'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin'}] RbacBase().add_user_role(role_list, RestConnection(self.master), 'builtin')
def common_setup(input, testcase): log.info("============== common_setup was started for test #{0} {1}==============" \ .format(testcase.case_number, testcase._testMethodName)) servers = input.servers RemoteUtilHelper.common_basic_setup(servers) BucketOperationHelper.delete_all_buckets_or_assert(servers, testcase) ClusterOperationHelper.cleanup_cluster(servers) ClusterOperationHelper.wait_for_ns_servers_or_assert(servers, testcase) # Add built-in user testuser = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******' }] RbacBase().create_user_source(testuser, 'builtin', servers[0]) # Assign user to role role_list = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin' }] RbacBase().add_user_role(role_list, RestConnection(servers[0]), 'builtin') log.info("============== common_setup was finished for test #{0} {1} ==============" \ .format(testcase.case_number, testcase._testMethodName))
def add_built_in_server_user(self, testuser=None, rolelist=None, node=None): """ From spock, couchbase server is built with some users that handles some specific task such as: cbadminbucket Default added user is cbadminbucket with admin role """ rest = RestConnection(self.master) versions = rest.get_nodes_versions() for version in versions: if "5" > version: self.log.info("Atleast one of the nodes in the cluster is " "pre 5.0 version. Hence not creating rbac user " "for the cluster. RBAC is a 5.0 feature.") return if testuser is None: testuser = [{'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******'}] if rolelist is None: rolelist = [{'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin'}] if node is None: node = self.master self.log.info("**** add built-in '%s' user to node %s ****" % (testuser[0]["name"], node.ip)) RbacBase().create_user_source(testuser, 'builtin', node) self.log.info("**** add '%s' role to '%s' user ****" % (rolelist[0]["roles"], testuser[0]["name"])) status = RbacBase().add_user_role(rolelist, RestConnection(node), 'builtin') return status
def test_eventing_with_read_only_user(self): # create a read only admin user user = [{ 'id': 'ro_admin', 'password': '******', 'name': 'Read Only Admin' }] RbacBase().create_user_source(user, 'builtin', self.master) user_role_list = [{ 'id': 'ro_admin', 'name': 'Read Only Admin', 'roles': 'ro_admin' }] RbacBase().add_user_role(user_role_list, self.rest, 'builtin') body = self.create_save_function_body(self.function_name, self.handler_code) body['settings']['rbacpass'] = '******' body['settings']['rbacrole'] = 'ro_admin' body['settings']['rbacuser'] = '******' try: # deploy the function with ro_admin user self.deploy_function(body) except Exception as ex: if "did not successfully bootstrap" not in str(ex): self.fail( "Function deploy succeeded even when function was using read only credentials" )
def __xdcr_setup_create(self): testuser = [{'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******'}] rolelist = [{'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin'}] RbacBase().create_user_source(testuser, 'builtin', self.master) RbacBase().add_user_role(rolelist, RestConnection(self.master), 'builtin') # xdcr_hostname=the number of server in ini file to add to master as replication xdcr_cluster_name = self.input.param("xdcr-cluster-name", None) xdcr_hostname = self.input.param("xdcr-hostname", None) xdcr_username = self.input.param("xdcr-username", None) xdcr_password = self.input.param("xdcr-password", None) demand_encyrption = self.input.param("demand-encryption", 0) xdcr_cert = self.input.param("xdcr-certificate", None) wrong_cert = self.input.param("wrong-certificate", None) cli_command = "xdcr-setup" options = "--create" options += (" --xdcr-cluster-name=\'{0}\'".format(xdcr_cluster_name), "")[xdcr_cluster_name is None] print ("Value of xdcr_home is {0}".format(xdcr_hostname)) if xdcr_hostname is not None: RbacBase().create_user_source(testuser, 'builtin', self.servers[xdcr_hostname]) RbacBase().add_user_role(rolelist, RestConnection(self.servers[xdcr_hostname]), 'builtin') options += " --xdcr-hostname={0}".format(self.servers[xdcr_hostname].ip) options += (" --xdcr-username={0}".format(xdcr_username), "")[xdcr_username is None] options += (" --xdcr-password={0}".format(xdcr_password), "")[xdcr_password is None] options += (" --xdcr-demand-encryption={0}".format(demand_encyrption)) cluster_host = self.servers[xdcr_hostname].ip output, _ = self.__execute_cli(cli_command="ssl-manage", options="--retrieve-cert={0}".format(xdcr_cert), cluster_host=cluster_host, user='******', password='******') options += (" --xdcr-certificate={0}".format(xdcr_cert), "")[xdcr_cert is None] #self.assertNotEqual(output[0].find("SUCCESS"), -1, "ssl-manage CLI failed to retrieve certificate") output, error = self.__execute_cli(cli_command=cli_command, options=options) return output, error, xdcr_cluster_name, xdcr_hostname, cli_command, options
def setUp(self): self.log = logger.Logger.get_logger() self.input = TestInputSingleton.input self.assertTrue(self.input, msg="input parameters missing...") self.master = self.input.servers[0] self.bucket = "default" self.number_of_items = -1 # Add built-in user testuser = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******' }] RbacBase().create_user_source(testuser, 'builtin', self.master) time.sleep(10) # Assign user to role role_list = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin' }] RbacBase().add_user_role(role_list, RestConnection(self.master), 'builtin') time.sleep(10) self._create_default_bucket() self.drained_in_seconds = -1 self.drained = False self.reader_shutdown = False self._log_start()
def setUp(self): self.log = logger.Logger.get_logger() self.input = TestInput.TestInputSingleton.input self.assertTrue(self.input, msg="input parameters missing...") self.servers = self.input.servers BucketOperationHelper.delete_all_buckets_or_assert(self.servers, test_case=self) # Add built-in user testuser = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******' }] RbacBase().create_user_source(testuser, 'builtin', self.servers[0]) # Assign user to role role_list = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin' }] RbacBase().add_user_role(role_list, RestConnection(self.servers[0]), 'builtin') self._log_start()
def test_max_buckets(self): log = logger.Logger.get_logger() serverInfo = self.servers[0] log.info('picking server : {0} as the master'.format(serverInfo)) rest = RestConnection(serverInfo) proxyPort = rest.get_nodes_self().moxi info = rest.get_nodes_self() rest.init_cluster(username=serverInfo.rest_username, password=serverInfo.rest_password) rest.init_cluster_memoryQuota(memoryQuota=info.mcdMemoryReserved) bucket_num = rest.get_internalSettings("maxBucketCount") bucket_ram = 100 testuser = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******' }] rolelist = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin' }] RbacBase().create_user_source(testuser, 'builtin', self.master) RbacBase().add_user_role(rolelist, RestConnection(self.master), 'builtin') for i in range(bucket_num): bucket_name = 'max_buckets-{0}'.format(uuid.uuid4()) rest.create_bucket(bucket=bucket_name, ramQuotaMB=bucket_ram, authType='sasl', proxyPort=proxyPort) ready = BucketOperationHelper.wait_for_memcached( serverInfo, bucket_name) self.assertTrue(ready, "wait_for_memcached failed") buckets = rest.get_buckets() if len(buckets) != bucket_num: msg = 'tried to create {0} buckets, only created {1}'.format( bucket_count, len(buckets)) self.fail(msg) try: rest.create_bucket(bucket=bucket_name, ramQuotaMB=bucket_ram, authType='sasl', proxyPort=proxyPort) msg = 'bucket creation did not fail even though system was overcommited' self.fail(msg) except BucketCreationException as ex: self.log.info( 'BucketCreationException was thrown as expected when we try to create {0} buckets' .format(bucket_num + 1)) buckets = rest.get_buckets() if len(buckets) != bucket_num: msg = 'tried to create {0} buckets, only created {1}'.format( bucket_num + 1, len(buckets)) self.fail(msg)
def _create_user_and_grant_role(self, username, role, source='builtin', password="******"): user = [{'id': username, 'password': password, 'name': 'Some Name'}] _ = RbacBase().create_user_source(user, source, self.master) user_role_list = [{'id': username, 'name': 'Some Name', 'roles': role}] _ = RbacBase().add_user_role(user_role_list, self.rest, source)
def test_max_buckets(self): log = logger.Logger.get_logger() serverInfo = self.servers[0] log.info('picking server : {0} as the master'.format(serverInfo)) rest = RestConnection(serverInfo) info = rest.get_nodes_self() rest.init_cluster(username=serverInfo.rest_username, password=serverInfo.rest_password) bucket_num = rest.get_internalSettings("maxBucketCount") log.info("max # buckets allow in cluster: {0}".format(bucket_num)) bucket_ram = 100 cluster_ram = info.memoryQuota max_buckets = cluster_ram / bucket_ram log.info("RAM setting for this cluster: {0}".format(cluster_ram)) testuser = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******' }] rolelist = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin' }] RbacBase().create_user_source(testuser, 'builtin', self.master) RbacBase().add_user_role(rolelist, RestConnection(self.master), 'builtin') for i in range(max_buckets): bucket_name = 'max_buckets-{0}'.format(uuid.uuid4()) rest.create_bucket(bucket=bucket_name, ramQuotaMB=bucket_ram) ready = BucketOperationHelper.wait_for_memcached( serverInfo, bucket_name) log.info("kv RAM left in cluster: {0}".format(cluster_ram - 100)) cluster_ram -= bucket_ram self.assertTrue(ready, "wait_for_memcached failed") buckets = rest.get_buckets() if len(buckets) != max_buckets: msg = 'tried to create {0} buckets, only created {1}'\ .format(bucket_count, len(buckets)) self.fail(msg) try: rest.create_bucket(bucket=bucket_name, ramQuotaMB=bucket_ram) msg = 'bucket creation did not fail even though system was overcommited' self.fail(msg) except BucketCreationException as ex: log.info( '\n******\nBucketCreationException was thrown as expected when\ we try to create {0} buckets'.format(max_buckets + 1)) buckets = rest.get_buckets() if len(buckets) != max_buckets: msg = 'tried to create {0} buckets, only created {1}'\ .format(max_buckets + 1, len(buckets)) self.fail(msg)
def setUp(self): super(QueryFreeLimits, self).setUp() self.log.info( "============== QueryFreeLimits setup has started ==============") self.shell = RemoteMachineShellConnection(self.master) self.info = self.shell.extract_remote_info() if self.info.type.lower() == 'windows': self.curl_path = f"{self.path}curl" else: self.curl_path = "curl" self.rest = RestConnection(self.master) self.query_service_url = f"'http://{self.master.ip}:{self.n1ql_port}/query/service'" self.api_port = self.input.param("api_port", 8094) self.run_cbq_query('delete from system:prepareds') self.enforce_limits = self.input.param("enforce_limits", True) self.expected_error = self.input.param("expected_error", False) self.crash = self.input.param("crash", True) # Create the users necessary for the RBAC tests in curl self.log.info("============== Creating Users ==============") self.delete_user("limited1") self.delete_user("limited2") testuser = [{ 'id': 'limited1', 'name': 'limited1', 'password': '******' }, { 'id': 'limited2', 'name': 'limited2', 'password': '******' }] RbacBase().create_user_source(testuser, 'builtin', self.master) full_permissions = 'bucket_full_access[*]:query_select[*]:query_update[*]:' \ 'query_insert[*]:query_delete[*]:query_manage_index[*]:' \ 'query_system_catalog:query_external_access:query_execute_global_external_functions' # Assign user to role role_list = [{ 'id': 'limited1', 'name': 'limited1', 'roles': f'{full_permissions}', 'password': '******' }, { 'id': 'limited2', 'name': 'limited2', 'roles': f'{full_permissions}', 'password': '******' }] RbacBase().add_user_role(role_list, self.rest, 'builtin') self.cbqpath_user1 = f'{self.path}cbq -e {self.master.ip}:{self.n1ql_port} -q -u "limited1" -p {self.rest.password}' self.cbqpath_user2 = f'{self.path}cbq -e {self.master.ip}:{self.n1ql_port} -q -u "limited2" -p {self.rest.password}' self.log.info("============== Users Created ==============") self.log.info( "============== QueryFreeLimits setup has completed ==============" ) self.log_config_info() self.query_buckets = self.get_query_buckets(check_all_buckets=True) self.query_bucket = self.query_buckets[0]
def create_user(self, node): self.log.info("inside create_user") testuser = [{'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******'}] rolelist = [{'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin'}] self.log.info("before create_user_source") RbacBase().create_user_source(testuser, 'builtin', node) self.log.info("before add_user_role") RbacBase().add_user_role(rolelist, RestConnection(node), 'builtin')
def setUp(self): super(RbacTestMemcached, self).setUp() rest = RestConnection(self.master) self.auth_type = self.input.param('auth_type', 'builtin') self.user_id = self.input.param("user_id", None) self.user_role = self.input.param("user_role", None) self.bucket_name = self.input.param("bucket_name", None) rest.create_bucket(bucket=self.bucket_name, ramQuotaMB=100, lww=True) self.role_map = self.input.param("role_map", None) self.incorrect_bucket = self.input.param("incorrect_bucket", False) self.new_role = self.input.param("new_role", None) self.new_role_map = self.input.param("new_role_map", None) self.no_bucket_access = self.input.param("no_bucket_access", False) self.no_access_bucket_name = self.input.param("no_access_bucket_name", "noaccess") self.all_buckets = self.input.param("all_buckets", None) self.ldap_users = rbacmain().returnUserList(self.user_id) if self.no_bucket_access: rest.create_bucket(bucket=self.no_access_bucket_name, ramQuotaMB=100, lww=True) if self.auth_type == 'ldap': rbacmain(self.master, 'builtin')._delete_user('cbadminbucket') if self.auth_type == 'ldap': rbacmain().setup_auth_mechanism(self.servers, 'ldap', rest) for user in self.ldap_users: testuser = [{ 'id': user[0], 'name': user[0], 'password': user[1] }] RbacBase().create_user_source(testuser, 'ldap', self.master) self.sleep(10) elif self.auth_type == "pam": rbacmain().setup_auth_mechanism(self.servers, 'pam', rest) rbacmain().add_remove_local_user(self.servers, self.ldap_users, 'deluser') rbacmain().add_remove_local_user(self.servers, self.ldap_users, 'adduser') elif self.auth_type == "builtin": for user in self.ldap_users: testuser = [{ 'id': user[0], 'name': user[0], 'password': user[1] }] RbacBase().create_user_source(testuser, 'builtin', self.master) self.sleep(10)
def setUp(self): super(rbacTest, self).setUp() rest = RestConnection(self.master) self.auth_type = self.input.param('auth_type', 'ldap') self.user_id = self.input.param("user_id", None) self.user_role = self.input.param("user_role", None) self.bucket_name = self.input.param("bucket_name", 'default') self.role_map = self.input.param("role_map", None) self.incorrect_bucket = self.input.param("incorrect_bucket", False) self.new_role = self.input.param("new_role", None) self.new_role_map = self.input.param("new_role_map", None) self.no_bucket_access = self.input.param("no_bucket_access", False) self.no_access_bucket_name = self.input.param("no_access_bucket_name", None) self.ldap_users = rbacmain().returnUserList(self.user_id) if self.auth_type == 'ldap' or self.auth_type == 'pam': rbacmain(self.master, 'builtin')._delete_user('cbadminbucket') rbacmain(self.master, self.auth_type)._delete_user_from_roles(self.master) if self.auth_type == 'ldap': rbacmain().setup_auth_mechanism(self.servers, 'ldap', rest) self._removeLdapUserRemote(self.ldap_users) self._createLDAPUser(self.ldap_users) elif self.auth_type == "pam": rbacmain().setup_auth_mechanism(self.servers, 'pam', rest) rbacmain().add_remove_local_user(self.servers, self.ldap_users, 'deluser') rbacmain().add_remove_local_user(self.servers, self.ldap_users, 'adduser') elif self.auth_type == "builtin": for user in self.ldap_users: testuser = [{'id': user[0], 'name': user[0], 'password': user[1]}] RbacBase().create_user_source(testuser, 'builtin', self.master) self.sleep(10) self.ldap_server = ServerInfo(self.ldapHost, self.ldapPort, 'root', 'couchbase') self.ipAddress = self.getLocalIPAddress()
def change_role_pre_upg_data(self): change_role_pre_upg_user = [ {'id': 'bucket_admin_01', 'name': 'bucket_admin_01', 'password': '******'}, \ {'id': 'bucket_admin_02', 'name': 'bucket_admin_02', 'password': '******'}, \ {'id': 'bucket_admin_03', 'name': 'bucket_admin_03', 'password': '******'}, \ {'id': 'bucket_admin_04', 'name': 'bucket_admin_04', 'password': '******'}, \ {'id': 'bucket_admin_05', 'name': 'bucket_admin_05', 'password': '******'}] change_role_pre_upgrade_data = [ {'id': 'bucket_admin_01', 'name': 'bucket_admin_01', 'roles': 'data_reader[afterupgrade01]', 'action_list': 'data_reader', 'bucket': 'afterupgrade01'}, \ {'id': 'bucket_admin_02', 'name': 'bucket_admin_02', 'roles': 'data_writer[afterupgrade01]', 'action_list': 'data_writer', 'bucket': 'afterupgrade01'}, \ {'id': 'bucket_admin_03', 'name': 'bucket_admin_03', 'roles': 'data_dcp_reader[afterupgrade01]', 'action_list': 'data_dcp_reader', 'bucket': 'afterupgrade01'}, \ {'id': 'bucket_admin_04', 'name': 'bucket_admin_04', 'roles': 'data_monitoring[afterupgrade01]', 'action_list': 'data_monitoring', 'bucket': 'afterupgrade01'}, \ {'id': 'bucket_admin_05', 'name': 'bucket_admin_05', 'roles': 'data_backup[afterupgrade01]', 'action_list': 'data_backup', 'bucket': 'afterupgrade01'}] RbacBase().add_user_role(change_role_pre_upgrade_data, RestConnection(self.master), 'ldap') return change_role_pre_upg_user, change_role_pre_upgrade_data
def tearDown(self): BucketOperationHelper.delete_all_buckets_or_assert([self.master], self) rest = RestConnection(self.master) # Remove rbac user in teardown role_del = ['cbadminbucket'] temp = RbacBase().remove_user_role(role_del, rest) self._log_finish()
def tearDown(self): BucketOperationHelper.delete_all_buckets_or_assert( servers=[self.master], test_case=self) # Remove rbac user in teardown role_del = ['cbadminbucket'] RbacBase().remove_user_role(role_del, RestConnection(self.master)) self._log_finish()
def setUp(self): self.log = logger.Logger.get_logger() self.master = TestInputSingleton.input.servers[0] ClusterOperationHelper.cleanup_cluster([self.master]) BucketOperationHelper.delete_all_buckets_or_assert([self.master], self) self._bucket_name = 'default' serverInfo = self.master rest = RestConnection(serverInfo) info = rest.get_nodes_self() self._bucket_port = info.moxi rest.init_cluster(username=serverInfo.rest_username, password=serverInfo.rest_password) rest.init_cluster_memoryQuota(memoryQuota=info.mcdMemoryReserved) bucket_ram = info.memoryQuota * 2 / 3 # Add built-in user testuser = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******' }] RbacBase().create_user_source(testuser, 'builtin', self.master) time.sleep(10) # Assign user to role role_list = [{ 'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin' }] RbacBase().add_user_role(role_list, RestConnection(self.master), 'builtin') time.sleep(10) rest.create_bucket(bucket=self._bucket_name, ramQuotaMB=bucket_ram, proxyPort=info.memcached) msg = 'create_bucket succeeded but bucket "default" does not exist' self.assertTrue(BucketOperationHelper.wait_for_bucket_creation( self._bucket_name, rest), msg=msg) ready = BucketOperationHelper.wait_for_memcached( serverInfo, self._bucket_name) self.assertTrue(ready, "wait_for_memcached failed") self._log_start()
def delete_role(self, rest=None, user_ids=None): if not rest: rest = RestConnection(self.master) if not user_ids: user_ids = [user['id'] for user in self.roles] RbacBase().remove_user_role(user_ids, rest) self.sleep(20, "wait for user to get deleted...") self.log.info("user roles revoked for %s" % ", ".join(user_ids))
def test_eventing_with_cluster_admin_user(self): # create a cluster admin user user = [{ 'id': 'cluster_admin', 'password': '******', 'name': 'Cluster Admin' }] RbacBase().create_user_source(user, 'builtin', self.master) user_role_list = [{ 'id': 'cluster_admin', 'name': 'Cluster Admin', 'roles': 'cluster_admin' }] RbacBase().add_user_role(user_role_list, self.rest, 'builtin') body = self.create_save_function_body(self.function_name, self.handler_code) body['settings']['rbacpass'] = '******' body['settings']['rbacrole'] = 'cluster_admin' body['settings']['rbacuser'] = '******' # Deploy the function with cluster admin user self.deploy_function(body, wait_for_bootstrap=False) # load data self.load(self.gens_load, buckets=self.src_bucket, flag=self.item_flag, verify_data=False, batch_size=self.batch_size) # Wait for bootstrap to complete self.wait_for_bootstrap_to_complete(body['appname']) # Wait for eventing to catch up with all the update mutations and verify results self.verify_eventing_results(self.function_name, self.docs_per_day * 2016, skip_stats_validation=True) # delete all documents self.load(self.gens_load, buckets=self.src_bucket, flag=self.item_flag, verify_data=False, batch_size=self.batch_size, op_type='delete') # Wait for eventing to catch up with all the delete mutations and verify results self.verify_eventing_results(self.function_name, 0, skip_stats_validation=True) self.undeploy_and_delete_function(body)
def suite_setUp(self): super(QueryN1QLAuditTests, self).suite_setUp() self.log.info("============== QueryN1QLAuditTests suite_setup has started ==============") self.rest.load_sample("travel-sample") testuser = [{'id': 'no_select', 'name': 'no_select', 'password': '******'}, {'id': 'query', 'name': 'query', 'password': '******'}] RbacBase().create_user_source(testuser, 'builtin', self.master) no_select_permissions = 'query_update[*]:query_insert[*]:query_delete[*]:query_manage_index[*]:query_system_catalog' query_permissions = 'bucket_full_access[*]:query_select[*]:query_update[*]:' \ 'query_insert[*]:query_delete[*]:query_manage_index[*]:' \ 'query_system_catalog' role_list = [{'id': 'no_select', 'name': 'no_select', 'roles': '%s' % no_select_permissions, 'password':'******'}, {'id': 'query', 'name': 'query', 'roles': '%s' % query_permissions, 'password':'******'}] RbacBase().add_user_role(role_list, self.rest, 'builtin') self.log.info("============== QueryN1QLAuditTests suite_setup has completed ==============") self.log_config_info()
def assign_role(self, rest=None, roles=None): if not rest: rest = RestConnection(self.master) #Assign roles to users if not roles: roles = self.roles RbacBase().add_user_role(roles, rest, 'builtin') for user_role in roles: self.log.info("SUCCESS: Role(s) %s assigned to %s" % (user_role['roles'], user_role['id']))
def suite_setUp(self): super(QueryWhitelistTests, self).suite_setUp() # Create the users necessary for the RBAC tests in curl if self.create_users: testuser = [{'id': 'no_curl', 'name': 'no_curl', 'password': '******'}, {'id': 'curl', 'name': 'curl', 'password': '******'}, {'id': 'curl_no_insert', 'name': 'curl_no_insert', 'password': '******'}] RbacBase().create_user_source(testuser, 'builtin', self.master) noncurl_permissions = 'bucket_full_access[*]:query_select[*]:query_update[*]:' \ 'query_insert[*]:query_delete[*]:query_manage_index[*]:' \ 'query_system_catalog' curl_permissions = 'bucket_full_access[*]:query_select[*]:query_update[*]:' \ 'query_insert[*]:query_delete[*]:query_manage_index[*]:' \ 'query_system_catalog:query_external_access' # Assign user to role role_list = [{'id': 'no_curl', 'name': 'no_curl','roles': '%s' % noncurl_permissions}, {'id': 'curl', 'name': 'curl', 'roles': '%s' % curl_permissions}] temp = RbacBase().add_user_role(role_list, self.rest, 'builtin')
def create_users(self, users=None): """ :param user: takes a list of {'id': 'xxx', 'name': 'some_name , 'password': '******'} :return: Nothing """ if not users: users = self.users RbacBase().create_user_source(users, 'builtin', self.master) self.log.info("SUCCESS: User(s) %s created" % ','.join([user['name'] for user in users]))
def _assign_user_role(self): rest = RestConnection(self.master) final_role = self._return_roles(self.user_role) for user in self.ldap_users: final_user_role = [{ 'id': user[0], 'name': user[0], 'roles': final_role }] RbacBase().add_user_role(final_user_role, rest, self.auth_type) self.sleep(10)
def show_user_permissions(self): rest = RestConnection(self._cb_cluster.get_random_fts_node()) for user in self.users: for bucket in self._cb_cluster.get_buckets(): perm = RbacBase().check_user_permission( user['id'], user['password'], 'cluster.bucket[%s].fts!create,cluster.bucket[%s].' 'fts!manage,cluster.bucket[%s].fts!read' % (bucket.name, bucket.name, bucket.name), rest) self.log.info("Permissions for user: %s on bucket %s is: %s" % (user['id'], bucket.name, perm))
def test_audit_of_forbidden_access_denied_event(self): # create a cluster admin user user = [{'id': 'test', 'password': '******', 'name': 'test'}] RbacBase().create_user_source(user, 'builtin', self.master) user_role_list = [{ 'id': 'test', 'name': 'test', 'roles': 'query_manage_index[*]' }] RbacBase().add_user_role(user_role_list, self.rest, 'builtin') shell = RemoteMachineShellConnection(self.master) curl_cmd = 'curl -u test:password http://localhost:9102/settings/storageMode' try: shell.execute_command(curl_cmd) except Exception as err: self.log.info(err) expected_results = { 'description': 'The user does not have permission to access the requested resource', 'enabled': True, 'id': 49153, 'name': 'HTTP 403: Forbidden', 'sync': False, 'real_userid': { 'domain': 'local', 'user': '******' }, 'method': 'request_handler::isAllowed', 'service': 'Index', 'url': '/settings/storageMode', 'message': 'Called by RequestHandler::handleIndexStorageModeRequest' } self.checkConfig(self.eventID, self.master, expected_results, n1ql_audit=False)
def common_tearDown(self): self.cluster_helper.shutdown() test_failed = (hasattr(self, '_resultForDoCleanups') and len(self._resultForDoCleanups.failures or self._resultForDoCleanups.errors)) \ or (hasattr(self, '_exc_info') and self._exc_info()[1] is not None) if test_failed and TestInputSingleton.input.param("stop-on-failure", False)\ or self.input.param("skip_cleanup", False): self.log.warn("CLEANUP WAS SKIPPED") else: SwapRebalanceBase.reset(self) SwapRebalanceBase._log_finish(self) # Remove rbac user in teardown role_del = ['cbadminbucket'] RbacBase().remove_user_role(role_del, RestConnection(self.servers[0]))
def _drop_user(self, username): user = [username] response = RbacBase().remove_user_role(user, self.rest)