def setUp(self):
self.log = logger.Logger.get_logger()
self.master = TestInputSingleton.input.servers[0]
ClusterOperationHelper.cleanup_cluster([self.master])
BucketOperationHelper.delete_all_buckets_or_assert([self.master], self)
self._bucket_name = 'default'
serverInfo = self.master
rest = RestConnection(serverInfo)
info = rest.get_nodes_self()
self._bucket_port = info.moxi
rest.init_cluster(username=serverInfo.rest_username,
password=serverInfo.rest_password)
rest.init_cluster_memoryQuota(memoryQuota=info.mcdMemoryReserved)
bucket_ram = info.memoryQuota * 2 / 3
# Add built-in user
testuser = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'password': '******'
}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
# Assign user to role
role_list = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'roles': 'admin'
}]
RbacBase().add_user_role(role_list, RestConnection(self.master),
'builtin')
rest.create_bucket(bucket=self._bucket_name,
ramQuotaMB=bucket_ram,
proxyPort=info.memcached)
msg = 'create_bucket succeeded but bucket "default" does not exist'
if (testconstants.TESTRUNNER_CLIENT in os.environ.keys()
) and os.environ[
testconstants.TESTRUNNER_CLIENT] == testconstants.PYTHON_SDK:
self.client = SDKSmartClient(
serverInfo,
self._bucket_name,
compression=TestInputSingleton.input.param(
"sdk_compression", True))
else:
self.client = MemcachedClientHelper.direct_client(
serverInfo, self._bucket_name)
self.assertTrue(BucketOperationHelper.wait_for_bucket_creation(
self._bucket_name, rest),
msg=msg)
ready = BucketOperationHelper.wait_for_memcached(
serverInfo, self._bucket_name)
self.assertTrue(ready, "wait_for_memcached failed")
self._log_start()
def setUp_bucket(self, unittest):
self.log = logger.Logger.get_logger()
self.input = TestInputSingleton.input
unittest.assertTrue(self.input, msg="input parameters missing...")
self.test = unittest
self.master = self.input.servers[0]
rest = RestConnection(self.master)
rest.init_cluster(username=self.master.rest_username, password=self.master.rest_password)
rest.init_cluster_memoryQuota(memoryQuota=rest.get_nodes_self().mcdMemoryReserved)
ClusterOperationHelper.cleanup_cluster([self.master])
BucketOperationHelper.delete_all_buckets_or_assert([self.master], self.test)
serverInfo = self.master
rest = RestConnection(serverInfo)
info = rest.get_nodes_self()
rest.init_cluster(username=serverInfo.rest_username,
password=serverInfo.rest_password)
rest.init_cluster_memoryQuota(memoryQuota=info.memoryQuota)
# Add built-in user
testuser = [{'id': 'cbadminbucket', 'name': 'cbadminbucket', 'password': '******'}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
# Assign user to role
role_list = [{'id': 'cbadminbucket', 'name': 'cbadminbucket', 'roles': 'admin'}]
RbacBase().add_user_role(role_list, RestConnection(self.master), 'builtin')
def common_setup(input, testcase):
log.info("============== common_setup was started for test #{0} {1}==============" \
.format(testcase.case_number, testcase._testMethodName))
servers = input.servers
RemoteUtilHelper.common_basic_setup(servers)
BucketOperationHelper.delete_all_buckets_or_assert(servers, testcase)
ClusterOperationHelper.cleanup_cluster(servers)
ClusterOperationHelper.wait_for_ns_servers_or_assert(servers, testcase)
# Add built-in user
testuser = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'password': '******'
}]
RbacBase().create_user_source(testuser, 'builtin', servers[0])
# Assign user to role
role_list = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'roles': 'admin'
}]
RbacBase().add_user_role(role_list, RestConnection(servers[0]),
'builtin')
log.info("============== common_setup was finished for test #{0} {1} ==============" \
.format(testcase.case_number, testcase._testMethodName))
def add_built_in_server_user(self, testuser=None, rolelist=None, node=None):
"""
From spock, couchbase server is built with some users that handles
some specific task such as:
cbadminbucket
Default added user is cbadminbucket with admin role
"""
rest = RestConnection(self.master)
versions = rest.get_nodes_versions()
for version in versions:
if "5" > version:
self.log.info("Atleast one of the nodes in the cluster is "
"pre 5.0 version. Hence not creating rbac user "
"for the cluster. RBAC is a 5.0 feature.")
return
if testuser is None:
testuser = [{'id': 'cbadminbucket', 'name': 'cbadminbucket',
'password': '******'}]
if rolelist is None:
rolelist = [{'id': 'cbadminbucket', 'name': 'cbadminbucket',
'roles': 'admin'}]
if node is None:
node = self.master
self.log.info("**** add built-in '%s' user to node %s ****" % (testuser[0]["name"],
node.ip))
RbacBase().create_user_source(testuser, 'builtin', node)
self.log.info("**** add '%s' role to '%s' user ****" % (rolelist[0]["roles"],
testuser[0]["name"]))
status = RbacBase().add_user_role(rolelist, RestConnection(node), 'builtin')
return status
def test_eventing_with_read_only_user(self):
# create a read only admin user
user = [{
'id': 'ro_admin',
'password': '******',
'name': 'Read Only Admin'
}]
RbacBase().create_user_source(user, 'builtin', self.master)
user_role_list = [{
'id': 'ro_admin',
'name': 'Read Only Admin',
'roles': 'ro_admin'
}]
RbacBase().add_user_role(user_role_list, self.rest, 'builtin')
body = self.create_save_function_body(self.function_name,
self.handler_code)
body['settings']['rbacpass'] = '******'
body['settings']['rbacrole'] = 'ro_admin'
body['settings']['rbacuser'] = '******'
try:
# deploy the function with ro_admin user
self.deploy_function(body)
except Exception as ex:
if "did not successfully bootstrap" not in str(ex):
self.fail(
"Function deploy succeeded even when function was using read only credentials"
)
def __xdcr_setup_create(self):
testuser = [{'id': 'cbadminbucket', 'name': 'cbadminbucket',
'password': '******'}]
rolelist = [{'id': 'cbadminbucket', 'name': 'cbadminbucket',
'roles': 'admin'}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
RbacBase().add_user_role(rolelist, RestConnection(self.master), 'builtin')
# xdcr_hostname=the number of server in ini file to add to master as replication
xdcr_cluster_name = self.input.param("xdcr-cluster-name", None)
xdcr_hostname = self.input.param("xdcr-hostname", None)
xdcr_username = self.input.param("xdcr-username", None)
xdcr_password = self.input.param("xdcr-password", None)
demand_encyrption = self.input.param("demand-encryption", 0)
xdcr_cert = self.input.param("xdcr-certificate", None)
wrong_cert = self.input.param("wrong-certificate", None)
cli_command = "xdcr-setup"
options = "--create"
options += (" --xdcr-cluster-name=\'{0}\'".format(xdcr_cluster_name), "")[xdcr_cluster_name is None]
print ("Value of xdcr_home is {0}".format(xdcr_hostname))
if xdcr_hostname is not None:
RbacBase().create_user_source(testuser, 'builtin', self.servers[xdcr_hostname])
RbacBase().add_user_role(rolelist, RestConnection(self.servers[xdcr_hostname]), 'builtin')
options += " --xdcr-hostname={0}".format(self.servers[xdcr_hostname].ip)
options += (" --xdcr-username={0}".format(xdcr_username), "")[xdcr_username is None]
options += (" --xdcr-password={0}".format(xdcr_password), "")[xdcr_password is None]
options += (" --xdcr-demand-encryption={0}".format(demand_encyrption))
cluster_host = self.servers[xdcr_hostname].ip
output, _ = self.__execute_cli(cli_command="ssl-manage", options="--retrieve-cert={0}".format(xdcr_cert), cluster_host=cluster_host, user='******', password='******')
options += (" --xdcr-certificate={0}".format(xdcr_cert), "")[xdcr_cert is None]
#self.assertNotEqual(output[0].find("SUCCESS"), -1, "ssl-manage CLI failed to retrieve certificate")
output, error = self.__execute_cli(cli_command=cli_command, options=options)
return output, error, xdcr_cluster_name, xdcr_hostname, cli_command, options
def setUp(self):
self.log = logger.Logger.get_logger()
self.input = TestInputSingleton.input
self.assertTrue(self.input, msg="input parameters missing...")
self.master = self.input.servers[0]
self.bucket = "default"
self.number_of_items = -1
# Add built-in user
testuser = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'password': '******'
}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
time.sleep(10)
# Assign user to role
role_list = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'roles': 'admin'
}]
RbacBase().add_user_role(role_list, RestConnection(self.master),
'builtin')
time.sleep(10)
self._create_default_bucket()
self.drained_in_seconds = -1
self.drained = False
self.reader_shutdown = False
self._log_start()
def setUp(self):
self.log = logger.Logger.get_logger()
self.input = TestInput.TestInputSingleton.input
self.assertTrue(self.input, msg="input parameters missing...")
self.servers = self.input.servers
BucketOperationHelper.delete_all_buckets_or_assert(self.servers,
test_case=self)
# Add built-in user
testuser = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'password': '******'
}]
RbacBase().create_user_source(testuser, 'builtin', self.servers[0])
# Assign user to role
role_list = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'roles': 'admin'
}]
RbacBase().add_user_role(role_list, RestConnection(self.servers[0]),
'builtin')
self._log_start()
def test_max_buckets(self):
log = logger.Logger.get_logger()
serverInfo = self.servers[0]
log.info('picking server : {0} as the master'.format(serverInfo))
rest = RestConnection(serverInfo)
proxyPort = rest.get_nodes_self().moxi
info = rest.get_nodes_self()
rest.init_cluster(username=serverInfo.rest_username,
password=serverInfo.rest_password)
rest.init_cluster_memoryQuota(memoryQuota=info.mcdMemoryReserved)
bucket_num = rest.get_internalSettings("maxBucketCount")
bucket_ram = 100
testuser = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'password': '******'
}]
rolelist = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'roles': 'admin'
}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
RbacBase().add_user_role(rolelist, RestConnection(self.master),
'builtin')
for i in range(bucket_num):
bucket_name = 'max_buckets-{0}'.format(uuid.uuid4())
rest.create_bucket(bucket=bucket_name,
ramQuotaMB=bucket_ram,
authType='sasl',
proxyPort=proxyPort)
ready = BucketOperationHelper.wait_for_memcached(
serverInfo, bucket_name)
self.assertTrue(ready, "wait_for_memcached failed")
buckets = rest.get_buckets()
if len(buckets) != bucket_num:
msg = 'tried to create {0} buckets, only created {1}'.format(
bucket_count, len(buckets))
self.fail(msg)
try:
rest.create_bucket(bucket=bucket_name,
ramQuotaMB=bucket_ram,
authType='sasl',
proxyPort=proxyPort)
msg = 'bucket creation did not fail even though system was overcommited'
self.fail(msg)
except BucketCreationException as ex:
self.log.info(
'BucketCreationException was thrown as expected when we try to create {0} buckets'
.format(bucket_num + 1))
buckets = rest.get_buckets()
if len(buckets) != bucket_num:
msg = 'tried to create {0} buckets, only created {1}'.format(
bucket_num + 1, len(buckets))
self.fail(msg)
def _create_user_and_grant_role(self,
username,
role,
source='builtin',
password="******"):
user = [{'id': username, 'password': password, 'name': 'Some Name'}]
_ = RbacBase().create_user_source(user, source, self.master)
user_role_list = [{'id': username, 'name': 'Some Name', 'roles': role}]
_ = RbacBase().add_user_role(user_role_list, self.rest, source)
def test_max_buckets(self):
log = logger.Logger.get_logger()
serverInfo = self.servers[0]
log.info('picking server : {0} as the master'.format(serverInfo))
rest = RestConnection(serverInfo)
info = rest.get_nodes_self()
rest.init_cluster(username=serverInfo.rest_username,
password=serverInfo.rest_password)
bucket_num = rest.get_internalSettings("maxBucketCount")
log.info("max # buckets allow in cluster: {0}".format(bucket_num))
bucket_ram = 100
cluster_ram = info.memoryQuota
max_buckets = cluster_ram / bucket_ram
log.info("RAM setting for this cluster: {0}".format(cluster_ram))
testuser = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'password': '******'
}]
rolelist = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'roles': 'admin'
}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
RbacBase().add_user_role(rolelist, RestConnection(self.master),
'builtin')
for i in range(max_buckets):
bucket_name = 'max_buckets-{0}'.format(uuid.uuid4())
rest.create_bucket(bucket=bucket_name, ramQuotaMB=bucket_ram)
ready = BucketOperationHelper.wait_for_memcached(
serverInfo, bucket_name)
log.info("kv RAM left in cluster: {0}".format(cluster_ram - 100))
cluster_ram -= bucket_ram
self.assertTrue(ready, "wait_for_memcached failed")
buckets = rest.get_buckets()
if len(buckets) != max_buckets:
msg = 'tried to create {0} buckets, only created {1}'\
.format(bucket_count, len(buckets))
self.fail(msg)
try:
rest.create_bucket(bucket=bucket_name, ramQuotaMB=bucket_ram)
msg = 'bucket creation did not fail even though system was overcommited'
self.fail(msg)
except BucketCreationException as ex:
log.info(
'\n******\nBucketCreationException was thrown as expected when\
we try to create {0} buckets'.format(max_buckets +
1))
buckets = rest.get_buckets()
if len(buckets) != max_buckets:
msg = 'tried to create {0} buckets, only created {1}'\
.format(max_buckets + 1, len(buckets))
self.fail(msg)
def setUp(self):
super(QueryFreeLimits, self).setUp()
self.log.info(
"============== QueryFreeLimits setup has started ==============")
self.shell = RemoteMachineShellConnection(self.master)
self.info = self.shell.extract_remote_info()
if self.info.type.lower() == 'windows':
self.curl_path = f"{self.path}curl"
else:
self.curl_path = "curl"
self.rest = RestConnection(self.master)
self.query_service_url = f"'http://{self.master.ip}:{self.n1ql_port}/query/service'"
self.api_port = self.input.param("api_port", 8094)
self.run_cbq_query('delete from system:prepareds')
self.enforce_limits = self.input.param("enforce_limits", True)
self.expected_error = self.input.param("expected_error", False)
self.crash = self.input.param("crash", True)
# Create the users necessary for the RBAC tests in curl
self.log.info("============== Creating Users ==============")
self.delete_user("limited1")
self.delete_user("limited2")
testuser = [{
'id': 'limited1',
'name': 'limited1',
'password': '******'
}, {
'id': 'limited2',
'name': 'limited2',
'password': '******'
}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
full_permissions = 'bucket_full_access[*]:query_select[*]:query_update[*]:' \
'query_insert[*]:query_delete[*]:query_manage_index[*]:' \
'query_system_catalog:query_external_access:query_execute_global_external_functions'
# Assign user to role
role_list = [{
'id': 'limited1',
'name': 'limited1',
'roles': f'{full_permissions}',
'password': '******'
}, {
'id': 'limited2',
'name': 'limited2',
'roles': f'{full_permissions}',
'password': '******'
}]
RbacBase().add_user_role(role_list, self.rest, 'builtin')
self.cbqpath_user1 = f'{self.path}cbq -e {self.master.ip}:{self.n1ql_port} -q -u "limited1" -p {self.rest.password}'
self.cbqpath_user2 = f'{self.path}cbq -e {self.master.ip}:{self.n1ql_port} -q -u "limited2" -p {self.rest.password}'
self.log.info("============== Users Created ==============")
self.log.info(
"============== QueryFreeLimits setup has completed =============="
)
self.log_config_info()
self.query_buckets = self.get_query_buckets(check_all_buckets=True)
self.query_bucket = self.query_buckets[0]
def create_user(self, node):
self.log.info("inside create_user")
testuser = [{'id': 'cbadminbucket', 'name': 'cbadminbucket',
'password': '******'}]
rolelist = [{'id': 'cbadminbucket', 'name': 'cbadminbucket',
'roles': 'admin'}]
self.log.info("before create_user_source")
RbacBase().create_user_source(testuser, 'builtin', node)
self.log.info("before add_user_role")
RbacBase().add_user_role(rolelist, RestConnection(node), 'builtin')
def setUp(self):
super(RbacTestMemcached, self).setUp()
rest = RestConnection(self.master)
self.auth_type = self.input.param('auth_type', 'builtin')
self.user_id = self.input.param("user_id", None)
self.user_role = self.input.param("user_role", None)
self.bucket_name = self.input.param("bucket_name", None)
rest.create_bucket(bucket=self.bucket_name, ramQuotaMB=100, lww=True)
self.role_map = self.input.param("role_map", None)
self.incorrect_bucket = self.input.param("incorrect_bucket", False)
self.new_role = self.input.param("new_role", None)
self.new_role_map = self.input.param("new_role_map", None)
self.no_bucket_access = self.input.param("no_bucket_access", False)
self.no_access_bucket_name = self.input.param("no_access_bucket_name",
"noaccess")
self.all_buckets = self.input.param("all_buckets", None)
self.ldap_users = rbacmain().returnUserList(self.user_id)
if self.no_bucket_access:
rest.create_bucket(bucket=self.no_access_bucket_name,
ramQuotaMB=100,
lww=True)
if self.auth_type == 'ldap':
rbacmain(self.master, 'builtin')._delete_user('cbadminbucket')
if self.auth_type == 'ldap':
rbacmain().setup_auth_mechanism(self.servers, 'ldap', rest)
for user in self.ldap_users:
testuser = [{
'id': user[0],
'name': user[0],
'password': user[1]
}]
RbacBase().create_user_source(testuser, 'ldap', self.master)
self.sleep(10)
elif self.auth_type == "pam":
rbacmain().setup_auth_mechanism(self.servers, 'pam', rest)
rbacmain().add_remove_local_user(self.servers, self.ldap_users,
'deluser')
rbacmain().add_remove_local_user(self.servers, self.ldap_users,
'adduser')
elif self.auth_type == "builtin":
for user in self.ldap_users:
testuser = [{
'id': user[0],
'name': user[0],
'password': user[1]
}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
self.sleep(10)
def setUp(self):
super(rbacTest, self).setUp()
rest = RestConnection(self.master)
self.auth_type = self.input.param('auth_type', 'ldap')
self.user_id = self.input.param("user_id", None)
self.user_role = self.input.param("user_role", None)
self.bucket_name = self.input.param("bucket_name", 'default')
self.role_map = self.input.param("role_map", None)
self.incorrect_bucket = self.input.param("incorrect_bucket", False)
self.new_role = self.input.param("new_role", None)
self.new_role_map = self.input.param("new_role_map", None)
self.no_bucket_access = self.input.param("no_bucket_access", False)
self.no_access_bucket_name = self.input.param("no_access_bucket_name", None)
self.ldap_users = rbacmain().returnUserList(self.user_id)
if self.auth_type == 'ldap' or self.auth_type == 'pam':
rbacmain(self.master, 'builtin')._delete_user('cbadminbucket')
rbacmain(self.master, self.auth_type)._delete_user_from_roles(self.master)
if self.auth_type == 'ldap':
rbacmain().setup_auth_mechanism(self.servers, 'ldap', rest)
self._removeLdapUserRemote(self.ldap_users)
self._createLDAPUser(self.ldap_users)
elif self.auth_type == "pam":
rbacmain().setup_auth_mechanism(self.servers, 'pam', rest)
rbacmain().add_remove_local_user(self.servers, self.ldap_users, 'deluser')
rbacmain().add_remove_local_user(self.servers, self.ldap_users, 'adduser')
elif self.auth_type == "builtin":
for user in self.ldap_users:
testuser = [{'id': user[0], 'name': user[0], 'password': user[1]}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
self.sleep(10)
self.ldap_server = ServerInfo(self.ldapHost, self.ldapPort, 'root', 'couchbase')
self.ipAddress = self.getLocalIPAddress()
def change_role_pre_upg_data(self):
change_role_pre_upg_user = [
{'id': 'bucket_admin_01', 'name': 'bucket_admin_01', 'password': '******'}, \
{'id': 'bucket_admin_02', 'name': 'bucket_admin_02', 'password': '******'}, \
{'id': 'bucket_admin_03', 'name': 'bucket_admin_03', 'password': '******'}, \
{'id': 'bucket_admin_04', 'name': 'bucket_admin_04', 'password': '******'}, \
{'id': 'bucket_admin_05', 'name': 'bucket_admin_05', 'password': '******'}]
change_role_pre_upgrade_data = [
{'id': 'bucket_admin_01', 'name': 'bucket_admin_01', 'roles': 'data_reader[afterupgrade01]',
'action_list': 'data_reader', 'bucket': 'afterupgrade01'}, \
{'id': 'bucket_admin_02', 'name': 'bucket_admin_02', 'roles': 'data_writer[afterupgrade01]',
'action_list': 'data_writer', 'bucket': 'afterupgrade01'}, \
{'id': 'bucket_admin_03', 'name': 'bucket_admin_03', 'roles': 'data_dcp_reader[afterupgrade01]',
'action_list': 'data_dcp_reader', 'bucket': 'afterupgrade01'}, \
{'id': 'bucket_admin_04', 'name': 'bucket_admin_04', 'roles': 'data_monitoring[afterupgrade01]',
'action_list': 'data_monitoring', 'bucket': 'afterupgrade01'}, \
{'id': 'bucket_admin_05', 'name': 'bucket_admin_05', 'roles': 'data_backup[afterupgrade01]',
'action_list': 'data_backup', 'bucket': 'afterupgrade01'}]
RbacBase().add_user_role(change_role_pre_upgrade_data,
RestConnection(self.master), 'ldap')
return change_role_pre_upg_user, change_role_pre_upgrade_data
def tearDown(self):
BucketOperationHelper.delete_all_buckets_or_assert([self.master], self)
rest = RestConnection(self.master)
# Remove rbac user in teardown
role_del = ['cbadminbucket']
temp = RbacBase().remove_user_role(role_del, rest)
self._log_finish()
def tearDown(self):
BucketOperationHelper.delete_all_buckets_or_assert(
servers=[self.master], test_case=self)
# Remove rbac user in teardown
role_del = ['cbadminbucket']
RbacBase().remove_user_role(role_del, RestConnection(self.master))
self._log_finish()
def setUp(self):
self.log = logger.Logger.get_logger()
self.master = TestInputSingleton.input.servers[0]
ClusterOperationHelper.cleanup_cluster([self.master])
BucketOperationHelper.delete_all_buckets_or_assert([self.master], self)
self._bucket_name = 'default'
serverInfo = self.master
rest = RestConnection(serverInfo)
info = rest.get_nodes_self()
self._bucket_port = info.moxi
rest.init_cluster(username=serverInfo.rest_username,
password=serverInfo.rest_password)
rest.init_cluster_memoryQuota(memoryQuota=info.mcdMemoryReserved)
bucket_ram = info.memoryQuota * 2 / 3
# Add built-in user
testuser = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'password': '******'
}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
time.sleep(10)
# Assign user to role
role_list = [{
'id': 'cbadminbucket',
'name': 'cbadminbucket',
'roles': 'admin'
}]
RbacBase().add_user_role(role_list, RestConnection(self.master),
'builtin')
time.sleep(10)
rest.create_bucket(bucket=self._bucket_name,
ramQuotaMB=bucket_ram,
proxyPort=info.memcached)
msg = 'create_bucket succeeded but bucket "default" does not exist'
self.assertTrue(BucketOperationHelper.wait_for_bucket_creation(
self._bucket_name, rest),
msg=msg)
ready = BucketOperationHelper.wait_for_memcached(
serverInfo, self._bucket_name)
self.assertTrue(ready, "wait_for_memcached failed")
self._log_start()
def delete_role(self, rest=None, user_ids=None):
if not rest:
rest = RestConnection(self.master)
if not user_ids:
user_ids = [user['id'] for user in self.roles]
RbacBase().remove_user_role(user_ids, rest)
self.sleep(20, "wait for user to get deleted...")
self.log.info("user roles revoked for %s" % ", ".join(user_ids))
def test_eventing_with_cluster_admin_user(self):
# create a cluster admin user
user = [{
'id': 'cluster_admin',
'password': '******',
'name': 'Cluster Admin'
}]
RbacBase().create_user_source(user, 'builtin', self.master)
user_role_list = [{
'id': 'cluster_admin',
'name': 'Cluster Admin',
'roles': 'cluster_admin'
}]
RbacBase().add_user_role(user_role_list, self.rest, 'builtin')
body = self.create_save_function_body(self.function_name,
self.handler_code)
body['settings']['rbacpass'] = '******'
body['settings']['rbacrole'] = 'cluster_admin'
body['settings']['rbacuser'] = '******'
# Deploy the function with cluster admin user
self.deploy_function(body, wait_for_bootstrap=False)
# load data
self.load(self.gens_load,
buckets=self.src_bucket,
flag=self.item_flag,
verify_data=False,
batch_size=self.batch_size)
# Wait for bootstrap to complete
self.wait_for_bootstrap_to_complete(body['appname'])
# Wait for eventing to catch up with all the update mutations and verify results
self.verify_eventing_results(self.function_name,
self.docs_per_day * 2016,
skip_stats_validation=True)
# delete all documents
self.load(self.gens_load,
buckets=self.src_bucket,
flag=self.item_flag,
verify_data=False,
batch_size=self.batch_size,
op_type='delete')
# Wait for eventing to catch up with all the delete mutations and verify results
self.verify_eventing_results(self.function_name,
0,
skip_stats_validation=True)
self.undeploy_and_delete_function(body)
def suite_setUp(self):
super(QueryN1QLAuditTests, self).suite_setUp()
self.log.info("============== QueryN1QLAuditTests suite_setup has started ==============")
self.rest.load_sample("travel-sample")
testuser = [{'id': 'no_select', 'name': 'no_select', 'password': '******'},
{'id': 'query', 'name': 'query', 'password': '******'}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
no_select_permissions = 'query_update[*]:query_insert[*]:query_delete[*]:query_manage_index[*]:query_system_catalog'
query_permissions = 'bucket_full_access[*]:query_select[*]:query_update[*]:' \
'query_insert[*]:query_delete[*]:query_manage_index[*]:' \
'query_system_catalog'
role_list = [{'id': 'no_select', 'name': 'no_select', 'roles': '%s' % no_select_permissions, 'password':'******'},
{'id': 'query', 'name': 'query', 'roles': '%s' % query_permissions, 'password':'******'}]
RbacBase().add_user_role(role_list, self.rest, 'builtin')
self.log.info("============== QueryN1QLAuditTests suite_setup has completed ==============")
self.log_config_info()
def assign_role(self, rest=None, roles=None):
if not rest:
rest = RestConnection(self.master)
#Assign roles to users
if not roles:
roles = self.roles
RbacBase().add_user_role(roles, rest, 'builtin')
for user_role in roles:
self.log.info("SUCCESS: Role(s) %s assigned to %s" %
(user_role['roles'], user_role['id']))
def suite_setUp(self):
super(QueryWhitelistTests, self).suite_setUp()
# Create the users necessary for the RBAC tests in curl
if self.create_users:
testuser = [{'id': 'no_curl', 'name': 'no_curl', 'password': '******'},
{'id': 'curl', 'name': 'curl', 'password': '******'},
{'id': 'curl_no_insert', 'name': 'curl_no_insert', 'password': '******'}]
RbacBase().create_user_source(testuser, 'builtin', self.master)
noncurl_permissions = 'bucket_full_access[*]:query_select[*]:query_update[*]:' \
'query_insert[*]:query_delete[*]:query_manage_index[*]:' \
'query_system_catalog'
curl_permissions = 'bucket_full_access[*]:query_select[*]:query_update[*]:' \
'query_insert[*]:query_delete[*]:query_manage_index[*]:' \
'query_system_catalog:query_external_access'
# Assign user to role
role_list = [{'id': 'no_curl', 'name': 'no_curl','roles': '%s' % noncurl_permissions},
{'id': 'curl', 'name': 'curl', 'roles': '%s' % curl_permissions}]
temp = RbacBase().add_user_role(role_list, self.rest, 'builtin')
def create_users(self, users=None):
"""
:param user: takes a list of {'id': 'xxx', 'name': 'some_name ,
'password': '******'}
:return: Nothing
"""
if not users:
users = self.users
RbacBase().create_user_source(users, 'builtin', self.master)
self.log.info("SUCCESS: User(s) %s created" %
','.join([user['name'] for user in users]))
def _assign_user_role(self):
rest = RestConnection(self.master)
final_role = self._return_roles(self.user_role)
for user in self.ldap_users:
final_user_role = [{
'id': user[0],
'name': user[0],
'roles': final_role
}]
RbacBase().add_user_role(final_user_role, rest, self.auth_type)
self.sleep(10)
def show_user_permissions(self):
rest = RestConnection(self._cb_cluster.get_random_fts_node())
for user in self.users:
for bucket in self._cb_cluster.get_buckets():
perm = RbacBase().check_user_permission(
user['id'], user['password'],
'cluster.bucket[%s].fts!create,cluster.bucket[%s].'
'fts!manage,cluster.bucket[%s].fts!read' %
(bucket.name, bucket.name, bucket.name), rest)
self.log.info("Permissions for user: %s on bucket %s is: %s" %
(user['id'], bucket.name, perm))
def test_audit_of_forbidden_access_denied_event(self):
# create a cluster admin user
user = [{'id': 'test', 'password': '******', 'name': 'test'}]
RbacBase().create_user_source(user, 'builtin', self.master)
user_role_list = [{
'id': 'test',
'name': 'test',
'roles': 'query_manage_index[*]'
}]
RbacBase().add_user_role(user_role_list, self.rest, 'builtin')
shell = RemoteMachineShellConnection(self.master)
curl_cmd = 'curl -u test:password http://localhost:9102/settings/storageMode'
try:
shell.execute_command(curl_cmd)
except Exception as err:
self.log.info(err)
expected_results = {
'description':
'The user does not have permission to access the requested resource',
'enabled': True,
'id': 49153,
'name': 'HTTP 403: Forbidden',
'sync': False,
'real_userid': {
'domain': 'local',
'user': '******'
},
'method': 'request_handler::isAllowed',
'service': 'Index',
'url': '/settings/storageMode',
'message':
'Called by RequestHandler::handleIndexStorageModeRequest'
}
self.checkConfig(self.eventID,
self.master,
expected_results,
n1ql_audit=False)
def common_tearDown(self):
self.cluster_helper.shutdown()
test_failed = (hasattr(self, '_resultForDoCleanups') and len(self._resultForDoCleanups.failures or self._resultForDoCleanups.errors)) \
or (hasattr(self, '_exc_info') and self._exc_info()[1] is not None)
if test_failed and TestInputSingleton.input.param("stop-on-failure", False)\
or self.input.param("skip_cleanup", False):
self.log.warn("CLEANUP WAS SKIPPED")
else:
SwapRebalanceBase.reset(self)
SwapRebalanceBase._log_finish(self)
# Remove rbac user in teardown
role_del = ['cbadminbucket']
RbacBase().remove_user_role(role_del, RestConnection(self.servers[0]))
def _drop_user(self, username):
user = [username]
response = RbacBase().remove_user_role(user, self.rest)
