def test_08_check_for_ad_groups(request):
"""
This test validates that we can query AD groups using
filter-option {"extra": {"search_dscache": True}}
"""
depends(request, ["INITIAL_CACHE_FILL", "ssh_password"], scope="session")
cmd = "wbinfo -g"
results = SSH_TEST(cmd, user, password, ip)
assert results['result'], str(results['output'])
wbinfo_entries = results['output'].splitlines()
results = GET('/group',
payload={
'query-filters': [['local', '=', False]],
'query-options': {
'extra': {
"search_dscache": True
}
},
})
assert results.status_code == 200, results.text
assert len(results.json()) > 0, results.text
cache_names = [x['name'] for x in results.json()]
for entry in wbinfo_entries:
assert entry in cache_names, str(cache_names)
def test_09_test_dosmodes():
modes = ['readonly', 'hidden', 'system', 'archive', 'offline', 'sparse']
ds_name = 'dosmode_test'
target = f'{pool_name}/{ds_name}'
path = f'/mnt/{target}'
testpaths = [
f'{path}/testfile',
f'{path}/testdir',
]
with create_dataset(target):
cmd = [f'touch {testpaths[0]}', f'mkdir {testpaths[1]}']
results = SSH_TEST(' && '.join(cmd), user, password, ip)
assert results['result'] is True, str(results)
for p in testpaths:
results = POST('/filesystem/get_dosmode', p)
assert results.status_code == 200, results
expected_flags = results.json()
for m in modes:
to_set = {m: not expected_flags[m]}
results = POST('/filesystem/set_dosmode', {
'path': p,
'dosmode': to_set
})
assert results.status_code == 200, results.text
expected_flags.update(to_set)
results = POST('/filesystem/get_dosmode', p)
assert results.status_code == 200, results
assert results.json() == expected_flags
def test_07_test_filesystem_stat_filetype(request):
"""
This test checks that file types are properly
identified through the filesystem plugin in middleware.
There is an additional check to make sure that paths
in the ZFS CTL directory (.zfs) are properly flagged.
"""
depends(request, ["pool_04"], scope="session")
ds_name = 'stat_test'
snap_name = f'{ds_name}_snap1'
path = f'/mnt/{pool_name}/{ds_name}'
targets = ['file', 'directory', 'symlink', 'other']
cmds = [
f'mkdir {path}/directory', f'touch {path}/file',
f'ln -s {path}/file {path}/symlink', f'mkfifo {path}/other'
]
with create_dataset(f'{pool_name}/{ds_name}'):
results = SSH_TEST(' && '.join(cmds), user, password, ip)
assert results['result'] is True, str(results)
for x in targets:
target = f'{path}/{x}'
results = POST('/filesystem/stat/', target)
assert results.status_code == 200, f'{target}: {results.text}'
statout = results.json()
assert statout['type'] == x.upper(), str(statout)
assert not statout['is_ctldir']
result = POST(
"/zfs/snapshot/", {
'dataset': f'{pool_name}/{ds_name}',
'name': snap_name,
'recursive': False,
})
assert result.status_code == 200, result.text
for x in targets:
target = f'{path}/.zfs/snapshot/{snap_name}/{x}'
results = POST('/filesystem/stat/', target)
assert results.status_code == 200, f'{target}: {results.text}'
statout = results.json()
assert statout['type'] == x.upper(), str(statout)
assert statout['is_ctldir']
results = POST('/filesystem/stat/',
f'{path}/.zfs/snapshot/{snap_name}')
assert results.status_code == 200, results.text
assert results.json()['is_ctldir']
results = POST('/filesystem/stat/', f'{path}/.zfs/snapshot')
assert results.status_code == 200, results.text
assert results.json()['is_ctldir']
results = POST('/filesystem/stat/', f'{path}/.zfs')
assert results.status_code == 200, results.text
assert results.json()['is_ctldir']
def test_09_check_directoryservices_cache_refresh(request):
"""
This test validates that middleware can successfully rebuild the
directory services cache from scratch using the public API.
This currently happens once per 24 hours. Result of failure here will
be lack of users/groups visible in webui.
"""
depends(request, ["AD_USERS_CACHED", "AD_GROUPS_CACHED", "ssh_password"],
scope="session")
rebuild_ok = False
"""
Cache resides in tdb files. Remove the files to clear cache.
"""
cmd = 'rm -f /root/tdb/persistent/*'
results = SSH_TEST(cmd, user, password, ip)
assert results['result'] is True, results['output']
"""
directoryservices.cache_refresh job causes us to rebuild / refresh
LDAP / AD users.
"""
results = GET('/directoryservices/cache_refresh/')
assert results.status_code == 200, results.text
if results.status_code == 200:
refresh_job = results.json()
job_status = wait_on_job(refresh_job, 180)
assert job_status['state'] == 'SUCCESS', str(job_status['results'])
if job_status['state'] == 'SUCCESS':
rebuild_ok = True
"""
Verify that the AD user / group cache was rebuilt successfully.
"""
if rebuild_ok:
results = GET('/group',
payload={
'query-filters': [['local', '=', False]],
'query-options': {
'extra': {
"search_dscache": True
}
},
})
assert results.status_code == 200, results.text
assert len(results.json()) > 0, results.text
results = GET('/user',
payload={
'query-filters': [['local', '=', False]],
'query-options': {
'extra': {
"search_dscache": True
}
},
})
assert results.status_code == 200, results.text
assert len(results.json()) > 0, results.text
def test_11_check_lazy_initialization_of_users_and_groups_by_id(request):
"""
When users explicitly search for a directory service or other user
by name or id we should hit pwd and grp modules and synthesize a
result if the user / group is not in the cache. This special behavior
only occurs when single filter of "name =" or "id =". So after the
initial query that should result in insertion, we add a second filter
to only hit the cache. Code paths are slightly different for lookups
by id or by name and so they are tested separately.
"""
depends(request, ["LAZY_INITIALIZATION_BY_NAME", "ssh_password"], scope="session")
cmd = 'rm -f /root/tdb/persistent/*'
results = SSH_TEST(cmd, user, password, ip)
assert results['result'] is True, results['output']
if not results['result']:
return
results = GET('/user', payload={
'query-filters': [['uid', '=', ad_user_id]],
'query-options': {'extra': {"search_dscache": True}},
})
assert results.status_code == 200, results.text
assert results.json()[0]['uid'] == ad_user_id, results.text
results = GET('/group', payload={
'query-filters': [['gid', '=', ad_domain_users_id]],
'query-options': {'extra': {"search_dscache": True}},
})
assert results.status_code == 200, results.text
assert results.json()[0]['gid'] == ad_domain_users_id, results.text
"""
The following two tests validate that cache insertion occured.
"""
results = GET('/user', payload={
'query-filters': [['uid', '=', ad_user_id], ['local', '=', False]],
'query-options': {'extra': {"search_dscache": True}},
})
assert results.status_code == 200, results.text
assert len(results.json()) == 1, results.text
results = GET('/group', payload={
'query-filters': [['gid', '=', ad_domain_users_id], ['local', '=', False]],
'query-options': {'extra': {"search_dscache": True}},
})
assert results.status_code == 200, results.text
assert len(results.json()) == 1, results.text
def test_13_idmap_new_domain(request):
depends(request, ["JOINED_AD", "ssh_password"], scope="session")
global dom_id
cmd = 'midclt call idmap.get_next_idmap_range'
results = SSH_TEST(cmd, user, password, ip)
assert results['result'] is True, results['output']
low, high = json.loads(results['output'].strip())
payload = {
"name": "canary",
"range_low": low,
"range_high": high,
"idmap_backend": "RID",
"options": {}
}
results = POST("/idmap/", payload)
assert results.status_code == 200, results.text
dom_id = results.json()['id']
def test_05_prepare_recursive_tests(request):
depends(request, ["IS_TRIVIAL", "ssh_password"], scope="session")
result = POST('/pool/dataset/', {'name': MODE_SUBDATASET})
assert result.status_code == 200, result.text
cmd = f'mkdir -p /mnt/{MODE_DATASET}/dir1/dir2'
results = SSH_TEST(cmd, user, password, ip)
assert results['result'] is True, results['output']
cmd = f'touch /mnt/{MODE_DATASET}/dir1/dir2/testfile'
results = SSH_TEST(cmd, user, password, ip)
assert results['result'] is True, results['output']
results = POST('/filesystem/stat/', f'/mnt/{MODE_SUBDATASET}')
assert results.status_code == 200, results.text
current_mode = results.json()['mode']
# new datasets should be created with 755 permissions"
assert f"{stat.S_IMODE(current_mode):03o}" == "755", results.text
def test_10_check_lazy_initialization_of_users_and_groups_by_name(request):
"""
When users explicitly search for a directory service or other user
by name or id we should hit pwd and grp modules and synthesize a
result if the user / group is not in the cache. This special behavior
only occurs when single filter of "name =" or "id =". So after the
initial query that should result in insertion, we add a second filter
to only hit the cache. Code paths are slightly different for lookups
by id or by name and so they are tested separately.
"""
depends(request, ["REBUILD_AD_CACHE", "ssh_password"], scope="session")
global ad_user_id
global ad_domain_users_id
domain_prefix = f'{WORKGROUP.upper()}{WINBIND_SEPARATOR}'
ad_user = f'{domain_prefix}{ADUSERNAME.lower()}'
ad_group = f'{domain_prefix}domain users'
cmd = 'rm -f /root/tdb/persistent/*'
results = SSH_TEST(cmd, user, password, ip)
assert results['result'] is True, results['output']
if not results['result']:
return
results = GET('/user',
payload={
'query-filters': [['username', '=', ad_user]],
'query-options': {
'extra': {
"search_dscache": True
}
},
})
assert results.status_code == 200, results.text
assert len(results.json()) > 0, results.text
if len(results.json()) == 0:
return
ad_user_id = results.json()[0]['uid']
assert results.json()[0]['username'] == ad_user, results.text
results = GET('/group',
payload={
'query-filters': [['name', '=', ad_group]],
'query-options': {
'extra': {
"search_dscache": True
}
},
})
assert results.status_code == 200, results.text
assert len(results.json()) > 0, results.text
if len(results.json()) == 0:
return
ad_domain_users_id = results.json()[0]['gid']
assert results.json()[0]['name'] == ad_group, results.text
"""
The following two tests validate that cache insertion occured.
"""
results = GET('/user',
payload={
'query-filters': [['username', '=', ad_user],
['local', '=', False]],
'query-options': {
'extra': {
"search_dscache": True
}
},
})
assert results.status_code == 200, results.text
assert len(results.json()) == 1, results.text
results = GET('/group',
payload={
'query-filters': [['name', '=', ad_group],
['local', '=', False]],
'query-options': {
'extra': {
"search_dscache": True
}
},
})
assert results.status_code == 200, results.text
assert len(results.json()) == 1, results.text
