def test_08_check_for_ad_groups(request): """ This test validates that we can query AD groups using filter-option {"extra": {"search_dscache": True}} """ depends(request, ["INITIAL_CACHE_FILL", "ssh_password"], scope="session") cmd = "wbinfo -g" results = SSH_TEST(cmd, user, password, ip) assert results['result'], str(results['output']) wbinfo_entries = results['output'].splitlines() results = GET('/group', payload={ 'query-filters': [['local', '=', False]], 'query-options': { 'extra': { "search_dscache": True } }, }) assert results.status_code == 200, results.text assert len(results.json()) > 0, results.text cache_names = [x['name'] for x in results.json()] for entry in wbinfo_entries: assert entry in cache_names, str(cache_names)
def test_09_test_dosmodes(): modes = ['readonly', 'hidden', 'system', 'archive', 'offline', 'sparse'] ds_name = 'dosmode_test' target = f'{pool_name}/{ds_name}' path = f'/mnt/{target}' testpaths = [ f'{path}/testfile', f'{path}/testdir', ] with create_dataset(target): cmd = [f'touch {testpaths[0]}', f'mkdir {testpaths[1]}'] results = SSH_TEST(' && '.join(cmd), user, password, ip) assert results['result'] is True, str(results) for p in testpaths: results = POST('/filesystem/get_dosmode', p) assert results.status_code == 200, results expected_flags = results.json() for m in modes: to_set = {m: not expected_flags[m]} results = POST('/filesystem/set_dosmode', { 'path': p, 'dosmode': to_set }) assert results.status_code == 200, results.text expected_flags.update(to_set) results = POST('/filesystem/get_dosmode', p) assert results.status_code == 200, results assert results.json() == expected_flags
def test_07_test_filesystem_stat_filetype(request): """ This test checks that file types are properly identified through the filesystem plugin in middleware. There is an additional check to make sure that paths in the ZFS CTL directory (.zfs) are properly flagged. """ depends(request, ["pool_04"], scope="session") ds_name = 'stat_test' snap_name = f'{ds_name}_snap1' path = f'/mnt/{pool_name}/{ds_name}' targets = ['file', 'directory', 'symlink', 'other'] cmds = [ f'mkdir {path}/directory', f'touch {path}/file', f'ln -s {path}/file {path}/symlink', f'mkfifo {path}/other' ] with create_dataset(f'{pool_name}/{ds_name}'): results = SSH_TEST(' && '.join(cmds), user, password, ip) assert results['result'] is True, str(results) for x in targets: target = f'{path}/{x}' results = POST('/filesystem/stat/', target) assert results.status_code == 200, f'{target}: {results.text}' statout = results.json() assert statout['type'] == x.upper(), str(statout) assert not statout['is_ctldir'] result = POST( "/zfs/snapshot/", { 'dataset': f'{pool_name}/{ds_name}', 'name': snap_name, 'recursive': False, }) assert result.status_code == 200, result.text for x in targets: target = f'{path}/.zfs/snapshot/{snap_name}/{x}' results = POST('/filesystem/stat/', target) assert results.status_code == 200, f'{target}: {results.text}' statout = results.json() assert statout['type'] == x.upper(), str(statout) assert statout['is_ctldir'] results = POST('/filesystem/stat/', f'{path}/.zfs/snapshot/{snap_name}') assert results.status_code == 200, results.text assert results.json()['is_ctldir'] results = POST('/filesystem/stat/', f'{path}/.zfs/snapshot') assert results.status_code == 200, results.text assert results.json()['is_ctldir'] results = POST('/filesystem/stat/', f'{path}/.zfs') assert results.status_code == 200, results.text assert results.json()['is_ctldir']
def test_09_check_directoryservices_cache_refresh(request): """ This test validates that middleware can successfully rebuild the directory services cache from scratch using the public API. This currently happens once per 24 hours. Result of failure here will be lack of users/groups visible in webui. """ depends(request, ["AD_USERS_CACHED", "AD_GROUPS_CACHED", "ssh_password"], scope="session") rebuild_ok = False """ Cache resides in tdb files. Remove the files to clear cache. """ cmd = 'rm -f /root/tdb/persistent/*' results = SSH_TEST(cmd, user, password, ip) assert results['result'] is True, results['output'] """ directoryservices.cache_refresh job causes us to rebuild / refresh LDAP / AD users. """ results = GET('/directoryservices/cache_refresh/') assert results.status_code == 200, results.text if results.status_code == 200: refresh_job = results.json() job_status = wait_on_job(refresh_job, 180) assert job_status['state'] == 'SUCCESS', str(job_status['results']) if job_status['state'] == 'SUCCESS': rebuild_ok = True """ Verify that the AD user / group cache was rebuilt successfully. """ if rebuild_ok: results = GET('/group', payload={ 'query-filters': [['local', '=', False]], 'query-options': { 'extra': { "search_dscache": True } }, }) assert results.status_code == 200, results.text assert len(results.json()) > 0, results.text results = GET('/user', payload={ 'query-filters': [['local', '=', False]], 'query-options': { 'extra': { "search_dscache": True } }, }) assert results.status_code == 200, results.text assert len(results.json()) > 0, results.text
def test_11_check_lazy_initialization_of_users_and_groups_by_id(request): """ When users explicitly search for a directory service or other user by name or id we should hit pwd and grp modules and synthesize a result if the user / group is not in the cache. This special behavior only occurs when single filter of "name =" or "id =". So after the initial query that should result in insertion, we add a second filter to only hit the cache. Code paths are slightly different for lookups by id or by name and so they are tested separately. """ depends(request, ["LAZY_INITIALIZATION_BY_NAME", "ssh_password"], scope="session") cmd = 'rm -f /root/tdb/persistent/*' results = SSH_TEST(cmd, user, password, ip) assert results['result'] is True, results['output'] if not results['result']: return results = GET('/user', payload={ 'query-filters': [['uid', '=', ad_user_id]], 'query-options': {'extra': {"search_dscache": True}}, }) assert results.status_code == 200, results.text assert results.json()[0]['uid'] == ad_user_id, results.text results = GET('/group', payload={ 'query-filters': [['gid', '=', ad_domain_users_id]], 'query-options': {'extra': {"search_dscache": True}}, }) assert results.status_code == 200, results.text assert results.json()[0]['gid'] == ad_domain_users_id, results.text """ The following two tests validate that cache insertion occured. """ results = GET('/user', payload={ 'query-filters': [['uid', '=', ad_user_id], ['local', '=', False]], 'query-options': {'extra': {"search_dscache": True}}, }) assert results.status_code == 200, results.text assert len(results.json()) == 1, results.text results = GET('/group', payload={ 'query-filters': [['gid', '=', ad_domain_users_id], ['local', '=', False]], 'query-options': {'extra': {"search_dscache": True}}, }) assert results.status_code == 200, results.text assert len(results.json()) == 1, results.text
def test_13_idmap_new_domain(request): depends(request, ["JOINED_AD", "ssh_password"], scope="session") global dom_id cmd = 'midclt call idmap.get_next_idmap_range' results = SSH_TEST(cmd, user, password, ip) assert results['result'] is True, results['output'] low, high = json.loads(results['output'].strip()) payload = { "name": "canary", "range_low": low, "range_high": high, "idmap_backend": "RID", "options": {} } results = POST("/idmap/", payload) assert results.status_code == 200, results.text dom_id = results.json()['id']
def test_05_prepare_recursive_tests(request): depends(request, ["IS_TRIVIAL", "ssh_password"], scope="session") result = POST('/pool/dataset/', {'name': MODE_SUBDATASET}) assert result.status_code == 200, result.text cmd = f'mkdir -p /mnt/{MODE_DATASET}/dir1/dir2' results = SSH_TEST(cmd, user, password, ip) assert results['result'] is True, results['output'] cmd = f'touch /mnt/{MODE_DATASET}/dir1/dir2/testfile' results = SSH_TEST(cmd, user, password, ip) assert results['result'] is True, results['output'] results = POST('/filesystem/stat/', f'/mnt/{MODE_SUBDATASET}') assert results.status_code == 200, results.text current_mode = results.json()['mode'] # new datasets should be created with 755 permissions" assert f"{stat.S_IMODE(current_mode):03o}" == "755", results.text
def test_10_check_lazy_initialization_of_users_and_groups_by_name(request): """ When users explicitly search for a directory service or other user by name or id we should hit pwd and grp modules and synthesize a result if the user / group is not in the cache. This special behavior only occurs when single filter of "name =" or "id =". So after the initial query that should result in insertion, we add a second filter to only hit the cache. Code paths are slightly different for lookups by id or by name and so they are tested separately. """ depends(request, ["REBUILD_AD_CACHE", "ssh_password"], scope="session") global ad_user_id global ad_domain_users_id domain_prefix = f'{WORKGROUP.upper()}{WINBIND_SEPARATOR}' ad_user = f'{domain_prefix}{ADUSERNAME.lower()}' ad_group = f'{domain_prefix}domain users' cmd = 'rm -f /root/tdb/persistent/*' results = SSH_TEST(cmd, user, password, ip) assert results['result'] is True, results['output'] if not results['result']: return results = GET('/user', payload={ 'query-filters': [['username', '=', ad_user]], 'query-options': { 'extra': { "search_dscache": True } }, }) assert results.status_code == 200, results.text assert len(results.json()) > 0, results.text if len(results.json()) == 0: return ad_user_id = results.json()[0]['uid'] assert results.json()[0]['username'] == ad_user, results.text results = GET('/group', payload={ 'query-filters': [['name', '=', ad_group]], 'query-options': { 'extra': { "search_dscache": True } }, }) assert results.status_code == 200, results.text assert len(results.json()) > 0, results.text if len(results.json()) == 0: return ad_domain_users_id = results.json()[0]['gid'] assert results.json()[0]['name'] == ad_group, results.text """ The following two tests validate that cache insertion occured. """ results = GET('/user', payload={ 'query-filters': [['username', '=', ad_user], ['local', '=', False]], 'query-options': { 'extra': { "search_dscache": True } }, }) assert results.status_code == 200, results.text assert len(results.json()) == 1, results.text results = GET('/group', payload={ 'query-filters': [['name', '=', ad_group], ['local', '=', False]], 'query-options': { 'extra': { "search_dscache": True } }, }) assert results.status_code == 200, results.text assert len(results.json()) == 1, results.text