Test access control for single host addresses
In CIDR notation, the max prefix-length is typically used to denote individual host addresses, for example: 2620:52:0:13b8::fe:e7 and 2620:52:0:13b8::fe:e7/128 are semantically the same. Test the fix submitted in I6e790fd0edd82064a3c5cda8a919c9eeb2da85d0 Depends-On: https://review.openstack.org/#/c/568364/ Depends-On: https://review.openstack.org/#/c/568650 Change-Id: Ife0db1db1b3c1efc99b34da972701cf6011e907a Related-Bug: 1767430
This commit is contained in:
parent
42329e2a9f
commit
7c56035bb6
@ -123,6 +123,39 @@ class ShareIpRulesForNFSNegativeTest(base.BaseSharesMixedTest):
|
||||
self.shares_v2_client.wait_for_resource_deletion(
|
||||
rule_id=rule["id"], share_id=self.share["id"], version=version)
|
||||
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
@ddt.data("10.20.30.40", "fd8c:b029:bba6:ac54::1",
|
||||
"fd2c:b029:bba6:df54::1/128", "10.10.30.40/32")
|
||||
def test_create_duplicate_single_host_rules(self, access_to):
|
||||
"""Test rules for individual clients with and without max-prefix."""
|
||||
if ':' in access_to and utils.is_microversion_lt(
|
||||
'2.38', CONF.share.max_api_microversion):
|
||||
reason = ("Skipped. IPv6 rules are accepted from and beyond "
|
||||
"API version 2.38, the configured maximum API version "
|
||||
"is %s" % CONF.share.max_api_microversion)
|
||||
raise self.skipException(reason)
|
||||
|
||||
rule = self.shares_v2_client.create_access_rule(
|
||||
self.share["id"], "ip", access_to)
|
||||
self.addCleanup(self.shares_v2_client.delete_access_rule,
|
||||
self.share["id"], rule['id'])
|
||||
self.shares_v2_client.wait_for_share_status(
|
||||
self.share["id"], "active", status_attr='access_rules_status')
|
||||
|
||||
self.assertRaises(lib_exc.BadRequest,
|
||||
self.shares_v2_client.create_access_rule,
|
||||
self.share["id"], "ip", access_to)
|
||||
|
||||
if '/' in access_to:
|
||||
access_to = access_to.split("/")[0]
|
||||
else:
|
||||
access_to = ('%s/32' % access_to if '.' in access_to else
|
||||
'%s/128' % access_to)
|
||||
|
||||
self.assertRaises(lib_exc.BadRequest,
|
||||
self.shares_v2_client.create_access_rule,
|
||||
self.share["id"], "ip", access_to)
|
||||
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_add_access_rule_on_share_with_no_host(self):
|
||||
access_type, access_to = self._get_access_rule_data_from_config()
|
||||
|
@ -21,6 +21,7 @@ from testtools import testcase as tc
|
||||
|
||||
from manila_tempest_tests.tests.api import base
|
||||
from manila_tempest_tests.tests.api import test_snapshot_rules
|
||||
from manila_tempest_tests import utils
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
@ -58,14 +59,22 @@ class SnapshotIpRulesForNFSNegativeTest(
|
||||
self.snap["id"], "ip", target)
|
||||
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_create_duplicate_of_ip_rule(self):
|
||||
self._test_duplicate_rules()
|
||||
self._test_duplicate_rules()
|
||||
@ddt.data("1.2.3.4", "fd8c:b029:bba6:ac54::1",
|
||||
"fd8c:b029:bba6:ac54::1/128", "1.2.3.4/32")
|
||||
def test_create_duplicate_of_ip_rule(self, access_to):
|
||||
self._test_duplicate_rules(access_to)
|
||||
self._test_duplicate_rules(access_to)
|
||||
|
||||
def _test_duplicate_rules(self, access_to):
|
||||
if ':' in access_to and utils.is_microversion_lt(
|
||||
'2.38', CONF.share.max_api_microversion):
|
||||
reason = ("Skipped. IPv6 rules are accepted from and beyond "
|
||||
"API version 2.38, the configured maximum API version "
|
||||
"is %s" % CONF.share.max_api_microversion)
|
||||
raise self.skipException(reason)
|
||||
|
||||
def _test_duplicate_rules(self):
|
||||
# test data
|
||||
access_type = "ip"
|
||||
access_to = "1.2.3.4"
|
||||
|
||||
# create rule
|
||||
rule = self.shares_v2_client.create_snapshot_access_rule(
|
||||
@ -79,6 +88,16 @@ class SnapshotIpRulesForNFSNegativeTest(
|
||||
self.shares_v2_client.create_snapshot_access_rule,
|
||||
self.snap["id"], access_type, access_to)
|
||||
|
||||
# try alternate notation
|
||||
if '/' in access_to:
|
||||
access_to = access_to.split("/")[0]
|
||||
else:
|
||||
access_to = ('%s/32' % access_to if '.' in access_to else
|
||||
'%s/128' % access_to)
|
||||
self.assertRaises(lib_exc.BadRequest,
|
||||
self.shares_v2_client.create_snapshot_access_rule,
|
||||
self.snap["id"], access_type, access_to)
|
||||
|
||||
# delete rule and wait for deletion
|
||||
self.shares_v2_client.delete_snapshot_access_rule(self.snap['id'],
|
||||
rule['id'])
|
||||
|
Loading…
Reference in New Issue
Block a user