Add tempest tests for "cert" based access type
Closes Bug: #1486006 Change-Id: If774eabee53c32acd37ba1c49e7b64f4383cc1bc
This commit is contained in:
parent
815866b7d2
commit
3178e70cb5
@ -148,6 +148,49 @@ class ShareUserRulesForCIFSTest(ShareUserRulesForNFSTest):
|
||||
_create_delete_ro_access_rule(self)
|
||||
|
||||
|
||||
class ShareCertRulesForGLUSTERFSTest(base.BaseSharesTest):
|
||||
protocol = "glusterfs"
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(ShareCertRulesForGLUSTERFSTest, cls).resource_setup()
|
||||
if (cls.protocol not in CONF.share.enable_protocols or
|
||||
cls.protocol not in
|
||||
CONF.share.enable_cert_rules_for_protocols):
|
||||
msg = "Cert rule tests for %s protocol are disabled" % cls.protocol
|
||||
raise cls.skipException(msg)
|
||||
cls.share = cls.create_share(cls.protocol)
|
||||
cls.access_type = "cert"
|
||||
# Provide access to a client identified by a common name (CN) of the
|
||||
# certificate that it possesses.
|
||||
cls.access_to = "client1.com"
|
||||
|
||||
@test.attr(type=["gate", ])
|
||||
def test_create_delete_cert_rule(self):
|
||||
|
||||
# create rule
|
||||
rule = self.shares_client.create_access_rule(
|
||||
self.share["id"], self.access_type, self.access_to)
|
||||
self.assertEqual('rw', rule['access_level'])
|
||||
self.shares_client.wait_for_access_rule_status(
|
||||
self.share["id"], rule["id"], "active")
|
||||
|
||||
# delete rule
|
||||
self.shares_client.delete_access_rule(self.share["id"], rule["id"])
|
||||
|
||||
@test.attr(type=["gate", ])
|
||||
@testtools.skipIf(
|
||||
"glusterfs" not in CONF.share.enable_ro_access_level_for_protocols,
|
||||
"RO access rule tests are disabled for GLUSTERFS protocol.")
|
||||
def test_create_delete_cert_ro_access_rule(self):
|
||||
rule = self.shares_client.create_access_rule(
|
||||
self.share["id"], 'cert', 'client2.com', 'ro')
|
||||
self.assertEqual('ro', rule['access_level'])
|
||||
self.shares_client.wait_for_access_rule_status(
|
||||
self.share["id"], rule["id"], "active")
|
||||
self.shares_client.delete_access_rule(self.share["id"], rule["id"])
|
||||
|
||||
|
||||
class ShareRulesTest(base.BaseSharesTest):
|
||||
|
||||
@classmethod
|
||||
@ -156,6 +199,8 @@ class ShareRulesTest(base.BaseSharesTest):
|
||||
if not (any(p in CONF.share.enable_ip_rules_for_protocols
|
||||
for p in cls.protocols) or
|
||||
any(p in CONF.share.enable_user_rules_for_protocols
|
||||
for p in cls.protocols) or
|
||||
any(p in CONF.share.enable_cert_rules_for_protocols
|
||||
for p in cls.protocols)):
|
||||
cls.message = "Rule tests are disabled"
|
||||
raise cls.skipException(cls.message)
|
||||
@ -174,6 +219,10 @@ class ShareRulesTest(base.BaseSharesTest):
|
||||
self.access_type = "user"
|
||||
self.access_to = CONF.share.username_for_user_rules
|
||||
protocol = CONF.share.enable_user_rules_for_protocols[0]
|
||||
elif CONF.share.enable_cert_rules_for_protocols:
|
||||
self.access_type = "cert"
|
||||
self.access_to = "client3.com"
|
||||
protocol = CONF.share.enable_cert_rules_for_protocols[0]
|
||||
else:
|
||||
raise self.skipException(self.message)
|
||||
self.shares_client.protocol = protocol
|
||||
|
@ -198,6 +198,60 @@ class ShareUserRulesForCIFSNegativeTest(ShareUserRulesForNFSNegativeTest):
|
||||
protocol = "cifs"
|
||||
|
||||
|
||||
class ShareCertRulesForGLUSTERFSNegativeTest(base.BaseSharesTest):
|
||||
protocol = "glusterfs"
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(ShareCertRulesForGLUSTERFSNegativeTest, cls).resource_setup()
|
||||
if not (cls.protocol in CONF.share.enable_protocols and
|
||||
cls.protocol in CONF.share.enable_cert_rules_for_protocols):
|
||||
msg = "CERT rule tests for %s protocol are disabled" % cls.protocol
|
||||
raise cls.skipException(msg)
|
||||
# create share
|
||||
cls.share = cls.create_share(cls.protocol)
|
||||
if CONF.share.run_snapshot_tests:
|
||||
# create snapshot
|
||||
cls.snap = cls.create_snapshot_wait_for_active(cls.share["id"])
|
||||
|
||||
@test.attr(type=["negative", "gate", ])
|
||||
def test_create_access_rule_cert_with_empty_common_name(self):
|
||||
self.assertRaises(lib_exc.BadRequest,
|
||||
self.shares_client.create_access_rule,
|
||||
self.share["id"], "cert", "")
|
||||
|
||||
@test.attr(type=["negative", "gate", ])
|
||||
def test_create_access_rule_cert_with_whitespace_common_name(self):
|
||||
self.assertRaises(lib_exc.BadRequest,
|
||||
self.shares_client.create_access_rule,
|
||||
self.share["id"], "cert", " ")
|
||||
|
||||
@test.attr(type=["negative", "gate", ])
|
||||
def test_create_access_rule_cert_with_too_big_common_name(self):
|
||||
# common name cannot be more than 64 characters long
|
||||
self.assertRaises(lib_exc.BadRequest,
|
||||
self.shares_client.create_access_rule,
|
||||
self.share["id"], "cert", "a" * 65)
|
||||
|
||||
@test.attr(type=["negative", "gate", ])
|
||||
@testtools.skipUnless(CONF.share.run_snapshot_tests,
|
||||
"Snapshot tests are disabled.")
|
||||
def test_create_access_rule_cert_to_snapshot(self):
|
||||
self.assertRaises(lib_exc.NotFound,
|
||||
self.shares_client.create_access_rule,
|
||||
self.snap["id"],
|
||||
access_type="cert",
|
||||
access_to="fakeclient1.com")
|
||||
|
||||
@test.attr(type=["negative", "gate", ])
|
||||
def test_create_access_rule_cert_with_wrong_share_id(self):
|
||||
self.assertRaises(lib_exc.NotFound,
|
||||
self.shares_client.create_access_rule,
|
||||
"wrong_share_id",
|
||||
access_type="cert",
|
||||
access_to="fakeclient2.com")
|
||||
|
||||
|
||||
class ShareRulesNegativeTest(base.BaseSharesTest):
|
||||
# Tests independent from rule type and share protocol
|
||||
|
||||
@ -207,6 +261,8 @@ class ShareRulesNegativeTest(base.BaseSharesTest):
|
||||
if not (any(p in CONF.share.enable_ip_rules_for_protocols
|
||||
for p in cls.protocols) or
|
||||
any(p in CONF.share.enable_user_rules_for_protocols
|
||||
for p in cls.protocols) or
|
||||
any(p in CONF.share.enable_cert_rules_for_protocols
|
||||
for p in cls.protocols)):
|
||||
cls.message = "Rule tests are disabled"
|
||||
raise cls.skipException(cls.message)
|
||||
|
@ -62,6 +62,9 @@ ShareGroup = [
|
||||
default=[],
|
||||
help="Selection of protocols, that should "
|
||||
"be covered with user rule tests"),
|
||||
cfg.ListOpt("enable_cert_rules_for_protocols",
|
||||
default=["glusterfs", ],
|
||||
help="Protocols that should be covered with cert rule tests."),
|
||||
cfg.StrOpt("username_for_user_rules",
|
||||
default="Administrator",
|
||||
help="Username, that will be used in user tests."),
|
||||
|
Loading…
Reference in New Issue
Block a user