Merge branch 'testCW' of git.corp.cloudwatt.com:nassim.babaci/swiftpolicy into testCW
Conflicts: tests/test_CWpolicy.sh
This commit is contained in:
Nassim Babaci
@@ -13,17 +13,23 @@ OS_AUTH_URL=http://localhost:5000/v2.0
|
|||||||
CW_ROLE1=upload_disabled
|
CW_ROLE1=upload_disabled
|
||||||
CW_ROLE2=remove_only
|
CW_ROLE2=remove_only
|
||||||
CW_USER=cwuser
|
CW_USER=cwuser
|
||||||
|
CW_SUPPORT=support
|
||||||
|
|
||||||
# Create user, tenant, roles
|
# Create users, tenant, roles
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone tenant-create --name $CW_USER
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone tenant-create --name $CW_USER
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-create --name $CW_ROLE1
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-create --name $CW_ROLE1
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-create --name $CW_ROLE2
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-create --name $CW_ROLE2
|
||||||
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-create --name $CW_SUPPORT
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-create --name $CW_USER --tenant $CW_USER --pass $CW_USER --enabled true
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-create --name $CW_USER --tenant $CW_USER --pass $CW_USER --enabled true
|
||||||
|
# support user
|
||||||
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-create --name $CW_SUPPORT --pass $CW_SUPPORT --enabled true
|
||||||
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_SUPPORT --tenant $CW_USER --role $CW_SUPPORT
|
||||||
|
|
||||||
# Let's do regular stuff first
|
# Let's do regular stuff first
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role Member
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role Member
|
||||||
|
|
||||||
echo "testy test" > testytest
|
echo "testy test" > testytest
|
||||||
|
echo "* Regular user"
|
||||||
echo "Testing uploading an object/container"
|
echo "Testing uploading an object/container"
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj1 container1 testytest
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj1 container1 testytest
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name delobj1 todelete testytest
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name delobj1 todelete testytest
|
||||||
@@ -34,12 +40,16 @@ OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$O
|
|||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
|
||||||
echo "Testing deleting delobj3"
|
echo "Testing deleting delobj3"
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj3
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj3
|
||||||
|
echo "Testing download - object"
|
||||||
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
|
||||||
|
echo "Testing download - container"
|
||||||
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
# Now prevent uploads
|
# Now prevent uploads
|
||||||
echo "Applying $CW_ROLE1"
|
echo "Applying $CW_ROLE1"
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role $CW_ROLE1
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role $CW_ROLE1
|
||||||
echo "Testing upload"
|
echo "* Testing upload"
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj2 container1 testytest
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj2 container1 testytest
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Upload forbidden, all good"
|
echo "Upload forbidden, all good"
|
||||||
@@ -47,23 +57,25 @@ else
|
|||||||
echo "FAIL - User can upload data"
|
echo "FAIL - User can upload data"
|
||||||
fi;
|
fi;
|
||||||
# pass
|
# pass
|
||||||
echo "Testing listing container1"
|
echo "* Testing listing container1"
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift list container1
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift list container1
|
||||||
# pass
|
# pass
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
|
||||||
# pass
|
# pass
|
||||||
echo "Testing deletion"
|
echo "* Testing deletion"
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj2
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj2
|
||||||
# pass
|
# pass
|
||||||
echo "Testing download"
|
echo "* Testing download - object"
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
|
||||||
|
echo "* Testing download - container"
|
||||||
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
# Now authorize file removal only
|
# Now authorize file removal only
|
||||||
echo "Applying $CW_ROLE2"
|
echo "Applying $CW_ROLE2"
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-remove --user $CW_USER --tenant $CW_USER --role $CW_ROLE1
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-remove --user $CW_USER --tenant $CW_USER --role $CW_ROLE1
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role $CW_ROLE2
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role $CW_ROLE2
|
||||||
echo "Testing upload"
|
echo "* Testing upload"
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj2 container1 testytest
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj2 container1 testytest
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Upload forbidden, all good"
|
echo "Upload forbidden, all good"
|
||||||
@@ -71,30 +83,79 @@ else
|
|||||||
echo "FAIL - User can upload data"
|
echo "FAIL - User can upload data"
|
||||||
fi;
|
fi;
|
||||||
# pass
|
# pass
|
||||||
echo "Testing listing container1"
|
echo "* Testing listing container1"
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift list container1
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift list container1
|
||||||
# pass
|
# pass
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
|
||||||
# pass
|
# pass
|
||||||
echo "Testing deleting delobj1"
|
echo "* Testing deleting delobj1"
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj1
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj1
|
||||||
# fail
|
# fail
|
||||||
echo "Testing downloading object"
|
echo "* Testing downloading object"
|
||||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Download forbidden, all good"
|
echo "Download forbidden, all good"
|
||||||
else
|
else
|
||||||
echo "FAIL - User can download data"
|
echo "FAIL - User can download data"
|
||||||
fi;
|
fi;
|
||||||
|
echo "* Testing downloading container"
|
||||||
|
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "Download forbidden, all good"
|
||||||
|
else
|
||||||
|
echo "FAIL - User can download data"
|
||||||
|
fi;
|
||||||
|
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
# Testing support access
|
||||||
|
echo "Testing support user"
|
||||||
|
echo "* Testing upload"
|
||||||
|
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj2 container1 testytest
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "Upload forbidden, all good"
|
||||||
|
else
|
||||||
|
echo "FAIL - User can upload data"
|
||||||
|
fi;
|
||||||
|
# pass
|
||||||
|
echo "* Testing listing container1"
|
||||||
|
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift list container1
|
||||||
|
# pass
|
||||||
|
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift stat
|
||||||
|
# fail
|
||||||
|
echo "* Testing deleting delobj1"
|
||||||
|
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj1
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "Delete forbidden, all good"
|
||||||
|
else
|
||||||
|
echo "FAIL - User can delete data"
|
||||||
|
fi;
|
||||||
|
# fail
|
||||||
|
echo "* Testing downloading object"
|
||||||
|
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "Download forbidden, all good"
|
||||||
|
else
|
||||||
|
echo "FAIL - User can download data"
|
||||||
|
fi;
|
||||||
|
echo "* Testing downloading container"
|
||||||
|
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift download container1
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "Download forbidden, all good"
|
||||||
|
else
|
||||||
|
echo "FAIL - User can download data"
|
||||||
|
fi;
|
||||||
|
|
||||||
|
|
||||||
# cleanup
|
# cleanup
|
||||||
cleanup () {
|
cleanup () {
|
||||||
rm testytest obj1
|
rm testytest obj1
|
||||||
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-delete $CW_SUPPORT
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-delete $CW_USER
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-delete $CW_USER
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone tenant-delete $CW_USER
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone tenant-delete $CW_USER
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-delete $CW_ROLE1
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-delete $CW_ROLE1
|
||||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-delete $CW_ROLE2
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-delete $CW_ROLE2
|
||||||
|
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-delete $CW_SUPPORT
|
||||||
}
|
}
|
||||||
|
|
||||||
if [ "$CLEANUP" = "true" ]
|
if [ "$CLEANUP" = "true" ]
|
||||||
|
|||||||
Reference in New Issue
Block a user