From e5248a18c6525d6ce700d996508e187f7991ca59 Mon Sep 17 00:00:00 2001
From: Matthieu Huin <mhu@enovance.com>
Date: Mon, 2 Jun 2014 18:32:18 +0200
Subject: [PATCH] Adds test for CW policy file, meant to be run on devstack

---
 tests/test_CWpolicy.sh | 68 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100755 tests/test_CWpolicy.sh

diff --git a/tests/test_CWpolicy.sh b/tests/test_CWpolicy.sh
new file mode 100755
index 0000000..7826256
--- /dev/null
+++ b/tests/test_CWpolicy.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+# assuming a devstack with the following parameters, where swiftpolicy mw
+# was added to the swift pipeline and using CWpolicy.json
+
+OS_ADMIN=admin
+OS_ADMIN_PASSWORD=admin
+OS_ADMIN_TENANT=admin
+OS_AUTH_URL=http://localhost:5000/v2.0
+
+# CW related variables
+CW_ROLE1=upload_disabled
+CW_ROLE2=remove_only
+CW_USER=cwuser
+
+# Create user, tenant, roles
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone tenant-create --name $CW_USER
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-create --name $CW_ROLE1
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-create --name $CW_ROLE2
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-create --name $CW_USER --tenant $CW_USER --pass $CW_USER --enabled true
+
+# Let's do regular stuff first
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role Member
+
+echo "testy test" > testytest
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj1 container1 testytest
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name delobj1 todelete testytest
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name delobj2 todelete testytest
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name delobj3 todelete testytest
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift list 
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj3
+
+# Now prevent uploads
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role $CW_ROLE1
+# fail
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj2 container1 testytest
+# pass
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift list
+# pass
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
+# pass
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj2
+# pass
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
+
+
+# Now authorize file removal only
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-remove --user $CW_USER --tenant $CW_USER --role $CW_ROLE1
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role $CW_ROLE2
+# fail
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj2 container1 testytest
+# pass
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift list
+# pass
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
+# pass
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj1
+# fail
+OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
+
+
+# cleanup
+rm testytest obj1
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-delete $CW_USER
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone tenant-delete $CW_USER
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-delete $CW_ROLE1
+OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-delete $CW_ROLE2