summaryrefslogtreecommitdiffstats
path: root/tests/functional/authentication
diff options
context:
space:
mode:
Diffstat (limited to 'tests/functional/authentication')
-rw-r--r--tests/functional/authentication/test_auth_invalid_values.py164
1 files changed, 164 insertions, 0 deletions
diff --git a/tests/functional/authentication/test_auth_invalid_values.py b/tests/functional/authentication/test_auth_invalid_values.py
new file mode 100644
index 000000000..ddda9a1f1
--- /dev/null
+++ b/tests/functional/authentication/test_auth_invalid_values.py
@@ -0,0 +1,164 @@
+# Copyright (C) 2017-2018 Red Hat, Inc. <http://www.redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+"""
+ Description:
+ Test cases in this module tests negative scenario of authentication
+ feature by giving invalid values.
+"""
+from glusto.core import Glusto as g
+from glustolibs.gluster.gluster_base_class import (GlusterBaseClass,
+ runs_on)
+from glustolibs.gluster.exceptions import ExecutionError
+from glustolibs.gluster.volume_ops import set_volume_options
+from glustolibs.gluster.volume_libs import is_volume_exported
+
+
+@runs_on([['replicated', 'distributed', 'distributed-replicated',
+ 'dispersed', 'distributed-dispersed'],
+ ['glusterfs', 'nfs']])
+class AuthInvalidValues(GlusterBaseClass):
+ """
+ Tests to verify negative scenario in authentication allow and reject
+ options by giving invalid values
+ """
+ @classmethod
+ def setUpClass(cls):
+ """
+ Create and start volume
+ """
+ GlusterBaseClass.setUpClass.im_func(cls)
+ # Create and start volume
+ g.log.info("Starting volume setup process %s", cls.volname)
+ ret = cls.setup_volume()
+ if not ret:
+ raise ExecutionError("Failed to setup "
+ "and start volume %s" % cls.volname)
+ g.log.info("Successfully created and started the volume: %s",
+ cls.volname)
+
+ def set_invalid_auth(self, auth_opt, values_list):
+ """
+ Try to set invalid values on authentication options.
+
+ Args:
+ auth_opt(str): Authentication option which has to be set.
+ values_list(list): List of invalid values.
+ Return(bool):
+ True if set command failed due to invalid value.
+ False if the failure is due to some other reason.
+ """
+ error_msg_fuse = "not a valid internet-address-list"
+ error_msg_nfs = "not a valid mount-auth-address"
+
+ # Try to set invalid values.
+ for value in values_list:
+ auth_cmd = ("gluster volume set %s %s \"%s\""
+ % (self.volname, auth_opt, value))
+ ret, _, err = g.run(self.mnode, auth_cmd)
+ self.assertNotEqual(ret, 0, "Command to set %s value as %s didn't"
+ " fail as expected." % (auth_opt,
+ value))
+
+ # Verify whether the failure is due to invalid value.
+ if self.mount_type == "nfs":
+ if error_msg_nfs not in err:
+ g.log.error("Command to set %s value as %s has failed due"
+ " to unknown reason.", auth_opt, value)
+ return False
+
+ if self.mount_type == "glusterfs":
+ if error_msg_fuse not in err:
+ g.log.error("Command to set %s value as %s has failed due"
+ " to unknown reason.", auth_opt, value)
+ return False
+
+ g.log.info("Expected: Command to set %s value as %s has"
+ " failed due to invalid value.", auth_opt, value)
+ return True
+
+ def test_auth_invalid_values(self):
+ """
+ Verify negative scenario in authentication allow and reject options by
+ trying to set invalid values.
+ Steps:
+ 1. Create and start volume.
+ 2. Try to set the value "a/a", "192.{}.1.2", "/d1(a/a)",
+ "/d1(192.{}.1.2)" separately in auth.allow option.
+ 3. Try to set the value "a/a", "192.{}.1.2", "/d1(a/a)",
+ "/d1(192.{}.1.2)" separately in auth.reject option.
+ 4. Steps 2 and 3 should fail due to error "not a valid
+ internet-address-list"
+ 5. Verify volume is exported as nfs.
+ 6. Try to set the value "a/a", "192.{}.1.2", "/d1(a/a)",
+ "/d1(192.{}.1.2)" separately in nfs.rpc-auth-allow option.
+ 7. Try to set the value "a/a", "192.{}.1.2", "/d1(a/a)",
+ "/d1(192.{}.1.2)" separately in nfs.rpc-auth-reject option.
+ 8. Steps 6 and 7 should fail due to error "not a valid
+ mount-auth-address"
+ """
+ invalid_values = ["a/a", "192.{}.1.2", "/d1(a/a)", "/d1(192.{}.1.2)"]
+
+ if self.mount_type == "glusterfs":
+ # Try to set invalid values in auth.allow option.
+ ret = self.set_invalid_auth("auth.allow", invalid_values)
+ self.assertTrue(ret, "Failure of command to set auth.allow value "
+ "is not because of invalid values.")
+ g.log.info("Successfully verified auth.allow set command using"
+ " invalid values. Command failed as expected.")
+
+ # Try to set invalid values in auth.reject option.
+ ret = self.set_invalid_auth("auth.reject", invalid_values)
+ self.assertTrue(ret, "Failure of command to set auth.reject value"
+ " is not because of invalid values.")
+ g.log.info("Successfully verified auth.reject set command using"
+ " invalid values. Command failed as expected.")
+
+ if self.mount_type == "nfs":
+ # Check whether volume is exported as gnfs
+ ret = is_volume_exported(self.mnode, self.volname,
+ self.mount_type)
+ self.assertTrue(ret, "Volume is not exported as nfs")
+
+ # Enable nfs.addr-namelookup option.
+ ret = set_volume_options(self.mnode, self.volname,
+ {"nfs.addr-namelookup": "enable"})
+ self.assertTrue(ret, "Failed to enable nfs.addr-namelookup "
+ "option.")
+
+ # Try to set invalid values in nfs.rpc-auth-allow option.
+ ret = self.set_invalid_auth("nfs.rpc-auth-allow", invalid_values)
+ self.assertTrue(ret, "Command failure to set nfs.rpc-auth-allow"
+ " value is not because of invalid values.")
+ g.log.info("Successfully verified nfs.rpc-auth-allow set command"
+ " using invalid values. Command failed as expected.")
+
+ # Try to set invalid values in nfs.rpc-auth-reject option.
+ self.set_invalid_auth("nfs.rpc-auth-reject", invalid_values)
+ self.assertTrue(ret, "Command failure to set nfs.rpc-auth-reject"
+ " value is not because of invalid values.")
+ g.log.info("Successfully verified nfs.rpc-auth-reject set command"
+ " using invalid values. Command failed as expected.")
+
+ def tearDown(self):
+ """
+ Cleanup volume
+ """
+ g.log.info("Cleaning up volume")
+ ret = self.cleanup_volume()
+ if not ret:
+ raise ExecutionError("Failed to cleanup volume.")
+ g.log.info("Volume cleanup was successful.")