1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
# Copyright (C) 2017-2018 Red Hat, Inc. <http://www.redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
"""
Description:
Test cases in this module tests negative scenario of authentication
feature by giving invalid values.
"""
from glusto.core import Glusto as g
from glustolibs.gluster.gluster_base_class import (GlusterBaseClass,
runs_on)
from glustolibs.gluster.exceptions import ExecutionError
from glustolibs.gluster.volume_ops import set_volume_options
from glustolibs.gluster.volume_libs import is_volume_exported
@runs_on([['replicated', 'distributed', 'distributed-replicated',
'dispersed', 'distributed-dispersed'],
['glusterfs', 'nfs']])
class AuthInvalidValues(GlusterBaseClass):
"""
Tests to verify negative scenario in authentication allow and reject
options by giving invalid values
"""
@classmethod
def setUpClass(cls):
"""
Create and start volume
"""
GlusterBaseClass.setUpClass.im_func(cls)
# Create and start volume
g.log.info("Starting volume setup process %s", cls.volname)
ret = cls.setup_volume()
if not ret:
raise ExecutionError("Failed to setup "
"and start volume %s" % cls.volname)
g.log.info("Successfully created and started the volume: %s",
cls.volname)
def set_invalid_auth(self, auth_opt, values_list):
"""
Try to set invalid values on authentication options.
Args:
auth_opt(str): Authentication option which has to be set.
values_list(list): List of invalid values.
Return(bool):
True if set command failed due to invalid value.
False if the failure is due to some other reason.
"""
error_msg_fuse = "not a valid internet-address-list"
error_msg_nfs = "not a valid mount-auth-address"
# Try to set invalid values.
for value in values_list:
auth_cmd = ("gluster volume set %s %s \"%s\""
% (self.volname, auth_opt, value))
ret, _, err = g.run(self.mnode, auth_cmd)
self.assertNotEqual(ret, 0, "Command to set %s value as %s didn't"
" fail as expected." % (auth_opt,
value))
# Verify whether the failure is due to invalid value.
if self.mount_type == "nfs":
if error_msg_nfs not in err:
g.log.error("Command to set %s value as %s has failed due"
" to unknown reason.", auth_opt, value)
return False
if self.mount_type == "glusterfs":
if error_msg_fuse not in err:
g.log.error("Command to set %s value as %s has failed due"
" to unknown reason.", auth_opt, value)
return False
g.log.info("Expected: Command to set %s value as %s has"
" failed due to invalid value.", auth_opt, value)
return True
def test_auth_invalid_values(self):
"""
Verify negative scenario in authentication allow and reject options by
trying to set invalid values.
Steps:
1. Create and start volume.
2. Try to set the value "a/a", "192.{}.1.2", "/d1(a/a)",
"/d1(192.{}.1.2)" separately in auth.allow option.
3. Try to set the value "a/a", "192.{}.1.2", "/d1(a/a)",
"/d1(192.{}.1.2)" separately in auth.reject option.
4. Steps 2 and 3 should fail due to error "not a valid
internet-address-list"
5. Verify volume is exported as nfs.
6. Try to set the value "a/a", "192.{}.1.2", "/d1(a/a)",
"/d1(192.{}.1.2)" separately in nfs.rpc-auth-allow option.
7. Try to set the value "a/a", "192.{}.1.2", "/d1(a/a)",
"/d1(192.{}.1.2)" separately in nfs.rpc-auth-reject option.
8. Steps 6 and 7 should fail due to error "not a valid
mount-auth-address"
"""
invalid_values = ["a/a", "192.{}.1.2", "/d1(a/a)", "/d1(192.{}.1.2)"]
if self.mount_type == "glusterfs":
# Try to set invalid values in auth.allow option.
ret = self.set_invalid_auth("auth.allow", invalid_values)
self.assertTrue(ret, "Failure of command to set auth.allow value "
"is not because of invalid values.")
g.log.info("Successfully verified auth.allow set command using"
" invalid values. Command failed as expected.")
# Try to set invalid values in auth.reject option.
ret = self.set_invalid_auth("auth.reject", invalid_values)
self.assertTrue(ret, "Failure of command to set auth.reject value"
" is not because of invalid values.")
g.log.info("Successfully verified auth.reject set command using"
" invalid values. Command failed as expected.")
if self.mount_type == "nfs":
# Check whether volume is exported as gnfs
ret = is_volume_exported(self.mnode, self.volname,
self.mount_type)
self.assertTrue(ret, "Volume is not exported as nfs")
# Enable nfs.addr-namelookup option.
ret = set_volume_options(self.mnode, self.volname,
{"nfs.addr-namelookup": "enable"})
self.assertTrue(ret, "Failed to enable nfs.addr-namelookup "
"option.")
# Try to set invalid values in nfs.rpc-auth-allow option.
ret = self.set_invalid_auth("nfs.rpc-auth-allow", invalid_values)
self.assertTrue(ret, "Command failure to set nfs.rpc-auth-allow"
" value is not because of invalid values.")
g.log.info("Successfully verified nfs.rpc-auth-allow set command"
" using invalid values. Command failed as expected.")
# Try to set invalid values in nfs.rpc-auth-reject option.
self.set_invalid_auth("nfs.rpc-auth-reject", invalid_values)
self.assertTrue(ret, "Command failure to set nfs.rpc-auth-reject"
" value is not because of invalid values.")
g.log.info("Successfully verified nfs.rpc-auth-reject set command"
" using invalid values. Command failed as expected.")
def tearDown(self):
"""
Cleanup volume
"""
g.log.info("Cleaning up volume")
ret = self.cleanup_volume()
if not ret:
raise ExecutionError("Failed to cleanup volume.")
g.log.info("Volume cleanup was successful.")
|
