]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | """ |
2 | Run a set of s3 tests on rgw. | |
3 | """ | |
e306af50 | 4 | from io import BytesIO |
7c673cae FG |
5 | from configobj import ConfigObj |
6 | import base64 | |
7 | import contextlib | |
8 | import logging | |
9 | import os | |
10 | import random | |
11 | import string | |
12 | ||
7c673cae FG |
13 | from teuthology import misc as teuthology |
14 | from teuthology import contextutil | |
15 | from teuthology.config import config as teuth_config | |
16 | from teuthology.orchestra import run | |
9f95a23c | 17 | from teuthology.exceptions import ConfigError |
7c673cae FG |
18 | |
19 | log = logging.getLogger(__name__) | |
20 | ||
7c673cae FG |
21 | @contextlib.contextmanager |
22 | def download(ctx, config): | |
23 | """ | |
24 | Download the s3 tests from the git builder. | |
25 | Remove downloaded s3 file upon exit. | |
26 | ||
27 | The context passed in should be identical to the context | |
28 | passed in to the main task. | |
29 | """ | |
30 | assert isinstance(config, dict) | |
31 | log.info('Downloading s3-tests...') | |
32 | testdir = teuthology.get_testdir(ctx) | |
92f5a8d4 TL |
33 | for (client, client_config) in config.items(): |
34 | s3tests_branch = client_config.get('force-branch', None) | |
35 | if not s3tests_branch: | |
7c673cae | 36 | raise ValueError( |
92f5a8d4 TL |
37 | "Could not determine what branch to use for s3-tests. Please add 'force-branch: {s3-tests branch name}' to the .yaml config for this s3tests task.") |
38 | ||
39 | log.info("Using branch '%s' for s3tests", s3tests_branch) | |
40 | sha1 = client_config.get('sha1') | |
41 | git_remote = client_config.get('git_remote', teuth_config.ceph_git_base_url) | |
7c673cae FG |
42 | ctx.cluster.only(client).run( |
43 | args=[ | |
44 | 'git', 'clone', | |
92f5a8d4 | 45 | '-b', s3tests_branch, |
31f18b77 | 46 | git_remote + 's3-tests.git', |
39ae355f | 47 | '{tdir}/s3-tests-{client}'.format(tdir=testdir, client=client), |
7c673cae FG |
48 | ], |
49 | ) | |
50 | if sha1 is not None: | |
51 | ctx.cluster.only(client).run( | |
52 | args=[ | |
39ae355f | 53 | 'cd', '{tdir}/s3-tests-{client}'.format(tdir=testdir, client=client), |
7c673cae FG |
54 | run.Raw('&&'), |
55 | 'git', 'reset', '--hard', sha1, | |
56 | ], | |
57 | ) | |
58 | try: | |
59 | yield | |
60 | finally: | |
61 | log.info('Removing s3-tests...') | |
62 | testdir = teuthology.get_testdir(ctx) | |
63 | for client in config: | |
64 | ctx.cluster.only(client).run( | |
65 | args=[ | |
66 | 'rm', | |
67 | '-rf', | |
39ae355f | 68 | '{tdir}/s3-tests-{client}'.format(tdir=testdir, client=client), |
7c673cae FG |
69 | ], |
70 | ) | |
71 | ||
72 | ||
73 | def _config_user(s3tests_conf, section, user): | |
74 | """ | |
75 | Configure users for this section by stashing away keys, ids, and | |
76 | email addresses. | |
77 | """ | |
78 | s3tests_conf[section].setdefault('user_id', user) | |
79 | s3tests_conf[section].setdefault('email', '{user}+test@test.test'.format(user=user)) | |
80 | s3tests_conf[section].setdefault('display_name', 'Mr. {user}'.format(user=user)) | |
e306af50 TL |
81 | s3tests_conf[section].setdefault('access_key', |
82 | ''.join(random.choice(string.ascii_uppercase) for i in range(20))) | |
83 | s3tests_conf[section].setdefault('secret_key', | |
f67539c2 | 84 | base64.b64encode(os.urandom(40)).decode()) |
e306af50 TL |
85 | s3tests_conf[section].setdefault('totp_serial', |
86 | ''.join(random.choice(string.digits) for i in range(10))) | |
87 | s3tests_conf[section].setdefault('totp_seed', | |
f67539c2 | 88 | base64.b32encode(os.urandom(40)).decode()) |
11fdf7f2 | 89 | s3tests_conf[section].setdefault('totp_seconds', '5') |
7c673cae FG |
90 | |
91 | ||
92 | @contextlib.contextmanager | |
93 | def create_users(ctx, config): | |
94 | """ | |
95 | Create a main and an alternate s3 user. | |
96 | """ | |
97 | assert isinstance(config, dict) | |
98 | log.info('Creating rgw users...') | |
99 | testdir = teuthology.get_testdir(ctx) | |
f67539c2 | 100 | |
1e59de90 TL |
101 | users = {'s3 main': 'foo', 's3 alt': 'bar', 's3 tenant': 'testx$tenanteduser', 'iam': 'foobar'} |
102 | for client in config['clients']: | |
103 | s3tests_conf = config['s3tests_conf'][client] | |
104 | s3tests_conf.setdefault('fixtures', {}) | |
105 | s3tests_conf['fixtures'].setdefault('bucket prefix', 'test-' + client + '-{random}-') | |
106 | for section, user in users.items(): | |
107 | _config_user(s3tests_conf, section, '{user}.{client}'.format(user=user, client=client)) | |
108 | log.debug('Creating user {user} on {host}'.format(user=s3tests_conf[section]['user_id'], host=client)) | |
109 | cluster_name, daemon_type, client_id = teuthology.split_role(client) | |
110 | client_with_id = daemon_type + '.' + client_id | |
111 | # create user | |
112 | ctx.cluster.only(client).run( | |
113 | args=[ | |
114 | 'adjust-ulimits', | |
115 | 'ceph-coverage', | |
116 | '{tdir}/archive/coverage'.format(tdir=testdir), | |
117 | 'radosgw-admin', | |
118 | '-n', client_with_id, | |
119 | 'user', 'create', | |
120 | '--uid', s3tests_conf[section]['user_id'], | |
121 | '--display-name', s3tests_conf[section]['display_name'], | |
122 | '--email', s3tests_conf[section]['email'], | |
123 | '--caps', 'user-policy=*', | |
124 | '--access-key', s3tests_conf[section]['access_key'], | |
125 | '--secret', s3tests_conf[section]['secret_key'], | |
126 | '--cluster', cluster_name, | |
127 | ], | |
128 | ) | |
f67539c2 | 129 | |
1e59de90 TL |
130 | if not ctx.dbstore_variable: |
131 | ctx.cluster.only(client).run( | |
132 | args=[ | |
133 | 'adjust-ulimits', | |
134 | 'ceph-coverage', | |
135 | '{tdir}/archive/coverage'.format(tdir=testdir), | |
136 | 'radosgw-admin', | |
137 | '-n', client_with_id, | |
138 | 'mfa', 'create', | |
139 | '--uid', s3tests_conf[section]['user_id'], | |
140 | '--totp-serial', s3tests_conf[section]['totp_serial'], | |
141 | '--totp-seed', s3tests_conf[section]['totp_seed'], | |
142 | '--totp-seconds', s3tests_conf[section]['totp_seconds'], | |
143 | '--totp-window', '8', | |
144 | '--totp-seed-type', 'base32', | |
145 | '--cluster', cluster_name, | |
146 | ], | |
147 | ) | |
f67539c2 | 148 | |
1e59de90 TL |
149 | # add/configure caps for iam user |
150 | if section=='iam': | |
f67539c2 | 151 | ctx.cluster.only(client).run( |
1e59de90 TL |
152 | args=[ |
153 | 'adjust-ulimits', | |
154 | 'ceph-coverage', | |
155 | '{tdir}/archive/coverage'.format(tdir=testdir), | |
156 | 'radosgw-admin', | |
157 | '-n', client_with_id, | |
158 | 'caps', 'add', | |
159 | '--uid', s3tests_conf[section]['user_id'], | |
160 | '--caps', 'roles=*', | |
161 | '--cluster', cluster_name, | |
162 | ], | |
163 | ) | |
f67539c2 | 164 | ctx.cluster.only(client).run( |
1e59de90 TL |
165 | args=[ |
166 | 'adjust-ulimits', | |
167 | 'ceph-coverage', | |
168 | '{tdir}/archive/coverage'.format(tdir=testdir), | |
169 | 'radosgw-admin', | |
170 | '-n', client_with_id, | |
171 | 'caps', 'add', | |
172 | '--uid', s3tests_conf[section]['user_id'], | |
173 | '--caps', 'oidc-provider=*', | |
174 | '--cluster', cluster_name, | |
175 | ], | |
176 | ) | |
f67539c2 TL |
177 | |
178 | if "TOKEN" in os.environ: | |
179 | s3tests_conf.setdefault('webidentity', {}) | |
180 | s3tests_conf['webidentity'].setdefault('token',os.environ['TOKEN']) | |
181 | s3tests_conf['webidentity'].setdefault('aud',os.environ['AUD']) | |
20effc67 TL |
182 | s3tests_conf['webidentity'].setdefault('sub',os.environ['SUB']) |
183 | s3tests_conf['webidentity'].setdefault('azp',os.environ['AZP']) | |
184 | s3tests_conf['webidentity'].setdefault('user_token',os.environ['USER_TOKEN']) | |
f67539c2 TL |
185 | s3tests_conf['webidentity'].setdefault('thumbprint',os.environ['THUMBPRINT']) |
186 | s3tests_conf['webidentity'].setdefault('KC_REALM',os.environ['KC_REALM']) | |
187 | ||
7c673cae FG |
188 | try: |
189 | yield | |
190 | finally: | |
191 | for client in config['clients']: | |
e306af50 | 192 | for user in users.values(): |
7c673cae FG |
193 | uid = '{user}.{client}'.format(user=user, client=client) |
194 | cluster_name, daemon_type, client_id = teuthology.split_role(client) | |
195 | client_with_id = daemon_type + '.' + client_id | |
196 | ctx.cluster.only(client).run( | |
197 | args=[ | |
198 | 'adjust-ulimits', | |
199 | 'ceph-coverage', | |
200 | '{tdir}/archive/coverage'.format(tdir=testdir), | |
201 | 'radosgw-admin', | |
202 | '-n', client_with_id, | |
203 | 'user', 'rm', | |
204 | '--uid', uid, | |
205 | '--purge-data', | |
206 | '--cluster', cluster_name, | |
207 | ], | |
208 | ) | |
209 | ||
210 | ||
211 | @contextlib.contextmanager | |
212 | def configure(ctx, config): | |
213 | """ | |
1e59de90 | 214 | Create the config files for s3tests an boto. |
7c673cae FG |
215 | """ |
216 | assert isinstance(config, dict) | |
217 | log.info('Configuring s3-tests...') | |
218 | testdir = teuthology.get_testdir(ctx) | |
9f95a23c TL |
219 | for client, properties in config['clients'].items(): |
220 | properties = properties or {} | |
7c673cae | 221 | s3tests_conf = config['s3tests_conf'][client] |
9f95a23c TL |
222 | s3tests_conf['DEFAULT']['calling_format'] = properties.get('calling-format', 'ordinary') |
223 | ||
224 | # use rgw_server if given, or default to local client | |
225 | role = properties.get('rgw_server', client) | |
226 | ||
227 | endpoint = ctx.rgw.role_endpoints.get(role) | |
228 | assert endpoint, 's3tests: no rgw endpoint for {}'.format(role) | |
229 | ||
230 | s3tests_conf['DEFAULT']['host'] = endpoint.dns_name | |
231 | ||
232 | website_role = properties.get('rgw_website_server') | |
233 | if website_role: | |
234 | website_endpoint = ctx.rgw.role_endpoints.get(website_role) | |
235 | assert website_endpoint, \ | |
236 | 's3tests: no rgw endpoint for rgw_website_server {}'.format(website_role) | |
237 | assert website_endpoint.website_dns_name, \ | |
238 | 's3tests: no dns-s3website-name for rgw_website_server {}'.format(website_role) | |
239 | s3tests_conf['DEFAULT']['s3website_domain'] = website_endpoint.website_dns_name | |
240 | ||
241 | if hasattr(ctx, 'barbican'): | |
242 | properties = properties['barbican'] | |
243 | if properties is not None and 'kms_key' in properties: | |
244 | if not (properties['kms_key'] in ctx.barbican.keys): | |
245 | raise ConfigError('Key '+properties['kms_key']+' not defined') | |
246 | ||
247 | if not (properties['kms_key2'] in ctx.barbican.keys): | |
248 | raise ConfigError('Key '+properties['kms_key2']+' not defined') | |
249 | ||
250 | key = ctx.barbican.keys[properties['kms_key']] | |
251 | s3tests_conf['DEFAULT']['kms_keyid'] = key['id'] | |
252 | ||
253 | key = ctx.barbican.keys[properties['kms_key2']] | |
254 | s3tests_conf['DEFAULT']['kms_keyid2'] = key['id'] | |
255 | ||
256 | elif hasattr(ctx, 'vault'): | |
f67539c2 TL |
257 | engine_or_flavor = vars(ctx.vault).get('flavor',ctx.vault.engine) |
258 | keys=[] | |
259 | for name in (x['Path'] for x in vars(ctx.vault).get('keys', {}).get(ctx.rgw.vault_role)): | |
260 | keys.append(name) | |
261 | ||
262 | keys.extend(['testkey-1','testkey-2']) | |
263 | if engine_or_flavor == "old": | |
264 | keys=[keys[i] + "/1" for i in range(len(keys))] | |
265 | ||
266 | properties = properties.get('vault_%s' % engine_or_flavor, {}) | |
267 | s3tests_conf['DEFAULT']['kms_keyid'] = properties.get('key_path', keys[0]) | |
268 | s3tests_conf['DEFAULT']['kms_keyid2'] = properties.get('key_path2', keys[1]) | |
269 | elif hasattr(ctx.rgw, 'pykmip_role'): | |
270 | keys=[] | |
271 | for name in (x['Name'] for x in ctx.pykmip.keys[ctx.rgw.pykmip_role]): | |
272 | p=name.partition('-') | |
273 | keys.append(p[2] if p[2] else p[0]) | |
274 | keys.extend(['testkey-1', 'testkey-2']) | |
275 | s3tests_conf['DEFAULT']['kms_keyid'] = properties.get('kms_key', keys[0]) | |
276 | s3tests_conf['DEFAULT']['kms_keyid2'] = properties.get('kms_key2', keys[1]) | |
7c673cae | 277 | else: |
9f95a23c TL |
278 | # Fallback scenario where it's the local (ceph.conf) kms being tested |
279 | s3tests_conf['DEFAULT']['kms_keyid'] = 'testkey-1' | |
280 | s3tests_conf['DEFAULT']['kms_keyid2'] = 'testkey-2' | |
7c673cae | 281 | |
9f95a23c TL |
282 | slow_backend = properties.get('slow_backend') |
283 | if slow_backend: | |
284 | s3tests_conf['fixtures']['slow backend'] = slow_backend | |
7c673cae | 285 | |
1d09f67e TL |
286 | storage_classes = properties.get('storage classes') |
287 | if storage_classes: | |
288 | s3tests_conf['s3 main']['storage_classes'] = storage_classes | |
289 | ||
290 | lc_debug_interval = properties.get('lc_debug_interval') | |
291 | if lc_debug_interval: | |
292 | s3tests_conf['s3 main']['lc_debug_interval'] = lc_debug_interval | |
293 | ||
39ae355f TL |
294 | if ctx.rgw_cloudtier is not None: |
295 | log.info(' ctx.rgw_cloudtier config is %s ...', ctx.rgw_cloudtier.config) | |
296 | client_rgw_config = ctx.rgw_cloudtier.config.get(client) | |
297 | if client_rgw_config: | |
298 | log.info(' ctx.rgw_cloudtier config is %s ...', client_rgw_config) | |
299 | cloudtier_user = client_rgw_config.get('cloudtier_user') | |
300 | cloud_client = client_rgw_config.get('cloud_client') | |
301 | endpoint = ctx.rgw.role_endpoints.get(cloud_client) | |
302 | s3tests_conf['s3 cloud']['host'] = endpoint.dns_name | |
303 | s3tests_conf['s3 cloud']['port'] = endpoint.port | |
304 | s3tests_conf['s3 cloud']['access_key'] = cloudtier_user.get('cloud_access_key') | |
305 | s3tests_conf['s3 cloud']['secret_key'] = cloudtier_user.get('cloud_secret') | |
306 | s3tests_conf['s3 cloud']['cloud_storage_class'] = client_rgw_config.get('cloud_storage_class') | |
307 | s3tests_conf['s3 cloud']['storage_class'] = client_rgw_config.get('cloud_regular_storage_class') | |
308 | s3tests_conf['s3 cloud']['retain_head_object'] = client_rgw_config.get('cloud_retain_head_object') | |
309 | cloud_target_path = client_rgw_config.get('cloud_target_path') | |
310 | cloud_target_storage_class = client_rgw_config.get('cloud_target_storage_class') | |
311 | if (cloud_target_path != None): | |
312 | s3tests_conf['s3 cloud']['target_path'] = cloud_target_path | |
313 | if (cloud_target_storage_class != None): | |
314 | s3tests_conf['s3 cloud']['target_storage_class'] = cloud_target_storage_class | |
315 | ||
7c673cae | 316 | (remote,) = ctx.cluster.only(client).remotes.keys() |
e306af50 | 317 | conf_fp = BytesIO() |
7c673cae | 318 | s3tests_conf.write(conf_fp) |
f67539c2 | 319 | remote.write_file( |
7c673cae FG |
320 | path='{tdir}/archive/s3-tests.{client}.conf'.format(tdir=testdir, client=client), |
321 | data=conf_fp.getvalue(), | |
322 | ) | |
323 | ||
324 | log.info('Configuring boto...') | |
325 | boto_src = os.path.join(os.path.dirname(__file__), 'boto.cfg.template') | |
9f95a23c | 326 | for client, properties in config['clients'].items(): |
f67539c2 | 327 | with open(boto_src) as f: |
7c673cae | 328 | (remote,) = ctx.cluster.only(client).remotes.keys() |
f67539c2 | 329 | conf = f.read().format( |
7c673cae FG |
330 | idle_timeout=config.get('idle_timeout', 30) |
331 | ) | |
39ae355f | 332 | remote.write_file('{tdir}/boto-{client}.cfg'.format(tdir=testdir, client=client), conf) |
7c673cae FG |
333 | |
334 | try: | |
335 | yield | |
336 | ||
337 | finally: | |
338 | log.info('Cleaning up boto...') | |
9f95a23c | 339 | for client, properties in config['clients'].items(): |
7c673cae FG |
340 | (remote,) = ctx.cluster.only(client).remotes.keys() |
341 | remote.run( | |
342 | args=[ | |
343 | 'rm', | |
39ae355f | 344 | '{tdir}/boto-{client}.cfg'.format(tdir=testdir, client=client), |
7c673cae FG |
345 | ], |
346 | ) | |
347 | ||
1e59de90 TL |
348 | def get_toxvenv_dir(ctx): |
349 | return ctx.tox.venv_path | |
350 | ||
351 | def toxvenv_sh(ctx, remote, args, **kwargs): | |
352 | activate = get_toxvenv_dir(ctx) + '/bin/activate' | |
353 | return remote.sh(['source', activate, run.Raw('&&')] + args, **kwargs) | |
354 | ||
7c673cae FG |
355 | @contextlib.contextmanager |
356 | def run_tests(ctx, config): | |
357 | """ | |
358 | Run the s3tests after everything is set up. | |
359 | ||
360 | :param ctx: Context passed to task | |
361 | :param config: specific configuration information | |
362 | """ | |
363 | assert isinstance(config, dict) | |
364 | testdir = teuthology.get_testdir(ctx) | |
9f95a23c TL |
365 | for client, client_config in config.items(): |
366 | client_config = client_config or {} | |
11fdf7f2 | 367 | (remote,) = ctx.cluster.only(client).remotes.keys() |
7c673cae | 368 | args = [ |
1e59de90 | 369 | 'cd', '{tdir}/s3-tests-{client}'.format(tdir=testdir, client=client), run.Raw('&&'), |
7c673cae | 370 | 'S3TEST_CONF={tdir}/archive/s3-tests.{client}.conf'.format(tdir=testdir, client=client), |
39ae355f | 371 | 'BOTO_CONFIG={tdir}/boto-{client}.cfg'.format(tdir=testdir, client=client) |
11fdf7f2 TL |
372 | ] |
373 | # the 'requests' library comes with its own ca bundle to verify ssl | |
374 | # certificates - override that to use the system's ca bundle, which | |
375 | # is where the ssl task installed this certificate | |
376 | if remote.os.package_type == 'deb': | |
377 | args += ['REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt'] | |
378 | else: | |
379 | args += ['REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt'] | |
9f95a23c | 380 | # civetweb > 1.8 && beast parsers are strict on rfc2616 |
1e59de90 | 381 | attrs = ["not fails_on_rgw", "not lifecycle_expiration", "not test_of_sts", "not webidentity_test"] |
9f95a23c | 382 | if client_config.get('calling-format') != 'ordinary': |
1e59de90 | 383 | attrs += ['not fails_with_subdomain'] |
2a845540 | 384 | if not client_config.get('with-sse-s3'): |
1e59de90 | 385 | attrs += ['not sse_s3'] |
f67539c2 TL |
386 | |
387 | if 'extra_attrs' in client_config: | |
388 | attrs = client_config.get('extra_attrs') | |
1e59de90 | 389 | args += ['tox', '--', '-v', '-m', ' and '.join(attrs)] |
9f95a23c TL |
390 | if 'extra_args' in client_config: |
391 | args.append(client_config['extra_args']) | |
7c673cae | 392 | |
1e59de90 | 393 | toxvenv_sh(ctx, remote, args, label="s3 tests against rgw") |
7c673cae FG |
394 | yield |
395 | ||
396 | @contextlib.contextmanager | |
397 | def scan_for_leaked_encryption_keys(ctx, config): | |
398 | """ | |
399 | Scan radosgw logs for the encryption keys used by s3tests to | |
400 | verify that we're not leaking secrets. | |
401 | ||
402 | :param ctx: Context passed to task | |
403 | :param config: specific configuration information | |
404 | """ | |
405 | assert isinstance(config, dict) | |
406 | ||
407 | try: | |
408 | yield | |
409 | finally: | |
410 | # x-amz-server-side-encryption-customer-key | |
411 | s3test_customer_key = 'pO3upElrwuEXSoFwCfnZPdSsmt/xWeFa0N9KgDijwVs=' | |
412 | ||
413 | log.debug('Scanning radosgw logs for leaked encryption keys...') | |
414 | procs = list() | |
9f95a23c | 415 | for client, client_config in config.items(): |
7c673cae FG |
416 | if not client_config.get('scan_for_encryption_keys', True): |
417 | continue | |
418 | cluster_name, daemon_type, client_id = teuthology.split_role(client) | |
419 | client_with_cluster = '.'.join((cluster_name, daemon_type, client_id)) | |
420 | (remote,) = ctx.cluster.only(client).remotes.keys() | |
421 | proc = remote.run( | |
422 | args=[ | |
423 | 'grep', | |
424 | '--binary-files=text', | |
425 | s3test_customer_key, | |
426 | '/var/log/ceph/rgw.{client}.log'.format(client=client_with_cluster), | |
427 | ], | |
428 | wait=False, | |
429 | check_status=False, | |
430 | ) | |
431 | procs.append(proc) | |
432 | ||
433 | for proc in procs: | |
434 | proc.wait() | |
435 | if proc.returncode == 1: # 1 means no matches | |
436 | continue | |
437 | log.error('radosgw log is leaking encryption keys!') | |
438 | raise Exception('radosgw log is leaking encryption keys') | |
439 | ||
440 | @contextlib.contextmanager | |
441 | def task(ctx, config): | |
442 | """ | |
443 | Run the s3-tests suite against rgw. | |
444 | ||
445 | To run all tests on all clients:: | |
446 | ||
447 | tasks: | |
448 | - ceph: | |
449 | - rgw: | |
450 | - s3tests: | |
451 | ||
452 | To restrict testing to particular clients:: | |
453 | ||
454 | tasks: | |
455 | - ceph: | |
456 | - rgw: [client.0] | |
9f95a23c | 457 | - s3tests: [client.0] |
7c673cae FG |
458 | |
459 | To run against a server on client.1 and increase the boto timeout to 10m:: | |
460 | ||
461 | tasks: | |
462 | - ceph: | |
463 | - rgw: [client.1] | |
464 | - s3tests: | |
465 | client.0: | |
466 | rgw_server: client.1 | |
467 | idle_timeout: 600 | |
468 | ||
1e59de90 | 469 | To pass extra arguments to pytest (e.g. to run a certain test):: |
7c673cae FG |
470 | |
471 | tasks: | |
472 | - ceph: | |
473 | - rgw: [client.0] | |
474 | - s3tests: | |
475 | client.0: | |
476 | extra_args: ['test_s3:test_object_acl_grand_public_read'] | |
477 | client.1: | |
478 | extra_args: ['--exclude', 'test_100_continue'] | |
f67539c2 TL |
479 | |
480 | To run any sts-tests don't forget to set a config variable named 'sts_tests' to 'True' as follows:: | |
481 | ||
482 | tasks: | |
483 | - ceph: | |
484 | - rgw: [client.0] | |
485 | - s3tests: | |
486 | client.0: | |
487 | sts_tests: True | |
488 | rgw_server: client.0 | |
489 | ||
39ae355f TL |
490 | To run any cloud-transition tests don't forget to set a config variable named 'cloudtier_tests' to 'True' as follows:: |
491 | ||
492 | tasks: | |
493 | - ceph: | |
494 | - rgw: [client.0 client.1] | |
495 | - s3tests: | |
496 | client.0: | |
497 | cloudtier_tests: True | |
498 | rgw_server: client.0 | |
499 | ||
7c673cae | 500 | """ |
11fdf7f2 | 501 | assert hasattr(ctx, 'rgw'), 's3tests must run after the rgw task' |
1e59de90 | 502 | assert hasattr(ctx, 'tox'), 's3tests must run after the tox task' |
7c673cae FG |
503 | assert config is None or isinstance(config, list) \ |
504 | or isinstance(config, dict), \ | |
505 | "task s3tests only supports a list or dictionary for configuration" | |
506 | all_clients = ['client.{id}'.format(id=id_) | |
507 | for id_ in teuthology.all_roles_of_type(ctx.cluster, 'client')] | |
508 | if config is None: | |
509 | config = all_clients | |
510 | if isinstance(config, list): | |
511 | config = dict.fromkeys(config) | |
512 | clients = config.keys() | |
513 | ||
514 | overrides = ctx.config.get('overrides', {}) | |
515 | # merge each client section, not the top level. | |
9f95a23c | 516 | for client in config.keys(): |
7c673cae FG |
517 | if not config[client]: |
518 | config[client] = {} | |
519 | teuthology.deep_merge(config[client], overrides.get('s3tests', {})) | |
520 | ||
521 | log.debug('s3tests config is %s', config) | |
522 | ||
523 | s3tests_conf = {} | |
f67539c2 TL |
524 | |
525 | for client, client_config in config.items(): | |
526 | if 'sts_tests' in client_config: | |
527 | ctx.sts_variable = True | |
528 | else: | |
529 | ctx.sts_variable = False | |
1e59de90 | 530 | |
39ae355f TL |
531 | if 'cloudtier_tests' in client_config: |
532 | ctx.cloudtier_variable = True | |
533 | else: | |
534 | ctx.cloudtier_variable = False | |
1e59de90 TL |
535 | |
536 | if 'dbstore_tests' in client_config: | |
537 | ctx.dbstore_variable = True | |
538 | else: | |
539 | ctx.dbstore_variable = False | |
540 | ||
f67539c2 TL |
541 | #This will be the structure of config file when you want to run webidentity_test (sts-test) |
542 | if ctx.sts_variable and "TOKEN" in os.environ: | |
543 | for client in clients: | |
544 | endpoint = ctx.rgw.role_endpoints.get(client) | |
545 | assert endpoint, 's3tests: no rgw endpoint for {}'.format(client) | |
546 | ||
547 | s3tests_conf[client] = ConfigObj( | |
548 | indent_type='', | |
549 | infile={ | |
550 | 'DEFAULT': | |
551 | { | |
552 | 'port' : endpoint.port, | |
553 | 'is_secure' : endpoint.cert is not None, | |
554 | 'api_name' : 'default', | |
555 | }, | |
556 | 'fixtures' : {}, | |
557 | 's3 main' : {}, | |
558 | 's3 alt' : {}, | |
559 | 's3 tenant' : {}, | |
560 | 'iam' : {}, | |
561 | 'webidentity': {}, | |
562 | } | |
563 | ) | |
564 | ||
565 | elif ctx.sts_variable: | |
1e59de90 | 566 | #This will be the structure of config file when you want to run assume_role_test and get_session_token_test (sts-test) or iam-tests |
f67539c2 TL |
567 | for client in clients: |
568 | endpoint = ctx.rgw.role_endpoints.get(client) | |
569 | assert endpoint, 's3tests: no rgw endpoint for {}'.format(client) | |
570 | ||
571 | s3tests_conf[client] = ConfigObj( | |
572 | indent_type='', | |
573 | infile={ | |
574 | 'DEFAULT': | |
575 | { | |
576 | 'port' : endpoint.port, | |
577 | 'is_secure' : endpoint.cert is not None, | |
578 | 'api_name' : 'default', | |
579 | }, | |
580 | 'fixtures' : {}, | |
581 | 's3 main' : {}, | |
582 | 's3 alt' : {}, | |
f67539c2 | 583 | 'iam' : {}, |
1e59de90 | 584 | 's3 tenant' : {}, |
f67539c2 TL |
585 | } |
586 | ) | |
587 | ||
39ae355f TL |
588 | elif ctx.cloudtier_variable: |
589 | #This will be the structure of config file when you want to run normal s3-tests | |
590 | for client in clients: | |
591 | endpoint = ctx.rgw.role_endpoints.get(client) | |
592 | assert endpoint, 's3tests: no rgw endpoint for {}'.format(client) | |
593 | ||
594 | s3tests_conf[client] = ConfigObj( | |
595 | indent_type='', | |
596 | infile={ | |
597 | 'DEFAULT': | |
598 | { | |
599 | 'port' : endpoint.port, | |
600 | 'is_secure' : endpoint.cert is not None, | |
601 | 'api_name' : 'default', | |
602 | }, | |
603 | 'fixtures' : {}, | |
604 | 's3 main' : {}, | |
605 | 's3 alt' : {}, | |
606 | 's3 tenant' : {}, | |
607 | 's3 cloud' : {}, | |
1e59de90 | 608 | 'iam' : {}, |
39ae355f TL |
609 | } |
610 | ) | |
f67539c2 TL |
611 | else: |
612 | #This will be the structure of config file when you want to run normal s3-tests | |
613 | for client in clients: | |
614 | endpoint = ctx.rgw.role_endpoints.get(client) | |
615 | assert endpoint, 's3tests: no rgw endpoint for {}'.format(client) | |
616 | ||
617 | s3tests_conf[client] = ConfigObj( | |
618 | indent_type='', | |
619 | infile={ | |
620 | 'DEFAULT': | |
621 | { | |
622 | 'port' : endpoint.port, | |
623 | 'is_secure' : endpoint.cert is not None, | |
624 | 'api_name' : 'default', | |
625 | }, | |
626 | 'fixtures' : {}, | |
627 | 's3 main' : {}, | |
628 | 's3 alt' : {}, | |
629 | 's3 tenant' : {}, | |
1e59de90 | 630 | 'iam' : {}, |
f67539c2 TL |
631 | } |
632 | ) | |
7c673cae | 633 | |
7c673cae FG |
634 | with contextutil.nested( |
635 | lambda: download(ctx=ctx, config=config), | |
636 | lambda: create_users(ctx=ctx, config=dict( | |
637 | clients=clients, | |
638 | s3tests_conf=s3tests_conf, | |
639 | )), | |
7c673cae FG |
640 | lambda: configure(ctx=ctx, config=dict( |
641 | clients=config, | |
642 | s3tests_conf=s3tests_conf, | |
643 | )), | |
644 | lambda: run_tests(ctx=ctx, config=config), | |
645 | lambda: scan_for_leaked_encryption_keys(ctx=ctx, config=config), | |
646 | ): | |
647 | pass | |
648 | yield |