]>
git.proxmox.com Git - ceph.git/blob - ceph/src/test/rgw/test_multen.py
6 from boto
.s3
.connection
import S3Connection
, OrdinaryCallingFormat
8 # XXX once we're done, break out the common code into a library module
9 # See https://github.com/ceph/ceph/pull/8646
10 import test_multi
as t
12 class TestException(Exception):
16 # Create a traditional user, S3-only, global (empty) tenant
20 display_name
= "'Test User 2'"
21 access_key
= "tester2KEY"
22 s3_secret
= "test3pass"
23 cmd
= t
.build_cmd('--uid', uid
,
24 '--display-name', display_name
,
25 '--access-key', access_key
,
26 '--secret', s3_secret
,
28 out
, ret
= cluster
.rgw_admin(cmd
, check_retcode
=False)
30 raise TestException("failed command: user create --uid %s" % uid
)
33 outj
= json
.loads(out
.decode('utf-8'))
35 raise TestException("invalid json after: user create --uid %s" % uid
)
36 if not isinstance(outj
, dict):
37 raise TestException("bad json after: user create --uid %s" % uid
)
38 if outj
['user_id'] != uid
:
40 "command: user create --uid %s, returned user_id %s" %
41 (uid
, outj
['user_id']))
44 # Create a tenantized user with --tenant foo
49 display_name
= "Test_User_3"
50 access_key
= "tester3KEY"
51 s3_secret
= "test3pass"
55 '--display-name', display_name
,
56 '--access-key', access_key
,
57 '--secret', s3_secret
,
59 out
, ret
= cluster
.rgw_admin(cmd
, check_retcode
=False)
61 raise TestException("failed command: user create --uid %s" % uid
)
64 outj
= json
.loads(out
.decode('utf-8'))
66 raise TestException("invalid json after: user create --uid %s" % uid
)
67 if not isinstance(outj
, dict):
68 raise TestException("bad json after: user create --uid %s" % uid
)
69 tid_uid
= "%s$%s" % (tid
, uid
)
70 if outj
['user_id'] != tid_uid
:
72 "command: user create --uid %s, returned user_id %s" %
73 (tid_uid
, outj
['user_id']))
76 # Create a tenantized user with a subuser
78 # N.B. The aim of this test is not just to create a subuser, but to create
79 # the key with a separate command, which does not use --tenant, but extracts
80 # the tenant from the subuser. No idea why we allow this. There was some kind
81 # of old script that did this.
88 display_name
= "Test_User_4"
92 '--display-name', display_name
,
93 '--subuser', '%s:%s' % (uid
, subid
),
94 '--key-type', 'swift',
97 out
, ret
= cluster
.rgw_admin(cmd
, check_retcode
=False)
99 raise TestException("failed command: user create --uid %s" % uid
)
102 outj
= json
.loads(out
.decode('utf-8'))
104 raise TestException("invalid json after: user create --uid %s" % uid
)
105 if not isinstance(outj
, dict):
106 raise TestException("bad json after: user create --uid %s" % uid
)
107 tid_uid
= "%s$%s" % (tid
, uid
)
108 if outj
['user_id'] != tid_uid
:
110 "command: user create --uid %s, returned user_id %s" %
111 (tid_uid
, outj
['user_id']))
113 # Note that this tests a way to identify a fully-qualified subuser
114 # without --tenant and --uid. This is a historic use that we support.
115 swift_secret
= "test3pass"
117 '--subuser', "'%s$%s:%s'" % (tid
, uid
, subid
),
118 '--key-type', 'swift',
119 '--secret', swift_secret
,
121 out
, ret
= cluster
.rgw_admin(cmd
, check_retcode
=False)
123 raise TestException("failed command: key create --uid %s" % uid
)
126 outj
= json
.loads(out
.decode('utf-8'))
128 raise TestException("invalid json after: key create --uid %s" % uid
)
129 if not isinstance(outj
, dict):
130 raise TestException("bad json after: key create --uid %s" % uid
)
131 tid_uid
= "%s$%s" % (tid
, uid
)
132 if outj
['user_id'] != tid_uid
:
134 "command: key create --uid %s, returned user_id %s" %
135 (tid_uid
, outj
['user_id']))
136 # These tests easily can throw KeyError, needs a try: XXX
137 skj
= outj
['swift_keys'][0]
138 if skj
['secret_key'] != swift_secret
:
140 "command: key create --uid %s, returned swift key %s" %
141 (tid_uid
, skj
['secret_key']))
144 # Access the cluster, create containers in two tenants, verify it all works.
147 def test5_add_s3_key(cluster
, tid
, uid
):
148 secret
= "%spass" % uid
150 tid_uid
= "%s$%s" % (tid
, uid
)
155 '--uid', "'%s'" % (tid_uid
,),
159 out
, ret
= cluster
.rgw_admin(cmd
, check_retcode
=False)
161 raise TestException("failed command: key create --uid %s" % uid
)
164 outj
= json
.loads(out
.decode('utf-8'))
166 raise TestException("invalid json after: key create --uid %s" % uid
)
167 if not isinstance(outj
, dict):
168 raise TestException("bad json after: key create --uid %s" % uid
)
169 if outj
['user_id'] != tid_uid
:
171 "command: key create --uid %s, returned user_id %s" %
172 (uid
, outj
['user_id']))
173 skj
= outj
['keys'][0]
174 if skj
['secret_key'] != secret
:
176 "command: key create --uid %s, returned s3 key %s" %
177 (uid
, skj
['secret_key']))
179 def test5_add_swift_key(cluster
, tid
, uid
, subid
):
180 secret
= "%spass" % uid
182 tid_uid
= "%s$%s" % (tid
, uid
)
187 '--subuser', "'%s:%s'" % (tid_uid
, subid
),
188 '--key-type', 'swift',
191 out
, ret
= cluster
.rgw_admin(cmd
, check_retcode
=False)
193 raise TestException("failed command: key create --uid %s" % uid
)
196 outj
= json
.loads(out
.decode('utf-8'))
198 raise TestException("invalid json after: key create --uid %s" % uid
)
199 if not isinstance(outj
, dict):
200 raise TestException("bad json after: key create --uid %s" % uid
)
201 if outj
['user_id'] != tid_uid
:
203 "command: key create --uid %s, returned user_id %s" %
204 (uid
, outj
['user_id']))
205 # XXX checking wrong thing here (S3 key)
206 skj
= outj
['keys'][0]
207 if skj
['secret_key'] != secret
:
209 "command: key create --uid %s, returned s3 key %s" %
210 (uid
, skj
['secret_key']))
212 def test5_make_user(cluster
, tid
, uid
, subid
):
214 :param tid: Tenant ID string or None for the legacy tenant
215 :param uid: User ID string
216 :param subid: Subuser ID, may be None for S3-only users
218 display_name
= "'Test User %s'" % uid
222 cmd
= t
.build_cmd(cmd
,
224 cmd
= t
.build_cmd(cmd
,
226 '--display-name', display_name
)
228 cmd
= t
.build_cmd(cmd
,
229 '--subuser', '%s:%s' % (uid
, subid
),
230 '--key-type', 'swift')
231 cmd
= t
.build_cmd(cmd
,
235 out
, ret
= cluster
.rgw_admin(cmd
, check_retcode
=False)
237 raise TestException("failed command: user create --uid %s" % uid
)
239 outj
= json
.loads(out
.decode('utf-8'))
241 raise TestException("invalid json after: user create --uid %s" % uid
)
242 if not isinstance(outj
, dict):
243 raise TestException("bad json after: user create --uid %s" % uid
)
245 tid_uid
= "%s$%s" % (tid
, uid
)
248 if outj
['user_id'] != tid_uid
:
250 "command: user create --uid %s, returned user_id %s" %
251 (tid_uid
, outj
['user_id']))
254 # For now, this uses hardcoded passwords based on uid.
255 # They are all different for ease of debugging in case something crosses.
257 test5_add_s3_key(cluster
, tid
, uid
)
259 test5_add_swift_key(cluster
, tid
, uid
, subid
)
261 def test5_poke_s3(cluster
):
263 bucketname
= "test5cont1"
266 # Not sure if we like useless information printed, but the rest of the
267 # test framework is insanely talkative when it executes commands.
268 # So, to keep it in line and have a marker when things go wrong, this.
269 print("PUT bucket %s object %s for tenant A (empty)" %
270 (bucketname
, objname
))
272 aws_access_key_id
="tester5a",
273 aws_secret_access_key
="tester5apass",
277 calling_format
= OrdinaryCallingFormat())
279 bucket
= c
.create_bucket(bucketname
)
281 key
= bucket
.new_key(objname
)
282 headers
= { "Content-Type": "text/plain" }
283 key
.set_contents_from_string(b
"Test5A\n", headers
)
284 key
.set_acl('public-read')
287 # Now it's getting interesting. We're logging into a tenantized user.
289 print("PUT bucket %s object %s for tenant B" % (bucketname
, objname
))
291 aws_access_key_id
="tester5b1",
292 aws_secret_access_key
="tester5b1pass",
296 calling_format
= OrdinaryCallingFormat())
298 bucket
= c
.create_bucket(bucketname
)
299 bucket
.set_canned_acl('public-read')
301 key
= bucket
.new_key(objname
)
302 headers
= { "Content-Type": "text/plain" }
303 key
.set_contents_from_string(b
"Test5B\n", headers
)
304 key
.set_acl('public-read')
307 # Finally, let's fetch a couple of objects and verify that they
308 # are what they should be and we didn't get them overwritten.
309 # Note that we access one of objects across tenants using the colon.
311 print("GET bucket %s object %s for tenants A and B" %
312 (bucketname
, objname
))
314 aws_access_key_id
="tester5a",
315 aws_secret_access_key
="tester5apass",
319 calling_format
= OrdinaryCallingFormat())
321 bucket
= c
.get_bucket(bucketname
)
323 key
= bucket
.get_key(objname
)
324 body
= key
.get_contents_as_string()
325 if body
!= b
"Test5A\n":
326 raise TestException("failed body check, bucket %s object %s" %
327 (bucketname
, objname
))
329 bucket
= c
.get_bucket("test5b:"+bucketname
)
330 key
= bucket
.get_key(objname
)
331 body
= key
.get_contents_as_string()
332 if body
!= b
"Test5B\n":
334 "failed body check, tenant %s bucket %s object %s" %
335 ("test5b", bucketname
, objname
))
342 # 0. create users tester5a and test5b$tester5b1 test5b$tester5b2
343 # 1. create buckets "test5cont" under test5a and test5b
344 # 2. create objects in the buckets
345 # 3. access objects (across users in container test5b)
347 test5_make_user(cluster
, None, "tester5a", "test5a")
348 test5_make_user(cluster
, "test5b", "tester5b1", "test5b1")
349 test5_make_user(cluster
, "test5b", "tester5b2", "test5b2")
351 test5_poke_s3(cluster
)
354 # XXX this parse_args boolean makes no sense. we should pass argv[] instead,
355 # possibly empty. (copied from test_multi, correct it there too)
356 def init(parse_args
):
360 # argv = sys.argv[1:]
361 #args = parser.parse_args(argv)
363 #rgw_multi = RGWMulti(int(args.num_zones))
364 #rgw_multi.setup(not args.no_bootstrap)
368 clnum
= 1 # number of clusters
370 cluster
= t
.RGWCluster(clid
, port
)
376 # The cluster is always reset at this point, so we don't need to list
377 # users or delete pre-existing users.
384 except TestException
as e
:
387 sys
.stderr
.write("FAIL\n")
388 sys
.stderr
.write("%s\n" % str(e
))
399 if __name__
== "__main__":