]>
git.proxmox.com Git - ceph.git/blob - ceph/qa/tasks/mgr/dashboard/test_rgw.py
53577a87a9617d5b914acd4b47b25d90ee7b7542
1 # -*- coding: utf-8 -*-
2 from __future__
import absolute_import
7 from urllib
import parse
9 from cryptography
.hazmat
.backends
import default_backend
10 from cryptography
.hazmat
.primitives
.hashes
import SHA1
11 from cryptography
.hazmat
.primitives
.twofactor
.totp
import TOTP
13 from .helper
import DashboardTestCase
, JLeaf
, JList
, JObj
15 logger
= logging
.getLogger(__name__
)
18 class RgwTestCase(DashboardTestCase
):
21 create_test_user
= False
23 AUTH_ROLES
= ['rgw-manager']
27 super(RgwTestCase
, cls
).setUpClass()
28 # Create the administrator account.
29 cls
._radosgw
_admin
_cmd
([
30 'user', 'create', '--uid', 'admin', '--display-name', 'admin',
31 '--system', '--access-key', 'admin', '--secret', 'admin'
33 # Update the dashboard configuration.
34 cls
._ceph
_cmd
_with
_secret
(['dashboard', 'set-rgw-api-secret-key'], 'admin')
35 cls
._ceph
_cmd
_with
_secret
(['dashboard', 'set-rgw-api-access-key'], 'admin')
37 if cls
.create_test_user
:
38 cls
._radosgw
_admin
_cmd
([
39 'user', 'create', '--uid', 'teuth-test-user', '--display-name',
42 cls
._radosgw
_admin
_cmd
([
43 'caps', 'add', '--uid', 'teuth-test-user', '--caps',
46 cls
._radosgw
_admin
_cmd
([
47 'subuser', 'create', '--uid', 'teuth-test-user', '--subuser',
48 'teuth-test-subuser', '--access', 'full', '--key-type', 's3',
49 '--access-key', 'xyz123'
51 cls
._radosgw
_admin
_cmd
([
52 'subuser', 'create', '--uid', 'teuth-test-user', '--subuser',
53 'teuth-test-subuser2', '--access', 'full', '--key-type',
58 def tearDownClass(cls
):
59 # Delete administrator account.
60 cls
._radosgw
_admin
_cmd
(['user', 'rm', '--uid', 'admin'])
61 if cls
.create_test_user
:
62 cls
._radosgw
_admin
_cmd
(['user', 'rm', '--uid=teuth-test-user', '--purge-data'])
63 super(RgwTestCase
, cls
).tearDownClass()
65 def get_rgw_user(self
, uid
, stats
=True):
66 return self
._get
('/api/rgw/user/{}?stats={}'.format(uid
, stats
))
69 class RgwApiCredentialsTest(RgwTestCase
):
71 AUTH_ROLES
= ['rgw-manager']
73 def test_invalid_credentials(self
):
74 self
._ceph
_cmd
_with
_secret
(['dashboard', 'set-rgw-api-secret-key'], 'invalid')
75 self
._ceph
_cmd
_with
_secret
(['dashboard', 'set-rgw-api-access-key'], 'invalid')
76 resp
= self
._get
('/api/rgw/user')
77 self
.assertStatus(404)
78 self
.assertIn('detail', resp
)
79 self
.assertIn('component', resp
)
80 self
.assertIn('Error connecting to Object Gateway', resp
['detail'])
81 self
.assertEqual(resp
['component'], 'rgw')
83 def test_success(self
):
84 # Set the default credentials.
85 self
._ceph
_cmd
_with
_secret
(['dashboard', 'set-rgw-api-secret-key'], 'admin')
86 self
._ceph
_cmd
_with
_secret
(['dashboard', 'set-rgw-api-access-key'], 'admin')
87 data
= self
._get
('/ui-api/rgw/status')
88 self
.assertStatus(200)
89 self
.assertIn('available', data
)
90 self
.assertIn('message', data
)
91 self
.assertTrue(data
['available'])
94 class RgwSiteTest(RgwTestCase
):
96 AUTH_ROLES
= ['rgw-manager']
98 def test_get_placement_targets(self
):
99 data
= self
._get
('/api/rgw/site?query=placement-targets')
100 self
.assertStatus(200)
101 self
.assertSchema(data
, JObj({
103 'placement_targets': JList(JObj({
109 def test_get_realms(self
):
110 data
= self
._get
('/api/rgw/site?query=realms')
111 self
.assertStatus(200)
112 self
.assertSchema(data
, JList(str))
115 class RgwBucketTest(RgwTestCase
):
117 _mfa_token_serial
= '1'
118 _mfa_token_seed
= '23456723'
119 _mfa_token_time_step
= 2
121 AUTH_ROLES
= ['rgw-manager']
125 cls
.create_test_user
= True
126 super(RgwBucketTest
, cls
).setUpClass()
127 # Create MFA TOTP token for test user.
128 cls
._radosgw
_admin
_cmd
([
129 'mfa', 'create', '--uid', 'teuth-test-user', '--totp-serial', cls
._mfa
_token
_serial
,
130 '--totp-seed', cls
._mfa
_token
_seed
, '--totp-seed-type', 'base32',
131 '--totp-seconds', str(cls
._mfa
_token
_time
_step
), '--totp-window', '1'
133 # Create tenanted users.
134 cls
._radosgw
_admin
_cmd
([
135 'user', 'create', '--tenant', 'testx', '--uid', 'teuth-test-user',
136 '--display-name', 'tenanted teuth-test-user'
138 cls
._radosgw
_admin
_cmd
([
139 'user', 'create', '--tenant', 'testx2', '--uid', 'teuth-test-user2',
140 '--display-name', 'tenanted teuth-test-user 2'
144 def tearDownClass(cls
):
145 cls
._radosgw
_admin
_cmd
(
146 ['user', 'rm', '--tenant', 'testx', '--uid=teuth-test-user', '--purge-data'])
147 cls
._radosgw
_admin
_cmd
(
148 ['user', 'rm', '--tenant', 'testx2', '--uid=teuth-test-user2', '--purge-data'])
149 super(RgwBucketTest
, cls
).tearDownClass()
151 def _get_mfa_token_pin(self
):
152 totp_key
= base64
.b32decode(self
._mfa
_token
_seed
)
153 totp
= TOTP(totp_key
, 6, SHA1(), self
._mfa
_token
_time
_step
, backend
=default_backend(),
154 enforce_key_length
=False)
155 time_value
= int(time
.time())
156 return totp
.generate(time_value
)
159 # Create a new bucket.
163 'bucket': 'teuth-test-bucket',
165 'zonegroup': 'default',
166 'placement_target': 'default-placement'
168 self
.assertStatus(201)
169 data
= self
.jsonBody()
170 self
.assertSchema(data
, JObj(sub_elems
={
171 'bucket_info': JObj(sub_elems
={
172 'bucket': JObj(allow_unknown
=True, sub_elems
={
174 'bucket_id': JLeaf(str),
177 'quota': JObj(sub_elems
={}, allow_unknown
=True),
178 'creation_time': JLeaf(str)
179 }, allow_unknown
=True)
180 }, allow_unknown
=True))
181 data
= data
['bucket_info']['bucket']
182 self
.assertEqual(data
['name'], 'teuth-test-bucket')
183 self
.assertEqual(data
['tenant'], '')
186 data
= self
._get
('/api/rgw/bucket', version
='1.1')
187 self
.assertStatus(200)
188 self
.assertEqual(len(data
), 1)
189 self
.assertIn('teuth-test-bucket', data
)
191 # List all buckets with stats.
192 data
= self
._get
('/api/rgw/bucket?stats=true', version
='1.1')
193 self
.assertStatus(200)
194 self
.assertEqual(len(data
), 1)
195 self
.assertSchema(data
[0], JObj(sub_elems
={
197 'bucket': JLeaf(str),
198 'bucket_quota': JObj(sub_elems
={}, allow_unknown
=True),
201 'usage': JObj(sub_elems
={}, allow_unknown
=True),
202 'tenant': JLeaf(str),
203 }, allow_unknown
=True))
205 # List all buckets names without stats.
206 data
= self
._get
('/api/rgw/bucket?stats=false', version
='1.1')
207 self
.assertStatus(200)
208 self
.assertEqual(data
, ['teuth-test-bucket'])
211 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
212 self
.assertStatus(200)
213 self
.assertSchema(data
, JObj(sub_elems
={
216 'tenant': JLeaf(str),
217 'bucket': JLeaf(str),
218 'bucket_quota': JObj(sub_elems
={}, allow_unknown
=True),
220 'mfa_delete': JLeaf(str),
221 'usage': JObj(sub_elems
={}, allow_unknown
=True),
222 'versioning': JLeaf(str)
223 }, allow_unknown
=True))
224 self
.assertEqual(data
['bucket'], 'teuth-test-bucket')
225 self
.assertEqual(data
['owner'], 'admin')
226 self
.assertEqual(data
['placement_rule'], 'default-placement')
227 self
.assertEqual(data
['versioning'], 'Suspended')
229 # Update bucket: change owner, enable versioning.
231 '/api/rgw/bucket/teuth-test-bucket',
233 'bucket_id': data
['id'],
234 'uid': 'teuth-test-user',
235 'versioning_state': 'Enabled'
237 self
.assertStatus(200)
238 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
239 self
.assertStatus(200)
240 self
.assertSchema(data
, JObj(sub_elems
={
244 }, allow_unknown
=True))
245 self
.assertEqual(data
['owner'], 'teuth-test-user')
246 self
.assertEqual(data
['versioning'], 'Enabled')
248 # Update bucket: enable MFA Delete.
250 '/api/rgw/bucket/teuth-test-bucket',
252 'bucket_id': data
['id'],
253 'uid': 'teuth-test-user',
254 'versioning_state': 'Enabled',
255 'mfa_delete': 'Enabled',
256 'mfa_token_serial': self
._mfa
_token
_serial
,
257 'mfa_token_pin': self
._get
_mfa
_token
_pin
()
259 self
.assertStatus(200)
260 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
261 self
.assertStatus(200)
262 self
.assertEqual(data
['versioning'], 'Enabled')
263 self
.assertEqual(data
['mfa_delete'], 'Enabled')
265 # Update bucket: disable versioning & MFA Delete.
266 time
.sleep(self
._mfa
_token
_time
_step
* 3) # Required to get new TOTP pin.
268 '/api/rgw/bucket/teuth-test-bucket',
270 'bucket_id': data
['id'],
271 'uid': 'teuth-test-user',
272 'versioning_state': 'Suspended',
273 'mfa_delete': 'Disabled',
274 'mfa_token_serial': self
._mfa
_token
_serial
,
275 'mfa_token_pin': self
._get
_mfa
_token
_pin
()
277 self
.assertStatus(200)
278 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
279 self
.assertStatus(200)
280 self
.assertEqual(data
['versioning'], 'Suspended')
281 self
.assertEqual(data
['mfa_delete'], 'Disabled')
284 self
._delete
('/api/rgw/bucket/teuth-test-bucket')
285 self
.assertStatus(204)
286 data
= self
._get
('/api/rgw/bucket', version
='1.1')
287 self
.assertStatus(200)
288 self
.assertEqual(len(data
), 0)
290 def test_crud_w_tenant(self
):
291 # Create a new bucket. The tenant of the user is used when
292 # the bucket is created.
296 'bucket': 'teuth-test-bucket',
297 'uid': 'testx$teuth-test-user',
298 'zonegroup': 'default',
299 'placement_target': 'default-placement'
301 self
.assertStatus(201)
302 # It's not possible to validate the result because there
303 # IS NO result object returned by the RGW Admin OPS API
304 # when a tenanted bucket is created.
305 data
= self
.jsonBody()
306 self
.assertIsNone(data
)
309 data
= self
._get
('/api/rgw/bucket', version
='1.1')
310 self
.assertStatus(200)
311 self
.assertEqual(len(data
), 1)
312 self
.assertIn('testx/teuth-test-bucket', data
)
314 def _verify_tenant_bucket(bucket
, tenant
, uid
):
315 full_bucket_name
= '{}/{}'.format(tenant
, bucket
)
316 _data
= self
._get
('/api/rgw/bucket/{}'.format(
317 parse
.quote_plus(full_bucket_name
)))
318 self
.assertStatus(200)
319 self
.assertSchema(_data
, JObj(sub_elems
={
321 'bucket': JLeaf(str),
322 'tenant': JLeaf(str),
324 }, allow_unknown
=True))
325 self
.assertEqual(_data
['owner'], '{}${}'.format(tenant
, uid
))
326 self
.assertEqual(_data
['bucket'], bucket
)
327 self
.assertEqual(_data
['tenant'], tenant
)
328 self
.assertEqual(_data
['bid'], full_bucket_name
)
332 data
= _verify_tenant_bucket('teuth-test-bucket', 'testx', 'teuth-test-user')
333 self
.assertEqual(data
['placement_rule'], 'default-placement')
334 self
.assertEqual(data
['versioning'], 'Suspended')
336 # Update bucket: different user with different tenant, enable versioning.
338 '/api/rgw/bucket/{}'.format(
339 parse
.quote_plus('testx/teuth-test-bucket')),
341 'bucket_id': data
['id'],
342 'uid': 'testx2$teuth-test-user2',
343 'versioning_state': 'Enabled'
345 data
= _verify_tenant_bucket('teuth-test-bucket', 'testx2', 'teuth-test-user2')
346 self
.assertEqual(data
['versioning'], 'Enabled')
348 # Change owner to a non-tenanted user
350 '/api/rgw/bucket/{}'.format(
351 parse
.quote_plus('testx2/teuth-test-bucket')),
353 'bucket_id': data
['id'],
356 self
.assertStatus(200)
357 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
358 self
.assertStatus(200)
359 self
.assertIn('owner', data
)
360 self
.assertEqual(data
['owner'], 'admin')
361 self
.assertEqual(data
['tenant'], '')
362 self
.assertEqual(data
['bucket'], 'teuth-test-bucket')
363 self
.assertEqual(data
['bid'], 'teuth-test-bucket')
364 self
.assertEqual(data
['versioning'], 'Enabled')
366 # Change owner back to tenanted user, suspend versioning.
368 '/api/rgw/bucket/teuth-test-bucket',
370 'bucket_id': data
['id'],
371 'uid': 'testx$teuth-test-user',
372 'versioning_state': 'Suspended'
374 self
.assertStatus(200)
375 data
= _verify_tenant_bucket('teuth-test-bucket', 'testx', 'teuth-test-user')
376 self
.assertEqual(data
['versioning'], 'Suspended')
379 self
._delete
('/api/rgw/bucket/{}'.format(
380 parse
.quote_plus('testx/teuth-test-bucket')))
381 self
.assertStatus(204)
382 data
= self
._get
('/api/rgw/bucket', version
='1.1')
383 self
.assertStatus(200)
384 self
.assertEqual(len(data
), 0)
386 def test_crud_w_locking(self
):
388 self
._post
('/api/rgw/bucket',
390 'bucket': 'teuth-test-bucket',
391 'uid': 'teuth-test-user',
392 'zonegroup': 'default',
393 'placement_target': 'default-placement',
394 'lock_enabled': 'true',
395 'lock_mode': 'GOVERNANCE',
396 'lock_retention_period_days': '0',
397 'lock_retention_period_years': '1'
399 self
.assertStatus(201)
401 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
402 self
.assertStatus(200)
406 'lock_enabled': JLeaf(bool),
407 'lock_mode': JLeaf(str),
408 'lock_retention_period_days': JLeaf(int),
409 'lock_retention_period_years': JLeaf(int)
412 self
.assertTrue(data
['lock_enabled'])
413 self
.assertEqual(data
['lock_mode'], 'GOVERNANCE')
414 self
.assertEqual(data
['lock_retention_period_days'], 0)
415 self
.assertEqual(data
['lock_retention_period_years'], 1)
417 self
._put
('/api/rgw/bucket/teuth-test-bucket',
419 'bucket_id': data
['id'],
420 'uid': 'teuth-test-user',
421 'lock_mode': 'COMPLIANCE',
422 'lock_retention_period_days': '15',
423 'lock_retention_period_years': '0'
425 self
.assertStatus(200)
426 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
427 self
.assertTrue(data
['lock_enabled'])
428 self
.assertEqual(data
['lock_mode'], 'COMPLIANCE')
429 self
.assertEqual(data
['lock_retention_period_days'], 15)
430 self
.assertEqual(data
['lock_retention_period_years'], 0)
431 self
.assertStatus(200)
433 # Update: Disabling bucket versioning should fail if object locking enabled
434 self
._put
('/api/rgw/bucket/teuth-test-bucket',
436 'bucket_id': data
['id'],
437 'uid': 'teuth-test-user',
438 'versioning_state': 'Suspended'
440 self
.assertStatus(409)
443 self
._delete
('/api/rgw/bucket/teuth-test-bucket')
444 self
.assertStatus(204)
447 class RgwDaemonTest(RgwTestCase
):
449 AUTH_ROLES
= ['rgw-manager']
451 @DashboardTestCase.RunAs('test', 'test', [{
452 'rgw': ['create', 'update', 'delete']
454 def test_read_access_permissions(self
):
455 self
._get
('/api/rgw/daemon')
456 self
.assertStatus(403)
457 self
._get
('/api/rgw/daemon/id')
458 self
.assertStatus(403)
461 data
= self
._get
('/api/rgw/daemon')
462 self
.assertStatus(200)
463 self
.assertEqual(len(data
), 1)
465 self
.assertIn('id', data
)
466 self
.assertIn('version', data
)
467 self
.assertIn('server_hostname', data
)
468 self
.assertIn('zonegroup_name', data
)
469 self
.assertIn('zone_name', data
)
472 data
= self
._get
('/api/rgw/daemon')
473 self
.assertStatus(200)
475 data
= self
._get
('/api/rgw/daemon/{}'.format(data
[0]['id']))
476 self
.assertStatus(200)
477 self
.assertIn('rgw_metadata', data
)
478 self
.assertIn('rgw_id', data
)
479 self
.assertIn('rgw_status', data
)
480 self
.assertTrue(data
['rgw_metadata'])
482 def test_status(self
):
483 data
= self
._get
('/ui-api/rgw/status')
484 self
.assertStatus(200)
485 self
.assertIn('available', data
)
486 self
.assertIn('message', data
)
487 self
.assertTrue(data
['available'])
490 class RgwUserTest(RgwTestCase
):
492 AUTH_ROLES
= ['rgw-manager']
496 super(RgwUserTest
, cls
).setUpClass()
498 def _assert_user_data(self
, data
):
499 self
.assertSchema(data
, JObj(sub_elems
={
500 'caps': JList(JObj(sub_elems
={}, allow_unknown
=True)),
501 'display_name': JLeaf(str),
503 'keys': JList(JObj(sub_elems
={}, allow_unknown
=True)),
504 'max_buckets': JLeaf(int),
505 'subusers': JList(JLeaf(str)),
506 'suspended': JLeaf(int),
507 'swift_keys': JList(JObj(sub_elems
={}, allow_unknown
=True)),
508 'tenant': JLeaf(str),
509 'user_id': JLeaf(str),
511 }, allow_unknown
=True))
512 self
.assertGreaterEqual(len(data
['keys']), 1)
515 data
= self
.get_rgw_user('admin')
516 self
.assertStatus(200)
517 self
._assert
_user
_data
(data
)
518 self
.assertEqual(data
['user_id'], 'admin')
519 self
.assertTrue(data
['stats'])
520 self
.assertIsInstance(data
['stats'], dict)
521 # Test without stats.
522 data
= self
.get_rgw_user('admin', False)
523 self
.assertStatus(200)
524 self
._assert
_user
_data
(data
)
525 self
.assertEqual(data
['user_id'], 'admin')
528 data
= self
._get
('/api/rgw/user')
529 self
.assertStatus(200)
530 self
.assertGreaterEqual(len(data
), 1)
531 self
.assertIn('admin', data
)
533 def test_get_emails(self
):
534 data
= self
._get
('/api/rgw/user/get_emails')
535 self
.assertStatus(200)
536 self
.assertSchema(data
, JList(str))
538 def test_create_get_update_delete(self
):
540 self
._post
('/api/rgw/user', params
={
541 'uid': 'teuth-test-user',
542 'display_name': 'display name'
544 self
.assertStatus(201)
545 data
= self
.jsonBody()
546 self
._assert
_user
_data
(data
)
547 self
.assertEqual(data
['user_id'], 'teuth-test-user')
548 self
.assertEqual(data
['display_name'], 'display name')
551 data
= self
.get_rgw_user('teuth-test-user')
552 self
.assertStatus(200)
553 self
._assert
_user
_data
(data
)
554 self
.assertEqual(data
['tenant'], '')
555 self
.assertEqual(data
['user_id'], 'teuth-test-user')
556 self
.assertEqual(data
['uid'], 'teuth-test-user')
560 '/api/rgw/user/teuth-test-user',
561 params
={'display_name': 'new name'})
562 self
.assertStatus(200)
563 data
= self
.jsonBody()
564 self
._assert
_user
_data
(data
)
565 self
.assertEqual(data
['display_name'], 'new name')
568 self
._delete
('/api/rgw/user/teuth-test-user')
569 self
.assertStatus(204)
570 self
.get_rgw_user('teuth-test-user')
571 self
.assertStatus(500)
572 resp
= self
.jsonBody()
573 self
.assertIn('detail', resp
)
574 self
.assertIn('failed request with status code 404', resp
['detail'])
575 self
.assertIn('"Code":"NoSuchUser"', resp
['detail'])
576 self
.assertIn('"HostId"', resp
['detail'])
577 self
.assertIn('"RequestId"', resp
['detail'])
579 def test_create_get_update_delete_w_tenant(self
):
584 'uid': 'test01$teuth-test-user',
585 'display_name': 'display name'
587 self
.assertStatus(201)
588 data
= self
.jsonBody()
589 self
._assert
_user
_data
(data
)
590 self
.assertEqual(data
['user_id'], 'teuth-test-user')
591 self
.assertEqual(data
['display_name'], 'display name')
594 data
= self
.get_rgw_user('test01$teuth-test-user')
595 self
.assertStatus(200)
596 self
._assert
_user
_data
(data
)
597 self
.assertEqual(data
['tenant'], 'test01')
598 self
.assertEqual(data
['user_id'], 'teuth-test-user')
599 self
.assertEqual(data
['uid'], 'test01$teuth-test-user')
603 '/api/rgw/user/test01$teuth-test-user',
604 params
={'display_name': 'new name'})
605 self
.assertStatus(200)
606 data
= self
.jsonBody()
607 self
._assert
_user
_data
(data
)
608 self
.assertEqual(data
['display_name'], 'new name')
611 self
._delete
('/api/rgw/user/test01$teuth-test-user')
612 self
.assertStatus(204)
613 self
.get_rgw_user('test01$teuth-test-user')
614 self
.assertStatus(500)
615 resp
= self
.jsonBody()
616 self
.assertIn('detail', resp
)
617 self
.assertIn('failed request with status code 404', resp
['detail'])
618 self
.assertIn('"Code":"NoSuchUser"', resp
['detail'])
619 self
.assertIn('"HostId"', resp
['detail'])
620 self
.assertIn('"RequestId"', resp
['detail'])
623 class RgwUserCapabilityTest(RgwTestCase
):
625 AUTH_ROLES
= ['rgw-manager']
629 cls
.create_test_user
= True
630 super(RgwUserCapabilityTest
, cls
).setUpClass()
634 '/api/rgw/user/teuth-test-user/capability',
639 self
.assertStatus(201)
640 data
= self
.jsonBody()
641 self
.assertEqual(len(data
), 1)
643 self
.assertEqual(data
['type'], 'usage')
644 self
.assertEqual(data
['perm'], 'read')
646 # Get the user data to validate the capabilities.
647 data
= self
.get_rgw_user('teuth-test-user')
648 self
.assertStatus(200)
649 self
.assertGreaterEqual(len(data
['caps']), 1)
650 self
.assertEqual(data
['caps'][0]['type'], 'usage')
651 self
.assertEqual(data
['caps'][0]['perm'], 'read')
653 def test_delete(self
):
655 '/api/rgw/user/teuth-test-user/capability',
660 self
.assertStatus(204)
662 # Get the user data to validate the capabilities.
663 data
= self
.get_rgw_user('teuth-test-user')
664 self
.assertStatus(200)
665 self
.assertEqual(len(data
['caps']), 0)
668 class RgwUserKeyTest(RgwTestCase
):
670 AUTH_ROLES
= ['rgw-manager']
674 cls
.create_test_user
= True
675 super(RgwUserKeyTest
, cls
).setUpClass()
677 def test_create_s3(self
):
679 '/api/rgw/user/teuth-test-user/key',
682 'generate_key': 'false',
683 'access_key': 'abc987',
684 'secret_key': 'aaabbbccc'
686 data
= self
.jsonBody()
687 self
.assertStatus(201)
688 self
.assertGreaterEqual(len(data
), 3)
689 key
= self
.find_object_in_list('access_key', 'abc987', data
)
690 self
.assertIsInstance(key
, object)
691 self
.assertEqual(key
['secret_key'], 'aaabbbccc')
693 def test_create_swift(self
):
695 '/api/rgw/user/teuth-test-user/key',
698 'subuser': 'teuth-test-subuser',
699 'generate_key': 'false',
700 'secret_key': 'xxxyyyzzz'
702 data
= self
.jsonBody()
703 self
.assertStatus(201)
704 self
.assertGreaterEqual(len(data
), 2)
705 key
= self
.find_object_in_list('secret_key', 'xxxyyyzzz', data
)
706 self
.assertIsInstance(key
, object)
708 def test_delete_s3(self
):
710 '/api/rgw/user/teuth-test-user/key',
713 'access_key': 'xyz123'
715 self
.assertStatus(204)
717 def test_delete_swift(self
):
719 '/api/rgw/user/teuth-test-user/key',
722 'subuser': 'teuth-test-user:teuth-test-subuser2'
724 self
.assertStatus(204)
727 class RgwUserQuotaTest(RgwTestCase
):
729 AUTH_ROLES
= ['rgw-manager']
733 cls
.create_test_user
= True
734 super(RgwUserQuotaTest
, cls
).setUpClass()
736 def _assert_quota(self
, data
):
737 self
.assertIn('user_quota', data
)
738 self
.assertIn('max_objects', data
['user_quota'])
739 self
.assertIn('enabled', data
['user_quota'])
740 self
.assertIn('max_size_kb', data
['user_quota'])
741 self
.assertIn('max_size', data
['user_quota'])
742 self
.assertIn('bucket_quota', data
)
743 self
.assertIn('max_objects', data
['bucket_quota'])
744 self
.assertIn('enabled', data
['bucket_quota'])
745 self
.assertIn('max_size_kb', data
['bucket_quota'])
746 self
.assertIn('max_size', data
['bucket_quota'])
748 def test_get_quota(self
):
749 data
= self
._get
('/api/rgw/user/teuth-test-user/quota')
750 self
.assertStatus(200)
751 self
._assert
_quota
(data
)
753 def test_set_user_quota(self
):
755 '/api/rgw/user/teuth-test-user/quota',
757 'quota_type': 'user',
762 self
.assertStatus(200)
764 data
= self
._get
('/api/rgw/user/teuth-test-user/quota')
765 self
.assertStatus(200)
766 self
._assert
_quota
(data
)
767 self
.assertEqual(data
['user_quota']['max_objects'], 101)
768 self
.assertTrue(data
['user_quota']['enabled'])
769 self
.assertEqual(data
['user_quota']['max_size_kb'], 2048)
771 def test_set_bucket_quota(self
):
773 '/api/rgw/user/teuth-test-user/quota',
775 'quota_type': 'bucket',
780 self
.assertStatus(200)
782 data
= self
._get
('/api/rgw/user/teuth-test-user/quota')
783 self
.assertStatus(200)
784 self
._assert
_quota
(data
)
785 self
.assertEqual(data
['bucket_quota']['max_objects'], 2000)
786 self
.assertFalse(data
['bucket_quota']['enabled'])
787 self
.assertEqual(data
['bucket_quota']['max_size_kb'], 4096)
790 class RgwUserSubuserTest(RgwTestCase
):
792 AUTH_ROLES
= ['rgw-manager']
796 cls
.create_test_user
= True
797 super(RgwUserSubuserTest
, cls
).setUpClass()
799 def test_create_swift(self
):
801 '/api/rgw/user/teuth-test-user/subuser',
804 'access': 'readwrite',
807 self
.assertStatus(201)
808 data
= self
.jsonBody()
809 subuser
= self
.find_object_in_list('id', 'teuth-test-user:tux', data
)
810 self
.assertIsInstance(subuser
, object)
811 self
.assertEqual(subuser
['permissions'], 'read-write')
813 # Get the user data to validate the keys.
814 data
= self
.get_rgw_user('teuth-test-user')
815 self
.assertStatus(200)
816 key
= self
.find_object_in_list('user', 'teuth-test-user:tux',
818 self
.assertIsInstance(key
, object)
820 def test_create_s3(self
):
822 '/api/rgw/user/teuth-test-user/subuser',
826 'generate_secret': 'false',
830 self
.assertStatus(201)
831 data
= self
.jsonBody()
832 subuser
= self
.find_object_in_list('id', 'teuth-test-user:hugo', data
)
833 self
.assertIsInstance(subuser
, object)
834 self
.assertEqual(subuser
['permissions'], 'write')
836 # Get the user data to validate the keys.
837 data
= self
.get_rgw_user('teuth-test-user')
838 self
.assertStatus(200)
839 key
= self
.find_object_in_list('user', 'teuth-test-user:hugo',
841 self
.assertIsInstance(key
, object)
842 self
.assertEqual(key
['secret_key'], 'xxx')
844 def test_delete_w_purge(self
):
846 '/api/rgw/user/teuth-test-user/subuser/teuth-test-subuser2')
847 self
.assertStatus(204)
849 # Get the user data to check that the keys don't exist anymore.
850 data
= self
.get_rgw_user('teuth-test-user')
851 self
.assertStatus(200)
852 key
= self
.find_object_in_list(
853 'user', 'teuth-test-user:teuth-test-subuser2', data
['swift_keys'])
854 self
.assertIsNone(key
)
856 def test_delete_wo_purge(self
):
858 '/api/rgw/user/teuth-test-user/subuser/teuth-test-subuser',
859 params
={'purge_keys': 'false'})
860 self
.assertStatus(204)
862 # Get the user data to check whether they keys still exist.
863 data
= self
.get_rgw_user('teuth-test-user')
864 self
.assertStatus(200)
865 key
= self
.find_object_in_list(
866 'user', 'teuth-test-user:teuth-test-subuser', data
['keys'])
867 self
.assertIsInstance(key
, object)