]>
git.proxmox.com Git - ceph.git/blob - ceph/qa/tasks/mgr/dashboard/test_rgw.py
6f1acebece78d0fc220069d0f782698c38c03231
1 # -*- coding: utf-8 -*-
2 from __future__
import absolute_import
8 from cryptography
.hazmat
.backends
import default_backend
9 from cryptography
.hazmat
.primitives
.twofactor
.totp
import TOTP
10 from cryptography
.hazmat
.primitives
.hashes
import SHA1
11 from six
.moves
.urllib
import parse
13 from .helper
import DashboardTestCase
, JObj
, JList
, JLeaf
15 logger
= logging
.getLogger(__name__
)
18 class RgwTestCase(DashboardTestCase
):
21 create_test_user
= False
23 AUTH_ROLES
= ['rgw-manager']
27 super(RgwTestCase
, cls
).setUpClass()
28 # Create the administrator account.
29 cls
._radosgw
_admin
_cmd
([
30 'user', 'create', '--uid', 'admin', '--display-name', 'admin',
31 '--system', '--access-key', 'admin', '--secret', 'admin'
33 # Update the dashboard configuration.
34 cls
._ceph
_cmd
(['dashboard', 'set-rgw-api-user-id', 'admin'])
35 cls
._ceph
_cmd
(['dashboard', 'set-rgw-api-secret-key', 'admin'])
36 cls
._ceph
_cmd
(['dashboard', 'set-rgw-api-access-key', 'admin'])
38 if cls
.create_test_user
:
39 cls
._radosgw
_admin
_cmd
([
40 'user', 'create', '--uid', 'teuth-test-user', '--display-name',
43 cls
._radosgw
_admin
_cmd
([
44 'caps', 'add', '--uid', 'teuth-test-user', '--caps',
47 cls
._radosgw
_admin
_cmd
([
48 'subuser', 'create', '--uid', 'teuth-test-user', '--subuser',
49 'teuth-test-subuser', '--access', 'full', '--key-type', 's3',
50 '--access-key', 'xyz123'
52 cls
._radosgw
_admin
_cmd
([
53 'subuser', 'create', '--uid', 'teuth-test-user', '--subuser',
54 'teuth-test-subuser2', '--access', 'full', '--key-type',
59 def tearDownClass(cls
):
60 # Delete administrator account.
61 cls
._radosgw
_admin
_cmd
(['user', 'rm', '--uid', 'admin'])
62 if cls
.create_test_user
:
63 cls
._radosgw
_admin
_cmd
(['user', 'rm', '--uid=teuth-test-user', '--purge-data'])
64 super(RgwTestCase
, cls
).tearDownClass()
66 def get_rgw_user(self
, uid
):
67 return self
._get
('/api/rgw/user/{}'.format(uid
))
70 class RgwApiCredentialsTest(RgwTestCase
):
72 AUTH_ROLES
= ['rgw-manager']
75 super(RgwApiCredentialsTest
, self
).setUp()
76 # Restart the Dashboard module to ensure that the connection to the
77 # RGW Admin Ops API is re-established with the new credentials.
79 self
._ceph
_cmd
(['mgr', 'module', 'disable', 'dashboard'])
80 self
._ceph
_cmd
(['mgr', 'module', 'enable', 'dashboard', '--force'])
81 # Set the default credentials.
82 self
._ceph
_cmd
(['dashboard', 'set-rgw-api-user-id', ''])
83 self
._ceph
_cmd
(['dashboard', 'set-rgw-api-secret-key', 'admin'])
84 self
._ceph
_cmd
(['dashboard', 'set-rgw-api-access-key', 'admin'])
85 super(RgwApiCredentialsTest
, self
).setUp()
87 def test_no_access_secret_key(self
):
88 self
._ceph
_cmd
(['dashboard', 'set-rgw-api-secret-key', ''])
89 self
._ceph
_cmd
(['dashboard', 'set-rgw-api-access-key', ''])
90 resp
= self
._get
('/api/rgw/user')
91 self
.assertStatus(500)
92 self
.assertIn('detail', resp
)
93 self
.assertIn('component', resp
)
94 self
.assertIn('No RGW credentials found', resp
['detail'])
95 self
.assertEqual(resp
['component'], 'rgw')
97 def test_success(self
):
98 data
= self
._get
('/api/rgw/status')
99 self
.assertStatus(200)
100 self
.assertIn('available', data
)
101 self
.assertIn('message', data
)
102 self
.assertTrue(data
['available'])
104 def test_invalid_user_id(self
):
105 self
._ceph
_cmd
(['dashboard', 'set-rgw-api-user-id', 'xyz'])
106 data
= self
._get
('/api/rgw/status')
107 self
.assertStatus(200)
108 self
.assertIn('available', data
)
109 self
.assertIn('message', data
)
110 self
.assertFalse(data
['available'])
111 self
.assertIn('The user "xyz" is unknown to the Object Gateway.',
115 class RgwSiteTest(RgwTestCase
):
117 AUTH_ROLES
= ['rgw-manager']
119 def test_get_placement_targets(self
):
120 data
= self
._get
('/api/rgw/site?query=placement-targets')
121 self
.assertStatus(200)
122 self
.assertSchema(data
, JObj({
124 'placement_targets': JList(JObj({
130 def test_get_realms(self
):
131 data
= self
._get
('/api/rgw/site?query=realms')
132 self
.assertStatus(200)
133 self
.assertSchema(data
, JList(str))
136 class RgwBucketTest(RgwTestCase
):
138 _mfa_token_serial
= '1'
139 _mfa_token_seed
= '23456723'
140 _mfa_token_time_step
= 2
142 AUTH_ROLES
= ['rgw-manager']
146 cls
.create_test_user
= True
147 super(RgwBucketTest
, cls
).setUpClass()
148 # Create MFA TOTP token for test user.
149 cls
._radosgw
_admin
_cmd
([
150 'mfa', 'create', '--uid', 'teuth-test-user', '--totp-serial', cls
._mfa
_token
_serial
,
151 '--totp-seed', cls
._mfa
_token
_seed
, '--totp-seed-type', 'base32',
152 '--totp-seconds', str(cls
._mfa
_token
_time
_step
), '--totp-window', '1'
154 # Create tenanted users.
155 cls
._radosgw
_admin
_cmd
([
156 'user', 'create', '--tenant', 'testx', '--uid', 'teuth-test-user',
157 '--display-name', 'tenanted teuth-test-user'
159 cls
._radosgw
_admin
_cmd
([
160 'user', 'create', '--tenant', 'testx2', '--uid', 'teuth-test-user2',
161 '--display-name', 'tenanted teuth-test-user 2'
165 def tearDownClass(cls
):
166 cls
._radosgw
_admin
_cmd
(
167 ['user', 'rm', '--tenant', 'testx', '--uid=teuth-test-user', '--purge-data'])
168 cls
._radosgw
_admin
_cmd
(
169 ['user', 'rm', '--tenant', 'testx2', '--uid=teuth-test-user2', '--purge-data'])
170 super(RgwBucketTest
, cls
).tearDownClass()
172 def _get_mfa_token_pin(self
):
173 totp_key
= base64
.b32decode(self
._mfa
_token
_seed
)
174 totp
= TOTP(totp_key
, 6, SHA1(), self
._mfa
_token
_time
_step
, backend
=default_backend(),
175 enforce_key_length
=False)
176 time_value
= int(time
.time())
177 return totp
.generate(time_value
)
180 # Create a new bucket.
184 'bucket': 'teuth-test-bucket',
186 'zonegroup': 'default',
187 'placement_target': 'default-placement'
189 self
.assertStatus(201)
190 data
= self
.jsonBody()
191 self
.assertSchema(data
, JObj(sub_elems
={
192 'bucket_info': JObj(sub_elems
={
193 'bucket': JObj(allow_unknown
=True, sub_elems
={
195 'bucket_id': JLeaf(str),
198 'quota': JObj(sub_elems
={}, allow_unknown
=True),
199 'creation_time': JLeaf(str)
200 }, allow_unknown
=True)
201 }, allow_unknown
=True))
202 data
= data
['bucket_info']['bucket']
203 self
.assertEqual(data
['name'], 'teuth-test-bucket')
204 self
.assertEqual(data
['tenant'], '')
207 data
= self
._get
('/api/rgw/bucket')
208 self
.assertStatus(200)
209 self
.assertEqual(len(data
), 1)
210 self
.assertIn('teuth-test-bucket', data
)
212 # List all buckets with stats.
213 data
= self
._get
('/api/rgw/bucket?stats=true')
214 self
.assertStatus(200)
215 self
.assertEqual(len(data
), 1)
216 self
.assertSchema(data
[0], JObj(sub_elems
={
218 'bucket': JLeaf(str),
219 'bucket_quota': JObj(sub_elems
={}, allow_unknown
=True),
222 'usage': JObj(sub_elems
={}, allow_unknown
=True),
223 'tenant': JLeaf(str),
224 }, allow_unknown
=True))
227 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
228 self
.assertStatus(200)
229 self
.assertSchema(data
, JObj(sub_elems
={
232 'tenant': JLeaf(str),
233 'bucket': JLeaf(str),
234 'bucket_quota': JObj(sub_elems
={}, allow_unknown
=True),
236 'mfa_delete': JLeaf(str),
237 'usage': JObj(sub_elems
={}, allow_unknown
=True),
238 'versioning': JLeaf(str)
239 }, allow_unknown
=True))
240 self
.assertEqual(data
['bucket'], 'teuth-test-bucket')
241 self
.assertEqual(data
['owner'], 'admin')
242 self
.assertEqual(data
['placement_rule'], 'default-placement')
243 self
.assertEqual(data
['versioning'], 'Suspended')
245 # Update bucket: change owner, enable versioning.
247 '/api/rgw/bucket/teuth-test-bucket',
249 'bucket_id': data
['id'],
250 'uid': 'teuth-test-user',
251 'versioning_state': 'Enabled'
253 self
.assertStatus(200)
254 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
255 self
.assertStatus(200)
256 self
.assertSchema(data
, JObj(sub_elems
={
260 }, allow_unknown
=True))
261 self
.assertEqual(data
['owner'], 'teuth-test-user')
262 self
.assertEqual(data
['versioning'], 'Enabled')
264 # Update bucket: enable MFA Delete.
266 '/api/rgw/bucket/teuth-test-bucket',
268 'bucket_id': data
['id'],
269 'uid': 'teuth-test-user',
270 'versioning_state': 'Enabled',
271 'mfa_delete': 'Enabled',
272 'mfa_token_serial': self
._mfa
_token
_serial
,
273 'mfa_token_pin': self
._get
_mfa
_token
_pin
()
275 self
.assertStatus(200)
276 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
277 self
.assertStatus(200)
278 self
.assertEqual(data
['versioning'], 'Enabled')
279 self
.assertEqual(data
['mfa_delete'], 'Enabled')
281 # Update bucket: disable versioning & MFA Delete.
282 time
.sleep(self
._mfa
_token
_time
_step
* 3) # Required to get new TOTP pin.
284 '/api/rgw/bucket/teuth-test-bucket',
286 'bucket_id': data
['id'],
287 'uid': 'teuth-test-user',
288 'versioning_state': 'Suspended',
289 'mfa_delete': 'Disabled',
290 'mfa_token_serial': self
._mfa
_token
_serial
,
291 'mfa_token_pin': self
._get
_mfa
_token
_pin
()
293 self
.assertStatus(200)
294 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
295 self
.assertStatus(200)
296 self
.assertEqual(data
['versioning'], 'Suspended')
297 self
.assertEqual(data
['mfa_delete'], 'Disabled')
300 self
._delete
('/api/rgw/bucket/teuth-test-bucket')
301 self
.assertStatus(204)
302 data
= self
._get
('/api/rgw/bucket')
303 self
.assertStatus(200)
304 self
.assertEqual(len(data
), 0)
306 def test_crud_w_tenant(self
):
307 # Create a new bucket. The tenant of the user is used when
308 # the bucket is created.
312 'bucket': 'teuth-test-bucket',
313 'uid': 'testx$teuth-test-user',
314 'zonegroup': 'default',
315 'placement_target': 'default-placement'
317 self
.assertStatus(201)
318 # It's not possible to validate the result because there
319 # IS NO result object returned by the RGW Admin OPS API
320 # when a tenanted bucket is created.
321 data
= self
.jsonBody()
322 self
.assertIsNone(data
)
325 data
= self
._get
('/api/rgw/bucket')
326 self
.assertStatus(200)
327 self
.assertEqual(len(data
), 1)
328 self
.assertIn('testx/teuth-test-bucket', data
)
330 def _verify_tenant_bucket(bucket
, tenant
, uid
):
331 full_bucket_name
= '{}/{}'.format(tenant
, bucket
)
332 _data
= self
._get
('/api/rgw/bucket/{}'.format(
333 parse
.quote_plus(full_bucket_name
)))
334 self
.assertStatus(200)
335 self
.assertSchema(_data
, JObj(sub_elems
={
337 'bucket': JLeaf(str),
338 'tenant': JLeaf(str),
340 }, allow_unknown
=True))
341 self
.assertEqual(_data
['owner'], '{}${}'.format(tenant
, uid
))
342 self
.assertEqual(_data
['bucket'], bucket
)
343 self
.assertEqual(_data
['tenant'], tenant
)
344 self
.assertEqual(_data
['bid'], full_bucket_name
)
348 data
= _verify_tenant_bucket('teuth-test-bucket', 'testx', 'teuth-test-user')
349 self
.assertEqual(data
['placement_rule'], 'default-placement')
350 self
.assertEqual(data
['versioning'], 'Suspended')
352 # Update bucket: different user with different tenant, enable versioning.
354 '/api/rgw/bucket/{}'.format(
355 parse
.quote_plus('testx/teuth-test-bucket')),
357 'bucket_id': data
['id'],
358 'uid': 'testx2$teuth-test-user2',
359 'versioning_state': 'Enabled'
361 data
= _verify_tenant_bucket('teuth-test-bucket', 'testx2', 'teuth-test-user2')
362 self
.assertEqual(data
['versioning'], 'Enabled')
364 # Change owner to a non-tenanted user
366 '/api/rgw/bucket/{}'.format(
367 parse
.quote_plus('testx2/teuth-test-bucket')),
369 'bucket_id': data
['id'],
372 self
.assertStatus(200)
373 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
374 self
.assertStatus(200)
375 self
.assertIn('owner', data
)
376 self
.assertEqual(data
['owner'], 'admin')
377 self
.assertEqual(data
['tenant'], '')
378 self
.assertEqual(data
['bucket'], 'teuth-test-bucket')
379 self
.assertEqual(data
['bid'], 'teuth-test-bucket')
380 self
.assertEqual(data
['versioning'], 'Enabled')
382 # Change owner back to tenanted user, suspend versioning.
384 '/api/rgw/bucket/teuth-test-bucket',
386 'bucket_id': data
['id'],
387 'uid': 'testx$teuth-test-user',
388 'versioning_state': 'Suspended'
390 self
.assertStatus(200)
391 data
= _verify_tenant_bucket('teuth-test-bucket', 'testx', 'teuth-test-user')
392 self
.assertEqual(data
['versioning'], 'Suspended')
395 self
._delete
('/api/rgw/bucket/{}'.format(
396 parse
.quote_plus('testx/teuth-test-bucket')))
397 self
.assertStatus(204)
398 data
= self
._get
('/api/rgw/bucket')
399 self
.assertStatus(200)
400 self
.assertEqual(len(data
), 0)
402 def test_crud_w_locking(self
):
404 self
._post
('/api/rgw/bucket',
406 'bucket': 'teuth-test-bucket',
407 'uid': 'teuth-test-user',
408 'zonegroup': 'default',
409 'placement_target': 'default-placement',
410 'lock_enabled': 'true',
411 'lock_mode': 'GOVERNANCE',
412 'lock_retention_period_days': '0',
413 'lock_retention_period_years': '1'
415 self
.assertStatus(201)
417 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
418 self
.assertStatus(200)
422 'lock_enabled': JLeaf(bool),
423 'lock_mode': JLeaf(str),
424 'lock_retention_period_days': JLeaf(int),
425 'lock_retention_period_years': JLeaf(int)
428 self
.assertTrue(data
['lock_enabled'])
429 self
.assertEqual(data
['lock_mode'], 'GOVERNANCE')
430 self
.assertEqual(data
['lock_retention_period_days'], 0)
431 self
.assertEqual(data
['lock_retention_period_years'], 1)
433 self
._put
('/api/rgw/bucket/teuth-test-bucket',
435 'bucket_id': data
['id'],
436 'uid': 'teuth-test-user',
437 'lock_mode': 'COMPLIANCE',
438 'lock_retention_period_days': '15',
439 'lock_retention_period_years': '0'
441 self
.assertStatus(200)
442 data
= self
._get
('/api/rgw/bucket/teuth-test-bucket')
443 self
.assertTrue(data
['lock_enabled'])
444 self
.assertEqual(data
['lock_mode'], 'COMPLIANCE')
445 self
.assertEqual(data
['lock_retention_period_days'], 15)
446 self
.assertEqual(data
['lock_retention_period_years'], 0)
447 self
.assertStatus(200)
449 self
._delete
('/api/rgw/bucket/teuth-test-bucket')
450 self
.assertStatus(204)
453 class RgwDaemonTest(RgwTestCase
):
455 AUTH_ROLES
= ['rgw-manager']
457 @DashboardTestCase.RunAs('test', 'test', [{
458 'rgw': ['create', 'update', 'delete']
460 def test_read_access_permissions(self
):
461 self
._get
('/api/rgw/daemon')
462 self
.assertStatus(403)
463 self
._get
('/api/rgw/daemon/id')
464 self
.assertStatus(403)
467 data
= self
._get
('/api/rgw/daemon')
468 self
.assertStatus(200)
469 self
.assertEqual(len(data
), 1)
471 self
.assertIn('id', data
)
472 self
.assertIn('version', data
)
473 self
.assertIn('server_hostname', data
)
476 data
= self
._get
('/api/rgw/daemon')
477 self
.assertStatus(200)
479 data
= self
._get
('/api/rgw/daemon/{}'.format(data
[0]['id']))
480 self
.assertStatus(200)
481 self
.assertIn('rgw_metadata', data
)
482 self
.assertIn('rgw_id', data
)
483 self
.assertIn('rgw_status', data
)
484 self
.assertTrue(data
['rgw_metadata'])
486 def test_status(self
):
487 data
= self
._get
('/api/rgw/status')
488 self
.assertStatus(200)
489 self
.assertIn('available', data
)
490 self
.assertIn('message', data
)
491 self
.assertTrue(data
['available'])
494 class RgwUserTest(RgwTestCase
):
496 AUTH_ROLES
= ['rgw-manager']
500 super(RgwUserTest
, cls
).setUpClass()
502 def _assert_user_data(self
, data
):
503 self
.assertSchema(data
, JObj(sub_elems
={
504 'caps': JList(JObj(sub_elems
={}, allow_unknown
=True)),
505 'display_name': JLeaf(str),
507 'keys': JList(JObj(sub_elems
={}, allow_unknown
=True)),
508 'max_buckets': JLeaf(int),
509 'subusers': JList(JLeaf(str)),
510 'suspended': JLeaf(int),
511 'swift_keys': JList(JObj(sub_elems
={}, allow_unknown
=True)),
512 'tenant': JLeaf(str),
513 'user_id': JLeaf(str),
515 }, allow_unknown
=True))
516 self
.assertGreaterEqual(len(data
['keys']), 1)
519 data
= self
.get_rgw_user('admin')
520 self
.assertStatus(200)
521 self
._assert
_user
_data
(data
)
522 self
.assertEqual(data
['user_id'], 'admin')
525 data
= self
._get
('/api/rgw/user')
526 self
.assertStatus(200)
527 self
.assertGreaterEqual(len(data
), 1)
528 self
.assertIn('admin', data
)
530 def test_get_emails(self
):
531 data
= self
._get
('/api/rgw/user/get_emails')
532 self
.assertStatus(200)
533 self
.assertSchema(data
, JList(str))
535 def test_create_get_update_delete(self
):
537 self
._post
('/api/rgw/user', params
={
538 'uid': 'teuth-test-user',
539 'display_name': 'display name'
541 self
.assertStatus(201)
542 data
= self
.jsonBody()
543 self
._assert
_user
_data
(data
)
544 self
.assertEqual(data
['user_id'], 'teuth-test-user')
545 self
.assertEqual(data
['display_name'], 'display name')
548 data
= self
.get_rgw_user('teuth-test-user')
549 self
.assertStatus(200)
550 self
._assert
_user
_data
(data
)
551 self
.assertEqual(data
['tenant'], '')
552 self
.assertEqual(data
['user_id'], 'teuth-test-user')
553 self
.assertEqual(data
['uid'], 'teuth-test-user')
557 '/api/rgw/user/teuth-test-user',
558 params
={'display_name': 'new name'})
559 self
.assertStatus(200)
560 data
= self
.jsonBody()
561 self
._assert
_user
_data
(data
)
562 self
.assertEqual(data
['display_name'], 'new name')
565 self
._delete
('/api/rgw/user/teuth-test-user')
566 self
.assertStatus(204)
567 self
.get_rgw_user('teuth-test-user')
568 self
.assertStatus(500)
569 resp
= self
.jsonBody()
570 self
.assertIn('detail', resp
)
571 self
.assertIn('failed request with status code 404', resp
['detail'])
572 self
.assertIn('"Code":"NoSuchUser"', resp
['detail'])
573 self
.assertIn('"HostId"', resp
['detail'])
574 self
.assertIn('"RequestId"', resp
['detail'])
576 def test_create_get_update_delete_w_tenant(self
):
581 'uid': 'test01$teuth-test-user',
582 'display_name': 'display name'
584 self
.assertStatus(201)
585 data
= self
.jsonBody()
586 self
._assert
_user
_data
(data
)
587 self
.assertEqual(data
['user_id'], 'teuth-test-user')
588 self
.assertEqual(data
['display_name'], 'display name')
591 data
= self
.get_rgw_user('test01$teuth-test-user')
592 self
.assertStatus(200)
593 self
._assert
_user
_data
(data
)
594 self
.assertEqual(data
['tenant'], 'test01')
595 self
.assertEqual(data
['user_id'], 'teuth-test-user')
596 self
.assertEqual(data
['uid'], 'test01$teuth-test-user')
600 '/api/rgw/user/test01$teuth-test-user',
601 params
={'display_name': 'new name'})
602 self
.assertStatus(200)
603 data
= self
.jsonBody()
604 self
._assert
_user
_data
(data
)
605 self
.assertEqual(data
['display_name'], 'new name')
608 self
._delete
('/api/rgw/user/test01$teuth-test-user')
609 self
.assertStatus(204)
610 self
.get_rgw_user('test01$teuth-test-user')
611 self
.assertStatus(500)
612 resp
= self
.jsonBody()
613 self
.assertIn('detail', resp
)
614 self
.assertIn('failed request with status code 404', resp
['detail'])
615 self
.assertIn('"Code":"NoSuchUser"', resp
['detail'])
616 self
.assertIn('"HostId"', resp
['detail'])
617 self
.assertIn('"RequestId"', resp
['detail'])
620 class RgwUserCapabilityTest(RgwTestCase
):
622 AUTH_ROLES
= ['rgw-manager']
626 cls
.create_test_user
= True
627 super(RgwUserCapabilityTest
, cls
).setUpClass()
631 '/api/rgw/user/teuth-test-user/capability',
636 self
.assertStatus(201)
637 data
= self
.jsonBody()
638 self
.assertEqual(len(data
), 1)
640 self
.assertEqual(data
['type'], 'usage')
641 self
.assertEqual(data
['perm'], 'read')
643 # Get the user data to validate the capabilities.
644 data
= self
.get_rgw_user('teuth-test-user')
645 self
.assertStatus(200)
646 self
.assertGreaterEqual(len(data
['caps']), 1)
647 self
.assertEqual(data
['caps'][0]['type'], 'usage')
648 self
.assertEqual(data
['caps'][0]['perm'], 'read')
650 def test_delete(self
):
652 '/api/rgw/user/teuth-test-user/capability',
657 self
.assertStatus(204)
659 # Get the user data to validate the capabilities.
660 data
= self
.get_rgw_user('teuth-test-user')
661 self
.assertStatus(200)
662 self
.assertEqual(len(data
['caps']), 0)
665 class RgwUserKeyTest(RgwTestCase
):
667 AUTH_ROLES
= ['rgw-manager']
671 cls
.create_test_user
= True
672 super(RgwUserKeyTest
, cls
).setUpClass()
674 def test_create_s3(self
):
676 '/api/rgw/user/teuth-test-user/key',
679 'generate_key': 'false',
680 'access_key': 'abc987',
681 'secret_key': 'aaabbbccc'
683 data
= self
.jsonBody()
684 self
.assertStatus(201)
685 self
.assertGreaterEqual(len(data
), 3)
686 key
= self
.find_object_in_list('access_key', 'abc987', data
)
687 self
.assertIsInstance(key
, object)
688 self
.assertEqual(key
['secret_key'], 'aaabbbccc')
690 def test_create_swift(self
):
692 '/api/rgw/user/teuth-test-user/key',
695 'subuser': 'teuth-test-subuser',
696 'generate_key': 'false',
697 'secret_key': 'xxxyyyzzz'
699 data
= self
.jsonBody()
700 self
.assertStatus(201)
701 self
.assertGreaterEqual(len(data
), 2)
702 key
= self
.find_object_in_list('secret_key', 'xxxyyyzzz', data
)
703 self
.assertIsInstance(key
, object)
705 def test_delete_s3(self
):
707 '/api/rgw/user/teuth-test-user/key',
710 'access_key': 'xyz123'
712 self
.assertStatus(204)
714 def test_delete_swift(self
):
716 '/api/rgw/user/teuth-test-user/key',
719 'subuser': 'teuth-test-user:teuth-test-subuser2'
721 self
.assertStatus(204)
724 class RgwUserQuotaTest(RgwTestCase
):
726 AUTH_ROLES
= ['rgw-manager']
730 cls
.create_test_user
= True
731 super(RgwUserQuotaTest
, cls
).setUpClass()
733 def _assert_quota(self
, data
):
734 self
.assertIn('user_quota', data
)
735 self
.assertIn('max_objects', data
['user_quota'])
736 self
.assertIn('enabled', data
['user_quota'])
737 self
.assertIn('max_size_kb', data
['user_quota'])
738 self
.assertIn('max_size', data
['user_quota'])
739 self
.assertIn('bucket_quota', data
)
740 self
.assertIn('max_objects', data
['bucket_quota'])
741 self
.assertIn('enabled', data
['bucket_quota'])
742 self
.assertIn('max_size_kb', data
['bucket_quota'])
743 self
.assertIn('max_size', data
['bucket_quota'])
745 def test_get_quota(self
):
746 data
= self
._get
('/api/rgw/user/teuth-test-user/quota')
747 self
.assertStatus(200)
748 self
._assert
_quota
(data
)
750 def test_set_user_quota(self
):
752 '/api/rgw/user/teuth-test-user/quota',
754 'quota_type': 'user',
759 self
.assertStatus(200)
761 data
= self
._get
('/api/rgw/user/teuth-test-user/quota')
762 self
.assertStatus(200)
763 self
._assert
_quota
(data
)
764 self
.assertEqual(data
['user_quota']['max_objects'], 101)
765 self
.assertTrue(data
['user_quota']['enabled'])
766 self
.assertEqual(data
['user_quota']['max_size_kb'], 2048)
768 def test_set_bucket_quota(self
):
770 '/api/rgw/user/teuth-test-user/quota',
772 'quota_type': 'bucket',
777 self
.assertStatus(200)
779 data
= self
._get
('/api/rgw/user/teuth-test-user/quota')
780 self
.assertStatus(200)
781 self
._assert
_quota
(data
)
782 self
.assertEqual(data
['bucket_quota']['max_objects'], 2000)
783 self
.assertFalse(data
['bucket_quota']['enabled'])
784 self
.assertEqual(data
['bucket_quota']['max_size_kb'], 4096)
787 class RgwUserSubuserTest(RgwTestCase
):
789 AUTH_ROLES
= ['rgw-manager']
793 cls
.create_test_user
= True
794 super(RgwUserSubuserTest
, cls
).setUpClass()
796 def test_create_swift(self
):
798 '/api/rgw/user/teuth-test-user/subuser',
801 'access': 'readwrite',
804 self
.assertStatus(201)
805 data
= self
.jsonBody()
806 subuser
= self
.find_object_in_list('id', 'teuth-test-user:tux', data
)
807 self
.assertIsInstance(subuser
, object)
808 self
.assertEqual(subuser
['permissions'], 'read-write')
810 # Get the user data to validate the keys.
811 data
= self
.get_rgw_user('teuth-test-user')
812 self
.assertStatus(200)
813 key
= self
.find_object_in_list('user', 'teuth-test-user:tux',
815 self
.assertIsInstance(key
, object)
817 def test_create_s3(self
):
819 '/api/rgw/user/teuth-test-user/subuser',
823 'generate_secret': 'false',
827 self
.assertStatus(201)
828 data
= self
.jsonBody()
829 subuser
= self
.find_object_in_list('id', 'teuth-test-user:hugo', data
)
830 self
.assertIsInstance(subuser
, object)
831 self
.assertEqual(subuser
['permissions'], 'write')
833 # Get the user data to validate the keys.
834 data
= self
.get_rgw_user('teuth-test-user')
835 self
.assertStatus(200)
836 key
= self
.find_object_in_list('user', 'teuth-test-user:hugo',
838 self
.assertIsInstance(key
, object)
839 self
.assertEqual(key
['secret_key'], 'xxx')
841 def test_delete_w_purge(self
):
843 '/api/rgw/user/teuth-test-user/subuser/teuth-test-subuser2')
844 self
.assertStatus(204)
846 # Get the user data to check that the keys don't exist anymore.
847 data
= self
.get_rgw_user('teuth-test-user')
848 self
.assertStatus(200)
849 key
= self
.find_object_in_list(
850 'user', 'teuth-test-user:teuth-test-subuser2', data
['swift_keys'])
851 self
.assertIsNone(key
)
853 def test_delete_wo_purge(self
):
855 '/api/rgw/user/teuth-test-user/subuser/teuth-test-subuser',
856 params
={'purge_keys': 'false'})
857 self
.assertStatus(204)
859 # Get the user data to check whether they keys still exist.
860 data
= self
.get_rgw_user('teuth-test-user')
861 self
.assertStatus(200)
862 key
= self
.find_object_in_list(
863 'user', 'teuth-test-user:teuth-test-subuser', data
['keys'])
864 self
.assertIsInstance(key
, object)