Merge branch 'testCW' of git.corp.cloudwatt.com:nassim.babaci/swiftpolicy into testCW
Conflicts: tests/test_CWpolicy.sh
This commit is contained in:
Nassim Babaci
commit
79d370a866
|
|
@ -13,17 +13,23 @@ OS_AUTH_URL=http://localhost:5000/v2.0
|
|||
CW_ROLE1=upload_disabled
|
||||
CW_ROLE2=remove_only
|
||||
CW_USER=cwuser
|
||||
CW_SUPPORT=support
|
||||
|
||||
# Create user, tenant, roles
|
||||
# Create users, tenant, roles
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone tenant-create --name $CW_USER
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-create --name $CW_ROLE1
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-create --name $CW_ROLE2
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-create --name $CW_SUPPORT
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-create --name $CW_USER --tenant $CW_USER --pass $CW_USER --enabled true
|
||||
# support user
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-create --name $CW_SUPPORT --pass $CW_SUPPORT --enabled true
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_SUPPORT --tenant $CW_USER --role $CW_SUPPORT
|
||||
|
||||
# Let's do regular stuff first
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role Member
|
||||
|
||||
echo "testy test" > testytest
|
||||
echo "* Regular user"
|
||||
echo "Testing uploading an object/container"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj1 container1 testytest
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name delobj1 todelete testytest
|
||||
|
|
@ -34,12 +40,16 @@ OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$O
|
|||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
|
||||
echo "Testing deleting delobj3"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj3
|
||||
echo "Testing download - object"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
|
||||
echo "Testing download - container"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1
|
||||
|
||||
echo ""
|
||||
# Now prevent uploads
|
||||
echo "Applying $CW_ROLE1"
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role $CW_ROLE1
|
||||
echo "Testing upload"
|
||||
echo "* Testing upload"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj2 container1 testytest
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Upload forbidden, all good"
|
||||
|
|
@ -47,23 +57,25 @@ else
|
|||
echo "FAIL - User can upload data"
|
||||
fi;
|
||||
# pass
|
||||
echo "Testing listing container1"
|
||||
echo "* Testing listing container1"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift list container1
|
||||
# pass
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
|
||||
# pass
|
||||
echo "Testing deletion"
|
||||
echo "* Testing deletion"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj2
|
||||
# pass
|
||||
echo "Testing download"
|
||||
echo "* Testing download - object"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
|
||||
echo "* Testing download - container"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1
|
||||
|
||||
echo ""
|
||||
# Now authorize file removal only
|
||||
echo "Applying $CW_ROLE2"
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-remove --user $CW_USER --tenant $CW_USER --role $CW_ROLE1
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-role-add --user $CW_USER --tenant $CW_USER --role $CW_ROLE2
|
||||
echo "Testing upload"
|
||||
echo "* Testing upload"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj2 container1 testytest
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Upload forbidden, all good"
|
||||
|
|
@ -71,30 +83,79 @@ else
|
|||
echo "FAIL - User can upload data"
|
||||
fi;
|
||||
# pass
|
||||
echo "Testing listing container1"
|
||||
echo "* Testing listing container1"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift list container1
|
||||
# pass
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift stat
|
||||
# pass
|
||||
echo "Testing deleting delobj1"
|
||||
echo "* Testing deleting delobj1"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj1
|
||||
# fail
|
||||
echo "Testing downloading object"
|
||||
echo "* Testing downloading object"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Download forbidden, all good"
|
||||
else
|
||||
echo "FAIL - User can download data"
|
||||
fi;
|
||||
echo "* Testing downloading container"
|
||||
OS_USERNAME=$CW_USER OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_USER OS_AUTH_URL=$OS_AUTH_URL swift download container1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Download forbidden, all good"
|
||||
else
|
||||
echo "FAIL - User can download data"
|
||||
fi;
|
||||
|
||||
|
||||
echo ""
|
||||
# Testing support access
|
||||
echo "Testing support user"
|
||||
echo "* Testing upload"
|
||||
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift upload --object-name obj2 container1 testytest
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Upload forbidden, all good"
|
||||
else
|
||||
echo "FAIL - User can upload data"
|
||||
fi;
|
||||
# pass
|
||||
echo "* Testing listing container1"
|
||||
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift list container1
|
||||
# pass
|
||||
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift stat
|
||||
# fail
|
||||
echo "* Testing deleting delobj1"
|
||||
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift delete todelete delobj1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Delete forbidden, all good"
|
||||
else
|
||||
echo "FAIL - User can delete data"
|
||||
fi;
|
||||
# fail
|
||||
echo "* Testing downloading object"
|
||||
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift download container1 obj1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Download forbidden, all good"
|
||||
else
|
||||
echo "FAIL - User can download data"
|
||||
fi;
|
||||
echo "* Testing downloading container"
|
||||
OS_USERNAME=$CW_SUPPORT OS_TENANT_NAME=$CW_USER OS_PASSWORD=$CW_SUPPORT OS_AUTH_URL=$OS_AUTH_URL swift download container1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Download forbidden, all good"
|
||||
else
|
||||
echo "FAIL - User can download data"
|
||||
fi;
|
||||
|
||||
|
||||
# cleanup
|
||||
cleanup () {
|
||||
rm testytest obj1
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-delete $CW_SUPPORT
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone user-delete $CW_USER
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone tenant-delete $CW_USER
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-delete $CW_ROLE1
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-delete $CW_ROLE2
|
||||
OS_USERNAME=$OS_ADMIN OS_TENANT_NAME=$OS_ADMIN_TENANT OS_PASSWORD=$OS_ADMIN_PASSWORD OS_AUTH_URL=$OS_AUTH_URL keystone role-delete $CW_SUPPORT
|
||||
}
|
||||
|
||||
if [ "$CLEANUP" = "true" ]
|
||||
|
|
|
|||
Loading…
Reference in New Issue