Revision 45f75526 test/py/cmdlib/cluster_unittest.py
| b/test/py/cmdlib/cluster_unittest.py | ||
|---|---|---|
| 1085 | 1085 |
self.ExecOpCode(op) |
| 1086 | 1086 |
|
| 1087 | 1087 |
|
| 1088 |
class TestLUClusterVerifyClientCerts(CmdlibTestCase): |
|
| 1089 |
|
|
| 1090 |
def _AddNormalNode(self): |
|
| 1091 |
self.normalnode = copy.deepcopy(self.master) |
|
| 1092 |
self.normalnode.master_candidate = False |
|
| 1093 |
self.normalnode.uuid = "normal-node-uuid" |
|
| 1094 |
self.cfg.AddNode(self.normalnode, None) |
|
| 1095 |
|
|
| 1096 |
def testVerifyMasterCandidate(self): |
|
| 1097 |
client_cert = "client-cert-digest" |
|
| 1098 |
self.cluster.candidate_certs = {self.master.uuid: client_cert}
|
|
| 1099 |
self.rpc.call_node_verify.return_value = \ |
|
| 1100 |
RpcResultsBuilder() \ |
|
| 1101 |
.AddSuccessfulNode(self.master, |
|
| 1102 |
{constants.NV_CLIENT_CERT: (None, client_cert)}) \
|
|
| 1103 |
.Build() |
|
| 1104 |
op = opcodes.OpClusterVerifyGroup(group_name="default", verbose=True) |
|
| 1105 |
self.ExecOpCode(op) |
|
| 1106 |
|
|
| 1107 |
def testVerifyMasterCandidateInvalid(self): |
|
| 1108 |
client_cert = "client-cert-digest" |
|
| 1109 |
self.cluster.candidate_certs = {self.master.uuid: client_cert}
|
|
| 1110 |
self.rpc.call_node_verify.return_value = \ |
|
| 1111 |
RpcResultsBuilder() \ |
|
| 1112 |
.AddSuccessfulNode(self.master, |
|
| 1113 |
{constants.NV_CLIENT_CERT: (666, "Invalid Certificate")}) \
|
|
| 1114 |
.Build() |
|
| 1115 |
op = opcodes.OpClusterVerifyGroup(group_name="default", verbose=True) |
|
| 1116 |
self.ExecOpCode(op) |
|
| 1117 |
self.mcpu.assertLogContainsRegex("Client certificate")
|
|
| 1118 |
self.mcpu.assertLogContainsRegex("failed validation")
|
|
| 1119 |
|
|
| 1120 |
def testVerifyNoMasterCandidateMap(self): |
|
| 1121 |
client_cert = "client-cert-digest" |
|
| 1122 |
self.cluster.candidate_certs = {}
|
|
| 1123 |
self.rpc.call_node_verify.return_value = \ |
|
| 1124 |
RpcResultsBuilder() \ |
|
| 1125 |
.AddSuccessfulNode(self.master, |
|
| 1126 |
{constants.NV_CLIENT_CERT: (None, client_cert)}) \
|
|
| 1127 |
.Build() |
|
| 1128 |
op = opcodes.OpClusterVerifyGroup(group_name="default", verbose=True) |
|
| 1129 |
self.ExecOpCode(op) |
|
| 1130 |
self.mcpu.assertLogContainsRegex( |
|
| 1131 |
"list of master candidate certificates is empty") |
|
| 1132 |
|
|
| 1133 |
def testVerifyNoSharingMasterCandidates(self): |
|
| 1134 |
client_cert = "client-cert-digest" |
|
| 1135 |
self.cluster.candidate_certs = {
|
|
| 1136 |
self.master.uuid: client_cert, |
|
| 1137 |
"some-other-master-candidate-uuid": client_cert} |
|
| 1138 |
self.rpc.call_node_verify.return_value = \ |
|
| 1139 |
RpcResultsBuilder() \ |
|
| 1140 |
.AddSuccessfulNode(self.master, |
|
| 1141 |
{constants.NV_CLIENT_CERT: (None, client_cert)}) \
|
|
| 1142 |
.Build() |
|
| 1143 |
op = opcodes.OpClusterVerifyGroup(group_name="default", verbose=True) |
|
| 1144 |
self.ExecOpCode(op) |
|
| 1145 |
self.mcpu.assertLogContainsRegex( |
|
| 1146 |
"two master candidates configured to use the same") |
|
| 1147 |
|
|
| 1148 |
def testVerifyMasterCandidateCertMismatch(self): |
|
| 1149 |
client_cert = "client-cert-digest" |
|
| 1150 |
self.cluster.candidate_certs = {self.master.uuid: "different-cert-digest"}
|
|
| 1151 |
self.rpc.call_node_verify.return_value = \ |
|
| 1152 |
RpcResultsBuilder() \ |
|
| 1153 |
.AddSuccessfulNode(self.master, |
|
| 1154 |
{constants.NV_CLIENT_CERT: (None, client_cert)}) \
|
|
| 1155 |
.Build() |
|
| 1156 |
op = opcodes.OpClusterVerifyGroup(group_name="default", verbose=True) |
|
| 1157 |
self.ExecOpCode(op) |
|
| 1158 |
self.mcpu.assertLogContainsRegex("does not match its entry")
|
|
| 1159 |
|
|
| 1160 |
def testVerifyMasterCandidateUnregistered(self): |
|
| 1161 |
client_cert = "client-cert-digest" |
|
| 1162 |
self.cluster.candidate_certs = {"other-node-uuid": "different-cert-digest"}
|
|
| 1163 |
self.rpc.call_node_verify.return_value = \ |
|
| 1164 |
RpcResultsBuilder() \ |
|
| 1165 |
.AddSuccessfulNode(self.master, |
|
| 1166 |
{constants.NV_CLIENT_CERT: (None, client_cert)}) \
|
|
| 1167 |
.Build() |
|
| 1168 |
op = opcodes.OpClusterVerifyGroup(group_name="default", verbose=True) |
|
| 1169 |
self.ExecOpCode(op) |
|
| 1170 |
self.mcpu.assertLogContainsRegex("does not have an entry")
|
|
| 1171 |
|
|
| 1172 |
def testVerifyMasterCandidateOtherNodesCert(self): |
|
| 1173 |
client_cert = "client-cert-digest" |
|
| 1174 |
self.cluster.candidate_certs = {"other-node-uuid": client_cert}
|
|
| 1175 |
self.rpc.call_node_verify.return_value = \ |
|
| 1176 |
RpcResultsBuilder() \ |
|
| 1177 |
.AddSuccessfulNode(self.master, |
|
| 1178 |
{constants.NV_CLIENT_CERT: (None, client_cert)}) \
|
|
| 1179 |
.Build() |
|
| 1180 |
op = opcodes.OpClusterVerifyGroup(group_name="default", verbose=True) |
|
| 1181 |
self.ExecOpCode(op) |
|
| 1182 |
self.mcpu.assertLogContainsRegex("using a certificate of another node")
|
|
| 1183 |
|
|
| 1184 |
def testNormalNodeStillInList(self): |
|
| 1185 |
self._AddNormalNode() |
|
| 1186 |
client_cert_master = "client-cert-digest-master" |
|
| 1187 |
client_cert_normal = "client-cert-digest-normal" |
|
| 1188 |
self.cluster.candidate_certs = {
|
|
| 1189 |
self.normalnode.uuid: client_cert_normal, |
|
| 1190 |
self.master.uuid: client_cert_master} |
|
| 1191 |
self.rpc.call_node_verify.return_value = \ |
|
| 1192 |
RpcResultsBuilder() \ |
|
| 1193 |
.AddSuccessfulNode(self.normalnode, |
|
| 1194 |
{constants.NV_CLIENT_CERT: (None, client_cert_normal)}) \
|
|
| 1195 |
.AddSuccessfulNode(self.master, |
|
| 1196 |
{constants.NV_CLIENT_CERT: (None, client_cert_master)}) \
|
|
| 1197 |
.Build() |
|
| 1198 |
op = opcodes.OpClusterVerifyGroup(group_name="default", verbose=True) |
|
| 1199 |
self.ExecOpCode(op) |
|
| 1200 |
self.mcpu.assertLogContainsRegex("not a master candidate")
|
|
| 1201 |
self.mcpu.assertLogContainsRegex("still listed")
|
|
| 1202 |
|
|
| 1203 |
def testNormalNodeStealingMasterCandidateCert(self): |
|
| 1204 |
self._AddNormalNode() |
|
| 1205 |
client_cert_master = "client-cert-digest-master" |
|
| 1206 |
self.cluster.candidate_certs = {
|
|
| 1207 |
self.master.uuid: client_cert_master} |
|
| 1208 |
self.rpc.call_node_verify.return_value = \ |
|
| 1209 |
RpcResultsBuilder() \ |
|
| 1210 |
.AddSuccessfulNode(self.normalnode, |
|
| 1211 |
{constants.NV_CLIENT_CERT: (None, client_cert_master)}) \
|
|
| 1212 |
.AddSuccessfulNode(self.master, |
|
| 1213 |
{constants.NV_CLIENT_CERT: (None, client_cert_master)}) \
|
|
| 1214 |
.Build() |
|
| 1215 |
op = opcodes.OpClusterVerifyGroup(group_name="default", verbose=True) |
|
| 1216 |
self.ExecOpCode(op) |
|
| 1217 |
self.mcpu.assertLogContainsRegex("not a master candidate")
|
|
| 1218 |
self.mcpu.assertLogContainsRegex( |
|
| 1219 |
"certificate of another node which is master candidate") |
|
| 1220 |
|
|
| 1221 |
|
|
| 1222 | 1088 |
class TestLUClusterVerifyGroupMethods(CmdlibTestCase): |
| 1223 | 1089 |
"""Base class for testing individual methods in LUClusterVerifyGroup. |
| 1224 | 1090 |
|
Also available in: Unified diff