log.info('creating test user..')
user = multisite.User('rgw-multisite-test-user')
user.create(master_zone, ['--display-name', 'Multisite Test User',
- '--gen-access-key', '--gen-secret'])
+ '--gen-access-key', '--gen-secret', '--caps', 'roles=*'])
config = self.config.get('config', {})
tests.init_multi(realm, user, tests.Config(**config))
import boto
import boto.s3.connection
-
+import boto.iam.connection
def get_gateway_connection(gateway, credentials):
""" connect to the given gateway """
validate_certs=False,
calling_format = boto.s3.connection.OrdinaryCallingFormat())
return gateway.secure_connection
+
+def get_gateway_iam_connection(gateway, credentials):
+ """ connect to iam api of the given gateway """
+ if gateway.iam_connection is None:
+ gateway.iam_connection = boto.connect_iam(
+ aws_access_key_id = credentials.access_key,
+ aws_secret_access_key = credentials.secret,
+ host = gateway.host,
+ port = gateway.port,
+ is_secure = False)
+ return gateway.iam_connection
import json
-from .conn import get_gateway_connection, get_gateway_secure_connection
+from .conn import get_gateway_connection, get_gateway_iam_connection, get_gateway_secure_connection
class Cluster:
""" interface to run commands against a distinct ceph cluster """
self.connection = None
self.secure_connection = None
self.ssl_port = ssl_port
+ self.iam_connection = None
@abstractmethod
def start(self, args = []):
if self.zone.gateways is not None:
self.conn = get_gateway_connection(self.zone.gateways[0], self.credentials)
self.secure_conn = get_gateway_secure_connection(self.zone.gateways[0], self.credentials)
+
+ self.iam_conn = get_gateway_iam_connection(self.zone.gateways[0], self.credentials)
+
# create connections for the rest of the gateways (if exist)
for gw in list(self.zone.gateways):
get_gateway_connection(gw, self.credentials)
get_gateway_secure_connection(gw, self.credentials)
+ get_gateway_iam_connection(gw, self.credentials)
+
def get_connection(self):
return self.conn
+ def get_iam_connection(self):
+ return self.iam_conn
+
def get_bucket(self, bucket_name, credentials):
raise NotImplementedError
num_buckets = 0
run_prefix=''.join(random.choice(string.ascii_lowercase) for _ in range(6))
+num_roles = 0
+
def get_zone_connection(zone, credentials):
""" connect to the zone's first gateway """
if isinstance(credentials, list):
num_buckets += 1
return run_prefix + '-' + str(num_buckets)
+def gen_role_name():
+ global num_roles
+
+ num_roles += 1
+ return "roles" + '-' + run_prefix + '-' + str(num_roles)
+
class ZonegroupConns:
def __init__(self, zonegroup):
self.zonegroup = zonegroup
self.ro_zones = []
self.rw_zones = []
self.master_zone = None
+
for z in zonegroup.zones:
zone_conn = z.get_conn(user.credentials)
self.zones.append(zone_conn)
return True
+def create_role_per_zone(zonegroup_conns, roles_per_zone = 1):
+ roles = []
+ zone_role = []
+ for zone in zonegroup_conns.rw_zones:
+ for i in range(roles_per_zone):
+ role_name = gen_role_name()
+ policy_document = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam:::user/testuser\"]},\"Action\":[\"sts:AssumeRole\"]}]}"
+ role = zone.create_role("", role_name, policy_document, "")
+ roles.append(role_name)
+ zone_role.append((zone, role))
+
+ return roles, zone_role
+
def create_bucket_per_zone(zonegroup_conns, buckets_per_zone = 1):
buckets = []
zone_bucket = []
if zone_conn2.zone.has_buckets():
zone_conn2.check_bucket_eq(zone_conn1, bucket.name)
+def check_role_eq(zone_conn1, zone_conn2, role):
+ zone_conn2.check_role_eq(zone_conn1, role['create_role_response']['create_role_result']['role']['role_name'])
+
def test_object_sync():
zonegroup = realm.master_zonegroup()
zonegroup_conns = ZonegroupConns(zonegroup)
secondary.zone.start()
zonegroup_bucket_checkpoint(zonegroup_conns, bucket.name)
+
+def test_role_sync():
+ zonegroup = realm.master_zonegroup()
+ zonegroup_conns = ZonegroupConns(zonegroup)
+ roles, zone_role = create_role_per_zone(zonegroup_conns)
+
+ zonegroup_meta_checkpoint(zonegroup)
+
+ for source_conn, role in zone_role:
+ for target_conn in zonegroup_conns.zones:
+ if source_conn.zone == target_conn.zone:
+ continue
+
+ check_role_eq(source_conn, target_conn, role)
return True
+ def create_role(self, path, rolename, policy_document, tag_list):
+ assert False
+
def get_conn(self, credentials):
return self.Conn(self, credentials)
return True
+ def create_role(self, path, rolename, policy_document, tag_list):
+ assert False
+
def get_conn(self, credentials):
return self.Conn(self, credentials)
return True
+ def get_role(self, role_name):
+ return self.iam_conn.get_role(role_name)
+
+ def check_role_eq(self, zone_conn, role_name):
+ log.info('comparing role=%s zones={%s, %s}', role_name, self.name, zone_conn.name)
+ r1 = self.get_role(role_name)
+ r2 = zone_conn.get_role(role_name)
+
+ assert r1
+ assert r2
+ log.debug('comparing role name=%s', r1['get_role_response']['get_role_result']['role']['role_name'])
+ eq(r1['get_role_response']['get_role_result']['role']['role_name'], r2['get_role_response']['get_role_result']['role']['role_name'])
+ eq(r1['get_role_response']['get_role_result']['role']['role_id'], r2['get_role_response']['get_role_result']['role']['role_id'])
+ eq(r1['get_role_response']['get_role_result']['role']['path'], r2['get_role_response']['get_role_result']['role']['path'])
+ eq(r1['get_role_response']['get_role_result']['role']['arn'], r2['get_role_response']['get_role_result']['role']['arn'])
+ eq(r1['get_role_response']['get_role_result']['role']['max_session_duration'], r2['get_role_response']['get_role_result']['role']['max_session_duration'])
+ eq(r1['get_role_response']['get_role_result']['role']['assume_role_policy_document'], r2['get_role_response']['get_role_result']['role']['assume_role_policy_document'])
+
+ log.info('success, role identical: role=%s zones={%s, %s}', role_name, self.name, zone_conn.name)
+
+ return True
+
+ def create_role(self, path, rolename, policy_document, tag_list):
+ return self.iam_conn.create_role(rolename, policy_document, path)
+
def get_conn(self, credentials):
return self.Conn(self, credentials)
arg += admin_creds.credential_args()
admin_user.create(zone, arg)
# create test user
- arg = ['--display-name', '"Test User"']
+ arg = ['--display-name', '"Test User"', '--caps', 'roles=*']
arg += user_creds.credential_args()
user.create(zone, arg)
else:
projects / ceph.git / commitdiff