From: Casey Bodley Date: Wed, 10 Dec 2025 16:05:57 +0000 (-0500) Subject: qa/rgw: add test_account_migration workunit X-Git-Tag: testing/wip-vshankar-testing-20260213.071255~12^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=3f635e12ab9ad391113109134d25d89845115b99;p=ceph-ci.git qa/rgw: add test_account_migration workunit Signed-off-by: Casey Bodley --- diff --git a/qa/suites/rgw/singleton/all/radosgw-admin.yaml b/qa/suites/rgw/singleton/all/radosgw-admin.yaml index 010a0647c66..f4042134a56 100644 --- a/qa/suites/rgw/singleton/all/radosgw-admin.yaml +++ b/qa/suites/rgw/singleton/all/radosgw-admin.yaml @@ -7,6 +7,9 @@ openstack: size: 10 # GB tasks: - install: + extra_system_packages: + deb: ['jq', 'python3'] + rpm: ['jq', 'python'] - ceph: conf: client: @@ -17,5 +20,9 @@ tasks: debug objclass : 20 - rgw: client.0: +- workunit: + clients: + client.0: + - rgw/test_account_migration.sh - radosgw-admin: - radosgw-admin-rest: diff --git a/qa/workunits/rgw/test_account_migration.sh b/qa/workunits/rgw/test_account_migration.sh new file mode 100755 index 00000000000..c88dcd26540 --- /dev/null +++ b/qa/workunits/rgw/test_account_migration.sh @@ -0,0 +1,59 @@ +#!/bin/bash +# +# To run this test script with a cluster created via vstart.sh: +# $PATH needs to be set for radosgw-admin executables. +# $AWS_ENDPOINT_URL needs to be set to the endpoint of the RGW +# +# Example when ceph source is cloned into $HOME and a vstart cluster is already running with a radosgw: +# $ PATH=~/ceph/build/bin/:$PATH AWS_ENDPOINT_URL=http://localhost:8000 ~/ceph/qa/workunits/rgw/test_account_migration.sh +# + +set -ex + +# determine radosgw endpoint if not specified +if [ -z ${AWS_ENDPOINT_URL} ] +then + # in teuthology, the rgw task stores the radosgw endpoint in ${TESTDIR}/url_file + url=$(cat ${TESTDIR}/url_file) + export AWS_ENDPOINT_URL=$url +fi + +# install awscli with pip +python3 -m venv account-migration-virtualenv +source account-migration-virtualenv/bin/activate +pip install --upgrade pip awscli + +# create a test user +userinfo=$(radosgw-admin user create --uid test-account-migration \ + --display-name "MigratedUser" \ + --email accountmigration@example.com) +export AWS_ACCESS_KEY_ID=$(echo $userinfo | jq -r .keys[0].access_key) +export AWS_SECRET_ACCESS_KEY=$(echo $userinfo | jq -r .keys[0].secret_key) + +# create a bucket and upload an object +aws s3 mb s3://testmigrate +aws s3api put-object --bucket testmigrate --key obj + +# create an account and migrate the user as account root +accountid=$(radosgw-admin account create | jq -r .id) +radosgw-admin user modify --uid test-account-migration --account-root --account-id=$accountid + +# verify the migrated user still has access +aws s3api head-object --bucket testmigrate --key obj + +# replace account-root flag with managed policy +aws iam attach-user-policy --region us-east-1 --user-name MigratedUser \ + --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess +radosgw-admin user modify --uid test-account-migration --account-root=0 + +# verify the migrated user still has access +aws s3api head-object --bucket testmigrate --key obj + +# clean up +radosgw-admin bucket rm --bucket testmigrate --purge-objects +radosgw-admin user rm --uid test-account-migration +radosgw-admin account rm --account-id=$accountid +deactivate +rm -rf account-migration-virtualenv + +exit 0