Add LDAP test with authentication and authorization
Change-Id: Ic5605439a94779e11eec21057c4a8581b6ec6198
This commit is contained in:
Igor Degtiarov
parent
98bedc5de3
commit
656bf00b14
@ -44,6 +44,49 @@ class TestToolchainLDAP(api.ToolchainApi):
|
||||
|
||||
Duration 120m
|
||||
"""
|
||||
self._create_ldap_toolchain()
|
||||
|
||||
self.env.make_snapshot("deploy_toolchain_with_ldap", is_make=True)
|
||||
|
||||
@test(depends_on_groups=['prepare_slaves_3'],
|
||||
groups=["ldap", "deploy_toolchain_with_ldap_authz", "toolchain",
|
||||
"deploy"])
|
||||
@log_snapshot_after_test
|
||||
def deploy_toolchain_with_ldap_authz(self):
|
||||
"""Install the LMA Toolchain plugins with LDAP integration for
|
||||
authentication and authorization
|
||||
|
||||
Scenario:
|
||||
1. Upload the LMA Toolchain plugins to the master node
|
||||
2. Install the plugins
|
||||
3. Create the cluster
|
||||
4. Enable and configure LDAP for plugin authentication and
|
||||
authorization
|
||||
5. Deploy the cluster
|
||||
6. Upload install_slapd.sh script on controller node
|
||||
7. On controller node open the firewall for ports 389 and 636
|
||||
8. Install and configure the LDAP server
|
||||
9. Check that LMA Toolchain plugins are running
|
||||
10. Check plugins are available with LDAP for authentication and
|
||||
authorization
|
||||
|
||||
Duration 120m
|
||||
"""
|
||||
self._create_ldap_toolchain(authz=True)
|
||||
|
||||
self.env.make_snapshot("deploy_toolchain_with_ldap_authz",
|
||||
is_make=True)
|
||||
|
||||
def _create_ldap_toolchain(self, authz=False, protocol='ldap'):
|
||||
"""Create generic toolchain for LDAP test
|
||||
|
||||
:param authz: configures LDAP server for plugin authorisation and adds
|
||||
authorisation checking
|
||||
:type authz: boolean
|
||||
:param protocol: configures LDAP or LDAPS protocol to be used on LDAP
|
||||
server
|
||||
:type protocol: str
|
||||
"""
|
||||
fuel_web = self.helpers.fuel_web
|
||||
|
||||
self.env.revert_snapshot("ready_with_3_slaves")
|
||||
@ -68,9 +111,11 @@ class TestToolchainLDAP(api.ToolchainApi):
|
||||
role_status='pending_roles')[0]['hostname']
|
||||
|
||||
for name, plugin in plugins_ldap.iteritems():
|
||||
self._activate_ldap_plugin(plugin[0], plugin[1], name, ldap_server)
|
||||
self._activate_ldap_plugin(plugin[0], plugin[1], name, ldap_server,
|
||||
authz=authz, protocol=protocol)
|
||||
|
||||
self.helpers.deploy_cluster(self.settings.base_nodes)
|
||||
|
||||
ldap_node = fuel_web.get_nailgun_cluster_nodes_by_roles(
|
||||
self.helpers.cluster_id, roles=["controller", ])[0]
|
||||
|
||||
@ -88,7 +133,7 @@ class TestToolchainLDAP(api.ToolchainApi):
|
||||
self.check_plugins_online()
|
||||
|
||||
for plugin in plugins_ldap.values():
|
||||
plugin[0].check_plugin_ldap()
|
||||
plugin[0].check_plugin_ldap(authz=authz)
|
||||
|
||||
self.env.make_snapshot("deploy_toolchain_with_ldap", is_make=True)
|
||||
|
||||
@ -117,4 +162,28 @@ class TestToolchainLDAP(api.ToolchainApi):
|
||||
if name in ["elasticsearch_kibana", "lma_infrastructure_alerting"]:
|
||||
options.update({"ldap_user_attribute/value": "uid"})
|
||||
|
||||
if authz:
|
||||
options.update({
|
||||
"ldap_authorization_enabled/value": True,
|
||||
})
|
||||
if name in ["elasticsearch_kibana", "lma_infrastructure_alerting"]:
|
||||
options.update({
|
||||
"ldap_admin_group_dn/value":
|
||||
"cn=plugin_admins,ou=groups,dc=stacklight,dc=ci"
|
||||
})
|
||||
if name == "elasticsearch_kibana":
|
||||
options.update({
|
||||
"ldap_viewer_group_dn/value":
|
||||
"cn=plugin_viewers,ou=groups,dc=stacklight,dc=ci"
|
||||
})
|
||||
else:
|
||||
options.update({
|
||||
"ldap_group_search_base_dns/value":
|
||||
"ou=groups,dc=stacklight,dc=ci",
|
||||
"ldap_group_search_filter/value":
|
||||
"(&(objectClass=posixGroup)(memberUid=%s)",
|
||||
"ldap_admin_group_dn/value": "plugin_admins",
|
||||
"ldap_viewer_group_dn/value": "plugin_viewers"
|
||||
})
|
||||
|
||||
plugin.activate_plugin(options=options)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user