diff --git a/stacklight_tests/toolchain/test_ldap_plugins.py b/stacklight_tests/toolchain/test_ldap_plugins.py index f26e252..033ee67 100644 --- a/stacklight_tests/toolchain/test_ldap_plugins.py +++ b/stacklight_tests/toolchain/test_ldap_plugins.py @@ -44,6 +44,49 @@ class TestToolchainLDAP(api.ToolchainApi): Duration 120m """ + self._create_ldap_toolchain() + + self.env.make_snapshot("deploy_toolchain_with_ldap", is_make=True) + + @test(depends_on_groups=['prepare_slaves_3'], + groups=["ldap", "deploy_toolchain_with_ldap_authz", "toolchain", + "deploy"]) + @log_snapshot_after_test + def deploy_toolchain_with_ldap_authz(self): + """Install the LMA Toolchain plugins with LDAP integration for + authentication and authorization + + Scenario: + 1. Upload the LMA Toolchain plugins to the master node + 2. Install the plugins + 3. Create the cluster + 4. Enable and configure LDAP for plugin authentication and + authorization + 5. Deploy the cluster + 6. Upload install_slapd.sh script on controller node + 7. On controller node open the firewall for ports 389 and 636 + 8. Install and configure the LDAP server + 9. Check that LMA Toolchain plugins are running + 10. Check plugins are available with LDAP for authentication and + authorization + + Duration 120m + """ + self._create_ldap_toolchain(authz=True) + + self.env.make_snapshot("deploy_toolchain_with_ldap_authz", + is_make=True) + + def _create_ldap_toolchain(self, authz=False, protocol='ldap'): + """Create generic toolchain for LDAP test + + :param authz: configures LDAP server for plugin authorisation and adds + authorisation checking + :type authz: boolean + :param protocol: configures LDAP or LDAPS protocol to be used on LDAP + server + :type protocol: str + """ fuel_web = self.helpers.fuel_web self.env.revert_snapshot("ready_with_3_slaves") @@ -68,9 +111,11 @@ class TestToolchainLDAP(api.ToolchainApi): role_status='pending_roles')[0]['hostname'] for name, plugin in plugins_ldap.iteritems(): - self._activate_ldap_plugin(plugin[0], plugin[1], name, ldap_server) + self._activate_ldap_plugin(plugin[0], plugin[1], name, ldap_server, + authz=authz, protocol=protocol) self.helpers.deploy_cluster(self.settings.base_nodes) + ldap_node = fuel_web.get_nailgun_cluster_nodes_by_roles( self.helpers.cluster_id, roles=["controller", ])[0] @@ -88,7 +133,7 @@ class TestToolchainLDAP(api.ToolchainApi): self.check_plugins_online() for plugin in plugins_ldap.values(): - plugin[0].check_plugin_ldap() + plugin[0].check_plugin_ldap(authz=authz) self.env.make_snapshot("deploy_toolchain_with_ldap", is_make=True) @@ -117,4 +162,28 @@ class TestToolchainLDAP(api.ToolchainApi): if name in ["elasticsearch_kibana", "lma_infrastructure_alerting"]: options.update({"ldap_user_attribute/value": "uid"}) + if authz: + options.update({ + "ldap_authorization_enabled/value": True, + }) + if name in ["elasticsearch_kibana", "lma_infrastructure_alerting"]: + options.update({ + "ldap_admin_group_dn/value": + "cn=plugin_admins,ou=groups,dc=stacklight,dc=ci" + }) + if name == "elasticsearch_kibana": + options.update({ + "ldap_viewer_group_dn/value": + "cn=plugin_viewers,ou=groups,dc=stacklight,dc=ci" + }) + else: + options.update({ + "ldap_group_search_base_dns/value": + "ou=groups,dc=stacklight,dc=ci", + "ldap_group_search_filter/value": + "(&(objectClass=posixGroup)(memberUid=%s)", + "ldap_admin_group_dn/value": "plugin_admins", + "ldap_viewer_group_dn/value": "plugin_viewers" + }) + plugin.activate_plugin(options=options)