2 # Copyright 2017 RIFT.IO Inc
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
23 import rift
.auto
.session
26 gi
.require_version('RwAuthExtWebSvcYang', '1.0')
27 gi
.require_version('RwAuthExtUserYang', '1.0')
28 from gi
.repository
import (
33 @pytest.fixture(scope
='session')
35 """Fixture that returns path of certs specific to automation"""
36 return os
.path
.join(os
.getenv('RIFT_INSTALL'), 'usr/rift/systemtest/config/ssl')
38 @pytest.fixture(scope
='session')
39 def set_webauth_cert_choice(tbac
):
40 """Fixture that retuns a boolean value indicating whether to configure new key & cert in launchpad"""
43 # return random.choice([True, False])
46 @pytest.fixture(scope
='session', autouse
=True)
47 def configure_key_cert(logger
, set_webauth_cert_choice
, auto_certs_dir
, mgmt_session
, confd_host
, rw_user_proxy
,
49 """Configures new cert, key in webauth-server-config, webauth-client-config"""
50 if set_webauth_cert_choice
:
51 logger
.debug('Configuring new certs from this path: {}'.format(auto_certs_dir
))
52 print('Configuring new certs from this path: {}'.format(auto_certs_dir
))
56 cert_path
= os
.path
.join(auto_certs_dir
, 'rift_auto.crt')
57 key_path
= os
.path
.join(auto_certs_dir
, 'rift_auto.key')
59 server_ssl_config_xpath
= '/rw-auth-ext-web-svc:webauth-server-config/rw-auth-ext-web-svc:ssl-config'
60 client_config_xpath
= '/rw-auth-ext-user:webauth-client-config'
61 webauth_server_proxy
= mgmt_session
.proxy(RwAuthExtWebSvcYang
)
62 webauth_client_proxy
= mgmt_session
.proxy(RwAuthExtUserYang
)
64 def configure_webauth_server():
65 logger
.debug('configuring the webauth-server')
66 webauth_server_obj
= RwAuthExtWebSvcYang
.YangData_RwAuthExtWebSvc_WebauthServerConfig_SslConfig
.from_dict(
67 {'server_cert_path': cert_path
, 'server_key_path': key_path
})
68 webauth_server_proxy
.replace_config(server_ssl_config_xpath
, webauth_server_obj
)
70 def configure_webauth_client():
71 logger
.debug('configuring the webauth-client')
72 webauth_client_obj
= RwAuthExtUserYang
.YangData_RwAuthExtUser_WebauthClientConfig
.from_dict(
73 {'ca_cert_path': cert_path
})
74 webauth_client_proxy
.merge_config(client_config_xpath
, webauth_client_obj
)
76 # Check if its running after launchpad reload; if so skip configuring the certs again (RIFT-17641)
77 server_ssl_config
= webauth_server_proxy
.get_config(server_ssl_config_xpath
)
78 if server_ssl_config
.server_cert_path
!= cert_path
:
79 user
, password
= ['demo']*2
80 logger
.debug('Adding an external user {}'.format(user
))
81 rift
.auto
.mano
.create_user(rw_user_proxy
, user
, password
, user_domain
)
83 # Shuffling the function calls for server and client configuration
84 list_func
= [configure_webauth_server
, configure_webauth_client
]
85 random
.shuffle(list_func
)
87 # configuring either of the server or client
90 # Try getting access token for an external user; it should fail
91 with pytest
.raises(Exception,
92 message
='Should not be able to get access token for user {} as certs are not yet configured for both server and client'.format(
94 logger
.debug('Trying to get access token for user {}'.format(user
))
95 access_token
= rift
.auto
.session
.get_access_token(user
, password
, confd_host
)
96 logger
.debug('Access token for user {}: {}'.format(user
, access_token
))
100 # Try getting access token for an external user; it should pass now
101 rift
.auto
.session
.get_access_token(user
, password
, confd_host
)
103 # RIFT-17641: Delete user 'demo'
104 rift
.auto
.mano
.delete_user(rw_user_proxy
, user
, user_domain
)
106 @pytest.fixture(scope
='session')
107 def all_roles_combinations(all_roles
):
108 """Returns a combination of all roles except single combinations i.e if there are a total of N roles, then it
109 returns (2^N-1)-N role combinations.
110 Here, we have 11 roles, so it returns 2047-11=2036 combinations"""
111 all_roles_combinations_
= list()
112 for set_length
in range(2, len(all_roles
)+1):
113 for roles_combination
in itertools
.combinations(all_roles
, set_length
):
114 all_roles_combinations_
.append(roles_combination
)
115 return tuple(all_roles_combinations_
)