Skip to content

Added configuration and Integration test to restrict public template … #4774

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nvazquez merged 16 commits into from
Apr 22, 2022
Merged

Added configuration and Integration test to restrict public template … #4774

Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
e94c1e2
Added configuration and Integration test to restrict public template …
Mar 8, 2021
b601a1b
Move settings to domain.
Mar 16, 2021
acfcd7e
Updated integration test.
Sep 28, 2021
d9a6f7a
Changed Config key's name and description.
Oct 5, 2021
a9489bf
Justified the variable names and removed white spaces.
Oct 5, 2021
287653d
Added configuration and Integration test to restrict public template …
Mar 8, 2021
b689705
Move settings to domain.
Mar 16, 2021
309c40c
Changed Config key's name and description.
Oct 5, 2021
eb9ba64
Justified the variable names and removed white spaces.
Oct 5, 2021
1af0697
Moved configuration to domain scope.
Feb 18, 2022
a5116cb
Added integration test to travis.
Feb 18, 2022
08bb47b
Updated the configuration's name and description.
Feb 22, 2022
8ccaa2b
Extracted public template check to a separate method.
Mar 14, 2022
f376839
Fixed rebase issue.
Mar 24, 2022
2cb997c
Apply tear down changes.
Apr 5, 2022
4711e57
Update .travis.yml to remove the component test
weizhouapache Apr 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Updated integration test.
  • Loading branch information
Sina Kashipazha committed Mar 24, 2022
commit acfcd7eefcc474d43743be770a7cc1352a9029ca
109 changes: 72 additions & 37 deletions test/integration/component/test_template_access_across_domains.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,10 @@
# Import Local Modules
from nose.plugins.attrib import attr
from marvin.cloudstackTestCase import cloudstackTestCase, unittest
from marvin.cloudstackAPI import listZones, deleteTemplate, updateConfiguration
from marvin.cloudstackAPI import (listZones,
deleteTemplate,
listConfigurations,
updateConfiguration)
from marvin.lib.utils import (cleanup_resources)
from marvin.lib.base import (Account,
Domain,
Expand Down Expand Up @@ -62,39 +65,45 @@ def setUpClass(cls):
cls.apiclient,
services=cls.services["acl"]["domain1"],
parentdomainid=cls.domain.id)
cls._cleanup.append(cls.domain1)

# Create account1
cls.account1 = Account.create(
cls.apiclient,
cls.services["acl"]["accountD1"],
domainid=cls.domain1.id
)
cls._cleanup.append(cls.account1)

# Create new sub-domain
cls.sub_domain = Domain.create(
cls.apiclient,
services=cls.services["acl"]["domain11"],
parentdomainid=cls.domain1.id)
cls._cleanup.append(cls.sub_domain)

# Create account for sub-domain
cls.sub_account = Account.create(
cls.apiclient,
cls.services["acl"]["accountD11"],
domainid=cls.sub_domain.id
)
cls._cleanup.append(cls.sub_account)

# Create new domain2
cls.domain2 = Domain.create(
cls.apiclient,
services=cls.services["acl"]["domain2"],
parentdomainid=cls.domain.id)
cls._cleanup.append(cls.domain2)

# Create account2
cls.account2 = Account.create(
cls.apiclient,
cls.services["acl"]["accountD2"],
domainid=cls.domain2.id
)
cls._cleanup.append(cls.account2)

cls.service_offering = ServiceOffering.create(
cls.apiclient,
Expand All @@ -108,54 +117,57 @@ def setUpClass(cls):
zoneid=cls.zone.id,
domainid=cls.domain.id,
hypervisor=cls.hypervisor.lower())
cls.root_template.download(cls.apiclient)
cls._cleanup.append(cls.root_template)
cls.services["test_templates"]["kvm"]["name"] = cls.account1.name
cls.template1 = Template.register(cls.apiclient,
cls.services["test_templates"]["kvm"],
zoneid=cls.zone.id,
account=cls.account1.name,
domainid=cls.domain1.id,
hypervisor=cls.hypervisor.lower())
cls.template1.download(cls.apiclient)
cls._cleanup.append(cls.template1)
cls.services["test_templates"]["kvm"]["name"] = cls.sub_account.name
cls.sub_template = Template.register(cls.apiclient,
cls.services["test_templates"]["kvm"],
zoneid=cls.zone.id,
account=cls.sub_account.name,
domainid=cls.sub_domain.id,
hypervisor=cls.hypervisor.lower())
cls.services["test_templates"]["kvm"]["name"] = cls.account2.name
cls.sub_template.download(cls.apiclient)
cls._cleanup.append(cls.sub_template)
cls.template2 = Template.register(cls.apiclient,
cls.services["test_templates"]["kvm"],
zoneid=cls.zone.id,
account=cls.account2.name,
domainid=cls.domain2.id,
hypervisor=cls.hypervisor.lower())

cls._cleanup.append(cls.root_template)
cls._cleanup.append(cls.template1)
cls.template2.download(cls.apiclient)
cls._cleanup.append(cls.template2)
cls._cleanup.append(cls.sub_template)
else:
return

cls._cleanup.append(cls.account1)
cls._cleanup.append(cls.account2)
cls._cleanup.append(cls.sub_account)
cls._cleanup.append(cls.sub_domain)
cls._cleanup.append(cls.domain1)
cls._cleanup.append(cls.domain2)

@classmethod
def tearDownClass(cls):
try:
cls.apiclient = super(
TestTemplateAccessAcrossDomains,
cls).getClsTestClient().getApiClient()
# Cleanup resources used
cleanup_resources(cls.apiclient, cls._cleanup)
super(TestTemplateAccessAcrossDomains, cls).tearDownClass()

def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.domain1_config = self.get_restrict_template_configuration(self.domain1.id)
self.domain2_config = self.get_restrict_template_configuration(self.domain2.id)
self.sub_domain_config = self.get_restrict_template_configuration(self.sub_domain.id)
self.cleanup = []
return

def tearDown(self):
try:
self.update_restrict_template_configuration(self.domain1.id, self.domain1_config)
self.update_restrict_template_configuration(self.domain2.id, self.domain2_config)
self.update_restrict_template_configuration(self.sub_domain.id, self.sub_domain_config)
cleanup_resources(self.apiclient, self.cleanup)
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)

return

@attr(tags=["advanced", "basic", "sg"], required_hardware="false")
Expand All @@ -173,7 +185,8 @@ def test_01_check_cross_domain_template_access(self):
"""

# Step 1
self.update_configuration("true")
self.update_restrict_template_configuration(self.domain1.id, "true")
self.update_restrict_template_configuration(self.domain2.id, "true")

self.validate_uploaded_template(self.apiclient, self.template1.id)

Expand Down Expand Up @@ -208,7 +221,8 @@ def test_02_create_template(self):
"""

# Step 1
self.update_configuration("false")
self.update_restrict_template_configuration(self.domain1.id, "false")
self.update_restrict_template_configuration(self.domain2.id, "false")

# Step 2
self.validate_template_ownership(self.template2, self.domain1, self.domain2, True)
Expand All @@ -223,17 +237,18 @@ def test_02_create_template(self):

# Step 5
# Deploy new virtual machine using template
virtual_machine = VirtualMachine.create(
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template2.id,
accountid=self.account1.name,
domainid=self.account1.domainid,
serviceofferingid=self.service_offering.id,
)
self.cleanup.append(self.virtual_machine)
self.debug("creating an instance with template ID: %s" % self.template2.id)
vm_response = VirtualMachine.list(self.apiclient,
id=virtual_machine.id,
id=self.virtual_machine.id,
account=self.account1.name,
domainid=self.account1.domainid)
self.assertEqual(
Expand Down Expand Up @@ -269,7 +284,8 @@ def test_03_check_subdomain_template_access(self):
"""

# Step 1
self.update_configuration("true")
self.update_restrict_template_configuration(self.domain1.id, "true")
self.update_restrict_template_configuration(self.domain2.id, "true")
# Make sure child domains can still access parent domain templates
self.validate_uploaded_template(self.apiclient, self.root_template.id)

Expand All @@ -295,7 +311,8 @@ def test_04_check_non_public_template_access(self):
"""

# Step 1
self.update_configuration("true")
self.update_restrict_template_configuration(self.domain1.id, "true")
self.update_restrict_template_configuration(self.domain2.id, "true")

# Step 2
self.template2.updatePermissions(self.apiclient,
Expand Down Expand Up @@ -330,7 +347,8 @@ def test_04_check_non_public_template_access(self):
self.validate_template_ownership(self.template2, self.domain, self.domain2, True)

# Step 5
self.update_configuration("false")
self.update_restrict_template_configuration(self.domain1.id, "false")
self.update_restrict_template_configuration(self.domain2.id, "false")

# Step 6
self.validate_template_ownership(self.template2, self.domain1, self.domain2, False)
Expand All @@ -350,7 +368,8 @@ def test_05_check_non_public_template_subdomain_access(self):
5. Set global setting restrict.public.access.to.templates to false
6. Repeat the steps 3 and 4
"""
self.update_configuration("true")
self.update_restrict_template_configuration(self.domain1.id, "true")
self.update_restrict_template_configuration(self.domain2.id, "true")
self.root_template.updatePermissions(self.apiclient,
ispublic="False")

Expand Down Expand Up @@ -379,7 +398,8 @@ def test_05_check_non_public_template_subdomain_access(self):
# Only ROOT domain can access non public templates of child domain
self.validate_template_ownership(self.root_template, self.domain2, self.domain, False)

self.update_configuration("false")
self.update_restrict_template_configuration(self.domain1.id, "false")
self.update_restrict_template_configuration(self.domain2.id, "false")
self.validate_template_ownership(self.root_template, self.domain1, self.domain2, False)
self.validate_template_ownership(self.root_template, self.domain2, self.domain2, False)

Expand All @@ -399,7 +419,8 @@ def test_06_check_sub_public_template_sub_domain_access(self):
self.root_template.updatePermissions(self.apiclient,
ispublic="True")
# Step 1
self.update_configuration("true")
self.update_restrict_template_configuration(self.domain1.id, "true")
self.update_restrict_template_configuration(self.domain2.id, "true")
# Make sure child domains can still access parent domain templates
self.validate_uploaded_template(self.apiclient, self.sub_template.id)

Expand Down Expand Up @@ -429,7 +450,8 @@ def test_07_check_default_public_template_sub_domain_access(self):
"""

# Step 1
self.update_configuration("false")
self.update_restrict_template_configuration(self.domain1.id, "false")
self.update_restrict_template_configuration(self.domain2.id, "false")
# Make sure child domains can still access parent domain templates
self.validate_uploaded_template(self.apiclient, self.sub_template.id)

Expand Down Expand Up @@ -461,7 +483,8 @@ def test_08_check_non_public_template_sub_domain_access(self):
"""

# Step 1
self.update_configuration("true")
self.update_restrict_template_configuration(self.domain1.id, "true")
self.update_restrict_template_configuration(self.domain2.id, "true")

# Step 2
self.template1.updatePermissions(self.apiclient,
Expand Down Expand Up @@ -499,7 +522,8 @@ def test_08_check_non_public_template_sub_domain_access(self):
self.validate_template_ownership(self.template1, self.domain, self.domain1, True)

# Step 5
self.update_configuration("false")
self.update_restrict_template_configuration(self.domain1.id, "false")
self.update_restrict_template_configuration(self.domain2.id, "false")

# Step 6
self.validate_template_ownership(self.template1, self.domain2, self.domain1, False)
Expand Down Expand Up @@ -580,13 +604,24 @@ def validate_template_ownership(self, template, owner, nonowner, include_cross_d
"not be accessible by domain %s"
% (template.name, nonowner.name, owner.name))

def update_configuration(self, value):
def get_restrict_template_configuration(self, domain_id):
"""
Function to update the global setting "restrict.public.access.to.templates"
:param value:
:return:
Function to get the global setting "restrict.public.access.to.templates" for domain
"""
list_configurations_cmd = listConfigurations.listConfigurationsCmd()
list_configurations_cmd.name = "restrict.public.template.access.to.domain"
list_configurations_cmd.scopename = "domain"
list_configurations_cmd.scopeid = domain_id
response = self.apiclient.listConfigurations(list_configurations_cmd)
return response[0].value

def update_restrict_template_configuration(self, domain_id, value):
"""
Function to update the global setting "restrict.public.access.to.templates" for domain
"""
update_configuration_cmd = updateConfiguration.updateConfigurationCmd()
update_configuration_cmd.name = "restrict.public.template.access.to.domain"
Copy link
Member

@weizhouapache weizhouapache Apr 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@soreana
since you have changed the name of global configuration to share.public.templates.with.other.domains, can you change the name in component test ? (maybe the value as well)

update_configuration_cmd.value = value
update_configuration_cmd.scopename = "domain"
update_configuration_cmd.scopeid = domain_id
return self.apiclient.updateConfiguration(update_configuration_cmd)