Search in sources :

Example 1 with TagAssignment

use of com.emc.storageos.model.TagAssignment in project coprhd-controller by CoprHD.

the class ApiTest method usageAclTests.

/**
 * Cos and VirtualArray acls tests
 */
public void usageAclTests() {
    TenantResponse tenantResp = rSys.path("/tenant").get(TenantResponse.class);
    rootTenantId = tenantResp.getTenant();
    String subtenant_url = "/tenants/" + rootTenantId.toString() + "/subtenants";
    TenantOrgList list = rSys.path(subtenant_url).get(TenantOrgList.class);
    Assert.assertEquals(4, list.getSubtenants().size());
    NamedRelatedResourceRep st1 = list.getSubtenants().get(0);
    NamedRelatedResourceRep st2 = list.getSubtenants().get(1);
    // create neighborhoods for test
    VirtualArrayCreateParam neighborhoodParam = new VirtualArrayCreateParam();
    neighborhoodParam.setLabel("n1");
    VirtualArrayRestRep n1 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, neighborhoodParam);
    Assert.assertNotNull(n1.getId());
    neighborhoodParam.setLabel("n2");
    VirtualArrayRestRep n2 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, neighborhoodParam);
    Assert.assertNotNull(n2.getId());
    // test open to all by default
    ClientResponse resp = rSTAdmin1.path("/vdc/varrays/" + n1.getId().toString()).get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    resp = rSTAdmin2.path("/vdc/varrays/" + n1.getId().toString()).get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    // set usage acl for st1 on n1
    String neighborAclUrl = "/vdc/varrays/%s/acl";
    ACLAssignmentChanges changes = new ACLAssignmentChanges();
    ACLEntry entry1 = new ACLEntry();
    entry1.setTenant(st1.getId().toString());
    entry1.setAces(new ArrayList<String>());
    entry1.getAces().add("USE");
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry1);
    resp = rSys.path(String.format(neighborAclUrl, n1.getId().toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    VirtualArrayRestRep nRead = rSTAdmin1.path("/vdc/varrays/" + n1.getId().toString()).get(VirtualArrayRestRep.class);
    Assert.assertEquals(nRead.getId(), n1.getId());
    Assert.assertEquals(nRead.getName(), n1.getName());
    resp = rSTAdmin2.path("/vdc/varrays/" + n1.getId().toString()).get(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    // set usage acl for st2 on n2
    changes = new ACLAssignmentChanges();
    ACLEntry entry2 = new ACLEntry();
    entry2.setTenant(st2.getId().toString());
    entry2.setAces(new ArrayList<String>());
    entry2.getAces().add("USE");
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry2);
    resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    nRead = rSTAdmin2.path("/vdc/varrays/" + n2.getId().toString()).get(VirtualArrayRestRep.class);
    Assert.assertEquals(nRead.getId(), n2.getId());
    Assert.assertEquals(nRead.getName(), n2.getName());
    resp = rSTAdmin1.path("/vdc/varrays/" + n2.getId().toString()).get(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    // negative test - invalid tenant id
    changes = new ACLAssignmentChanges();
    entry2 = new ACLEntry();
    entry2.setTenant("invalid");
    entry2.setAces(new ArrayList<String>());
    entry2.getAces().add("USE");
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry2);
    resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(400, resp.getStatus());
    // negative test - missing ace
    changes = new ACLAssignmentChanges();
    entry2 = new ACLEntry();
    entry2.setTenant(st2.getId().toString());
    entry2.setAces(new ArrayList<String>());
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry2);
    resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(400, resp.getStatus());
    // negative test - choice of tenant/group/subject_id (multiple present)
    changes = new ACLAssignmentChanges();
    entry2 = new ACLEntry();
    entry2.setTenant(st2.getId().toString());
    entry2.setGroup("TEST");
    entry2.setAces(new ArrayList<String>());
    entry2.getAces().add("USE");
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry2);
    resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(400, resp.getStatus());
    changes = new ACLAssignmentChanges();
    entry2 = new ACLEntry();
    entry2.setTenant(st2.getId().toString());
    entry2.setSubjectId("TEST");
    entry2.setAces(new ArrayList<String>());
    entry2.getAces().add("USE");
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry2);
    resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(400, resp.getStatus());
    changes = new ACLAssignmentChanges();
    entry2 = new ACLEntry();
    entry2.setTenant(st2.getId().toString());
    entry2.setGroup("TEST");
    entry2.setSubjectId("TEST");
    entry2.setAces(new ArrayList<String>());
    entry2.getAces().add("USE");
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry2);
    resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(400, resp.getStatus());
    // list neighborhoods
    VirtualArrayList nList = rSTAdminGr1.path("/vdc/varrays/").get(VirtualArrayList.class);
    Assert.assertEquals(1, nList.getVirtualArrays().size());
    Assert.assertEquals(n1.getId(), nList.getVirtualArrays().get(0).getId());
    // newly created varray, accessible for all
    neighborhoodParam = new VirtualArrayCreateParam();
    neighborhoodParam.setLabel("n3");
    VirtualArrayRestRep n3 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, neighborhoodParam);
    Assert.assertNotNull(n3.getId());
    nList = rSTAdminGr1.path("/vdc/varrays/").get(VirtualArrayList.class);
    Assert.assertEquals(2, nList.getVirtualArrays().size());
    Assert.assertTrue(nList.getVirtualArrays().get(0).getId().equals(n1.getId()) || nList.getVirtualArrays().get(1).getId().equals(n1.getId()));
    Assert.assertTrue(nList.getVirtualArrays().get(0).getId().equals(n3.getId()) || nList.getVirtualArrays().get(1).getId().equals(n3.getId()));
    // delete nh3
    rSys.path("/vdc/varrays/" + n3.getId().toString() + "/deactivate").post();
    // create vpool
    BlockVirtualPoolParam paramCosBlock = new BlockVirtualPoolParam();
    paramCosBlock.setName("foobar-block");
    paramCosBlock.setDescription("foobar-block description");
    paramCosBlock.setProtocols(new HashSet<String>());
    paramCosBlock.getProtocols().add(StorageProtocol.Block.FC.name());
    paramCosBlock.setMaxPaths(2);
    paramCosBlock.setProvisionType("Thick");
    BlockVirtualPoolRestRep cos1 = rZAdmin.path("/block/vpools").post(BlockVirtualPoolRestRep.class, paramCosBlock);
    Assert.assertNotNull(cos1.getId());
    resp = rZAdmin.path("/block/vpools").post(ClientResponse.class, paramCosBlock);
    Assert.assertEquals(400, resp.getStatus());
    resp = rSTAdmin1.path("/block/vpools/" + cos1.getId().toString()).get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    resp = rSTAdmin2.path("/block/vpools/" + cos1.getId().toString()).get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    // negative test: assign an empty storage pool
    VirtualPoolPoolUpdateParam paramPoolUpdate = new VirtualPoolPoolUpdateParam();
    paramPoolUpdate.setStoragePoolAssignmentChanges(new StoragePoolAssignmentChanges());
    paramPoolUpdate.getStoragePoolAssignmentChanges().setAdd(new StoragePoolAssignments());
    paramPoolUpdate.getStoragePoolAssignmentChanges().getAdd().setStoragePools(new HashSet<String>());
    paramPoolUpdate.getStoragePoolAssignmentChanges().getAdd().getStoragePools().add("");
    resp = rZAdmin.path("/block/vpools/" + cos1.getId().toString() + "/assign-matched-pools/").put(ClientResponse.class, paramPoolUpdate);
    Assert.assertEquals(400, resp.getStatus());
    // Set Cos acl
    changes = new ACLAssignmentChanges();
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry1);
    resp = rSys.path(String.format(_blockCosAclUrl, cos1.getId().toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    resp = rSys.path(String.format(_fileCosAclUrl, cos1.getId().toString())).get(ClientResponse.class);
    Assert.assertEquals(400, resp.getStatus());
    BlockVirtualPoolRestRep cRead = rSTAdmin1.path("/block/vpools/" + cos1.getId().toString()).get(BlockVirtualPoolRestRep.class);
    Assert.assertEquals(cRead.getId(), cos1.getId());
    Assert.assertEquals(cRead.getName(), cos1.getName());
    resp = rSTAdmin2.path("/block/vpools/" + cos1.getId().toString()).get(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    // create second CoS
    paramCosBlock = new BlockVirtualPoolParam();
    paramCosBlock.setName("foobar-block2");
    paramCosBlock.setDescription("foobar-block2 description");
    paramCosBlock.setProtocols(new HashSet<String>());
    paramCosBlock.getProtocols().add(StorageProtocol.Block.FC.name());
    paramCosBlock.setProvisionType("Thick");
    BlockVirtualPoolRestRep cos2 = rZAdminGr.path("/block/vpools").post(BlockVirtualPoolRestRep.class, paramCosBlock);
    Assert.assertNotNull(cos2.getId());
    // list vpool
    VirtualPoolList cList = rSTAdminGr1.path("/block/vpools/").get(VirtualPoolList.class);
    Assert.assertEquals(2, cList.getVirtualPool().size());
    Assert.assertTrue(cList.getVirtualPool().get(0).getId().equals(cos1.getId()) || cList.getVirtualPool().get(1).getId().equals(cos1.getId()));
    Assert.assertTrue(cList.getVirtualPool().get(0).getId().equals(cos2.getId()) || cList.getVirtualPool().get(1).getId().equals(cos2.getId()));
    cList = rSTAdmin2.path("/block/vpools/").get(VirtualPoolList.class);
    Assert.assertEquals(1, cList.getVirtualPool().size());
    Assert.assertEquals(cos2.getId(), cList.getVirtualPool().get(0).getId());
    // test limits
    for (int i = 0; i < 100; i++) {
        changes = new ACLAssignmentChanges();
        entry1.setTenant(st2.getId().toString());
        changes.setAdd(new ArrayList<ACLEntry>());
        changes.getAdd().add(entry1);
        resp = rSys.path(String.format(_blockCosAclUrl, cos2.getId().toString())).put(ClientResponse.class, changes);
        Assert.assertEquals(200, resp.getStatus());
    }
    changes = new ACLAssignmentChanges();
    entry1.setTenant("tenant_invalid");
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry1);
    resp = rSys.path(String.format(_blockCosAclUrl, cos2.getId().toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(400, resp.getStatus());
    // testing tags
    String cosTagUrl = "/block/vpools/%s/tags";
    TagAssignment tags = new TagAssignment();
    tags.setAdd(new StringSet());
    tags.getAdd().add("testtag1");
    resp = rSTAdmin2.path(String.format(cosTagUrl, cos1.getId())).put(ClientResponse.class, tags);
    Assert.assertEquals(403, resp.getStatus());
    Tags tagsResp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(Tags.class, tags);
    Assert.assertTrue(tagsResp.getTag().equals(tags.getAdd()));
    tags.setRemove(new StringSet());
    tags.getRemove().addAll(new HashSet(tags.getAdd()));
    // invalid tag, too short
    tags.getAdd().add("t");
    resp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(ClientResponse.class, tags);
    Assert.assertEquals(400, resp.getStatus());
    tags.getAdd().clear();
    // invalid tag, too long
    tags.getAdd().add("tag" + STR144);
    resp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(ClientResponse.class, tags);
    Assert.assertEquals(400, resp.getStatus());
    tags.getAdd().clear();
    // tags should be trimmed
    tags.getAdd().add(" testtag  ");
    tagsResp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(Tags.class, tags);
    Assert.assertTrue(tagsResp.getTag().equals(new StringSet() {

        {
            add("testtag");
        }
    }));
    resp = rSTAdmin2.path(String.format(cosTagUrl, cos1.getId())).get(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    resp = rSTAdmin1.path(String.format(cosTagUrl, cos1.getId())).get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    // Test bad parameter is returned if we add an invalid varray while creating the VirtualPool
    FileVirtualPoolParam paramFileCos = new FileVirtualPoolParam();
    paramFileCos.setName("Generic File VirtualPool");
    paramFileCos.setProtocols(new HashSet<String>());
    paramFileCos.getProtocols().add(StorageProtocol.File.NFS.name());
    paramFileCos.getProtocols().add(StorageProtocol.File.CIFS.name());
    paramFileCos.setVarrays(new HashSet<String>());
    paramFileCos.getVarrays().add("IDontExist");
    resp = rZAdmin.path("/file/vpools").post(ClientResponse.class, paramFileCos);
    Assert.assertEquals(400, resp.getStatus());
    // below is vpool restricted to tenant test
    /*
         * test setup:
         * create a varray and vpool and associate the vpool with the varray
         * restrict the vpool to the tenant
         */
    String vaLabel = "va-testTenantRestrictAccess-" + Calendar.getInstance().getTime().getTime();
    String vpLabel = "vp-testTenantRestrictAccess-" + Calendar.getInstance().getTime().getTime();
    // create a varray
    VirtualArrayCreateParam vaParam = new VirtualArrayCreateParam();
    vaParam.setLabel(vaLabel);
    BlockSettings bs = new BlockSettings();
    bs.setAutoSanZoning(true);
    vaParam.setBlockSettings(bs);
    VirtualArrayRestRep va1 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, vaParam);
    // create a vpool associated with the varray
    BlockVirtualPoolParam vpParam = new BlockVirtualPoolParam();
    vpParam.setName(vpLabel);
    vpParam.setDescription(vpLabel);
    Set<String> vas = new HashSet<String>();
    vas.add(va1.getId().toString());
    vpParam.setVarrays(vas);
    vpParam.setProvisionType("Thin");
    Set<String> protos = new HashSet();
    protos.add("FC");
    vpParam.setProtocols(protos);
    BlockVirtualPoolRestRep vp1 = rSys.path("/block/vpools").post(BlockVirtualPoolRestRep.class, vpParam);
    // restrict the vpool to a tenant
    ACLAssignmentChanges aclChange = new ACLAssignmentChanges();
    List<ACLEntry> acls = new ArrayList<>();
    ACLEntry acl = new ACLEntry();
    acl.setTenant(subtenant2Id.toString());
    acl.setAces(new ArrayList<String>(Arrays.asList("USE")));
    acls.add(acl);
    aclChange.setAdd(acls);
    String uri = String.format("/block/vpools/%s/acl", vp1.getId());
    ACLAssignments aclAssignments = rSys.path(uri).put(ACLAssignments.class, aclChange);
    // test1: sysadmin can see vpool
    // test2: sysmonitor can see vpool
    String vpUri = String.format("/vdc/varrays/%s/vpools", va1.getId().toString());
    VirtualPoolList vpoolList = rSys.path(vpUri).get(VirtualPoolList.class);
    List<NamedRelatedVirtualPoolRep> vpools = vpoolList.getVirtualPool();
    boolean foundVpool = false;
    for (NamedRelatedVirtualPoolRep vpool : vpools) {
        if (vpool.getId().equals(vp1.getId())) {
            foundVpool = true;
            _log.info("user root can see the vpool {}", vp1.getName());
        }
    }
    Assert.assertTrue(foundVpool);
    // test3: tenant user can see vpool
    VirtualPoolList vpoolList2 = rST2User.path(vpUri).get(VirtualPoolList.class);
    List<NamedRelatedVirtualPoolRep> vpools2 = vpoolList2.getVirtualPool();
    foundVpool = false;
    for (NamedRelatedVirtualPoolRep vpool : vpools2) {
        if (vpool.getId().equals(vp1.getId())) {
            foundVpool = true;
            _log.info("user st2user can see the vpool {}", vp1.getName());
        }
    }
    Assert.assertTrue(foundVpool);
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) VirtualPoolPoolUpdateParam(com.emc.storageos.model.vpool.VirtualPoolPoolUpdateParam) VirtualArrayList(com.emc.storageos.model.varray.VirtualArrayList) ArrayList(java.util.ArrayList) VirtualPoolList(com.emc.storageos.model.vpool.VirtualPoolList) NamedRelatedVirtualPoolRep(com.emc.storageos.model.vpool.NamedRelatedVirtualPoolRep) VirtualArrayRestRep(com.emc.storageos.model.varray.VirtualArrayRestRep) StringSet(com.emc.storageos.db.client.model.StringSet) VirtualArrayList(com.emc.storageos.model.varray.VirtualArrayList) BlockVirtualPoolRestRep(com.emc.storageos.model.vpool.BlockVirtualPoolRestRep) Tags(com.emc.storageos.model.search.Tags) HashSet(java.util.HashSet) StoragePoolAssignments(com.emc.storageos.model.vpool.StoragePoolAssignments) StoragePoolAssignmentChanges(com.emc.storageos.model.vpool.StoragePoolAssignmentChanges) FileVirtualPoolParam(com.emc.storageos.model.vpool.FileVirtualPoolParam) ACLAssignmentChanges(com.emc.storageos.model.auth.ACLAssignmentChanges) VirtualArrayCreateParam(com.emc.storageos.model.varray.VirtualArrayCreateParam) TagAssignment(com.emc.storageos.model.TagAssignment) NamedRelatedResourceRep(com.emc.storageos.model.NamedRelatedResourceRep) BlockSettings(com.emc.storageos.model.varray.BlockSettings) ACLEntry(com.emc.storageos.model.auth.ACLEntry) TenantOrgList(com.emc.storageos.model.tenant.TenantOrgList) ACLAssignments(com.emc.storageos.model.auth.ACLAssignments) BlockVirtualPoolParam(com.emc.storageos.model.vpool.BlockVirtualPoolParam) TenantResponse(com.emc.storageos.model.tenant.TenantResponse)

Aggregations

StringSet (com.emc.storageos.db.client.model.StringSet)1 NamedRelatedResourceRep (com.emc.storageos.model.NamedRelatedResourceRep)1 TagAssignment (com.emc.storageos.model.TagAssignment)1 ACLAssignmentChanges (com.emc.storageos.model.auth.ACLAssignmentChanges)1 ACLAssignments (com.emc.storageos.model.auth.ACLAssignments)1 ACLEntry (com.emc.storageos.model.auth.ACLEntry)1 Tags (com.emc.storageos.model.search.Tags)1 TenantOrgList (com.emc.storageos.model.tenant.TenantOrgList)1 TenantResponse (com.emc.storageos.model.tenant.TenantResponse)1 BlockSettings (com.emc.storageos.model.varray.BlockSettings)1 VirtualArrayCreateParam (com.emc.storageos.model.varray.VirtualArrayCreateParam)1 VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)1 VirtualArrayRestRep (com.emc.storageos.model.varray.VirtualArrayRestRep)1 BlockVirtualPoolParam (com.emc.storageos.model.vpool.BlockVirtualPoolParam)1 BlockVirtualPoolRestRep (com.emc.storageos.model.vpool.BlockVirtualPoolRestRep)1 FileVirtualPoolParam (com.emc.storageos.model.vpool.FileVirtualPoolParam)1 NamedRelatedVirtualPoolRep (com.emc.storageos.model.vpool.NamedRelatedVirtualPoolRep)1 StoragePoolAssignmentChanges (com.emc.storageos.model.vpool.StoragePoolAssignmentChanges)1 StoragePoolAssignments (com.emc.storageos.model.vpool.StoragePoolAssignments)1 VirtualPoolList (com.emc.storageos.model.vpool.VirtualPoolList)1