review comments incorporated and added conf file

Change-Id: I18051dec23064233db4c38732f7e592e9359e843 Reviewed-on: http://review.couchbase.org/c/testrunner/+/160522 Tested-by: Balakumaran G <balakumaran.gopal@couchbase.com> Reviewed-by: Balakumaran G <balakumaran.gopal@couchbase.com>
couchbase · Sep 1, 2021 · f3c5b2a · f3c5b2a
1 parent 1bf0d6c
commit f3c5b2a
Show file tree

Hide file tree

Showing 2 changed files with 177 additions and 0 deletions.
diff --git a/conf/view-conf/py-securityviews.conf b/conf/view-conf/py-securityviews.conf
@@ -0,0 +1,4 @@
+view.viewssecurity.ViewsSecurity:
+    test_n2n_encryption_enabled_rebalance_in_and_out_with_ddoc_ops,ddoc_ops=create,test_with_view=True,nodes_in=1,nodes_out=1,num_ddocs=2,num_views_per_ddoc=3,items=200000,sasl_buckets=1,standard_buckets=1,GROUP=P1,ntonencrypt=enable,use_https=True,enforce_tls=True
+    test_n2n_encryption_enabled_rebalance_in_with_ddoc_ops,ddoc_ops=create,test_with_view=True,nodes_in=1,num_ddocs=2,num_views_per_ddoc=3,items=200000,sasl_buckets=1,standard_buckets=1,GROUP=P1,ntonencrypt=enable,use_https=True,enforce_tls=True
+    test_view_ops_n2n_encryption_enabled,ddoc_ops=create,test_with_view=True,num_ddocs=2,num_views_per_ddoc=3,items=200000,sasl_buckets=1,standard_buckets=1,GROUP=P1,ntonencrypt=enable,use_https=True,enforce_tls=True
diff --git a/pytests/view/viewssecurity.py b/pytests/view/viewssecurity.py
@@ -0,0 +1,173 @@
+import copy
+from threading import Thread, Event
+from couchbase_helper.document import DesignDocument, View
+from membase.helper.cluster_helper import ClusterOperationHelper
+from pytests.security.ntonencryptionBase import ntonencryptionBase
+from pytests.security.x509main import x509main
+from pytests.view import createdeleteview
+from basetestcase import BaseTestCase
+
+
+class ViewsSecurity(createdeleteview.CreateDeleteViewTests,BaseTestCase):
+    def setUp(self):
+        try:
+            super(ViewsSecurity, self).setUp()
+            self.bucket_ddoc_map = {}
+            self.ddoc_ops = self.input.param("ddoc_ops", None)
+            self.boot_op = self.input.param("boot_op", None)
+            self.test_with_view = self.input.param("test_with_view", False)
+            self.num_views_per_ddoc = self.input.param("num_views_per_ddoc", 1)
+            self.num_ddocs = self.input.param("num_ddocs", 1)
+            self.gen = None
+            self.is_crashed = Event()
+            self.default_design_doc_name = "Doc1"
+            self.default_map_func = 'function (doc) { emit(doc.age, doc.first_name);}'
+            self.updated_map_func = 'function (doc) { emit(null, doc);}'
+            self.default_view = View("View", self.default_map_func, None, False)
+            self.fragmentation_value = self.input.param("fragmentation_value", 80)
+
+        except Exception as ex:
+            self.input.test_params["stop-on-failure"] = True
+            self.log.error("SETUP WAS FAILED. ALL TESTS WILL BE SKIPPED")
+            self.fail(ex)
+
+    def suite_setUp(self):
+        self.log.info("---------------Suite Setup---------------")
+
+    def suite_tearDown(self):
+        self.log.info("---------------Suite Teardown---------------")
+
+    def tearDown(self):
+        super(ViewsSecurity, self).tearDown()
+
+
+    def test_view_ops_n2n_encryption_enabled(self):
+
+        ntonencryptionBase().disable_nton_cluster([self.master])
+        self.log.info("###### Generating x509 certificate#####")
+        self.generate_x509_certs(self.servers)
+        self.log.info("###### uploading x509 certificate#####")
+        self.upload_x509_certs(self.servers)
+
+        self._load_doc_data_all_buckets()
+        for bucket in self.buckets:
+            self._execute_ddoc_ops("create", self.test_with_view, self.num_ddocs, self.num_views_per_ddoc,
+                                   bucket=bucket)
+
+        self._wait_for_stats_all_buckets([self.master])
+        ntonencryptionBase().setup_nton_cluster([self.master], clusterEncryptionLevel="strict")
+        self.x509enable = True
+
+        encryption_result = ntonencryptionBase().setup_nton_cluster(self.servers, 'enable', self.ntonencrypt_level)
+        self.assertTrue(encryption_result, "Retries Exceeded. Cannot enable n2n encryption")
+
+        self._verify_ddoc_ops_all_buckets()
+        self._verify_ddoc_data_all_buckets()
+
+        self._execute_ddoc_ops("update", self.test_with_view,
+                               self.num_ddocs // 2, self.num_views_per_ddoc // 2, bucket=bucket)
+        self._wait_for_stats_all_buckets([self.master])
+
+        ntonencryptionBase().disable_nton_cluster([self.master])
+
+        self._verify_ddoc_ops_all_buckets()
+        self._verify_ddoc_data_all_buckets()
+
+        self._execute_ddoc_ops("delete", self.test_with_view,
+                               self.num_ddocs // 2, self.num_views_per_ddoc // 2, bucket=bucket)
+
+        self._wait_for_stats_all_buckets([self.master])
+        ntonencryptionBase().setup_nton_cluster([self.master], clusterEncryptionLevel="strict")
+        self._verify_ddoc_ops_all_buckets()
+        self._verify_ddoc_data_all_buckets()
+
+        assert ClusterOperationHelper.check_if_services_obey_tls(
+            servers=[self.master]), "Port binding after enforcing TLS incorrect"
+
+
+    def test_n2n_encryption_enabled_rebalance_in_with_ddoc_ops(self):
+
+
+        self.assertTrue(self.num_servers > self.nodes_in + self.nodes_out,
+                        "ERROR: Not enough nodes to do rebalance in and out")
+
+
+        ntonencryptionBase().disable_nton_cluster([self.master])
+
+        self._load_doc_data_all_buckets()
+
+
+        servs_in = self.servers[1:self.nodes_in + 1]
+        rebalance = self.cluster.async_rebalance(self.servers[:1], servs_in, [])
+
+
+        for bucket in self.buckets:
+            self._execute_ddoc_ops("create", self.test_with_view, self.num_ddocs, self.num_views_per_ddoc, bucket=bucket)
+        self._execute_ddoc_ops("update", self.test_with_view,
+                               self.num_ddocs // 2, self.num_views_per_ddoc // 2, bucket=bucket)
+        self._execute_ddoc_ops("delete", self.test_with_view,
+                               self.num_ddocs // 2, self.num_views_per_ddoc // 2, bucket=bucket)
+        rebalance.result()
+        self._wait_for_stats_all_buckets(self.servers[:self.nodes_in + 1])
+        max_verify = None
+        if self.num_items > 500000:
+            max_verify = 100000
+
+        ntonencryptionBase().setup_nton_cluster([self.master], clusterEncryptionLevel="strict")
+
+        self._verify_all_buckets(server=self.master, timeout=self.wait_timeout * 15 if not self.dgm_run else None, max_verify=max_verify)
+        self._verify_stats_all_buckets(self.servers[:self.nodes_in + 1], timeout=self.wait_timeout if not self.dgm_run else None)
+        self._verify_ddoc_ops_all_buckets()
+        if self.test_with_view:
+            self._verify_ddoc_data_all_buckets()
+        assert ClusterOperationHelper.check_if_services_obey_tls(
+            servers=[self.master]), "Port binding after enforcing TLS incorrect"
+
+
+    def test_n2n_encryption_enabled_rebalance_in_and_out_with_ddoc_ops(self):
+        #assert if number of nodes_in and nodes_out are not sufficient
+        self.assertTrue(self.num_servers > self.nodes_in + self.nodes_out,
+                            "ERROR: Not enough nodes to do rebalance in and out")
+        ntonencryptionBase().disable_nton_cluster([self.master])
+
+        servs_in = self.servers[self.num_servers - self.nodes_in:]
+        #subtract the servs_in from the list of servers
+        servs_for_rebal = [serv for serv in self.servers if serv not in servs_in]
+        servs_out = servs_for_rebal[self.num_servers - self.nodes_in - self.nodes_out:]
+
+        x509main().setup_cluster_nodes_ssl(servs_out)
+        #list of server which will be available after the in/out operation
+        servs_after_rebal = [serv for serv in self.servers if serv not in servs_out]
+
+        self.log.info("create a cluster of all the available servers except nodes_in")
+        self.cluster.rebalance(servs_for_rebal[:1],
+                               servs_for_rebal[1:], [])
+        #ntonencryptionBase().disable_nton_cluster([self.master])
+        # load initial documents
+        self._load_doc_data_all_buckets()
+
+        #start the rebalance in/out operation
+        rebalance = self.cluster.async_rebalance(servs_for_rebal, servs_in, servs_out)
+
+        for bucket in self.buckets:
+            self._execute_ddoc_ops("create", self.test_with_view, self.num_ddocs, self.num_views_per_ddoc, bucket=bucket)
+            if self.ddoc_ops in ["update", "delete"]:
+                self._execute_ddoc_ops(self.ddoc_ops, self.test_with_view, self.num_ddocs // 2, self.num_views_per_ddoc // 2, bucket=bucket)
+        rebalance.result()
+        self._wait_for_stats_all_buckets(servs_after_rebal)
+        max_verify = None
+        if self.num_items > 500000:
+            max_verify = 100000
+
+        encryption_result = ntonencryptionBase().setup_nton_cluster([self.master], clusterEncryptionLevel="strict")
+        self.assertTrue(encryption_result, "Retries Exceeded. Cannot enable n2n encryption")
+
+        self.cluster.async_rebalance(servs_for_rebal, servs_in, servs_out)
+
+        self._verify_all_buckets(server=self.master, timeout=self.wait_timeout * 15 if not self.dgm_run else None, max_verify=max_verify)
+        self._verify_stats_all_buckets(servs_after_rebal, timeout=self.wait_timeout if not self.dgm_run else None)
+        self._verify_ddoc_ops_all_buckets()
+        if self.test_with_view:
+            self._verify_ddoc_data_all_buckets()
+        assert ClusterOperationHelper.check_if_services_obey_tls(
+            servers=[self.master]), "Port binding after enforcing TLS incorrect"