Merge pull request #741 from openstack-charmers/ceph-dashboard-saml-tests

Add test for ceph-dashboard SAML functionality
2022-04-08 14:07:25 +02:00
parent c57ae0ccbf b7d7588f46
commit aa24cb9f03
1 changed files with 40 additions and 0 deletions
--- a/zaza/openstack/charm_tests/ceph/dashboard/tests.py
+++ b/zaza/openstack/charm_tests/ceph/dashboard/tests.py
@@ -18,6 +18,7 @@ import collections
 import json
 import logging
 import requests
+import tempfile
 import tenacity
 import uuid

@@ -26,6 +27,17 @@ import zaza.openstack.charm_tests.test_utils as test_utils
 import zaza.openstack.utilities.openstack as openstack_utils


+SAML_IDP_METADATA = '''
+<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:X509Data>
+        <ds:X509Certificate>
+            {}
+        </ds:X509Certificate>
+    </ds:X509Data>
+</ds:KeyInfo>
+'''
+
+
 class CephDashboardTest(test_utils.BaseCharmTest):
    """Class for `ceph-dashboard` tests."""

@@ -211,3 +223,31 @@ class CephDashboardTest(test_utils.BaseCharmTest):
                'ceph-dashboard',
                'ceph config-key exists {}'.format(key))
            self.assertEqual(check_out['Code'], '0')
+
+    def test_saml(self):
+        """Check that the dashboard is accessible with SAML enabled."""
+        get_os_release = openstack_utils.get_os_release
+        if (get_os_release(application='ceph-mon') <
+                get_os_release('focal_yoga')):
+            return
+
+        url = self.get_master_dashboard_url()
+        with tempfile.NamedTemporaryFile(mode='w') as tmp, \
+                open(self.local_ca_cert) as cert:
+            tmp.write(SAML_IDP_METADATA.format(cert.read()))
+            tmp.flush()
+            zaza.model.set_application_config(
+                'ceph-dashboard',
+                {
+                    'saml-base-url': url,
+                    'saml-idp-metadata': 'file://{}'.format(tmp.name),
+                }
+            )
+
+            # Login must be redirected.
+            resp = requests.get(url + '/auth/saml2/login')
+            self.assertTrue(resp.is_redirect)
+
+            # Check that metadata is present.
+            resp = requests.get(url + '/auth/saml2/metadata')
+            self.assertEqual(resp.status_code, requests.code.ok)