ipatests: test_sudo: Add tests for allowing hosts via hostmasks

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
author: Tomas Babej <tbabej@redhat.com> 2014-05-14 15:26:59 +0200
committer: Petr Viktorin <pviktori@redhat.com> 2014-06-25 20:14:51 +0200
commit: d537da8b8a52dde18f4d07455fef8a4ef1c4ef04 (patch)
tree: 0be7f39cdc860e9a0be06cded529890e2651345f /ipatests
parent: b1275c5b1c2038c9769377e9cf0afe04139d1d8d (diff)
download: freeipa-d537da8b8a52dde18f4d07455fef8a4ef1c4ef04.tar.gz
freeipa-d537da8b8a52dde18f4d07455fef8a4ef1c4ef04.tar.xz
freeipa-d537da8b8a52dde18f4d07455fef8a4ef1c4ef04.zip
1 files changed, 36 insertions, 0 deletions
diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 42c9b6b6a..40fb68581 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -226,6 +226,42 @@ class TestSudo(IntegrationTest):
                                  'testrule',
                                  '--hostgroups', 'testhostgroup'])
 
+    def test_sudo_rule_restricted_to_one_hostmask_setup(self):
+        # Add the client's /24 hostmask to the rule
+        ip = self.client.ip
+        self.master.run_command(['ipa', '-n', 'sudorule-add-host',
+                                 'testrule',
+                                 '--hostmask', '%s/24' % ip])
+
+    def test_sudo_rule_restricted_to_one_hostmask(self):
+        result1 = self.list_sudo_commands("testuser1")
+        assert "(ALL) NOPASSWD: ALL" in result1.stdout_text
+
+    def test_sudo_rule_restricted_to_one_hostmask_teardown(self):
+        # Remove the client's /24 hostmask from the rule
+        ip = self.client.ip
+        self.master.run_command(['ipa', '-n', 'sudorule-remove-host',
+                                 'testrule',
+                                 '--hostmask', '%s/24' % ip])
+
+    def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self):
+        # Add the master's hostmask to the rule
+        ip = self.master.ip
+        self.master.run_command(['ipa', '-n', 'sudorule-add-host',
+                                 'testrule',
+                                 '--hostmask', '%s/32' % ip])
+
+    def test_sudo_rule_restricted_to_one_hostmask_negative(self):
+        result1 = self.list_sudo_commands("testuser1")
+        assert result1.returncode != 0
+
+    def test_sudo_rule_restricted_to_one_hostmask_negative_teardown(self):
+        # Remove the master's hostmask from the rule
+        ip = self.master.ip
+        self.master.run_command(['ipa', '-n', 'sudorule-remove-host',
+                                 'testrule',
+                                 '--hostmask', '%s/32' % ip])
+
     def test_sudo_rule_restricted_to_one_command_setup(self):
         # Reset testrule configuration
         self.reset_rule_categories()
author	Tomas Babej <tbabej@redhat.com>	2014-05-14 15:26:59 +0200
committer	Petr Viktorin <pviktori@redhat.com>	2014-06-25 20:14:51 +0200
commit	d537da8b8a52dde18f4d07455fef8a4ef1c4ef04 (patch)
tree	0be7f39cdc860e9a0be06cded529890e2651345f /ipatests
parent	b1275c5b1c2038c9769377e9cf0afe04139d1d8d (diff)
download	freeipa-d537da8b8a52dde18f4d07455fef8a4ef1c4ef04.tar.gz freeipa-d537da8b8a52dde18f4d07455fef8a4ef1c4ef04.tar.xz freeipa-d537da8b8a52dde18f4d07455fef8a4ef1c4ef04.zip