diff options
author | Petr Viktorin <pviktori@redhat.com> | 2012-04-30 07:29:08 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-05-11 08:14:20 +0200 |
commit | 1565ce3a8c39326f814c9781b3df24c42402c1b5 (patch) | |
tree | 010f750b8f28cdc2cf53c465407cb302e8212880 /tests/test_xmlrpc | |
parent | f19218f7d87f5847d51f79b5d2850f90b0ae8407 (diff) | |
download | freeipa-1565ce3a8c39326f814c9781b3df24c42402c1b5.tar.gz freeipa-1565ce3a8c39326f814c9781b3df24c42402c1b5.tar.xz freeipa-1565ce3a8c39326f814c9781b3df24c42402c1b5.zip |
Validate externalhost (when added by --addattr/--setattr)
Change the externalhost attribute of hbacrule, netgroup
and sudorule into a full-fledged Parameter, and attach
a validator to it.
The validator is relaxed to allow underscores, so that
some hosts with nonstandard names can be added.
Tests included.
https://fedorahosted.org/freeipa/ticket/2649
Diffstat (limited to 'tests/test_xmlrpc')
-rw-r--r-- | tests/test_xmlrpc/test_hbac_plugin.py | 9 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_netgroup_plugin.py | 62 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_sudorule_plugin.py | 17 |
3 files changed, 88 insertions, 0 deletions
diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py index c7cb55bad..5ecb9014d 100644 --- a/tests/test_xmlrpc/test_hbac_plugin.py +++ b/tests/test_xmlrpc/test_hbac_plugin.py @@ -377,6 +377,15 @@ class test_hbac(XMLRPC_test): entry = ret['result'] assert_attr_equal(entry, 'externalhost', self.test_host_external) + @raises(errors.ValidationError) + def test_c_hbacrule_mod_invalid_external_setattr(self): + """ + Test adding the same external host using `xmlrpc.hbacrule_add_host`. + """ + ret = api.Command['hbacrule_mod']( + self.rule_name, setattr=self.test_invalid_sourcehost + ) + def test_c_hbacrule_remove_external_host(self): """ Test removing external source host using `xmlrpc.hbacrule_remove_host`. diff --git a/tests/test_xmlrpc/test_netgroup_plugin.py b/tests/test_xmlrpc/test_netgroup_plugin.py index 03d5b9fa3..d51287bcd 100644 --- a/tests/test_xmlrpc/test_netgroup_plugin.py +++ b/tests/test_xmlrpc/test_netgroup_plugin.py @@ -46,6 +46,8 @@ host_dn1 = DN(('fqdn',host1),('cn','computers'),('cn','accounts'), unknown_host = u'unknown' +unknown_host2 = u'unknown2' + hostgroup1 = u'hg1' hostgroup_dn1 = DN(('cn',hostgroup1),('cn','hostgroups'),('cn','accounts'), api.env.basedn) @@ -829,6 +831,66 @@ class test_netgroup(Declarative): ), dict( + desc='Add invalid host %r to netgroup %r using setattr' % + (invalidhost, netgroup1), + command=( + 'netgroup_mod', [netgroup1], + dict(setattr='externalhost=%s' % invalidhost) + ), + expected=errors.ValidationError(name='externalhost', + error='only letters, numbers, _, and - are allowed. ' + + 'DNS label may not start or end with -'), + ), + + dict( + desc='Add unknown host %r to netgroup %r using addattr' % + (unknown_host2, netgroup1), + command=( + 'netgroup_mod', [netgroup1], + dict(addattr='externalhost=%s' % unknown_host2) + ), + expected=dict( + value=u'netgroup1', + summary=u'Modified netgroup "netgroup1"', + result={ + 'memberhost_host': (host1,), + 'memberhost_hostgroup': (hostgroup1,), + 'memberuser_user': (user1,), + 'memberuser_group': (group1,), + 'member_netgroup': (netgroup2,), + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [unknown_host, unknown_host2], + }, + ) + ), + + dict( + desc='Remove unknown host %r from netgroup %r using delattr' % + (unknown_host2, netgroup1), + command=( + 'netgroup_mod', [netgroup1], + dict(delattr='externalhost=%s' % unknown_host2) + ), + expected=dict( + value=u'netgroup1', + summary=u'Modified netgroup "netgroup1"', + result={ + 'memberhost_host': (host1,), + 'memberhost_hostgroup': (hostgroup1,), + 'memberuser_user': (user1,), + 'memberuser_group': (group1,), + 'member_netgroup': (netgroup2,), + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [unknown_host], + }, + ) + ), + + dict( desc='Retrieve %r' % netgroup1, command=('netgroup_show', [netgroup1], {}), expected=dict( diff --git a/tests/test_xmlrpc/test_sudorule_plugin.py b/tests/test_xmlrpc/test_sudorule_plugin.py index 6aabd2b27..f0e6cd34f 100644 --- a/tests/test_xmlrpc/test_sudorule_plugin.py +++ b/tests/test_xmlrpc/test_sudorule_plugin.py @@ -484,6 +484,23 @@ class test_sudorule(XMLRPC_test): else: assert False + def test_a_sudorule_mod_externalhost_invalid_addattr(self): + """ + Test adding an invalid external host to Sudo rule using + `xmlrpc.sudorule_mod --addattr`. + """ + try: + api.Command['sudorule_mod']( + self.rule_name, + addattr='externalhost=%s' % self.test_invalid_host + ) + except errors.ValidationError, e: + assert unicode(e) == ("invalid 'externalhost': only letters, " + + "numbers, _, and - are allowed. " + + "DNS label may not start or end with -") + else: + assert False + def test_b_sudorule_remove_externalhost(self): """ Test removing an external host from Sudo rule using |