diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-08-05 22:41:32 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-08-16 17:13:56 -0400 |
commit | 2f4f9054aac8bef83272d690a4868653a3a5bd0d (patch) | |
tree | aa1ef1ff947f002337e32dda202c8135c1eeaad9 /tests | |
parent | 81ae7c3a605ba13c6479c7bccc44190228f8ed07 (diff) | |
download | freeipa-2f4f9054aac8bef83272d690a4868653a3a5bd0d.tar.gz freeipa-2f4f9054aac8bef83272d690a4868653a3a5bd0d.tar.xz freeipa-2f4f9054aac8bef83272d690a4868653a3a5bd0d.zip |
Enable a host to retrieve a keytab for all its services.
Using the host service principal one should be able to retrieve a keytab
for other services for the host using ipa-getkeytab. This required a number
of changes:
- allow hosts in the service's managedby to write krbPrincipalKey
- automatically add the host to managedby when a service is created
- fix ipa-getkeytab to return the entire prinicpal and not just the
first data element. It was returning "host" from the service tgt
and not host/ipa.example.com
- fix the display of the managedby attribute in the service plugin
This led to a number of changes in the service unit tests. I took the
opportunity to switch to the Declarative scheme and tripled the number
of tests we were doing. This shed some light on a few bugs in the plugin:
- if a service had a bad usercertificate it was impossible to delete the
service. I made it a bit more flexible.
- I added a summary for the mod and find commands
- has_keytab wasn't being set in the find output
ticket 68
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test_xmlrpc/test_host_plugin.py | 3 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_service_plugin.py | 376 |
2 files changed, 287 insertions, 92 deletions
diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py index 8c2224b58..6a07763c6 100644 --- a/tests/test_xmlrpc/test_host_plugin.py +++ b/tests/test_xmlrpc/test_host_plugin.py @@ -300,6 +300,7 @@ class test_host(Declarative): dn=service1dn, krbprincipalname=[service1], objectclass=objectclasses.service, + managedby_host=[fqdn1], ipauniqueid=[fuzzy_uuid], ), ), @@ -321,7 +322,7 @@ class test_host(Declarative): expected=dict( count=0, truncated=False, - summary=None, + summary=u'0 services matched', result=[ ], ), diff --git a/tests/test_xmlrpc/test_service_plugin.py b/tests/test_xmlrpc/test_service_plugin.py index 96827e4c5..18eecd7ff 100644 --- a/tests/test_xmlrpc/test_service_plugin.py +++ b/tests/test_xmlrpc/test_service_plugin.py @@ -21,94 +21,288 @@ Test the `ipalib/plugins/service.py` module. """ -import sys -from xmlrpc_test import XMLRPC_test, assert_attr_equal -from ipalib import api -from ipalib import errors - - -class test_service(XMLRPC_test): - """ - Test the `service` plugin. - """ - host = u'ipatest.%s' % api.env.domain - principal = u'HTTP/ipatest.%s@%s' % (api.env.domain, api.env.realm) - hostprincipal = u'host/ipatest.%s@%s' % (api.env.domain, api.env.realm) - kw = {'krbprincipalname': principal} - - def test_1_service_add(self): - """ - Test adding a HTTP principal using the `xmlrpc.service_add` method. - """ - self.failsafe_add(api.Object.host, self.host, force=True) - entry = self.failsafe_add(api.Object.service, self.principal, force=True)['result'] - assert_attr_equal(entry, 'krbprincipalname', self.principal) - assert_attr_equal(entry, 'objectclass', 'ipaobject') - - def test_2_service_add(self): - """ - Test adding a host principal using `xmlrpc.service_add`. Host - services are not allowed. - """ - kw = {'krbprincipalname': self.hostprincipal} - try: - api.Command['service_add'](**kw) - except errors.HostService: - pass - else: - assert False - - def test_3_service_add(self): - """ - Test adding a malformed principal ('foo'). - """ - kw = {'krbprincipalname': u'foo', 'force': True} - try: - api.Command['service_add'](**kw) - except errors.MalformedServicePrincipal: - pass - else: - assert False - - def test_4_service_add(self): - """ - Test adding a malformed principal ('HTTP/foo@FOO.NET'). - """ - kw = {'krbprincipalname': u'HTTP/foo@FOO.NET', 'force': True} - try: - api.Command['service_add'](**kw) - except errors.RealmMismatch: - pass - else: - assert False - - def test_5_service_show(self): - """ - Test the `xmlrpc.service_show` method. - """ - entry = api.Command['service_show'](self.principal)['result'] - assert_attr_equal(entry, 'krbprincipalname', self.principal) - assert(entry['has_keytab'] == False) - - def test_6_service_find(self): - """ - Test the `xmlrpc.service_find` method. - """ - entries = api.Command['service_find'](self.principal)['result'] - assert_attr_equal(entries[0], 'krbprincipalname', self.principal) - - def test_7_service_del(self): - """ - Test the `xmlrpc.service_del` method. - """ - assert api.Command['service_del'](self.principal)['result'] is True - - # Verify that it is gone - try: - api.Command['service_show'](self.principal) - except errors.NotFound: - pass - else: - assert False - - api.Command['host_del'](self.host) +from ipalib import api, errors +from tests.test_xmlrpc.xmlrpc_test import Declarative, fuzzy_uuid +from tests.test_xmlrpc import objectclasses + + +fqdn1 = u'testhost1.%s' % api.env.domain +fqdn2 = u'testhost2.%s' % api.env.domain +service1 = u'HTTP/%s@%s' % (fqdn1, api.env.realm) +hostprincipal1 = u'host/%s@%s' % (fqdn1, api.env.realm) +service1dn = u'krbprincipalname=%s,cn=services,cn=accounts,%s' % (service1.lower(), api.env.basedn) +host1dn = u'fqdn=%s,cn=computers,cn=accounts,%s' % (fqdn1, api.env.basedn) +host2dn = u'fqdn=%s,cn=computers,cn=accounts,%s' % (fqdn2, api.env.basedn) + + +class test_host(Declarative): + + cleanup_commands = [ + ('host_del', [fqdn1], {}), + ('host_del', [fqdn2], {}), + ('service_del', [service1], {}), + ] + + tests = [ + dict( + desc='Try to retrieve non-existent %r' % service1, + command=('service_show', [service1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to update non-existent %r' % service1, + command=('service_mod', [service1], dict(usercertificate='Nope')), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to delete non-existent %r' % service1, + command=('service_del', [service1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Create %r' % fqdn1, + command=('host_add', [fqdn1], + dict( + description=u'Test host 1', + l=u'Undisclosed location 1', + force=True, + ), + ), + expected=dict( + value=fqdn1, + summary=u'Added host "%s"' % fqdn1, + result=dict( + dn=host1dn, + fqdn=[fqdn1], + description=[u'Test host 1'], + l=[u'Undisclosed location 1'], + krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], + objectclass=objectclasses.host, + ipauniqueid=[fuzzy_uuid], + ), + ), + ), + + + dict( + desc='Create %r' % fqdn2, + command=('host_add', [fqdn2], + dict( + description=u'Test host 2', + l=u'Undisclosed location 2', + force=True, + ), + ), + expected=dict( + value=fqdn2, + summary=u'Added host "%s"' % fqdn2, + result=dict( + dn=host2dn, + fqdn=[fqdn2], + description=[u'Test host 2'], + l=[u'Undisclosed location 2'], + krbprincipalname=[u'host/%s@%s' % (fqdn2, api.env.realm)], + objectclass=objectclasses.host, + ipauniqueid=[fuzzy_uuid], + ), + ), + ), + + + dict( + desc='Create %r' % service1, + command=('service_add', [service1], + dict( + force=True, + ), + ), + expected=dict( + value=service1, + summary=u'Added service "%s"' % service1, + result=dict( + dn=service1dn, + krbprincipalname=[service1], + objectclass=objectclasses.service, + ipauniqueid=[fuzzy_uuid], + managedby_host=[fqdn1], + ), + ), + ), + + + dict( + desc='Try to create duplicate %r' % service1, + command=('service_add', [service1], + dict( + force=True, + ), + ), + expected=errors.DuplicateEntry(), + ), + + + dict( + desc='Retrieve %r' % service1, + command=('service_show', [service1], {}), + expected=dict( + value=service1, + summary=None, + result=dict( + dn=service1dn, + krbprincipalname=[service1], + has_keytab=False, + managedby_host=[fqdn1], + ), + ), + ), + + + dict( + desc='Retrieve %r with all=True' % service1, + command=('service_show', [service1], dict(all=True)), + expected=dict( + value=service1, + summary=None, + result=dict( + dn=service1dn, + krbprincipalname=[service1], + objectclass=objectclasses.service, + ipauniqueid=[fuzzy_uuid], + managedby_host=[fqdn1], + has_keytab=False + ), + ), + ), + + + dict( + desc='Search for %r' % service1, + command=('service_find', [service1], {}), + expected=dict( + count=1, + truncated=False, + summary=u'1 service matched', + result=[ + dict( + dn=service1dn, + krbprincipalname=[service1], + managedby_host=[fqdn1], + has_keytab=False, + ), + ], + ), + ), + + + dict( + desc='Search for %r with all=True' % service1, + command=('service_find', [service1], dict(all=True)), + expected=dict( + count=1, + truncated=False, + summary=u'1 service matched', + result=[ + dict( + dn=service1dn, + krbprincipalname=[service1], + objectclass=objectclasses.service, + ipauniqueid=[fuzzy_uuid], + has_keytab=False, + managedby_host=[fqdn1], + ), + ], + ), + ), + + + dict( + desc='Update %r' % service1, + command=('service_mod', [service1], dict(usercertificate='aGVsbG8=')), + expected=dict( + value=service1, + summary=u'Modified service "%s"' % service1, + result=dict( + usercertificate=['hello'], + krbprincipalname=[service1], + managedby_host=[fqdn1], + ), + ), + ), + + + dict( + desc='Retrieve %r to verify update' % service1, + command=('service_show', [service1], {}), + expected=dict( + value=service1, + summary=None, + result=dict( + dn=service1dn, + usercertificate=['hello'], + krbprincipalname=[service1], + has_keytab=False, + managedby_host=[fqdn1], + ), + ), + ), + + + dict( + desc='Delete %r' % service1, + command=('service_del', [service1], {}), + expected=dict( + value=service1, + summary=u'Deleted service "%s"' % service1, + result=True, + ), + ), + + + dict( + desc='Try to retrieve non-existent %r' % service1, + command=('service_show', [service1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to update non-existent %r' % service1, + command=('service_mod', [service1], dict(usercertificate='Nope')), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to delete non-existent %r' % service1, + command=('service_del', [service1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Create service with malformed principal "foo"', + command=('service_add', [u'foo'], {}), + expected=errors.MalformedServicePrincipal(reason='missing service') + ), + + + dict( + desc='Create service with bad realm "HTTP/foo@FOO.NET"', + command=('service_add', [u'HTTP/foo@FOO.NET'], {}), + expected=errors.RealmMismatch(), + ), + + + dict( + desc='Create a host service %r' % hostprincipal1, + command=('service_add', [hostprincipal1], {}), + expected=errors.HostService() + ), + + ] |