diff options
| author | Ana Krivokapic <akrivoka@redhat.com> | 2013-04-12 17:38:09 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2013-04-12 14:07:55 -0400 |
| commit | b8b573a966f4be268031ccca5abce09767928ff7 (patch) | |
| tree | 8f0e2b55e7ff18c4ba4274153fbc3ac8d80e42f1 /tests | |
| parent | d03255571c9d4c81d92c692fd0b6db6539856cf8 (diff) | |
| download | freeipa-b8b573a966f4be268031ccca5abce09767928ff7.tar.gz freeipa-b8b573a966f4be268031ccca5abce09767928ff7.tar.xz freeipa-b8b573a966f4be268031ccca5abce09767928ff7.zip | |
Deprecate HBAC source hosts from CLI
Hide the commands and options listed below from the CLI,
but keep them in the API. When called directly from the API,
raise appropriate exceptions informing the user that the
functionality has been deprecated.
Affected commands: hbacrule_add_sourcehost, hbacrule_remove_sourcehost.
Affected options: sourcehostcategory, sourcehost_host and
sourcehost_hostgroup (hbacrule); sourcehost (hbactest).
https://fedorahosted.org/freeipa/ticket/3528
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_xmlrpc/test_hbac_plugin.py | 131 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_hbactest_plugin.py | 80 |
2 files changed, 25 insertions, 186 deletions
diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py index 22c9b74e9..c0f8b5307 100644 --- a/tests/test_xmlrpc/test_hbac_plugin.py +++ b/tests/test_xmlrpc/test_hbac_plugin.py @@ -45,8 +45,6 @@ class test_hbac(XMLRPC_test): test_group = u'hbacrule_test_group' test_host = u'hbacrule.testnetgroup' test_hostgroup = u'hbacrule_test_hostgroup' - test_sourcehost = u'hbacrule.testsrchost' - test_sourcehostgroup = u'hbacrule_test_src_hostgroup' test_service = u'sshd' test_host_external = u'notfound.example.com' @@ -150,12 +148,6 @@ class test_hbac(XMLRPC_test): self.failsafe_add(api.Object.hostgroup, self.test_hostgroup, description=u'description' ) - self.failsafe_add(api.Object.host, - self.test_sourcehost, force=True - ) - self.failsafe_add(api.Object.hostgroup, - self.test_sourcehostgroup, description=u'desc' - ) self.failsafe_add(api.Object.hbacsvc, self.test_service, description=u'desc', ) @@ -268,34 +260,14 @@ class test_hbac(XMLRPC_test): assert 'memberhost_host' not in entry assert 'memberhost_hostgroup' not in entry - def test_a_hbacrule_add_sourcehost(self): + @raises(errors.DeprecationError) + def test_a_hbacrule_add_sourcehost_deprecated(self): """ - Test adding source host and hostgroup to HBAC rule using `xmlrpc.hbacrule_add_host`. + Test deprecated command hbacrule_add_sourcehost. """ ret = api.Command['hbacrule_add_sourcehost']( self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup ) - assert ret['completed'] == 2 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert_attr_equal(entry, 'sourcehost_host', self.test_host) - assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup) - - def test_a_hbacrule_add_invalid_sourcehost(self): - """ - Test adding invalid source host to HBAC rule using `xmlrpc.hbacrule_add_host`. - """ - try: - api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_invalid_sourcehost, hostgroup=self.test_hostgroup - ) - except errors.ValidationError: - pass def test_a_hbacrule_add_service(self): """ @@ -327,55 +299,14 @@ class test_hbac(XMLRPC_test): entry = ret['result'] assert 'memberservice service' not in entry - def test_b_hbacrule_remove_sourcehost(self): + @raises(errors.DeprecationError) + def test_b_hbacrule_remove_sourcehost_deprecated(self): """ - Test removing source host and hostgroup from HBAC rule using `xmlrpc.hbacrule_remove_host`. + Test deprecated command hbacrule_remove_sourcehost. """ ret = api.Command['hbacrule_remove_sourcehost']( self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup ) - assert ret['completed'] == 2 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert 'sourcehost host' not in entry - assert 'sourcehost hostgroup' not in entry - - def test_c_hbacrule_add_external_host(self): - """ - Test adding an external host using `xmlrpc.hbacrule_add_host`. - """ - ret = api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 1 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert_attr_equal(entry, 'externalhost', self.test_host_external) - - def test_c_hbacrule_add_same_external(self): - """ - Test adding the same external host using `xmlrpc.hbacrule_add_host`. - """ - ret = api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 0 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert (self.test_host_external, unicode(errors.AlreadyGroupMember())) in failed['sourcehost']['host'] - entry = ret['result'] - assert_attr_equal(entry, 'externalhost', self.test_host_external) @raises(errors.ValidationError) def test_c_hbacrule_mod_invalid_external_setattr(self): @@ -386,40 +317,6 @@ class test_hbac(XMLRPC_test): self.rule_name, setattr=self.test_invalid_sourcehost ) - def test_c_hbacrule_remove_external_host(self): - """ - Test removing external source host using `xmlrpc.hbacrule_remove_host`. - """ - ret = api.Command['hbacrule_remove_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 1 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert 'sourcehost host' not in entry - assert 'sourcehost hostgroup' not in entry - - def test_c_hbacrule_remove_nonexist_external(self): - """ - Test removing non-existent external source host using `xmlrpc.hbacrule_remove_host`. - """ - ret = api.Command['hbacrule_remove_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 0 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert (self.test_host_external, unicode(errors.NotGroupMember())) in failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - def test_d_hbacrule_disable(self): """ Test disabling HBAC rule using `xmlrpc.hbacrule_disable`. @@ -551,17 +448,12 @@ class test_hbac(XMLRPC_test): """ Test adding various links to HBAC rule """ - api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup - ) api.Command['hbacrule_add_service']( self.rule_name, hbacsvc=self.test_service ) entry = api.Command['hbacrule_show'](self.rule_name)['result'] assert_attr_equal(entry, 'cn', self.rule_name) - assert_attr_equal(entry, 'sourcehost_host', self.test_host) - assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup) assert_attr_equal(entry, 'memberservice_hbacsvc', self.test_service) def test_y_hbacrule_zap_testing_data(self): @@ -574,8 +466,6 @@ class test_hbac(XMLRPC_test): api.Command['group_del'](self.test_group) api.Command['host_del'](self.test_host) api.Command['hostgroup_del'](self.test_hostgroup) - api.Command['host_del'](self.test_sourcehost) - api.Command['hostgroup_del'](self.test_sourcehostgroup) api.Command['hbacsvc_del'](self.test_service) def test_k_2_sudorule_referential_integrity(self): @@ -596,3 +486,12 @@ class test_hbac(XMLRPC_test): # verify that it's gone with assert_raises(errors.NotFound): api.Command['hbacrule_show'](self.rule_name) + + @raises(errors.ValidationError) + def test_zz_hbacrule_add_with_deprecated_option(self): + """ + Test using a deprecated command option 'sourcehostcategory' with 'hbacrule_add'. + """ + api.Command['hbacrule_add']( + self.rule_name, sourcehostcategory=u'all' + ) diff --git a/tests/test_xmlrpc/test_hbactest_plugin.py b/tests/test_xmlrpc/test_hbactest_plugin.py index bc12e8974..520f20247 100644 --- a/tests/test_xmlrpc/test_hbactest_plugin.py +++ b/tests/test_xmlrpc/test_hbactest_plugin.py @@ -25,6 +25,7 @@ from xmlrpc_test import XMLRPC_test, assert_attr_equal from ipalib import api from ipalib import errors from types import NoneType +from nose.tools import raises # Test strategy: # 1. Create few allow rules: with user categories, with explicit users, with user groups, with groups, with services @@ -95,10 +96,6 @@ class test_hbactest(XMLRPC_test): self.rule_names[i], host=self.test_host, hostgroup=self.test_hostgroup ) - ret = api.Command['hbacrule_add_sourcehost']( - self.rule_names[i], host=self.test_sourcehost, hostgroup=self.test_sourcehostgroup - ) - ret = api.Command['hbacrule_add_service']( self.rule_names[i], hbacsvc=self.test_service ) @@ -112,20 +109,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, - targethost=self.test_host, - service=self.test_service, - rules=self.rule_names - ) - assert ret['value'] == True - assert type(ret['error']) == NoneType - for i in [0,1,2,3]: - assert self.rule_names[i] in ret['matched'] - assert self.rule_names[i] in ret['warning'][i] - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, targethost=self.test_host, service=self.test_service, rules=self.rule_names @@ -141,21 +124,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, - targethost=self.test_host, - service=self.test_service, - rules=self.rule_names, - nodetail=True - ) - assert ret['value'] == True - assert ret['error'] == None - assert ret['matched'] == None - assert ret['notmatched'] == None - assert ret['warning'] == None - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, targethost=self.test_host, service=self.test_service, rules=self.rule_names, @@ -172,7 +140,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, targethost=self.test_host, service=self.test_service, enabled=True @@ -182,17 +149,6 @@ class test_hbactest(XMLRPC_test): # Thus, check that our two enabled rules are in matched, nothing more for i in [0,2]: assert self.rule_names[i] in ret['matched'] - assert self.check_rule_presence(self.rule_names[i], ret['warning']) - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, - targethost=self.test_host, - service=self.test_service, - enabled=True - ) - for i in [0,2]: - assert self.rule_names[i] in ret['matched'] def test_d_hbactest_check_rules_disabled_detail(self): """ @@ -200,7 +156,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, targethost=self.test_host, service=self.test_service, disabled=True @@ -210,17 +165,6 @@ class test_hbactest(XMLRPC_test): # Thus, check that our two disabled rules are in matched, nothing more for i in [1,3]: assert self.rule_names[i] in ret['matched'] - assert self.check_rule_presence(self.rule_names[i], ret['warning']) - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, - targethost=self.test_host, - service=self.test_service, - disabled=True - ) - for i in [1,3]: - assert self.rule_names[i] in ret['matched'] def test_e_hbactest_check_non_existing_rule_detail(self): """ @@ -228,7 +172,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, targethost=self.test_host, service=self.test_service, rules=[u'%s_1x1' % (rule) for rule in self.rule_names], @@ -241,30 +184,27 @@ class test_hbactest(XMLRPC_test): for rule in self.rule_names: assert u'%s_1x1' % (rule) in ret['error'] - # same test without sourcehost value - ret = api.Command['hbactest']( + @raises(errors.ValidationError) + def test_f_hbactest_check_sourcehost_option_is_deprecated(self): + """ + Test running 'ipa hbactest' with --srchost option raises ValidationError + """ + api.Command['hbactest']( user=self.test_user, targethost=self.test_host, + sourcehost=self.test_sourcehost, service=self.test_service, - rules=[u'%s_1x1' % (rule) for rule in self.rule_names], + rules=[u'%s_1x1' % rule for rule in self.rule_names], nodetail=True ) - assert ret['value'] == False - assert ret['matched'] == None - assert ret['notmatched'] == None - for rule in self.rule_names: - assert u'%s_1x1' % (rule) in ret['error'] - - def test_f_hbactest_clear_testing_data(self): + def test_g_hbactest_clear_testing_data(self): """ Clear data for HBAC test plugin testing. """ for i in [0,1,2,3]: api.Command['hbacrule_remove_host'](self.rule_names[i], host=self.test_host) api.Command['hbacrule_remove_host'](self.rule_names[i], hostgroup=self.test_hostgroup) - api.Command['hbacrule_remove_sourcehost'](self.rule_names[i], host=self.test_sourcehost) - api.Command['hbacrule_remove_sourcehost'](self.rule_names[i], hostgroup=self.test_sourcehostgroup) api.Command['hbacrule_del'](self.rule_names[i]) api.Command['user_del'](self.test_user) |