summaryrefslogtreecommitdiffstats
path: root/tests/test_xmlrpc
diff options
context:
space:
mode:
Diffstat (limited to 'tests/test_xmlrpc')
-rw-r--r--tests/test_xmlrpc/test_hbac_plugin.py27
-rw-r--r--tests/test_xmlrpc/test_host_plugin.py54
-rw-r--r--tests/test_xmlrpc/test_sudorule_plugin.py43
-rw-r--r--tests/test_xmlrpc/test_user_plugin.py132
4 files changed, 253 insertions, 3 deletions
diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py
index 5ecb9014d..22c9b74e9 100644
--- a/tests/test_xmlrpc/test_hbac_plugin.py
+++ b/tests/test_xmlrpc/test_hbac_plugin.py
@@ -547,6 +547,23 @@ class test_hbac(XMLRPC_test):
accessruletype=u'deny',
)
+ def test_n_hbacrule_links(self):
+ """
+ Test adding various links to HBAC rule
+ """
+ api.Command['hbacrule_add_sourcehost'](
+ self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
+ )
+ api.Command['hbacrule_add_service'](
+ self.rule_name, hbacsvc=self.test_service
+ )
+
+ entry = api.Command['hbacrule_show'](self.rule_name)['result']
+ assert_attr_equal(entry, 'cn', self.rule_name)
+ assert_attr_equal(entry, 'sourcehost_host', self.test_host)
+ assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup)
+ assert_attr_equal(entry, 'memberservice_hbacsvc', self.test_service)
+
def test_y_hbacrule_zap_testing_data(self):
"""
Clear data for HBAC plugin testing.
@@ -561,6 +578,16 @@ class test_hbac(XMLRPC_test):
api.Command['hostgroup_del'](self.test_sourcehostgroup)
api.Command['hbacsvc_del'](self.test_service)
+ def test_k_2_sudorule_referential_integrity(self):
+ """
+ Test that links in HBAC rule were removed by referential integrity plugin
+ """
+ entry = api.Command['hbacrule_show'](self.rule_name)['result']
+ assert_attr_equal(entry, 'cn', self.rule_name)
+ assert 'sourcehost_host' not in entry
+ assert 'sourcehost_hostgroup' not in entry
+ assert 'memberservice_hbacsvc' not in entry
+
def test_z_hbacrule_del(self):
"""
Test deleting a HBAC rule using `xmlrpc.hbacrule_del`.
diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py
index b3eb3151e..2010af8a3 100644
--- a/tests/test_xmlrpc/test_host_plugin.py
+++ b/tests/test_xmlrpc/test_host_plugin.py
@@ -783,6 +783,60 @@ class test_host(Declarative):
),
),
+
+ dict(
+ desc='Add managedby_host %r to %r' % (fqdn3, fqdn4),
+ command=('host_add_managedby', [fqdn4], dict(host=fqdn3,),
+ ),
+ expected=dict(
+ completed=1,
+ failed=dict(
+ managedby = dict(
+ host=tuple(),
+ ),
+ ),
+ result=dict(
+ dn=dn4,
+ fqdn=[fqdn4],
+ description=[u'Test host 4'],
+ l=[u'Undisclosed location 4'],
+ krbprincipalname=[u'host/%s@%s' % (fqdn4, api.env.realm)],
+ managedby_host=[fqdn4, fqdn3],
+ ),
+ ),
+ ),
+
+
+ dict(
+ desc='Delete %r' % fqdn3,
+ command=('host_del', [fqdn3], {}),
+ expected=dict(
+ value=fqdn3,
+ summary=u'Deleted host "%s"' % fqdn3,
+ result=dict(failed=u''),
+ ),
+ ),
+
+
+ dict(
+ desc='Retrieve %r to verify that %r is gone from managedBy' % (fqdn4, fqdn3),
+ command=('host_show', [fqdn4], {}),
+ expected=dict(
+ value=fqdn4,
+ summary=None,
+ result=dict(
+ dn=dn4,
+ fqdn=[fqdn4],
+ description=[u'Test host 4'],
+ l=[u'Undisclosed location 4'],
+ krbprincipalname=[u'host/%s@%s' % (fqdn4, api.env.realm)],
+ has_keytab=False,
+ has_password=False,
+ managedby_host=[fqdn4],
+ ),
+ ),
+ ),
+
]
class test_host_false_pwd_change(XMLRPC_test):
diff --git a/tests/test_xmlrpc/test_sudorule_plugin.py b/tests/test_xmlrpc/test_sudorule_plugin.py
index f0e6cd34f..9b44065af 100644
--- a/tests/test_xmlrpc/test_sudorule_plugin.py
+++ b/tests/test_xmlrpc/test_sudorule_plugin.py
@@ -674,7 +674,7 @@ class test_sudorule(XMLRPC_test):
api.Command['sudorule_mod'](self.rule_name, ipasudorunasusercategory=u'')
@raises(errors.MutuallyExclusiveError)
- def test_j_sudorule_exclusiverunas(self):
+ def test_j_1_sudorule_exclusiverunas(self):
"""
Test setting ipasudorunasusercategory='all' in an Sudo rule when there are runas users
"""
@@ -684,7 +684,32 @@ class test_sudorule(XMLRPC_test):
finally:
api.Command['sudorule_remove_runasuser'](self.rule_name, user=self.test_command)
- def test_k_sudorule_clear_testing_data(self):
+ def test_j_2_sudorule_referential_integrity(self):
+ """
+ Test adding various links to Sudo rule
+ """
+ api.Command['sudorule_add_user'](self.rule_name, user=self.test_user)
+ api.Command['sudorule_add_runasuser'](self.rule_name, user=self.test_runasuser,
+ group=self.test_group)
+ api.Command['sudorule_add_runasgroup'](self.rule_name, group=self.test_group)
+ api.Command['sudorule_add_host'](self.rule_name, host=self.test_host)
+ api.Command['sudorule_add_allow_command'](self.rule_name,
+ sudocmd=self.test_command)
+ api.Command['sudorule_add_deny_command'](self.rule_name,
+ sudocmdgroup=self.test_sudodenycmdgroup)
+ entry = api.Command['sudorule_show'](self.rule_name)['result']
+ assert_attr_equal(entry, 'cn', self.rule_name)
+ assert_attr_equal(entry, 'memberuser_user', self.test_user)
+ assert_attr_equal(entry, 'memberallowcmd_sudocmd', self.test_command)
+ assert_attr_equal(entry, 'memberdenycmd_sudocmdgroup',
+ self.test_sudodenycmdgroup)
+ assert_attr_equal(entry, 'memberhost_host', self.test_host)
+ assert_attr_equal(entry, 'ipasudorunas_user', self.test_runasuser)
+ assert_attr_equal(entry, 'ipasudorunas_group', self.test_group)
+ assert_attr_equal(entry, 'ipasudorunasgroup_group', self.test_group)
+
+
+ def test_k_1_sudorule_clear_testing_data(self):
"""
Clear data for Sudo rule plugin testing.
"""
@@ -697,6 +722,20 @@ class test_sudorule(XMLRPC_test):
api.Command['sudocmdgroup_del'](self.test_sudoallowcmdgroup)
api.Command['sudocmdgroup_del'](self.test_sudodenycmdgroup)
+ def test_k_2_sudorule_referential_integrity(self):
+ """
+ Test that links in Sudo rule were removed by referential integrity plugin
+ """
+ entry = api.Command['sudorule_show'](self.rule_name)['result']
+ assert_attr_equal(entry, 'cn', self.rule_name)
+ assert 'memberuser_user' not in entry
+ assert 'memberallowcmd_sudocmd' not in entry
+ assert 'memberdenycmd_sudocmdgroup' not in entry
+ assert 'memberhost_host' not in entry
+ assert 'ipasudorunas_user' not in entry
+ assert 'ipasudorunas_group' not in entry
+ assert 'ipasudorunasgroup_group' not in entry
+
def test_l_sudorule_order(self):
"""
Test that order uniqueness is maintained
diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py
index 15a195590..63a24cd64 100644
--- a/tests/test_xmlrpc/test_user_plugin.py
+++ b/tests/test_xmlrpc/test_user_plugin.py
@@ -64,7 +64,7 @@ def not_upg_check(response):
class test_user(Declarative):
cleanup_commands = [
- ('user_del', [user1, user2, renameduser1, admin2], {}),
+ ('user_del', [user1, user2, renameduser1, admin2], {'continue': True}),
('group_del', [group1], {}),
]
@@ -1369,6 +1369,136 @@ class test_user(Declarative):
),
dict(
+ desc='Set %r as manager of %r' % (user1, user2),
+ command=(
+ 'user_mod', [user2], dict(manager=user1)
+ ),
+ expected=dict(
+ result=dict(
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser2'],
+ loginshell=[u'/bin/sh'],
+ sn=[u'User2'],
+ uid=[user2],
+ uidnumber=[fuzzy_digits],
+ gidnumber=[fuzzy_digits],
+ memberof_group=[group1],
+ mail=[u'%s@%s' % (user2, api.env.domain)],
+ nsaccountlock=False,
+ has_keytab=False,
+ has_password=False,
+ manager=[user1],
+ ),
+ summary=u'Modified user "%s"' % user2,
+ value=user2,
+ ),
+ ),
+
+ dict(
+ desc='Rename "%s"' % user1,
+ command=('user_mod', [user1], dict(rename=renameduser1)),
+ expected=dict(
+ result=dict(
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser1'],
+ loginshell=[u'/bin/sh'],
+ sn=[u'User1'],
+ uid=[renameduser1],
+ uidnumber=[fuzzy_digits],
+ gidnumber=[fuzzy_digits],
+ mail=[u'%s@%s' % (user1, api.env.domain)],
+ memberof_group=[group1],
+ nsaccountlock=False,
+ has_keytab=False,
+ has_password=False,
+ ),
+ summary=u'Modified user "%s"' % user1,
+ value=user1,
+ ),
+ ),
+
+ dict(
+ desc='Retrieve %r and check that manager is renamed' % user2,
+ command=(
+ 'user_show', [user2], {'all': True}
+ ),
+ expected=dict(
+ result=dict(
+ gecos=[u'Test User2'],
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser2'],
+ krbprincipalname=[u'tuser2@' + api.env.realm],
+ loginshell=[u'/bin/sh'],
+ objectclass=objectclasses.user_base,
+ sn=[u'User2'],
+ uid=[user2],
+ uidnumber=[fuzzy_digits],
+ gidnumber=[u'1000'],
+ displayname=[u'Test User2'],
+ cn=[u'Test User2'],
+ mail=[u'%s@%s' % (user2, api.env.domain)],
+ initials=[u'TU'],
+ ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm),
+ ('cn','kerberos'),api.env.basedn)],
+ memberof_group=[group1],
+ nsaccountlock=False,
+ has_keytab=False,
+ has_password=False,
+ dn=get_user_dn(user2),
+ manager=[renameduser1],
+ ),
+ value=user2,
+ summary=None,
+ ),
+ ),
+
+ dict(
+ desc='Delete %r' % renameduser1,
+ command=('user_del', [renameduser1], {}),
+ expected=dict(
+ result=dict(failed=u''),
+ summary=u'Deleted user "%s"' % renameduser1,
+ value=renameduser1,
+ ),
+ ),
+
+ dict(
+ desc='Retrieve %r and check that manager is gone' % user2,
+ command=(
+ 'user_show', [user2], {'all': True}
+ ),
+ expected=dict(
+ result=dict(
+ gecos=[u'Test User2'],
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser2'],
+ krbprincipalname=[u'tuser2@' + api.env.realm],
+ loginshell=[u'/bin/sh'],
+ objectclass=objectclasses.user_base,
+ sn=[u'User2'],
+ uid=[user2],
+ uidnumber=[fuzzy_digits],
+ gidnumber=[u'1000'],
+ displayname=[u'Test User2'],
+ cn=[u'Test User2'],
+ mail=[u'%s@%s' % (user2, api.env.domain)],
+ initials=[u'TU'],
+ ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm),
+ ('cn','kerberos'),api.env.basedn)],
+ memberof_group=[group1],
+ nsaccountlock=False,
+ has_keytab=False,
+ has_password=False,
+ dn=get_user_dn(user2),
+ ),
+ value=user2,
+ summary=None,
+ ),
+ ),
+
+ dict(
desc='Reset default user group',
command=(
'config_mod', [], dict(ipadefaultprimarygroup=u'ipausers'),
generated by cgit (git 2.34.1) at 2024-06-21 00:58:36 +0000