diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test_xmlrpc/test_hbac_plugin.py | 27 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_host_plugin.py | 54 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_sudorule_plugin.py | 43 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_user_plugin.py | 132 |
4 files changed, 253 insertions, 3 deletions
diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py index 5ecb9014d..22c9b74e9 100644 --- a/tests/test_xmlrpc/test_hbac_plugin.py +++ b/tests/test_xmlrpc/test_hbac_plugin.py @@ -547,6 +547,23 @@ class test_hbac(XMLRPC_test): accessruletype=u'deny', ) + def test_n_hbacrule_links(self): + """ + Test adding various links to HBAC rule + """ + api.Command['hbacrule_add_sourcehost']( + self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup + ) + api.Command['hbacrule_add_service']( + self.rule_name, hbacsvc=self.test_service + ) + + entry = api.Command['hbacrule_show'](self.rule_name)['result'] + assert_attr_equal(entry, 'cn', self.rule_name) + assert_attr_equal(entry, 'sourcehost_host', self.test_host) + assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup) + assert_attr_equal(entry, 'memberservice_hbacsvc', self.test_service) + def test_y_hbacrule_zap_testing_data(self): """ Clear data for HBAC plugin testing. @@ -561,6 +578,16 @@ class test_hbac(XMLRPC_test): api.Command['hostgroup_del'](self.test_sourcehostgroup) api.Command['hbacsvc_del'](self.test_service) + def test_k_2_sudorule_referential_integrity(self): + """ + Test that links in HBAC rule were removed by referential integrity plugin + """ + entry = api.Command['hbacrule_show'](self.rule_name)['result'] + assert_attr_equal(entry, 'cn', self.rule_name) + assert 'sourcehost_host' not in entry + assert 'sourcehost_hostgroup' not in entry + assert 'memberservice_hbacsvc' not in entry + def test_z_hbacrule_del(self): """ Test deleting a HBAC rule using `xmlrpc.hbacrule_del`. diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py index b3eb3151e..2010af8a3 100644 --- a/tests/test_xmlrpc/test_host_plugin.py +++ b/tests/test_xmlrpc/test_host_plugin.py @@ -783,6 +783,60 @@ class test_host(Declarative): ), ), + + dict( + desc='Add managedby_host %r to %r' % (fqdn3, fqdn4), + command=('host_add_managedby', [fqdn4], dict(host=fqdn3,), + ), + expected=dict( + completed=1, + failed=dict( + managedby = dict( + host=tuple(), + ), + ), + result=dict( + dn=dn4, + fqdn=[fqdn4], + description=[u'Test host 4'], + l=[u'Undisclosed location 4'], + krbprincipalname=[u'host/%s@%s' % (fqdn4, api.env.realm)], + managedby_host=[fqdn4, fqdn3], + ), + ), + ), + + + dict( + desc='Delete %r' % fqdn3, + command=('host_del', [fqdn3], {}), + expected=dict( + value=fqdn3, + summary=u'Deleted host "%s"' % fqdn3, + result=dict(failed=u''), + ), + ), + + + dict( + desc='Retrieve %r to verify that %r is gone from managedBy' % (fqdn4, fqdn3), + command=('host_show', [fqdn4], {}), + expected=dict( + value=fqdn4, + summary=None, + result=dict( + dn=dn4, + fqdn=[fqdn4], + description=[u'Test host 4'], + l=[u'Undisclosed location 4'], + krbprincipalname=[u'host/%s@%s' % (fqdn4, api.env.realm)], + has_keytab=False, + has_password=False, + managedby_host=[fqdn4], + ), + ), + ), + ] class test_host_false_pwd_change(XMLRPC_test): diff --git a/tests/test_xmlrpc/test_sudorule_plugin.py b/tests/test_xmlrpc/test_sudorule_plugin.py index f0e6cd34f..9b44065af 100644 --- a/tests/test_xmlrpc/test_sudorule_plugin.py +++ b/tests/test_xmlrpc/test_sudorule_plugin.py @@ -674,7 +674,7 @@ class test_sudorule(XMLRPC_test): api.Command['sudorule_mod'](self.rule_name, ipasudorunasusercategory=u'') @raises(errors.MutuallyExclusiveError) - def test_j_sudorule_exclusiverunas(self): + def test_j_1_sudorule_exclusiverunas(self): """ Test setting ipasudorunasusercategory='all' in an Sudo rule when there are runas users """ @@ -684,7 +684,32 @@ class test_sudorule(XMLRPC_test): finally: api.Command['sudorule_remove_runasuser'](self.rule_name, user=self.test_command) - def test_k_sudorule_clear_testing_data(self): + def test_j_2_sudorule_referential_integrity(self): + """ + Test adding various links to Sudo rule + """ + api.Command['sudorule_add_user'](self.rule_name, user=self.test_user) + api.Command['sudorule_add_runasuser'](self.rule_name, user=self.test_runasuser, + group=self.test_group) + api.Command['sudorule_add_runasgroup'](self.rule_name, group=self.test_group) + api.Command['sudorule_add_host'](self.rule_name, host=self.test_host) + api.Command['sudorule_add_allow_command'](self.rule_name, + sudocmd=self.test_command) + api.Command['sudorule_add_deny_command'](self.rule_name, + sudocmdgroup=self.test_sudodenycmdgroup) + entry = api.Command['sudorule_show'](self.rule_name)['result'] + assert_attr_equal(entry, 'cn', self.rule_name) + assert_attr_equal(entry, 'memberuser_user', self.test_user) + assert_attr_equal(entry, 'memberallowcmd_sudocmd', self.test_command) + assert_attr_equal(entry, 'memberdenycmd_sudocmdgroup', + self.test_sudodenycmdgroup) + assert_attr_equal(entry, 'memberhost_host', self.test_host) + assert_attr_equal(entry, 'ipasudorunas_user', self.test_runasuser) + assert_attr_equal(entry, 'ipasudorunas_group', self.test_group) + assert_attr_equal(entry, 'ipasudorunasgroup_group', self.test_group) + + + def test_k_1_sudorule_clear_testing_data(self): """ Clear data for Sudo rule plugin testing. """ @@ -697,6 +722,20 @@ class test_sudorule(XMLRPC_test): api.Command['sudocmdgroup_del'](self.test_sudoallowcmdgroup) api.Command['sudocmdgroup_del'](self.test_sudodenycmdgroup) + def test_k_2_sudorule_referential_integrity(self): + """ + Test that links in Sudo rule were removed by referential integrity plugin + """ + entry = api.Command['sudorule_show'](self.rule_name)['result'] + assert_attr_equal(entry, 'cn', self.rule_name) + assert 'memberuser_user' not in entry + assert 'memberallowcmd_sudocmd' not in entry + assert 'memberdenycmd_sudocmdgroup' not in entry + assert 'memberhost_host' not in entry + assert 'ipasudorunas_user' not in entry + assert 'ipasudorunas_group' not in entry + assert 'ipasudorunasgroup_group' not in entry + def test_l_sudorule_order(self): """ Test that order uniqueness is maintained diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py index 15a195590..63a24cd64 100644 --- a/tests/test_xmlrpc/test_user_plugin.py +++ b/tests/test_xmlrpc/test_user_plugin.py @@ -64,7 +64,7 @@ def not_upg_check(response): class test_user(Declarative): cleanup_commands = [ - ('user_del', [user1, user2, renameduser1, admin2], {}), + ('user_del', [user1, user2, renameduser1, admin2], {'continue': True}), ('group_del', [group1], {}), ] @@ -1369,6 +1369,136 @@ class test_user(Declarative): ), dict( + desc='Set %r as manager of %r' % (user1, user2), + command=( + 'user_mod', [user2], dict(manager=user1) + ), + expected=dict( + result=dict( + givenname=[u'Test'], + homedirectory=[u'/home/tuser2'], + loginshell=[u'/bin/sh'], + sn=[u'User2'], + uid=[user2], + uidnumber=[fuzzy_digits], + gidnumber=[fuzzy_digits], + memberof_group=[group1], + mail=[u'%s@%s' % (user2, api.env.domain)], + nsaccountlock=False, + has_keytab=False, + has_password=False, + manager=[user1], + ), + summary=u'Modified user "%s"' % user2, + value=user2, + ), + ), + + dict( + desc='Rename "%s"' % user1, + command=('user_mod', [user1], dict(rename=renameduser1)), + expected=dict( + result=dict( + givenname=[u'Test'], + homedirectory=[u'/home/tuser1'], + loginshell=[u'/bin/sh'], + sn=[u'User1'], + uid=[renameduser1], + uidnumber=[fuzzy_digits], + gidnumber=[fuzzy_digits], + mail=[u'%s@%s' % (user1, api.env.domain)], + memberof_group=[group1], + nsaccountlock=False, + has_keytab=False, + has_password=False, + ), + summary=u'Modified user "%s"' % user1, + value=user1, + ), + ), + + dict( + desc='Retrieve %r and check that manager is renamed' % user2, + command=( + 'user_show', [user2], {'all': True} + ), + expected=dict( + result=dict( + gecos=[u'Test User2'], + givenname=[u'Test'], + homedirectory=[u'/home/tuser2'], + krbprincipalname=[u'tuser2@' + api.env.realm], + loginshell=[u'/bin/sh'], + objectclass=objectclasses.user_base, + sn=[u'User2'], + uid=[user2], + uidnumber=[fuzzy_digits], + gidnumber=[u'1000'], + displayname=[u'Test User2'], + cn=[u'Test User2'], + mail=[u'%s@%s' % (user2, api.env.domain)], + initials=[u'TU'], + ipauniqueid=[fuzzy_uuid], + krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), + ('cn','kerberos'),api.env.basedn)], + memberof_group=[group1], + nsaccountlock=False, + has_keytab=False, + has_password=False, + dn=get_user_dn(user2), + manager=[renameduser1], + ), + value=user2, + summary=None, + ), + ), + + dict( + desc='Delete %r' % renameduser1, + command=('user_del', [renameduser1], {}), + expected=dict( + result=dict(failed=u''), + summary=u'Deleted user "%s"' % renameduser1, + value=renameduser1, + ), + ), + + dict( + desc='Retrieve %r and check that manager is gone' % user2, + command=( + 'user_show', [user2], {'all': True} + ), + expected=dict( + result=dict( + gecos=[u'Test User2'], + givenname=[u'Test'], + homedirectory=[u'/home/tuser2'], + krbprincipalname=[u'tuser2@' + api.env.realm], + loginshell=[u'/bin/sh'], + objectclass=objectclasses.user_base, + sn=[u'User2'], + uid=[user2], + uidnumber=[fuzzy_digits], + gidnumber=[u'1000'], + displayname=[u'Test User2'], + cn=[u'Test User2'], + mail=[u'%s@%s' % (user2, api.env.domain)], + initials=[u'TU'], + ipauniqueid=[fuzzy_uuid], + krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), + ('cn','kerberos'),api.env.basedn)], + memberof_group=[group1], + nsaccountlock=False, + has_keytab=False, + has_password=False, + dn=get_user_dn(user2), + ), + value=user2, + summary=None, + ), + ), + + dict( desc='Reset default user group', command=( 'config_mod', [], dict(ipadefaultprimarygroup=u'ipausers'), |