From 95deccd7a8b1f2129f6987a5a3a9e6ed57168442 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Mon, 4 Aug 2014 14:26:43 +0200 Subject: ipatests: Add xmlrpc tests for idviews plugin --- ipatests/test_xmlrpc/objectclasses.py | 18 + ipatests/test_xmlrpc/test_idviews_plugin.py | 1327 +++++++++++++++++++++++++++ 2 files changed, 1345 insertions(+) create mode 100644 ipatests/test_xmlrpc/test_idviews_plugin.py diff --git a/ipatests/test_xmlrpc/objectclasses.py b/ipatests/test_xmlrpc/objectclasses.py index 53e7ac176..2e13e60ae 100644 --- a/ipatests/test_xmlrpc/objectclasses.py +++ b/ipatests/test_xmlrpc/objectclasses.py @@ -181,3 +181,21 @@ pwpolicy = [ u'nscontainer', u'top', ] + +idview = [ + u'ipaIDView', + u'nsContainer', + u'top' +] + +idoverrideuser = [ + u'ipaOverrideAnchor', + u'top', + u'ipaUserOverride', +] + +idoverridegroup = [ + u'ipaOverrideAnchor', + u'top', + u'ipaGroupOverride', +] diff --git a/ipatests/test_xmlrpc/test_idviews_plugin.py b/ipatests/test_xmlrpc/test_idviews_plugin.py new file mode 100644 index 000000000..fec1ae8f4 --- /dev/null +++ b/ipatests/test_xmlrpc/test_idviews_plugin.py @@ -0,0 +1,1327 @@ +# Authors: +# Tomas Babej +# +# Copyright (C) 2014 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +""" +Test the `ipalib.plugins.idviews` module. +""" + +from ipalib import api, errors +from ipatests.test_xmlrpc import objectclasses +from ipatests.test_xmlrpc.xmlrpc_test import (Declarative, uuid_re, add_oc, + fuzzy_uuid, fuzzy_digits) +from ipatests.test_xmlrpc.test_user_plugin import get_user_result +from ipatests.test_xmlrpc.test_group_plugin import get_group_dn +from ipatests.util import Fuzzy +from ipapython.dn import DN + + +idview1 = u'idview1' +idview2 = u'idview2' + +host1 = u'host1.test' +host2 = u'host2.test' +host3 = u'host3.test' + +hostgroup1 = u'hostgroup1' +hostgroup2 = u'hostgroup2' + +idoverrideuser1 = u'testuser' +idoverridegroup1 = u'testgroup' + +nonexistentuser = u'nonexistentuser' +nonexistentgroup = u'nonexistentgroup' + +host1 = u'testhost1' +host2 = u'testhost2' +host3 = u'testhost3' + + +# Test helpers +def get_idview_dn(name): + return u"cn={name},cn=views,cn=accounts,{suffix}".format( + name=name, + suffix=api.env.basedn, + ) + + +def get_idoverride_dn(view, anchor): + return Fuzzy(u"ipaanchoruuid=:IPA:{domain}:{uuid}," + "cn={view}," + "cn=views,cn=accounts,{suffix}" + .format(uuid=uuid_re, + domain=api.env.domain, + view=view, + suffix=api.env.basedn, + )) + + +def get_fqdn(host): + return u'{short}.{domain}'.format(short=host, domain=api.env.domain) + + +def get_host_principal(host): + return u'host/%s@%s' % (get_fqdn(host), api.env.realm) + + +def get_host_dn(host): + return DN(('fqdn', get_fqdn(host)), + ('cn', 'computers'), + ('cn', 'accounts'), + api.env.basedn) + + +def get_hostgroup_dn(hostgroup): + return DN(('cn', hostgroup), + ('cn', 'hostgroups'), + ('cn', 'accounts'), + api.env.basedn) + + +def get_hostgroup_netgroup_dn(hostgroup): + return DN(('cn', hostgroup), + ('cn', 'ng'), + ('cn', 'alt'), + api.env.basedn) + + +class test_idviews(Declarative): + + cleanup_commands = [ + ('idview_del', [idview1, idview2], {'continue': True}), + ('host_del', [host1, host2, host3], {'continue': True}), + ('hostgroup_del', [hostgroup1, hostgroup2], {'continue': True}), + ('idoverride_del', [idview1, idoverrideuser1, idoverridegroup1], + {'continue': True}), + ('user_del', [idoverrideuser1], {'continue': True}), + ('group_del', [idoverridegroup1], {'continue': True}), + ] + + tests = [ + + # ID view object management + + dict( + desc='Try to retrieve non-existent ID view "%s"' % idview1, + command=('idview_show', [idview1], {}), + expected=errors.NotFound( + reason=u'%s: ID view not found' % idview1 + ), + ), + + dict( + desc='Try to update non-existent ID view "%s"' % idview1, + command=('idview_mod', [idview1], dict(description=u'description')), + expected=errors.NotFound( + reason=u'%s: ID view not found' % idview1 + ), + ), + + dict( + desc='Try to delete non-existent ID view "%s"' % idview1, + command=('idview_del', [idview1], {}), + expected=errors.NotFound( + reason=u'%s: ID view not found' % idview1 + ), + ), + + dict( + desc='Try to rename non-existent ID view "%s"' % idview1, + command=('idview_mod', [idview1], dict(setattr=u'cn=renamedview')), + expected=errors.NotFound( + reason=u'%s: ID view not found' % idview1 + ), + ), + + dict( + desc='Create ID view "%s"' % idview1, + command=( + 'idview_add', + [idview1], + {} + ), + expected=dict( + value=idview1, + summary=u'Added ID view "%s"' % idview1, + result=dict( + dn=get_idview_dn(idview1), + objectclass=objectclasses.idview, + cn=[idview1] + ) + ), + ), + + dict( + desc='Try to create duplicate ID view "%s"' % idview1, + command=( + 'idview_add', + [idview1], + {} + ), + expected=errors.DuplicateEntry( + message=u'ID view with name "%s" already exists' % idview1 + ), + ), + + # Create some users and groups for id override object management tests + + dict( + desc='Create "%s"' % idoverrideuser1, + command=( + 'user_add', + [idoverrideuser1], + dict( + givenname=u'Test', + sn=u'User1', + ) + ), + expected=dict( + value=idoverrideuser1, + summary=u'Added user "%s"' % idoverrideuser1, + result=get_user_result( + idoverrideuser1, + u'Test', + u'User1', + 'add', + objectclass=add_oc( + objectclasses.user, + u'ipantuserattrs' + ) + ), + ), + ), + + dict( + desc='Create group %r' % idoverridegroup1, + command=( + 'group_add', + [idoverridegroup1], + dict(description=u'Test desc 1') + ), + expected=dict( + value=idoverridegroup1, + summary=u'Added group "%s"' % idoverridegroup1, + result=dict( + cn=[idoverridegroup1], + description=[u'Test desc 1'], + objectclass=objectclasses.posixgroup, + ipauniqueid=[fuzzy_uuid], + gidnumber=[fuzzy_digits], + dn=get_group_dn(idoverridegroup1), + ), + ), + ), + + # ID override object management negative tests for nonexisting objects + + dict( + desc='Try to retrieve non-existent User ID override ' + 'for non-existent object "%s"' % nonexistentuser, + command=('idoverrideuser_show', [idview1, nonexistentuser], {}), + expected=errors.NotFound( + reason="'%s' user could not be found" % nonexistentuser + ), + ), + + dict( + desc='Try to update non-existent User ID override ' + 'for non-existent object "%s"' % nonexistentuser, + command=('idoverrideuser_mod', + [idview1, nonexistentuser], + dict(uid=u'randomuser')), + expected=errors.NotFound( + reason="'%s' user could not be found" % nonexistentuser + ), + ), + + dict( + desc='Try to delete non-existent User ID override ' + 'for non-existent object "%s"' % nonexistentuser, + command=('idoverrideuser_del', + [idview1, nonexistentuser], + {}), + expected=errors.NotFound( + reason="'%s' user could not be found" % nonexistentuser + ), + ), + + dict( + desc='Try to rename non-existent User ID override ' + 'for non-existent object "%s"' % nonexistentuser, + command=('idoverrideuser_mod', + [idview1, nonexistentuser], + dict(setattr=u'ipaanchoruuid=:IPA:dom:renamedoverride')), + expected=errors.NotFound( + reason="'%s' user could not be found" % nonexistentuser + ), + ), + + dict( + desc='Try to retrieve non-existent Group ID override ' + 'for non-existent object "%s"' % nonexistentgroup, + command=('idoverridegroup_show', [idview1, nonexistentgroup], {}), + expected=errors.NotFound( + reason="'%s' group could not be found" % nonexistentgroup + ), + ), + + dict( + desc='Try to update non-existent Group ID override ' + 'for non-existent object "%s"' % nonexistentgroup, + command=('idoverridegroup_mod', + [idview1, nonexistentgroup], + dict(cn=u'randomnewname')), + expected=errors.NotFound( + reason="'%s' group could not be found" % nonexistentgroup + ), + ), + + dict( + desc='Try to delete non-existent Gruop ID override ' + 'for non-existent object "%s"' % nonexistentgroup, + command=('idoverridegroup_del', + [idview1, nonexistentgroup], + {}), + expected=errors.NotFound( + reason="'%s' group could not be found" % nonexistentgroup + ), + ), + + dict( + desc='Try to rename non-existent Group ID override ' + 'for non-existent object "%s"' % nonexistentgroup, + command=('idoverridegroup_mod', + [idview1, nonexistentgroup], + dict(setattr=u'ipaanchoruuid=:IPA:dom:renamedoverride')), + expected=errors.NotFound( + reason="'%s' group could not be found" % nonexistentgroup + ), + ), + + + # ID override object management for existing objects + + dict( + desc='Try to retrieve non-existent User ID override "%s"' + % idoverrideuser1, + command=('idoverrideuser_show', [idview1, idoverrideuser1], {}), + expected=errors.NotFound( + reason=u'%s: User ID override not found' % idoverrideuser1 + ), + ), + + dict( + desc='Try to update non-existent User ID override "%s"' + % idoverrideuser1, + command=('idoverrideuser_mod', + [idview1, idoverrideuser1], + dict(uid=u'randomuser')), + expected=errors.NotFound( + reason=u'%s: User ID override not found' % idoverrideuser1 + ), + ), + + dict( + desc='Try to delete non-existent User ID override "%s"' + % idoverrideuser1, + command=('idoverrideuser_del', + [idview1, idoverrideuser1], + {}), + expected=errors.NotFound( + reason=u'%s: User ID override not found' % idoverrideuser1 + ), + ), + + dict( + desc='Try to rename non-existent User ID override "%s"' + % idoverrideuser1, + command=('idoverrideuser_mod', + [idview1, idoverrideuser1], + dict(setattr=u'ipaanchoruuid=:IPA:dom:renamedoverride')), + expected=errors.NotFound( + reason=u'%s: User ID override not found' % idoverrideuser1 + ), + ), + + dict( + desc='Try to retrieve non-existent Group ID override "%s"' + % idoverridegroup1, + command=('idoverridegroup_show', [idview1, idoverridegroup1], {}), + expected=errors.NotFound( + reason=u'%s: Group ID override not found' % idoverridegroup1 + ), + ), + + dict( + desc='Try to update non-existent Group ID override "%s"' + % idoverridegroup1, + command=('idoverridegroup_mod', + [idview1, idoverridegroup1], + dict(cn=u'randomnewname')), + expected=errors.NotFound( + reason=u'%s: Group ID override not found' % idoverridegroup1 + ), + ), + + dict( + desc='Try to delete non-existent Gruop ID override "%s"' + % idoverridegroup1, + command=('idoverridegroup_del', + [idview1, idoverridegroup1], + {}), + expected=errors.NotFound( + reason=u'%s: Group ID override not found' % idoverridegroup1 + ), + ), + + dict( + desc='Try to rename non-existent Group ID override "%s"' + % idoverridegroup1, + command=('idoverridegroup_mod', + [idview1, idoverridegroup1], + dict(setattr=u'ipaanchoruuid=:IPA:dom:renamedoverride')), + expected=errors.NotFound( + reason=u'%s: Group ID override not found' % idoverridegroup1 + ), + ), + + # ID override tests + + dict( + desc='Create User ID override "%s"' % idoverrideuser1, + command=( + 'idoverrideuser_add', + [idview1, idoverrideuser1], + dict(description=u'description') + ), + expected=dict( + value=idoverrideuser1, + summary=u'Added User ID override "%s"' % idoverrideuser1, + result=dict( + dn=get_idoverride_dn(idview1, idoverrideuser1), + objectclass=objectclasses.idoverrideuser, + ipaanchoruuid=[idoverrideuser1], + description=[u'description'] + ) + ), + ), + + dict( + desc='Try to create duplicate ID override "%s"' % idoverrideuser1, + command=( + 'idoverrideuser_add', + [idview1, idoverrideuser1], + dict(description=u'description') + ), + expected=errors.DuplicateEntry( + message=(u'User ID override with name "%s" ' + 'already exists' % idoverrideuser1) + ), + ), + + dict( + desc='Modify User ID override "%s" to override uidnumber' + % idoverrideuser1, + command=( + 'idoverrideuser_mod', + [idview1, idoverrideuser1], + dict(uidnumber=12345, all=True) + ), + expected=dict( + value=idoverrideuser1, + summary=u'Modified an User ID override "%s"' % idoverrideuser1, + result=dict( + dn=get_idoverride_dn(idview1, idoverrideuser1), + objectclass=objectclasses.idoverrideuser, + ipaanchoruuid=[idoverrideuser1], + description=[u'description'], + uidnumber=[u'12345'], + ) + ), + ), + + dict( + desc='Modify ID override "%s" to not override ' + 'uidnumber' % idoverrideuser1, + command=( + 'idoverride_mod', + [idview1, idoverrideuser1], + dict(uidnumber=None, all=True) + ), + expected=dict( + value=idoverrideuser1, + summary=u'Modified an User ID override "%s"' % idoverrideuser1, + result=dict( + dn=get_idoverride_dn(idview1, idoverrideuser1), + objectclass=objectclasses.idoverrideuser, + ipaanchoruuid=[idoverrideuser1], + description=[u'description'] + ) + ), + ), + + dict( + desc='Modify ID override "%s" to override login' % idoverrideuser1, + command=( + 'idoverride_mod', + [idview1, idoverrideuser1], + dict(uid=u'newlogin', all=True) + ), + expected=dict( + value=idoverrideuser1, + summary=u'Modified an User ID override "%s"' % idoverrideuser1, + result=dict( + dn=get_idoverride_dn(idview1, idoverrideuser1), + objectclass=objectclasses.idoverrideuser, + ipaanchoruuid=[idoverrideuser1], + description=[u'description'], + uid=[u'newlogin'], + ) + ), + ), + + + dict( + desc='Modify User ID override "%s" to override home ' + 'directory' % idoverrideuser1, + command=( + 'idoverrideuser_mod', + [idview1, idoverrideuser1], + dict(homedirectory=u'/home/newhome', all=True) + ), + expected=dict( + value=idoverrideuser1, + summary=u'Modified an User ID override "%s"' % idoverrideuser1, + result=dict( + dn=get_idoverride_dn(idview1, idoverrideuser1), + objectclass=objectclasses.idoverrideuser, + ipaanchoruuid=[idoverrideuser1], + description=[u'description'], + homedirectory=[u'/home/newhome'], + uidnumber=[u'12345'] + ) + ), + ), + + dict( + desc='Remove User ID override "%s"' % idoverrideuser1, + command=('idoverrideuser_del', [idview1, idoverrideuser1], {}), + expected=dict( + result=dict(failed=[]), + value=[idoverrideuser1], + summary=u'Deleted User ID override "%s"' % idoverrideuser1, + ), + ), + + dict( + desc='Create User ID override "%s"' % idoverrideuser1, + command=( + 'idoverrideuser_add', + [idview1, idoverrideuser1], + dict(description=u'description', + homedirectory=u'/home/newhome', + uid=u'newlogin', + uidnumber=12345, + ) + ), + expected=dict( + value=idoverrideuser1, + summary=u'Added User ID override "%s"' % idoverrideuser1, + result=dict( + dn=get_idoverride_dn(idview1, idoverrideuser1), + objectclass=objectclasses.idoverrideuser, + ipaanchoruuid=[idoverrideuser1], + description=[u'description'], + homedirectory=[u'/home/newhome'], + uidnumber=[u'12345'], + uid=[u'newlogin'], + ) + ), + ), + + dict( + desc='Create Group ID override "%s"' % idoverridegroup1, + command=( + 'idoverridegroup_add', + [idview1, idoverridegroup1], + dict(description=u'description') + ), + expected=dict( + value=idoverridegroup1, + summary=u'Added Group ID override "%s"' % idoverridegroup1, + result=dict( + dn=get_idoverride_dn(idview1, idoverridegroup1), + objectclass=objectclasses.idoverridegroup, + ipaanchoruuid=[idoverridegroup1], + description=[u'description'] + ) + ), + ), + + dict( + desc='Try to create duplicate Group ID override "%s"' + % idoverridegroup1, + command=( + 'idoverridegroup_add', + [idview1, idoverridegroup1], + dict(description=u'description') + ), + expected=errors.DuplicateEntry( + message=(u'Group ID override with name "%s" ' + 'already exists' % idoverridegroup1) + ), + ), + + dict( + desc='Modify Group ID override "%s" to override gidnumber' + % idoverridegroup1, + command=( + 'idoverridegroup_mod', + [idview1, idoverridegroup1], + dict(gidnumber=54321, all=True) + ), + expected=dict( + value=idoverridegroup1, + summary=u'Modified an Group ID override "%s"' + % idoverridegroup1, + result=dict( + dn=get_idoverride_dn(idview1, idoverridegroup1), + objectclass=objectclasses.idoverridegroup, + ipaanchoruuid=[idoverridegroup1], + description=[u'description'], + gidnumber=[u'54321'], + ) + ), + ), + + dict( + desc='Modify Group ID override "%s" to not override ' + 'gidnumber' % idoverridegroup1, + command=( + 'idoverridegroup_mod', + [idview1, idoverridegroup1], + dict(gidnumber=None, all=True) + ), + expected=dict( + value=idoverridegroup1, + summary=u'Modified an Group ID override "%s"' + % idoverridegroup1, + result=dict( + dn=get_idoverride_dn(idview1, idoverridegroup1), + objectclass=objectclasses.idoverridegroup, + ipaanchoruuid=[idoverridegroup1], + description=[u'description'] + ) + ), + ), + + dict( + desc='Modify Group ID override "%s" to override group name' + % idoverridegroup1, + command=( + 'idoverridegroup_mod', + [idview1, idoverridegroup1], + dict(cn=u'newgroup', all=True) + ), + expected=dict( + value=idoverridegroup1, + summary=u'Modified an Group ID override "%s"' + % idoverridegroup1, + result=dict( + dn=get_idoverride_dn(idview1, idoverridegroup1), + objectclass=objectclasses.idoverridegroup, + ipaanchoruuid=[idoverridegroup1], + description=[u'description'], + cn=[u'newgroup'], + ) + ), + ), + + dict( + desc='Remove Group ID override "%s"' % idoverridegroup1, + command=('idoverridegroup_del', [idview1, idoverridegroup1], {}), + expected=dict( + result=dict(failed=[]), + value=[idoverridegroup1], + summary=u'Deleted Group ID override "%s"' % idoverridegroup1, + ), + ), + + dict( + desc='Create Group ID override "%s"' % idoverridegroup1, + command=( + 'idoverridegroup_add', + [idview1, idoverridegroup1], + dict(description=u'description', + cn=u'newgroup', + gidnumber=12345, + ) + ), + expected=dict( + value=idoverridegroup1, + summary=u'Added Group ID override "%s"' % idoverridegroup1, + result=dict( + dn=get_idoverride_dn(idview1, idoverridegroup1), + objectclass=objectclasses.idoverridegroup, + ipaanchoruuid=[idoverridegroup1], + description=[u'description'], + gidnumber=[u'12345'], + cn=[u'newgroup'], + ) + ), + ), + + dict( + desc='See that ID view "%s" enumerates overrides' % idview1, + command=( + 'idview_show', + [idview1], + dict(all=True) + ), + expected=dict( + value=idview1, + summary=None, + result=dict( + cn=[idview1], + dn=get_idview_dn(idview1), + objectclass=objectclasses.idview, + useroverrides=[idoverrideuser1], + groupoverrides=[idoverridegroup1], + ) + ), + ), + + # Test ID view applying + + dict( + desc='Create %r' % host1, + command=('host_add', [get_fqdn(host1)], + dict( + description=u'Test host 1', + l=u'Undisclosed location 1', + force=True, + ), + ), + expected=dict( + value=get_fqdn(host1), + summary=u'Added host "%s"' % get_fqdn(host1), + result=dict( + dn=get_host_dn(host1), + fqdn=[get_fqdn(host1)], + description=[u'Test host 1'], + l=[u'Undisclosed location 1'], + krbprincipalname=[ + u'host/%s@%s' % (get_fqdn(host1), api.env.realm)], + objectclass=objectclasses.host, + ipauniqueid=[fuzzy_uuid], + managedby_host=[get_fqdn(host1)], + has_keytab=False, + has_password=False, + ), + ), + ), + + dict( + desc='Create %r' % host2, + command=('host_add', [get_fqdn(host2)], + dict( + description=u'Test host 2', + l=u'Undisclosed location 2', + force=True, + ), + ), + expected=dict( + value=get_fqdn(host2), + summary=u'Added host "%s"' % get_fqdn(host2), + result=dict( + dn=get_host_dn(host2), + fqdn=[get_fqdn(host2)], + description=[u'Test host 2'], + l=[u'Undisclosed location 2'], + krbprincipalname=[ + u'host/%s@%s' % (get_fqdn(host2), api.env.realm)], + objectclass=objectclasses.host, + ipauniqueid=[fuzzy_uuid], + managedby_host=[get_fqdn(host2)], + has_keytab=False, + has_password=False, + ), + ), + ), + + dict( + desc='Create %r' % host3, + command=('host_add', [get_fqdn(host3)], + dict( + description=u'Test host 3', + l=u'Undisclosed location 3', + force=True, + ), + ), + expected=dict( + value=get_fqdn(host3), + summary=u'Added host "%s"' % get_fqdn(host3), + result=dict( + dn=get_host_dn(host3), + fqdn=[get_fqdn(host3)], + description=[u'Test host 3'], + l=[u'Undisclosed location 3'], + krbprincipalname=[ + u'host/%s@%s' % (get_fqdn(host3), api.env.realm)], + objectclass=objectclasses.host, + ipauniqueid=[fuzzy_uuid], + managedby_host=[get_fqdn(host3)], + has_keytab=False, + has_password=False, + ), + ), + ), + + dict( + desc='Create %r' % hostgroup1, + command=('hostgroup_add', [hostgroup1], + dict(description=u'Test hostgroup 1') + ), + expected=dict( + value=hostgroup1, + summary=u'Added hostgroup "%s"' % hostgroup1, + result=dict( + dn=get_hostgroup_dn(hostgroup1), + cn=[hostgroup1], + objectclass=objectclasses.hostgroup, + description=[u'Test hostgroup 1'], + ipauniqueid=[fuzzy_uuid], + mepmanagedentry=[get_hostgroup_netgroup_dn(hostgroup1)], + ), + ), + ), + + dict( + desc='Create %r' % hostgroup1, + command=('hostgroup_add', [hostgroup2], + dict(description=u'Test hostgroup 2') + ), + expected=dict( + value=hostgroup2, + summary=u'Added hostgroup "%s"' % hostgroup2, + result=dict( + dn=get_hostgroup_dn(hostgroup2), + cn=[hostgroup2], + objectclass=objectclasses.hostgroup, + description=[u'Test hostgroup 2'], + ipauniqueid=[fuzzy_uuid], + mepmanagedentry=[get_hostgroup_netgroup_dn(hostgroup2)], + ), + ), + ), + + dict( + desc=u'Add host %r to %r' % (host1, hostgroup1), + command=( + 'hostgroup_add_member', + [hostgroup1], + dict(host=get_fqdn(host1)) + ), + expected=dict( + completed=1, + failed=dict( + member=dict( + host=tuple(), + hostgroup=tuple(), + ), + ), + result={ + 'dn': get_hostgroup_dn(hostgroup1), + 'cn': [hostgroup1], + 'description': [u'Test hostgroup 1'], + 'member_host': [get_fqdn(host1)], + }, + ), + ), + + dict( + desc=u'Add host %r to %r' % (host2, hostgroup2), + command=( + 'hostgroup_add_member', + [hostgroup2], + dict(host=get_fqdn(host2)) + ), + expected=dict( + completed=1, + failed=dict( + member=dict( + host=tuple(), + hostgroup=tuple(), + ), + ), + result={ + 'dn': get_hostgroup_dn(hostgroup2), + 'cn': [hostgroup2], + 'description': [u'Test hostgroup 2'], + 'member_host': [get_fqdn(host2)], + }, + ), + ), + + dict( + desc=u'Add hostgroup %r to %r' % (hostgroup2, hostgroup1), + command=( + 'hostgroup_add_member', + [hostgroup1], + dict(hostgroup=hostgroup2) + ), + expected=dict( + completed=1, + failed=dict( + member=dict( + host=tuple(), + hostgroup=tuple(), + ), + ), + result={ + 'dn': get_hostgroup_dn(hostgroup1), + 'cn': [hostgroup1], + 'description': [u'Test hostgroup 1'], + 'member_host': [get_fqdn(host1)], + 'memberindirect_host': [get_fqdn(host2)], + 'member_hostgroup': [hostgroup2], + }, + ), + ), + + dict( + desc=u'Apply %s to %s' % (idview1, host3), + command=( + 'idview_apply', + [idview1], + dict(host=get_fqdn(host3)) + ), + expected=dict( + completed=1, + succeeded=dict( + host=[get_fqdn(host3)], + ), + failed=dict( + memberhost=dict( + host=tuple(), + hostgroup=tuple(), + ), + ), + summary=u'Applied ID view "%s"' % idview1, + ), + ), + + dict( + desc='Check that %s has %s applied' % (host3, idview1), + command=('host_show', [get_fqdn(host3)], {'all': True}), + expected=dict( + value=get_fqdn(host3), + summary=None, + result=dict( + cn=[get_fqdn(host3)], + dn=get_host_dn(host3), + fqdn=[get_fqdn(host3)], + description=[u'Test host 3'], + l=[u'Undisclosed location 3'], + krbprincipalname=[get_host_principal(host3)], + has_keytab=False, + has_password=False, + managedby_host=[get_fqdn(host3)], + ipakrbokasdelegate=False, + ipakrbrequirespreauth=True, + ipauniqueid=[fuzzy_uuid], + managing_host=[get_fqdn(host3)], + objectclass=objectclasses.host, + serverhostname=[host3], + ipaassignedidview=[get_idview_dn(idview1)], + ), + ), + ), + + dict( + desc='Check that %s has not %s applied' % (host2, idview1), + command=('host_show', [get_fqdn(host2)], {'all': True}), + expected=dict( + value=get_fqdn(host2), + summary=None, + result=dict( + cn=[get_fqdn(host2)], + dn=get_host_dn(host2), + fqdn=[get_fqdn(host2)], + description=[u'Test host 2'], + l=[u'Undisclosed location 2'], + krbprincipalname=[get_host_principal(host2)], + has_keytab=False, + has_password=False, + managedby_host=[get_fqdn(host2)], + ipakrbokasdelegate=False, + ipakrbrequirespreauth=True, + ipauniqueid=[fuzzy_uuid], + managing_host=[get_fqdn(host2)], + objectclass=objectclasses.host, + serverhostname=[host2], + memberof_hostgroup=[hostgroup2], + memberofindirect_hostgroup=[hostgroup1], + ), + ), + ), + + + dict( + desc=u'Apply %s to %s' % (idview1, hostgroup1), + command=( + 'idview_apply', + [idview1], + dict(hostgroup=hostgroup1) + ), + expected=dict( + completed=2, + succeeded=dict( + host=[get_fqdn(host1), get_fqdn(host2)], + ), + failed=dict( + memberhost=dict( + host=tuple(), + hostgroup=tuple(), + ), + ), + summary=u'Applied ID view "%s"' % idview1, + ), + ), + + dict( + desc='Check that %s has %s applied' % (host2, idview1), + command=('host_show', [get_fqdn(host2)], {'all': True}), + expected=dict( + value=get_fqdn(host2), + summary=None, + result=dict( + cn=[get_fqdn(host2)], + dn=get_host_dn(host2), + fqdn=[get_fqdn(host2)], + description=[u'Test host 2'], + l=[u'Undisclosed location 2'], + krbprincipalname=[get_host_principal(host2)], + has_keytab=False, + has_password=False, + managedby_host=[get_fqdn(host2)], + ipakrbokasdelegate=False, + ipakrbrequirespreauth=True, + ipauniqueid=[fuzzy_uuid], + managing_host=[get_fqdn(host2)], + objectclass=objectclasses.host, + serverhostname=[host2], + memberof_hostgroup=[hostgroup2], + memberofindirect_hostgroup=[hostgroup1], + ipaassignedidview=[get_idview_dn(idview1)], + ), + ), + ), + + dict( + desc='Check that %s has %s applied' % (host1, idview1), + command=('host_show', [get_fqdn(host1)], {'all': True}), + expected=dict( + value=get_fqdn(host1), + summary=None, + result=dict( + cn=[get_fqdn(host1)], + dn=get_host_dn(host1), + fqdn=[get_fqdn(host1)], + description=[u'Test host 1'], + l=[u'Undisclosed location 1'], + krbprincipalname=[get_host_principal(host1)], + has_keytab=False, + has_password=False, + managedby_host=[get_fqdn(host1)], + ipakrbokasdelegate=False, + ipakrbrequirespreauth=True, + ipauniqueid=[fuzzy_uuid], + managing_host=[get_fqdn(host1)], + objectclass=objectclasses.host, + serverhostname=[host1], + memberof_hostgroup=[hostgroup1], + ipaassignedidview=[get_idview_dn(idview1)], + ), + ), + ), + + dict( + desc='See that ID view "%s" enumerates hosts' % idview1, + command=( + 'idview_show', + [idview1], + dict(all=True, show_hosts=True) + ), + expected=dict( + value=idview1, + summary=None, + result=dict( + cn=[idview1], + dn=get_idview_dn(idview1), + objectclass=objectclasses.idview, + useroverrides=[idoverrideuser1], + groupoverrides=[idoverridegroup1], + appliedtohosts=[get_fqdn(host) + for host in (host1, host2, host3)] + ) + ), + ), + + dict( + desc=u'Unapply %s from %s and %s' % (idview1, host1, host3), + command=( + 'idview_unapply', + [], + dict(host=[get_fqdn(host1), get_fqdn(host3)]), + ), + expected=dict( + completed=2, + succeeded=dict( + host=[get_fqdn(host1), get_fqdn(host3)], + ), + failed=dict( + memberhost=dict( + host=tuple(), + hostgroup=tuple(), + ), + ), + summary=u'Cleared ID views', + ), + ), + + dict( + desc='Check that %s has not %s applied' % (host1, idview1), + command=('host_show', [get_fqdn(host1)], {'all': True}), + expected=dict( + value=get_fqdn(host1), + summary=None, + result=dict( + cn=[get_fqdn(host1)], + dn=get_host_dn(host1), + fqdn=[get_fqdn(host1)], + description=[u'Test host 1'], + l=[u'Undisclosed location 1'], + krbprincipalname=[get_host_principal(host1)], + has_keytab=False, + has_password=False, + managedby_host=[get_fqdn(host1)], + ipakrbokasdelegate=False, + ipakrbrequirespreauth=True, + ipauniqueid=[fuzzy_uuid], + managing_host=[get_fqdn(host1)], + objectclass=objectclasses.host, + serverhostname=[host1], + memberof_hostgroup=[hostgroup1], + ), + ), + ), + + dict( + desc='Check that %s has not %s applied' % (host3, idview1), + command=('host_show', [get_fqdn(host3)], {'all': True}), + expected=dict( + value=get_fqdn(host3), + summary=None, + result=dict( + cn=[get_fqdn(host3)], + dn=get_host_dn(host3), + fqdn=[get_fqdn(host3)], + description=[u'Test host 3'], + l=[u'Undisclosed location 3'], + krbprincipalname=[get_host_principal(host3)], + has_keytab=False, + has_password=False, + managedby_host=[get_fqdn(host3)], + ipakrbokasdelegate=False, + ipakrbrequirespreauth=True, + ipauniqueid=[fuzzy_uuid], + managing_host=[get_fqdn(host3)], + objectclass=objectclasses.host, + serverhostname=[host3], + ), + ), + ), + + dict( + desc='See that ID view "%s" enumerates only one host' % idview1, + command=( + 'idview_show', + [idview1], + dict(all=True, show_hosts=True) + ), + expected=dict( + value=idview1, + summary=None, + result=dict( + cn=[idview1], + dn=get_idview_dn(idview1), + objectclass=objectclasses.idview, + useroverrides=[idoverrideuser1], + groupoverrides=[idoverridegroup1], + appliedtohosts=[get_fqdn(host2)] + ) + ), + ), + + dict( + desc=u'Unapply %s from %s' % (idview1, hostgroup1), + command=( + 'idview_unapply', + [], + dict(hostgroup=hostgroup1), + ), + expected=dict( + completed=1, + succeeded=dict( + host=[get_fqdn(host2)], + ), + failed=dict( + memberhost=dict( + host=tuple(), + hostgroup=tuple(), + ), + ), + summary=u'Cleared ID views', + ), + ), + + dict( + desc='See that ID view "%s" enumerates no host' % idview1, + command=( + 'idview_show', + [idview1], + dict(all=True, show_hosts=True) + ), + expected=dict( + value=idview1, + summary=None, + result=dict( + cn=[idview1], + dn=get_idview_dn(idview1), + objectclass=objectclasses.idview, + useroverrides=[idoverrideuser1], + groupoverrides=[idoverridegroup1], + ) + ), + ), + + # Deleting ID overrides + + dict( + desc='Delete User ID override "%s"' % idoverrideuser1, + command=('idoverrideuser_del', [idview1, idoverrideuser1], {}), + expected=dict( + result=dict(failed=[]), + summary=u'Deleted User ID override "%s"' % idoverrideuser1, + value=[idoverrideuser1], + ), + ), + + dict( + desc='Delete Group ID override "%s"' % idoverridegroup1, + command=('idoverridegroup_del', [idview1, idoverridegroup1], {}), + expected=dict( + result=dict(failed=[]), + summary=u'Deleted Group ID override "%s"' % idoverridegroup1, + value=[idoverridegroup1], + ), + ), + + # Delete the ID view + + dict( + desc='Delete empty ID view "%s"' % idview1, + command=('idview_del', [idview1], {}), + expected=dict( + result=dict(failed=[]), + summary=u'Deleted ID view "%s"' % idview1, + value=[idview1], + ), + ), + + # Recreate the view and delete it when it contains overrides + + dict( + desc='Create ID view "%s"' % idview1, + command=( + 'idview_add', + [idview1], + {} + ), + expected=dict( + value=idview1, + summary=u'Added ID view "%s"' % idview1, + result=dict( + dn=get_idview_dn(idview1), + objectclass=objectclasses.idview, + cn=[idview1] + ) + ), + ), + + dict( + desc='Recreate User ID override "%s"' % idoverrideuser1, + command=( + 'idoverrideuser_add', + [idview1, idoverrideuser1], + dict(description=u'description') + ), + expected=dict( + value=idoverrideuser1, + summary=u'Added User ID override "%s"' % idoverrideuser1, + result=dict( + dn=get_idoverride_dn(idview1, idoverrideuser1), + objectclass=objectclasses.idoverrideuser, + ipaanchoruuid=[idoverrideuser1], + description=[u'description'] + ) + ), + ), + + dict( + desc='Recreate Group ID override "%s"' % idoverridegroup1, + command=( + 'idoverridegroup_add', + [idview1, idoverridegroup1], + dict(description=u'description') + ), + expected=dict( + value=idoverridegroup1, + summary=u'Added Group ID override "%s"' % idoverridegroup1, + result=dict( + dn=get_idoverride_dn(idview1, idoverridegroup1), + objectclass=objectclasses.idoverridegroup, + ipaanchoruuid=[idoverridegroup1], + description=[u'description'], + ) + ), + ), + + dict( + desc='Delete full ID view "%s"' % idview1, + command=('idview_del', [idview1], {}), + expected=dict( + result=dict(failed=[]), + summary=u'Deleted ID view "%s"' % idview1, + value=[idview1], + ), + ), + + + ] -- cgit