From bed6e81935a43e0661faf2391c2494b230222c17 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 15 Sep 2010 09:20:14 -0400 Subject: If an HBAC category is 'all' don't allow individual objects to be added. Basically, make 'all' mutually exclusive. This makes debugging lots easier. If say usercat='all' there is no point adding specific users to the rule because it will always apply to everyone. ticket 164 --- tests/test_xmlrpc/test_hbac_plugin.py | 75 ++++++++++++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 2 deletions(-) (limited to 'tests/test_xmlrpc/test_hbac_plugin.py') diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py index d90837417..2405355c0 100644 --- a/tests/test_xmlrpc/test_hbac_plugin.py +++ b/tests/test_xmlrpc/test_hbac_plugin.py @@ -306,6 +306,8 @@ class test_hbac(XMLRPC_test): """ Clear data for HBAC plugin testing. """ + api.Command['hbac_remove_host'](self.rule_name, host=self.test_host) + api.Command['hbac_remove_host'](self.rule_name, hostgroup=self.test_hostgroup) api.Command['user_del'](self.test_user) api.Command['group_del'](self.test_group) api.Command['host_del'](self.test_host) @@ -333,9 +335,78 @@ class test_hbac(XMLRPC_test): # FIXME: Should this be 'enabled' or 'TRUE'? assert_attr_equal(entry, 'ipaenabledflag', 'TRUE') - def test_f_hbac_del(self): + def test_f_hbac_exclusiveuser(self): """ - Test deleting a HBAC rule using `xmlrpc.hbac_remove_sourcehost`. + Test adding a user to an HBAC rule when usercat='all' + """ + api.Command['hbac_mod'](self.rule_name, usercategory=u'all') + try: + api.Command['hbac_add_user'](self.rule_name, users='admin') + except errors.MutuallyExclusiveError: + pass + api.Command['hbac_mod'](self.rule_name, usercategory=u'') + + def test_g_hbac_exclusiveuser(self): + """ + Test setting usercat='all' in an HBAC rule when there are users + """ + api.Command['hbac_add_user'](self.rule_name, users='admin') + try: + api.Command['hbac_mod'](self.rule_name, usercategory=u'all') + except errors.MutuallyExclusiveError: + pass + finally: + api.Command['hbac_remove_user'](self.rule_name, users='admin') + + def test_h_hbac_exclusivehost(self): + """ + Test adding a host to an HBAC rule when hostcat='all' + """ + api.Command['hbac_mod'](self.rule_name, hostcategory=u'all') + try: + api.Command['hbac_add_host'](self.rule_name, host=self.test_host) + except errors.MutuallyExclusiveError: + pass + api.Command['hbac_mod'](self.rule_name, hostcategory=u'') + + def test_i_hbac_exclusivehost(self): + """ + Test setting hostcat='all' in an HBAC rule when there are hosts + """ + api.Command['hbac_add_host'](self.rule_name, host=self.test_host) + try: + api.Command['hbac_mod'](self.rule_name, hostcategory=u'all') + except errors.MutuallyExclusiveError: + pass + finally: + api.Command['hbac_remove_host'](self.rule_name, host=self.test_host) + + def test_j_hbac_exclusiveservice(self): + """ + Test adding a service to an HBAC rule when servicecat='all' + """ + api.Command['hbac_mod'](self.rule_name, servicecategory=u'all') + try: + api.Command['hbac_add_host'](self.rule_name, hbacsvc=self.test_service) + except errors.MutuallyExclusiveError: + pass + api.Command['hbac_mod'](self.rule_name, servicecategory=u'') + + def test_k_hbac_exclusiveservice(self): + """ + Test setting servicecat='all' in an HBAC rule when there are services + """ + api.Command['hbac_add_service'](self.rule_name, hbacsvc=self.test_service) + try: + api.Command['hbac_mod'](self.rule_name, servicecategory=u'all') + except errors.MutuallyExclusiveError: + pass + finally: + api.Command['hbac_remove_service'](self.rule_name, hbacsvc=self.test_service) + + def test_z_hbac_del(self): + """ + Test deleting a HBAC rule using `xmlrpc.hbac_del`. """ assert api.Command['hbac_del'](self.rule_name)['result'] is True # verify that it's gone -- cgit