From 67d8b434c5272fd47d2e168c2b97077c70c016c2 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Fri, 25 Jan 2013 10:10:17 +0100 Subject: Add trusconfig-show and trustconfig-mod commands Global trust configuration is generated ipa-adtrust-install script is run. Add convenience commands to show auto-generated options like SID or GUID or options chosen by user (NetBIOS). Most of these options are not modifiable via trustconfig-mod command as it would break current trusts. Unit test file covering these new commands was added. https://fedorahosted.org/freeipa/ticket/3333 --- tests/test_xmlrpc/test_trust_plugin.py | 159 +++++++++++++++++++++++++++++++++ tests/test_xmlrpc/xmlrpc_test.py | 10 +++ 2 files changed, 169 insertions(+) create mode 100644 tests/test_xmlrpc/test_trust_plugin.py (limited to 'tests') diff --git a/tests/test_xmlrpc/test_trust_plugin.py b/tests/test_xmlrpc/test_trust_plugin.py new file mode 100644 index 000000000..7627be748 --- /dev/null +++ b/tests/test_xmlrpc/test_trust_plugin.py @@ -0,0 +1,159 @@ +# Authors: +# Martin Kosek +# +# Copyright (C) 2010 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +""" +Test the `ipalib/plugins/trust.py` module. +""" + +import nose +from ipalib import api, errors +from ipapython.dn import DN +from tests.test_xmlrpc import objectclasses +from xmlrpc_test import (Declarative, fuzzy_guid, fuzzy_domain_sid, fuzzy_string, + fuzzy_uuid, fuzzy_digits) + + +trustconfig_ad_config = DN(('cn', api.env.domain), + api.env.container_cifsdomains, api.env.basedn) +testgroup = u'adtestgroup' +testgroup_dn = DN(('cn', testgroup), api.env.container_group, api.env.basedn) + +default_group = u'Default SMB Group' +default_group_dn = DN(('cn', default_group), api.env.container_group, api.env.basedn) + +class test_trustconfig(Declarative): + + @classmethod + def setUpClass(cls): + super(test_trustconfig, cls).setUpClass() + if not api.Backend.xmlclient.isconnected(): + api.Backend.xmlclient.connect(fallback=False) + try: + api.Command['trustconfig_show'](trust_type=u'ad') + except errors.NotFound: + raise nose.SkipTest('Trusts are not configured') + + cleanup_commands = [ + ('group_del', [testgroup], {}), + ('trustconfig_mod', [], {'trust_type': u'ad', + 'ipantfallbackprimarygroup': default_group}), + ] + + tests = [ + + dict( + desc='Retrieve trust configuration for AD domains', + command=('trustconfig_show', [], {'trust_type': u'ad'}), + expected={ + 'value': u'ad', + 'summary': None, + 'result': { + 'dn': trustconfig_ad_config, + 'cn': [api.env.domain], + 'ipantdomainguid': [fuzzy_guid], + 'ipantfallbackprimarygroup': [default_group], + 'ipantflatname': [fuzzy_string], + 'ipantsecurityidentifier': [fuzzy_domain_sid] + }, + }, + ), + + dict( + desc='Retrieve trust configuration for AD domains with --raw', + command=('trustconfig_show', [], {'trust_type': u'ad', 'raw': True}), + expected={ + 'value': u'ad', + 'summary': None, + 'result': { + 'dn': trustconfig_ad_config, + 'cn': [api.env.domain], + 'ipantdomainguid': [fuzzy_guid], + 'ipantfallbackprimarygroup': [default_group_dn], + 'ipantflatname': [fuzzy_string], + 'ipantsecurityidentifier': [fuzzy_domain_sid] + }, + }, + ), + + dict( + desc='Create auxiliary group %r' % testgroup, + command=( + 'group_add', [testgroup], dict(description=u'Test group') + ), + expected=dict( + value=testgroup, + summary=u'Added group "%s"' % testgroup, + result=dict( + cn=[testgroup], + description=[u'Test group'], + gidnumber=[fuzzy_digits], + objectclass=objectclasses.group + [u'posixgroup'], + ipauniqueid=[fuzzy_uuid], + dn=testgroup_dn, + ), + ), + ), + + dict( + desc='Try to change primary fallback group to nonexistent group', + command=('trustconfig_mod', [], + {'trust_type': u'ad', 'ipantfallbackprimarygroup': u'doesnotexist'}), + expected=errors.NotFound(reason=u'%s: group not found' % 'doesnotexist') + ), + + dict( + desc='Try to change primary fallback group to nonexistent group DN', + command=('trustconfig_mod', [], {'trust_type': u'ad', + 'ipantfallbackprimarygroup': u'cn=doesnotexist,dc=test'}), + expected=errors.NotFound(reason=u'%s: group not found' % 'cn=doesnotexist,dc=test') + ), + + dict( + desc='Change primary fallback group to "%s"' % testgroup, + command=('trustconfig_mod', [], {'trust_type': u'ad', + 'ipantfallbackprimarygroup': testgroup}), + expected={ + 'value': u'ad', + 'summary': u'Modified "ad" trust configuration', + 'result': { + 'cn': [api.env.domain], + 'ipantdomainguid': [fuzzy_guid], + 'ipantfallbackprimarygroup': [testgroup], + 'ipantflatname': [fuzzy_string], + 'ipantsecurityidentifier': [fuzzy_domain_sid] + }, + }, + ), + + dict( + desc='Change primary fallback group back to "%s" using DN' % default_group, + command=('trustconfig_mod', [], {'trust_type': u'ad', + 'ipantfallbackprimarygroup': unicode(default_group_dn)}), + expected={ + 'value': u'ad', + 'summary': u'Modified "ad" trust configuration', + 'result': { + 'cn': [api.env.domain], + 'ipantdomainguid': [fuzzy_guid], + 'ipantfallbackprimarygroup': [default_group], + 'ipantflatname': [fuzzy_string], + 'ipantsecurityidentifier': [fuzzy_domain_sid] + }, + }, + ), + ] diff --git a/tests/test_xmlrpc/xmlrpc_test.py b/tests/test_xmlrpc/xmlrpc_test.py index 7c32be0db..610fa97c5 100644 --- a/tests/test_xmlrpc/xmlrpc_test.py +++ b/tests/test_xmlrpc/xmlrpc_test.py @@ -40,6 +40,16 @@ fuzzy_uuid = Fuzzy( '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$' ) +# Matches trusted domain GUID, like u'463bf2be-3456-4a57-979e-120304f2a0eb' +fuzzy_guid = fuzzy_uuid + +# Matches SID of a trusted domain +# SID syntax: http://msdn.microsoft.com/en-us/library/ff632068.aspx +_sid_identifier_authority = '(0x[0-9a-f]{1,12}|[0-9]{1,10})' +fuzzy_domain_sid = Fuzzy( + '^S-1-5-21-%(idauth)s-%(idauth)s-%(idauth)s$' % dict(idauth=_sid_identifier_authority) +) + # Matches netgroup dn. Note (?i) at the beginning of the regexp is the ingnore case flag fuzzy_netgroupdn = Fuzzy( '(?i)ipauniqueid=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},cn=ng,cn=alt,%s' % api.env.basedn -- cgit