From af48654cbcd6c0bdb3c5c6f5b35a4e69fbde77b5 Mon Sep 17 00:00:00 2001 From: Jr Aquino Date: Mon, 27 Sep 2010 13:51:28 -0700 Subject: Add plugins for Sudo Commands, Command Groups and Rules --- tests/test_xmlrpc/objectclasses.py | 12 + tests/test_xmlrpc/test_sudocmd_plugin.py | 190 +++++++++ tests/test_xmlrpc/test_sudocmdgroup_plugin.py | 535 ++++++++++++++++++++++++++ tests/test_xmlrpc/test_sudorule_plugin.py | 269 +++++++++++++ 4 files changed, 1006 insertions(+) create mode 100644 tests/test_xmlrpc/test_sudocmd_plugin.py create mode 100644 tests/test_xmlrpc/test_sudocmdgroup_plugin.py create mode 100644 tests/test_xmlrpc/test_sudorule_plugin.py (limited to 'tests') diff --git a/tests/test_xmlrpc/objectclasses.py b/tests/test_xmlrpc/objectclasses.py index 65811fa74..e61bbd216 100644 --- a/tests/test_xmlrpc/objectclasses.py +++ b/tests/test_xmlrpc/objectclasses.py @@ -94,3 +94,15 @@ hbacsvcgroup = [ u'groupOfNames', u'top', ] + +sudocmd = [ + u'ipaobject', + u'ipasudocmd', +] + +sudocmdgroup = [ + u'ipaobject', + u'ipasudocmdgrp', + u'groupOfNames', + u'top', +] diff --git a/tests/test_xmlrpc/test_sudocmd_plugin.py b/tests/test_xmlrpc/test_sudocmd_plugin.py new file mode 100644 index 000000000..31457c24d --- /dev/null +++ b/tests/test_xmlrpc/test_sudocmd_plugin.py @@ -0,0 +1,190 @@ +# Authors: +# Jr Aquino +# +# Copyright (C) 2010 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +""" +Test the `ipalib/plugins/sudocmd.py` module. +""" + +from ipalib import api, errors +from tests.test_xmlrpc.xmlrpc_test import Declarative, fuzzy_uuid +from tests.test_xmlrpc import objectclasses + + +sudocmd1 = u'/usr/bin/sudotestcmd1' + + +class test_sudocmd(Declarative): + + cleanup_commands = [ + ('sudocmd_del', [sudocmd1], {}), + ] + + tests = [ + + dict( + desc='Try to retrieve non-existent %r' % sudocmd1, + command=('sudocmd_show', [sudocmd1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to update non-existent %r' % sudocmd1, + command=('sudocmd_mod', [sudocmd1], dict(description=u'Nope')), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to delete non-existent %r' % sudocmd1, + command=('sudocmd_del', [sudocmd1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Create %r' % sudocmd1, + command=('sudocmd_add', [sudocmd1], + dict( + description=u'Test sudo command 1', + ), + ), + expected=dict( + value=sudocmd1, + summary=u'Added sudo command "%s"' % sudocmd1, + result=dict( + dn=u'cn=%s,cn=sudocmds,cn=accounts,%s' % (sudocmd1, + api.env.basedn), + cn=[sudocmd1], + description=[u'Test sudo command 1'], + objectclass=objectclasses.sudocmd, + ipauniqueid=[fuzzy_uuid], + ), + ), + ), + + + dict( + desc='Try to create duplicate %r' % sudocmd1, + command=('sudocmd_add', [sudocmd1], + dict( + description=u'Test sudo command 1', + ), + ), + expected=errors.DuplicateEntry(), + ), + + + dict( + desc='Retrieve %r' % sudocmd1, + command=('sudocmd_show', [sudocmd1], {}), + expected=dict( + value=sudocmd1, + summary=None, + result=dict( + dn=u'cn=%s,cn=sudocmds,cn=accounts,%s' % (sudocmd1, + api.env.basedn), + cn=[sudocmd1], + description=[u'Test sudo command 1'], + ), + ), + ), + + + dict( + desc='Search for %r' % sudocmd1, + command=('sudocmd_find', [sudocmd1], {}), + expected=dict( + count=1, + truncated=False, + summary=u'1 sudo command matched', + result=[ + dict( + dn=u'cn=%s,cn=sudocmds,cn=accounts,%s' % (sudocmd1, + api.env.basedn), + cn=[sudocmd1], + description=[u'Test sudo command 1'], + ), + ], + ), + ), + + + dict( + desc='Update %r' % sudocmd1, + command=('sudocmd_mod', [sudocmd1], dict( + description=u'Updated sudo command 1')), + expected=dict( + value=sudocmd1, + summary=u'Modified sudo command "%s"' % sudocmd1, + result=dict( + cn=[sudocmd1], + description=[u'Updated sudo command 1'], + ), + ), + ), + + + dict( + desc='Retrieve %r to verify update' % sudocmd1, + command=('sudocmd_show', [sudocmd1], {}), + expected=dict( + value=sudocmd1, + summary=None, + result=dict( + dn=u'cn=%s,cn=sudocmds,cn=accounts,%s' % (sudocmd1, + api.env.basedn), + cn=[sudocmd1], + description=[u'Updated sudo command 1'], + ), + ), + ), + + + dict( + desc='Delete %r' % sudocmd1, + command=('sudocmd_del', [sudocmd1], {}), + expected=dict( + value=sudocmd1, + summary=u'Deleted sudo command "%s"' % sudocmd1, + result=True, + ), + ), + + + dict( + desc='Try to retrieve non-existent %r' % sudocmd1, + command=('sudocmd_show', [sudocmd1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to update non-existent %r' % sudocmd1, + command=('sudocmd_mod', [sudocmd1], dict(description=u'Nope')), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to delete non-existent %r' % sudocmd1, + command=('sudocmd_del', [sudocmd1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + ] diff --git a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py new file mode 100644 index 000000000..6374c09e4 --- /dev/null +++ b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py @@ -0,0 +1,535 @@ +# Authors: +# Jr Aquino +# +# Copyright (C) 2010 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +""" +Test the `ipalib/plugins/sudocmdgroup.py` module. +""" + +from ipalib import api, errors +from tests.test_xmlrpc import objectclasses +from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid + +sudocmdgroup1 = u'testsudocmdgroup1' +sudocmdgroup2 = u'testsudocmdgroup2' +sudocmd1 = u'/usr/bin/sudotestcmd1' + +class test_sudocmdgroup(Declarative): + cleanup_commands = [ + ('sudocmdgroup_del', [sudocmdgroup1], {}), + ('sudocmdgroup_del', [sudocmdgroup2], {}), + ('sudocmd_del', [sudocmd1], {}), + ] + + tests = [ + + ################ + # create sudo command + dict( + desc='Create %r' % sudocmd1, + command=( + 'sudocmd_add', [], dict(cn=sudocmd1,) + ), + expected=dict( + value=sudocmd1, + summary=u'Added sudo command "%s"' % sudocmd1, + result=dict( + objectclass=objectclasses.sudocmd, + cn=[u'/usr/bin/sudotestcmd1'], + ipauniqueid=[fuzzy_uuid], + dn=u'cn=%s,cn=sudocmds,cn=accounts,%s' % (sudocmd1, + api.env.basedn), + ), + ), + ), + + + dict( + desc='Verify the managed sudo command %r was created' % sudocmd1, + command=('sudocmd_show', [sudocmd1], {}), + expected=dict( + value=sudocmd1, + summary=None, + result=dict( + cn=[sudocmd1], + dn=u'cn=%s,cn=sudocmds,cn=accounts,%s' % (sudocmd1, + api.env.basedn), + ), + ), + ), + + + ################ + # create sudo command group1: + dict( + desc='Try to retrieve non-existent %r' % sudocmdgroup1, + command=('sudocmdgroup_show', [sudocmdgroup1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to update non-existent %r' % sudocmdgroup1, + command=('sudocmdgroup_mod', [sudocmdgroup1], + dict(description=u'Foo')), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to delete non-existent %r' % sudocmdgroup1, + command=('sudocmdgroup_del', [sudocmdgroup1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Create %r' % sudocmdgroup1, + command=( + 'sudocmdgroup_add', [sudocmdgroup1], + dict(description=u'Test desc 1') + ), + expected=dict( + value=sudocmdgroup1, + summary=u'Added sudo command group "testsudocmdgroup1"', + result=dict( + cn=[sudocmdgroup1], + description=[u'Test desc 1'], + objectclass=objectclasses.sudocmdgroup, + ipauniqueid=[fuzzy_uuid], + dn=u'cn=testsudocmdgroup1,cn=sudocmdgroups,cn=accounts,' + \ + api.env.basedn, + ), + ), + ), + + + dict( + desc='Try to create duplicate %r' % sudocmdgroup1, + command=( + 'sudocmdgroup_add', [sudocmdgroup1], + dict(description=u'Test desc 1') + ), + expected=errors.DuplicateEntry(), + ), + + + dict( + desc='Retrieve %r' % sudocmdgroup1, + command=('sudocmdgroup_show', [sudocmdgroup1], {}), + expected=dict( + value=sudocmdgroup1, + summary=None, + result=dict( + cn=[sudocmdgroup1], + description=[u'Test desc 1'], + dn=u'cn=testsudocmdgroup1,cn=sudocmdgroups,cn=accounts,' + \ + api.env.basedn, + ), + ), + ), + + + dict( + desc='Updated %r' % sudocmdgroup1, + command=( + 'sudocmdgroup_mod', [sudocmdgroup1], + dict(description=u'New desc 1') + ), + expected=dict( + result=dict( + cn=[sudocmdgroup1], + description=[u'New desc 1'], + ), + summary=u'Modified sudo command group "testsudocmdgroup1"', + value=sudocmdgroup1, + ), + ), + + + dict( + desc='Retrieve %r to verify update' % sudocmdgroup1, + command=('sudocmdgroup_show', [sudocmdgroup1], {}), + expected=dict( + value=sudocmdgroup1, + result=dict( + cn=[sudocmdgroup1], + description=[u'New desc 1'], + dn=u'cn=testsudocmdgroup1,cn=sudocmdgroups,cn=accounts,' + \ + api.env.basedn, + ), + summary=None, + ), + ), + + + dict( + desc='Search for %r' % sudocmdgroup1, + command=('sudocmdgroup_find', [], dict(cn=sudocmdgroup1)), + expected=dict( + count=1, + truncated=False, + result=[ + dict( + dn=u'cn=%s,cn=sudocmdgroups,cn=accounts,%s' % \ + (sudocmdgroup1, api.env.basedn), + cn=[sudocmdgroup1], + description=[u'New desc 1'], + ), + ], + summary=u'1 sudo command group matched', + ), + ), + + + + ################ + # create sudocmdgroup2: + dict( + desc='Try to retrieve non-existent %r' % sudocmdgroup2, + command=('sudocmdgroup_show', [sudocmdgroup2], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to update non-existent %r' % sudocmdgroup2, + command=('sudocmdgroup_mod', [sudocmdgroup2], + dict(description=u'Foo')), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to delete non-existent %r' % sudocmdgroup2, + command=('sudocmdgroup_del', [sudocmdgroup2], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Create %r' % sudocmdgroup2, + command=( + 'sudocmdgroup_add', [sudocmdgroup2], + dict(description=u'Test desc 2') + ), + expected=dict( + value=sudocmdgroup2, + summary=u'Added sudo command group "testsudocmdgroup2"', + result=dict( + cn=[sudocmdgroup2], + description=[u'Test desc 2'], + objectclass=objectclasses.sudocmdgroup, + ipauniqueid=[fuzzy_uuid], + dn=u'cn=testsudocmdgroup2,cn=sudocmdgroups,cn=accounts,' + \ + api.env.basedn, + ), + ), + ), + + + dict( + desc='Try to create duplicate %r' % sudocmdgroup2, + command=( + 'sudocmdgroup_add', [sudocmdgroup2], + dict(description=u'Test desc 2') + ), + expected=errors.DuplicateEntry(), + ), + + + dict( + desc='Retrieve %r' % sudocmdgroup2, + command=('sudocmdgroup_show', [sudocmdgroup2], {}), + expected=dict( + value=sudocmdgroup2, + summary=None, + result=dict( + cn=[sudocmdgroup2], + description=[u'Test desc 2'], + dn=u'cn=testsudocmdgroup2,cn=sudocmdgroups,cn=accounts,' + \ + api.env.basedn, + ), + ), + ), + + + dict( + desc='Updated %r' % sudocmdgroup2, + command=( + 'sudocmdgroup_mod', [sudocmdgroup2], + dict(description=u'New desc 2') + ), + expected=dict( + result=dict( + cn=[sudocmdgroup2], + description=[u'New desc 2'], + ), + summary=u'Modified sudo command group "testsudocmdgroup2"', + value=sudocmdgroup2, + ), + ), + + + dict( + desc='Retrieve %r to verify update' % sudocmdgroup2, + command=('sudocmdgroup_show', [sudocmdgroup2], {}), + expected=dict( + value=sudocmdgroup2, + result=dict( + cn=[sudocmdgroup2], + description=[u'New desc 2'], + dn=u'cn=testsudocmdgroup2,cn=sudocmdgroups,cn=accounts,' + \ + api.env.basedn, + ), + summary=None, + ), + ), + + + dict( + desc='Search for %r' % sudocmdgroup2, + command=('sudocmdgroup_find', [], dict(cn=sudocmdgroup2)), + expected=dict( + count=1, + truncated=False, + result=[ + dict( + dn=u'cn=%s,cn=sudocmdgroups,cn=accounts,%s' % \ + (sudocmdgroup2, api.env.basedn), + cn=[sudocmdgroup2], + description=[u'New desc 2'], + ), + ], + summary=u'1 sudo command group matched', + ), + ), + + + dict( + desc='Search for all sudocmdgroups', + command=('sudocmdgroup_find', [], {}), + expected=dict( + summary=u'2 sudo command groups matched', + count=2, + truncated=False, + result=[ + dict( + dn=u'cn=%s,cn=sudocmdgroups,cn=accounts,%s' % \ + (sudocmdgroup1, api.env.basedn), + cn=[sudocmdgroup1], + description=[u'New desc 1'], + ), + dict( + dn=u'cn=%s,cn=sudocmdgroups,cn=accounts,%s' % \ + (sudocmdgroup2, api.env.basedn), + cn=[sudocmdgroup2], + description=[u'New desc 2'], + ), + ], + ), + ), + + + + ############### + # member stuff: + dict( + desc='Add member %r to %r' % (sudocmd1, sudocmdgroup1), + command=( + 'sudocmdgroup_add_member', [sudocmdgroup1], + dict(sudocmd=sudocmd1) + ), + expected=dict( + completed=1, + failed=dict( + member=dict( + sudocmdgroup=tuple(), + sudocmd=tuple(), + ), + ), + result={ + 'dn': u'cn=%s,cn=sudocmdgroups,cn=accounts,%s' % \ + (sudocmdgroup1, api.env.basedn), + 'member_sudocmd': (sudocmd1,), + 'cn': [sudocmdgroup1], + 'description': [u'New desc 1'], + }, + ), + ), + + dict( + # FIXME: Shouldn't this raise a NotFound instead? + desc='Try to add non-existent member to %r' % sudocmdgroup1, + command=( + 'sudocmdgroup_add_member', [sudocmdgroup1], + dict(sudocmd=u'notfound') + ), + expected=dict( + completed=0, + failed=dict( + member=dict( + sudocmdgroup=tuple(), + sudocmd=(u'notfound',), + ), + ), + result={ + 'dn': u'cn=%s,cn=sudocmdgroups,cn=accounts,%s' % \ + (sudocmdgroup1, api.env.basedn), + 'member_sudocmd': (u'/usr/bin/sudotestcmd1',), + 'cn': [sudocmdgroup1], + 'description': [u'New desc 1'], + }, + ), + ), + + dict( + desc='Remove member %r from %r' % (sudocmd1, sudocmdgroup1), + command=('sudocmdgroup_remove_member', + [sudocmdgroup1], dict(sudocmd=sudocmd1) + ), + expected=dict( + completed=1, + failed=dict( + member=dict( + sudocmdgroup=tuple(), + sudocmd=tuple(), + ), + ), + result={ + 'dn': u'cn=%s,cn=sudocmdgroups,cn=accounts,%s' % \ + (sudocmdgroup1, api.env.basedn), + 'cn': [sudocmdgroup1], + 'description': [u'New desc 1'], + }, + ), + ), + + dict( + # FIXME: Shouldn't this raise a NotFound instead? + desc='Try to remove non-existent member from %r' % sudocmdgroup1, + command=('sudocmdgroup_remove_member', + [sudocmdgroup1], dict(sudocmd=u'notfound') + ), + expected=dict( + completed=0, + failed=dict( + member=dict( + sudocmdgroup=tuple(), + sudocmd=(u'notfound',), + ), + ), + result={ + 'dn': u'cn=%s,cn=sudocmdgroups,cn=accounts,%s' % \ + (sudocmdgroup1, api.env.basedn), + 'cn': [sudocmdgroup1], + 'description': [u'New desc 1'], + }, + ), + ), + + + ################ + # delete sudocmdgroup1: + dict( + desc='Delete %r' % sudocmdgroup1, + command=('sudocmdgroup_del', [sudocmdgroup1], {}), + expected=dict( + result=True, + value=sudocmdgroup1, + summary=u'Deleted sudo command group "testsudocmdgroup1"', + ) + ), + + + dict( + desc='Try to delete non-existent %r' % sudocmdgroup1, + command=('sudocmdgroup_del', [sudocmdgroup1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to retrieve non-existent %r' % sudocmdgroup1, + command=('sudocmdgroup_show', [sudocmdgroup1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to update non-existent %r' % sudocmdgroup1, + command=('sudocmdgroup_mod', [sudocmdgroup1], + dict(description=u'Foo')), + expected=errors.NotFound(reason='no such entry'), + ), + + + ################ + # delete sudocmdgroup2: + dict( + desc='Delete %r' % sudocmdgroup2, + command=('sudocmdgroup_del', [sudocmdgroup2], {}), + expected=dict( + result=True, + value=sudocmdgroup2, + summary=u'Deleted sudo command group "testsudocmdgroup2"', + ) + ), + + + dict( + desc='Try to delete non-existent %r' % sudocmdgroup2, + command=('sudocmdgroup_del', [sudocmdgroup2], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to retrieve non-existent %r' % sudocmdgroup2, + command=('sudocmdgroup_show', [sudocmdgroup2], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to update non-existent %r' % sudocmdgroup2, + command=('sudocmdgroup_mod', [sudocmdgroup2], + dict(description=u'Foo')), + expected=errors.NotFound(reason='no such entry'), + ), + + + ##### clean up test Command + + dict( + desc='Now delete the sudo command %r' % sudocmd1, + command=('sudocmd_del', [sudocmd1], {}), + expected=dict( + result=True, + value=sudocmd1, + summary=u'Deleted sudo command "%s"' % sudocmd1, + ) + ), + + + dict( + desc='Verify that %r is really gone' % sudocmd1, + command=('sudocmd_show', [sudocmd1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + ] diff --git a/tests/test_xmlrpc/test_sudorule_plugin.py b/tests/test_xmlrpc/test_sudorule_plugin.py new file mode 100644 index 000000000..7ab372b79 --- /dev/null +++ b/tests/test_xmlrpc/test_sudorule_plugin.py @@ -0,0 +1,269 @@ +# Authors: +# Jr Aquino +# Pavel Zuna +# +# Copyright (C) 2010 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +""" +Test the `ipalib/plugins/sudorule.py` module. +""" + +from xmlrpc_test import XMLRPC_test, assert_attr_equal +from ipalib import api +from ipalib import errors + + +class test_sudorule(XMLRPC_test): + """ + Test the `sudorule` plugin. + """ + rule_name = u'testing_sudorule1' + rule_type = u'allow' + rule_type_fail = u'value not allowed' + rule_command = u'/usr/bin/testsudocmd1' + rule_desc = u'description' + rule_desc_mod = u'description modified' + + test_user = u'sudorule_test_user' + test_group = u'sudorule_test_group' + test_host = u'sudorule._test_host' + test_hostgroup = u'sudorule_test_hostgroup' + test_sudocmdgroup = u'sudorule_test_cmdgroup' + test_command = u'/usr/bin/testsudocmd1' + + def test_0_sudorule_add(self): + """ + Test adding a new Sudo rule using `xmlrpc.sudorule_add`. + """ + ret = self.failsafe_add(api.Object.sudorule, + self.rule_name, + accessruletype=self.rule_type, + description=self.rule_desc, + ) + entry = ret['result'] + assert_attr_equal(entry, 'cn', self.rule_name) + assert_attr_equal(entry, 'accessruletype', self.rule_type) + assert_attr_equal(entry, 'description', self.rule_desc) + + def test_1_sudorule_add(self): + """ + Test adding an duplicate Sudo rule using `xmlrpc.sudorule_add'. + """ + try: + api.Command['sudorule_add']( + self.rule_name, accessruletype=self.rule_type + ) + except errors.DuplicateEntry: + pass + else: + assert False + + def test_2_sudorule_show(self): + """ + Test displaying a Sudo rule using `xmlrpc.sudorule_show`. + """ + entry = api.Command['sudorule_show'](self.rule_name)['result'] + assert_attr_equal(entry, 'cn', self.rule_name) + assert_attr_equal(entry, 'accessruletype', self.rule_type) + assert_attr_equal(entry, 'description', self.rule_desc) + + def test_3_sudorule_mod(self): + """ + Test modifying a Sudo rule using `xmlrpc.sudorule_mod`. + """ + ret = api.Command['sudorule_mod']( + self.rule_name, description=self.rule_desc_mod + ) + entry = ret['result'] + assert_attr_equal(entry, 'description', self.rule_desc_mod) + + def test_6_sudorule_find(self): + """ + Test searching for Sudo rules using `xmlrpc.sudorule_find`. + """ + ret = api.Command['sudorule_find']( + name=self.rule_name, accessruletype=self.rule_type, + description=self.rule_desc_mod + ) + assert ret['truncated'] is False + entries = ret['result'] + assert_attr_equal(entries[0], 'cn', self.rule_name) + assert_attr_equal(entries[0], 'accessruletype', self.rule_type) + assert_attr_equal(entries[0], 'description', self.rule_desc_mod) + + def test_7_sudorule_init_testing_data(self): + """ + Initialize data for more Sudo rule plugin testing. + """ + self.failsafe_add(api.Object.user, + self.test_user, givenname=u'first', sn=u'last' + ) + self.failsafe_add(api.Object.group, + self.test_group, description=u'description' + ) + self.failsafe_add(api.Object.host, + self.test_host, force=True + ) + self.failsafe_add(api.Object.hostgroup, + self.test_hostgroup, description=u'description' + ) + self.failsafe_add(api.Object.sudocmdgroup, + self.test_sudocmdgroup, description=u'desc' + ) + self.failsafe_add(api.Object.sudocmd, + self.test_command, description=u'desc', force=True + ) + + def test_8_sudorule_add_user(self): + """ + Test adding user and group to Sudo rule using + `xmlrpc.sudorule_add_user`. + """ + ret = api.Command['sudorule_add_user']( + self.rule_name, user=self.test_user, group=self.test_group + ) + assert ret['completed'] == 2 + failed = ret['failed'] + assert 'memberuser' in failed + assert 'user' in failed['memberuser'] + assert not failed['memberuser']['user'] + assert 'group' in failed['memberuser'] + assert not failed['memberuser']['group'] + entry = ret['result'] + assert_attr_equal(entry, 'memberuser_user', self.test_user) + assert_attr_equal(entry, 'memberuser_group', self.test_group) + + def test_9_sudorule_remove_user(self): + """ + Test removing user and group from Sudo rule using + `xmlrpc.sudorule_remove_user'. + """ + ret = api.Command['sudorule_remove_user']( + self.rule_name, user=self.test_user, group=self.test_group + ) + assert ret['completed'] == 2 + failed = ret['failed'] + assert 'memberuser' in failed + assert 'user' in failed['memberuser'] + assert not failed['memberuser']['user'] + assert 'group' in failed['memberuser'] + assert not failed['memberuser']['group'] + entry = ret['result'] + assert 'memberuser_user' not in entry + assert 'memberuser_group' not in entry + + def test_a_sudorule_add_host(self): + """ + Test adding host and hostgroup to Sudo rule using + `xmlrpc.sudorule_add_host`. + """ + ret = api.Command['sudorule_add_host']( + self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup + ) + assert ret['completed'] == 2 + failed = ret['failed'] + assert 'memberhost' in failed + assert 'host' in failed['memberhost'] + assert not failed['memberhost']['host'] + assert 'hostgroup' in failed['memberhost'] + assert not failed['memberhost']['hostgroup'] + entry = ret['result'] + assert_attr_equal(entry, 'memberhost_host', self.test_host) + assert_attr_equal(entry, 'memberhost_hostgroup', self.test_hostgroup) + + def test_b_sudorule_remove_host(self): + """ + Test removing host and hostgroup from Sudo rule using + `xmlrpc.sudorule_remove_host`. + """ + ret = api.Command['sudorule_remove_host']( + self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup + ) + assert ret['completed'] == 2 + failed = ret['failed'] + assert 'memberhost' in failed + assert 'host' in failed['memberhost'] + assert not failed['memberhost']['host'] + assert 'hostgroup' in failed['memberhost'] + assert not failed['memberhost']['hostgroup'] + entry = ret['result'] + assert 'memberhost_host' not in entry + assert 'memberhost_hostgroup' not in entry + + def test_a_sudorule_add_command(self): + """ + Test adding command and cmdgroup to Sudo rule using + `xmlrpc.sudorule_add_command`. + """ + ret = api.Command['sudorule_add_command']( + self.rule_name, sudocmd=self.test_command, + sudocmdgroup=self.test_sudocmdgroup + ) + assert ret['completed'] == 2 + failed = ret['failed'] + assert 'membercmd' in failed + assert 'sudocmd' in failed['membercmd'] + assert not failed['membercmd']['sudocmd'] + assert 'sudocmdgroup' in failed['membercmd'] + assert not failed['membercmd']['sudocmdgroup'] + entry = ret['result'] + assert_attr_equal(entry, 'membercmd_sudocmd', self.test_command) + assert_attr_equal(entry, 'membercmd_sudocmdgroup', + self.test_sudocmdgroup) + + def test_a_sudorule_remove_command(self): + """ + Test removing command and sudocmdgroup from Sudo rule using + `xmlrpc.sudorule_remove_command`. + """ + ret = api.Command['sudorule_remove_command']( + self.rule_name, sudocmd=self.test_command, + sudocmdgroup=self.test_sudocmdgroup + ) + assert ret['completed'] == 2 + failed = ret['failed'] + assert 'membercmd' in failed + assert 'sudocmd' in failed['membercmd'] + assert not failed['membercmd']['sudocmd'] + assert 'sudocmdgroup' in failed['membercmd'] + assert not failed['membercmd']['sudocmdgroup'] + entry = ret['result'] + assert 'membercmd_sudocmd' not in entry + assert 'membercmd_sudocmdgroup' not in entry + + def test_c_sudorule_clear_testing_data(self): + """ + Clear data for Sudo rule plugin testing. + """ + api.Command['user_del'](self.test_user) + api.Command['group_del'](self.test_group) + api.Command['host_del'](self.test_host) + api.Command['hostgroup_del'](self.test_hostgroup) + api.Command['sudocmd_del'](self.test_command) + api.Command['sudocmdgroup_del'](self.test_sudocmdgroup) + + def test_f_sudorule_del(self): + """ + Test deleting a Sudo rule using `xmlrpc.sudorule_del`. + """ + assert api.Command['sudorule_del'](self.rule_name)['result'] is True + # verify that it's gone + try: + api.Command['sudorule_show'](self.rule_name) + except errors.NotFound: + pass + else: + assert False -- cgit