# Authors: # Rob Crittenden # Pavel Zuna # # Copyright (C) 2009 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; version 2 only # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA """ Test the `ipalib/plugins/netgroup.py` module. """ import sys import nose import krbV from xmlrpc_test import XMLRPC_test, assert_attr_equal, assert_is_member from ipalib import api from ipalib import errors from ipaserver.plugins.ldap2 import ldap2 # Global so we can save the value between tests netgroup_dn = None # See if our LDAP server is up and we can talk to it over GSSAPI ccache = krbV.default_context().default_ccache().name class test_netgroup(XMLRPC_test): """ Test the `netgroup` plugin. """ ng_cn = u'ng1' ng_description = u'Netgroup' ng_kw = {'cn': ng_cn, 'description': ng_description, 'nisdomainname': u'example.com', 'raw': True} host_fqdn = u'ipatesthost.%s' % api.env.domain host_description = u'Test host' host_localityname = u'Undisclosed location' host_kw = {'fqdn': host_fqdn, 'description': host_description, 'localityname': host_localityname, 'raw': True, 'force': True} hg_cn = u'hg1' hg_description = u'Netgroup' hg_kw = {'cn': hg_cn, 'description': hg_description, 'raw': True} user_uid = u'jexample' user_givenname = u'Jim' user_sn = u'Example' user_home = u'/home/%s' % user_uid user_kw = {'givenname': user_givenname,'sn': user_sn,'uid': user_uid,'homedirectory': user_home, 'raw': True} # user2 is a member of testgroup user2_uid = u'pexample' user2_givenname = u'Pete' user2_sn = u'Example' user2_home = u'/home/%s' % user2_uid user2_kw = {'givenname': user2_givenname,'sn': user2_sn,'uid': user2_uid,'homedirectory': user2_home, 'raw': True} group_cn = u'testgroup' group_description = u'This is a test' group_kw = {'description': group_description,'cn': group_cn} def test_1_netgroup_add(self): """ Test the `xmlrpc.netgroup_add` method. """ entry = api.Command['netgroup_add'](**self.ng_kw)['result'] assert_attr_equal(entry, 'description', self.ng_description) assert_attr_equal(entry, 'cn', self.ng_cn) def test_2_add_data(self): """ Add the data needed to do additional testing. """ # Add a host entry = api.Command['host_add'](**self.host_kw)['result'] assert_attr_equal(entry, 'description', self.host_description) assert_attr_equal(entry, 'fqdn', self.host_fqdn) # Add a hostgroup entry= api.Command['hostgroup_add'](**self.hg_kw)['result'] assert_attr_equal(entry, 'description', self.hg_description) assert_attr_equal(entry, 'cn', self.hg_cn) # Add a user entry = api.Command['user_add'](**self.user_kw)['result'] assert_attr_equal(entry, 'givenname', self.user_givenname) assert_attr_equal(entry, 'uid', self.user_uid) # Add our second user entry = api.Command['user_add'](**self.user2_kw)['result'] assert_attr_equal(entry, 'givenname', self.user2_givenname) assert_attr_equal(entry, 'uid', self.user2_uid) # Add a group entry = api.Command['group_add'](**self.group_kw)['result'] assert_attr_equal(entry, 'description', self.group_description) assert_attr_equal(entry, 'cn', self.group_cn) # Add a user to the group kw = {'raw': True} kw['user'] = self.user2_uid res = api.Command['group_add_member'](self.group_cn, **kw) assert res['completed'] == 1 def test_3_netgroup_add_member(self): """ Test the `xmlrpc.netgroup_add_member` method. """ kw = {'raw': True} kw['host'] = self.host_fqdn entry = api.Command['netgroup_add_member'](self.ng_cn, **kw)['result'] assert_is_member(entry, 'fqdn=%s' % self.host_fqdn, 'memberhost') kw = {'raw': True} kw['hostgroup'] = self.hg_cn ret = api.Command['netgroup_add_member'](self.ng_cn, **kw) assert ret['completed'] == 1 assert_is_member(ret['result'], 'cn=%s' % self.hg_cn, 'memberhost') kw = {'raw': True} kw['user'] = self.user_uid ret = api.Command['netgroup_add_member'](self.ng_cn, **kw) assert ret['completed'] == 1 assert_is_member(ret['result'], 'uid=%s' % self.user_uid, 'memberuser') kw = {'raw': True} kw['group'] = self.group_cn ret = api.Command['netgroup_add_member'](self.ng_cn, **kw) assert ret['completed'] == 1 assert_is_member(ret['result'], 'cn=%s' % self.group_cn, 'memberuser') def test_4_netgroup_add_member(self): """ Test the `xmlrpc.netgroup_add_member` method again to test dupes. """ kw = {'raw': True} kw['host'] = self.host_fqdn ret = api.Command['netgroup_add_member'](self.ng_cn, **kw) assert ret['completed'] == 0 failed = ret['failed'] assert 'memberhost' in failed assert 'host' in failed['memberhost'] assert self.host_fqdn in failed['memberhost']['host'] kw = {'raw': True} kw['hostgroup'] = self.hg_cn ret = api.Command['netgroup_add_member'](self.ng_cn, **kw) assert ret['completed'] == 0 failed = ret['failed'] assert 'memberhost' in failed assert 'hostgroup' in failed['memberhost'] assert self.hg_cn in failed['memberhost']['hostgroup'] kw = {'raw': True} kw['user'] = self.user_uid ret = api.Command['netgroup_add_member'](self.ng_cn, **kw) assert ret['completed'] == 0 failed = ret['failed'] assert 'memberuser' in failed assert 'user' in failed['memberuser'] assert self.user_uid in failed['memberuser']['user'] kw = {'raw': True} kw['group'] = self.group_cn ret = api.Command['netgroup_add_member'](self.ng_cn, **kw) assert ret['completed'] == 0 failed = ret['failed'] assert 'memberuser' in failed assert 'group' in failed['memberuser'] assert self.group_cn in failed['memberuser']['group'] def test_5_netgroup_add_member(self): """ Test adding external hosts. """ kw = {'raw': True} kw['host'] = u'nosuchhost' ret = api.Command['netgroup_add_member'](self.ng_cn, **kw) assert ret['completed'] == 1, ret entry = api.Command['netgroup_show'](self.ng_cn, all=True, raw=True)['result'] assert_is_member(entry, 'nosuchhost', 'externalhost') def test_6_netgroup_show(self): """ Test the `xmlrpc.netgroup_show` method with --all. """ entry = api.Command['netgroup_show'](self.ng_cn, all=True, raw=True)['result'] assert_attr_equal(entry, 'description', self.ng_description) assert_attr_equal(entry, 'cn', self.ng_cn) assert_is_member(entry, 'fqdn=%s' % self.host_fqdn, 'memberhost') assert_is_member(entry, 'cn=%s' % self.hg_cn, 'memberhost') assert_is_member(entry, 'uid=%s' % self.user_uid, 'memberuser') assert_is_member(entry, 'cn=%s' % self.group_cn, 'memberuser') assert_attr_equal(entry, 'objectclass', 'ipaobject') assert_attr_equal(entry, 'objectclass', 'ipanisnetgroup') assert_attr_equal(entry, 'objectclass', 'ipaassociation') def test_6a_netgroup_show(self): """ Test the `xmlrpc.netgroup_show` method. """ global netgroup_dn entry = api.Command['netgroup_show'](self.ng_cn, all=False, raw=True)['result'] assert_attr_equal(entry, 'description', self.ng_description) assert_attr_equal(entry, 'cn', self.ng_cn) assert_is_member(entry, 'fqdn=%s' % self.host_fqdn, 'memberhost') assert_is_member(entry, 'cn=%s' % self.hg_cn, 'memberhost') assert_is_member(entry, 'uid=%s' % self.user_uid, 'memberuser') assert_is_member(entry, 'cn=%s' % self.group_cn, 'memberuser') netgroup_dn = entry['dn'] def test_6b_netgroup_show(self): """ Confirm the underlying triples """ # Do an LDAP query to the compat area and verify that the entry # is correct conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri, base_dn=api.env.basedn) conn.connect(ccache=ccache) try: entries = conn.find_entries('cn=%s' % self.ng_cn, base_dn='cn=ng,cn=compat,%s' % api.env.basedn) except errors.NotFound: raise nose.SkipTest('compat and nis are not enabled, skipping test') finally: conn.disconnect() triples = entries[0][0][1]['nisnetgrouptriple'] # This may not prove to be reliable since order is not guaranteed # and even which user gets into which triple can be random. assert '(nosuchhost,jexample,example.com)' in triples assert '(ipatesthost.%s,pexample,example.com)' % api.env.domain in triples def test_7_netgroup_find(self): """ Test the `xmlrpc.netgroup_find` method. """ result = api.Command.netgroup_find(self.ng_cn, raw=True) entries = result['result'] assert(result['count'] == 1) assert_attr_equal(entries[0], 'description', self.ng_description) assert_attr_equal(entries[0], 'cn', self.ng_cn) def test_8_netgroup_mod(self): """ Test the `xmlrpc.netgroup_mod` method. """ newdesc = u'Updated host group' modkw = {'cn': self.ng_cn, 'description': newdesc, 'raw': True} entry = api.Command['netgroup_mod'](**modkw)['result'] assert_attr_equal(entry, 'description', newdesc) # Ok, double-check that it was changed entry = api.Command['netgroup_show'](self.ng_cn, raw=True)['result'] assert_attr_equal(entry, 'description', newdesc) assert_attr_equal(entry, 'cn', self.ng_cn) def test_9_netgroup_remove_member(self): """ Test the `xmlrpc.netgroup_remove_member` method. """ kw = {'raw': True} kw['host'] = self.host_fqdn ret = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert ret['completed'] == 1 kw = {'raw': True} kw['hostgroup'] = self.hg_cn ret = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert ret['completed'] == 1 kw = {'raw': True} kw['user'] = self.user_uid ret = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert ret['completed'] == 1 kw = {'raw': True} kw['group'] = self.group_cn ret = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert ret['completed'] == 1 def test_a_netgroup_remove_member(self): """ Test the `xmlrpc.netgroup_remove_member` method again to test not found. """ kw = {'raw': True} kw['host'] = self.host_fqdn ret = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert ret['completed'] == 0 failed = ret['failed'] assert 'memberhost' in failed assert 'host' in failed['memberhost'] assert self.host_fqdn in failed['memberhost']['host'] kw = {'raw': True} kw['hostgroup'] = self.hg_cn ret = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert ret['completed'] == 0 failed = ret['failed'] assert 'memberhost' in failed assert 'hostgroup' in failed['memberhost'] assert self.hg_cn in failed['memberhost']['hostgroup'] kw = {'raw': True} kw['user'] = self.user_uid api.Command['netgroup_show'](self.ng_cn, all=True) ret = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert ret['completed'] == 0 failed = ret['failed'] assert 'memberuser' in failed assert 'user' in failed['memberuser'] assert self.user_uid in failed['memberuser']['user'] kw = {'raw': True} kw['group'] = self.group_cn ret = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert ret['completed'] == 0 failed = ret['failed'] assert 'memberuser' in failed assert 'group' in failed['memberuser'] assert self.group_cn in failed['memberuser']['group'] def test_b_netgroup_del(self): """ Test the `xmlrpc.netgroup_del` method. """ assert api.Command['netgroup_del'](self.ng_cn)['result'] is True # Verify that it is gone try: api.Command['netgroup_show'](self.ng_cn) except errors.NotFound: pass else: assert False def test_c_del_data(self): """ Remove the test data we added. """ # Remove the host assert api.Command['host_del'](self.host_fqdn)['result'] is True # Verify that it is gone try: api.Command['host_show'](self.host_fqdn) except errors.NotFound: pass else: assert False # Remove the hostgroup assert api.Command['hostgroup_del'](self.hg_cn)['result'] is True # Verify that it is gone try: api.Command['hostgroup_show'](self.hg_cn) except errors.NotFound: pass else: assert False # Remove the users assert api.Command['user_del'](self.user_uid)['result'] is True assert api.Command['user_del'](self.user2_uid)['result'] is True # Verify that it is gone try: api.Command['user_show'](self.user_uid) except errors.NotFound: pass else: assert False # Remove the group assert api.Command['group_del'](self.group_cn)['result'] is True # Verify that it is gone try: api.Command['group_show'](self.group_cn) except errors.NotFound: pass else: assert False