From bfd2e383dcb0cd5ce156775982e87d6ac32513a3 Mon Sep 17 00:00:00 2001 From: Jr Aquino Date: Mon, 4 Oct 2010 15:56:40 -0700 Subject: Added modifications to the sudorule plugin to reflect the schema update. --- tests/test_xmlrpc/test_sudorule_plugin.py | 112 ++++++++++++++++++++---------- 1 file changed, 77 insertions(+), 35 deletions(-) (limited to 'tests/test_xmlrpc/test_sudorule_plugin.py') diff --git a/tests/test_xmlrpc/test_sudorule_plugin.py b/tests/test_xmlrpc/test_sudorule_plugin.py index 7ab372b7..b047899a 100644 --- a/tests/test_xmlrpc/test_sudorule_plugin.py +++ b/tests/test_xmlrpc/test_sudorule_plugin.py @@ -31,8 +31,6 @@ class test_sudorule(XMLRPC_test): Test the `sudorule` plugin. """ rule_name = u'testing_sudorule1' - rule_type = u'allow' - rule_type_fail = u'value not allowed' rule_command = u'/usr/bin/testsudocmd1' rule_desc = u'description' rule_desc_mod = u'description modified' @@ -41,8 +39,10 @@ class test_sudorule(XMLRPC_test): test_group = u'sudorule_test_group' test_host = u'sudorule._test_host' test_hostgroup = u'sudorule_test_hostgroup' - test_sudocmdgroup = u'sudorule_test_cmdgroup' + test_sudoallowcmdgroup = u'sudorule_test_allowcmdgroup' + test_sudodenycmdgroup = u'sudorule_test_denycmdgroup' test_command = u'/usr/bin/testsudocmd1' + test_denycommand = u'/usr/bin/testdenysudocmd1' def test_0_sudorule_add(self): """ @@ -50,12 +50,10 @@ class test_sudorule(XMLRPC_test): """ ret = self.failsafe_add(api.Object.sudorule, self.rule_name, - accessruletype=self.rule_type, description=self.rule_desc, ) entry = ret['result'] assert_attr_equal(entry, 'cn', self.rule_name) - assert_attr_equal(entry, 'accessruletype', self.rule_type) assert_attr_equal(entry, 'description', self.rule_desc) def test_1_sudorule_add(self): @@ -64,7 +62,7 @@ class test_sudorule(XMLRPC_test): """ try: api.Command['sudorule_add']( - self.rule_name, accessruletype=self.rule_type + self.rule_name ) except errors.DuplicateEntry: pass @@ -77,7 +75,6 @@ class test_sudorule(XMLRPC_test): """ entry = api.Command['sudorule_show'](self.rule_name)['result'] assert_attr_equal(entry, 'cn', self.rule_name) - assert_attr_equal(entry, 'accessruletype', self.rule_type) assert_attr_equal(entry, 'description', self.rule_desc) def test_3_sudorule_mod(self): @@ -95,13 +92,12 @@ class test_sudorule(XMLRPC_test): Test searching for Sudo rules using `xmlrpc.sudorule_find`. """ ret = api.Command['sudorule_find']( - name=self.rule_name, accessruletype=self.rule_type, + name=self.rule_name, description=self.rule_desc_mod ) assert ret['truncated'] is False entries = ret['result'] assert_attr_equal(entries[0], 'cn', self.rule_name) - assert_attr_equal(entries[0], 'accessruletype', self.rule_type) assert_attr_equal(entries[0], 'description', self.rule_desc_mod) def test_7_sudorule_init_testing_data(self): @@ -121,7 +117,10 @@ class test_sudorule(XMLRPC_test): self.test_hostgroup, description=u'description' ) self.failsafe_add(api.Object.sudocmdgroup, - self.test_sudocmdgroup, description=u'desc' + self.test_sudoallowcmdgroup, description=u'desc' + ) + self.failsafe_add(api.Object.sudocmdgroup, + self.test_sudodenycmdgroup, description=u'desc' ) self.failsafe_add(api.Object.sudocmd, self.test_command, description=u'desc', force=True @@ -203,46 +202,87 @@ class test_sudorule(XMLRPC_test): assert 'memberhost_host' not in entry assert 'memberhost_hostgroup' not in entry - def test_a_sudorule_add_command(self): + def test_a_sudorule_add_allow_command(self): """ - Test adding command and cmdgroup to Sudo rule using - `xmlrpc.sudorule_add_command`. + Test adding allow command and cmdgroup to Sudo rule using + `xmlrpc.sudorule_add_allow_command`. """ - ret = api.Command['sudorule_add_command']( + ret = api.Command['sudorule_add_allow_command']( self.rule_name, sudocmd=self.test_command, - sudocmdgroup=self.test_sudocmdgroup + sudocmdgroup=self.test_sudoallowcmdgroup ) assert ret['completed'] == 2 failed = ret['failed'] - assert 'membercmd' in failed - assert 'sudocmd' in failed['membercmd'] - assert not failed['membercmd']['sudocmd'] - assert 'sudocmdgroup' in failed['membercmd'] - assert not failed['membercmd']['sudocmdgroup'] + assert 'memberallowcmd' in failed + assert 'sudocmd' in failed['memberallowcmd'] + assert not failed['memberallowcmd']['sudocmd'] + assert 'sudocmdgroup' in failed['memberallowcmd'] + assert not failed['memberallowcmd']['sudocmdgroup'] entry = ret['result'] - assert_attr_equal(entry, 'membercmd_sudocmd', self.test_command) - assert_attr_equal(entry, 'membercmd_sudocmdgroup', - self.test_sudocmdgroup) + assert_attr_equal(entry, 'memberallowcmd_sudocmd', self.test_command) + assert_attr_equal(entry, 'memberallowcmd_sudocmdgroup', + self.test_sudoallowcmdgroup) - def test_a_sudorule_remove_command(self): + def test_a_sudorule_remove_allow_command(self): """ - Test removing command and sudocmdgroup from Sudo rule using + Test removing allow command and sudocmdgroup from Sudo rule using `xmlrpc.sudorule_remove_command`. """ - ret = api.Command['sudorule_remove_command']( + ret = api.Command['sudorule_remove_allow_command']( + self.rule_name, sudocmd=self.test_command, + sudocmdgroup=self.test_sudoallowcmdgroup + ) + assert ret['completed'] == 2 + failed = ret['failed'] + assert 'memberallowcmd' in failed + assert 'sudocmd' in failed['memberallowcmd'] + assert not failed['memberallowcmd']['sudocmd'] + assert 'sudocmdgroup' in failed['memberallowcmd'] + assert not failed['memberallowcmd']['sudocmdgroup'] + entry = ret['result'] + assert 'memberallowcmd_sudocmd' not in entry + assert 'memberallowcmd_sudocmdgroup' not in entry + + def test_b_sudorule_add_deny_command(self): + """ + Test adding deny command and cmdgroup to Sudo rule using + `xmlrpc.sudorule_add_deny_command`. + """ + ret = api.Command['sudorule_add_deny_command']( self.rule_name, sudocmd=self.test_command, - sudocmdgroup=self.test_sudocmdgroup + sudocmdgroup=self.test_sudodenycmdgroup ) assert ret['completed'] == 2 failed = ret['failed'] - assert 'membercmd' in failed - assert 'sudocmd' in failed['membercmd'] - assert not failed['membercmd']['sudocmd'] - assert 'sudocmdgroup' in failed['membercmd'] - assert not failed['membercmd']['sudocmdgroup'] + assert 'memberdenycmd' in failed + assert 'sudocmd' in failed['memberdenycmd'] + assert not failed['memberdenycmd']['sudocmd'] + assert 'sudocmdgroup' in failed['memberdenycmd'] + assert not failed['memberdenycmd']['sudocmdgroup'] entry = ret['result'] - assert 'membercmd_sudocmd' not in entry - assert 'membercmd_sudocmdgroup' not in entry + assert_attr_equal(entry, 'memberdenycmd_sudocmd', self.test_command) + assert_attr_equal(entry, 'memberdenycmd_sudocmdgroup', + self.test_sudodenycmdgroup) + + def test_b_sudorule_remove_deny_command(self): + """ + Test removing deny command and sudocmdgroup from Sudo rule using + `xmlrpc.sudorule_remove_deny_command`. + """ + ret = api.Command['sudorule_remove_deny_command']( + self.rule_name, sudocmd=self.test_command, + sudocmdgroup=self.test_sudodenycmdgroup + ) + assert ret['completed'] == 2 + failed = ret['failed'] + assert 'memberdenycmd' in failed + assert 'sudocmd' in failed['memberdenycmd'] + assert not failed['memberdenycmd']['sudocmd'] + assert 'sudocmdgroup' in failed['memberdenycmd'] + assert not failed['memberdenycmd']['sudocmdgroup'] + entry = ret['result'] + assert 'memberdenycmd_sudocmd' not in entry + assert 'memberdenycmd_sudocmdgroup' not in entry def test_c_sudorule_clear_testing_data(self): """ @@ -253,7 +293,9 @@ class test_sudorule(XMLRPC_test): api.Command['host_del'](self.test_host) api.Command['hostgroup_del'](self.test_hostgroup) api.Command['sudocmd_del'](self.test_command) - api.Command['sudocmdgroup_del'](self.test_sudocmdgroup) + api.Command['sudocmdgroup_del'](self.test_sudoallowcmdgroup) + api.Command['sudocmdgroup_del'](self.test_sudodenycmdgroup) + def test_f_sudorule_del(self): """ -- cgit