diff options
| author | Asha Akkiangady <aakkiang@redhat.com> | 2014-06-09 09:29:57 -0400 |
|---|---|---|
| committer | Asha Akkiangady <aakkiang@redhat.com> | 2014-06-09 09:33:37 -0400 |
| commit | d2980374a6c241b507f21a6acb4ec04a19241025 (patch) | |
| tree | f0e63c221a4a012719060b3e7a5b4e6c1562300d | |
| parent | 9e7961aa0904361bb9c88bfabcb99273d55b5739 (diff) | |
| download | pki-d2980374a6c241b507f21a6acb4ec04a19241025.tar.gz pki-d2980374a6c241b507f21a6acb4ec04a19241025.tar.xz pki-d2980374a6c241b507f21a6acb4ec04a19241025.zip | |
New Tests for user-membership add,find and delete.
Corrected error message in user-add tests.
6 files changed, 1578 insertions, 369 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh index 7d207ad4c..7a779c5d5 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh @@ -9,7 +9,8 @@ # pki-user-cli-user-add Add users to pki subsystems. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Authors: Asha Akkiangady <aakkiang@redhat.com> and Laxmi Sunkara <lsunkara@redhat.com> +# Authors: Asha Akkiangady <aakkiang@redhat.com> +# Laxmi Sunkara <lsunkara@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # @@ -820,7 +821,7 @@ run_pki-user-cli-user-add-ca_tests(){ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-adminE-002.out 2>&1" \ 255 \ "Should not be able to add user $user1 using a agent cert" - rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ca-adminE-002.out" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ca-adminE-002.out" rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ca-adminE-002.out" rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" rlRun "date --set='2 days ago'" 0 "Set System back to the present day" diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh index 0f50d54b7..50b7492e8 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh @@ -9,7 +9,8 @@ # pki-user-cli-user-membership-add Add user membership. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Author: Laxmi Sunkara <lsunkara@redhat.com> +# Authors: Asha Akkiangady <aakkiang@redhat.com> +# Laxmi Sunkara <lsunkara@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # @@ -44,24 +45,56 @@ ######################################################################## # Test Suite Globals ######################################################################## -#Available groups ca-group-find -groupid1="Certificate Manager Agents" -groupid2="Registration Manager Agents" -groupid3="Subsystem Group" -groupid4="Trusted Managers" -groupid5="Administrators" -groupid6="Auditors" -groupid7="ClonedSubsystems" -groupid8="Security Domain Administrators" -groupid9="Enterprise CA Administrators" -groupid10="Enterprise KRA Administrators" -groupid11="Enterprise OCSP Administrators" -groupid12="Enterprise TKS Administrators" -groupid13="Enterprise RA Administrators" -groupid14="Enterprise TPS Administrators" - run_pki-user-cli-user-membership-add-ca_tests(){ - rlPhaseStartTest "pki_user_cli_user_membership-add-CA-001: Add a users to CA using CA_adminV and to a group to test user-membership-add functionality" + #Local variables + groupid1="Certificate Manager Agents" + groupid2="Registration Manager Agents" + groupid3="Subsystem Group" + groupid4="Trusted Managers" + groupid5="Administrators" + groupid6="Auditors" + groupid7="ClonedSubsystems" + groupid8="Security Domain Administrators" + groupid9="Enterprise CA Administrators" + groupid10="Enterprise KRA Administrators" + groupid11="Enterprise OCSP Administrators" + groupid12="Enterprise TKS Administrators" + groupid13="Enterprise RA Administrators" + groupid14="Enterprise TPS Administrators" + + rlPhaseStartSetup "pki_user_cli_user_membership-add-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-002: pki user-membership configuration test" + rlRun "pki user-membership > $TmpDir/pki_user_membership_cfg.out 2>&1" \ + 0 \ + "pki user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-find Find user memberships" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-add Add user membership" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-del Remove user membership" "$TmpDir/pki_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-003: pki user-membership-add --help configuration test" + rlRun "pki user-membership-add --help > $TmpDir/pki_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki user-membership-add --help" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-004: pki user-membership-add configuration test" + rlRun "pki user-membership-add > $TmpDir/pki_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-005: Add users to available groups using valid admin user CA_adminV" i=1 while [ $i -lt 15 ] ; do rlLog "pki -d $CERTDB_DIR \ @@ -90,36 +123,36 @@ run_pki-user-cli-user-membership-add-ca_tests(){ rlLog "Adding the user to a group" eval gid=\$groupid$i rlLog "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add u$i \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add u$i \"$gid\"" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ca-00$i.out" \ - 0 \ - "Adding user u$i to group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ca-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ca-00$i.out" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ca-00$i.out" rlLog "Check if the user is added to the group" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-ca-00$i.out" \ - 0 \ - "User added to group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-ca-00$i.out" \ + 0 \ + "User added to group \"$gid\"" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ca-00$i.out" - let i=$i+1 done rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-add-CA-002: Add a user to all the groups" + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-006: Add a user to all available groups using CA_adminV" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-ca-userall-001.out" \ - 0 \ - "Adding user userall" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-ca-userall-001.out" \ + 0 \ + "Adding user userall" rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-ca-userall-001.out" rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-ca-userall-001.out" rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-ca-userall-001.out" @@ -138,38 +171,36 @@ run_pki-user-cli-user-membership-add-ca_tests(){ while [ $i -lt 15 ] ; do eval gid=\$groupid$i rlLog "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add userall \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add userall \"$gid\"" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ca-userall-00$i.out" \ - 0 \ - "Adding user userall to group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ca-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ca-userall-00$i.out" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ca-userall-00$i.out" rlLog "Check if the user is added to the group" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-ca-userall-00$i.out" \ - 0 \ - "User added to group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-ca-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ca-userall-00$i.out" let i=$i+1 done - - - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-add-CA-003: Add a user to same group multiple times(negative test case)" + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-007: Add a user to same group multiple times" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-ca-user1-001.out" \ - 0 \ - "Adding user user1" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-ca-user1-001.out" \ + 0 \ + "Adding user user1" rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-ca-user1-001.out" rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-ca-user1-001.out" rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-ca-user1-001.out" @@ -185,24 +216,363 @@ run_pki-user-cli-user-membership-add-ca_tests(){ rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-show-ca-user1-001.out" rlLog "Adding the user to the same groups twice" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ca-user1-001.out" \ - 0 \ - "Adding user userall to group \"Administrators\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ca-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ca-user1-001.out" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ca-user1-001.out 2>&1" \ - 1 \ - "cannot add user to the same group more than once" - rlAssertGrep "ConflictingOperationException: Attribute or value exists." "$TmpDir/pki-user-membership-add-groupadd-ca-user1-001.out" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-add-user-add-ca-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-009: Should be able to user-membership-add user id with i18n characters" + rlLog "user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=test 'ÖrjanÄke'" \ + 0 \ + "Adding uid ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-membership-add 'ÖrjanÄke' \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-ca-009_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ca-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-ca-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-membership-find 'ÖrjanÄke'" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-find-ca-009_3.out" \ + 0 \ + "Check user ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-find-ca-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-010: Should be able to user-membership-add user id with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Éric Têko' 'ÉricTêko'" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-ca-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ca-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ca-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-ca-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add 'ÉricTêko' \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-add-groupadd-ca-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ca-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ca-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find 'ÉricTêko' > $TmpDir/pki-user-membership-add-groupadd-find-ca-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-find-ca-010_3.out" rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-011: Should not be able to user-membership-add using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using a revoked cert CA_adminR" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-012: Should not be able to user-membership-add using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using an agent with revoked cert CA_agentR" + rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-add-ca-cleanup-001: Deleting the temp directory and users" + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-013: Should not be able to user-membership-add using admin user with expired cert CA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using admin user with expired cert CA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-014: Should not be able to user-membership-add using CA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using CA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-015: Should not be able to user-membership-add using CA_auditV cert" + command="pki -d $CERTDB_DIR -n CA_auditV -c $CERTDB_DIR_PASSWORD user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using CA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-016: Should not be able to user-membership-add using CA_operatorV cert" + command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using CA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-017: Should not be able to user-membership-add using CA_adminUTCA cert" + command="pki -d /tmp/untrusted_cert_db -n CA_adminUTCA -c Password user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using CA_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-018: Should not be able to user-membership-add using CA_agentUTCA cert" + command="pki -d /tmp/untrusted_cert_db -n CA_agentUTCA -c Password user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using CA_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-019: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add testuser1 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add testuser1 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ca-testuser1-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ca-testuser1-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ca-testuser1-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find testuser1 > $TmpDir/pki-user-membership-find-groupadd-find-ca-testuser1-019.out" \ + 0 \ + "Find user-membership to groups of testuser1" + rlAssertGrep "12 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-testuser1-019.out" + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-user-membership-find-groupadd-find-ca-testuser1-019.out" + i=2 + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "testuser1 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-testuser1-019.out" + fi + let i=$i+1 + done + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"CA_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + user-cert-add testuser1 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c Password user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile + echo "send -- \"\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-ca-testuser1-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ca-testuser1-002.out" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add testuser1 \"$groupid5\" > $TmpDir/pki-user-membership-add-groupadd-ca-usertest1-019_2.out" \ + 0 \ + "Adding user testuser1 to group \"$groupid5\"" + rlAssertGrep "Added membership in \"$groupid5\"" "$TmpDir/pki-user-membership-add-groupadd-ca-usertest1-019_2.out" + rlAssertGrep "Group: $groupid5" "$TmpDir/pki-user-membership-add-groupadd-ca-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find testuser1 > $TmpDir/pki-user-membership-add-groupadd-find-ca-usertest1-019_3.out" \ + 0 \ + "Check user-membership to group \"$groupid5\"" + rlAssertGrep "Group: $groupid5" "$TmpDir/pki-user-membership-add-groupadd-find-ca-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c Password \ + user-add --fullName=test_user u19 > $TmpDir/pki-user-add-ca-019_4.out" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-ca-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-ca-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ca-019_4.out" + rlPhaseEnd + + #Usability test + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-020: User associated with Certificate Manager Agents group only can approve certificate requests" + rlLog "Check testuser1 is not in group Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find testuser1 > $TmpDir/pki-user-membership-add-groupadd-find-ca-usertest1-020_1.out" \ + 0 \ + "Check user-membership to group \"$groupid1\"" + rlAssertNotGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-find-ca-usertest1-020_1.out" + + #Trying to approve a certificate request using testuser1 should fail + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show_20.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"test User3\" \"testuser3\" \ + \"testuser3@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid \ + --action approve" + command="pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid --action approve" + rlLog "Executing: $command" + errmsg="Authorization failed on resource: certServer.ca.certrequests, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Approve Certificate request using testuser1" + + #Add user testuser1 to Certificate Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add testuser1 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-ca-usertest1-020_3.out" \ + 0 \ + "Adding user testuser1 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-ca-usertest1-020_3.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-ca-usertest1-020_3.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find testuser1 > $TmpDir/pki-user-membership-add-groupadd-find-ca-usertest1-020_4.out" \ + 0 \ + "Check user-membership to group \"$groupid1\"" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-find-ca-usertest1-020_4.out" + + #Trying to approve a certificate request using testuser1 should now succeed + rlLog "pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out-20_5.out" 0 "Approve Certificate request using testuser1" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out-20_5.out" + rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1_20_6.out" + valid_serialNumber=`cat $TmpDir/usercert-show1_20_6.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-021: Should not be able to add user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-ca-cleanup-001: Deleting the temp directory and users" #===Deleting users created using CA_adminV cert===# i=1 while [ $i -lt 15 ] ; do @@ -211,25 +581,71 @@ run_pki-user-cli-user-membership-add-ca_tests(){ -c $CERTDB_DIR_PASSWORD \ user-del u$i > $TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-00$i.out" \ 0 \ - "Deleted user u$i" + "Deleting user u$i" rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-00$i.out" let i=$i+1 done - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del userall > $TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-userall-001.out" \ - 0 \ - "Deleted user userall" - rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del userall > $TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-userall-001.out" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del user1 > $TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-user1-001.out" \ - 0 \ - "Deleted user user1" - rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-user1-001.out" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del user1 > $TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del u19 > $TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-ca-user-membership-add-user-del-ca-u19-001.out" + #===Deleting users created using CA_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del testuser$i > $TmpDir/pki-user-membership-add-ca-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-user-membership-add-ca-user-00$i.out" + let i=$i+1 + done + #===Deleting i18n users created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del 'ÖrjanÄke' > $TmpDir/pki-user-del-ca-user-i18n_1.out" \ + 0 \ + "Deleting user ÖrjanÄke" + rlAssertGrep "Deleted user \"ÖrjanÄke\"" "$TmpDir/pki-user-del-ca-user-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del 'ÉricTêko' > $TmpDir/pki-user-del-ca-user-i18n_2.out" \ + 0 \ + "Deleting user ÉricTêko" + rlAssertGrep "Deleted user \"ÉricTêko\"" "$TmpDir/pki-user-del-ca-user-i18n_2.out" + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ca-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ca-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh index e8543d40c..3d5ff20a7 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh @@ -6,7 +6,8 @@ # Description: PKI user-membership-del CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Author: Laxmi Sunkara <lsunkara@redhat.com> +# Authors: Asha Akkiangady <aakkiang@redhat.com> +# Laxmi Sunkara <lsunkara@redhat.com # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # @@ -41,23 +42,46 @@ ######################################################################## # Test Suite Globals ######################################################################## -#Available groups ca-group-find -groupid1="Certificate Manager Agents" -groupid2="Registration Manager Agents" -groupid3="Subsystem Group" -groupid4="Trusted Managers" -groupid5="Administrators" -groupid6="Auditors" -groupid7="ClonedSubsystems" -groupid8="Security Domain Administrators" -groupid9="Enterprise CA Administrators" -groupid10="Enterprise KRA Administrators" -groupid11="Enterprise OCSP Administrators" -groupid12="Enterprise TKS Administrators" -groupid13="Enterprise RA Administrators" -groupid14="Enterprise TPS Administrators" run_pki-user-cli-user-membership-del-ca_tests(){ - rlPhaseStartTest "pki_user_cli_user_membership-del-CA-001: Add a users to CA using CA_adminV and to a group to test user-membership-del functionality" + #Available groups ca-group-find + groupid1="Certificate Manager Agents" + groupid2="Registration Manager Agents" + groupid3="Subsystem Group" + groupid4="Trusted Managers" + groupid5="Administrators" + groupid6="Auditors" + groupid7="ClonedSubsystems" + groupid8="Security Domain Administrators" + groupid9="Enterprise CA Administrators" + groupid10="Enterprise KRA Administrators" + groupid11="Enterprise OCSP Administrators" + groupid12="Enterprise TKS Administrators" + groupid13="Enterprise RA Administrators" + groupid14="Enterprise TPS Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-002: pki user-membership-del --help configuration test" + rlRun "pki user-membership-del --help > $TmpDir/pki_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki user-membership-del --help" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-003: pki user-membership-del configuration test" + rlRun "pki user-membership-del > $TmpDir/pki_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-004: Delete user-membership when user is added to different groups" i=1 while [ $i -lt 15 ] ; do rlLog "pki -d $CERTDB_DIR \ @@ -103,28 +127,27 @@ run_pki-user-cli-user-membership-del-ca_tests(){ -c $CERTDB_DIR_PASSWORD \ user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-ca-00$i.out" \ 0 \ - "User added to group \"$gid\"" + "Check user is in group \"$gid\"" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ca-00$i.out" rlLog "Delete the user from the group" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-del u$i \"$gid\" > $TmpDir/pki-user-membership-del-groupdel-del-ca-00$i.out" \ - 0 \ - "User deleted from group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-del u$i \"$gid\" > $TmpDir/pki-user-membership-del-groupdel-del-ca-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupdel-del-ca-00$i.out" - - let i=$i+1 done rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-del-CA-002: Add a user to all the groups" + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-005: Delete user-membership when user is added to many groups" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-ca-userall-001.out" \ - 0 \ - "Adding user userall" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-ca-userall-001.out" \ + 0 \ + "Adding user userall" rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-ca-userall-001.out" rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-ca-userall-001.out" rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-ca-userall-001.out" @@ -133,24 +156,24 @@ run_pki-user-cli-user-membership-del-ca_tests(){ while [ $i -lt 15 ] ; do eval gid=\$groupid$i rlLog "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add userall \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add userall \"$gid\"" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ca-userall-00$i.out" \ - 0 \ - "Adding user userall to group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ca-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ca-userall-00$i.out" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ca-userall-00$i.out" rlLog "Check if the user is added to the group" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-ca-userall-00$i.out" \ - 0 \ - "User added to group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-ca-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ca-userall-00$i.out" let i=$i+1 done @@ -159,20 +182,21 @@ run_pki-user-cli-user-membership-del-ca_tests(){ while [ $i -lt 15 ] ; do eval gid=\$groupid$i rlLog "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-del userall \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-del userall \"$gid\"" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-del userall \"$gid\" > $TmpDir/pki-user-membership-del-groupadd-ca-userall-00$i.out" \ - 0 \ - "Deleted userall from group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-del userall \"$gid\" > $TmpDir/pki-user-membership-del-groupadd-ca-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupadd-ca-userall-00$i.out" let i=$i+1 done rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-del-CA-003: Missing required option <Group id> while deleting a user from a group" + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-006: Missing required option <Group id> while deleting a user from a group" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -193,12 +217,12 @@ run_pki-user-cli-user-membership-del-ca_tests(){ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-membership-del user1 > $TmpDir/pki-user-membership-del-groupadd-ca-user1-001.out 2>&1" \ - 1 \ - "cannot delete user from group, Missing required option <Group id> " + 255 \ + "Cannot delete user from group, Missing required option <Group id>" rlAssertGrep "usage: user-membership-del <User ID> <Group ID>" "$TmpDir/pki-user-membership-del-groupadd-ca-user1-001.out" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-del-CA-003: Missing required option <User ID> while deleting a user from a group" + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-007: Missing required option <User ID> while deleting a user from a group" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -218,49 +242,479 @@ run_pki-user-cli-user-membership-del-ca_tests(){ rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-membership-del \"Administrators\" > $TmpDir/pki-user-membership-del-groupadd-ca-user1-001.out 2>&1" \ - 1 \ - "cannot delete user from group, Missing required option <user id> " - rlAssertGrep "usage: user-membership-del <User ID> <Group ID>" "$TmpDir/pki-user-membership-del-groupadd-ca-user1-001.out" + user-membership-del \"\" \"Administrators\" > $TmpDir/pki-user-membership-del-groupadd-ca-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-membership-del-groupadd-ca-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-008: Should not be able to user-membership-del using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert CA_adminR" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-009: Should not be able to user-membership-del using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert CA_agentR" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-010: Should not be able to user-membership-del using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a valid agent cert CA_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-011: Should not be able to user-membership-del using admin user with expired cert CA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using admin user with expired cert CA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-012: Should not be able to user-membership-del using CA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using CA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-013: Should not be able to user-membership-del using CA_auditV cert" + command="pki -d $CERTDB_DIR -n CA_auditV -c $CERTDB_DIR_PASSWORD user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using CA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-014: Should not be able to user-membership-del using CA_operatorV cert" + command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using CA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-015: Should not be able to user-membership-del using CA_adminUTCA cert" + command="pki -d /tmp/untrusted_cert_db -n CA_adminUTCA -c Password user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using CA_adminUTCA cert" + rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-016: Should not be able to user-membership-del using CA_agentUTCA cert" + command="pki -d /tmp/untrusted_cert_db -n CA_agentUTCA -c Password user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using CA_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-017: Delete user-membership for user id with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Éric Têko' 'ÉricTêko'" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-ca-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ca-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ca-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-ca-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add 'ÉricTêko' \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add 'ÉricTêko' \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-ca-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-ca-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-ca-017_2.out" + rlLog "Delete user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-del 'ÉricTêko' 'dadministʁasjɔ̃' > $TmpDir/pki-user-membership-del-ca-017_3.out" \ + 0 \ + "Delete user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-ca-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find 'ÉricTêko' > $TmpDir/pki-user-membership-find-groupadd-find-ca-017_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-017_4.out" rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-018: Delete user-membership for user id with i18n characters" + rlLog "user-add userid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=test 'ÖrjanÄke' > $TmpDir/pki-user-add-ca-018.out 2>&1" \ + 0 \ + "Adding uid ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"ÖrjanÄke\"" "$TmpDir/pki-user-add-ca-018.out" + rlAssertGrep "User ID: ÖrjanÄke" "$TmpDir/pki-user-add-ca-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add 'ÖrjanÄke' \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add 'ÖrjanÄke' \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-ca-018_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-ca-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-ca-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-del 'ÖrjanÄke' \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-del-ca-018_3.out" \ + 0 \ + "Delete user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-del-ca-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find 'ÖrjanÄke' > $TmpDir/pki-user-membership-del-groupadd-del-ca-018_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-del-groupadd-del-ca-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-019: Delete user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-del-user-del-ca-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-del-user-del-ca-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-del-user-del-ca-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-del-user-del-ca-019.out" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-020: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-user-membership-del-user-del-ca-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-membership-del-user-del-ca-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-membership-del-user-del-ca-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-user-membership-del-user-del-ca-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add u20 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ca-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ca-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add u20 \"Certificate Manager Agents\" > $TmpDir/pki-user-membership-add-groupadd-ca-20_3.out" \ + 0 \ + "Adding user u20 to group \"Certificate Manager Agents\"" + rlAssertGrep "Added membership in \"Certificate Manager Agents\"" "$TmpDir/pki-user-membership-add-groupadd-ca-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find Administrators > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find \"Certificate Manager Agents\" > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-20_5.out" \ + 0 \ + "List members of Certificate Manager Agents group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del u20 > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find Administrators > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find \"Certificate Manager Agents\" > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-20_8.out" \ + 0 \ + "List members of Certificate Manager Agents group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-021: User deleted from Administrators group can't create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-del-user-add-ca-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ca-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ca-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"CA_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c Password user-add --fullName=test_user u15" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile + echo "send -- \"\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-ca-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-user-add-ca-021_4.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-add-ca-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ca-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-user-membership-del-groupdel-del-ca-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-user-membership-del-groupdel-del-ca-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c Password user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-022: User deleted from the Certificate Manager Agents group can not approve certificate requests" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add testuser1 \"Certificate Manager Agents\" > $TmpDir/pki-user-membership-add-groupadd-ca-22.out" \ + 0 \ + "Adding user testuser1 to group \"Certificate Manager Agents\"" + rlAssertGrep "Added membership in \"Certificate Manager Agents\"" "$TmpDir/pki-user-membership-add-groupadd-ca-22.out" + + #Trying to approve a certificate request using testuser1 should succeed + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show_22.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"test User3\" \"testuser3\" \ + \"testuser3@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out-22_1.out" 0 "Approve Certificate request using testuser1" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out-22_1.out" + rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1_22_2.out" + valid_serialNumber=`cat $TmpDir/usercert-show1_22_2.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Delete testuser1 from Certificate Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-del testuser1 \"Certificate Manager Agents\" > $TmpDir/pki-user-membership-del-groupdel-del-ca-022_3.out" \ + 0 \ + "User deleted from group \"Certificate Manager Agents\"" + rlAssertGrep "Deleted membership in group \"Certificate Manager Agents\"" "$TmpDir/pki-user-membership-del-groupdel-del-ca-022_3.out" + + #Trying to approve a certificate request using testuser1 should fail + local temp_out="$TmpDir/usercert-show_22_4.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"test User4\" \"testuser4\" \ + \"testuser4@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid \ + --action approve" + command="pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid --action approve" + rlLog "Executing: $command" + errmsg="Authorization failed on resource: certServer.ca.certrequests, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Approve Certificate request using testuser1" + rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_membership-del-ca-cleanup-001: Deleting the temp directory and users" #===Deleting users created using CA_adminV cert===# i=1 - while [ $i -lt 15 ] ; do + while [ $i -lt 16 ] ; do rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-del u$i > $TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-00$i.out" \ 0 \ - "Deleted user u$i" + "Deleted user u$i" rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-00$i.out" let i=$i+1 done - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del userall > $TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" \ - 0 \ - "Deleted user userall" - rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del user1 > $TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" \ - 0 \ - "Deleted user user1" - rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del user2 > $TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" \ - 0 \ - "Deleted user user2" - rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del userall > $TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del user1 > $TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del user2 > $TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-ca-user-membership-del-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del user123 > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del testuser1 > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-testuser1.out" + #===Deleting i18n users created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del 'ÖrjanÄke' > $TmpDir/pki-user-del-ca-user-i18n_1.out" \ + 0 \ + "Deleting user ÖrjanÄke" + rlAssertGrep "Deleted user \"ÖrjanÄke\"" "$TmpDir/pki-user-del-ca-user-i18n_1.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del 'ÉricTêko' > $TmpDir/pki-user-del-ca-user-i18n_2.out" \ + 0 \ + "Deleting user ÉricTêko" + rlAssertGrep "Deleted user \"ÉricTêko\"" "$TmpDir/pki-user-del-ca-user-i18n_2.out" + + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ca-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ca-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh index 1474bd739..504d50471 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh @@ -9,7 +9,8 @@ # pki-user-cli-user-membership-find Find user memberships. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Author: Laxmi Sunkara <lsunkara@redhat.com +# Authors: Asha Akkiangady <aakkiang@redhat.com> +# Laxmi Sunkara <lsunkara@redhat.com # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # @@ -45,23 +46,51 @@ # Test Suite Globals ######################################################################## -#Available groups ca-group-find -groupid1="Certificate Manager Agents" -groupid2="Registration Manager Agents" -groupid3="Subsystem Group" -groupid4="Trusted Managers" -groupid5="Administrators" -groupid6="Auditors" -groupid7="ClonedSubsystems" -groupid8="Security Domain Administrators" -groupid9="Enterprise CA Administrators" -groupid10="Enterprise KRA Administrators" -groupid11="Enterprise OCSP Administrators" -groupid12="Enterprise TKS Administrators" -groupid13="Enterprise RA Administrators" -groupid14="Enterprise TPS Administrators" run_pki-user-cli-user-membership-find-ca_tests(){ - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-001: Add a users to CA using CA_adminV and to a group to test user-membership-find functionality" + #Local variables + #Available groups ca-group-find + groupid1="Certificate Manager Agents" + groupid2="Registration Manager Agents" + groupid3="Subsystem Group" + groupid4="Trusted Managers" + groupid5="Administrators" + groupid6="Auditors" + groupid7="ClonedSubsystems" + groupid8="Security Domain Administrators" + groupid9="Enterprise CA Administrators" + groupid10="Enterprise KRA Administrators" + groupid11="Enterprise OCSP Administrators" + groupid12="Enterprise TKS Administrators" + groupid13="Enterprise RA Administrators" + groupid14="Enterprise TPS Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-002: pki user-membership-find --help configuration test" + rlRun "pki user-membership-find --help > $TmpDir/pki_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki user-membership-find --help" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-003: pki user-membership-find configuration test" + rlRun "pki user-membership-find > $TmpDir/pki_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-004: Find user-membership when user is added to different groups" i=1 while [ $i -lt 15 ] ; do rlLog "pki -d $CERTDB_DIR \ @@ -90,24 +119,24 @@ run_pki-user-cli-user-membership-find-ca_tests(){ rlLog "Adding the user to a group" eval gid=\$groupid$i rlLog "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add u$i \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add u$i \"$gid\"" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-ca-00$i.out" \ - 0 \ - "Adding user u$i to group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-ca-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-ca-00$i.out" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-ca-00$i.out" rlLog "Check if the user is added to the group" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find u$i > $TmpDir/pki-user-membership-find-groupadd-find-ca-00$i.out" \ - 0 \ - "User added to group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find u$i > $TmpDir/pki-user-membership-find-groupadd-find-ca-00$i.out" \ + 0 \ + "Find user-membership with group \"$gid\"" rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-00$i.out" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-00$i.out" rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-ca-00$i.out" @@ -115,13 +144,14 @@ run_pki-user-cli-user-membership-find-ca_tests(){ let i=$i+1 done rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-002: Add a user to all the groups" + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-005: Find user-membership when user is added to many groups" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-find-user-find-ca-userall-001.out" \ - 0 \ - "Adding user userall" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-find-user-find-ca-userall-001.out" \ + 0 \ + "Adding user userall" rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-find-user-find-ca-userall-001.out" rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-find-ca-userall-001.out" rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-find-ca-userall-001.out" @@ -140,185 +170,437 @@ run_pki-user-cli-user-membership-find-ca_tests(){ while [ $i -lt 15 ] ; do eval gid=\$groupid$i rlLog "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add userall \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add userall \"$gid\"" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-ca-userall-00$i.out" \ - 0 \ - "Adding user userall to group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-ca-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-ca-userall-00$i.out" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-ca-userall-00$i.out" rlLog "Check if the user is added to the group" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall > $TmpDir/pki-user-membership-find-groupadd-find-ca-userall-00$i.out" \ - 0 \ - "User added to group \"$gid\"" + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall > $TmpDir/pki-user-membership-find-groupadd-find-ca-userall-00$i.out" \ + 0 \ + "Find user-membership to group \"$gid\"" rlAssertGrep "$i entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-userall-00$i.out" rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-userall-00$i.out" rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-user-membership-find-groupadd-find-ca-userall-00$i.out" let i=$i+1 done + rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-006: Find user-membership of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --start=5 > $TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Group: $groupid6" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Group: $groupid7" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Group: $groupid8" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Group: $groupid9" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Group: $groupid10" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Group: $groupid11" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Group: $groupid12" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Group: $groupid13" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Group: $groupid14" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" + rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-007: Find all user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --start=0 > $TmpDir/pki-user-membership-find-groupadd-find-ca-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-002.out" + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-008: Find user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --start=-1 > $TmpDir/pki-user-membership-find-groupadd-find-ca-start-003.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-003.out" + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-003.out" + rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-009: Find user-memberships when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --start=15 > $TmpDir/pki-user-membership-find-groupadd-find-ca-start-004.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-004.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-003: option --start=5" - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --start=5 > $TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" \ - 0 \ - "Checking user added to group" - rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Group: $groupid6" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Group: $groupid7" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Group: $groupid8" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Group: $groupid9" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Group: $groupid10" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Group: $groupid11" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Group: $groupid12" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Group: $groupid13" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Group: $groupid14" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-001.out" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-004: option --start=0" - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --start=0 > $TmpDir/pki-user-membership-find-groupadd-find-ca-start-002.out" \ - 0 \ - "Checking user added to group " - rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-002.out" - while [ $i -lt 15 ] ; do - eval gid=\$groupid$i - rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-002.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-002.out" + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-010: Should not be able to find user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership when page start is non integer" + rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-011: Find user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --size=0 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-006.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-005: option --start=-1" - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --start=-1 > $TmpDir/pki-user-membership-find-groupadd-find-ca-start-003.out" \ - 0 \ - "Checking User added to group " - rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-003.out" - while [ $i -lt 15 ] ; do - eval gid=\$groupid$i - rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-003.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-003.out" + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-012: Find user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --size=1 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-007.out" + rlAssertGrep "Group: Certificate Manager Agents" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-007.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-006: option --start=15, greater than available number of groups" - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --start=15 > $TmpDir/pki-user-membership-find-groupadd-find-ca-start-004.out" \ - 0 \ - "Checking User added to group " - rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-004.out" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-004.out" + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-013: Find user-memberships when page size is 2 (size=2)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --size=2 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-008.out" 0 \ + "user_membership-find with size parameter as 2" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-008.out" + rlAssertGrep "Group: Certificate Manager Agents" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-008.out" + rlAssertGrep "Group: Registration Manager Agents" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-008.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-008.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-007: option --start=a, integer format required" - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --start=a > $TmpDir/pki-user-membership-find-groupadd-find-ca-start-005.out 2>&1" 1 \ - "String cannot be used as input to start parameter" - rlAssertGrep "NumberFormatException: For input string: \"a\"" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-005.out" + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-014: Find user-memberships when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --size=15 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" 0 \ + "user_membership-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-008: option --size=0 " - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --size=0 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-006.out" 0 \ - "user_membership-find with size parameter as 0 " - rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-006.out" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-006.out" + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-015: Find user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --size=100 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-009: option --size=1 " - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --size=1 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-007.out" 0 \ - "user_membership-find with size parameter as 1 " - rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-007.out" - rlAssertGrep "Group: Certificate Manager Agents" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-007.out" - rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-007.out" + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-016: Find user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --size=-1 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0011.out" + rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-017: Should not be able to find user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-0010: option --size=2 " - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --size=2 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-008.out" 0 \ - "user_membership-find with size parameter as 2 " - rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-008.out" - rlAssertGrep "Group: Certificate Manager Agents" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-008.out" - rlAssertGrep "Group: Registration Manager Agents" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-008.out" - rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-008.out" + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-018: Find user-membership with -t ca option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + user-membership-find userall --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + user-membership-find userall --size=5 > $TmpDir/pki-user-membership-find-ca-018.out" \ + 0 \ + "Find user-membership with -t ca option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-ca-018.out" + i=0 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-ca-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-user-membership-find-ca-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-019: Find user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --start=6 --size=5 > $TmpDir/pki-user-membership-find-ca-019.out" \ + 0 \ + "Find user-membership with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-ca-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-ca-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-user-membership-find-ca-019.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-0011: option --size=15 " - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --size=15 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" 0 \ - "user_membership-find with size parameter as 15 " - rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" - while [ $i -lt 15 ] ; do - eval gid=\$groupid$i - rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-020: Find user-membership with --size more than maximum possible value" + maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --size=$maximum_check > $TmpDir/pki-user-membership-find-ca-020.out 2>&1" \ + 255 \ + "Find user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-ca-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-021: Find user-membership with --start more than maximum possible value" + maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find userall --start=$maximum_check > $TmpDir/pki-user-membership-find-ca-021.out 2>&1" \ + 255 \ + "Find user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-ca-021.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-0012: option --size=100 " - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --size=100 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" 0 \ - "user_membership-find with size parameter as 100 " - rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" - while [ $i -lt 15 ] ; do - eval gid=\$groupid$i - rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-022: Should not be able to user-membership-find using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a revoked cert CA_adminR" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-023: Should not be able to user-membership-find using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using an agent with revoked cert CA_agentR" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-024: Should not be able to user-membership-find using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid agent CA_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-025: Should not be able to user-membership-find using admin user with expired cert CA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired admin CA_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-026: Should not be able to user-membership-find using CA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired agent CA_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-0013: option --size=-1" - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --size=-1 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-0011.out" 0 \ - "user_membership-find with size parameter as -1 " - rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0011.out" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0011.out" + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-027: Should not be able to user-membership-find using CA_auditV cert" + command="pki -d $CERTDB_DIR -n CA_auditV -c $CERTDB_DIR_PASSWORD user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid auditor CA_auditV user cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-0015: option --size=a, integer format required" - rlRun "pki -d $CERTDB_DIR \ + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-028: Should not be able to user-membership-find using CA_operatorV cert" + command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid operator CA_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-029: Should not be able to user-membership-find using CA_adminUTCA cert" + command="pki -d /tmp/untrusted_cert_db -n CA_adminUTCA -c Password user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted CA_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-030: Should not be able to user-membership-find using CA_agentUTCA cert" + command="pki -d /tmp/untrusted_cert_db -n CA_agentUTCA -c Password user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted CA_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-031:Find user-membership for user id with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Éric Têko' 'ÉricTêko'" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-ca-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ca-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ca-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-ca-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add 'ÉricTêko' \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add 'ÉricTêko' \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-ca-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-ca-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-ca-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find 'ÉricTêko' > $TmpDir/pki-user-membership-find-groupadd-find-ca-031_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-ca-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-032: Find user-membership for user id with i18n characters" + rlLog "user-add userid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=test 'ÖrjanÄke' > $TmpDir/pki-user-add-ca-032.out 2>&1" \ + 0 \ + "Adding uid ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"ÖrjanÄke\"" "$TmpDir/pki-user-add-ca-032.out" + rlAssertGrep "User ID: ÖrjanÄke" "$TmpDir/pki-user-add-ca-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add 'ÖrjanÄke' \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-add 'ÖrjanÄke' \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-ca-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-ca-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-ca-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find 'ÖrjanÄke' > $TmpDir/pki-user-membership-find-groupadd-find-ca-032_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-ca-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-033: Find user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-membership-find userall --size=a > $TmpDir/pki-user-membership-find-groupadd-find-ca-start-0012.out 2>&1" 1 \ - "String cannot be used as input to start parameter " - rlAssertGrep "NumberFormatException: For input string: \"a\"" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-0012.out" + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-find-user-find-ca-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-find-user-find-ca-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-find-user-find-ca-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-find-user-find-ca-033.out" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-user-membership-find-user-find-ca-033_2.out" 0 "Find user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-user-find-ca-033_2.out" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_membership-find-ca-cleanup-001: Deleting the temp directory and users" - + #===Deleting users created using CA_adminV cert===# i=1 while [ $i -lt 15 ] ; do @@ -327,17 +609,54 @@ run_pki-user-cli-user-membership-find-ca_tests(){ -c $CERTDB_DIR_PASSWORD \ user-del u$i > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-00$i.out" \ 0 \ - "Deleted user u$i" + "Deleted user u$i" rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-00$i.out" let i=$i+1 done - rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del userall > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-userall.out" \ - 0 \ - "Deleted user userall" - rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-userall.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del userall > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del user123 > $TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ca-user-membership-find-user-del-ca-user123.out" + + #===Deleting i18n users created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del 'ÖrjanÄke' > $TmpDir/pki-user-del-ca-user-i18n_1.out" \ + 0 \ + "Deleting user ÖrjanÄke" + rlAssertGrep "Deleted user \"ÖrjanÄke\"" "$TmpDir/pki-user-del-ca-user-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del 'ÉricTêko' > $TmpDir/pki-user-del-ca-user-i18n_2.out" \ + 0 \ + "Deleting user ÉricTêko" + rlAssertGrep "Deleted user \"ÉricTêko\"" "$TmpDir/pki-user-del-ca-user-i18n_2.out" + + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ca-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ca-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd } diff --git a/tests/dogtag/beakerjob.dogtag.xml.template b/tests/dogtag/beakerjob.dogtag.xml.template index 7cb16b5e3..de5feba94 100644 --- a/tests/dogtag/beakerjob.dogtag.xml.template +++ b/tests/dogtag/beakerjob.dogtag.xml.template @@ -28,10 +28,14 @@ <params> <param name="TEST_ALL" value="TRUE"/> <param name="QUICKINSTALL" value="FALSE"/> + <param name="PKI_USER_CA" value="FALSE"/> <param name="USER_ADD_CA" value="FALSE"/> <param name="USER_SHOW_CA" value="FALSE"/> <param name="USER_FIND_CA" value="FALSE"/> <param name="USER_DEL_CA" value="FALSE"/> + <param name="USER_MEMBERSHIP_ADD_CA" value="FALSE"/> + <param name="USER_MEMBERSHIP_FIND_CA" value="FALSE"/> + <param name="USER_MEMBERSHIP_DEL_CA" value="FALSE"/> <param name="DEV_JAVA_TESTS" value="FALSE"/> <param name="CODE_COVERAGE" value="FALSE"/> <! --If you have CODE_COVERAGE set to TRUE, by default results will be stored on the local machine. If you would like to archive the code coverage results to a host you need to do following steps to set-up required rsa authentication files to perform ssh and scp. diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index fab29a5dc..fff8d6101 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -89,6 +89,21 @@ rlJournalStart run_rhcs_install_subsystems run_pki-user-cli-user-ca_tests fi + PKI_USER_CA_UPPERCASE=$(echo $PKI_USER_CA | tr [a-z] [A-Z]) + if [ "$PKI_USER_CA_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-add-ca tests + run_pki-user-cli-user-add-ca_tests + run_pki-user-cli-user-show-ca_tests + run_pki-user-cli-user-mod-ca_tests + run_pki-user-cli-user-find-ca_tests + run_pki-user-cli-user-del-ca_tests + run_pki-user-cli-user-membership-add-ca_tests + run_pki-user-cli-user-membership-find-ca_tests + run_pki-user-cli-user-membership-del-ca_tests + run_pki-user-cli-user-cert-add-ca_tests + run_pki-user-cli-user-cert-find-ca_tests + run_pki-user-cli-user-cert-show-ca_tests + fi USER_ADD_CA_UPPERCASE=$(echo $USER_ADD_CA | tr [a-z] [A-Z]) if [ "$USER_ADD_CA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki user-add-ca tests @@ -114,19 +129,19 @@ rlJournalStart # Execute pki user-del-ca tests run_pki-user-cli-user-del-ca_tests fi - USER_MEM_ADD_CA_UPPERCASE=$(echo $USER_MEM_ADD_CA | tr [a-z] [A-Z]) - if [ "$USER_MEM_ADD_CA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then - # Execute pki user-mem-add-ca tests + USER_MEMBERSHIP_ADD_CA_UPPERCASE=$(echo $USER_MEMBERSHIP_ADD_CA | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_ADD_CA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-add-ca tests run_pki-user-cli-user-membership-add-ca_tests fi - USER_MEM_FIND_CA_UPPERCASE=$(echo $USER_MEM_FIND_CA | tr [a-z] [A-Z]) - if [ "$USER_MEM_FIND_CA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then - # Execute pki user-mem-find-ca tests + USER_MEMBERSHIP_FIND_CA_UPPERCASE=$(echo $USER_MEMBERSHIP_FIND_CA | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_FIND_CA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-find-ca tests run_pki-user-cli-user-membership-find-ca_tests fi - USER_MEM_DEL_CA_UPPERCASE=$(echo $USER_MEM_DEL_CA | tr [a-z] [A-Z]) - if [ "$USER_MEM_DEL_CA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then - # Execute pki user-mem-del-ca tests + USER_MEMBERSHIP_DEL_CA_UPPERCASE=$(echo $USER_MEMBERSHIP_DEL_CA | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_DEL_CA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-del-ca tests run_pki-user-cli-user-membership-del-ca_tests fi USER_CERT_ADD_CA_UPPERCASE=$(echo $USER_CERT_ADD_CA | tr [a-z] [A-Z]) @@ -175,7 +190,7 @@ rlJournalStart run_pki-cert-hold-ca_tests fi CERT_TEST_UPPERCASE=$(echo $CERT_TEST | tr [a-z] [A-Z]) - if [ "$CERT_TEST_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + if [ "$CERT_TEST_UPPERCASE" = "TRUE" ] ; then #Execute pki cert tests run_pki-cert-ca_tests run_pki-cert-revoke-ca_tests |