diff options
| author | Roshni Pattath <rpattath@redhat.com> | 2014-07-10 10:58:45 -0400 |
|---|---|---|
| committer | Roshni Pattath <rpattath@redhat.com> | 2014-07-10 11:03:01 -0400 |
| commit | dece24b8433205eb2d49d33b56ee4eceee695876 (patch) | |
| tree | 1b2023c5016bcca3e8d08e92e680614ae5c467be /tests | |
| parent | 8f3c7807a2efc4d2699f36795cb9685bf4203c38 (diff) | |
| download | pki-dece24b8433205eb2d49d33b56ee4eceee695876.tar.gz pki-dece24b8433205eb2d49d33b56ee4eceee695876.tar.xz pki-dece24b8433205eb2d49d33b56ee4eceee695876.zip | |
Tests for pki group-member-del, group-member-find, group-member-show and respective changes to Makefile and runtest.sh
Diffstat (limited to 'tests')
5 files changed, 1881 insertions, 10 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index c347add45..5b3f96039 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -46,8 +46,6 @@ run: $(FILES) build cp ./shared/pki-user-cli-lib.sh /opt/rhqa_pki/. rm -f /opt/rhqa_pki/pki-cert-cli-lib.sh cp ./shared/pki-cert-cli-lib.sh /opt/rhqa_pki/. - rm -f /opt/rhqa_pki/pki-profile-lib.sh - cp ./shared/pki-profile-lib.sh /opt/rhqa_pki/. rm -f /opt/rhqa_pki/dummycert1.pem cp ./shared/dummycert1.pem /opt/rhqa_pki/. rm -f /opt/rhqa_pki/build.xml @@ -76,7 +74,6 @@ build: $(BUILT_FILES) chmod a+x ./shared/pki-user-cli-lib.sh chmod a+x ./shared/dummycert1.pem chmod a+x ./shared/pki-cert-cli-lib.sh - chmod a+x ./shared/pki-profile-lib.sh chmod a+x runtest.sh #quickinstall chmod a+x ./acceptance/quickinstall/rhcs-install.sh @@ -106,7 +103,16 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert-release-hold.sh chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert-hold.sh chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert-cli-request-submit-ca.sh - chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert-cli-find-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh + clean: rm -f *~ $(BUILT_FILES) diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh new file mode 100755 index 000000000..0b77fc4f9 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh @@ -0,0 +1,696 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-member-add-ca.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-del-ca_tests(){ + #Available groups ca-group-find + groupid1="Certificate Manager Agents" + groupid2="Registration Manager Agents" + groupid3="Subsystem Group" + groupid4="Trusted Managers" + groupid5="Administrators" + groupid6="Auditors" + groupid7="ClonedSubsystems" + groupid8="Security Domain Administrators" + groupid9="Enterprise CA Administrators" + groupid10="Enterprise KRA Administrators" + groupid11="Enterprise OCSP Administrators" + groupid12="Enterprise TKS Administrators" + groupid13="Enterprise RA Administrators" + groupid14="Enterprise TPS Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-002: pki group-member-del --help configuration test" + rlRun "pki group-member-del --help > $TmpDir/pki_group_member_del_cfg.out 2>&1" \ + 0 \ + "pki group-member-del --help" + rlAssertGrep "usage: group-member-del <Group ID> <Member ID> \[OPTIONS...\]" "$TmpDir/pki_group_member_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-003: pki group-member-del configuration test" + rlRun "pki group-member-del > $TmpDir/pki_group_member_del_2_cfg.out 2>&1" \ + 255 \ + "pki group-member-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_group_member_del_2_cfg.out" + rlAssertGrep "usage: group-member-del <Group ID> <Member ID> \[OPTIONS...\]" "$TmpDir/pki_group_member_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-004: Delete group-member when user is added to different groups" + i=1 + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-group-member-del-user-add-ca-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-group-member-del-user-add-ca-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-group-member-del-user-add-ca-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-group-member-del-user-add-ca-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"$gid\" u$i > $TmpDir/pki-group-member-del-groupadd-ca-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-group-member-del-groupadd-ca-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-del-groupadd-ca-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find \"$gid\" > $TmpDir/pki-group-member-del-groupadd-find-ca-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-del-groupadd-find-ca-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-del \"$gid\" u$i > $TmpDir/pki-group-member-del-groupdel-del-ca-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-group-member-del-groupdel-del-ca-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-005: Delete group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-group-member-del-user-add-ca-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-group-member-del-user-add-ca-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-group-member-del-user-add-ca-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-group-member-del-user-add-ca-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"$gid\" userall > $TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find \"$gid\" > $TmpDir/pki-group-member-del-groupadd-find-ca-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-group-member-del-groupadd-find-ca-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-del \"$gid\" userall > $TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-group-member-del-user-add-ca-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-007: Missing required option <Member ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-group-member-del-user-add-ca-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"Administrators\" user2 > $TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-008: Should not be able to group-member-del using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert CA_adminR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-009: Should not be able to group-member-del using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member using a revoked cert CA_agentR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-010: Should not be able to group-member-del using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert CA_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-011: Should not be able to group-member-del using admin user with expired cert CA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using admin user with expired cert CA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-012: Should not be able to group-member-del using CA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-013: Should not be able to group-member-del using CA_auditV cert" + command="pki -d $CERTDB_DIR -n CA_auditV -c $CERTDB_DIR_PASSWORD group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-014: Should not be able to group-member-del using CA_operatorV cert" + command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-015: Should not be able to group-member-del using CA_adminUTCA cert" + command="pki -d /tmp/untrusted_cert_db -n CA_adminUTCA -c Password group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-016: Should not be able to group-member-del using CA_agentUTCA cert" + command="pki -d /tmp/untrusted_cert_db -n CA_agentUTCA -c Password user-membership-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-017: Delete group-member for user id with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Éric Têko' 'ÉricTêko'" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-group-member-del-groupadd-ca-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-member-del-groupadd-ca-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-group-member-del-groupadd-ca-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-group-member-del-groupadd-ca-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"dadministʁasjɔ̃\" 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"dadministʁasjɔ̃\" 'ÉricTêko' > $TmpDir/pki-group-member-del-groupadd-ca-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"ÉricTêko\"" "$TmpDir/pki-group-member-del-groupadd-ca-017_2.out" + rlAssertGrep "User: ÉricTêko" "$TmpDir/pki-group-member-del-groupadd-ca-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-del 'dadministʁasjɔ̃' 'ÉricTêko' > $TmpDir/pki-group-member-del-ca-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"ÉricTêko\"" "$TmpDir/pki-group-member-del-ca-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-group-member-del-groupadd-find-ca-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-group-member-del-groupadd-find-ca-017_4.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-018: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-group-member-del-user-del-ca-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-group-member-del-user-del-ca-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-group-member-del-user-del-ca-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-group-member-del-user-del-ca-019.out" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-group-member-del-user-del-ca-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-group-member-del-user-del-ca-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-group-member-del-user-del-ca-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-group-member-del-user-del-ca-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"Administrators\" u20 > $TmpDir/pki-group-member-add-groupadd-ca-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-group-member-add-groupadd-ca-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"Certificate Manager Agents\" u20 > $TmpDir/pki-group-member-add-groupadd-ca-20_3.out" \ + 0 \ + "Adding user u20 to group \"Certificate Manager Agents\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-group-member-add-groupadd-ca-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find Administrators > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find \"Certificate Manager Agents\" > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_5.out" \ + 0 \ + "List members of Certificate Manager Agents group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del u20 > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find Administrators > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find \"Certificate Manager Agents\" > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_8.out" \ + 0 \ + "List members of Certificate Manager Agents group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-del-CA-020: User deleted from Administrators group can't create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-group-member-del-user-add-ca-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"Administrators\" testuser1 > $TmpDir/pki-group-member-add-groupadd-ca-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-group-member-add-groupadd-ca-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"CA_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c Password user-add --fullName=test_user u15" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile + echo "send -- \"\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-ca-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-user-add-ca-021_4.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-add-ca-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ca-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-del \"Administrators\" testuser1 > $TmpDir/pki-group-member-del-groupdel-del-ca-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-group-member-del-groupdel-del-ca-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c Password user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-del-CA-021: User deleted from the Certificate Manager Agents group can not approve certificate requests" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"Certificate Manager Agents\" testuser1 > $TmpDir/pki-group-member-add-groupadd-ca-22.out" \ + 0 \ + "Adding user testuser1 to group \"Certificate Manager Agents\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-group-member-add-groupadd-ca-22.out" + + #Trying to approve a certificate request using testuser1 should succeed + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show_22.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"test User3\" \"testuser3\" \ + \"testuser3@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out-22_1.out" 0 "Approve Certificate request using testuser1" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out-22_1.out" + rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1_22_2.out" + valid_serialNumber=`cat $TmpDir/usercert-show1_22_2.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Delete testuser1 from Certificate Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-del \"Certificate Manager Agents\" testuser1 > $TmpDir/pki-group-member-del-groupdel-del-ca-022_3.out" \ + 0 \ + "User deleted from group \"Certificate Manager Agents\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-group-member-del-groupdel-del-ca-022_3.out" + + #Trying to approve a certificate request using testuser1 should fail + local temp_out="$TmpDir/usercert-show_22_4.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"test User4\" \"testuser4\" \ + \"testuser4@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid \ + --action approve" + command="pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid --action approve" + errmsg="Authorization failed on resource: certServer.ca.certrequests, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Approve Certificate request using testuser1" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-022: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Test User2' testuser2" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-group-member-del-groupadd-ca-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-group-member-del-groupadd-ca-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-group-member-del-groupadd-ca-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-group-member-del-groupadd-ca-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"group1\" testuser2 > $TmpDir/pki-group-member-del-groupadd-ca-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-group-member-del-groupadd-ca-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-group-member-del-groupadd-ca-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-del 'group1' > $TmpDir/pki-group-member-del-ca-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-group-member-del-ca-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-membership-find testuser2 > $TmpDir/pki-group-member-del-groupadd-find-ca-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-group-member-del-groupadd-find-ca-022_4.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member-del-ca-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using CA_adminV cert===# + i=1 + while [ $i -lt 16 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del u$i > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del userall > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del user1 > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del user2 > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del user123 > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del testuser1 > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-testuser1.out" + #===Deleting i18n users created using CA_adminV cert===# + + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del 'ÉricTêko' > $TmpDir/pki-user-del-ca-user-i18n_2.out" \ + 0 \ + "Deleting user ÉricTêko" + rlAssertGrep "Deleted user \"ÉricTêko\"" "$TmpDir/pki-user-del-ca-user-i18n_2.out" + + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ca-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ca-group-i18n_1.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh new file mode 100755 index 000000000..d70ef91a0 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh @@ -0,0 +1,676 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI user-cli-group-member-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-find Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-member-find-ca.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-member-find-ca_tests(){ + #Local variables + #Available groups ca-group-find + groupid1="Certificate Manager Agents" + groupid2="Registration Manager Agents" + groupid3="Subsystem Group" + groupid4="Trusted Managers" + groupid5="Administrators" + groupid6="Auditors" + groupid7="ClonedSubsystems" + groupid8="Security Domain Administrators" + groupid9="Enterprise CA Administrators" + groupid10="Enterprise KRA Administrators" + groupid11="Enterprise OCSP Administrators" + groupid12="Enterprise TKS Administrators" + groupid13="Enterprise RA Administrators" + groupid14="Enterprise TPS Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-002: pki group-member-find --help configuration test" + rlRun "pki group-member-find --help > $TmpDir/pki_group_member_find_cfg.out 2>&1" \ + 0 \ + "pki group-member-find --help" + rlAssertGrep "usage: group-member-find <Group ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_group_member_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_group_member_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_group_member_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-003: pki group-member-find configuration test" + rlRun "pki group-member-find > $TmpDir/pki_group_member_find_2_cfg.out 2>&1" \ + 255 \ + "pki group-member-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_group_member_find_2_cfg.out" + rlAssertGrep "usage: group-member-find <Group ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_group_member_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_group_member_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_group_member_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-004: Find group-member when user is added to different groups" + i=1 + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-group-member-find-user-find-ca-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-group-member-find-user-find-ca-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-group-member-find-user-find-ca-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-group-member-find-user-find-ca-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"$gid\" u$i > $TmpDir/pki-group-member-find-groupadd-ca-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-group-member-find-groupadd-ca-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-find-groupadd-ca-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find \"$gid\" > $TmpDir/pki-group-member-find-groupadd-find-ca-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-find-groupadd-find-ca-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-005: Find group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-group-member-find-user-find-ca-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-group-member-find-user-find-ca-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-group-member-find-user-find-ca-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-group-member-find-user-find-ca-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"$gid\" userall > $TmpDir/pki-group-member-find-groupadd-ca-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-group-member-find-groupadd-ca-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-group-member-find-groupadd-ca-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find \"$gid\" > $TmpDir/pki-group-member-find-groupadd-find-ca-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-group-member-find-groupadd-find-ca-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-006: Find group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add --description=\"Test group\" group1 > $TmpDir/pki-group-member-find-groupadd-ca-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-group-member-find-groupadd-ca-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-group-member-find-groupadd-ca-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-group-member-find-groupadd-ca-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-group-member-find-useradd-ca-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-group-member-find-useradd-ca-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-group-member-find-useradd-ca-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-group-member-find-useradd-ca-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add group1 user$i > $TmpDir/pki-group-member-find-group-member-add-ca-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-group-member-find-group-member-add-ca-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-group-member-find-group-member-add-ca-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group1 > $TmpDir/pki-group-member-find-ca-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-group-member-find-ca-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-group-member-find-ca-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-group-member-find-ca-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-007: Find group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group1 --start=5 > $TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-008: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group1 --start=0 > $TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-009: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-010: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group1 --start=15 > $TmpDir/pki-group-member-find-groupadd-find-ca-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-011: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-012: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group1 --size=0 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-006.out" 0 \ + "group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-013: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group1 --size=1 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" 0 \ + "group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-014: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group1 --size=15 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" 0 \ + "group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-015: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group1 --size=100 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" 0 \ + "group_membership-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-016: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-017: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-018: Find group members with -t ca option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + group-member-find group1 --size=5 > $TmpDir/pki-group-member-find-ca-018.out" \ + 0 \ + "Find group-member with -t ca option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-ca-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-ca-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-group-member-find-ca-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-019: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group1 --start=6 --size=5 > $TmpDir/pki-group-member-find-ca-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-ca-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-ca-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-group-member-find-ca-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-020: Find group members with --size more than maximum possible value" + maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-021: Find group members with --start more than maximum possible value" + maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-022: Should not be able to group-member-find using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert CA_adminR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-023: Should not be able to group-member-find using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using an agent with revoked cert CA_agentR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-024: Should not be able to group-member-find using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent CA_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-025: Should not be able to group-member-find using admin user with expired cert CA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired admin CA_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-026: Should not be able to group-member-find using CA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent CA_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-027: Should not be able to group-member-find using CA_auditV cert" + command="pki -d $CERTDB_DIR -n CA_auditV -c $CERTDB_DIR_PASSWORD group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor CA_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-028: Should not be able to group-member-find using CA_operatorV cert" + command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator CA_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-029: Should not be able to group-member-find using CA_adminUTCA cert" + command="pki -d /tmp/untrusted_cert_db -n CA_adminUTCA -c Password group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-030: Should not be able to group-member-find using CA_agentUTCA cert" + command="pki -d /tmp/untrusted_cert_db -n CA_agentUTCA -c Password group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-031:Find group-member for group id with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName='Éric Têko' 'ÉricTêko'" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-group-member-add-groupadd-ca-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-member-add-groupadd-ca-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-group-member-add-groupadd-ca-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-group-member-add-groupadd-ca-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"dadministʁasjɔ̃\" 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add \"dadministʁasjɔ̃\" 'ÉricTêko' > $TmpDir/pki-group-member-find-groupadd-ca-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"ÉricTêko\"" "$TmpDir/pki-group-member-find-groupadd-ca-031_2.out" + rlAssertGrep "User: ÉricTêko" "$TmpDir/pki-group-member-find-groupadd-ca-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-group-member-find-groupadd-find-ca-031_3.out" \ + 0 \ + "Find group-member ÉricTêko in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-031_3.out" + rlAssertGrep "User: ÉricTêko" "$TmpDir/pki-group-member-find-groupadd-find-ca-031_3.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-032: Find group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add --description=\"Test group\" group2 > $TmpDir/pki-group-member-find-groupadd-ca-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-group-member-find-groupadd-ca-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-group-member-find-groupadd-ca-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-group-member-find-groupadd-ca-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add group2 userid$i > $TmpDir/pki-group-member-find-paging-group-member-add-ca-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-group-member-find-paging-group-member-add-ca-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-group-member-find-paging-group-member-add-ca-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-find group2 > $TmpDir/pki-group-member-find-ca-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-group-member-find-ca-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-group-member-find-ca-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-group-member-find-ca-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ca-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using CA_adminV cert===# + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del u$i > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del user$i > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del userid$i > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del userall > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-userall.out" + + + #===Deleting groups created using CA_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-del 'group1' > $TmpDir/pki-user-del-ca-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-ca-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-del 'group2' > $TmpDir/pki-user-del-ca-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-ca-group2.out" + + #===Deleting i18n users created using CA_adminV cert===# + + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del 'ÉricTêko' > $TmpDir/pki-user-del-ca-user-i18n_2.out" \ + 0 \ + "Deleting user ÉricTêko" + rlAssertGrep "Deleted user \"ÉricTêko\"" "$TmpDir/pki-user-del-ca-user-i18n_2.out" + + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ca-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ca-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh new file mode 100755 index 000000000..c54207ace --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh @@ -0,0 +1,446 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-show Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#pki-user-cli-user-add-ca.sh should be first executed prior to pki-group-cli-group-member-show-ca.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-member-show-ca_tests(){ + #local variables + group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + rlPhaseStartSetup "pki_group_cli_group_member_show-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_group_member_show-configtest: pki group-member-show configuration test" + rlRun "pki group-member-show --help > $TmpDir/pki_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki group-member-show" + rlAssertGrep "usage: group-member-show <Group ID> <Member ID> \[OPTIONS...\]" "$TmpDir/pki_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show CA groups #### + rlPhaseStartTest "pki_group_cli_group_member_show-CA-001: Add group to CA using CA_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-show $group1 u1 > $TmpDir/pki_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_member_show-CA-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD -t ca group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD -t ca group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD -t ca group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD -t ca group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-006: Checking if member id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + group-member-show $group1 U1 > $TmpDir/pki-group-member-show-ca-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-group-member-show-ca-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-group-member-show-ca-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + group-member-show TEST_GROUP u1 > $TmpDir/pki-group-member-show-ca-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-group-member-show-ca-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-group-member-show-ca-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-008: Should not be able to show group member using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-009: Should not be able to show group member using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-010: Should not be able to show group members using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-011: Should not be able to show group members using a CA_agentR user" + command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-012: Should not be able to show group members using admin user with expired cert CA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-013: Should not be able to show group members using CA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-014: Should not be able to show group members using a CA_auditV" + command="pki -d $CERTDB_DIR -n CA_auditV -c $CERTDB_DIR_PASSWORD group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-015: Should not be able to show group members using a CA_operatorV" + command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-016: Should not be able to show group members using a cert created from a untrusted CA CA_adminUTCA" + command="pki -d /tmp/untrusted_cert_db -n CA_adminUTCA -c Password group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using CA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-ca-017: Should not be able to show group members using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + group-member-show g7" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password group-member-show $group1 u1" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile + echo "send -- \"\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-group-show-ca-pkiUser1-002.out 2>&1" 255 "Should not be able to show groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-group-show-ca-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-018: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-member-show-ca-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=test 'ÉricTêko' > $TmpDir/pki-group-member-show-ca-001_57.out 2>&1" \ + 0 \ + "Adding user id ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add 'ÖrjanÄke' 'ÉricTêko'> $TmpDir/pki-group-member-show-ca-001_56.out 2>&1" \ + 0 \ + "Adding user ÉricTêko to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-show 'ÖrjanÄke' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-show 'ÖrjanÄke' 'ÉricTêko'> $TmpDir/pki-group-member-show-ca-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"ÉricTêko\"" "$TmpDir/pki-group-member-show-ca-001_56_2.out" + rlAssertGrep "User: ÉricTêko" "$TmpDir/pki-group-member-show-ca-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-019: Add group to CA using CA_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-show $group2 u2 > $TmpDir/pki_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-020: Add group to CA using CA_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"User3\" u3" \ + 0 \ + "Add user u3 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-add $group3 u3" \ + 0 \ + "Add user u3 to group $group3 using CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-show $group3 u3" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-member-show $group3 u3 > $TmpDir/pki_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki_group_member_show_groupshow020.out" + rlAssertGrep "User: u3" "$TmpDir/pki_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del u3" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-member-show $group3 u3" + errmsg="ResourceNotFoundException: Group member u3 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD -t ca group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member_show_cleanup-021: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using CA_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-del $grp > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 3 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del u$j > $TmpDir/pki-user-del-ca-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-ca-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-del 'ÉricTêko' > $TmpDir/pki-user-del-ca-group-i18n_2.out" \ + 0 \ + "Deleted user ÉricTêko" + rlAssertGrep "Deleted user \"ÉricTêko\"" "$TmpDir/pki-user-del-ca-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index 1bf2a8bd6..2ff56dd20 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -66,7 +66,15 @@ . ./acceptance/cli-tests/pki-cert-cli/pki-cert-release-hold.sh . ./acceptance/cli-tests/pki-cert-cli/pki-cert-hold.sh . ./acceptance/cli-tests/pki-cert-cli/pki-cert-cli-request-submit-ca.sh -. ./acceptance/cli-tests/pki-cert-cli/pki-cert-cli-find-ca.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh PACKAGE="pki-tools" @@ -205,10 +213,50 @@ rlJournalStart # Execute pki cert-hold tests run_pki-cert-request-submit_tests fi - CERT_FIND_CA_UPPERCASE=$(echo $CERT_FIND_CA | tr [a-z] [A-Z]) - if [ "$CERT_FIND_CA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then - # Execute pki cert-find tests - run_pki-cert-find-ca_tests + GROUP_ADD_UPPERCASE=$(echo $GROUP_ADD | tr [a-z] [A-Z]) + if [ "$GROUP_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-add-ca tests + run_pki-group-cli-group-add-ca_tests + fi + GROUP_SHOW_UPPERCASE=$(echo $GROUP_SHOW | tr [a-z] [A-Z]) + if [ "$GROUP_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-show-ca tests + run_pki-group-cli-group-show-ca_tests + fi + GROUP_FIND_UPPERCASE=$(echo $GROUP_FIND | tr [a-z] [A-Z]) + if [ "$GROUP_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-find-ca tests + run_pki-group-cli-group-find-ca_tests + fi + GROUP_MOD_UPPERCASE=$(echo $GROUP_MOD | tr [a-z] [A-Z]) + if [ "$GROUP_MOD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-mod-ca tests + run_pki-group-cli-group-mod-ca_tests + fi + GROUP_DEL_UPPERCASE=$(echo $GROUP_DEL | tr [a-z] [A-Z]) + if [ "$GROUP_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-del-ca tests + run_pki-group-cli-group-del-ca_tests + fi + GROUP_MEMBER_ADD_UPPERCASE=$(echo $GROUP_MEMBER_ADD | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-add-ca tests + run_pki-group-cli-group-member-add-ca_tests + fi + GROUP_MEMBER_FIND_UPPERCASE=$(echo $GROUP_MEMBER_FIND | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-find-ca tests + run_pki-group-cli-group-member-find-ca_tests + fi + GROUP_MEMBER_DEL_UPPERCASE=$(echo $GROUP_MEMBER_DEL | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-del-ca tests + run_pki-group-cli-group-member-del-ca_tests + fi + GROUP_MEMBER_SHOW_UPPERCASE=$(echo $GROUP_MEMBER_SHOW | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-show-ca tests + run_pki-group-cli-group-member-show-ca_tests fi CERT_TEST_UPPERCASE=$(echo $CERT_TEST | tr [a-z] [A-Z]) if [ "$CERT_TEST_UPPERCASE" = "TRUE" ] ; then @@ -219,7 +267,6 @@ rlJournalStart run_pki-cert-request-show-ca_tests run_pki-cert-release-hold-ca_tests run_pki-cert-hold-ca_tests - run_pki-cert-find-ca_tests fi BIG_INT_UPPERCASE=$(echo $BIG_INT | tr [a-z] [A-Z]) if [ "$BIG_INT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then |