diff options
Diffstat (limited to 'tests/dogtag/acceptance/cli-tests/pki-group-cli/tps')
9 files changed, 6489 insertions, 0 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-add-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-add-tps.sh new file mode 100755 index 000000000..2146af453 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-add-tps.sh @@ -0,0 +1,593 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-add-tps Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create-role-users.sh should be first executed prior to pki-group-cli-group-add-tps.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-add-tps_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_group_cli_group_add_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + + ##### Tests to add TPS groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_group_cli_group_add_tps-001: Add a group to TPS using TPS_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-tps-group-add-001.out" \ + 0 \ + "Add group $group1 to TPS" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-tps-group-add-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-add-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-tps-group-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-tps-group-add-001_1.out" \ + 0 \ + "Added group using TPS_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-tps-group-add-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-tps-group-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description test $group3 > $TmpDir/pki-tps-group-add-001_2.out" \ + 0 \ + "Added group using TPS_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-tps-group-add-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-tps-group-add-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group4 > $TmpDir/pki-tps-group-add-001_3.out" \ + 0 \ + "Added group using TPS_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-tps-group-add-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-tps-group-add-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group5 > $TmpDir/pki-tps-group-add-001_4.out " \ + 0 \ + "Added group using TPS_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-tps-group-add-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-tps-group-add-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group6 > $TmpDir/pki-tps-group-add-001_5.out " \ + 0 \ + "Added group using TPS_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-tps-group-add-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-tps-group-add-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group7 > $TmpDir/pki-tps-group-add-001_6.out " \ + 0 \ + "Added group using TPS_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-tps-group-add-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-tps-group-add-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-tps-group-add-001_7.out" \ + 0 \ + "Added group using TPS_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-tps-group-add-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-add-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-tps-group-add-001_7.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-add-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='$groupdesc' g2 > $TmpDir/pki-tps-group-add-001_8.out" \ + 0 \ + "Added group using TPS_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-tps-group-add-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-add-001_8.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-add-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-010: Add a duplicate group to TPS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-011: Add a group to TPS with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$desc\" g3 > $TmpDir/pki-tps-group-add-0011.out" \ + 0 \ + "Add group g3 to TPS" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-tps-group-add-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-add-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-tps-group-add-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add g7" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add g7 > $TmpDir/pki-tps-group-add-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-tps-group-add-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tps-group-add-0013.out" + rlPhaseEnd + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_add_tps-014: Should not be able to add group using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-015: Should not be able to add group using a agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert TPS_agentR" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_add_tps-016: Should not be able to add group using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert TPS_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_add_tps-017: Should not be able to add group using admin user with expired cert TPS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-018: Should not be able to modify group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot add group $group1 using an officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-019: Should not be able to add group using TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert TPS_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_group_cli_group_add_tps-020: Should not be able to add group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using TPS_operatorV" + rlPhaseEnd + + ##### Tests to add groups using TPS_adminUTCA and TPS_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_add_tps-021: Should not be able to add group using a cert created from a untrusted CA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-023: description with i18n characters" + rlLog "group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Örjan Äke' g4 > $TmpDir/pki-tps-group-add-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-tps-group-add-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-add-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-tps-group-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-024: description with i18n characters" + rlLog "group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Éric Têko' g5 > $TmpDir/pki-tps-group-add-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-tps-group-add-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-add-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-tps-group-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-025: description with i18n characters" + rlLog "group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-tps-group-add-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-tps-group-add-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-tps-group-add-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-tps-group-add-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g6 > $TmpDir/pki-tps-group-add-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-tps-group-add-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-tps-group-add-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_add_tps-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tps-group-add-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-tps-group-add-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tps-group-add-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-tps-group-add-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-tps-group-add-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tps-group-add-001_57.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_tps: Deleting groups" + + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-tps-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tps-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del '$grp' > $TmpDir/pki-tps-group-del-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-tps-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-tps-group-del-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-tps-group-del-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke' > $TmpDir/pki-tps-group-del-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-tps-group-del-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÉricTêko' > $TmpDir/pki-tps-group-del-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-tps-group-del-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-add-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-del-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-del-tps.sh new file mode 100755 index 000000000..1e7eb3412 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-del-tps.sh @@ -0,0 +1,658 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-del-tps Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-del-tps_tests(){ + + rlPhaseStartSetup "pki_group_cli_group_del_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_group_cli_group_del_tps-001: Delete valid groups" + group1=tps_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to TPS using TPS_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-tps-group-del-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tps-group-del-group1-00$i.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to TPS using TPS_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $grp > $TmpDir/pki-tps-group-del-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-tps-group-del-group2-00$j.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-002: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del GROUP_ABC > $TmpDir/pki-tps-group-del-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-tps-group-del-group-002_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-003: Delete group when required option group id is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-004: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test \"$group2\" > $TmpDir/pki-tps-group-add-001_1.out" \ + 0 \ + "Added group using TPS_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del \"$group2\" > $TmpDir/pki-tps-group-del-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using TPS_adminV" + actual_groupid_string=`cat $TmpDir/pki-tps-group-del-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + rlLog "$actual_groupid_string" + rlLog "$expected_groupid_string" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-005: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test '$groupid' > $TmpDir/pki-tps-group-add-001_8.out 2>&1" \ + 0 \ + "Added group using TPS_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del '$groupid' > $TmpDir/pki-tps-group-del-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using TPS_adminV" + actual_groupid_string=`cat $TmpDir/pki-tps-group-del-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show '$groupid' > $TmpDir/pki-tps-group-del-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-tps-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-006: Delete group from TPS with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-tps-group-add-009.out" \ + 0 \ + "Add group g1 to TPS" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g1 > $TmpDir/pki-tps-group-del-group-009.out" \ + 0 \ + "Deleting group g1 using -t tps option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-tps-group-del-group-009.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-007: Should not be able to delete group using a revoked cert TPS_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-tps-010.out" \ + 0 \ + "Add group g2 to TPS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g2 > $TmpDir/pki-tps-group-show-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-tps-group-show-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-008: Should not be able to delete group using a agent with revoked cert TPS_agentR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-tps-010.out" \ + 0 \ + "Add group g3 to TPS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-tps-group-show-002.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tps-group-show-002.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-show-002.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tps-group-show-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-009: Should not be able to delete group using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-tps-group-show-003.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tps-group-show-003.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-show-003.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tps-group-show-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-010: Should not be able to delete group using a admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-group-show-tps-004.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-004.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-004.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-011: Should not be able to delete a group using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-show g3 > $TmpDir/pki-group-show-tps-005.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-005.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-005.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-012: Should not be able to delete group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a officer cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-group-show-tps-006.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-006.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-006.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-013: Should not be able to delete group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-group-show-tps-007.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-007.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-007.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-014: Should not be able to delete group using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-group-show-tps-008.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-008.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-015: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_del_encoded_0025pkcs10.out > $TmpDir/pki_tps_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_tps_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g3" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g3 > $TmpDir/pki-tps-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-group-show-tps-009.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-009.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-009.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-009.out" + + #Cleanup:delete group g3 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g3 > $TmpDir/pki-group-del-tps-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-016: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-tps-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-tps-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-tps-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-001_19_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-017: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-tps-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-tps-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-tps-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show 'ÉricTêko' > $TmpDir/pki-group-add-tps-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-tps-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-tps-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-tps-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tps-001_20_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_cleanup_tps: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-del-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-find-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-find-tps.sh new file mode 100755 index 000000000..efb30bcd5 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-find-tps.sh @@ -0,0 +1,651 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-find-tps To list groups in TPS. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-find-tps_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_group_cli_group_find_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartSetup "pki_group_cli_group_find_tps-startup: Create temporary directory and add groups" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_find_tps-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=5 > $TmpDir/pki-tps-group-find-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tps-group-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=0 > $TmpDir/pki-tps-group-find-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-005: Find all groups, large value as input" + large_num="1000000" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=$large_num" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=$large_num > $TmpDir/pki-tps-group-find-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-tps-group-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 2 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=$maximum_check > $TmpDir/pki-tps-group-find-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-tps-group-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_find_tps-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find > $TmpDir/pki-tps-group-find-007_1.out 2>&1" \ + 0 \ + "Get all groups in TPS" + group_entry_10=`cat $TmpDir/pki-tps-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=10 > $TmpDir/pki-tps-group-find-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-tps-group-find-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=10000 > $TmpDir/pki-tps-group-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=$maximum_check > $TmpDir/pki-tps-group-find-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=0 > $TmpDir/pki-tps-group-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tps-group-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find > $TmpDir/pki-tps-group-find-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in TPS" + group_entry_12=`cat $TmpDir/pki-tps-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=12 --size=12 > $TmpDir/pki-tps-group-find-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-tps-group-find-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-tps-group-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find > $TmpDir/pki-tps-group-find-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in TPS" + group_entry_12=`cat $TmpDir/pki-tps-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=12 --size=0 > $TmpDir/pki-tps-group-find-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-021: Should not be able to find group using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-022: Should not be able to find groups using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-023: Should not be able to find groups using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-tps-024: Should not be able to find groups using admin user with expired cert TPS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-025: Should not be able to find groups using TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-026: Should not be able to find groups using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-027: Should not be able to find groups using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-028: Should not be able to find groups using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_find_encoded_0029pkcs10.out > $TmpDir/pki_tps_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_tps_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=1 --size=5 > $TmpDir/pki-tps-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-find-pkiUser1-002.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-030: find groups when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Örjan Äke' 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-tps-group-find-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=1000 > $TmpDir/pki-tps-group-show-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tps-group-show-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-tps-group-show-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-031: find group when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-tps-group-show-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=1000 > $TmpDir/pki-tps-group-show-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tps-group-show-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-tps-group-show-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_group_cli_group_find_tps-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find Administrator > $TmpDir/pki-tps-group-show-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tps-group-show-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-033: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-group-del-tps-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-tps-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-tps-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tps-group-i18n_2.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-find-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-add-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-add-tps.sh new file mode 100755 index 000000000..8a9a58467 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-add-tps.sh @@ -0,0 +1,1119 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-membership-add-tps CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-add-tps Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-add-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-add-tps_tests(){ + rlPhaseStartSetup "pki_group_cli_group_membership-add-tps-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + rlPhaseStartTest "pki_group_cli_group_member-add-tps-001: Add users to available groups using valid admin user TPS_adminV" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-group-member-add-group-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-group-member-add-group-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-add-group-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-add-group-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show u$i > $TmpDir/pki-tps-group-member-add-group-show-00$i.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tps-group-member-add-group-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-add-group-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-add-group-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i > $TmpDir/pki-tps-group-member-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tps-group-member-add-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-add-groupadd-find-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-add-groupadd-find-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-002: Add a user to all available groups using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-group-member-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-group-member-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show userall > $TmpDir/pki-tps-group-member-add-user-show-userall-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-tps-group-member-add-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-add-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-add-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall > $TmpDir/pki-tps-group-member-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tps-group-member-add-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-add-groupadd-find-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-add-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-003: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tps-group-member-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tps-group-member-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-group-member-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-group-member-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show user1 > $TmpDir/pki-tps-group-member-add-user-show-user1-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-tps-group-member-add-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-group-member-add-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-group-member-add-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-tps-group-member-add-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-tps-group-member-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-004: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tps-group-member-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-005: Should be able to group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=u14 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='u14' u14" \ + 0 \ + "Adding uid u14" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-group-member-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-group-member-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-group-member-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-group-member-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-tps-group-member-add-groupadd-010_2.out" \ + 0 \ + "Adding user u14 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-tps-group-member-add-groupadd-010_2.out" + rlAssertGrep "User: u14" "$TmpDir/pki-tps-group-member-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-tps-group-member-add-groupadd-find-010_3.out" \ + 0 \ + "Check user u14 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u14" "$TmpDir/pki-tps-group-member-add-groupadd-find-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-006: Should not be able to group-member-add using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-007: Should not be able to group-member-add using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using an agent with revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-008: Should not be able to group-member-add using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using admin user with expired cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-009: Should not be able to group-member-add using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-010: Should not be able to group-member-add using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_officerV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-011: Should not be able to group-member-add using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-012: Should not be able to group-member-add using TPS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-013: Should not be able to group-member-add using TPS_agentUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-add-tps-014: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" testuser1 > $TmpDir/pki-tps-group-member-add-groupadd-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tps-group-member-add-groupadd-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tps-group-member-add-groupadd-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add testuser1 --input $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $TPS_HOST -p $TPS_PORT -t tps user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-tps-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ + 0 \ + "Adding user testuser1 to group \"$groupid4\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tps-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tps-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find $groupid4 > $TmpDir/pki-tps-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tps-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test_user us19 > $TmpDir/pki-tps-user-add-019_4.out 2>&1" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-tps-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-tps-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-tps-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-015: Should not be able to group-member-add using TPS_agentV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_agentV cert" + rlPhaseEnd + + #Usability test + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-016: Should not be able to add a non existing user to a group" + user="tuser3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"$groupid5\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-017: Add a group and add a user to the group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-tps-group-member-add-group-add-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-tps-group-member-add-group-add-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-member-add-group-add-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-tps-group-member-add-group-add-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu9\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-tps-group-member-add-user-add-022.out" \ + 0 \ + "Adding user u9" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-tps-group-member-add-user-add-022.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tps-group-member-add-user-add-022.out" + rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-tps-group-member-add-user-add-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g1 u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g1 u9 > $TmpDir/pki-tps-group-member-add-groupadd-022.out" \ + 0 \ + "Adding user u9 to group g1" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-tps-group-member-add-groupadd-022.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-add-groupadd-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g1 > $TmpDir/pki-tps-group-member-add-groupadd-find-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-add-groupadd-find-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-018: Add two group and add a user to the two different group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-tps-group-member-add-group-add-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-tps-group-member-add-group-add-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-member-add-group-add-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-tps-group-member-add-group-add-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-tps-group-member-add-group-add-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-tps-group-member-add-group-add-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-member-add-group-add-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tps-group-member-add-group-add-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu10\" u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-tps-group-member-add-user-add-023.out" \ + 0 \ + "Adding user u10" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-tps-group-member-add-user-add-023.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tps-group-member-add-user-add-023.out" + rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-tps-group-member-add-user-add-023.out" + rlLog "Adding the user u10 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g2 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g2 u10 > $TmpDir/pki-tps-group-member-add-groupadd-023.out" \ + 0 \ + "Adding user u10 to group g2" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tps-group-member-add-groupadd-023.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g2 > $TmpDir/pki-tps-group-member-add-groupadd-find-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-find-023.out" + rlLog "Adding the user u10 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g3 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g3 u10 > $TmpDir/pki-tps-group-member-add-groupadd-023_1.out" \ + 0 \ + "Adding user u10 to group g3" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tps-group-member-add-groupadd-023_1.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g3 > $TmpDir/pki-tps-group-member-add-groupadd-find-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-find-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-019: Add a group, add a user to the group and delete the group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g4description\" gr4 > $TmpDir/pki-tps-group-member-add-group-add-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-tps-group-member-add-group-add-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-tps-group-member-add-group-add-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-tps-group-member-add-group-add-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + -user-add --fullName=\"fullNameu11\" u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-tps-group-member-add-user-add-024.out" \ + 0 \ + "Adding user u11" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-tps-group-member-add-user-add-024.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tps-group-member-add-user-add-024.out" + rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-tps-group-member-add-user-add-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add gr4 u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add gr4 u11 > $TmpDir/pki-tps-group-member-add-groupadd-024.out" \ + 0 \ + "Adding user u11 to group gr4" + rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-tps-group-member-add-groupadd-024.out" + rlAssertGrep "User: u11" "$TmpDir/pki-tps-group-member-add-groupadd-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find gr4 > $TmpDir/pki-tps-group-member-add-groupadd-find-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u11" "$TmpDir/pki-tps-group-member-add-groupadd-find-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del gr4 > $TmpDir/pki-tps-group-member-add-groupdel-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-tps-group-member-add-groupdel-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-membership-find u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-membership-find u11 > $TmpDir/pki-tps-group-member-add-usermembership-024.out" \ + 0 \ + "Checking for user membership of u11" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-group-member-add-usermembership-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-020: Add a group, add a user to the group and modify the group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g5description\" g4 > $TmpDir/pki-tps-group-member-add-group-add-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-tps-group-member-add-group-add-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-member-add-group-add-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-tps-group-member-add-group-add-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-tps-group-member-add-user-add-025.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-tps-group-member-add-user-add-025.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tps-group-member-add-user-add-025.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-tps-group-member-add-user-add-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g4 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g4 u12 > $TmpDir/pki-tps-group-member-add-groupadd-025.out" \ + 0 \ + "Adding user u12 to group g4" + rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-tps-group-member-add-groupadd-025.out" + rlAssertGrep "User: u12" "$TmpDir/pki-tps-group-member-add-groupadd-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g4 > $TmpDir/pki-tps-group-member-add-groupadd-find-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u12" "$TmpDir/pki-tps-group-member-add-groupadd-find-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod g4 --description=\"Modified group\" > $TmpDir/pki-tps-group-member-add-groupmod-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-tps-group-member-add-groupmod-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-member-add-groupmod-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-tps-group-member-add-groupmod-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-021: Add a group, add a user to the group, run user-membership-del on the user and run group-member-find using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g6description\" g5 > $TmpDir/pki-tps-group-member-add-group-add-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-tps-group-member-add-group-add-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-member-add-group-add-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-tps-group-member-add-group-add-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu13\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-tps-group-member-add-user-add-026.out" \ + 0 \ + "Adding user u13" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-tps-group-member-add-user-add-026.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tps-group-member-add-user-add-026.out" + rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-tps-group-member-add-user-add-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g5 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g5 u13 > $TmpDir/pki-tps-group-member-add-groupadd-026.out 2>&1" \ + 0 \ + "Adding user u13 to group g5" + rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-tps-group-member-add-groupadd-026.out" + rlAssertGrep "User: u13" "$TmpDir/pki-tps-group-member-add-groupadd-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g5 > $TmpDir/pki-tps-group-member-add-groupadd-find-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u13" "$TmpDir/pki-tps-group-member-add-groupadd-find-026.out" + #run user-membership-del on u13 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-membership-del u13 g5 > $TmpDir/pki-tps-group-member-add-user-membership-del-026.out" \ + 0 \ + "user-membership-del on u13" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-tps-group-member-add-user-membership-del-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g5 > $TmpDir/pki-tps-group-member-add-group-member-find-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-group-member-add-group-member-find-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_member-add-cleanup-tps-001: Deleting the temp directory and users and groups" + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-user-del-tps-group-member-add-group-del-tps-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-tps-group-member-add-group-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del userall > $TmpDir/pki-group-del-tps-group-member-add-user-del-tps-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-tps-group-member-add-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del user1 > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del us19 > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-u13-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-u13-001.out" + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del testuser$i > $TmpDir/pki-group-member-add-tps-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-tps-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + + Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-add-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-del-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-del-tps.sh new file mode 100755 index 000000000..2a8d74636 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-del-tps.sh @@ -0,0 +1,799 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-del-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-del-tps_tests(){ + rlPhaseStartTest "pki_group_cli_group_member-del-tps-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +#Available groups group-member-del + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + rlPhaseStartTest "pki_group_cli_group_member-del-tps-002: Delete group-member when user is added to different groups" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-group-member-del-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-group-member-del-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-del-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-del-user-add-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i > $TmpDir/pki-tps-group-member-del-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tps-group-member-del-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-del-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-del-groupadd-find-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-del-groupadd-find-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del \"$gid\" u$i > $TmpDir/pki-tps-group-member-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-tps-group-member-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-003: Delete group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-group-member-del-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-group-member-del-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-del-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-del-user-add-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall > $TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-del-groupadd-find-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-del-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del \"$gid\" userall > $TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-004: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tps-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-005: Missing required option <Member ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-tps-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"Administrators\" user2 > $TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-006: Should not be able to group-member-del using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-007: Should not be able to group-member-del using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member using a revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-008: Should not be able to group-member-del using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert TPS_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-009: Should not be able to group-member-del using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using admin user with expired cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-010: Should not be able to group-member-del using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TPS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-011: Should not be able to group-member-del using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TPS_officerV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-012: Should not be able to group-member-del using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TPS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-013: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TPS_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-014: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-015: Delete group-member for user id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='u10' u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='u10' 'u10'" \ + 0 \ + "Adding uid u10" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-group-member-del-groupadd-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-group-member-del-groupadd-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-group-member-del-groupadd-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-group-member-del-groupadd-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"dadministʁasjɔ̃\" 'u10'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-tps-group-member-del-groupadd-017_2.out" \ + 0 \ + "Adding user u10 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tps-group-member-del-groupadd-017_2.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-del-groupadd-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-tps-group-member-del-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-tps-group-member-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-tps-group-member-del-groupadd-find-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-group-member-del-groupadd-find-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-016: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-tps-group-member-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-tps-group-member-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-tps-group-member-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-tps-group-member-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-017: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-tps-group-member-del-user-del-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-tps-group-member-del-user-del-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tps-group-member-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-tps-group-member-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"Administrators\" u20 > $TmpDir/pki-tps-group-member-add-groupadd-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-tps-group-member-add-groupadd-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find Administrators > $TmpDir/pki-user-del-tps-group-member-find-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-tps-group-member-find-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u20 > $TmpDir/pki-user-del-tps-group-member-find-user-del-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find Administrators > $TmpDir/pki-user-del-tps-group-member-find-user-del-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-tps-group-member-find-user-del-20_7.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-del-tps-018: User deleted from Administrators group cannnot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tps-group-member-del-user-add-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"Administrators\" testuser1 > $TmpDir/pki-tps-group-member-add-groupadd-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tps-group-member-add-groupadd-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add testuser1 --input $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='test_user' u9" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tps-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del \"Administrators\" testuser1 > $TmpDir/pki-tps-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-tps-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $TPS_HOST -p $TPS_PORT -t tps user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-019: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-tps-group-member-del-groupadd-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-tps-group-member-del-groupadd-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-tps-group-member-del-groupadd-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-tps-group-member-del-groupadd-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"group1\" testuser2 > $TmpDir/pki-tps-group-member-del-groupadd-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-tps-group-member-del-groupadd-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-tps-group-member-del-groupadd-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'group1' > $TmpDir/pki-tps-group-member-del-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-tps-group-member-del-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-membership-find testuser2 > $TmpDir/pki-tps-group-member-del-groupadd-find-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-tps-group-member-del-groupadd-find-022_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del userall > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del user1 > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del user2 > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del user123 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del testuser1 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser1.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del testuser2 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser2.out" \ + 0 \ + "Deleted user testuser2" + rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser2.out" + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-del-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-find-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-find-tps.sh new file mode 100755 index 000000000..1284e07fa --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-find-tps.sh @@ -0,0 +1,822 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-member-find-tps CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-find-tps Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-find-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-member-find-tps_tests(){ + #Local variables + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-find_tps-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-001: Find tps-group-member when user is added to different groups" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-group-member-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-group-member-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-find-user-find-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i > $TmpDir/pki-tps-group-member-find-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tps-group-member-find-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-find-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-find-groupadd-find-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-002: Find tps-group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-group-member-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-group-member-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-find-user-find-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall > $TmpDir/pki-tps-group-member-find-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tps-group-member-find-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-find-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-003: Find tps-group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"Test group\" group1 > $TmpDir/pki-tps-group-member-find-groupadd-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-tps-group-member-find-groupadd-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-tps-group-member-find-groupadd-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-tps-group-member-find-groupadd-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-tps-group-member-find-useradd-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-tps-group-member-find-useradd-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-tps-group-member-find-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-tps-group-member-find-useradd-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add group1 user$i > $TmpDir/pki-tps-group-member-find-group-member-add-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-tps-group-member-find-group-member-add-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-tps-group-member-find-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 > $TmpDir/pki-tps-group-member-find-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tps-group-member-find-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-tps-group-member-find-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-tps-group-member-find-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-004: Find group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --start=5 > $TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-005: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --start=0 > $TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-006: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-007: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --start=15 > $TmpDir/pki-tps-group-member-find-groupadd-find-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-008: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-009: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=0 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-006.out" 0 \ + "group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-010: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=1 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" 0 \ + "group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-011: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=15 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" 0 \ + "group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-012: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=100 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" 0 \ + "tps-group_member-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-013: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-014: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-015: Find group members with -t option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=5 > $TmpDir/pki-tps-group-member-find-018.out" \ + 0 \ + "Find group-member with -t tps option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tps-group-member-find-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-016: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --start=6 --size=5 > $TmpDir/pki-tps-group-member-find-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tps-group-member-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-017: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-018: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-019: Should not be able to group-member-find using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-020: Should not be able to group-member-find using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using an agent with revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-021: Should not be able to group-member-find using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent TPS_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-022: Should not be able to group-member-find using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired admin TPS_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-023: Should not be able to group-member-find using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent TPS_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-024: Should not be able to group-member-find using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid officer TPS_officerV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-025: Should not be able to group-member-find using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator TPS_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-026: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using TPS_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-027: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted TPS_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-028:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='u9' u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='u9' u9" \ + 0 \ + "Adding uid u9" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-group-member-add-groupadd-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-group-member-add-groupadd-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-group-member-add-groupadd-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-group-member-add-groupadd-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"dadministʁasjɔ̃\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-tps-group-member-find-groupadd-031_2.out" \ + 0 \ + "Adding user u9 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-tps-group-member-find-groupadd-031_2.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-find-groupadd-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-tps-group-member-find-groupadd-find-031_3.out" \ + 0 \ + "Find group-member u9 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-031_3.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-029: Find group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"Test group\" group2 > $TmpDir/pki-tps-group-member-find-groupadd-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-tps-group-member-find-groupadd-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-tps-group-member-find-groupadd-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-tps-group-member-find-groupadd-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add group2 userid$i > $TmpDir/pki-tps-group-member-find-paging-group-member-add-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-tps-group-member-find-paging-group-member-add-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-tps-group-member-find-paging-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group2 > $TmpDir/pki-tps-group-member-find-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tps-group-member-find-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tps-group-member-find-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-tps-group-member-find-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u9 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u9" + rlAssertGrep "Deleted user \"u9\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-00$i.out" + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del user$i > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del userid$i > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del userall > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-userall.out" + + + #===Deleting groups created using TPS_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'group1' > $TmpDir/pki-user-del-tps-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-tps-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'group2' > $TmpDir/pki-user-del-tps-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-tps-group2.out" + + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-find-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-show-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-show-tps.sh new file mode 100755 index 000000000..f4ad7be4f --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-show-tps.sh @@ -0,0 +1,558 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-show-tps Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-show-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-member-show-tps_tests(){ + rlPhaseStartSetup "pki_group_cli_group_member_show_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + rlPhaseStartTest "pki_tps_group_member_show-configtest: pki tps-group-member-show configuration test" + rlRun "pki tps-group-member-show --help > $TmpDir/pki_tps_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki tps-group-member-show" + rlAssertGrep "usage: tps-group-member-show <Group ID> <Member ID> \[OPTIONS...\]" "$TmpDir/pki_tps_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TPS groups #### + rlPhaseStartTest "pki_group_cli_group_member_show_tps-001: Add group to TPS using TPS_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 u1 > $TmpDir/pki_tps_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_tps_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_tps_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_member_show_tps-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-006: Checking if member id case sensitive " + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 U1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 U1 > $TmpDir/pki-tps-group-member-show-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-tps-group-member-show-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-tps-group-member-show-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show TEST_GROUP u1 > $TmpDir/pki-tps-group-member-show-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-tps-group-member-show-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-tps-group-member-show-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-008: Should not be able to show group member using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-009: Should not be able to show group member using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-010: Should not be able to show group members using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-011: Should not be able to show group members using admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-012: Should not be able to show group members using TPS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-013: Should not be able to show group members using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-tps-014: Should not be able to show group members using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-015: Should not be able to show group members using a cert created from a untrusted TPS TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 u1 > $TmpDir/pki-tps-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tps-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u3 > $TmpDir/pki-tps-group-member-show-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-tps-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-tps-group-member-show-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-tps-group-member-show-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-tps-group-member-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-018: Add group to TPS using TPS_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group2 u2 > $TmpDir/pki_tps_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_tps_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_tps_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-019: Add group to TPS using TPS_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"User4\" u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"User4\" u4" \ + 0 \ + "Add user u3 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group3 u4 > $TmpDir/pki_tps_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_tps_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_tps_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps_cleanup-022: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $grp > $TmpDir/pki-group-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$j > $TmpDir/pki-user-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-show-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-mod-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-mod-tps.sh new file mode 100755 index 000000000..f24a8b92b --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-mod-tps.sh @@ -0,0 +1,557 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-group-cli +# Description: PKI group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-mod-tps Modify existing groups in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-mod-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-mod-tps_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_group_cli_group_mod_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +group1=tps_group +group1desc="Test tps group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test tps agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + ##### Tests to modify TPS groups #### + rlPhaseStartTest "pki_group_cli_group_mod_tps-002: Modify a group's description in TPS using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-tps-group-mod-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-tps-group-mod-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-mod-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_tps-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-tps-group-mod-004.out" \ + 0 \ + "Modified group using TPS_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-tps-group-mod-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-mod-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tps-group-mod-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tps-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$randsym\" g2 > $TmpDir/pki-tps-group-mod-005.out" \ + 0 \ + "Modified group using TPS_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-tps-group-mod-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-tps-group-mod-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-mod-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tps-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=$ g3 > $TmpDir/pki-tps-group-mod-008.out" \ + 0 \ + "Modified group using TPS_adminV with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-tps-group-mod-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-mod-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-tps-group-mod-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tps-006: Modify a group to TPS with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-tps-group-mod-007.out" \ + 0 \ + "Modified group g4 to TPS" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-tps-group-mod-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-mod-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-tps-group-mod-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_tps-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_mod_tps-008: Should not be able to modify groups using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1_mod_description' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_tps-009: Should not be able to modify group using an agent or a revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_mod_tps-010: Should not be able to modify groups using a TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_mod_tps-011: Should not be able to modify group using a TPS_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tps-012: Should not be able to modify group using a TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using officer users##### + rlPhaseStartTest "pki_group_cli_group_mod_tps-013: Should not be able to modify group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an officer cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_group_cli_group_mod_tps-014: Should not be able to modify group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as TPS_operatorV" + rlPhaseEnd + +##### Tests to modify groups using TPS_adminUTCA and TPS_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_mod_tps-015: Should not be able to modify groups using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_tps-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify TPS groups with empty parameters #### + + rlPhaseStartTest "pki_group_cli_group_mod_tps-017: Modify a user created group in TPS using TPS_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description=\"\" g5 > $TmpDir/pki-tps-group-mod-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-tps-group-mod-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-mod-0017.out" + rlPhaseEnd + + +##### Tests to modify TPS groups with the same value #### + + rlPhaseStartTest "pki_group_cli_group_mod_tps-018: Modify a group in TPS using TPS_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group1 > $TmpDir/pki-tps-group-mod-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-tps-group-mod-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-mod-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-tps-group-mod-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-tps-group-mod-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-mod-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify TPS groups having i18n chars in the description #### + +rlPhaseStartTest "pki_group_cli_group_mod_tps-019: Modify a groups's description having i18n chars in TPS using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-tps-group-mod-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-tps-group-mod-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-tps-group-mod-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-tps-group-mod-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated TPS groups #### + rlPhaseStartTest "pki_group_cli_group_mod_tps-021: Modify Administrator group's description in TPS using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show Administrators > $TmpDir/pki-tps-group-mod-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-tps-group-mod-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-tps-group-mod-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-tps-group-mod-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tps-group-mod-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tps-022: Modify Administrators group in TPS using TPS_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show Administrators > $TmpDir/pki-tps-group-mod-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-tps-group-mod-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description=\"\" Administrators > $TmpDir/pki-tps-group-mod-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-tps-group-mod-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tps-group-mod-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_group_cli_group_cleanup_tps: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-group-del-tps-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-tps-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $grp > $TmpDir/pki-group-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $i18ngroup > $TmpDir/pki-group-del-tps-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-tps-i18ngroup-001.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-mod-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-show-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-show-tps.sh new file mode 100755 index 000000000..894ebf034 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-show-tps.sh @@ -0,0 +1,732 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-show-tps Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-show-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-show-tps_tests(){ + +rlPhaseStartSetup "pki_group_cli_group_show_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + ##### Tests to show TPS groups #### + rlPhaseStartTest "pki_group_cli_group_show_tps-001: Add group to TPS using TPS_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using TPS_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group1 > $TmpDir/pki-tps-group-show-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-tps-group-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group2" \ + 0 \ + "Add group $group2 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group2 > $TmpDir/pki-tps-group-show-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-tps-group-show-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-tps-group-show-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group3" \ + 0 \ + "Add group $group3 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group3 > $TmpDir/pki-tps-group-show-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-tps-group-show-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-tps-group-show-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group4" \ + 0 \ + "Add group $group4 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group4 > $TmpDir/pki-tps-group-show-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-tps-group-show-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-tps-group-show-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group5" \ + 0 \ + "Add $group5 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group5 > $TmpDir/pki-tps-group-show-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-tps-group-show-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-tps-group-show-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group6" \ + 0 \ + "Add $group6 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group6 > $TmpDir/pki-tps-group-show-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-tps-group-show-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-tps-group-show-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group7" \ + 0 \ + "Add group $group7 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group7 > $TmpDir/pki-tps-group-show-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-tps-group-show-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-tps-group-show-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='$desc' g1" \ + 0 \ + "Added group using TPS_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g1 > $TmpDir/pki-tps-group-show-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-tps-group-show-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-show-001_7.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-show-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='$desc' g2" \ + 0 \ + "Added group using TPS_adminV with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g2 > $TmpDir/pki-tps-group-show-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-tps-group-show-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-show-001_8.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-show-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=# g3" \ + 0 \ + "Add group g3 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-tps-group-show-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tps-group-show-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-show-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-tps-group-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=* g4" \ + 0 \ + "Add group g4 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g4 > $TmpDir/pki-tps-group-show-001_10.out" \ + 0 \ + "Show group g4 using TPS_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-tps-group-show-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-show-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-tps-group-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g5 > $TmpDir/pki-tps-group-show-001_11.out" \ + 0 \ + "Show group g5 using TPS_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-tps-group-show-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-show-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-tps-group-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g6 > $TmpDir/pki-tps-group-show-001_12.out" \ + 0 \ + "Show group g6 using TPS_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-tps-group-show-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-tps-group-show-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-tps-group-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-014: Show group with -t tps option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test g7" \ + 0 \ + "Adding group g7 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g7 > $TmpDir/pki-tps-group-show-001_32.out" \ + 0 \ + "Show group g7 using TPS_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-tps-group-show-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tps-group-show-001_32.out" + rlAssertGrep "Description: $test" "$TmpDir/pki-tps-group-show-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_show_tps-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show G7 > $TmpDir/pki-tps-group-show-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-tps-group-show-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tps-group-show-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-017: Should not be able to show group using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-018: Should not be able to show group using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-019: Should not be able to show group using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-020: Should not be able to show group using admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-021: Should not be able to show group using TPS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-022: Should not be able to show group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-023: Should not be able to show group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-024: Should not be able to show group using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_show_encoded_0025pkcs10.out > $TmpDir/pki_tps_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_tps_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g7 > $TmpDir/pki-tps-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-show-pkiUser1-0025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-026: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using TPS_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-027: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tps-group-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show 'ÖrjanÄke' > $TmpDir/pki-tps-group-show-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-tps-group-show-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tps-group-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-028: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-tps-group-show-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show 'ÉricTêko' > $TmpDir/pki-tps-group-show-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-tps-group-show-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tps-group-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_tps: Deleting the temp directory and groups" + + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-tps-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tps-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $grp > $TmpDir/pki-group-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-tps-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tps-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-show-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} |