From d8ce02c30834982946af80383426186b7f3a04ae Mon Sep 17 00:00:00 2001 From: Roshni Pattath Date: Thu, 11 Jun 2015 08:26:15 -0400 Subject: Changes to directory hierarchy of CA and KRA group tests --- .../pki-group-cli/ca/pki-group-cli-group-add-ca.sh | 572 ++++++++++ .../pki-group-cli/ca/pki-group-cli-group-del-ca.sh | 605 +++++++++++ .../ca/pki-group-cli-group-find-ca.sh | 615 +++++++++++ .../ca/pki-group-cli-group-member-add-ca.sh | 1146 ++++++++++++++++++++ .../ca/pki-group-cli-group-member-del-ca.sh | 796 ++++++++++++++ .../ca/pki-group-cli-group-member-find-ca.sh | 778 +++++++++++++ .../ca/pki-group-cli-group-member-show-ca.sh | 496 +++++++++ .../pki-group-cli/ca/pki-group-cli-group-mod-ca.sh | 525 +++++++++ .../ca/pki-group-cli-group-show-ca.sh | 674 ++++++++++++ .../kra/pki-group-cli-group-add-kra.sh | 577 ++++++++++ .../kra/pki-group-cli-group-del-kra.sh | 635 +++++++++++ .../kra/pki-group-cli-group-find-kra.sh | 650 +++++++++++ .../kra/pki-group-cli-group-member-add-kra.sh | 1091 +++++++++++++++++++ .../kra/pki-group-cli-group-member-del-kra.sh | 770 +++++++++++++ .../kra/pki-group-cli-group-member-find-kra.sh | 793 ++++++++++++++ .../kra/pki-group-cli-group-member-show-kra.sh | 539 +++++++++ .../kra/pki-group-cli-group-mod-kra.sh | 537 +++++++++ .../kra/pki-group-cli-group-show-kra.sh | 711 ++++++++++++ .../pki-group-cli/pki-group-cli-group-add-ca.sh | 572 ---------- .../pki-group-cli/pki-group-cli-group-add-kra.sh | 577 ---------- .../pki-group-cli/pki-group-cli-group-del-ca.sh | 605 ----------- .../pki-group-cli/pki-group-cli-group-del-kra.sh | 635 ----------- .../pki-group-cli/pki-group-cli-group-find-ca.sh | 615 ----------- .../pki-group-cli/pki-group-cli-group-find-kra.sh | 650 ----------- .../pki-group-cli-group-member-add-ca.sh | 1146 -------------------- .../pki-group-cli-group-member-add-kra.sh | 1091 ------------------- .../pki-group-cli-group-member-del-ca.sh | 796 -------------- .../pki-group-cli-group-member-del-kra.sh | 770 ------------- .../pki-group-cli-group-member-find-ca.sh | 778 ------------- .../pki-group-cli-group-member-find-kra.sh | 793 -------------- .../pki-group-cli-group-member-show-ca.sh | 496 --------- .../pki-group-cli-group-member-show-kra.sh | 539 --------- .../pki-group-cli/pki-group-cli-group-mod-ca.sh | 525 --------- .../pki-group-cli/pki-group-cli-group-mod-kra.sh | 537 --------- .../pki-group-cli/pki-group-cli-group-show-ca.sh | 674 ------------ .../pki-group-cli/pki-group-cli-group-show-kra.sh | 711 ------------ 36 files changed, 12510 insertions(+), 12510 deletions(-) create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-add-ca.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-del-ca.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-find-ca.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-add-ca.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-del-ca.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-find-ca.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-show-ca.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-mod-ca.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-show-ca.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-add-kra.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-del-kra.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-find-kra.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-add-kra.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-del-kra.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-find-kra.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-show-kra.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-mod-kra.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-show-kra.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-kra.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-kra.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-kra.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-kra.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-kra.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-kra.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-kra.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-kra.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh delete mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-kra.sh (limited to 'tests/dogtag/acceptance') diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-add-ca.sh new file mode 100755 index 000000000..28e35a01f --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-add-ca.sh @@ -0,0 +1,572 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-add Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-add-ca.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-add-ca_tests(){ + + rlPhaseStartSetup "pki_group_cli_group_add-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + prefix=$subsystemId +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + prefix=$subsystemId + else + prefix=ROOTCA + fi +else + prefix=$MYROLE +fi + +local CA_HOST=$(eval echo \$${MYROLE}) +local CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + rlPhaseStartTest "pki_group_cli-configtest: pki group --help configuration test" + rlRun "pki group --help > $TmpDir/pki_group_cfg.out 2>&1" \ + 0 \ + "pki group --help" + rlAssertGrep "group-find Find groups" "$TmpDir/pki_group_cfg.out" + rlAssertGrep "group-show Show group" "$TmpDir/pki_group_cfg.out" + rlAssertGrep "group-add Add group" "$TmpDir/pki_group_cfg.out" + rlAssertGrep "group-mod Modify group" "$TmpDir/pki_group_cfg.out" + rlAssertGrep "group-del Remove group" "$TmpDir/pki_group_cfg.out" + rlAssertGrep "group-member Group member management commands" "$TmpDir/pki_group_cfg.out" + rlAssertNotGrep "Error: Invalid module \"group---help\"." "$TmpDir/pki_group_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-configtest: pki group-add configuration test" + rlRun "pki group-add --help > $TmpDir/pki_group_add_cfg.out 2>&1" \ + 0 \ + "pki group-add --help" + rlAssertGrep "usage: group-add \[OPTIONS...\]" "$TmpDir/pki_group_add_cfg.out" + rlAssertGrep "\--description Description" "$TmpDir/pki_group_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_add_cfg.out" + rlPhaseEnd + + ##### Tests to add CA groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_group_cli_group_add-CA-001: Add a group to CA using CA_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-group-add-ca-001.out" \ + 0 \ + "Add group $group1 to CA_adminV" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-group-add-ca-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-add-ca-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-group-add-ca-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-group-add-ca-001_1.out" \ + 0 \ + "Added group using CA_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-group-add-ca-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-group-add-ca-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description test $group3 > $TmpDir/pki-group-add-ca-001_2.out" \ + 0 \ + "Added group using CA_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-group-add-ca-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-group-add-ca-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test $group4 > $TmpDir/pki-group-add-ca-001_3.out" \ + 0 \ + "Added group using CA_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-group-add-ca-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-group-add-ca-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test $group5 > $TmpDir/pki-group-add-ca-001_4.out " \ + 0 \ + "Added group using CA_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-group-add-ca-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-group-add-ca-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test $group6 > $TmpDir/pki-group-add-ca-001_5.out " \ + 0 \ + "Added group using CA_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-group-add-ca-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-group-add-ca-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test $group7 > $TmpDir/pki-group-add-ca-001_6.out " \ + 0 \ + "Added group using CA_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-group-add-ca-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-group-add-ca-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"$groupdesc\" g1 > $TmpDir/pki-group-add-ca-001_7.out" \ + 0 \ + "Added group using CA_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-group-add-ca-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-group-add-ca-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-group-add-ca-001_7.out" + actual_desc_string=`cat $TmpDir/pki-group-add-ca-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='$groupdesc' g2 > $TmpDir/pki-group-add-ca-001_8.out" \ + 0 \ + "Added group using CA_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-group-add-ca-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-add-ca-001_8.out" + actual_desc_string=`cat $TmpDir/pki-group-add-ca-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_add-CA-010: Add a duplicate group to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-011: Add a group to CA with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-add --description=\"$desc\" g3 > $TmpDir/pki-group-add-ca-0011.out" \ + 0 \ + "Add group g3 to CA" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-group-add-ca-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-add-ca-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-group-add-ca-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add g7" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add g7 > $TmpDir/pki-group-add-ca-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-group-add-ca-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-group-add-ca-0013.out" + rlPhaseEnd + + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_add-CA-014: Should not be able to add group using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert CA_adminR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-015: Should not be able to add group using a agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert CA_agentR" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_add-CA-016: Should not be able to add group using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert CA_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_add-CA-017: Should not be able to add group using admin user with expired cert CA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert CA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-018: Should not be able to add group using CA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert CA_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using audit users##### + rlPhaseStartTest "pki_group_cli_group_add-CA-019: Should not be able to add group using a CA_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert CA_auditorV" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_group_cli_group_add-CA-020: Should not be able to add group using a CA_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using CA_operatorV" + rlPhaseEnd + + + ##### Tests to add groups using CA_adminUTCA and CA_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_add-CA-021: Should not be able to add group using a cert created from a untrusted CA role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using CA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-023: description with i18n characters" + rlLog "group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='Örjan Äke' g4 > $TmpDir/pki-group-add-ca-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-group-add-ca-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-add-ca-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-group-add-ca-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-024: description with i18n characters" + rlLog "group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='Éric Têko' g5 > $TmpDir/pki-group-add-ca-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-group-add-ca-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-group-add-ca-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-group-add-ca-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-025: description with i18n characters" + rlLog "group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-group-add-ca-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-group-add-ca-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-group-add-ca-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-group-add-ca-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g6 > $TmpDir/pki-group-add-ca-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-group-add-ca-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-group-add-ca-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_add-CA-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-ca-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-ca-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-ca-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-CA-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-ca-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-ca-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ca-001_57.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_cleanup: Deleting groups" + + #===Deleting groups created using CA_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del g$i > $TmpDir/pki-group-del-ca-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using CA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del '$grp' > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-group-del-ca-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-group-del-ca-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-group-del-ca-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-group-i18n_2.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-del-ca.sh new file mode 100755 index 000000000..715624d98 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-del-ca.sh @@ -0,0 +1,605 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-del Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-del-ca_tests(){ + + rlPhaseStartSetup "pki_group_cli_group_del-CA-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + prefix=$subsystemId +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + prefix=$subsystemId + else + prefix=ROOTCA + fi +else + prefix=$MYROLE +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_del-CA-ca-configtest-001: pki group-del --help configuration test" + rlRun "pki group-del --help > $TmpDir/group_del.out 2>&1" 0 "pki group-del --help" + rlAssertGrep "usage: group-del " "$TmpDir/group_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/group_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-ca-configtest-002: pki group-del configuration test" + rlRun "pki group-del > $TmpDir/group_del_2.out 2>&1" 255 "pki group-del" + rlAssertGrep "usage: group-del " "$TmpDir/group_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/group_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/group_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-003: Delete valid groups" + group1=ca_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to CA using CA_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using CA_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del g$i > $TmpDir/pki-group-del-ca-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to CA using CA_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using CA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del $grp > $TmpDir/pki-group-del-ca-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-004: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del GROUP_ABC > $TmpDir/pki-group-del-ca-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-group-del-ca-group-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-005: Delete group when required option group id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del > $TmpDir/pki-group-del-ca-group-003_1.out 2>&1" \ + 255 \ + "Cannot delete a group without groupid" + rlAssertGrep "usage: group-del " "$TmpDir/pki-group-del-ca-group-003_1.out" + rlPhaseEnd + + rlPhseStartTest "pki_group_cli_group_del-CA-006: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test \"$group2\" > $TmpDir/pki-group-add-ca-001_1.out" \ + 0 \ + "Added group using CA_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del \"$group2\" > $TmpDir/pki-group-del-ca-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using CA_adminV" + actual_groupid_string=`cat $TmpDir/pki-group-del-ca-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-007: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test '$groupid' > $TmpDir/pki-group-add-ca-001_8.out" \ + 0 \ + "Added group using CA_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del '$groupid' > $TmpDir/pki-group-del-ca-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using CA_adminV" + actual_groupid_string=`cat $TmpDir/pki-group-del-ca-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show '$groupid' > $TmpDir/pki-group-del-ca-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-group-del-ca-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-008: Delete group from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-group-add-ca-009.out" \ + 0 \ + "Add group g1 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-del g1 > $TmpDir/pki-group-del-ca-group-009.out" \ + 0 \ + "Deleting group g1 using -t ca option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-group-del-ca-group-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-009: Should not be able to delete group using a revoked cert CA_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-ca-010.out" \ + 0 \ + "Add group g2 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g2 > $TmpDir/pki-group-show-ca-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-010: Should not be able to delete group using a agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g2 > $TmpDir/pki-group-show-ca-002.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-002.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-002.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-011: Should not be able to delete group using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g2 > $TmpDir/pki-group-show-ca-003.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-003.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-003.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-012: Should not be able to delete group using a admin user with expired cert CA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g2 > $TmpDir/pki-group-show-ca-004.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-004.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-004.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-013: Should not be able to delete a group using CA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g2 > $TmpDir/pki-group-show-ca-005.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-005.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-014: Should not be able to delete group using a CA_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a audit cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g2 > $TmpDir/pki-group-show-ca-006.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-006.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-006.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-015: Should not be able to delete group using a CA_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g2 > $TmpDir/pki-group-show-ca-007.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-007.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-007.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-016: Should not be able to delete group using a cert created from a untrusted CA CA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g2 > $TmpDir/pki-group-show-ca-008.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-008.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-008.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-017: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_del_encoded_0025pkcs10.out > $TmpDir/pki_ca_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_ca_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del g2" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del g2 > $TmpDir/pki-ca-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ca-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g2 > $TmpDir/pki-group-show-ca-009.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-009.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-009.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-009.out" + + #Cleanup:delete group g2 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del g2 > $TmpDir/pki-group-del-ca-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-018: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-ca-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-ca-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-ca-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA-020: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-ca-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-ca-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ca-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show 'ÉricTêko' > $TmpDir/pki-group-add-ca-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-ca-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ca-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-CA_cleanup-004: Deleting the temp directory" + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-find-ca.sh new file mode 100755 index 000000000..427f2ffb5 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-find-ca.sh @@ -0,0 +1,615 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-find To list groups in CA. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-find-ca_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + prefix=$subsystemId +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + prefix=$subsystemId + else + prefix=ROOTCA + fi +else + prefix=$MYROLE +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + + rlPhaseStartSetup "pki_group_cli_group_find-ca-startup: Create temporary directory and add groups" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_find-ca-configtest-001: pki group-find --help configuration test" + rlRun "pki group-find --help > $TmpDir/group_find.out 2>&1" 0 "pki group-find --help" + rlAssertGrep "usage: group-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/group_find.out" + rlAssertGrep "\--size Page size" "$TmpDir/group_find.out" + rlAssertGrep "\--start Page start" "$TmpDir/group_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/group_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-configtest-002: pki group-find configuration test" + command="pki group-find" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --size=5 > $TmpDir/pki-group-find-ca-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-group-find-ca-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --size=0 > $TmpDir/pki-group-find-ca-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-find-ca-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-005: Find all groups, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --size=$large_num > $TmpDir/pki-group-find-ca-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-group-find-ca-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --size=$maximum_check > $TmpDir/pki-group-find-ca-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-group-find-ca-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find > $TmpDir/pki-group-find-ca-007_1.out 2>&1" \ + 0 \ + "Get all groups in CA" + group_entry_10=`cat $TmpDir/pki-group-find-ca-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --start=10 > $TmpDir/pki-group-find-ca-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-group-find-ca-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-group-find-ca-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --start=10000 > $TmpDir/pki-group-find-ca-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-find-ca-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --start=$maximum_check > $TmpDir/pki-group-find-ca-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-find-ca-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --start=0 > $TmpDir/pki-group-find-ca-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-group-find-ca-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find > $TmpDir/pki-group-find-ca-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in CA" + group_entry_12=`cat $TmpDir/pki-group-find-ca-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --start=12 --size=12 > $TmpDir/pki-group-find-ca-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-group-find-ca-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-group-find-ca-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find > $TmpDir/pki-group-find-ca-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in CA" + group_entry_12=`cat $TmpDir/pki-group-find-ca-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --start=12 --size=0 > $TmpDir/pki-group-find-ca-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-find-ca-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-021: Should not be able to find group using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT user-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-022: Should not be able to find groups using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-023: Should not be able to find groups using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-024: Should not be able to find groups using admin user with expired cert CA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-025: Should not be able to find groups using CA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-026: Should not be able to find groups using a CA_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid auditor cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-027: Should not be able to find groups using a CA_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-028: Should not be able to find groups using a cert created from a untrusted CA role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using CA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_find_encoded_0029pkcs10.out > $TmpDir/pki_ca_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_ca_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --start=1 --size=5 > $TmpDir/pki-ca-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ca-group-find-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-030: find groups when group id has i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-group-find-ca-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --size=1000 > $TmpDir/pki-group-show-ca-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-show-ca-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-group-show-ca-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-031: find group when group id has i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-group-show-ca-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find --size=1000 > $TmpDir/pki-group-show-ca-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-show-ca-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-group-show-ca-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_group_cli_group_find-ca-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find Administrator > $TmpDir/pki-group-show-ca-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-group-show-ca-033.out" + rlAssertGrep "Group ID: Security Domain Administrators" "$TmpDir/pki-group-show-ca-033.out" + rlAssertGrep "Group ID: Enterprise CA Administrators" "$TmpDir/pki-group-show-ca-033.out" + rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-group-show-ca-033.out" + rlAssertGrep "Group ID: Enterprise RA Administrators" "$TmpDir/pki-group-show-ca-033.out" + rlAssertGrep "Group ID: Enterprise OCSP Administrators" "$TmpDir/pki-group-show-ca-033.out" + rlAssertGrep "Group ID: Enterprise TKS Administrators" "$TmpDir/pki-group-show-ca-033.out" + rlAssertGrep "Group ID: Enterprise TPS Administrators" "$TmpDir/pki-group-show-ca-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-033: find group - filter 'KRA'" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find KRA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-find KRA > $TmpDir/pki-group-show-ca-034.out" \ + 0 \ + "Find group with Keyword KRA" + rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-group-show-ca-034.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ca-034: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using CA_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del g$i > $TmpDir/pki-group-del-ca-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-group-i18n_2.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-add-ca.sh new file mode 100755 index 000000000..7cdf93e96 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-add-ca.sh @@ -0,0 +1,1146 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-add Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-member-add-ca.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-add-ca_tests(){ + #Local variables + groupid1="Certificate Manager Agents" + groupid2="Registration Manager Agents" + groupid3="Subsystem Group" + groupid4="Trusted Managers" + groupid5="Administrators" + groupid6="Auditors" + groupid7="ClonedSubsystems" + groupid8="Security Domain Administrators" + groupid9="Enterprise CA Administrators" + groupid10="Enterprise KRA Administrators" + groupid11="Enterprise OCSP Administrators" + groupid12="Enterprise TKS Administrators" + groupid13="Enterprise RA Administrators" + groupid14="Enterprise TPS Administrators" + + rlPhaseStartSetup "pki_group_cli_group_membership-add-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + prefix=$subsystemId +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + prefix=$subsystemId + else + prefix=ROOTCA + fi +else + prefix=$MYROLE +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-002: pki group-member configuration test" + rlRun "pki group-member > $TmpDir/pki_group_member_cfg.out 2>&1" \ + 0 \ + "pki group-member" + rlAssertGrep "Commands:" "$TmpDir/pki_group_member_cfg.out" + rlAssertGrep "group-member-find Find group members" "$TmpDir/pki_group_member_cfg.out" + rlAssertGrep "group-member-add Add group member" "$TmpDir/pki_group_member_cfg.out" + rlAssertGrep "group-member-del Remove group member" "$TmpDir/pki_group_member_cfg.out" + rlAssertGrep "group-member-show Show group member" "$TmpDir/pki_group_member_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-003: pki group-member-add --help configuration test" + rlRun "pki group-member-add --help > $TmpDir/pki_group_member_add_cfg.out 2>&1" \ + 0 \ + "pki group-member-add --help" + rlAssertGrep "usage: group-member-add \[OPTIONS...\]" "$TmpDir/pki_group_member_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-004: pki group-member-add configuration test" + rlRun "pki group-member-add > $TmpDir/pki_group_member_add_2_cfg.out 2>&1" \ + 255 \ + "pki group-member-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_group_member_add_2_cfg.out" + rlAssertGrep "usage: group-member-add \[OPTIONS...\]" "$TmpDir/pki_group_member_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-005: Add users to available groups using valid admin user CA_adminV" + i=1 + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-group-member-add-group-add-ca-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-group-member-add-group-add-ca-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-group-member-add-group-add-ca-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-group-member-add-group-add-ca-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-show u$i > $TmpDir/pki-group-member-add-group-show-ca-00$i.out" \ + 0 \ + "Show pki CA_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-group-member-add-group-show-ca-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-group-member-add-group-show-ca-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-group-member-add-group-show-ca-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" u$i > $TmpDir/pki-group-member-add-groupadd-ca-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-group-member-add-groupadd-ca-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-add-groupadd-ca-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"$gid\" > $TmpDir/pki-group-member-add-groupadd-find-ca-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-add-groupadd-find-ca-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-006: Add a user to all available groups using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-group-member-add-user-add-ca-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-group-member-add-user-add-ca-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-group-member-add-user-add-ca-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-group-member-add-user-add-ca-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-show userall > $TmpDir/pki-group-member-add-user-show-ca-userall-001.out" \ + 0 \ + "Show pki CA_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-group-member-add-user-show-ca-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-group-member-add-user-show-ca-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-group-member-add-user-show-ca-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" userall > $TmpDir/pki-group-member-add-groupadd-ca-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-group-member-add-groupadd-ca-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-group-member-add-groupadd-ca-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"$gid\" > $TmpDir/pki-group-member-add-groupadd-find-ca-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-group-member-add-groupadd-find-ca-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_group_member-add-CA-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-group-member-add-user-add-ca-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-group-member-add-user-add-ca-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-group-member-add-user-add-ca-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-group-member-add-user-add-ca-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-show user1 > $TmpDir/pki-group-member-add-user-show-ca-user1-001.out" \ + 0 \ + "Show pki CA_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-group-member-add-user-show-ca-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-group-member-add-user-show-ca-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-group-member-add-user-show-ca-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-group-member-add-groupadd-ca-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-group-member-add-groupadd-ca-user1-001.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-group-member-add-user-add-ca-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-009: Should be able to group-member-add user to Administrator group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=test u20" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=test u20" \ + 0 \ + "Adding uid u20" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" u20" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-group-member-add-groupadd-ca-009_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-group-member-add-groupadd-ca-009_2.out" + rlAssertGrep "User: u20" "$TmpDir/pki-group-member-add-groupadd-ca-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find 'Administrators'" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-group-member-add-groupadd-find-ca-009_3.out" \ + 0 \ + "Check user u20 added to group Administrators" + rlAssertGrep "User: u20" "$TmpDir/pki-group-member-add-groupadd-find-ca-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-010: Should be able to group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName='u21' u21" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName='u21' u21" \ + 0 \ + "Adding uid u21" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-group-member-add-groupadd-ca-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-member-add-groupadd-ca-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-group-member-add-groupadd-ca-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-group-member-add-groupadd-ca-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"dadministʁasjɔ̃\" u21 > $TmpDir/pki-group-member-add-groupadd-ca-010_2.out" \ + 0 \ + "Adding user u21 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u21\"" "$TmpDir/pki-group-member-add-groupadd-ca-010_2.out" + rlAssertGrep "User: u21" "$TmpDir/pki-group-member-add-groupadd-ca-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-group-member-add-groupadd-find-ca-010_3.out" \ + 0 \ + "Check user u21 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u21" "$TmpDir/pki-group-member-add-groupadd-find-ca-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-011: Should not be able to group-member-add using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using a revoked cert CA_adminR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-012: Should not be able to group-member-add using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using an agent with revoked cert CA_agentR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-013: Should not be able to group-member-add using admin user with expired cert CA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using admin user with expired cert CA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-014: Should not be able to group-member-add using CA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-015: Should not be able to group-member-add using CA_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-016: Should not be able to group-member-add using CA_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-017: Should not be able to group-member-add using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-018: Should not be able to group-member-add using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-add-CA-019: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" testuser1 > $TmpDir/pki-group-member-add-groupadd-ca-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-group-member-add-groupadd-ca-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-group-member-add-groupadd-ca-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-cert-add testuser1 --input $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT ca-user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "ca-user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$groupid5\" testuser1 > $TmpDir/pki-ca-group-member-add-groupadd-usertest1-019_2.out" \ + 0 \ + "Adding user testuser1 to group \"$groupid5\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-ca-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-ca-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find $groupid5 > $TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=test_user us19 > $TmpDir/pki-ca-user-add-019_4.out" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-ca-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-ca-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-ca-user-add-019_4.out" + rlPhaseEnd + + #Usability test + rlPhaseStartTest "pki_group_cli_group_member-add-CA-020: User associated with Certificate Manager Agents group only can approve certificate requests" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullName_user2\" testuser2" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Test User2\" subject_uid:testuser2 subject_email:testuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.out > $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser2\" -i $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-cert-add testuser2 --input $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem" + rlLog "Check testuser2 is not in group Certificate Manager Agents" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"$groupid1\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"$groupid1\" > $TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-020_1.out" \ + 0 \ + "Check ca-group-member for testuser2" + rlAssertNotGrep "User: testuser2" "$TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-020_1.out" + + #Trying to approve a certificate request using testuser2 should fail + rlRun "run_req_action_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$TEMP_NSS_DB cert_db_pwd:$TEMP_NSS_DB_PASSWD \ + certdb_nick:\"testuser2\" cert_info:$cert_info" 0 "Cert approval by testuser2 should fail" + + rlAssertGrep "Authorization Error" "$cert_info" + + #Add user testuser2 to Certificate Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$groupid1\" testuser2 > $TmpDir/pki-ca-group-member-add-groupadd-usertest1-020_3.out" \ + 0 \ + "Adding user testuser2 to group \"$groupid1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-ca-group-member-add-groupadd-usertest1-020_3.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-ca-group-member-add-groupadd-usertest1-020_3.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"$groupid1\" > $TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-020_4.out" \ + 0 \ + "Check group-memberfor testuser2" + rlAssertGrep "User: testuser2" "$TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-020_4.out" + + #Trying to approve a certificate request using testuser2 should now succeed + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$TEMP_NSS_DB cert_db_pwd:$TEMP_NSS_DB_PASSWD \ + certdb_nick:\"testuser2\" cert_info:$cert_info" 0 "Successfully approved a cert by testuser2" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-021: Should not be able to add a non existing user to a group" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"$groupid5\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-022: Add a group and add a user to the group using valid admin user CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-group-member-add-group-add-ca-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-group-member-add-group-add-ca-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-group-member-add-group-add-ca-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-group-member-add-group-add-ca-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu15\" u15" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu15\" u15 > $TmpDir/pki-group-member-add-user-add-ca-022.out" \ + 0 \ + "Adding user u15" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-group-member-add-user-add-ca-022.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-group-member-add-user-add-ca-022.out" + rlAssertGrep "Full name: fullNameu15" "$TmpDir/pki-group-member-add-user-add-ca-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add g1 u15" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add g1 u15 > $TmpDir/pki-group-member-add-groupadd-ca-022.out" \ + 0 \ + "Adding user u15 to group g1" + rlAssertGrep "Added group member \"u15\"" "$TmpDir/pki-group-member-add-groupadd-ca-022.out" + rlAssertGrep "User: u15" "$TmpDir/pki-group-member-add-groupadd-ca-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find g1 > $TmpDir/pki-group-member-add-groupadd-find-ca-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u15" "$TmpDir/pki-group-member-add-groupadd-find-ca-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-023: Add two group and add a user to the two different group using valid admin user CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-group-member-add-group-add-ca-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-group-member-add-group-add-ca-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-member-add-group-add-ca-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-group-member-add-group-add-ca-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-group-member-add-group-add-ca-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-group-member-add-group-add-ca-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-member-add-group-add-ca-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-member-add-group-add-ca-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu16\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu16\" u16 > $TmpDir/pki-group-member-add-user-add-ca-023.out" \ + 0 \ + "Adding user u16" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-group-member-add-user-add-ca-023.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-group-member-add-user-add-ca-023.out" + rlAssertGrep "Full name: fullNameu16" "$TmpDir/pki-group-member-add-user-add-ca-023.out" + rlLog "Adding the user u16 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add g2 u16" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add g2 u16 > $TmpDir/pki-group-member-add-groupadd-ca-023.out" \ + 0 \ + "Adding user u16 to group g2" + rlAssertGrep "Added group member \"u16\"" "$TmpDir/pki-group-member-add-groupadd-ca-023.out" + rlAssertGrep "User: u16" "$TmpDir/pki-group-member-add-groupadd-ca-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find g2 > $TmpDir/pki-group-member-add-groupadd-find-ca-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u16" "$TmpDir/pki-group-member-add-groupadd-find-ca-023.out" + rlLog "Adding the user u16 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add g3 u16" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add g3 u16 > $TmpDir/pki-group-member-add-groupadd-ca-023_1.out" \ + 0 \ + "Adding user u16 to group g3" + rlAssertGrep "Added group member \"u16\"" "$TmpDir/pki-group-member-add-groupadd-ca-023_1.out" + rlAssertGrep "User: u16" "$TmpDir/pki-group-member-add-groupadd-ca-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find g3 > $TmpDir/pki-group-member-add-groupadd-find-ca-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u16" "$TmpDir/pki-group-member-add-groupadd-find-ca-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-024: Add a group, add a user to the group and delete the group using valid admin user CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g4description\" gr4 > $TmpDir/pki-group-member-add-group-add-ca-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-group-member-add-group-add-ca-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-group-member-add-group-add-ca-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-group-member-add-group-add-ca-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu17\" u17" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu17\" u17 > $TmpDir/pki-group-member-add-user-add-ca-024.out" \ + 0 \ + "Adding user u17" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-group-member-add-user-add-ca-024.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-group-member-add-user-add-ca-024.out" + rlAssertGrep "Full name: fullNameu17" "$TmpDir/pki-group-member-add-user-add-ca-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add gr4 u17" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add gr4 u17 > $TmpDir/pki-group-member-add-groupadd-ca-024.out" \ + 0 \ + "Adding user u17 to group gr4" + rlAssertGrep "Added group member \"u17\"" "$TmpDir/pki-group-member-add-groupadd-ca-024.out" + rlAssertGrep "User: u17" "$TmpDir/pki-group-member-add-groupadd-ca-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find gr4 > $TmpDir/pki-group-member-add-groupadd-find-ca-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u17" "$TmpDir/pki-group-member-add-groupadd-find-ca-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del gr4 > $TmpDir/pki-group-member-add-groupdel-ca-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-group-member-add-groupdel-ca-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-membership-find u17" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-membership-find u17 > $TmpDir/pki-group-member-add-usermembership-ca-024.out" \ + 0 \ + "Checking for user membership of u17" + rlAssertGrep "0 entries matched" "$TmpDir/pki-group-member-add-usermembership-ca-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-025: Add a group, add a user to the group and modify the group using valid admin user CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g5description\" g4 > $TmpDir/pki-group-member-add-group-add-ca-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-group-member-add-group-add-ca-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-member-add-group-add-ca-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-group-member-add-group-add-ca-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu18\" u18" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu18\" u18 > $TmpDir/pki-group-member-add-user-add-ca-025.out" \ + 0 \ + "Adding user u18" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-group-member-add-user-add-ca-025.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-group-member-add-user-add-ca-025.out" + rlAssertGrep "Full name: fullNameu18" "$TmpDir/pki-group-member-add-user-add-ca-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add g4 u18" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add g4 u18 > $TmpDir/pki-group-member-add-groupadd-ca-025.out" \ + 0 \ + "Adding user u18 to group g4" + rlAssertGrep "Added group member \"u18\"" "$TmpDir/pki-group-member-add-groupadd-ca-025.out" + rlAssertGrep "User: u18" "$TmpDir/pki-group-member-add-groupadd-ca-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find g4 > $TmpDir/pki-group-member-add-groupadd-find-ca-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u18" "$TmpDir/pki-group-member-add-groupadd-find-ca-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod g4 --description=\"Modified group\" > $TmpDir/pki-group-member-add-groupmod-ca-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-group-member-add-groupmod-ca-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-member-add-groupmod-ca-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-group-member-add-groupmod-ca-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-CA-026: Add a group, add a user to the group, run user-membership-del on the user and run group-member-find using valid admin user CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"g6description\" g5 > $TmpDir/pki-group-member-add-group-add-ca-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-group-member-add-group-add-ca-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-group-member-add-group-add-ca-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-group-member-add-group-add-ca-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu19\" u19" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu19\" u19 > $TmpDir/pki-group-member-add-user-add-ca-026.out" \ + 0 \ + "Adding user u19" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-group-member-add-user-add-ca-026.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-group-member-add-user-add-ca-026.out" + rlAssertGrep "Full name: fullNameu19" "$TmpDir/pki-group-member-add-user-add-ca-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add g5 u19" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add g5 u19 > $TmpDir/pki-group-member-add-groupadd-ca-026.out" \ + 0 \ + "Adding user u19 to group g5" + rlAssertGrep "Added group member \"u19\"" "$TmpDir/pki-group-member-add-groupadd-ca-026.out" + rlAssertGrep "User: u19" "$TmpDir/pki-group-member-add-groupadd-ca-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find g5 > $TmpDir/pki-group-member-add-groupadd-find-ca-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u19" "$TmpDir/pki-group-member-add-groupadd-find-ca-026.out" + #run user-membership-del on u19 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-membership-del u19 g5 > $TmpDir/pki-group-member-add-user-membership-del-ca-026.out" \ + 0 \ + "user-membership-del on u19" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-group-member-add-user-membership-del-ca-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find g5 > $TmpDir/pki-group-member-add-group-member-find-ca-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-group-member-add-group-member-find-ca-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_member-add-ca-cleanup-001: Deleting the temp directory and users and groups" + #===Deleting users created using CA_adminV cert===# + i=1 + while [ $i -lt 22 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del u$i > $TmpDir/pki-user-del-ca-group-member-add-user-del-ca-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-group-member-add-user-del-ca-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del g$i > $TmpDir/pki-user-del-ca-group-member-add-group-del-ca-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-ca-group-member-add-group-del-ca-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del userall > $TmpDir/pki-group-del-ca-group-member-add-user-del-ca-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-ca-group-member-add-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del user1 > $TmpDir/pki-user-del-ca-group-member-add-user-del-ca-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ca-group-member-add-user-del-ca-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del us19 > $TmpDir/pki-user-del-ca-group-member-add-user-del-ca-u19-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-ca-group-member-add-user-del-ca-u19-001.out" + #===Deleting users created using CA_adminV cert===# + i=1 + while [ $i -lt 3 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del testuser$i > $TmpDir/pki-group-member-add-ca-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-ca-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-del-ca.sh new file mode 100755 index 000000000..b8dcb84d1 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-del-ca.sh @@ -0,0 +1,796 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-member-add-ca.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-del-ca_tests(){ + #Available groups ca-group-find + groupid1="Certificate Manager Agents" + groupid2="Registration Manager Agents" + groupid3="Subsystem Group" + groupid4="Trusted Managers" + groupid5="Administrators" + groupid6="Auditors" + groupid7="ClonedSubsystems" + groupid8="Security Domain Administrators" + groupid9="Enterprise CA Administrators" + groupid10="Enterprise KRA Administrators" + groupid11="Enterprise OCSP Administrators" + groupid12="Enterprise TKS Administrators" + groupid13="Enterprise RA Administrators" + groupid14="Enterprise TPS Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + prefix=$subsystemId +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + prefix=$subsystemId + else + prefix=ROOTCA + fi +else + prefix=$MYROLE +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-002: pki group-member-del --help configuration test" + rlRun "pki group-member-del --help > $TmpDir/pki_group_member_del_cfg.out 2>&1" \ + 0 \ + "pki group-member-del --help" + rlAssertGrep "usage: group-member-del \[OPTIONS...\]" "$TmpDir/pki_group_member_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-003: pki group-member-del configuration test" + rlRun "pki group-member-del > $TmpDir/pki_group_member_del_2_cfg.out 2>&1" \ + 255 \ + "pki group-member-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_group_member_del_2_cfg.out" + rlAssertGrep "usage: group-member-del \[OPTIONS...\]" "$TmpDir/pki_group_member_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-004: Delete group-member when user is added to different groups" + i=1 + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-group-member-del-user-add-ca-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-group-member-del-user-add-ca-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-group-member-del-user-add-ca-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-group-member-del-user-add-ca-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" u$i > $TmpDir/pki-group-member-del-groupadd-ca-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-group-member-del-groupadd-ca-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-del-groupadd-ca-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"$gid\" > $TmpDir/pki-group-member-del-groupadd-find-ca-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-del-groupadd-find-ca-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-del \"$gid\" u$i > $TmpDir/pki-group-member-del-groupdel-del-ca-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-group-member-del-groupdel-del-ca-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-005: Delete group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-group-member-del-user-add-ca-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-group-member-del-user-add-ca-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-group-member-del-user-add-ca-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-group-member-del-user-add-ca-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" userall > $TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"$gid\" > $TmpDir/pki-group-member-del-groupadd-find-ca-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-group-member-del-groupadd-find-ca-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-del \"$gid\" userall > $TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-006: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-group-member-del-user-add-ca-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-007: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-group-member-del-user-add-ca-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"Administrators\" user2 > $TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-008: Should not be able to group-member-del using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert CA_adminR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-009: Should not be able to group-member-del using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member using a revoked cert CA_agentR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-010: Should not be able to group-member-del using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert CA_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-011: Should not be able to group-member-del using admin user with expired cert CA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using admin user with expired cert CA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-012: Should not be able to group-member-del using CA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-013: Should not be able to group-member-del using CA_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-014: Should not be able to group-member-del using CA_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-015: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-016: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT user-membership-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-017: Delete group-member - group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName='u16' u16" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName='u16' u16" \ + 0 \ + "Adding uid u16" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-group-member-del-groupadd-ca-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-member-del-groupadd-ca-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-group-member-del-groupadd-ca-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-group-member-del-groupadd-ca-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"dadministʁasjɔ̃\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"dadministʁasjɔ̃\" u16 > $TmpDir/pki-group-member-del-groupadd-ca-017_2.out" \ + 0 \ + "Adding user u16 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u16\"" "$TmpDir/pki-group-member-del-groupadd-ca-017_2.out" + rlAssertGrep "User: u16" "$TmpDir/pki-group-member-del-groupadd-ca-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-del 'dadministʁasjɔ̃' u16 > $TmpDir/pki-group-member-del-ca-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u16\"" "$TmpDir/pki-group-member-del-ca-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-group-member-del-groupadd-find-ca-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-group-member-del-groupadd-find-ca-017_4.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-018: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-group-member-del-user-del-ca-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-group-member-del-user-del-ca-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-group-member-del-user-del-ca-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-group-member-del-user-del-ca-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-group-member-del-user-del-ca-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-group-member-del-user-del-ca-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-group-member-del-user-del-ca-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-group-member-del-user-del-ca-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"Administrators\" u20 > $TmpDir/pki-group-member-add-groupadd-ca-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-group-member-add-groupadd-ca-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"Certificate Manager Agents\" u20 > $TmpDir/pki-group-member-add-groupadd-ca-20_3.out" \ + 0 \ + "Adding user u20 to group \"Certificate Manager Agents\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-group-member-add-groupadd-ca-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find Administrators > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"Certificate Manager Agents\" > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_5.out" \ + 0 \ + "List members of Certificate Manager Agents group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del u20 > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find Administrators > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"Certificate Manager Agents\" > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_8.out" \ + 0 \ + "List members of Certificate Manager Agents group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-del-CA-020: User deleted from Administrators group can't create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-group-member-del-user-add-ca-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"Administrators\" testuser1 > $TmpDir/pki-group-member-add-groupadd-ca-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-group-member-add-groupadd-ca-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_ca_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $TmpDir/pki_ca_group_member_del_encoded_0021pkcs10.out -t "u,u,u"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-cert-add testuser1 --input $TmpDir/pki_ca_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName='test_user' u15" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName='test_user' u15 > $TmpDir/pki-user-add-ca-021_4.out" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-user-add-ca-021_4.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-add-ca-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ca-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-del \"Administrators\" testuser1 > $TmpDir/pki-ca-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-ca-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-del-CA-021: User deleted from the Certificate Manager Agents group can not approve certificate requests" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"Certificate Manager Agents\" testuser1 > $TmpDir/pki-group-member-add-groupadd-ca-22.out" \ + 0 \ + "Adding user testuser1 to group \"Certificate Manager Agents\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-group-member-add-groupadd-ca-22.out" + + #Trying to approve a certificate request using testuser1 should succeed + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$TEMP_NSS_DB cert_db_pwd:$TEMP_NSS_DB_PASSWD \ + certdb_nick:\"testuser1\" cert_info:$cert_info" 0 "Successfully approved a cert by testuser1" + + #Delete testuser1 from Certificate Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-del \"Certificate Manager Agents\" testuser1 > $TmpDir/pki-ca-group-member-del-groupdel-del-022_3.out" \ + 0 \ + "User deleted from group \"Certificate Manager Agents\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-ca-group-member-del-groupdel-del-022_3.out" + + #Trying to approve a certificate request using testuser1 should fail + + rlRun "run_req_action_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$TEMP_NSS_DB cert_db_pwd:$TEMP_NSS_DB_PASSWD \ + certdb_nick:\"testuser1\" cert_info:$cert_info" 0 "Cert approval by testuser1 should fail" + + rlAssertGrep "Authorization Error" "$cert_info" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-CA-022: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName='Test User2' testuser2" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-group-member-del-groupadd-ca-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-group-member-del-groupadd-ca-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-group-member-del-groupadd-ca-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-group-member-del-groupadd-ca-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"group1\" testuser2 > $TmpDir/pki-group-member-del-groupadd-ca-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-group-member-del-groupadd-ca-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-group-member-del-groupadd-ca-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'group1' > $TmpDir/pki-group-member-del-ca-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-group-member-del-ca-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-membership-find testuser2 > $TmpDir/pki-group-member-del-groupadd-find-ca-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-group-member-del-groupadd-find-ca-022_4.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member-del-ca-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using CA_adminV cert===# + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del u$i > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del userall > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del user1 > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del user2 > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del user123 > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del testuser1 > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-testuser1.out" + + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ca-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ca-group-i18n_1.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-find-ca.sh new file mode 100755 index 000000000..e5009fa08 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-find-ca.sh @@ -0,0 +1,778 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI user-cli-group-member-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-find Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-member-find-ca.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-member-find-ca_tests(){ + #Local variables + #Available groups ca-group-find + groupid1="Certificate Manager Agents" + groupid2="Registration Manager Agents" + groupid3="Subsystem Group" + groupid4="Trusted Managers" + groupid5="Administrators" + groupid6="Auditors" + groupid7="ClonedSubsystems" + groupid8="Security Domain Administrators" + groupid9="Enterprise CA Administrators" + groupid10="Enterprise KRA Administrators" + groupid11="Enterprise OCSP Administrators" + groupid12="Enterprise TKS Administrators" + groupid13="Enterprise RA Administrators" + groupid14="Enterprise TPS Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + prefix=$subsystemId +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + prefix=$subsystemId + else + prefix=ROOTCA + fi +else + prefix=$MYROLE +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-002: pki group-member-find --help configuration test" + rlRun "pki group-member-find --help > $TmpDir/pki_group_member_find_cfg.out 2>&1" \ + 0 \ + "pki group-member-find --help" + rlAssertGrep "usage: group-member-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_group_member_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_find_cfg.out" + rlAssertGrep "\--size Page size" "$TmpDir/pki_group_member_find_cfg.out" + rlAssertGrep "\--start Page start" "$TmpDir/pki_group_member_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-003: pki group-member-find configuration test" + rlRun "pki group-member-find > $TmpDir/pki_group_member_find_2_cfg.out 2>&1" \ + 255 \ + "pki group-member-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_group_member_find_2_cfg.out" + rlAssertGrep "usage: group-member-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_group_member_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_find_2_cfg.out" + rlAssertGrep "\--size Page size" "$TmpDir/pki_group_member_find_2_cfg.out" + rlAssertGrep "\--start Page start" "$TmpDir/pki_group_member_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-004: Find group-member when user is added to different groups" + i=1 + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-group-member-find-user-find-ca-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-group-member-find-user-find-ca-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-group-member-find-user-find-ca-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-group-member-find-user-find-ca-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" u$i > $TmpDir/pki-group-member-find-groupadd-ca-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-group-member-find-groupadd-ca-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-find-groupadd-ca-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"$gid\" > $TmpDir/pki-group-member-find-groupadd-find-ca-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-find-groupadd-find-ca-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-005: Find group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-group-member-find-user-find-ca-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-group-member-find-user-find-ca-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-group-member-find-user-find-ca-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-group-member-find-user-find-ca-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 15 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"$gid\" userall > $TmpDir/pki-group-member-find-groupadd-ca-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-group-member-find-groupadd-ca-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-group-member-find-groupadd-ca-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"$gid\" > $TmpDir/pki-group-member-find-groupadd-find-ca-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-group-member-find-groupadd-find-ca-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-006: Find group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"Test group\" group1 > $TmpDir/pki-group-member-find-groupadd-ca-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-group-member-find-groupadd-ca-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-group-member-find-groupadd-ca-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-group-member-find-groupadd-ca-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-group-member-find-useradd-ca-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-group-member-find-useradd-ca-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-group-member-find-useradd-ca-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-group-member-find-useradd-ca-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add group1 user$i > $TmpDir/pki-group-member-find-group-member-add-ca-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-group-member-find-group-member-add-ca-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-group-member-find-group-member-add-ca-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group1 > $TmpDir/pki-group-member-find-ca-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-group-member-find-ca-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-group-member-find-ca-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-group-member-find-ca-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-007: Find group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group1 --start=5 > $TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-008: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group1 --start=0 > $TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-009: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-010: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group1 --start=15 > $TmpDir/pki-group-member-find-groupadd-find-ca-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-011: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-012: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group1 --size=0 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-006.out" 0 \ + "group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-013: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group1 --size=1 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" 0 \ + "group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-014: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group1 --size=15 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" 0 \ + "group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-015: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group1 --size=100 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" 0 \ + "group_membership-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-016: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-017: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-018: Find group members with -t ca option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-member-find group1 --size=5 > $TmpDir/pki-group-member-find-ca-018.out" \ + 0 \ + "Find group-member with -t ca option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-ca-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-ca-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-group-member-find-ca-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-019: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group1 --start=6 --size=5 > $TmpDir/pki-group-member-find-ca-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-ca-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-ca-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-group-member-find-ca-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-020: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-021: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-022: Should not be able to group-member-find using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert CA_adminR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-023: Should not be able to group-member-find using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using an agent with revoked cert CA_agentR" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-024: Should not be able to group-member-find using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent CA_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-025: Should not be able to group-member-find using admin user with expired cert CA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired admin CA_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-026: Should not be able to group-member-find using CA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent CA_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-027: Should not be able to group-member-find using CA_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor CA_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-028: Should not be able to group-member-find using CA_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator CA_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-029: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-030: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-031:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName='u15' u15" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName='u15' u15" \ + 0 \ + "Adding uid u15" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-group-member-add-groupadd-ca-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-member-add-groupadd-ca-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-group-member-add-groupadd-ca-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-group-member-add-groupadd-ca-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"dadministʁasjɔ̃\" u15" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add \"dadministʁasjɔ̃\" u15 > $TmpDir/pki-group-member-find-groupadd-ca-031_2.out" \ + 0 \ + "Adding user u15 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u15\"" "$TmpDir/pki-group-member-find-groupadd-ca-031_2.out" + rlAssertGrep "User: u15" "$TmpDir/pki-group-member-find-groupadd-ca-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-group-member-find-groupadd-find-ca-031_3.out" \ + 0 \ + "Find group-member u15 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-031_3.out" + rlAssertGrep "User: u15" "$TmpDir/pki-group-member-find-groupadd-find-ca-031_3.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member-find-CA-032: Find group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"Test group\" group2 > $TmpDir/pki-group-member-find-groupadd-ca-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-group-member-find-groupadd-ca-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-group-member-find-groupadd-ca-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-group-member-find-groupadd-ca-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add group2 userid$i > $TmpDir/pki-group-member-find-paging-group-member-add-ca-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-group-member-find-paging-group-member-add-ca-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-group-member-find-paging-group-member-add-ca-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-find group2 > $TmpDir/pki-group-member-find-ca-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-group-member-find-ca-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-group-member-find-ca-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-group-member-find-ca-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ca-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using CA_adminV cert===# + i=1 + while [ $i -lt 16 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del u$i > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del user$i > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del userid$i > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del userall > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-userall.out" + + + #===Deleting groups created using CA_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'group1' > $TmpDir/pki-user-del-ca-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-ca-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'group2' > $TmpDir/pki-user-del-ca-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-ca-group2.out" + + + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ca-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ca-group-i18n_1.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-show-ca.sh new file mode 100755 index 000000000..3307144a6 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-show-ca.sh @@ -0,0 +1,496 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-show Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#pki-user-cli-user-add-ca.sh should be first executed prior to pki-group-cli-group-member-show-ca.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-member-show-ca_tests(){ + #local variables + group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + rlPhaseStartSetup "pki_group_cli_group_member_show-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + prefix=$subsystemId +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + prefix=$subsystemId + else + prefix=ROOTCA + fi +else + prefix=$MYROLE +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_member_show-configtest: pki group-member-show configuration test" + rlRun "pki group-member-show --help > $TmpDir/pki_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki group-member-show" + rlAssertGrep "usage: group-member-show \[OPTIONS...\]" "$TmpDir/pki_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show CA groups #### + rlPhaseStartTest "pki_group_cli_group_member_show-CA-001: Add group to CA using CA_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-show $group1 u1 > $TmpDir/pki_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_member_show-CA-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-006: Checking if member id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-member-show $group1 U1 > $TmpDir/pki-group-member-show-ca-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-group-member-show-ca-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-group-member-show-ca-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-member-show TEST_GROUP u1 > $TmpDir/pki-group-member-show-ca-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-group-member-show-ca-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-group-member-show-ca-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-008: Should not be able to show group member using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-009: Should not be able to show group member using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-010: Should not be able to show group members using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-011: Should not be able to show group members using admin user with expired cert CA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-012: Should not be able to show group members using CA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-013: Should not be able to show group members using a CA_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-014: Should not be able to show group members using a CA_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-015: Should not be able to show group members using a cert created from a untrusted CA CA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using CA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-ca-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_ca_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_ca_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + ca-group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + ca-group-member-show $group1 u1 > $TmpDir/pki-ca-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ca-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-member-show-ca-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=test u3 > $TmpDir/pki-group-member-show-ca-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-group-member-show-ca-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-group-member-show-ca-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-group-member-show-ca-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-group-member-show-ca-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-019: Add group to CA using CA_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-show $group2 u2 > $TmpDir/pki_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-020: Add group to CA using CA_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-add --fullName=\"User3\" u4" \ + 0 \ + "Add user u4 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-member-show $group3 u4 > $TmpDir/pki_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del u4" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-CA-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member_show_cleanup-021: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using CA_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del $grp > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + user-del u$j > $TmpDir/pki-user-del-ca-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-ca-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-mod-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-mod-ca.sh new file mode 100755 index 000000000..2bc4d68f8 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-mod-ca.sh @@ -0,0 +1,525 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-group-cli +# Description: PKI group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-mod Modify existing groups in the pki ca subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#pki-user-cli-user-add-ca.sh should be first executed prior to pki-group-cli-group-mod-ca.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-mod-ca_tests(){ + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_group_cli_group_mod-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + prefix=$subsystemId +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + prefix=$subsystemId + else + prefix=ROOTCA + fi +else + prefix=$MYROLE +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + +group1=ca_group +group1desc="Test ca group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test ca agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" + + ##### pki_group_cli_group_mod-configtest #### + rlPhaseStartTest "pki_group_cli_group_mod-configtest-001: pki group-mod configuration test" + rlRun "pki group-mod --help > $TmpDir/pki_group_mod_cfg.out 2>&1" \ + 0 \ + "Group modification configuration" + rlAssertGrep "usage: group-mod \[OPTIONS...\]" "$TmpDir/pki_group_mod_cfg.out" + rlAssertGrep "\--description Description" "$TmpDir/pki_group_mod_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_mod_cfg.out" + rlPhaseEnd + + + ##### Tests to modify CA groups #### + rlPhaseStartTest "pki_group_cli_group_mod-CA-002: Modify a group's description in CA using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-group-mod-ca-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-group-mod-ca-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-mod-ca-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-group-mod-ca-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + +rlPhaseStartTest "pki_group_cli_group_mod-CA-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-group-mod-ca-004.out" \ + 0 \ + "Modified group using CA_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-group-mod-ca-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-group-mod-ca-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-group-mod-ca-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod-CA-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$randsym\" g2 > $TmpDir/pki-group-mod-ca-005.out" \ + 0 \ + "Modified group using CA_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-group-mod-ca-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-group-mod-ca-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-mod-ca-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + + + rlPhaseStartTest "pki_group_cli_group_mod-CA-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=$ g3 > $TmpDir/pki-group-mod-ca-008.out" \ + 0 \ + "Modified group using CA_adminV with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-group-mod-ca-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-mod-ca-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-group-mod-ca-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_mod-CA-006: Modify a group to CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-group-mod-ca-007.out" \ + 0 \ + "Modified group g4 to CA" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-group-mod-ca-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-mod-ca-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-group-mod-ca-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod-CA-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + + + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_mod-CA-008: Should not be able to modify groups using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod-CA-009: Should not be able to modify group using an agent or a revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_mod-CA-010: Should not be able to modify groups using a CA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_mod-CA-011: Should not be able to modify group using a CA_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod-CA-012: Should not be able to modify group using a CA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using audit users##### + rlPhaseStartTest "pki_group_cli_group_mod-CA-013: Should not be able to modify group using a CA_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_group_cli_group_mod-CA-014: Should not be able to modify group using a CA_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as CA_operatorV" + rlPhaseEnd + +##### Tests to modify groups using role_user_UTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_mod-CA-015: Should not be able to modify groups using a cert created from a untrusted CA CA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod-CA-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify CA groups with empty parameters #### + + rlPhaseStartTest "pki_group_cli_group_mod-CA-017: Modify a user created group in CA using CA_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description=\"\" g5 > $TmpDir/pki-group-mod-ca-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-group-mod-ca-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-group-mod-ca-0017.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + +##### Tests to modify CA groups with the same value #### + + rlPhaseStartTest "pki_group_cli_group_mod-CA-018: Modify a group in CA using CA_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show $group1 > $TmpDir/pki-group-mod-ca-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-group-mod-ca-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-mod-ca-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-group-mod-ca-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-group-mod-ca-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-group-mod-ca-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-mod-ca-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-group-mod-ca-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify CA groups having i18n chars in the description #### + +rlPhaseStartTest "pki_group_cli_group_mod-CA-019: Modify a groups's description having i18n chars in CA using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-group-mod-ca-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-group-mod-ca-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-group-mod-ca-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-group-mod-ca-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated CA groups #### + rlPhaseStartTest "pki_group_cli_group_mod-CA-020: Modify Administrator group's description in CA using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show Administrators > $TmpDir/pki-group-mod-ca-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-group-mod-ca-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-group-mod-ca-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-group-mod-ca-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-group-mod-ca-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-group-mod-ca-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod-CA-021: Modify Administrators group in CA using CA_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show Administrators > $TmpDir/pki-group-mod-ca-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-group-mod-ca-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description=\"\" Administrators > $TmpDir/pki-group-mod-ca-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-group-mod-ca-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-group-mod-ca-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_group_cli_group_cleanup: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del g$i > $TmpDir/pki-group-del-ca-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del $grp > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del $i18ngroup > $TmpDir/pki-group-del-ca-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-ca-i18ngroup-001.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-show-ca.sh new file mode 100755 index 000000000..174bfca7e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-show-ca.sh @@ -0,0 +1,674 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-show Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#pki-user-cli-user-add-ca.sh should be first executed prior to pki-group-cli-group-show-ca.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-show-ca_tests(){ + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + rlPhaseStartSetup "pki_group_cli_group_show-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + prefix=$subsystemId +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + prefix=$subsystemId + else + prefix=ROOTCA + fi +else + prefix=$MYROLE +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_show-configtest: pki group-show configuration test" + rlRun "pki group-show --help > $TmpDir/pki_group_show_cfg.out 2>&1" \ + 0 \ + "pki group-show" + rlAssertGrep "usage: group-show \[OPTIONS...\]" "$TmpDir/pki_group_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_show_cfg.out" + rlPhaseEnd + + ##### Tests to show CA groups #### + rlPhaseStartTest "pki_group_cli_group_show-CA-001: Add group to CA using CA_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using CA_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show $group1 > $TmpDir/pki-group-show-ca-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-group-show-ca-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-show-ca-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-group-show-ca-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test $group2" \ + 0 \ + "Add group $group2 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show $group2 > $TmpDir/pki-group-show-ca-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-group-show-ca-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-group-show-ca-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test $group3" \ + 0 \ + "Add group $group3 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show $group3 > $TmpDir/pki-group-show-ca-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-group-show-ca-001_2.out" + rlAssertGrep "Group ID: $user3" "$TmpDir/pki-group-show-ca-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test $group4" \ + 0 \ + "Add group $group4 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show $group4 > $TmpDir/pki-group-show-ca-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-group-show-ca-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-group-show-ca-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test $group5" \ + 0 \ + "Add $group5 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show $group5 > $TmpDir/pki-group-show-ca-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-group-show-ca-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-group-show-ca-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test $group6" \ + 0 \ + "Add $group6 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show $group6 > $TmpDir/pki-group-show-ca-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-group-show-ca-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-group-show-ca-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test $group7" \ + 0 \ + "Add group $group7 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show $group7 > $TmpDir/pki-group-show-ca-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-group-show-ca-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-group-show-ca-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='$desc' g1" \ + 0 \ + "Added group using CA_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g1 > $TmpDir/pki-group-show-ca-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-group-show-ca-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-group-show-ca-001_7.out" + actual_desc_string=`cat $TmpDir/pki-group-show-ca-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description='$desc' g2" \ + 0 \ + "Added group using CA_adminV with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g2 > $TmpDir/pki-group-show-ca-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-001_8.out" + actual_desc_string=`cat $TmpDir/pki-group-show-ca-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=# g3" \ + 0 \ + "Add group g3 using pki CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g3 > $TmpDir/pki-group-show-ca-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ca-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ca-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-group-show-ca-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=* g4" \ + 0 \ + "Add group g4 using pki CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g4 > $TmpDir/pki-group-show-ca-001_10.out" \ + 0 \ + "Show group g4 using CA_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-group-show-ca-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-show-ca-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-group-show-ca-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g5 > $TmpDir/pki-group-show-ca-001_11.out" \ + 0 \ + "Show group g5 using CA_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-group-show-ca-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-group-show-ca-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-group-show-ca-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g6 > $TmpDir/pki-group-show-ca-001_12.out" \ + 0 \ + "Show group g6 using CA_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-group-show-ca-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-group-show-ca-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-group-show-ca-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-014: Show group with -t ca option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test g7 > /tmp/groupg7.out 2>&1" \ + 0 \ + "Adding group g7 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-show g7 > $TmpDir/pki-group-show-ca-001_32.out" \ + 0 \ + "Show group g7 using CA_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-group-show-ca-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-group-show-ca-001_32.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_show-CA-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t ca \ + group-show G7 > $TmpDir/pki-group-show-ca-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-group-show-ca-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-group-show-ca-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-017: Should not be able to show group using a revoked cert CA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-018: Should not be able to show group using an agent with revoked cert CA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-019: Should not be able to show group using a valid agent CA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-020: Should not be able to show group using admin user with expired cert CA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-021: Should not be able to show group using CA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-022: Should not be able to show group using a CA_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-023: Should not be able to show group using a CA_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-024: Should not be able to show group using a cert created from a untrusted CA role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using CA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-ca-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_show_encoded_0025pkcs10.out > $TmpDir/pki_ca_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_ca_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show g7 > $TmpDir/pki-ca-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ca-group-show-pkiUser1-0025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-027: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using CA_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-028: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-show-ca-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show 'ÖrjanÄke' > $TmpDir/pki-group-show-ca-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-group-show-ca-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-show-ca-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-CA-029: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-show-ca-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-show 'ÉricTêko' > $TmpDir/pki-group-show-ca-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-show-ca-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-show-ca-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup-046: Deleting the temp directory and groups" + + #===Deleting groups created using CA_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del g$i > $TmpDir/pki-group-del-ca-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using CA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del $grp > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-group-i18n_2.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-add-kra.sh new file mode 100755 index 000000000..bee148caf --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-add-kra.sh @@ -0,0 +1,577 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-add-kra Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create-role-users.sh should be first executed prior to pki-group-cli-group-add-kra.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-add-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Create Temporary directory #### + + rlPhaseStartSetup "pki_group_cli_group_add_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + + ##### Tests to add KRA groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_group_cli_group_add_kra-001: Add a group to KRA using KRA_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-kra-group-add-001.out" \ + 0 \ + "Add group $group1 to KRA" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-kra-group-add-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-add-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-kra-group-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-kra-group-add-001_1.out" \ + 0 \ + "Added group using KRA_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-kra-group-add-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-kra-group-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description test $group3 > $TmpDir/pki-kra-group-add-001_2.out" \ + 0 \ + "Added group using KRA_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-kra-group-add-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-kra-group-add-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group4 > $TmpDir/pki-kra-group-add-001_3.out" \ + 0 \ + "Added group using KRA_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-kra-group-add-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-kra-group-add-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group5 > $TmpDir/pki-kra-group-add-001_4.out " \ + 0 \ + "Added group using KRA_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-kra-group-add-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-kra-group-add-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group6 > $TmpDir/pki-kra-group-add-001_5.out " \ + 0 \ + "Added group using KRA_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-kra-group-add-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-kra-group-add-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group7 > $TmpDir/pki-kra-group-add-001_6.out " \ + 0 \ + "Added group using KRA_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-kra-group-add-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-kra-group-add-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-kra-group-add-001_7.out" \ + 0 \ + "Added group using KRA_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-kra-group-add-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-add-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-kra-group-add-001_7.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-add-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='$groupdesc' g2 > $TmpDir/pki-kra-group-add-001_8.out" \ + 0 \ + "Added group using KRA_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-kra-group-add-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-add-001_8.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-add-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-010: Add a duplicate group to KRA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-011: Add a group to KRA with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$desc\" g3 > $TmpDir/pki-kra-group-add-0011.out" \ + 0 \ + "Add group g3 to KRA" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-kra-group-add-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-add-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-kra-group-add-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add g7" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add g7 > $TmpDir/pki-kra-group-add-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-kra-group-add-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-add-0013.out" + rlPhaseEnd + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_add_kra-014: Should not be able to add group using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-015: Should not be able to add group using a agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert KRA_agentR" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_add_kra-016: Should not be able to add group using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert KRA_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_add_kra-017: Should not be able to add group using admin user with expired cert KRA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-018: Should not be able to add group using KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert KRA_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using audit users##### + rlPhaseStartTest "pki_group_cli_group_add_kra-019: Should not be able to add group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert KRA_auditorV" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_group_cli_group_add_kra-020: Should not be able to add group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using KRA_operatorV" + rlPhaseEnd + + ##### Tests to add groups using KRA_adminUTCA and KRA_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_add_kra-021: Should not be able to add group using a cert created from a untrusted CA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-023: description with i18n characters" + rlLog "group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Örjan Äke' g4 > $TmpDir/pki-kra-group-add-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-kra-group-add-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-add-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-kra-group-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-024: description with i18n characters" + rlLog "group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Éric Têko' g5 > $TmpDir/pki-kra-group-add-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-kra-group-add-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-add-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-kra-group-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-025: description with i18n characters" + rlLog "group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-kra-group-add-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-kra-group-add-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-kra-group-add-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-kra-group-add-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g6 > $TmpDir/pki-kra-group-add-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-kra-group-add-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-kra-group-add-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_add_kra-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-add-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-add-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-add-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-kra-group-add-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-kra-group-add-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-add-001_57.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_kra: Deleting groups" + + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-kra-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del '$grp' > $TmpDir/pki-kra-group-del-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-kra-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-kra-group-del-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-kra-group-del-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke' > $TmpDir/pki-kra-group-del-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-del-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÉricTêko' > $TmpDir/pki-kra-group-del-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-kra-group-del-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-del-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-del-kra.sh new file mode 100755 index 000000000..697fe6dbd --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-del-kra.sh @@ -0,0 +1,635 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-del-kra Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-del-kra_tests(){ + + rlPhaseStartSetup "pki_group_cli_group_del_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_group_cli_group_del_kra-001: Delete valid groups" + group1=kra_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to KRA using KRA_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-kra-group-del-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group1-00$i.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to KRA using KRA_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $grp > $TmpDir/pki-kra-group-del-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-kra-group-del-group2-00$j.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-002: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del GROUP_ABC > $TmpDir/pki-kra-group-del-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-kra-group-del-group-002_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-003: Delete group when required option group id is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-004: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test \"$group2\" > $TmpDir/pki-kra-group-add-001_1.out" \ + 0 \ + "Added group using KRA_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del \"$group2\" > $TmpDir/pki-kra-group-del-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using KRA_adminV" + actual_groupid_string=`cat $TmpDir/pki-kra-group-del-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-005: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test '$groupid' > $TmpDir/pki-kra-group-add-001_8.out" \ + 0 \ + "Added group using KRA_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del '$groupid' > $TmpDir/pki-kra-group-del-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using KRA_adminV" + actual_groupid_string=`cat $TmpDir/pki-kra-group-del-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show '$groupid' > $TmpDir/pki-kra-group-del-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-kra-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-006: Delete group from KRA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-kra-group-add-009.out" \ + 0 \ + "Add group g1 to KRA" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g1 > $TmpDir/pki-kra-group-del-group-009.out" \ + 0 \ + "Deleting group g1 using -t kra option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-kra-group-del-group-009.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-007: Should not be able to delete group using a revoked cert KRA_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-kra-010.out" \ + 0 \ + "Add group g2 to KRA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g2 > $TmpDir/pki-kra-group-show-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-kra-group-show-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-008: Should not be able to delete group using a agent with revoked cert KRA_agentR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-kra-010.out" \ + 0 \ + "Add group g3 to KRA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-kra-group-show-002.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-002.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-002.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-show-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-009: Should not be able to delete group using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-kra-group-show-003.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-003.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-003.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-show-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-010: Should not be able to delete group using a admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-group-show-kra-004.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-004.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-004.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-011: Should not be able to delete a group using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-show g3 > $TmpDir/pki-group-show-kra-005.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-005.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-005.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-012: Should not be able to delete group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a audit cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-group-show-kra-006.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-006.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-006.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-013: Should not be able to delete group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-group-show-kra-007.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-007.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-007.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-014: Should not be able to delete group using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-group-show-kra-008.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-008.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-015: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_del_encoded_0025pkcs10.out > $TmpDir/pki_kra_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_kra_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g3" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g3 > $TmpDir/pki-kra-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-group-show-kra-009.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-009.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-009.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-009.out" + + #Cleanup:delete group g3 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g3 > $TmpDir/pki-group-del-kra-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-016: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-kra-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-kra-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-kra-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-001_19_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-017: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-kra-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-kra-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-kra-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show 'ÉricTêko' > $TmpDir/pki-group-add-kra-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-kra-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-kra-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-001_20_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_cleanup_kra: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-find-kra.sh new file mode 100755 index 000000000..75e0066ad --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-find-kra.sh @@ -0,0 +1,650 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-find-kra To list groups in KRA. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-find-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartSetup "pki_group_cli_group_find_kra-startup: Create temporary directory and add groups" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_find_kra-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=5 > $TmpDir/pki-kra-group-find-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=0 > $TmpDir/pki-kra-group-find-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-005: Find all groups, large value as input" + large_num="1000000" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=$large_num" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=$large_num > $TmpDir/pki-kra-group-find-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-kra-group-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=$maximum_check > $TmpDir/pki-kra-group-find-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-kra-group-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_find_kra-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find > $TmpDir/pki-kra-group-find-007_1.out 2>&1" \ + 0 \ + "Get all groups in KRA" + group_entry_10=`cat $TmpDir/pki-kra-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=10 > $TmpDir/pki-kra-group-find-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-kra-group-find-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-find-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=10000 > $TmpDir/pki-kra-group-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=$maximum_check > $TmpDir/pki-kra-group-find-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=0 > $TmpDir/pki-kra-group-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find > $TmpDir/pki-kra-group-find-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in KRA" + group_entry_12=`cat $TmpDir/pki-kra-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=12 --size=12 > $TmpDir/pki-kra-group-find-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-kra-group-find-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-kra-group-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find > $TmpDir/pki-kra-group-find-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in KRA" + group_entry_12=`cat $TmpDir/pki-kra-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=12 --size=0 > $TmpDir/pki-kra-group-find-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-021: Should not be able to find group using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-022: Should not be able to find groups using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-023: Should not be able to find groups using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-024: Should not be able to find groups using admin user with expired cert KRA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-025: Should not be able to find groups using KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-026: Should not be able to find groups using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid auditor cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-027: Should not be able to find groups using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-028: Should not be able to find groups using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_find_encoded_0029pkcs10.out > $TmpDir/pki_kra_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_kra_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=1 --size=5 > $TmpDir/pki-kra-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-find-pkiUser1-002.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-030: find groups when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Örjan Äke' 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-kra-group-find-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=1000 > $TmpDir/pki-kra-group-show-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-show-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-kra-group-show-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-031: find group when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=1000 > $TmpDir/pki-kra-group-show-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-show-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-kra-group-show-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_group_cli_group_find_kra-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find Administrator > $TmpDir/pki-kra-group-show-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-show-033.out" + rlAssertGrep "Group ID: Security Domain Administrators" "$TmpDir/pki-kra-group-show-033.out" + rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-kra-group-show-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-033: find group - filter 'KRA'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find KRA" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find KRA > $TmpDir/pki-kra-group-show-034.out" \ + 0 \ + "Find group with Keyword KRA" + rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-kra-group-show-034.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-034: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-group-del-kra-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-kra-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-add-kra.sh new file mode 100755 index 000000000..42f5fd8e8 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-add-kra.sh @@ -0,0 +1,1091 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-membership-add-kra CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-add-kra Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-add-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-add-kra_tests(){ + #Local variables + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartSetup "pki_group_cli_group_membership-add-kra-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-001: Add users to available groups using valid admin user KRA_adminV" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-add-group-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-show u$i > $TmpDir/pki-kra-group-member-add-group-show-00$i.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-add-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-add-groupadd-find-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-add-groupadd-find-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-002: Add a user to all available groups using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-show userall > $TmpDir/pki-kra-group-member-add-user-show-userall-001.out" \ + 0 \ + "Show pki CA_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-add-groupadd-find-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-add-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-003: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-kra-group-member-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-show user1 > $TmpDir/pki-kra-group-member-add-user-show-user1-001.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-kra-group-member-add-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-kra-group-member-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-004: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-kra-group-member-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-005: Should be able to group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=u14 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='u14' u14" \ + 0 \ + "Adding uid u14" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-kra-group-member-add-groupadd-010_2.out" \ + 0 \ + "Adding user u14 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-kra-group-member-add-groupadd-010_2.out" + rlAssertGrep "User: u14" "$TmpDir/pki-kra-group-member-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-kra-group-member-add-groupadd-find-010_3.out" \ + 0 \ + "Check user u14 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u14" "$TmpDir/pki-kra-group-member-add-groupadd-find-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-006: Should not be able to group-member-add using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-007: Should not be able to group-member-add using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using an agent with revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-008: Should not be able to group-member-add using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using admin user with expired cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-009: Should not be able to group-member-add using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-010: Should not be able to group-member-add using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-011: Should not be able to group-member-add using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-012: Should not be able to group-member-add using KRA_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-013: Should not be able to group-member-add using KRA_agentUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-add-kra-014: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-cert-add testuser1 --input $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT -t kra user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ + 0 \ + "Adding user testuser1 to group \"$groupid4\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find $groupid4 > $TmpDir/pki-kra-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=test_user us19 > $TmpDir/pki-kra-user-add-019_4.out 2>&1" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-kra-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-kra-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-kra-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-015: Should not be able to group-member-add using KRA_agentV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_agentV cert" + rlPhaseEnd + + #Usability test + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-016: Should not be able to add a non existing user to a group" + user="tuser3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$groupid5\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-017: Add a group and add a user to the group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-kra-group-member-add-group-add-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-kra-group-member-add-group-add-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-member-add-group-add-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-kra-group-member-add-group-add-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu9\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-kra-group-member-add-user-add-022.out" \ + 0 \ + "Adding user u9" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-kra-group-member-add-user-add-022.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-kra-group-member-add-user-add-022.out" + rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-kra-group-member-add-user-add-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g1 u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g1 u9 > $TmpDir/pki-kra-group-member-add-groupadd-022.out" \ + 0 \ + "Adding user u9 to group g1" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-kra-group-member-add-groupadd-022.out" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-add-groupadd-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g1 > $TmpDir/pki-kra-group-member-add-groupadd-find-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-add-groupadd-find-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-018: Add two group and add a user to the two different group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-kra-group-member-add-group-add-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-kra-group-member-add-group-add-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-member-add-group-add-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-kra-group-member-add-group-add-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-kra-group-member-add-group-add-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu10\" u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-kra-group-member-add-user-add-023.out" \ + 0 \ + "Adding user u10" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-kra-group-member-add-user-add-023.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-kra-group-member-add-user-add-023.out" + rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-kra-group-member-add-user-add-023.out" + rlLog "Adding the user u10 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g2 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g2 u10 > $TmpDir/pki-kra-group-member-add-groupadd-023.out" \ + 0 \ + "Adding user u10 to group g2" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-add-groupadd-023.out" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g2 > $TmpDir/pki-kra-group-member-add-groupadd-find-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-find-023.out" + rlLog "Adding the user u10 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g3 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g3 u10 > $TmpDir/pki-kra-group-member-add-groupadd-023_1.out" \ + 0 \ + "Adding user u10 to group g3" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-add-groupadd-023_1.out" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g3 > $TmpDir/pki-kra-group-member-add-groupadd-find-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-find-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-019: Add a group, add a user to the group and delete the group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g4description\" gr4 > $TmpDir/pki-kra-group-member-add-group-add-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-kra-group-member-add-group-add-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-kra-group-member-add-group-add-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-kra-group-member-add-group-add-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + -user-add --fullName=\"fullNameu11\" u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-kra-group-member-add-user-add-024.out" \ + 0 \ + "Adding user u11" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-kra-group-member-add-user-add-024.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-kra-group-member-add-user-add-024.out" + rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-kra-group-member-add-user-add-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add gr4 u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add gr4 u11 > $TmpDir/pki-kra-group-member-add-groupadd-024.out" \ + 0 \ + "Adding user u11 to group gr4" + rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-kra-group-member-add-groupadd-024.out" + rlAssertGrep "User: u11" "$TmpDir/pki-kra-group-member-add-groupadd-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find gr4 > $TmpDir/pki-kra-group-member-add-groupadd-find-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u11" "$TmpDir/pki-kra-group-member-add-groupadd-find-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del gr4 > $TmpDir/pki-kra-group-member-add-groupdel-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-kra-group-member-add-groupdel-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-membership-find u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-membership-find u11 > $TmpDir/pki-kra-group-member-add-usermembership-024.out" \ + 0 \ + "Checking for user membership of u11" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-add-usermembership-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-020: Add a group, add a user to the group and modify the group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g5description\" g4 > $TmpDir/pki-kra-group-member-add-group-add-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-kra-group-member-add-group-add-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-member-add-group-add-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-kra-group-member-add-group-add-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-kra-group-member-add-user-add-025.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-kra-group-member-add-user-add-025.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-kra-group-member-add-user-add-025.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-kra-group-member-add-user-add-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g4 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g4 u12 > $TmpDir/pki-kra-group-member-add-groupadd-025.out" \ + 0 \ + "Adding user u12 to group g4" + rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-kra-group-member-add-groupadd-025.out" + rlAssertGrep "User: u12" "$TmpDir/pki-kra-group-member-add-groupadd-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g4 > $TmpDir/pki-kra-group-member-add-groupadd-find-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u12" "$TmpDir/pki-kra-group-member-add-groupadd-find-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod g4 --description=\"Modified group\" > $TmpDir/pki-kra-group-member-add-groupmod-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-021: Add a group, add a user to the group, run user-membership-del on the user and run group-member-find using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g6description\" g5 > $TmpDir/pki-kra-group-member-add-group-add-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-kra-group-member-add-group-add-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-member-add-group-add-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-kra-group-member-add-group-add-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu13\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-kra-group-member-add-user-add-026.out" \ + 0 \ + "Adding user u13" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-kra-group-member-add-user-add-026.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-kra-group-member-add-user-add-026.out" + rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-kra-group-member-add-user-add-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g5 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g5 u13 > $TmpDir/pki-kra-group-member-add-groupadd-026.out 2>&1" \ + 0 \ + "Adding user u13 to group g5" + rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-kra-group-member-add-groupadd-026.out" + rlAssertGrep "User: u13" "$TmpDir/pki-kra-group-member-add-groupadd-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g5 > $TmpDir/pki-kra-group-member-add-groupadd-find-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u13" "$TmpDir/pki-kra-group-member-add-groupadd-find-026.out" + #run user-membership-del on u13 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-membership-del u13 g5 > $TmpDir/pki-kra-group-member-add-user-membership-del-026.out" \ + 0 \ + "user-membership-del on u13" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-kra-group-member-add-user-membership-del-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g5 > $TmpDir/pki-kra-group-member-add-group-member-find-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-add-group-member-find-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_member-add-cleanup-kra-001: Deleting the temp directory and users and groups" + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-user-del-kra-group-member-add-group-del-kra-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-kra-group-member-add-group-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del userall > $TmpDir/pki-group-del-kra-group-member-add-user-del-kra-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-kra-group-member-add-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del user1 > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del us19 > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-u13-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-u13-001.out" + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del testuser$i > $TmpDir/pki-group-member-add-kra-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-kra-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + + Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-del-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-del-kra.sh new file mode 100755 index 000000000..35e28a58d --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-del-kra.sh @@ -0,0 +1,770 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-del-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-del-kra_tests(){ + #Available groups group-member-del + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-002: Delete group-member when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-del-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-del-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-del-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-del-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-del-groupadd-find-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-del-groupadd-find-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del \"$gid\" u$i > $TmpDir/pki-kra-group-member-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-kra-group-member-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-003: Delete group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-del-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-del-groupadd-find-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-del-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del \"$gid\" userall > $TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-004: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-kra-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-005: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-kra-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"Administrators\" user2 > $TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-006: Should not be able to group-member-del using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-007: Should not be able to group-member-del using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member using a revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-008: Should not be able to group-member-del using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert KRA_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-009: Should not be able to group-member-del using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using admin user with expired cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-010: Should not be able to group-member-del using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-011: Should not be able to group-member-del using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-012: Should not be able to group-member-del using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-013: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-014: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-015: Delete group-member for user id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='u10' u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='u10' 'u10'" \ + 0 \ + "Adding uid u10" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-del-groupadd-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"dadministʁasjɔ̃\" 'u10'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-kra-group-member-del-groupadd-017_2.out" \ + 0 \ + "Adding user u10 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-del-groupadd-017_2.out" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-del-groupadd-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-kra-group-member-del-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-kra-group-member-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-kra-group-member-del-groupadd-find-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-del-groupadd-find-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-016: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-kra-group-member-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-kra-group-member-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-kra-group-member-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-kra-group-member-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-017: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-kra-group-member-del-user-del-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-kra-group-member-del-user-del-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-kra-group-member-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-kra-group-member-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"Administrators\" u20 > $TmpDir/pki-kra-group-member-add-groupadd-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-kra-group-member-add-groupadd-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find Administrators > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u20 > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find Administrators > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_7.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-del-kra-018: User deleted from Administrators group cannnot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-kra-group-member-del-user-add-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"Administrators\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-cert-add testuser1 --input $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='test_user' u9" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-kra-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del \"Administrators\" testuser1 > $TmpDir/pki-kra-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-kra-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT -t kra user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-019: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-kra-group-member-del-groupadd-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"group1\" testuser2 > $TmpDir/pki-kra-group-member-del-groupadd-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-kra-group-member-del-groupadd-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-kra-group-member-del-groupadd-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'group1' > $TmpDir/pki-kra-group-member-del-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-kra-group-member-del-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-membership-find testuser2 > $TmpDir/pki-kra-group-member-del-groupadd-find-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-kra-group-member-del-groupadd-find-022_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del userall > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del user1 > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del user2 > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del user123 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del testuser1 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser1.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del testuser2 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser2.out" \ + 0 \ + "Deleted user testuser2" + rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser2.out" + + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-find-kra.sh new file mode 100755 index 000000000..c95a0c44c --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-find-kra.sh @@ -0,0 +1,793 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-member-find-kra CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-find-kra Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-find-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-member-find-kra_tests(){ + #Local variables + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-002: Find kra-group-member when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-find-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-find-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-find-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-find-groupadd-find-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-003: Find kra-group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-004: Find kra-group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"Test group\" group1 > $TmpDir/pki-kra-group-member-find-groupadd-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-kra-group-member-find-useradd-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add group1 user$i > $TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 > $TmpDir/pki-kra-group-member-find-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-kra-group-member-find-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-kra-group-member-find-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-kra-group-member-find-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-005: Find group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --start=5 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-006: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --start=0 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-007: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-008: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --start=15 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-009: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-010: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=0 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" 0 \ + "group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-011: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=1 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" 0 \ + "group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-012: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=15 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" 0 \ + "group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-013: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=100 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" 0 \ + "kra-group_member-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-014: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-015: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-016: Find group members with -t option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=5 > $TmpDir/pki-kra-group-member-find-018.out" \ + 0 \ + "Find group-member with -t kra option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-member-find-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-017: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --start=6 --size=5 > $TmpDir/pki-kra-group-member-find-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-member-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-018: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-019: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-020: Should not be able to group-member-find using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-021: Should not be able to group-member-find using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using an agent with revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-022: Should not be able to group-member-find using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent KRA_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-023: Should not be able to group-member-find using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired admin KRA_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-024: Should not be able to group-member-find using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent KRA_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-025: Should not be able to group-member-find using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor KRA_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-026: Should not be able to group-member-find using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator KRA_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-027: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-028: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted KRA_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-029:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='u9' u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='u9' u9" \ + 0 \ + "Adding uid u9" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-add-groupadd-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"dadministʁasjɔ̃\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-kra-group-member-find-groupadd-031_2.out" \ + 0 \ + "Adding user u9 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-kra-group-member-find-groupadd-031_2.out" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-find-groupadd-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" \ + 0 \ + "Find group-member u9 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-030: Find group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"Test group\" group2 > $TmpDir/pki-kra-group-member-find-groupadd-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add group2 userid$i > $TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group2 > $TmpDir/pki-kra-group-member-find-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-kra-group-member-find-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-member-find-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-kra-group-member-find-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 10 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del user$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del userid$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del userall > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-userall.out" + + + #===Deleting groups created using KRA_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'group1' > $TmpDir/pki-user-del-kra-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-kra-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'group2' > $TmpDir/pki-user-del-kra-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-kra-group2.out" + + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-show-kra.sh new file mode 100755 index 000000000..9976b16af --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-show-kra.sh @@ -0,0 +1,539 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-show-kra Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-show-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-member-show-kra_tests(){ + #local variables + group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + rlPhaseStartSetup "pki_group_cli_group_member_show_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_kra_group_member_show-configtest: pki kra-group-member-show configuration test" + rlRun "pki kra-group-member-show --help > $TmpDir/pki_kra_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki kra-group-member-show" + rlAssertGrep "usage: kra-group-member-show \[OPTIONS...\]" "$TmpDir/pki_kra_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show KRA groups #### + rlPhaseStartTest "pki_group_cli_group_member_show_kra-001: Add group to KRA using KRA_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 u1 > $TmpDir/pki_kra_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_kra_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_kra_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_member_show_kra-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-006: Checking if member id case sensitive " + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 U1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 U1 > $TmpDir/pki-kra-group-member-show-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-kra-group-member-show-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-kra-group-member-show-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show TEST_GROUP u1 > $TmpDir/pki-kra-group-member-show-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-kra-group-member-show-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-kra-group-member-show-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-008: Should not be able to show group member using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-009: Should not be able to show group member using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-010: Should not be able to show group members using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-011: Should not be able to show group members using admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-012: Should not be able to show group members using KRA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-013: Should not be able to show group members using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-014: Should not be able to show group members using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-015: Should not be able to show group members using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 u1 > $TmpDir/pki-kra-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=test u3 > $TmpDir/pki-kra-group-member-show-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-kra-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-kra-group-member-show-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-kra-group-member-show-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-kra-group-member-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-018: Add group to KRA using KRA_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group2 u2 > $TmpDir/pki_kra_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_kra_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_kra_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-019: Add group to KRA using KRA_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"User4\" u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"User4\" u4" \ + 0 \ + "Add user u3 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group3 u4 > $TmpDir/pki_kra_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_kra_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_kra_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show_kra-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra_cleanup-022: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u$j > $TmpDir/pki-user-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-mod-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-mod-kra.sh new file mode 100755 index 000000000..97c0bf2c8 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-mod-kra.sh @@ -0,0 +1,537 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-group-cli +# Description: PKI group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-mod-kra Modify existing groups in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-mod-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-mod-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_group_cli_group_mod_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +group1=kra_group +group1desc="Test kra group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test kra agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + ##### Tests to modify KRA groups #### + rlPhaseStartTest "pki_group_cli_group_mod_kra-002: Modify a group's description in KRA using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-kra-group-mod-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-kra-group-mod-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_kra-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-kra-group-mod-004.out" \ + 0 \ + "Modified group using KRA_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-kra-group-mod-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-mod-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-kra-group-mod-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_kra-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$randsym\" g2 > $TmpDir/pki-kra-group-mod-005.out" \ + 0 \ + "Modified group using KRA_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-kra-group-mod-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-kra-group-mod-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-mod-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_kra-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=$ g3 > $TmpDir/pki-kra-group-mod-008.out" \ + 0 \ + "Modified group using CA_adminV with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-kra-group-mod-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-mod-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-kra-group-mod-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_kra-006: Modify a group to KRA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-kra-group-mod-007.out" \ + 0 \ + "Modified group g4 to KRA" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-kra-group-mod-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-mod-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-kra-group-mod-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_kra-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_mod_kra-008: Should not be able to modify groups using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1_mod_description' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_kra-009: Should not be able to modify group using an agent or a revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_mod_kra-010: Should not be able to modify groups using a KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_mod_kra-011: Should not be able to modify group using a KRA_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_kra-012: Should not be able to modify group using a KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using audit users##### + rlPhaseStartTest "pki_group_cli_group_mod_kra-013: Should not be able to modify group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_group_cli_group_mod_kra-014: Should not be able to modify group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as KRA_operatorV" + rlPhaseEnd + +##### Tests to modify groups using KRA_adminUTCA and KRA_agentUTCA user's certificate will be issued by an untrusted KRA users##### + rlPhaseStartTest "pki_group_cli_group_mod_kra-015: Should not be able to modify groups using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_kra-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify KRA groups with empty parameters #### + + rlPhaseStartTest "pki_group_cli_group_mod_kra-017: Modify a user created group in KRA using KRA_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" g5 > $TmpDir/pki-kra-group-mod-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-kra-group-mod-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-mod-0017.out" + rlPhaseEnd + + +##### Tests to modify KRA groups with the same value #### + + rlPhaseStartTest "pki_group_cli_group_mod_kra-018: Modify a group in KRA using KRA_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group1 > $TmpDir/pki-kra-group-mod-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-kra-group-mod-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-kra-group-mod-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-kra-group-mod-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify KRA groups having i18n chars in the description #### + +rlPhaseStartTest "pki_group_cli_group_mod_kra-019: Modify a groups's description having i18n chars in KRA using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-kra-group-mod-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-kra-group-mod-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-kra-group-mod-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-kra-group-mod-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated KRA groups #### + rlPhaseStartTest "pki_group_cli_group_mod_kra-021: Modify Administrator group's description in KRA using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show Administrators > $TmpDir/pki-kra-group-mod-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-kra-group-mod-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-kra-group-mod-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-kra-group-mod-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-mod-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_kra-022: Modify Administrators group in KRA using KRA_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show Administrators > $TmpDir/pki-kra-group-mod-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-kra-group-mod-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" Administrators > $TmpDir/pki-kra-group-mod-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-kra-group-mod-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-mod-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_group_cli_group_cleanup_kra: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-group-del-kra-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-kra-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $i18ngroup > $TmpDir/pki-group-del-kra-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-kra-i18ngroup-001.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-show-kra.sh new file mode 100755 index 000000000..57fe3549e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-show-kra.sh @@ -0,0 +1,711 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-show-kra Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-show-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-show-kra_tests(){ + +rlPhaseStartSetup "pki_group_cli_group_show_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + ##### Tests to show KRA groups #### + rlPhaseStartTest "pki_group_cli_group_show_kra-001: Add group to KRA using KRA_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using KRA_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group1 > $TmpDir/pki-kra-group-show-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-kra-group-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group2" \ + 0 \ + "Add group $group2 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group2 > $TmpDir/pki-kra-group-show-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-kra-group-show-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-kra-group-show-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group3" \ + 0 \ + "Add group $group3 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group3 > $TmpDir/pki-kra-group-show-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-kra-group-show-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-kra-group-show-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group4" \ + 0 \ + "Add group $group4 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group4 > $TmpDir/pki-kra-group-show-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-kra-group-show-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-kra-group-show-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group5" \ + 0 \ + "Add $group5 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group5 > $TmpDir/pki-kra-group-show-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-kra-group-show-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-kra-group-show-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group6" \ + 0 \ + "Add $group6 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group6 > $TmpDir/pki-kra-group-show-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-kra-group-show-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-kra-group-show-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group7" \ + 0 \ + "Add group $group7 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group7 > $TmpDir/pki-kra-group-show-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-kra-group-show-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-kra-group-show-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='$desc' g1" \ + 0 \ + "Added group using KRA_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g1 > $TmpDir/pki-kra-group-show-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-kra-group-show-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-show-001_7.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-show-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='$desc' g2" \ + 0 \ + "Added group using CA_adminV with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g2 > $TmpDir/pki-kra-group-show-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-kra-group-show-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-show-001_8.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-show-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=# g3" \ + 0 \ + "Add group g3 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-kra-group-show-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-kra-group-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=* g4" \ + 0 \ + "Add group g4 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g4 > $TmpDir/pki-kra-group-show-001_10.out" \ + 0 \ + "Show group g4 using KRA_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-kra-group-show-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-show-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-kra-group-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g5 > $TmpDir/pki-kra-group-show-001_11.out" \ + 0 \ + "Show group g5 using KRA_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-kra-group-show-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-show-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-kra-group-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g6 > $TmpDir/pki-kra-group-show-001_12.out" \ + 0 \ + "Show group g6 using KRA_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-kra-group-show-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-kra-group-show-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-kra-group-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-014: Show group with -t kra option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test g7" \ + 0 \ + "Adding group g7 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g7 > $TmpDir/pki-kra-group-show-001_32.out" \ + 0 \ + "Show group g7 using KRA_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-kra-group-show-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-show-001_32.out" + rlAssertGrep "Description: $test" "$TmpDir/pki-kra-group-show-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_show_kra-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show G7 > $TmpDir/pki-kra-group-show-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-kra-group-show-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-show-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-017: Should not be able to show group using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-018: Should not be able to show group using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-019: Should not be able to show group using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-020: Should not be able to show group using admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-021: Should not be able to show group using KRA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-022: Should not be able to show group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-023: Should not be able to show group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-024: Should not be able to show group using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_show_encoded_0025pkcs10.out > $TmpDir/pki_kra_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_kra_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g7 > $TmpDir/pki-kra-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-show-pkiUser1-0025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-026: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using KRA_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-027: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show 'ÖrjanÄke' > $TmpDir/pki-kra-group-show-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-show-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-028: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-kra-group-show-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_kra: Deleting the temp directory and groups" + + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-kra-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh deleted file mode 100755 index 28e35a01f..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh +++ /dev/null @@ -1,572 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-add CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-add Add group to pki subsystems. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -######################################################################## -#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-add-ca.sh -######################################################################## - -######################################################################## -# Test Suite Globals -######################################################################## -run_pki-group-cli-group-add-ca_tests(){ - - rlPhaseStartSetup "pki_group_cli_group_add-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - else - prefix=ROOTCA - fi -else - prefix=$MYROLE -fi - -local CA_HOST=$(eval echo \$${MYROLE}) -local CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" - - rlPhaseStartTest "pki_group_cli-configtest: pki group --help configuration test" - rlRun "pki group --help > $TmpDir/pki_group_cfg.out 2>&1" \ - 0 \ - "pki group --help" - rlAssertGrep "group-find Find groups" "$TmpDir/pki_group_cfg.out" - rlAssertGrep "group-show Show group" "$TmpDir/pki_group_cfg.out" - rlAssertGrep "group-add Add group" "$TmpDir/pki_group_cfg.out" - rlAssertGrep "group-mod Modify group" "$TmpDir/pki_group_cfg.out" - rlAssertGrep "group-del Remove group" "$TmpDir/pki_group_cfg.out" - rlAssertGrep "group-member Group member management commands" "$TmpDir/pki_group_cfg.out" - rlAssertNotGrep "Error: Invalid module \"group---help\"." "$TmpDir/pki_group_cfg.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-configtest: pki group-add configuration test" - rlRun "pki group-add --help > $TmpDir/pki_group_add_cfg.out 2>&1" \ - 0 \ - "pki group-add --help" - rlAssertGrep "usage: group-add \[OPTIONS...\]" "$TmpDir/pki_group_add_cfg.out" - rlAssertGrep "\--description Description" "$TmpDir/pki_group_add_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_add_cfg.out" - rlPhaseEnd - - ##### Tests to add CA groups using a user of admin group with a valid cert#### - rlPhaseStartTest "pki_group_cli_group_add-CA-001: Add a group to CA using CA_adminV" - group1=new_group1 - group_desc1="New Group1" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"$group_desc1\" $group1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-group-add-ca-001.out" \ - 0 \ - "Add group $group1 to CA_adminV" - rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-group-add-ca-001.out" - rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-add-ca-001.out" - rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-group-add-ca-001.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-002:maximum length of group id" - group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-group-add-ca-001_1.out" \ - 0 \ - "Added group using CA_adminV with maximum group id length" - actual_groupid_string=`cat $TmpDir/pki-group-add-ca-001_1.out | grep 'Group ID:' | xargs echo` - expected_groupid_string="Group ID: $group2" - if [[ $actual_groupid_string = $expected_groupid_string ]] ; then - rlPass "Group ID: $group2 found" - else - rlFail "Group ID: $group2 not found" - fi - rlAssertGrep "Description: Test Group" "$TmpDir/pki-group-add-ca-001_1.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-003:Group id with # character" - group3=abc# - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description test $group3 > $TmpDir/pki-group-add-ca-001_2.out" \ - 0 \ - "Added group using CA_adminV, group id with # character" - rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-group-add-ca-001_2.out" - rlAssertGrep "Group ID: $group3" "$TmpDir/pki-group-add-ca-001_2.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-004:Group id with $ character" - group4=abc$ - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test $group4 > $TmpDir/pki-group-add-ca-001_3.out" \ - 0 \ - "Added group using CA_adminV, group id with $ character" - rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-group-add-ca-001_3.out" - rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-group-add-ca-001_3.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_3.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-005:Group id with @ character" - group5=abc@ - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test $group5 > $TmpDir/pki-group-add-ca-001_4.out " \ - 0 \ - "Added group using CA_adminV, group id with @ character" - rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-group-add-ca-001_4.out" - rlAssertGrep "Group ID: $group5" "$TmpDir/pki-group-add-ca-001_4.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_4.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-006:Group id with ? character" - group6=abc? - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test $group6 > $TmpDir/pki-group-add-ca-001_5.out " \ - 0 \ - "Added group using CA_adminV, group id with ? character" - rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-group-add-ca-001_5.out" - rlAssertGrep "Group ID: $group6" "$TmpDir/pki-group-add-ca-001_5.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_5.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-007:Group id as 0" - group7=0 - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test $group7 > $TmpDir/pki-group-add-ca-001_6.out " \ - 0 \ - "Added group using CA_adminV, group id 0" - rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-group-add-ca-001_6.out" - rlAssertGrep "Group ID: $group7" "$TmpDir/pki-group-add-ca-001_6.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_6.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-008:--description with maximum length" - groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"$groupdesc\" g1 > $TmpDir/pki-group-add-ca-001_7.out" \ - 0 \ - "Added group using CA_adminV with maximum --description length" - rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-group-add-ca-001_7.out" - rlAssertGrep "Group ID: g1" "$TmpDir/pki-group-add-ca-001_7.out" - rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-group-add-ca-001_7.out" - actual_desc_string=`cat $TmpDir/pki-group-add-ca-001_7.out | grep Description: | xargs echo` - expected_desc_string="Description: $groupdesc" - if [[ $actual_desc_string = $expected_desc_string ]] ; then - rlPass "Description: $groupdesc found" - else - rlFail "Description: $groupdesc not found" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-009:--desccription with maximum length and symbols" - rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') - groupdesc=$(echo $rand_groupdesc | sed 's/\///g') - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='$groupdesc' g2 > $TmpDir/pki-group-add-ca-001_8.out" \ - 0 \ - "Added group using CA_adminV with maximum --desc length and character symbols in it" - rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-group-add-ca-001_8.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-add-ca-001_8.out" - actual_desc_string=`cat $TmpDir/pki-group-add-ca-001_8.out | grep Description: | xargs echo` - expected_desc_string="Description: $groupdesc" - if [[ $actual_desc_string = $expected_desc_string ]] ; then - rlPass "Description: $groupdesc found" - else - rlFail "Description: $groupdesc not found" - fi - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_add-CA-010: Add a duplicate group to CA" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='Duplicate Group' $group1" - errmsg="ConflictingOperationException: Entry already exists." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-011: Add a group to CA with -t option" - desc="Test Group" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-add --description=\"$desc\" g3" - - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-add --description=\"$desc\" g3 > $TmpDir/pki-group-add-ca-0011.out" \ - 0 \ - "Add group g3 to CA" - rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-group-add-ca-0011.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-add-ca-0011.out" - rlAssertGrep "Description: $desc" "$TmpDir/pki-group-add-ca-0011.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-012: Add a group -- missing required option group id" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-add --description='$group1'" - errmsg="Error: No Group ID specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-013: Add a group -- missing required option --description" - rlLog "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add g7" - rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add g7 > $TmpDir/pki-group-add-ca-0013.out" 0 "Successfully added group without description option" - rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-group-add-ca-0013.out" - rlAssertGrep "Group ID: g7" "$TmpDir/pki-group-add-ca-0013.out" - rlPhaseEnd - - - ##### Tests to add groups using revoked cert##### - rlPhaseStartTest "pki_group_cli_group_add-CA-014: Should not be able to add group using a revoked cert CA_adminR" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert CA_adminR" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-015: Should not be able to add group using a agent with revoked cert CA_agentR" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert CA_agentR" - rlPhaseEnd - - - ##### Tests to add groups using an agent user##### - rlPhaseStartTest "pki_group_cli_group_add-CA-016: Should not be able to add group using a valid agent CA_agentV user" - command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert CA_agentV" - rlPhaseEnd - - - ##### Tests to add groups using expired cert##### - rlPhaseStartTest "pki_group_cli_group_add-CA-017: Should not be able to add group using admin user with expired cert CA_adminE" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert CA_adminE" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-018: Should not be able to add group using CA_agentE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert CA_agentE" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - ##### Tests to add groups using audit users##### - rlPhaseStartTest "pki_group_cli_group_add-CA-019: Should not be able to add group using a CA_auditV" - command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert CA_auditorV" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - ##### Tests to add groups using operator user### - rlPhaseStartTest "pki_group_cli_group_add-CA-020: Should not be able to add group using a CA_operatorV" - command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using CA_operatorV" - rlPhaseEnd - - - ##### Tests to add groups using CA_adminUTCA and CA_agentUTCA user's certificate will be issued by an untrusted CA users##### - rlPhaseStartTest "pki_group_cli_group_add-CA-021: Should not be able to add group using a cert created from a untrusted CA role_user_UTCA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using CA_adminUTCA" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-022: group id length exceeds maximum limit defined in the schema" - group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description=test '$group_length_exceed_max'" - errmsg="ClientResponseFailure: ldap can't save, exceeds max length" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-023: description with i18n characters" - rlLog "group-add description Örjan Äke with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='Örjan Äke' g4" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='Örjan Äke' g4 > $TmpDir/pki-group-add-ca-001_51.out 2>&1" \ - 0 \ - "Adding g4 with description Örjan Äke" - rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-group-add-ca-001_51.out" - rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-add-ca-001_51.out" - rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-group-add-ca-001_51.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-024: description with i18n characters" - rlLog "group-add description Éric Têko with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='Éric Têko' g5" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='Éric Têko' g5 > $TmpDir/pki-group-add-ca-001_52.out 2>&1" \ - 0 \ - "Adding g5 with description Éric Têko" - rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-group-add-ca-001_52.out" - rlAssertGrep "Group ID: g5" "$TmpDir/pki-group-add-ca-001_52.out" - rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-group-add-ca-001_52.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-025: description with i18n characters" - rlLog "group-add description éénentwintig dvidešimt with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='éénentwintig dvidešimt' g6" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-group-add-ca-001_53.out 2>&1" \ - 0 \ - "Adding description éénentwintig dvidešimt with i18n characters" - rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-group-add-ca-001_53.out" - rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-group-add-ca-001_53.out" - rlAssertGrep "Group ID: g6" "$TmpDir/pki-group-add-ca-001_53.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g6" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g6 > $TmpDir/pki-group-add-ca-001_53_2.out 2>&1" \ - 0 \ - "Show group g6 with description éénentwintig dvidešimt in i18n characters" - rlAssertGrep "Group \"g6\"" "$TmpDir/pki-group-add-ca-001_53_2.out" - rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-group-add-ca-001_53_2.out" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_add-CA-026: group id with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test 'ÖrjanÄke'" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-ca-001_56.out 2>&1" \ - 0 \ - "Adding gid ÖrjanÄke with i18n characters" - rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-ca-001_56.out" - rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-ca-001_56.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-CA-027: groupid with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test 'ÉricTêko'" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-ca-001_57.out 2>&1" \ - 0 \ - "Adding group id ÉricTêko with i18n characters" - rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-ca-001_57.out" - rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ca-001_57.out" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_cleanup: Deleting groups" - - #===Deleting groups created using CA_adminV cert===# - i=1 - while [ $i -lt 8 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del g$i > $TmpDir/pki-group-del-ca-group-00$i.out" \ - 0 \ - "Deleted group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group-00$i.out" - let i=$i+1 - done - #===Deleting groups(symbols) created using CA_adminV cert===# - j=1 - while [ $j -lt 8 ] ; do - eval grp=\$group$j - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del '$grp' > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \ - 0 \ - "Deleted group $grp" - actual_delete_group_string=`cat $TmpDir/pki-group-del-ca-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` - expected_delete_group_string="Deleted group $grp" - if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then - rlPass "Deleted group \"$grp\" found in $TmpDir/pki-group-del-ca-group-symbol-00$j.out" - else - rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-group-del-ca-group-symbol-00$j.out" - fi - let j=$j+1 - done - #===Deleting i18n groups created using CA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ - 0 \ - "Deleted group ÖrjanÄke" - rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" - - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-group-i18n_2.out" \ - 0 \ - "Deleted group ÉricTêko" - rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-group-i18n_2.out" - - #Delete temporary directory - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-kra.sh deleted file mode 100755 index bee148caf..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-kra.sh +++ /dev/null @@ -1,577 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-add CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-add-kra Add group to pki subsystems. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -######################################################################## -#create-role-users.sh should be first executed prior to pki-group-cli-group-add-kra.sh -######################################################################## - -######################################################################## -# Test Suite Globals -######################################################################## -run_pki-group-cli-group-add-kra_tests(){ - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 - -KRA_HOST=$(eval echo \$${MYROLE}) -KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) -eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV - - #### Create Temporary directory #### - - rlPhaseStartSetup "pki_group_cli_group_add_kra-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" - - - ##### Tests to add KRA groups using a user of admin group with a valid cert#### - rlPhaseStartTest "pki_group_cli_group_add_kra-001: Add a group to KRA using KRA_adminV" - group1=new_group1 - group_desc1="New Group1" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$group_desc1\" $group1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-kra-group-add-001.out" \ - 0 \ - "Add group $group1 to KRA" - rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-kra-group-add-001.out" - rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-add-001.out" - rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-kra-group-add-001.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-002:maximum length of group id" - group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-kra-group-add-001_1.out" \ - 0 \ - "Added group using KRA_adminV with maximum group id length" - actual_groupid_string=`cat $TmpDir/pki-kra-group-add-001_1.out | grep 'Group ID:' | xargs echo` - expected_groupid_string="Group ID: $group2" - if [[ $actual_groupid_string = $expected_groupid_string ]] ; then - rlPass "Group ID: $group2 found" - else - rlFail "Group ID: $group2 not found" - fi - rlAssertGrep "Description: Test Group" "$TmpDir/pki-kra-group-add-001_1.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-003:Group id with # character" - group3=abc# - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description test $group3 > $TmpDir/pki-kra-group-add-001_2.out" \ - 0 \ - "Added group using KRA_adminV, group id with # character" - rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-kra-group-add-001_2.out" - rlAssertGrep "Group ID: $group3" "$TmpDir/pki-kra-group-add-001_2.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-004:Group id with $ character" - group4=abc$ - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test $group4 > $TmpDir/pki-kra-group-add-001_3.out" \ - 0 \ - "Added group using KRA_adminV, group id with $ character" - rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-kra-group-add-001_3.out" - rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-kra-group-add-001_3.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_3.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-005:Group id with @ character" - group5=abc@ - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test $group5 > $TmpDir/pki-kra-group-add-001_4.out " \ - 0 \ - "Added group using KRA_adminV, group id with @ character" - rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-kra-group-add-001_4.out" - rlAssertGrep "Group ID: $group5" "$TmpDir/pki-kra-group-add-001_4.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_4.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-006:Group id with ? character" - group6=abc? - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test $group6 > $TmpDir/pki-kra-group-add-001_5.out " \ - 0 \ - "Added group using KRA_adminV, group id with ? character" - rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-kra-group-add-001_5.out" - rlAssertGrep "Group ID: $group6" "$TmpDir/pki-kra-group-add-001_5.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_5.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-007:Group id as 0" - group7=0 - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test $group7 > $TmpDir/pki-kra-group-add-001_6.out " \ - 0 \ - "Added group using KRA_adminV, group id 0" - rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-kra-group-add-001_6.out" - rlAssertGrep "Group ID: $group7" "$TmpDir/pki-kra-group-add-001_6.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_6.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-008:--description with maximum length" - groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-kra-group-add-001_7.out" \ - 0 \ - "Added group using KRA_adminV with maximum --description length" - rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-kra-group-add-001_7.out" - rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-add-001_7.out" - rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-kra-group-add-001_7.out" - actual_desc_string=`cat $TmpDir/pki-kra-group-add-001_7.out | grep Description: | xargs echo` - expected_desc_string="Description: $groupdesc" - if [[ $actual_desc_string = $expected_desc_string ]] ; then - rlPass "Description: $groupdesc found" - else - rlFail "Description: $groupdesc not found" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-009:--desccription with maximum length and symbols" - rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') - groupdesc=$(echo $rand_groupdesc | sed 's/\///g') - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='$groupdesc' g2 > $TmpDir/pki-kra-group-add-001_8.out" \ - 0 \ - "Added group using KRA_adminV with maximum --desc length and character symbols in it" - rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-kra-group-add-001_8.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-add-001_8.out" - actual_desc_string=`cat $TmpDir/pki-kra-group-add-001_8.out | grep Description: | xargs echo` - expected_desc_string="Description: $groupdesc" - if [[ $actual_desc_string = $expected_desc_string ]] ; then - rlPass "Description: $groupdesc found" - else - rlFail "Description: $groupdesc not found" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-010: Add a duplicate group to KRA" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='Duplicate Group' $group1" - errmsg="ConflictingOperationException: Entry already exists." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-011: Add a group to KRA with -t option" - desc="Test Group" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$desc\" g3" - - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$desc\" g3 > $TmpDir/pki-kra-group-add-0011.out" \ - 0 \ - "Add group g3 to KRA" - rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-kra-group-add-0011.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-add-0011.out" - rlAssertGrep "Description: $desc" "$TmpDir/pki-kra-group-add-0011.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add-012: Add a group -- missing required option group id" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$group1'" - errmsg="Error: No Group ID specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-013: Add a group -- missing required option --description" - rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add g7" - rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add g7 > $TmpDir/pki-kra-group-add-0013.out" 0 "Successfully added group without description option" - rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-kra-group-add-0013.out" - rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-add-0013.out" - rlPhaseEnd - - ##### Tests to add groups using revoked cert##### - rlPhaseStartTest "pki_group_cli_group_add_kra-014: Should not be able to add group using a revoked cert KRA_adminR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert KRA_adminR" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-015: Should not be able to add group using a agent with revoked cert KRA_agentR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert KRA_agentR" - rlPhaseEnd - - - ##### Tests to add groups using an agent user##### - rlPhaseStartTest "pki_group_cli_group_add_kra-016: Should not be able to add group using a valid agent KRA_agentV user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert KRA_agentV" - rlPhaseEnd - - - ##### Tests to add groups using expired cert##### - rlPhaseStartTest "pki_group_cli_group_add_kra-017: Should not be able to add group using admin user with expired cert KRA_adminE" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert KRA_adminE" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-018: Should not be able to add group using KRA_agentE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert KRA_agentE" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - ##### Tests to add groups using audit users##### - rlPhaseStartTest "pki_group_cli_group_add_kra-019: Should not be able to add group using a KRA_auditV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert KRA_auditorV" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - ##### Tests to add groups using operator user### - rlPhaseStartTest "pki_group_cli_group_add_kra-020: Should not be able to add group using a KRA_operatorV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using KRA_operatorV" - rlPhaseEnd - - ##### Tests to add groups using KRA_adminUTCA and KRA_agentUTCA user's certificate will be issued by an untrusted CA users##### - rlPhaseStartTest "pki_group_cli_group_add_kra-021: Should not be able to add group using a cert created from a untrusted CA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using KRA_adminUTCA" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-022: group id length exceeds maximum limit defined in the schema" - group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description=test '$group_length_exceed_max'" - errmsg="ClientResponseFailure: ldap can't save, exceeds max length" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-023: description with i18n characters" - rlLog "group-add description Örjan Äke with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='Örjan Äke' g4" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='Örjan Äke' g4 > $TmpDir/pki-kra-group-add-001_51.out 2>&1" \ - 0 \ - "Adding g4 with description Örjan Äke" - rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-kra-group-add-001_51.out" - rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-add-001_51.out" - rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-kra-group-add-001_51.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-024: description with i18n characters" - rlLog "group-add description Éric Têko with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='Éric Têko' g5" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='Éric Têko' g5 > $TmpDir/pki-kra-group-add-001_52.out 2>&1" \ - 0 \ - "Adding g5 with description Éric Têko" - rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-kra-group-add-001_52.out" - rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-add-001_52.out" - rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-kra-group-add-001_52.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-025: description with i18n characters" - rlLog "group-add description éénentwintig dvidešimt with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='éénentwintig dvidešimt' g6" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-kra-group-add-001_53.out 2>&1" \ - 0 \ - "Adding description éénentwintig dvidešimt with i18n characters" - rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-kra-group-add-001_53.out" - rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-kra-group-add-001_53.out" - rlAssertGrep "Group ID: g6" "$TmpDir/pki-kra-group-add-001_53.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g6" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g6 > $TmpDir/pki-kra-group-add-001_53_2.out 2>&1" \ - 0 \ - "Show group g6 with description éénentwintig dvidešimt in i18n characters" - rlAssertGrep "Group \"g6\"" "$TmpDir/pki-kra-group-add-001_53_2.out" - rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-kra-group-add-001_53_2.out" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_add_kra-026: group id with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test 'ÖrjanÄke'" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-add-001_56.out 2>&1" \ - 0 \ - "Adding gid ÖrjanÄke with i18n characters" - rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-add-001_56.out" - rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-add-001_56.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_add_kra-027: groupid with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test 'ÉricTêko'" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test 'ÉricTêko' > $TmpDir/pki-kra-group-add-001_57.out 2>&1" \ - 0 \ - "Adding group id ÉricTêko with i18n characters" - rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-kra-group-add-001_57.out" - rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-add-001_57.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_cleanup_kra: Deleting groups" - - #===Deleting groups created using KRA_adminV cert===# - i=1 - while [ $i -lt 8 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g$i > $TmpDir/pki-kra-group-del-group-00$i.out" \ - 0 \ - "Deleted group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group-00$i.out" - let i=$i+1 - done - #===Deleting groups(symbols) created using KRA_adminV cert===# - j=1 - while [ $j -lt 8 ] ; do - eval grp=\$group$j - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del '$grp' > $TmpDir/pki-kra-group-del-group-symbol-00$j.out" \ - 0 \ - "Deleted group $grp" - actual_delete_group_string=`cat $TmpDir/pki-kra-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` - expected_delete_group_string="Deleted group $grp" - if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then - rlPass "Deleted group \"$grp\" found in $TmpDir/pki-kra-group-del-group-symbol-00$j.out" - else - rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-kra-group-del-group-symbol-00$j.out" - fi - let j=$j+1 - done - #===Deleting i18n groups created using CA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÖrjanÄke' > $TmpDir/pki-kra-group-del-group-i18n_1.out" \ - 0 \ - "Deleted group ÖrjanÄke" - rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-del-group-i18n_1.out" - - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÉricTêko' > $TmpDir/pki-kra-group-del-group-i18n_2.out" \ - 0 \ - "Deleted group ÉricTêko" - rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-kra-group-del-group-i18n_2.out" - - #Delete temporary directory - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh deleted file mode 100755 index 715624d98..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh +++ /dev/null @@ -1,605 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-del CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-del Delete pki subsystem groups. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Author: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - - -######################################################################## -# Test Suite Globals -######################################################################## - -run_pki-group-cli-group-del-ca_tests(){ - - rlPhaseStartSetup "pki_group_cli_group_del-CA-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - else - prefix=ROOTCA - fi -else - prefix=$MYROLE -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" - - rlPhaseStartTest "pki_group_cli_group_del-CA-ca-configtest-001: pki group-del --help configuration test" - rlRun "pki group-del --help > $TmpDir/group_del.out 2>&1" 0 "pki group-del --help" - rlAssertGrep "usage: group-del " "$TmpDir/group_del.out" - rlAssertGrep "\--help Show help options" "$TmpDir/group_del.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-ca-configtest-002: pki group-del configuration test" - rlRun "pki group-del > $TmpDir/group_del_2.out 2>&1" 255 "pki group-del" - rlAssertGrep "usage: group-del " "$TmpDir/group_del_2.out" - rlAssertGrep " --help Show help options" "$TmpDir/group_del_2.out" - rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/group_del_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-003: Delete valid groups" - group1=ca_group - group1desc="Test group" - group2=abcdefghijklmnopqrstuvwxyx12345678 - group3=abc# - group4=abc$ - group5=abc@ - group6=abc? - group7=0 - #positive test cases - #Add groups to CA using CA_adminV cert - i=1 - while [ $i -lt 25 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test_group g$i" - let i=$i+1 - done - - #===Deleting groups created using CA_adminV cert===# - i=1 - while [ $i -lt 25 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del g$i" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del g$i > $TmpDir/pki-group-del-ca-group1-00$i.out" \ - 0 \ - "Deleted group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group1-00$i.out" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g$i" - errmsg="GroupNotFoundException: Group g$i not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" - let i=$i+1 - done - #Add groups to CA using CA_adminV cert - i=1 - while [ $i -lt 8 ] ; do - eval grp=\$group$i - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test_group $grp" - let i=$i+1 - done - - #===Deleting groups(symbols) created using CA_adminV cert===# - j=1 - while [ $j -lt 8 ] ; do - eval grp=\$group$j - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del $grp " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del $grp > $TmpDir/pki-group-del-ca-group2-00$j.out" \ - 0 \ - "Deleted group $grp" - rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group2-00$j.out" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show $grp" - errmsg="GroupNotFoundException: Group $grp not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" - let j=$j+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-004: Case sensitive groupid" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test_group group_abc" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del GROUP_ABC > $TmpDir/pki-group-del-ca-group-002_1.out" \ - 0 \ - "Deleted group GROUP_ABC groupid is not case sensitive" - rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-group-del-ca-group-002_1.out" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show group_abc" - errmsg="GroupNotFoundException: Group group_abc not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-005: Delete group when required option group id is missing" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del > $TmpDir/pki-group-del-ca-group-003_1.out 2>&1" \ - 255 \ - "Cannot delete a group without groupid" - rlAssertGrep "usage: group-del " "$TmpDir/pki-group-del-ca-group-003_1.out" - rlPhaseEnd - - rlPhseStartTest "pki_group_cli_group_del-CA-006: Maximum length of group id" - group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test \"$group2\" > $TmpDir/pki-group-add-ca-001_1.out" \ - 0 \ - "Added group using CA_adminV with maximum group id length" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del \"$group2\" > $TmpDir/pki-group-del-ca-group-006.out" \ - 0 \ - "Deleting group with maximum group id length using CA_adminV" - actual_groupid_string=`cat $TmpDir/pki-group-del-ca-group-006.out | grep 'Deleted group' | xargs echo` - expected_groupid_string="Deleted group $group2" - if [[ $actual_groupid_string = $expected_groupid_string ]] ; then - rlPass "Deleted group \"$group2\" found" - else - rlFail "Deleted group \"$group2\" not found" - fi - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show \"$group2\"" - errmsg="GroupNotFoundException: Group \"$group2\" not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-007: groupid with maximum length and symbols" - rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') - groupid=$(echo $rand_groupid | sed 's/\///g') - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test '$groupid' > $TmpDir/pki-group-add-ca-001_8.out" \ - 0 \ - "Added group using CA_adminV with maximum groupid length and character symbols in it" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del '$groupid' > $TmpDir/pki-group-del-ca-group-007.out" \ - 0 \ - "Deleting group with maximum group id length and character symbols using CA_adminV" - actual_groupid_string=`cat $TmpDir/pki-group-del-ca-group-007.out| grep 'Deleted group' | xargs echo` - expected_groupid_string="Deleted group $groupid" - if [[ $actual_groupid_string = $expected_groupid_string ]] ; then - rlPass "Deleted group $groupid found" - else - rlFail "Deleted group $groupid not found" - fi - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show '$groupid' > $TmpDir/pki-group-del-ca-group-007_2.out 2>&1" \ - 255 \ - "Verify expected error message - deleted group with max length and character symbols should not exist" - actual_error_string=`cat $TmpDir/pki-group-del-ca-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` - expected_error_string="GroupNotFoundException: Group $groupid not found" - if [[ $actual_error_string = $expected_error_string ]] ; then - rlPass "GroupNotFoundException: Group $groupid not found message found" - else - rlFail "GroupNotFoundException: Group $groupid not found message not found" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-008: Delete group from CA with -t option" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g1description\" g1 > $TmpDir/pki-group-add-ca-009.out" \ - 0 \ - "Add group g1 to CA" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-del g1 > $TmpDir/pki-group-del-ca-group-009.out" \ - 0 \ - "Deleting group g1 using -t ca option" - rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-group-del-ca-group-009.out" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g1" - errmsg="GroupNotFoundException: Group g1 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-009: Should not be able to delete group using a revoked cert CA_adminR" - #Add a group - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-ca-010.out" \ - 0 \ - "Add group g2 to CA" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g2 > $TmpDir/pki-group-show-ca-001.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-001.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-001.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-001.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-010: Should not be able to delete group using a agent with revoked cert CA_agentR" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a agent having a revoked cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g2 > $TmpDir/pki-group-show-ca-002.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-002.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-002.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-002.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-011: Should not be able to delete group using a valid agent CA_agentV user" - command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a valid agent cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g2 > $TmpDir/pki-group-show-ca-003.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-003.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-003.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-003.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-012: Should not be able to delete group using a admin user with expired cert CA_adminE" - #Set datetime 2 days ahead - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using an expired admin cert" - #Set datetime back on original - rlRun "date --set='-2 days'" 0 "Set System back to the present day" - rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g2 > $TmpDir/pki-group-show-ca-004.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-004.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-004.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-004.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-013: Should not be able to delete a group using CA_agentE cert" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a agent cert" - - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='-2 days'" 0 "Set System back to the present day" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g2 > $TmpDir/pki-group-show-ca-005.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-005.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-005.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-005.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-014: Should not be able to delete group using a CA_auditV" - command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a audit cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g2 > $TmpDir/pki-group-show-ca-006.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-006.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-006.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-006.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-015: Should not be able to delete group using a CA_operatorV" - command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a operator cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g2 > $TmpDir/pki-group-show-ca-007.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-007.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-007.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-007.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-016: Should not be able to delete group using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a untrusted cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g2 > $TmpDir/pki-group-show-ca-008.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-008.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-008.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-008.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-017: Should not be able to delete group using a user cert" - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_del_encoded_0025pkcs10.out > $TmpDir/pki_ca_group_del_encoded_0025pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_ca_group_del_encoded_0025pkcs10.pem -t "u,u,u"" - rlLog "Executing: pki -d $TEMP_NSS_DB \ - -n pkiUser2 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del g2" - rlRun "pki -d $TEMP_NSS_DB \ - -n pkiUser2 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del g2 > $TmpDir/pki-ca-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ca-group-del-pkiUser1-0025.out" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g2 > $TmpDir/pki-group-show-ca-009.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-009.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-009.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-009.out" - - #Cleanup:delete group g2 - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del g2 > $TmpDir/pki-group-del-ca-018.out 2>&1" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-018: delete group id with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-ca-001_19.out 2>&1" \ - 0 \ - "Adding gid ÖrjanÄke with i18n characters" - rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-ca-001_19.out" - rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-ca-001_19.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÖrjanÄke'" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-001_19_3.out 2>&1" \ - 0 \ - "Deleted gid ÖrjanÄke with i18n characters" - rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-001_19_3.out" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show 'ÖrjanÄke'" - errmsg="GroupNotFoundException: Group ÖrjanÄke not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA-020: delete groupid with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-ca-001_20.out 2>&1" \ - 0 \ - "Adding group id ÉricTêko with i18n characters" - rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-ca-001_20.out" - rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ca-001_20.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show 'ÉricTêko' > $TmpDir/pki-group-add-ca-001_20_2.out" \ - 0 \ - "Show group 'ÉricTêko'" - rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-ca-001_20_2.out" - rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ca-001_20_2.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÉricTêko'" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-001_20_3.out 2>&1" \ - 0 \ - "Delete gid ÉricTêko with i18n characters" - rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-001_20_3.out" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show 'ÉricTêko'" - errmsg="GroupNotFoundException: Group ÉricTêko not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-CA_cleanup-004: Deleting the temp directory" - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-kra.sh deleted file mode 100755 index 697fe6dbd..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-kra.sh +++ /dev/null @@ -1,635 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-del CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-del-kra Delete pki subsystem groups. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Author: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - - -######################################################################## -# Test Suite Globals -######################################################################## - -run_pki-group-cli-group-del-kra_tests(){ - - rlPhaseStartSetup "pki_group_cli_group_del_kra-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 -CA_HOST=$5 -KRA_HOST=$(eval echo \$${MYROLE}) -KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) -eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" -ROOTCA_agent_user=${caId}_agentV - - rlPhaseStartTest "pki_group_cli_group_del_kra-001: Delete valid groups" - group1=kra_group - group1desc="Test group" - group2=abcdefghijklmnopqrstuvwxyx12345678 - group3=abc# - group4=abc$ - group5=abc@ - group6=abc? - group7=0 - #positive test cases - #Add groups to KRA using KRA_adminV cert - i=1 - while [ $i -lt 25 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test_group g$i" - let i=$i+1 - done - - #===Deleting groups created using KRA_adminV cert===# - i=1 - while [ $i -lt 25 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g$i" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g$i > $TmpDir/pki-kra-group-del-group1-00$i.out" \ - 0 \ - "Deleted group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group1-00$i.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g$i" - errmsg="GroupNotFoundException: Group g$i not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" - let i=$i+1 - done - #Add groups to KRA using KRA_adminV cert - i=1 - while [ $i -lt 8 ] ; do - eval grp=\$group$i - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test_group $grp" - let i=$i+1 - done - - #===Deleting groups(symbols) created using KRA_adminV cert===# - j=1 - while [ $j -lt 8 ] ; do - eval grp=\$group$j - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del $grp " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del $grp > $TmpDir/pki-kra-group-del-group2-00$j.out" \ - 0 \ - "Deleted group $grp" - rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-kra-group-del-group2-00$j.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show $grp" - errmsg="GroupNotFoundException: Group $grp not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" - let j=$j+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-002: Case sensitive groupid" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test_group group_abc" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del GROUP_ABC > $TmpDir/pki-kra-group-del-group-002_1.out" \ - 0 \ - "Deleted group GROUP_ABC groupid is not case sensitive" - rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-kra-group-del-group-002_1.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show group_abc" - errmsg="GroupNotFoundException: Group group_abc not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-003: Delete group when required option group id is missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del" - errmsg="Error: No Group ID specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-004: Maximum length of group id" - group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test \"$group2\" > $TmpDir/pki-kra-group-add-001_1.out" \ - 0 \ - "Added group using KRA_adminV with maximum group id length" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del \"$group2\" > $TmpDir/pki-kra-group-del-group-006.out" \ - 0 \ - "Deleting group with maximum group id length using KRA_adminV" - actual_groupid_string=`cat $TmpDir/pki-kra-group-del-group-006.out | grep 'Deleted group' | xargs echo` - expected_groupid_string="Deleted group $group2" - if [[ $actual_groupid_string = $expected_groupid_string ]] ; then - rlPass "Deleted group \"$group2\" found" - else - rlFail "Deleted group \"$group2\" not found" - fi - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show \"$group2\"" - errmsg="GroupNotFoundException: Group \"$group2\" not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-005: groupid with maximum length and symbols" - rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') - groupid=$(echo $rand_groupid | sed 's/\///g') - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test '$groupid' > $TmpDir/pki-kra-group-add-001_8.out" \ - 0 \ - "Added group using KRA_adminV with maximum groupid length and character symbols in it" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del '$groupid' > $TmpDir/pki-kra-group-del-group-007.out" \ - 0 \ - "Deleting group with maximum group id length and character symbols using KRA_adminV" - actual_groupid_string=`cat $TmpDir/pki-kra-group-del-group-007.out| grep 'Deleted group' | xargs echo` - expected_groupid_string="Deleted group $groupid" - if [[ $actual_groupid_string = $expected_groupid_string ]] ; then - rlPass "Deleted group $groupid found" - else - rlFail "Deleted group $groupid not found" - fi - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show '$groupid' > $TmpDir/pki-kra-group-del-group-007_2.out 2>&1" \ - 255 \ - "Verify expected error message - deleted group with max length and character symbols should not exist" - actual_error_string=`cat $TmpDir/pki-kra-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` - expected_error_string="GroupNotFoundException: Group $groupid not found" - if [[ $actual_error_string = $expected_error_string ]] ; then - rlPass "GroupNotFoundException: Group $groupid not found message found" - else - rlFail "GroupNotFoundException: Group $groupid not found message not found" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-006: Delete group from KRA with -t option" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g1description\" g1 > $TmpDir/pki-kra-group-add-009.out" \ - 0 \ - "Add group g1 to KRA" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g1 > $TmpDir/pki-kra-group-del-group-009.out" \ - 0 \ - "Deleting group g1 using -t kra option" - rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-kra-group-del-group-009.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g1" - errmsg="GroupNotFoundException: Group g1 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-007: Should not be able to delete group using a revoked cert KRA_adminR" - #Add a group - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-kra-010.out" \ - 0 \ - "Add group g2 to KRA" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g2 > $TmpDir/pki-kra-group-show-001.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-kra-group-show-001.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-show-001.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-kra-group-show-001.out" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-008: Should not be able to delete group using a agent with revoked cert KRA_agentR" - #Add a group - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-kra-010.out" \ - 0 \ - "Add group g3 to KRA" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g3 > $TmpDir/pki-kra-group-show-002.out" \ - 0 \ - "Show group g3" - rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-002.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-002.out" - rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-show-002.out" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-009: Should not be able to delete group using a valid agent KRA_agentV user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g3 > $TmpDir/pki-kra-group-show-003.out" \ - 0 \ - "Show group g3" - rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-003.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-003.out" - rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-show-003.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-010: Should not be able to delete group using a admin user with expired cert KRA_adminE" - #Set datetime 2 days ahead - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" - #Set datetime back on original - rlRun "date --set='-2 days'" 0 "Set System back to the present day" - rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g3 > $TmpDir/pki-group-show-kra-004.out" \ - 0 \ - "Show group g3" - rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-004.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-004.out" - rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-004.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-011: Should not be able to delete a group using KRA_agentE cert" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" - - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='-2 days'" 0 "Set System back to the present day" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - kra-group-show g3 > $TmpDir/pki-group-show-kra-005.out" \ - 0 \ - "Show group g3" - rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-005.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-005.out" - rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-005.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-012: Should not be able to delete group using a KRA_auditV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a audit cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g3 > $TmpDir/pki-group-show-kra-006.out" \ - 0 \ - "Show group g3" - rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-006.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-006.out" - rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-006.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-013: Should not be able to delete group using a KRA_operatorV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g3 > $TmpDir/pki-group-show-kra-007.out" \ - 0 \ - "Show group g3" - rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-007.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-007.out" - rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-007.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-014: Should not be able to delete group using a cert created from a untrusted KRA KRA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g3 > $TmpDir/pki-group-show-kra-008.out" \ - 0 \ - "Show group g3" - rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-008.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-008.out" - rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-008.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del-015: Should not be able to delete group using a user cert" - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_del_encoded_0025pkcs10.out > $TmpDir/pki_kra_group_del_encoded_0025pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_kra_group_del_encoded_0025pkcs10.pem -t "u,u,u"" - rlLog "Executing: pki -d $TEMP_NSS_DB \ - -n pkiUser2 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g3" - rlRun "pki -d $TEMP_NSS_DB \ - -n pkiUser2 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g3 > $TmpDir/pki-kra-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-del-pkiUser1-0025.out" - #Make sure group is not deleted - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g3 > $TmpDir/pki-group-show-kra-009.out" \ - 0 \ - "Show group g3" - rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-009.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-009.out" - rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-009.out" - - #Cleanup:delete group g3 - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g3 > $TmpDir/pki-group-del-kra-018.out 2>&1" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-016: delete group id with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-kra-001_19.out 2>&1" \ - 0 \ - "Adding gid ÖrjanÄke with i18n characters" - rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-kra-001_19.out" - rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-kra-001_19.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÖrjanÄke'" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-001_19_3.out 2>&1" \ - 0 \ - "Deleted gid ÖrjanÄke with i18n characters" - rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-001_19_3.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show 'ÖrjanÄke'" - errmsg="GroupNotFoundException: Group ÖrjanÄke not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_kra-017: delete groupid with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-kra-001_20.out 2>&1" \ - 0 \ - "Adding group id ÉricTêko with i18n characters" - rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-kra-001_20.out" - rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-kra-001_20.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show 'ÉricTêko' > $TmpDir/pki-group-add-kra-001_20_2.out" \ - 0 \ - "Show group 'ÉricTêko'" - rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-kra-001_20_2.out" - rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-kra-001_20_2.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÉricTêko'" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-001_20_3.out 2>&1" \ - 0 \ - "Delete gid ÉricTêko with i18n characters" - rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-001_20_3.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show 'ÉricTêko'" - errmsg="GroupNotFoundException: Group ÉricTêko not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_del_cleanup_kra: Deleting the temp directory" - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh deleted file mode 100755 index 427f2ffb5..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh +++ /dev/null @@ -1,615 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-find CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-find To list groups in CA. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -######################################################################## -# Test Suite Globals -######################################################################## - -run_pki-group-cli-group-find-ca_tests(){ - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - else - prefix=ROOTCA - fi -else - prefix=$MYROLE -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) - - rlPhaseStartSetup "pki_group_cli_group_find-ca-startup: Create temporary directory and add groups" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - i=1 - while [ $i -lt 25 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test_group g$i" - let i=$i+1 - done - rlPhaseEnd - -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" - - rlPhaseStartTest "pki_group_cli_group_find-ca-configtest-001: pki group-find --help configuration test" - rlRun "pki group-find --help > $TmpDir/group_find.out 2>&1" 0 "pki group-find --help" - rlAssertGrep "usage: group-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/group_find.out" - rlAssertGrep "\--size Page size" "$TmpDir/group_find.out" - rlAssertGrep "\--start Page start" "$TmpDir/group_find.out" - rlAssertGrep "\--help Show help options" "$TmpDir/group_find.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-configtest-002: pki group-find configuration test" - command="pki group-find" - errmsg="ProcessingException: Unable to invoke request" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-003: Find 5 groups, --size=5" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --size=5 > $TmpDir/pki-group-find-ca-001.out 2>&1" \ - 0 \ - "Found 5 groups" - rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-group-find-ca-001.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-004: Find no group, --size=0" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --size=0 > $TmpDir/pki-group-find-ca-002.out 2>&1" \ - 0 \ - "Found no groups" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-find-ca-002.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-005: Find all groups, large value as input" - large_num=1000000 - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --size=$large_num > $TmpDir/pki-group-find-ca-003.out 2>&1" \ - 0 \ - "Find all groups, large value as input" - result=`cat $TmpDir/pki-group-find-ca-003.out | grep "Number of entries returned"` - number=`echo $result | cut -d " " -f 5` - if [ $number -gt 25 ] ; then - rlPass "Number of entries returned is more than 25 as expected" - else - - rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-006: Find all groups, --size with maximum possible value as input" - randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --size=$maximum_check" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --size=$maximum_check > $TmpDir/pki-group-find-ca-003_2.out 2>&1" \ - 0 \ - "Find all groups, maximum possible value as input" - result=`cat $TmpDir/pki-group-find-ca-003_2.out | grep "Number of entries returned"` - number=`echo $result | cut -d " " -f 5` - if [ $number -gt 25 ] ; then - rlPass "Number of entries returned is more than 25 as expected" - else - - rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-007: Find all groups, --size more than maximum possible value" - randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --size=$maximum_check" - errmsg="NumberFormatException: For input string: $maximum_check" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-008: Find groups, check for negative input --size=-1" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --size=-1" - errmsg="size should not have value less than 0" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-009: Find groups for size input as noninteger, --size=abc" - size_noninteger="abc" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --size=$size_noninteger" - errmsg="NumberFormatException: For input string: $size_noninteger" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-010: Find groups, check for no input --size=" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --size=" - errmsg="NumberFormatException: For input string: \"""\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-011: Find groups, --start=10" - #Find the 10th group - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find > $TmpDir/pki-group-find-ca-007_1.out 2>&1" \ - 0 \ - "Get all groups in CA" - group_entry_10=`cat $TmpDir/pki-group-find-ca-007_1.out | grep "Group ID" | head -11 | tail -1` - rlLog "10th entry=$group_entry_10" - - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --start=10" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --start=10 > $TmpDir/pki-group-find-ca-007.out 2>&1" \ - 0 \ - "Displays groups from the 10th group and the next to the maximum 20 groups, if available " - #First group in the response should be the 10th group $group_entry_10 - group_entry_1=`cat $TmpDir/pki-group-find-ca-007.out | grep "Group ID" | head -1` - rlLog "1st entry=$group_entry_1" - if [ "$group_entry_1" = "$group_entry_10" ]; then - rlPass "Displays groups from the 10th group" - else - rlFail "Display did not start from the 10th group" - fi - rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-group-find-ca-007.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-012: Find groups, --start=10000, large possible input" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --start=10000 > $TmpDir/pki-group-find-ca-008.out 2>&1" \ - 0 \ - "Find users, --start=10000, large possible input" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-find-ca-008.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-013: Find groups, --start with maximum possible input" - randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --start=$maximum_check" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --start=$maximum_check > $TmpDir/pki-group-find-ca-008_2.out 2>&1" \ - 0 \ - "Find groups, --start with maximum possible input" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-find-ca-008_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-014: Find groups, --start with more than maximum possible input" - randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=$maximum_check" - errmsg="NumberFormatException: For input string: \"$maximum_check\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-015: Find groups, --start=0" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --start=0 > $TmpDir/pki-group-find-ca-009.out 2>&1" \ - 0 \ - "Displays from the zeroth user, maximum possible are 20 users in a page" - rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-group-find-ca-009.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-016: Find groups, --start=-1" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=-1" - errmsg="start should not have value less than 0" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-017: Find groups for size input as noninteger, --start=abc" - size_noninteger="abc" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=$size_noninteger" - errmsg="NumberFormatException: For input string: \"$size_noninteger\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-018: Find groups, check for no input --start= " - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=" - errmsg="NumberFormatException: For input string: \"""\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-019: Find groups, --size=12 --start=12" - #Find 12 groups starting from 12th group - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find > $TmpDir/pki-group-find-ca-00_13_1.out 2>&1" \ - 0 \ - "Get all groups in CA" - group_entry_12=`cat $TmpDir/pki-group-find-ca-00_13_1.out | grep "Group ID" | head -13 | tail -1` - - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --start=12 --size=12 > $TmpDir/pki-group-find-ca-0013.out 2>&1" \ - 0 \ - "Displays groups from the 12th group and the next to the maximum 12 groups" - #First group in the response should be the 12th group $group_entry_12 - group_entry_1=`cat $TmpDir/pki-group-find-ca-0013.out | grep "Group ID" | head -1` - if [ "$group_entry_1" = "$group_entry_12" ]; then - rlPass "Displays groups from the 12th group" - else - rlFail "Display did not start from the 12th group" - fi - rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-group-find-ca-0013.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-020: Find groups, --size=0 --start=12" - #Find 12 groups starting from 12th group - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find > $TmpDir/pki-group-find-ca-00_14_1.out 2>&1" \ - 0 \ - "Get all groups in CA" - group_entry_12=`cat $TmpDir/pki-group-find-ca-00_14_1.out | grep "Group ID" | head -13 | tail -1` - - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --start=12 --size=0 > $TmpDir/pki-group-find-ca-0014.out 2>&1" \ - 0 \ - "Displays groups from the 12th group and 0 groups" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-find-ca-0014.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-021: Should not be able to find group using a revoked cert CA_adminR" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT user-find --start=1 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-022: Should not be able to find groups using an agent with revoked cert CA_agentR" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-023: Should not be able to find groups using a valid agent CA_agentV user" - command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-024: Should not be able to find groups using admin user with expired cert CA_adminE" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-025: Should not be able to find groups using CA_agentE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-026: Should not be able to find groups using a CA_auditV" - command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid auditor cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-027: Should not be able to find groups using a CA_operatorV" - command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-028: Should not be able to find groups using a cert created from a untrusted CA role_user_UTCA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" - errmsg="PKIException: Unauthorized" - errocode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using CA_adminUTCA" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-029: Should not be able to find groups using a user cert" - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_find_encoded_0029pkcs10.out > $TmpDir/pki_ca_group_find_encoded_0029pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_ca_group_find_encoded_0029pkcs10.pem -t "u,u,u"" - rlLog "Executing: pki -d $TEMP_NSS_DB \ - -n pkiUser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --start=1 --size=5" - rlRun "pki -d $TEMP_NSS_DB \ - -n pkiUser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --start=1 --size=5 > $TmpDir/pki-ca-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ca-group-find-pkiUser1-002.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-030: find groups when group id has i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-group-find-ca-001_31.out 2>&1" \ - 0 \ - "Adding gid ÖrjanÄke with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --size=1000" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --size=1000 > $TmpDir/pki-group-show-ca-001_31_2.out" \ - 0 \ - "Find group with max size" - rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-show-ca-001_31_2.out" - rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-group-show-ca-001_31_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-031: find group when group id has i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-group-show-ca-001_32.out 2>&1" \ - 0 \ - "Adding group id ÉricTêko with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --size=1000" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find --size=1000 > $TmpDir/pki-group-show-ca-001_32_2.out" \ - 0 \ - "Find group with max size" - rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-show-ca-001_32_2.out" - rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-group-show-ca-001_32_2.out" - rlPhaseEnd - - #pki group-find with filters - - rlPhaseStartTest "pki_group_cli_group_find-ca-032: find group - filter 'Administrator'" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find Administrator" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find Administrator > $TmpDir/pki-group-show-ca-033.out" \ - 0 \ - "Find group with Keyword Administrator" - rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-group-show-ca-033.out" - rlAssertGrep "Group ID: Security Domain Administrators" "$TmpDir/pki-group-show-ca-033.out" - rlAssertGrep "Group ID: Enterprise CA Administrators" "$TmpDir/pki-group-show-ca-033.out" - rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-group-show-ca-033.out" - rlAssertGrep "Group ID: Enterprise RA Administrators" "$TmpDir/pki-group-show-ca-033.out" - rlAssertGrep "Group ID: Enterprise OCSP Administrators" "$TmpDir/pki-group-show-ca-033.out" - rlAssertGrep "Group ID: Enterprise TKS Administrators" "$TmpDir/pki-group-show-ca-033.out" - rlAssertGrep "Group ID: Enterprise TPS Administrators" "$TmpDir/pki-group-show-ca-033.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-033: find group - filter 'KRA'" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find KRA" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-find KRA > $TmpDir/pki-group-show-ca-034.out" \ - 0 \ - "Find group with Keyword KRA" - rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-group-show-ca-034.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find-ca-034: find group should fail when filter keyword has less than 3 characters" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find CA" - errmsg="BadRequestException: Filter is too short." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find should fail if the filter has less than 3 characters" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_cleanup-001: Deleting groups" - #===Deleting groups created using CA_adminV cert===# - i=1 - while [ $i -lt 25 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del g$i > $TmpDir/pki-group-del-ca-group-00$i.out" \ - 0 \ - "Deleted group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group-00$i.out" - let i=$i+1 - done - - #===Deleting i18n groups created using CA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ - 0 \ - "Deleted group ÖrjanÄke" - rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" - - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-group-i18n_2.out" \ - 0 \ - "Deleted group ÉricTêko" - rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-group-i18n_2.out" - - #Delete temporary directory - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-kra.sh deleted file mode 100755 index 75e0066ad..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-kra.sh +++ /dev/null @@ -1,650 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-find CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-find-kra To list groups in KRA. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -######################################################################## -# Test Suite Globals -######################################################################## - -run_pki-group-cli-group-find-kra_tests(){ - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 -CA_HOST=$5 -KRA_HOST=$(eval echo \$${MYROLE}) -KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) -eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -ROOTCA_agent_user=${caId}_agentV - rlPhaseStartSetup "pki_group_cli_group_find_kra-startup: Create temporary directory and add groups" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - i=1 - while [ $i -lt 25 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test_group g$i" - let i=$i+1 - done - rlPhaseEnd - -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" - - rlPhaseStartTest "pki_group_cli_group_find_kra-003: Find 5 groups, --size=5" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --size=5 > $TmpDir/pki-kra-group-find-001.out 2>&1" \ - 0 \ - "Found 5 groups" - rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-find-001.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-004: Find no group, --size=0" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --size=0 > $TmpDir/pki-kra-group-find-002.out 2>&1" \ - 0 \ - "Found no groups" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-002.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-005: Find all groups, large value as input" - large_num="1000000" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --size=$large_num" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --size=$large_num > $TmpDir/pki-kra-group-find-003.out 2>&1" \ - 0 \ - "Find all groups, large value as input" - result=`cat $TmpDir/pki-kra-group-find-003.out | grep "Number of entries returned"` - number=`echo $result | cut -d " " -f 5` - if [ $number -gt 25 ] ; then - rlPass "Number of entries returned is more than 25 as expected" - else - - rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-006: Find all groups, --size with maximum possible value as input" - randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --size=$maximum_check" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --size=$maximum_check > $TmpDir/pki-kra-group-find-003_2.out 2>&1" \ - 0 \ - "Find all groups, maximum possible value as input" - result=`cat $TmpDir/pki-kra-group-find-003_2.out | grep "Number of entries returned"` - number=`echo $result | cut -d " " -f 5` - if [ $number -gt 25 ] ; then - rlPass "Number of entries returned is more than 25 as expected" - else - rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" - fi - rlPhaseEnd - rlPhaseStartTest "pki_group_cli_group_find_kra-007: Find all groups, --size more than maximum possible value" - randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=$maximum_check" - errmsg="NumberFormatException: For input string: $maximum_check" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-008: Find groups, check for negative input --size=-1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=-1" - errmsg="size should not have value less than 0" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-009: Find groups for size input as noninteger, --size=abc" - size_noninteger="abc" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=$size_noninteger" - errmsg="NumberFormatException: For input string: $size_noninteger" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-010: Find groups, check for no input --size=" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=" - errmsg="NumberFormatException: For input string: \"""\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-011: Find groups, --start=10" - #Find the 10th group - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find > $TmpDir/pki-kra-group-find-007_1.out 2>&1" \ - 0 \ - "Get all groups in KRA" - group_entry_10=`cat $TmpDir/pki-kra-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` - rlLog "10th entry=$group_entry_10" - - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --start=10" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --start=10 > $TmpDir/pki-kra-group-find-007.out 2>&1" \ - 0 \ - "Displays groups from the 10th group and the next to the maximum 20 groups, if available " - #First group in the response should be the 10th group $group_entry_10 - group_entry_1=`cat $TmpDir/pki-kra-group-find-007.out | grep "Group ID" | head -1` - rlLog "1st entry=$group_entry_1" - if [ "$group_entry_1" = "$group_entry_10" ]; then - rlPass "Displays groups from the 10th group" - else - rlFail "Display did not start from the 10th group" - fi - rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-find-007.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-012: Find groups, --start=10000, large possible input" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --start=10000 > $TmpDir/pki-kra-group-find-008.out 2>&1" \ - 0 \ - "Find users, --start=10000, large possible input" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-008.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-013: Find groups, --start with maximum possible input" - randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --start=$maximum_check" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --start=$maximum_check > $TmpDir/pki-kra-group-find-008_2.out 2>&1" \ - 0 \ - "Find groups, --start with maximum possible input" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-008_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-014: Find groups, --start with more than maximum possible input" - randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=$maximum_check" - errmsg="NumberFormatException: For input string: \"$maximum_check\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-015: Find groups, --start=0" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --start=0 > $TmpDir/pki-kra-group-find-009.out 2>&1" \ - 0 \ - "Displays from the zeroth user, maximum possible are 20 users in a page" - rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-find-009.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-016: Find groups, --start=-1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=-1" - errmsg="start should not have value less than 0" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-017: Find groups for size input as noninteger, --start=abc" - size_noninteger="abc" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=$size_noninteger" - errmsg="NumberFormatException: For input string: \"$size_noninteger\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-018: Find groups, check for no input --start= " - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=" - errmsg="NumberFormatException: For input string: \"""\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-019: Find groups, --size=12 --start=12" - #Find 12 groups starting from 12th group - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find > $TmpDir/pki-kra-group-find-00_13_1.out 2>&1" \ - 0 \ - "Get all groups in KRA" - group_entry_12=`cat $TmpDir/pki-kra-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` - - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --start=12 --size=12 > $TmpDir/pki-kra-group-find-0013.out 2>&1" \ - 0 \ - "Displays groups from the 12th group and the next to the maximum 12 groups" - #First group in the response should be the 12th group $group_entry_12 - group_entry_1=`cat $TmpDir/pki-kra-group-find-0013.out | grep "Group ID" | head -1` - if [ "$group_entry_1" = "$group_entry_12" ]; then - rlPass "Displays groups from the 12th group" - else - rlFail "Display did not start from the 12th group" - fi - rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-kra-group-find-0013.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-020: Find groups, --size=0 --start=12" - #Find 12 groups starting from 12th group - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find > $TmpDir/pki-kra-group-find-00_14_1.out 2>&1" \ - 0 \ - "Get all groups in KRA" - group_entry_12=`cat $TmpDir/pki-kra-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` - - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --start=12 --size=0 > $TmpDir/pki-kra-group-find-0014.out 2>&1" \ - 0 \ - "Displays groups from the 12th group and 0 groups" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-0014.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-021: Should not be able to find group using a revoked cert KRA_adminR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-022: Should not be able to find groups using an agent with revoked cert KRA_agentR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-023: Should not be able to find groups using a valid agent KRA_agentV user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-024: Should not be able to find groups using admin user with expired cert KRA_adminE" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-025: Should not be able to find groups using KRA_agentE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-026: Should not be able to find groups using a KRA_auditV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid auditor cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-027: Should not be able to find groups using a KRA_operatorV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-028: Should not be able to find groups using a cert created from a untrusted KRA KRA_adminUTCA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" - errmsg="PKIException: Unauthorized" - errocode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using KRA_adminUTCA" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-029: Should not be able to find groups using a user cert" - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_find_encoded_0029pkcs10.out > $TmpDir/pki_kra_group_find_encoded_0029pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_kra_group_find_encoded_0029pkcs10.pem -t "u,u,u"" - rlLog "Executing: pki -d $TEMP_NSS_DB \ - -n pkiUser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --start=1 --size=5" - rlRun "pki -d $TEMP_NSS_DB \ - -n pkiUser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --start=1 --size=5 > $TmpDir/pki-kra-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-find-pkiUser1-002.out" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-030: find groups when group id has i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='Örjan Äke' 'ÖrjanÄke'" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-kra-group-find-001_31.out 2>&1" \ - 0 \ - "Adding gid ÖrjanÄke with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --size=1000" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --size=1000 > $TmpDir/pki-kra-group-show-001_31_2.out" \ - 0 \ - "Find group with max size" - rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-show-001_31_2.out" - rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-kra-group-show-001_31_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-031: find group when group id has i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='Éric Têko' 'ÉricTêko'" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_32.out 2>&1" \ - 0 \ - "Adding group id ÉricTêko with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --size=1000" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find --size=1000 > $TmpDir/pki-kra-group-show-001_32_2.out" \ - 0 \ - "Find group with max size" - rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-show-001_32_2.out" - rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-kra-group-show-001_32_2.out" - rlPhaseEnd - - #pki group-find with filters - - rlPhaseStartTest "pki_group_cli_group_find_kra-032: find group - filter 'Administrator'" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find Administrator" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find Administrator > $TmpDir/pki-kra-group-show-033.out" \ - 0 \ - "Find group with Keyword Administrator" - rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-show-033.out" - rlAssertGrep "Group ID: Security Domain Administrators" "$TmpDir/pki-kra-group-show-033.out" - rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-kra-group-show-033.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-033: find group - filter 'KRA'" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find KRA" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-find KRA > $TmpDir/pki-kra-group-show-034.out" \ - 0 \ - "Find group with Keyword KRA" - rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-kra-group-show-034.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_find_kra-034: find group should fail when filter keyword has less than 3 characters" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find CA" - errmsg="BadRequestException: Filter is too short." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find should fail if the filter has less than 3 characters" - rlPhaseEnd - - rlPhaseStartTest "pki_kra_group_cli_group_cleanup-001: Deleting groups" - #===Deleting groups created using KRA_adminV cert===# - i=1 - while [ $i -lt 25 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g$i > $TmpDir/pki-group-del-kra-group-00$i.out" \ - 0 \ - "Deleted group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-kra-group-00$i.out" - let i=$i+1 - done - - #===Deleting i18n groups created using KRA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ - 0 \ - "Deleted group ÖrjanÄke" - rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" - - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-group-i18n_2.out" \ - 0 \ - "Deleted group ÉricTêko" - rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-group-i18n_2.out" - - #Delete temporary directory - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh deleted file mode 100755 index 7cdf93e96..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh +++ /dev/null @@ -1,1146 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-cli-group-membership-add CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-member-add Add group member. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh -###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-member-add-ca.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## -run_pki-group-cli-group-member-add-ca_tests(){ - #Local variables - groupid1="Certificate Manager Agents" - groupid2="Registration Manager Agents" - groupid3="Subsystem Group" - groupid4="Trusted Managers" - groupid5="Administrators" - groupid6="Auditors" - groupid7="ClonedSubsystems" - groupid8="Security Domain Administrators" - groupid9="Enterprise CA Administrators" - groupid10="Enterprise KRA Administrators" - groupid11="Enterprise OCSP Administrators" - groupid12="Enterprise TKS Administrators" - groupid13="Enterprise RA Administrators" - groupid14="Enterprise TPS Administrators" - - rlPhaseStartSetup "pki_group_cli_group_membership-add-CA-001: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - else - prefix=ROOTCA - fi -else - prefix=$MYROLE -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-002: pki group-member configuration test" - rlRun "pki group-member > $TmpDir/pki_group_member_cfg.out 2>&1" \ - 0 \ - "pki group-member" - rlAssertGrep "Commands:" "$TmpDir/pki_group_member_cfg.out" - rlAssertGrep "group-member-find Find group members" "$TmpDir/pki_group_member_cfg.out" - rlAssertGrep "group-member-add Add group member" "$TmpDir/pki_group_member_cfg.out" - rlAssertGrep "group-member-del Remove group member" "$TmpDir/pki_group_member_cfg.out" - rlAssertGrep "group-member-show Show group member" "$TmpDir/pki_group_member_cfg.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-003: pki group-member-add --help configuration test" - rlRun "pki group-member-add --help > $TmpDir/pki_group_member_add_cfg.out 2>&1" \ - 0 \ - "pki group-member-add --help" - rlAssertGrep "usage: group-member-add \[OPTIONS...\]" "$TmpDir/pki_group_member_add_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_add_cfg.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-004: pki group-member-add configuration test" - rlRun "pki group-member-add > $TmpDir/pki_group_member_add_2_cfg.out 2>&1" \ - 255 \ - "pki group-member-add" - rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_group_member_add_2_cfg.out" - rlAssertGrep "usage: group-member-add \[OPTIONS...\]" "$TmpDir/pki_group_member_add_2_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_add_2_cfg.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-005: Add users to available groups using valid admin user CA_adminV" - i=1 - while [ $i -lt 15 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu$i\" u$i " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-group-member-add-group-add-ca-00$i.out" \ - 0 \ - "Adding user u$i" - rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-group-member-add-group-add-ca-00$i.out" - rlAssertGrep "User ID: u$i" "$TmpDir/pki-group-member-add-group-add-ca-00$i.out" - rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-group-member-add-group-add-ca-00$i.out" - rlLog "Showing the user" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-show u$i > $TmpDir/pki-group-member-add-group-show-ca-00$i.out" \ - 0 \ - "Show pki CA_adminV user" - rlAssertGrep "User \"u$i\"" "$TmpDir/pki-group-member-add-group-show-ca-00$i.out" - rlAssertGrep "User ID: u$i" "$TmpDir/pki-group-member-add-group-show-ca-00$i.out" - rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-group-member-add-group-show-ca-00$i.out" - rlLog "Adding the user to a group" - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" u$i" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" u$i > $TmpDir/pki-group-member-add-groupadd-ca-00$i.out" \ - 0 \ - "Adding user u$i to group \"$gid\"" - rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-group-member-add-groupadd-ca-00$i.out" - rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-add-groupadd-ca-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"$gid\" > $TmpDir/pki-group-member-add-groupadd-find-ca-00$i.out" \ - 0 \ - "User added to group \"$gid\"" - rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-add-groupadd-find-ca-00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-006: Add a user to all available groups using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-group-member-add-user-add-ca-userall-001.out" \ - 0 \ - "Adding user userall" - rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-group-member-add-user-add-ca-userall-001.out" - rlAssertGrep "User ID: userall" "$TmpDir/pki-group-member-add-user-add-ca-userall-001.out" - rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-group-member-add-user-add-ca-userall-001.out" - rlLog "Showing the user" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-show userall > $TmpDir/pki-group-member-add-user-show-ca-userall-001.out" \ - 0 \ - "Show pki CA_adminV user" - rlAssertGrep "User \"userall\"" "$TmpDir/pki-group-member-add-user-show-ca-userall-001.out" - rlAssertGrep "User ID: userall" "$TmpDir/pki-group-member-add-user-show-ca-userall-001.out" - rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-group-member-add-user-show-ca-userall-001.out" - rlLog "Adding the user to all the groups" - i=1 - while [ $i -lt 15 ] ; do - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" userall" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" userall > $TmpDir/pki-group-member-add-groupadd-ca-userall-00$i.out" \ - 0 \ - "Adding user userall to group \"$gid\"" - rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-group-member-add-groupadd-ca-userall-00$i.out" - rlAssertGrep "User: userall" "$TmpDir/pki-group-member-add-groupadd-ca-userall-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"$gid\" > $TmpDir/pki-group-member-add-groupadd-find-ca-userall-00$i.out" \ - 0 \ - "User added to group \"$gid\"" - rlAssertGrep "User: userall" "$TmpDir/pki-group-member-add-groupadd-find-ca-userall-00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_group_member-add-CA-007: Add a user to same group multiple times" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-group-member-add-user-add-ca-user1-001.out" \ - 0 \ - "Adding user user1" - rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-group-member-add-user-add-ca-user1-001.out" - rlAssertGrep "User ID: user1" "$TmpDir/pki-group-member-add-user-add-ca-user1-001.out" - rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-group-member-add-user-add-ca-user1-001.out" - rlLog "Showing the user" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-show user1 > $TmpDir/pki-group-member-add-user-show-ca-user1-001.out" \ - 0 \ - "Show pki CA_adminV user" - rlAssertGrep "User \"user1\"" "$TmpDir/pki-group-member-add-user-show-ca-user1-001.out" - rlAssertGrep "User ID: user1" "$TmpDir/pki-group-member-add-user-show-ca-user1-001.out" - rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-group-member-add-user-show-ca-user1-001.out" - rlLog "Adding the user to the same groups twice" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"Administrators\" user1 > $TmpDir/pki-group-member-add-groupadd-ca-user1-001.out" \ - 0 \ - "Adding user user1 to group \"Administrators\"" - rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-group-member-add-groupadd-ca-user1-001.out" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" user1" - errmsg="ConflictingOperationException: Attribute or value exists." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-008: should not be able to add user to a non existing group" - dummy_group="nonexisting_bogus_group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-group-member-add-user-add-ca-user1-008.out" \ - 0 \ - "Adding user testuser1" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"$dummy_group\" testuser1" - errmsg="GroupNotFoundException: Group $dummy_group not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-009: Should be able to group-member-add user to Administrator group" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=test u20" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=test u20" \ - 0 \ - "Adding uid u20" - rlLog "Adding the user to the Adminstrators group" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" u20" - rlLog "Executing: $command" - rlRun "$command > $TmpDir/pki-group-member-add-groupadd-ca-009_2.out" \ - 0 \ - "Adding user u20 to group \"Administrators\"" - rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-group-member-add-groupadd-ca-009_2.out" - rlAssertGrep "User: u20" "$TmpDir/pki-group-member-add-groupadd-ca-009_2.out" - rlLog "Check if the user is added to the group" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find 'Administrators'" - rlLog "Executing: $command" - rlRun "$command > $TmpDir/pki-group-member-add-groupadd-find-ca-009_3.out" \ - 0 \ - "Check user u20 added to group Administrators" - rlAssertGrep "User: u20" "$TmpDir/pki-group-member-add-groupadd-find-ca-009_3.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-010: Should be able to group-member-add groupid with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName='u21' u21" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName='u21' u21" \ - 0 \ - "Adding uid u21" - rlLog "Create a group dadministʁasjɔ̃ with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-group-member-add-groupadd-ca-010_1.out" \ - 0 \ - "Adding group dadministʁasjɔ̃ with i18n characters" - rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-member-add-groupadd-ca-010_1.out" - rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-group-member-add-groupadd-ca-010_1.out" - rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-group-member-add-groupadd-ca-010_1.out" - rlLog "Adding the user to the dadministʁasjɔ̃ group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"dadministʁasjɔ̃\" u21 > $TmpDir/pki-group-member-add-groupadd-ca-010_2.out" \ - 0 \ - "Adding user u21 to group \"dadministʁasjɔ̃\"" - rlAssertGrep "Added group member \"u21\"" "$TmpDir/pki-group-member-add-groupadd-ca-010_2.out" - rlAssertGrep "User: u21" "$TmpDir/pki-group-member-add-groupadd-ca-010_2.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-group-member-add-groupadd-find-ca-010_3.out" \ - 0 \ - "Check user u21 added to group dadministʁasjɔ̃" - rlAssertGrep "User: u21" "$TmpDir/pki-group-member-add-groupadd-find-ca-010_3.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-011: Should not be able to group-member-add using a revoked cert CA_adminR" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using a revoked cert CA_adminR" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-012: Should not be able to group-member-add using an agent with revoked cert CA_agentR" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using an agent with revoked cert CA_agentR" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-013: Should not be able to group-member-add using admin user with expired cert CA_adminE" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using admin user with expired cert CA_adminE" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-014: Should not be able to group-member-add using CA_agentE cert" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_agentE cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-015: Should not be able to group-member-add using CA_auditV cert" - command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_auditV cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-016: Should not be able to group-member-add using CA_operatorV cert" - command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_operatorV cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-017: Should not be able to group-member-add using role_user_UTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_adminUTCA cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-018: Should not be able to group-member-add using role_user_UTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_agentUTCA cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - #Usability tests - rlPhaseStartTest "pki_group_cli_group_member-add-CA-019: User associated with Administrators group only can create a new user" - i=2 - while [ $i -lt 15 ] ; do - eval gid=\$groupid$i - if [ "$gid" = "Administrators" ] ; then - rlLog "Not adding testuser1 to $gid group" - else - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" testuser1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" testuser1 > $TmpDir/pki-group-member-add-groupadd-ca-testuser1-00$i.out" \ - 0 \ - "Adding user testuser1 to group \"$gid\"" - rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-group-member-add-groupadd-ca-testuser1-00$i.out" - rlAssertGrep "User: testuser1" "$TmpDir/pki-group-member-add-groupadd-ca-testuser1-00$i.out" - fi - let i=$i+1 - done - - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" - rlRun "pki -d $CERTDB_DIR/ \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-cert-add testuser1 --input $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ - 0 \ - "Cert is added to the user testuser1" - command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT ca-user-add --fullName=test_user u39" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "ca-user-add operation should fail when authenticating using a user cert" - - rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - - #Add testuser1 to Administrators group - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$groupid5\" testuser1 > $TmpDir/pki-ca-group-member-add-groupadd-usertest1-019_2.out" \ - 0 \ - "Adding user testuser1 to group \"$groupid5\"" - rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-ca-group-member-add-groupadd-usertest1-019_2.out" - rlAssertGrep "User: testuser1" "$TmpDir/pki-ca-group-member-add-groupadd-usertest1-019_2.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find $groupid5 > $TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-019_3.out" \ - 0 \ - "Check group-member for user testuser1" - rlAssertGrep "User: testuser1" "$TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-019_3.out" - - #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group - rlRun "pki -d $TEMP_NSS_DB \ - -n testuser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=test_user us19 > $TmpDir/pki-ca-user-add-019_4.out" \ - 0 \ - "Added new user using Admin user testuser1" - rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-ca-user-add-019_4.out" - rlAssertGrep "User ID: us19" "$TmpDir/pki-ca-user-add-019_4.out" - rlAssertGrep "Full name: test_user" "$TmpDir/pki-ca-user-add-019_4.out" - rlPhaseEnd - - #Usability test - rlPhaseStartTest "pki_group_cli_group_member-add-CA-020: User associated with Certificate Manager Agents group only can approve certificate requests" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullName_user2\" testuser2" - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"Test User2\" subject_uid:testuser2 subject_email:testuser2@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.out > $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser2\" -i $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem -t \"u,u,u\"" - rlRun "pki -d $CERTDB_DIR/ \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-cert-add testuser2 --input $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem" - rlLog "Check testuser2 is not in group Certificate Manager Agents" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"$groupid1\"" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"$groupid1\" > $TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-020_1.out" \ - 0 \ - "Check ca-group-member for testuser2" - rlAssertNotGrep "User: testuser2" "$TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-020_1.out" - - #Trying to approve a certificate request using testuser2 should fail - rlRun "run_req_action_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ - organizationalunit: organization: country: archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$TEMP_NSS_DB cert_db_pwd:$TEMP_NSS_DB_PASSWD \ - certdb_nick:\"testuser2\" cert_info:$cert_info" 0 "Cert approval by testuser2 should fail" - - rlAssertGrep "Authorization Error" "$cert_info" - - #Add user testuser2 to Certificate Manager Agents group - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$groupid1\" testuser2 > $TmpDir/pki-ca-group-member-add-groupadd-usertest1-020_3.out" \ - 0 \ - "Adding user testuser2 to group \"$groupid1\"" - rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-ca-group-member-add-groupadd-usertest1-020_3.out" - rlAssertGrep "User: testuser2" "$TmpDir/pki-ca-group-member-add-groupadd-usertest1-020_3.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"$groupid1\" > $TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-020_4.out" \ - 0 \ - "Check group-memberfor testuser2" - rlAssertGrep "User: testuser2" "$TmpDir/pki-ca-group-member-add-groupadd-find-usertest1-020_4.out" - - #Trying to approve a certificate request using testuser2 should now succeed - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ - organizationalunit: organization: country: archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$TEMP_NSS_DB cert_db_pwd:$TEMP_NSS_DB_PASSWD \ - certdb_nick:\"testuser2\" cert_info:$cert_info" 0 "Successfully approved a cert by testuser2" - - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-021: Should not be able to add a non existing user to a group" - user="testuser4" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"$groupid5\" $user" - errmsg="UserNotFoundException: User $user not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-022: Add a group and add a user to the group using valid admin user CA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g1description\" g1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g1description\" g1 > $TmpDir/pki-group-member-add-group-add-ca-022.out" \ - 0 \ - "Adding group g1" - rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-group-member-add-group-add-ca-022.out" - rlAssertGrep "Group ID: g1" "$TmpDir/pki-group-member-add-group-add-ca-022.out" - rlAssertGrep "Description: g1description" "$TmpDir/pki-group-member-add-group-add-ca-022.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu15\" u15" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu15\" u15 > $TmpDir/pki-group-member-add-user-add-ca-022.out" \ - 0 \ - "Adding user u15" - rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-group-member-add-user-add-ca-022.out" - rlAssertGrep "User ID: u15" "$TmpDir/pki-group-member-add-user-add-ca-022.out" - rlAssertGrep "Full name: fullNameu15" "$TmpDir/pki-group-member-add-user-add-ca-022.out" - rlLog "Adding the user to a group" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add g1 u15" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add g1 u15 > $TmpDir/pki-group-member-add-groupadd-ca-022.out" \ - 0 \ - "Adding user u15 to group g1" - rlAssertGrep "Added group member \"u15\"" "$TmpDir/pki-group-member-add-groupadd-ca-022.out" - rlAssertGrep "User: u15" "$TmpDir/pki-group-member-add-groupadd-ca-022.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find g1 > $TmpDir/pki-group-member-add-groupadd-find-ca-022.out" \ - 0 \ - "User added to group g1" - rlAssertGrep "User: u15" "$TmpDir/pki-group-member-add-groupadd-find-ca-022.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-023: Add two group and add a user to the two different group using valid admin user CA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g2description\" g2" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g2description\" g2 > $TmpDir/pki-group-member-add-group-add-ca-023.out" \ - 0 \ - "Adding group g2" - rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-group-member-add-group-add-ca-023.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-member-add-group-add-ca-023.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-group-member-add-group-add-ca-023.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g3description\" g3" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g3description\" g3 > $TmpDir/pki-group-member-add-group-add-ca-023_1.out" \ - 0 \ - "Adding group g3" - rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-group-member-add-group-add-ca-023_1.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-member-add-group-add-ca-023_1.out" - rlAssertGrep "Description: g3description" "$TmpDir/pki-group-member-add-group-add-ca-023_1.out" - - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu16\" u16" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu16\" u16 > $TmpDir/pki-group-member-add-user-add-ca-023.out" \ - 0 \ - "Adding user u16" - rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-group-member-add-user-add-ca-023.out" - rlAssertGrep "User ID: u16" "$TmpDir/pki-group-member-add-user-add-ca-023.out" - rlAssertGrep "Full name: fullNameu16" "$TmpDir/pki-group-member-add-user-add-ca-023.out" - rlLog "Adding the user u16 to group g2" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add g2 u16" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add g2 u16 > $TmpDir/pki-group-member-add-groupadd-ca-023.out" \ - 0 \ - "Adding user u16 to group g2" - rlAssertGrep "Added group member \"u16\"" "$TmpDir/pki-group-member-add-groupadd-ca-023.out" - rlAssertGrep "User: u16" "$TmpDir/pki-group-member-add-groupadd-ca-023.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find g2 > $TmpDir/pki-group-member-add-groupadd-find-ca-023.out" \ - 0 \ - "User added to group g2" - rlAssertGrep "User: u16" "$TmpDir/pki-group-member-add-groupadd-find-ca-023.out" - rlLog "Adding the user u16 to group g3" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add g3 u16" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add g3 u16 > $TmpDir/pki-group-member-add-groupadd-ca-023_1.out" \ - 0 \ - "Adding user u16 to group g3" - rlAssertGrep "Added group member \"u16\"" "$TmpDir/pki-group-member-add-groupadd-ca-023_1.out" - rlAssertGrep "User: u16" "$TmpDir/pki-group-member-add-groupadd-ca-023_1.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find g3 > $TmpDir/pki-group-member-add-groupadd-find-ca-023_1.out" \ - 0 \ - "User added to group g3" - rlAssertGrep "User: u16" "$TmpDir/pki-group-member-add-groupadd-find-ca-023_1.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-024: Add a group, add a user to the group and delete the group using valid admin user CA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g4description\" gr4" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g4description\" gr4 > $TmpDir/pki-group-member-add-group-add-ca-024.out" \ - 0 \ - "Adding group gr4" - rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-group-member-add-group-add-ca-024.out" - rlAssertGrep "Group ID: gr4" "$TmpDir/pki-group-member-add-group-add-ca-024.out" - rlAssertGrep "Description: g4description" "$TmpDir/pki-group-member-add-group-add-ca-024.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu17\" u17" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu17\" u17 > $TmpDir/pki-group-member-add-user-add-ca-024.out" \ - 0 \ - "Adding user u17" - rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-group-member-add-user-add-ca-024.out" - rlAssertGrep "User ID: u17" "$TmpDir/pki-group-member-add-user-add-ca-024.out" - rlAssertGrep "Full name: fullNameu17" "$TmpDir/pki-group-member-add-user-add-ca-024.out" - rlLog "Adding the user to a group" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add gr4 u17" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add gr4 u17 > $TmpDir/pki-group-member-add-groupadd-ca-024.out" \ - 0 \ - "Adding user u17 to group gr4" - rlAssertGrep "Added group member \"u17\"" "$TmpDir/pki-group-member-add-groupadd-ca-024.out" - rlAssertGrep "User: u17" "$TmpDir/pki-group-member-add-groupadd-ca-024.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find gr4 > $TmpDir/pki-group-member-add-groupadd-find-ca-024.out" \ - 0 \ - "User added to group gr4" - rlAssertGrep "User: u17" "$TmpDir/pki-group-member-add-groupadd-find-ca-024.out" - #Deleting group gr4 - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del gr4" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del gr4 > $TmpDir/pki-group-member-add-groupdel-ca-024.out" \ - 0 \ - "Deleting group gr4" - rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-group-member-add-groupdel-ca-024.out" - #Checking for user-membership - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-membership-find u17" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-membership-find u17 > $TmpDir/pki-group-member-add-usermembership-ca-024.out" \ - 0 \ - "Checking for user membership of u17" - rlAssertGrep "0 entries matched" "$TmpDir/pki-group-member-add-usermembership-ca-024.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-025: Add a group, add a user to the group and modify the group using valid admin user CA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g5description\" g4" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g5description\" g4 > $TmpDir/pki-group-member-add-group-add-ca-025.out" \ - 0 \ - "Adding group g4" - rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-group-member-add-group-add-ca-025.out" - rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-member-add-group-add-ca-025.out" - rlAssertGrep "Description: g5description" "$TmpDir/pki-group-member-add-group-add-ca-025.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu18\" u18" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu18\" u18 > $TmpDir/pki-group-member-add-user-add-ca-025.out" \ - 0 \ - "Adding user u18" - rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-group-member-add-user-add-ca-025.out" - rlAssertGrep "User ID: u18" "$TmpDir/pki-group-member-add-user-add-ca-025.out" - rlAssertGrep "Full name: fullNameu18" "$TmpDir/pki-group-member-add-user-add-ca-025.out" - rlLog "Adding the user to a group" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add g4 u18" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add g4 u18 > $TmpDir/pki-group-member-add-groupadd-ca-025.out" \ - 0 \ - "Adding user u18 to group g4" - rlAssertGrep "Added group member \"u18\"" "$TmpDir/pki-group-member-add-groupadd-ca-025.out" - rlAssertGrep "User: u18" "$TmpDir/pki-group-member-add-groupadd-ca-025.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find g4 > $TmpDir/pki-group-member-add-groupadd-find-ca-025.out" \ - 0 \ - "User added to group g5" - rlAssertGrep "User: u18" "$TmpDir/pki-group-member-add-groupadd-find-ca-025.out" - #Modifying group g4 - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod g4 --decription=\"Modified group\"" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod g4 --description=\"Modified group\" > $TmpDir/pki-group-member-add-groupmod-ca-025.out" \ - 0 \ - "Modifying group g4" - rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-group-member-add-groupmod-ca-025.out" - rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-member-add-groupmod-ca-025.out" - rlAssertGrep "Description: Modified group" "$TmpDir/pki-group-member-add-groupmod-ca-025.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-CA-026: Add a group, add a user to the group, run user-membership-del on the user and run group-member-find using valid admin user CA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g5description\" g5" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"g6description\" g5 > $TmpDir/pki-group-member-add-group-add-ca-026.out" \ - 0 \ - "Adding group g5" - rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-group-member-add-group-add-ca-026.out" - rlAssertGrep "Group ID: g5" "$TmpDir/pki-group-member-add-group-add-ca-026.out" - rlAssertGrep "Description: g6description" "$TmpDir/pki-group-member-add-group-add-ca-026.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu19\" u19" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu19\" u19 > $TmpDir/pki-group-member-add-user-add-ca-026.out" \ - 0 \ - "Adding user u19" - rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-group-member-add-user-add-ca-026.out" - rlAssertGrep "User ID: u19" "$TmpDir/pki-group-member-add-user-add-ca-026.out" - rlAssertGrep "Full name: fullNameu19" "$TmpDir/pki-group-member-add-user-add-ca-026.out" - rlLog "Adding the user to a group" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add g5 u19" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add g5 u19 > $TmpDir/pki-group-member-add-groupadd-ca-026.out" \ - 0 \ - "Adding user u19 to group g5" - rlAssertGrep "Added group member \"u19\"" "$TmpDir/pki-group-member-add-groupadd-ca-026.out" - rlAssertGrep "User: u19" "$TmpDir/pki-group-member-add-groupadd-ca-026.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find g5 > $TmpDir/pki-group-member-add-groupadd-find-ca-026.out" \ - 0 \ - "User added to group g5" - rlAssertGrep "User: u19" "$TmpDir/pki-group-member-add-groupadd-find-ca-026.out" - #run user-membership-del on u19 - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-membership-del u19 g5 > $TmpDir/pki-group-member-add-user-membership-del-ca-026.out" \ - 0 \ - "user-membership-del on u19" - rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-group-member-add-user-membership-del-ca-026.out" - #find group members - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find g5 > $TmpDir/pki-group-member-add-group-member-find-ca-026.out" \ - 0 \ - "Find member in group g5" - rlAssertGrep "0 entries matched" "$TmpDir/pki-group-member-add-group-member-find-ca-026.out" - rlPhaseEnd - rlPhaseStartTest "pki_group_cli_group_member-add-ca-cleanup-001: Deleting the temp directory and users and groups" - #===Deleting users created using CA_adminV cert===# - i=1 - while [ $i -lt 22 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del u$i > $TmpDir/pki-user-del-ca-group-member-add-user-del-ca-00$i.out" \ - 0 \ - "Deleting user u$i" - rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-group-member-add-user-del-ca-00$i.out" - let i=$i+1 - done - i=1 - while [ $i -lt 6 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del g$i > $TmpDir/pki-user-del-ca-group-member-add-group-del-ca-00$i.out" \ - 0 \ - "Deleting group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-ca-group-member-add-group-del-ca-00$i.out" - let i=$i+1 - done - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del userall > $TmpDir/pki-group-del-ca-group-member-add-user-del-ca-userall-001.out" \ - 0 \ - "Deleting user userall" - rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-ca-group-member-add-user-del-ca-userall-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del user1 > $TmpDir/pki-user-del-ca-group-member-add-user-del-ca-user1-001.out" \ - 0 \ - "Deleting user user1" - rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ca-group-member-add-user-del-ca-user1-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del us19 > $TmpDir/pki-user-del-ca-group-member-add-user-del-ca-u19-001.out" \ - 0 \ - "Deleting user us19" - rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-ca-group-member-add-user-del-ca-u19-001.out" - #===Deleting users created using CA_adminV cert===# - i=1 - while [ $i -lt 3 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del testuser$i > $TmpDir/pki-group-member-add-ca-user-00$i.out" \ - 0 \ - "Deleting user testuser$i" - rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-ca-user-00$i.out" - let i=$i+1 - done - - #===Deleting i18n group created using CA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ - 0 \ - "Deleting group dadministʁasjɔ̃" - rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" - - #Delete temporary directory - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-kra.sh deleted file mode 100755 index 42f5fd8e8..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-kra.sh +++ /dev/null @@ -1,1091 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-cli-group-membership-add-kra CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-member-add-kra Add group member. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh -###################################################################################### -#create_role_users.sh should be first executed prior to pki-group-cli-group-member-add-kra.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## -run_pki-group-cli-group-member-add-kra_tests(){ - #Local variables - groupid1="Data Recovery Manager Agents" - groupid2="Subsystem Group" - groupid3="Trusted Managers" - groupid4="Administrators" - groupid5="Auditors" - groupid6="ClonedSubsystems" - groupid7="Security Domain Administrators" - groupid8="Enterprise KRA Administrators" - - rlPhaseStartSetup "pki_group_cli_group_membership-add-kra-001: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 -CA_HOST=$5 -KRA_HOST=$(eval echo \$${MYROLE}) -KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) -eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" -ROOTCA_agent_user=${caId}_agentV - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-001: Add users to available groups using valid admin user KRA_adminV" - i=1 - while [ $i -lt 9 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu$i\" u$i " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-add-group-add-00$i.out" \ - 0 \ - "Adding user u$i" - rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" - rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" - rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" - rlLog "Showing the user" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-show u$i > $TmpDir/pki-kra-group-member-add-group-show-00$i.out" \ - 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"u$i\"" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" - rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" - rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" - rlLog "Adding the user to a group" - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" u$i" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-add-groupadd-00$i.out" \ - 0 \ - "Adding user u$i to group \"$gid\"" - rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-add-groupadd-00$i.out" - rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-add-groupadd-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-add-groupadd-find-00$i.out" \ - 0 \ - "User added to group \"$gid\"" - rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-add-groupadd-find-00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-002: Add a user to all available groups using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-add-user-add-userall-001.out" \ - 0 \ - "Adding user userall" - rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" - rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" - rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" - rlLog "Showing the user" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-show userall > $TmpDir/pki-kra-group-member-add-user-show-userall-001.out" \ - 0 \ - "Show pki CA_adminV user" - rlAssertGrep "User \"userall\"" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" - rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" - rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" - rlLog "Adding the user to all the groups" - i=1 - while [ $i -lt 9 ] ; do - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" userall" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" \ - 0 \ - "Adding user userall to group \"$gid\"" - rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" - rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-add-groupadd-find-userall-00$i.out" \ - 0 \ - "User added to group \"$gid\"" - rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-add-groupadd-find-userall-00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-003: Add a user to same group multiple times" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-kra-group-member-add-user-add-user1-001.out" \ - 0 \ - "Adding user user1" - rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" - rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" - rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" - rlLog "Showing the user" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-show user1 > $TmpDir/pki-kra-group-member-add-user-show-user1-001.out" \ - 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"user1\"" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" - rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" - rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" - rlLog "Adding the user to the same groups twice" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"Administrators\" user1 > $TmpDir/pki-kra-group-member-add-groupadd-user1-001.out" \ - 0 \ - "Adding user user1 to group \"Administrators\"" - rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-kra-group-member-add-groupadd-user1-001.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" user1" - errmsg="ConflictingOperationException: Attribute or value exists." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-004: should not be able to add user to a non existing group" - dummy_group="nonexisting_bogus_group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-kra-group-member-add-user-add-user1-008.out" \ - 0 \ - "Adding user testuser1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$dummy_group\" testuser1" - errmsg="GroupNotFoundException: Group $dummy_group not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-005: Should be able to group-member-add groupid with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=u14 u14" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName='u14' u14" \ - 0 \ - "Adding uid u14" - rlLog "Create a group dadministʁasjɔ̃ with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-add-groupadd-010_1.out" \ - 0 \ - "Adding group dadministʁasjɔ̃ with i18n characters" - rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" - rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" - rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" - rlLog "Adding the user to the dadministʁasjɔ̃ group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-kra-group-member-add-groupadd-010_2.out" \ - 0 \ - "Adding user u14 to group \"dadministʁasjɔ̃\"" - rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-kra-group-member-add-groupadd-010_2.out" - rlAssertGrep "User: u14" "$TmpDir/pki-kra-group-member-add-groupadd-010_2.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-kra-group-member-add-groupadd-find-010_3.out" \ - 0 \ - "Check user u14 added to group dadministʁasjɔ̃" - rlAssertGrep "User: u14" "$TmpDir/pki-kra-group-member-add-groupadd-find-010_3.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-006: Should not be able to group-member-add using a revoked cert KRA_adminR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$groupid7\" testuser1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using a revoked cert KRA_adminR" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-007: Should not be able to group-member-add using an agent with revoked cert KRA_agentR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$groupid7\" testuser1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using an agent with revoked cert KRA_agentR" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-008: Should not be able to group-member-add using admin user with expired cert KRA_adminE" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using admin user with expired cert KRA_adminE" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-009: Should not be able to group-member-add using KRA_agentE cert" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_agentE cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-010: Should not be able to group-member-add using KRA_auditV cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_auditV cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-011: Should not be able to group-member-add using KRA_operatorV cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_operatorV cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-012: Should not be able to group-member-add using KRA_adminUTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_adminUTCA cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-013: Should not be able to group-member-add using KRA_agentUTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_agentUTCA cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - #Usability tests - rlPhaseStartTest "pki_group_cli_group_member-add-kra-014: User associated with Administrators group only can create a new user" - i=2 - while [ $i -lt 9 ] ; do - eval gid=\$groupid$i - if [ "$gid" = "Administrators" ] ; then - rlLog "Not adding testuser1 to $gid group" - else - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" testuser1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" \ - 0 \ - "Adding user testuser1 to group \"$gid\"" - rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" - rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" - fi - let i=$i+1 - done - - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" - rlRun "pki -d $CERTDB_DIR/ \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-cert-add testuser1 --input $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ - 0 \ - "Cert is added to the user testuser1" - command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT -t kra user-add --fullName=test_user u39" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "user-add operation should fail when authenticating using a user cert" - - rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - - #Add testuser1 to Administrators group - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ - 0 \ - "Adding user testuser1 to group \"$groupid4\"" - rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out" - rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find $groupid4 > $TmpDir/pki-kra-group-member-add-groupadd-find-usertest1-019_3.out" \ - 0 \ - "Check group-member for user testuser1" - rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-find-usertest1-019_3.out" - - #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group - rlRun "pki -d $TEMP_NSS_DB \ - -n testuser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=test_user us19 > $TmpDir/pki-kra-user-add-019_4.out 2>&1" \ - 0 \ - "Added new user using Admin user testuser1" - rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-kra-user-add-019_4.out" - rlAssertGrep "User ID: us19" "$TmpDir/pki-kra-user-add-019_4.out" - rlAssertGrep "Full name: test_user" "$TmpDir/pki-kra-user-add-019_4.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-015: Should not be able to group-member-add using KRA_agentV cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_agentV cert" - rlPhaseEnd - - #Usability test - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-016: Should not be able to add a non existing user to a group" - user="tuser3" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$groupid5\" $user" - errmsg="UserNotFoundException: User $user not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-017: Add a group and add a user to the group using valid admin user KRA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g1description\" g1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g1description\" g1 > $TmpDir/pki-kra-group-member-add-group-add-022.out" \ - 0 \ - "Adding group g1" - rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-kra-group-member-add-group-add-022.out" - rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-member-add-group-add-022.out" - rlAssertGrep "Description: g1description" "$TmpDir/pki-kra-group-member-add-group-add-022.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu9\" u9" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-kra-group-member-add-user-add-022.out" \ - 0 \ - "Adding user u9" - rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-kra-group-member-add-user-add-022.out" - rlAssertGrep "User ID: u9" "$TmpDir/pki-kra-group-member-add-user-add-022.out" - rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-kra-group-member-add-user-add-022.out" - rlLog "Adding the user to a group" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add g1 u9" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add g1 u9 > $TmpDir/pki-kra-group-member-add-groupadd-022.out" \ - 0 \ - "Adding user u9 to group g1" - rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-kra-group-member-add-groupadd-022.out" - rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-add-groupadd-022.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find g1 > $TmpDir/pki-kra-group-member-add-groupadd-find-022.out" \ - 0 \ - "User added to group g1" - rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-add-groupadd-find-022.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-018: Add two group and add a user to the two different group using valid admin user KRA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g2description\" g2" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g2description\" g2 > $TmpDir/pki-kra-group-member-add-group-add-023.out" \ - 0 \ - "Adding group g2" - rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-kra-group-member-add-group-add-023.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-member-add-group-add-023.out" - rlAssertGrep "Description: g2description" "$TmpDir/pki-kra-group-member-add-group-add-023.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g3description\" g3" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g3description\" g3 > $TmpDir/pki-kra-group-member-add-group-add-023_1.out" \ - 0 \ - "Adding group g3" - rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" - rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" - - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu10\" u10" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-kra-group-member-add-user-add-023.out" \ - 0 \ - "Adding user u10" - rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-kra-group-member-add-user-add-023.out" - rlAssertGrep "User ID: u10" "$TmpDir/pki-kra-group-member-add-user-add-023.out" - rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-kra-group-member-add-user-add-023.out" - rlLog "Adding the user u10 to group g2" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add g2 u10" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add g2 u10 > $TmpDir/pki-kra-group-member-add-groupadd-023.out" \ - 0 \ - "Adding user u10 to group g2" - rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-add-groupadd-023.out" - rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-023.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find g2 > $TmpDir/pki-kra-group-member-add-groupadd-find-023.out" \ - 0 \ - "User added to group g2" - rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-find-023.out" - rlLog "Adding the user u10 to group g3" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add g3 u10" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add g3 u10 > $TmpDir/pki-kra-group-member-add-groupadd-023_1.out" \ - 0 \ - "Adding user u10 to group g3" - rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-add-groupadd-023_1.out" - rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-023_1.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find g3 > $TmpDir/pki-kra-group-member-add-groupadd-find-023_1.out" \ - 0 \ - "User added to group g3" - rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-find-023_1.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-019: Add a group, add a user to the group and delete the group using valid admin user KRA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g4description\" gr4" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g4description\" gr4 > $TmpDir/pki-kra-group-member-add-group-add-024.out" \ - 0 \ - "Adding group gr4" - rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-kra-group-member-add-group-add-024.out" - rlAssertGrep "Group ID: gr4" "$TmpDir/pki-kra-group-member-add-group-add-024.out" - rlAssertGrep "Description: g4description" "$TmpDir/pki-kra-group-member-add-group-add-024.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - -user-add --fullName=\"fullNameu11\" u11" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-kra-group-member-add-user-add-024.out" \ - 0 \ - "Adding user u11" - rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-kra-group-member-add-user-add-024.out" - rlAssertGrep "User ID: u11" "$TmpDir/pki-kra-group-member-add-user-add-024.out" - rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-kra-group-member-add-user-add-024.out" - rlLog "Adding the user to a group" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add gr4 u11" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add gr4 u11 > $TmpDir/pki-kra-group-member-add-groupadd-024.out" \ - 0 \ - "Adding user u11 to group gr4" - rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-kra-group-member-add-groupadd-024.out" - rlAssertGrep "User: u11" "$TmpDir/pki-kra-group-member-add-groupadd-024.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find gr4 > $TmpDir/pki-kra-group-member-add-groupadd-find-024.out" \ - 0 \ - "User added to group gr4" - rlAssertGrep "User: u11" "$TmpDir/pki-kra-group-member-add-groupadd-find-024.out" - #Deleting group gr4 - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del gr4" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del gr4 > $TmpDir/pki-kra-group-member-add-groupdel-024.out" \ - 0 \ - "Deleting group gr4" - rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-kra-group-member-add-groupdel-024.out" - #Checking for user-membership - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-membership-find u11" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-membership-find u11 > $TmpDir/pki-kra-group-member-add-usermembership-024.out" \ - 0 \ - "Checking for user membership of u11" - rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-add-usermembership-024.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-020: Add a group, add a user to the group and modify the group using valid admin user KRA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g5description\" g4" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g5description\" g4 > $TmpDir/pki-kra-group-member-add-group-add-025.out" \ - 0 \ - "Adding group g4" - rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-kra-group-member-add-group-add-025.out" - rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-member-add-group-add-025.out" - rlAssertGrep "Description: g5description" "$TmpDir/pki-kra-group-member-add-group-add-025.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu12\" u12" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-kra-group-member-add-user-add-025.out" \ - 0 \ - "Adding user u12" - rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-kra-group-member-add-user-add-025.out" - rlAssertGrep "User ID: u12" "$TmpDir/pki-kra-group-member-add-user-add-025.out" - rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-kra-group-member-add-user-add-025.out" - rlLog "Adding the user to a group" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add g4 u12" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add g4 u12 > $TmpDir/pki-kra-group-member-add-groupadd-025.out" \ - 0 \ - "Adding user u12 to group g4" - rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-kra-group-member-add-groupadd-025.out" - rlAssertGrep "User: u12" "$TmpDir/pki-kra-group-member-add-groupadd-025.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find g4 > $TmpDir/pki-kra-group-member-add-groupadd-find-025.out" \ - 0 \ - "User added to group g5" - rlAssertGrep "User: u12" "$TmpDir/pki-kra-group-member-add-groupadd-find-025.out" - #Modifying group g4 - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod g4 --decription=\"Modified group\"" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod g4 --description=\"Modified group\" > $TmpDir/pki-kra-group-member-add-groupmod-025.out" \ - 0 \ - "Modifying group g4" - rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" - rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" - rlAssertGrep "Description: Modified group" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-add-kra-021: Add a group, add a user to the group, run user-membership-del on the user and run group-member-find using valid admin user KRA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g5description\" g5" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"g6description\" g5 > $TmpDir/pki-kra-group-member-add-group-add-026.out" \ - 0 \ - "Adding group g5" - rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-kra-group-member-add-group-add-026.out" - rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-member-add-group-add-026.out" - rlAssertGrep "Description: g6description" "$TmpDir/pki-kra-group-member-add-group-add-026.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu13\" u13" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-kra-group-member-add-user-add-026.out" \ - 0 \ - "Adding user u13" - rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-kra-group-member-add-user-add-026.out" - rlAssertGrep "User ID: u13" "$TmpDir/pki-kra-group-member-add-user-add-026.out" - rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-kra-group-member-add-user-add-026.out" - rlLog "Adding the user to a group" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add g5 u13" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add g5 u13 > $TmpDir/pki-kra-group-member-add-groupadd-026.out 2>&1" \ - 0 \ - "Adding user u13 to group g5" - rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-kra-group-member-add-groupadd-026.out" - rlAssertGrep "User: u13" "$TmpDir/pki-kra-group-member-add-groupadd-026.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find g5 > $TmpDir/pki-kra-group-member-add-groupadd-find-026.out" \ - 0 \ - "User added to group g5" - rlAssertGrep "User: u13" "$TmpDir/pki-kra-group-member-add-groupadd-find-026.out" - #run user-membership-del on u13 - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-membership-del u13 g5 > $TmpDir/pki-kra-group-member-add-user-membership-del-026.out" \ - 0 \ - "user-membership-del on u13" - rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-kra-group-member-add-user-membership-del-026.out" - #find group members - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find g5 > $TmpDir/pki-kra-group-member-add-group-member-find-026.out" \ - 0 \ - "Find member in group g5" - rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-add-group-member-find-026.out" - rlPhaseEnd - rlPhaseStartTest "pki_group_cli_group_member-add-cleanup-kra-001: Deleting the temp directory and users and groups" - #===Deleting users created using KRA_adminV cert===# - i=1 - while [ $i -lt 15 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del u$i > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-00$i.out" \ - 0 \ - "Deleting user u$i" - rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-00$i.out" - let i=$i+1 - done - i=1 - while [ $i -lt 6 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g$i > $TmpDir/pki-user-del-kra-group-member-add-group-del-kra-00$i.out" \ - 0 \ - "Deleting group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-kra-group-member-add-group-del-kra-00$i.out" - let i=$i+1 - done - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del userall > $TmpDir/pki-group-del-kra-group-member-add-user-del-kra-userall-001.out" \ - 0 \ - "Deleting user userall" - rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-kra-group-member-add-user-del-kra-userall-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del user1 > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-user1-001.out" \ - 0 \ - "Deleting user user1" - rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-user1-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del us19 > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-u13-001.out" \ - 0 \ - "Deleting user us19" - rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-u13-001.out" - #===Deleting users created using KRA_adminV cert===# - i=1 - while [ $i -lt 2 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del testuser$i > $TmpDir/pki-group-member-add-kra-user-00$i.out" \ - 0 \ - "Deleting user testuser$i" - rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-kra-user-00$i.out" - let i=$i+1 - done - - #===Deleting i18n group created using KRA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ - 0 \ - "Deleting group dadministʁasjɔ̃" - rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" - - Delete temporary directory - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh deleted file mode 100755 index b8dcb84d1..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh +++ /dev/null @@ -1,796 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-member-del CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh -###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-member-add-ca.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## -run_pki-group-cli-group-member-del-ca_tests(){ - #Available groups ca-group-find - groupid1="Certificate Manager Agents" - groupid2="Registration Manager Agents" - groupid3="Subsystem Group" - groupid4="Trusted Managers" - groupid5="Administrators" - groupid6="Auditors" - groupid7="ClonedSubsystems" - groupid8="Security Domain Administrators" - groupid9="Enterprise CA Administrators" - groupid10="Enterprise KRA Administrators" - groupid11="Enterprise OCSP Administrators" - groupid12="Enterprise TKS Administrators" - groupid13="Enterprise RA Administrators" - groupid14="Enterprise TPS Administrators" - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-001: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - else - prefix=ROOTCA - fi -else - prefix=$MYROLE -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-002: pki group-member-del --help configuration test" - rlRun "pki group-member-del --help > $TmpDir/pki_group_member_del_cfg.out 2>&1" \ - 0 \ - "pki group-member-del --help" - rlAssertGrep "usage: group-member-del \[OPTIONS...\]" "$TmpDir/pki_group_member_del_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_del_cfg.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-003: pki group-member-del configuration test" - rlRun "pki group-member-del > $TmpDir/pki_group_member_del_2_cfg.out 2>&1" \ - 255 \ - "pki group-member-del" - rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_group_member_del_2_cfg.out" - rlAssertGrep "usage: group-member-del \[OPTIONS...\]" "$TmpDir/pki_group_member_del_2_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_del_2_cfg.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-004: Delete group-member when user is added to different groups" - i=1 - while [ $i -lt 15 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu$i\" u$i " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-group-member-del-user-add-ca-00$i.out" \ - 0 \ - "Adding user u$i" - rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-group-member-del-user-add-ca-00$i.out" - rlAssertGrep "User ID: u$i" "$TmpDir/pki-group-member-del-user-add-ca-00$i.out" - rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-group-member-del-user-add-ca-00$i.out" - rlLog "Adding the user to a group" - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" u$i" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" u$i > $TmpDir/pki-group-member-del-groupadd-ca-00$i.out" \ - 0 \ - "Adding user u$i to group \"$gid\"" - rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-group-member-del-groupadd-ca-00$i.out" - rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-del-groupadd-ca-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"$gid\" > $TmpDir/pki-group-member-del-groupadd-find-ca-00$i.out" \ - 0 \ - "Check user is in group \"$gid\"" - rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-del-groupadd-find-ca-00$i.out" - rlLog "Delete the user from the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-del \"$gid\" u$i > $TmpDir/pki-group-member-del-groupdel-del-ca-00$i.out" \ - 0 \ - "User deleted from group \"$gid\"" - rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-group-member-del-groupdel-del-ca-00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-005: Delete group-member from all the groups that user is associated with" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-group-member-del-user-add-ca-userall-001.out" \ - 0 \ - "Adding user userall" - rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-group-member-del-user-add-ca-userall-001.out" - rlAssertGrep "User ID: userall" "$TmpDir/pki-group-member-del-user-add-ca-userall-001.out" - rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-group-member-del-user-add-ca-userall-001.out" - rlLog "Adding the user to all the groups" - i=1 - while [ $i -lt 15 ] ; do - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" userall" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" userall > $TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" \ - 0 \ - "Adding user userall to group \"$gid\"" - rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" - rlAssertGrep "User: userall" "$TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"$gid\" > $TmpDir/pki-group-member-del-groupadd-find-ca-userall-00$i.out" \ - 0 \ - "Check group members with group \"$gid\"" - rlAssertGrep "User: userall" "$TmpDir/pki-group-member-del-groupadd-find-ca-userall-00$i.out" - let i=$i+1 - done - rlLog "Delete user from all the groups" - i=1 - while [ $i -lt 15 ] ; do - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-del \"$gid\" userall" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-del \"$gid\" userall > $TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" \ - 0 \ - "Delete userall from group \"$gid\"" - rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-group-member-del-groupadd-ca-userall-00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-006: Missing required option while deleting a user from a group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-group-member-del-user-add-ca-user1-001.out" \ - 0 \ - "Adding user user1" - rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" - rlAssertGrep "User ID: user1" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" - rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"Administrators\" user1 > $TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" \ - 0 \ - "Adding user user1 to group \"Administrators\"" - rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del user1" - errmsg="Error: Incorrect number of arguments specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying group ID" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-007: Missing required option while deleting a user from a group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-group-member-del-user-add-ca-user1-001.out" \ - 0 \ - "Adding user user2" - rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" - rlAssertGrep "User ID: user2" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" - rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-group-member-del-user-add-ca-user1-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"Administrators\" user2 > $TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" \ - 0 \ - "Adding user user2 to group \"Administrators\"" - rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-group-member-del-groupadd-ca-user1-001.out" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del Administrators" - errmsg="Error: Incorrect number of arguments specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying member ID" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-008: Should not be able to group-member-del using a revoked cert CA_adminR" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert CA_adminR" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-009: Should not be able to group-member-del using an agent with revoked cert CA_agentR" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member using a revoked cert CA_agentR" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-010: Should not be able to group-member-del using a valid agent CA_agentV user" - command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert CA_agentV" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-011: Should not be able to group-member-del using admin user with expired cert CA_adminE" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using admin user with expired cert CA_adminE" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-012: Should not be able to group-member-del using CA_agentE cert" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_agentE cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-013: Should not be able to group-member-del using CA_auditV cert" - command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_auditV cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-014: Should not be able to group-member-del using CA_operatorV cert" - command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_operatorV cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-015: Should not be able to group-member-del using role_user_UTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del 'Administrators' user2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_adminUTCA cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-016: Should not be able to group-member-del using role_user_UTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT user-membership-del \"Administrators\" user2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_agentUTCA cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-017: Delete group-member - group id with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName='u16' u16" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName='u16' u16" \ - 0 \ - "Adding uid u16" - rlLog "Create a group dadministʁasjɔ̃ with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-group-member-del-groupadd-ca-017_1.out" \ - 0 \ - "Adding group dadministʁasjɔ̃ with i18n characters" - rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-member-del-groupadd-ca-017_1.out" - rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-group-member-del-groupadd-ca-017_1.out" - rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-group-member-del-groupadd-ca-017_1.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"dadministʁasjɔ̃\" u16" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"dadministʁasjɔ̃\" u16 > $TmpDir/pki-group-member-del-groupadd-ca-017_2.out" \ - 0 \ - "Adding user u16 to group \"dadministʁasjɔ̃\"" - rlAssertGrep "Added group member \"u16\"" "$TmpDir/pki-group-member-del-groupadd-ca-017_2.out" - rlAssertGrep "User: u16" "$TmpDir/pki-group-member-del-groupadd-ca-017_2.out" - rlLog "Delete group member from the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-del 'dadministʁasjɔ̃' u16 > $TmpDir/pki-group-member-del-ca-017_3.out" \ - 0 \ - "Delete group member from group \"dadministʁasjɔ̃\"" - rlAssertGrep "Deleted group member \"u16\"" "$TmpDir/pki-group-member-del-ca-017_3.out" - rlLog "Check if the user is removed from the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-group-member-del-groupadd-find-ca-017_4.out" \ - 0 \ - "Find group members of group \"dadministʁasjɔ̃\"" - rlAssertGrep "0 entries matched" "$TmpDir/pki-group-member-del-groupadd-find-ca-017_4.out" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-018: Delete group member when uid is not associated with a group" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameuser123\" user123 " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-group-member-del-user-del-ca-019.out" \ - 0 \ - "Adding user user123" - rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-group-member-del-user-del-ca-019.out" - rlAssertGrep "User ID: user123" "$TmpDir/pki-group-member-del-user-del-ca-019.out" - rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-group-member-del-user-del-ca-019.out" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del \"Administrators\" user123" - errmsg="ResourceNotFoundException: No such attribute." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete group-member when uid is not associated with a group" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-019: Deleting a user that has membership with groups removes the user from the groups" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu20\" u20 " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-group-member-del-user-del-ca-020.out" \ - 0 \ - "Adding user u20" - rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-group-member-del-user-del-ca-020.out" - rlAssertGrep "User ID: u20" "$TmpDir/pki-group-member-del-user-del-ca-020.out" - rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-group-member-del-user-del-ca-020.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"Administrators\" u20 > $TmpDir/pki-group-member-add-groupadd-ca-20_2.out" \ - 0 \ - "Adding user u20 to group \"Administrators\"" - rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-group-member-add-groupadd-ca-20_2.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"Certificate Manager Agents\" u20 > $TmpDir/pki-group-member-add-groupadd-ca-20_3.out" \ - 0 \ - "Adding user u20 to group \"Certificate Manager Agents\"" - rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-group-member-add-groupadd-ca-20_3.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find Administrators > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_4.out" \ - 0 \ - "List members of Administrators group" - rlAssertGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_4.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"Certificate Manager Agents\" > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_5.out" \ - 0 \ - "List members of Certificate Manager Agents group" - rlAssertGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_5.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del u20 > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_6.out" \ - 0 \ - "Delete user u20" - rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_6.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find Administrators > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_7.out" \ - 0 \ - "List members of Administrators group" - rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_7.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"Certificate Manager Agents\" > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_8.out" \ - 0 \ - "List members of Certificate Manager Agents group" - rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-20_8.out" - rlPhaseEnd - - #Usability tests - rlPhaseStartTest "pki_group_cli_group_member-del-CA-020: User deleted from Administrators group can't create a new user" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-group-member-del-user-add-ca-0021.out" \ - 0 \ - "Adding user testuser1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"Administrators\" testuser1 > $TmpDir/pki-group-member-add-groupadd-ca-21_2.out" \ - 0 \ - "Adding user testuser1 to group \"Administrators\"" - rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-group-member-add-groupadd-ca-21_2.out" - - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_ca_group_member_del_encoded_0021pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $TmpDir/pki_ca_group_member_del_encoded_0021pkcs10.out -t "u,u,u"" - - #Add certificate to the user - rlRun "pki -d $CERTDB_DIR/ \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-cert-add testuser1 --input $TmpDir/pki_ca_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ - 0 \ - "Cert is added to the user testuser1" - - #Add a new user using testuser1 - rlLog "pki -d $TEMP_NSS_DB/ \ - -n testuser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName='test_user' u15" - rlRun "pki -d $TEMP_NSS_DB/ \ - -n testuser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName='test_user' u15 > $TmpDir/pki-user-add-ca-021_4.out" - rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-user-add-ca-021_4.out" - rlAssertGrep "User ID: u15" "$TmpDir/pki-user-add-ca-021_4.out" - rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ca-021_4.out" - - #Delete testuser1 from the Administrators group - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-del \"Administrators\" testuser1 > $TmpDir/pki-ca-group-member-del-groupdel-del-021_5.out" \ - 0 \ - "User deleted from group \"Administrators\"" - rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-ca-group-member-del-groupdel-del-021_5.out" - - #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group - command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT user-add --fullName=test_user u212" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" - - rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - #Usability tests - rlPhaseStartTest "pki_group_cli_group_member-del-CA-021: User deleted from the Certificate Manager Agents group can not approve certificate requests" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"Certificate Manager Agents\" testuser1 > $TmpDir/pki-group-member-add-groupadd-ca-22.out" \ - 0 \ - "Adding user testuser1 to group \"Certificate Manager Agents\"" - rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-group-member-add-groupadd-ca-22.out" - - #Trying to approve a certificate request using testuser1 should succeed - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ - organizationalunit: organization: country: archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$TEMP_NSS_DB cert_db_pwd:$TEMP_NSS_DB_PASSWD \ - certdb_nick:\"testuser1\" cert_info:$cert_info" 0 "Successfully approved a cert by testuser1" - - #Delete testuser1 from Certificate Manager Agents group - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-del \"Certificate Manager Agents\" testuser1 > $TmpDir/pki-ca-group-member-del-groupdel-del-022_3.out" \ - 0 \ - "User deleted from group \"Certificate Manager Agents\"" - rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-ca-group-member-del-groupdel-del-022_3.out" - - #Trying to approve a certificate request using testuser1 should fail - - rlRun "run_req_action_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ - organizationalunit: organization: country: archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$TEMP_NSS_DB cert_db_pwd:$TEMP_NSS_DB_PASSWD \ - certdb_nick:\"testuser1\" cert_info:$cert_info" 0 "Cert approval by testuser1 should fail" - - rlAssertGrep "Authorization Error" "$cert_info" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-CA-022: Delete group and check for user membership" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName='Test User2' testuser2" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName='Test User2' testuser2" \ - 0 \ - "Adding uid testuser2 " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-group-member-del-groupadd-ca-022_1.out" \ - 0 \ - "Adding group group1" - rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-group-member-del-groupadd-ca-022_1.out" - rlAssertGrep "Group ID: group1" "$TmpDir/pki-group-member-del-groupadd-ca-022_1.out" - rlAssertGrep "Description: New Group" "$TmpDir/pki-group-member-del-groupadd-ca-022_1.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"group1\" testuser2" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"group1\" testuser2 > $TmpDir/pki-group-member-del-groupadd-ca-022_2.out" \ - 0 \ - "Adding user testuser2 to group \"group1\"" - rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-group-member-del-groupadd-ca-022_2.out" - rlAssertGrep "User: testuser2" "$TmpDir/pki-group-member-del-groupadd-ca-022_2.out" - rlLog "Delete group member from the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'group1' > $TmpDir/pki-group-member-del-ca-022_3.out" \ - 0 \ - "Delete group \"group1\"" - rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-group-member-del-ca-022_3.out" - rlLog "Check if the user is removed from the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-membership-find testuser2 > $TmpDir/pki-group-member-del-groupadd-find-ca-022_4.out" \ - 0 \ - "Find user-membership of testuser2" - rlAssertNotGrep "Group: group1" "$TmpDir/pki-group-member-del-groupadd-find-ca-022_4.out" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_member-del-ca-cleanup-001: Deleting the temp directory and users" - - #===Deleting users created using CA_adminV cert===# - i=1 - while [ $i -lt 17 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del u$i > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-00$i.out" \ - 0 \ - "Deleted user u$i" - rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-00$i.out" - let i=$i+1 - done - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del userall > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" \ - 0 \ - "Deleted user userall" - rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del user1 > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" \ - 0 \ - "Deleted user user1" - rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del user2 > $TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" \ - 0 \ - "Deleted user user2" - rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-ca-group-member-del-user-del-ca-userall-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del user123 > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-user123.out" \ - 0 \ - "Deleted user user123" - rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-user123.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del testuser1 > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-testuser1.out" \ - 0 \ - "Deleted user testuser1" - rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-testuser1.out" - - #===Deleting i18n group created using CA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ca-group-i18n_1.out" \ - 0 \ - "Deleting group dadministʁasjɔ̃" - rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ca-group-i18n_1.out" - - #Delete temporary directory - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-kra.sh deleted file mode 100755 index 35e28a58d..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-kra.sh +++ /dev/null @@ -1,770 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-member-del CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh -###################################################################################### -#create_role_users.sh should be first executed prior to pki-group-cli-group-member-del-kra.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## -run_pki-group-cli-group-member-del-kra_tests(){ - #Available groups group-member-del - groupid1="Data Recovery Manager Agents" - groupid2="Subsystem Group" - groupid3="Trusted Managers" - groupid4="Administrators" - groupid5="Auditors" - groupid6="ClonedSubsystems" - groupid7="Security Domain Administrators" - groupid8="Enterprise KRA Administrators" - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-001: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 -CA_HOST=$5 -KRA_HOST=$(eval echo \$${MYROLE}) -KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) -eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" -ROOTCA_agent_user=${caId}_agentV - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-002: Delete group-member when user is added to different groups" - i=1 - while [ $i -lt 9 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu$i\" u$i " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-del-user-add-00$i.out" \ - 0 \ - "Adding user u$i" - rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" - rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" - rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" - rlLog "Adding the user to a group" - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" u$i" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-del-groupadd-00$i.out" \ - 0 \ - "Adding user u$i to group \"$gid\"" - rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-del-groupadd-00$i.out" - rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-del-groupadd-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-del-groupadd-find-00$i.out" \ - 0 \ - "Check user is in group \"$gid\"" - rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-del-groupadd-find-00$i.out" - rlLog "Delete the user from the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-del \"$gid\" u$i > $TmpDir/pki-kra-group-member-del-groupdel-del-00$i.out" \ - 0 \ - "User deleted from group \"$gid\"" - rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-kra-group-member-del-groupdel-del-00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-003: Delete group-member from all the groups that user is associated with" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - kra-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-del-user-add-userall-001.out" \ - 0 \ - "Adding user userall" - rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" - rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" - rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" - rlLog "Adding the user to all the groups" - i=1 - while [ $i -lt 9 ] ; do - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" userall" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" \ - 0 \ - "Adding user userall to group \"$gid\"" - rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" - rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-del-groupadd-find-userall-00$i.out" \ - 0 \ - "Check group members with group \"$gid\"" - rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-del-groupadd-find-userall-00$i.out" - let i=$i+1 - done - rlLog "Delete user from all the groups" - i=1 - while [ $i -lt 9 ] ; do - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-del \"$gid\" userall" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-del \"$gid\" userall > $TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" \ - 0 \ - "Delete userall from group \"$gid\"" - rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-004: Missing required option while deleting a user from a group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-kra-group-member-del-user-add-user1-001.out" \ - 0 \ - "Adding user user1" - rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" - rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" - rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"Administrators\" user1 > $TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" \ - 0 \ - "Adding user user1 to group \"Administrators\"" - rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del user1" - errmsg="Error: Incorrect number of arguments specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying group ID" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-005: Missing required option while deleting a user from a group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-kra-group-member-del-user-add-user1-001.out" \ - 0 \ - "Adding user user2" - rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" - rlAssertGrep "User ID: user2" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" - rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"Administrators\" user2 > $TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" \ - 0 \ - "Adding user user2 to group \"Administrators\"" - rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del Administrators" - errmsg="Error: Incorrect number of arguments specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying member ID" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-006: Should not be able to group-member-del using a revoked cert KRA_adminR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert KRA_adminR" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-007: Should not be able to group-member-del using an agent with revoked cert KRA_agentR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member using a revoked cert KRA_agentR" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-008: Should not be able to group-member-del using a valid agent KRA_agentV user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert KRA_agentV" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-009: Should not be able to group-member-del using admin user with expired cert KRA_adminE" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using admin user with expired cert KRA_adminE" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-010: Should not be able to group-member-del using KRA_agentE cert" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_agentE cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-011: Should not be able to group-member-del using KRA_auditV cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_auditV cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-012: Should not be able to group-member-del using KRA_operatorV cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_operatorV cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-013: Should not be able to group-member-del using role_user_UTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del 'Administrators' user2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_adminUTCA cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-014: Should not be able to group-member-del using role_user_UTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using role_user_UTCA cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-015: Delete group-member for user id with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName='u10' u10" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName='u10' 'u10'" \ - 0 \ - "Adding uid u10" - rlLog "Create a group dadministʁasjɔ̃ with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-del-groupadd-017_1.out" \ - 0 \ - "Adding group dadministʁasjɔ̃ with i18n characters" - rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" - rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" - rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"dadministʁasjɔ̃\" 'u10'" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-kra-group-member-del-groupadd-017_2.out" \ - 0 \ - "Adding user u10 to group \"dadministʁasjɔ̃\"" - rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-del-groupadd-017_2.out" - rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-del-groupadd-017_2.out" - rlLog "Delete group member from the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-kra-group-member-del-017_3.out" \ - 0 \ - "Delete group member from group \"dadministʁasjɔ̃\"" - rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-kra-group-member-del-017_3.out" - rlLog "Check if the user is removed from the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-kra-group-member-del-groupadd-find-017_4.out" \ - 0 \ - "Find group members of group \"dadministʁasjɔ̃\"" - rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-del-groupadd-find-017_4.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-016: Delete group member when uid is not associated with a group" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameuser123\" user123 " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-kra-group-member-del-user-del-019.out" \ - 0 \ - "Adding user user123" - rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-kra-group-member-del-user-del-019.out" - rlAssertGrep "User ID: user123" "$TmpDir/pki-kra-group-member-del-user-del-019.out" - rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-kra-group-member-del-user-del-019.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user123" - errmsg="ResourceNotFoundException: No such attribute." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete group-member when uid is not associated with a group" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-017: Deleting a user that has membership with groups removes the user from the groups" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu20\" u20 " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-kra-group-member-del-user-del-020.out" \ - 0 \ - "Adding user u20" - rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-kra-group-member-del-user-del-020.out" - rlAssertGrep "User ID: u20" "$TmpDir/pki-kra-group-member-del-user-del-020.out" - rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-kra-group-member-del-user-del-020.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"Administrators\" u20 > $TmpDir/pki-kra-group-member-add-groupadd-20_2.out" \ - 0 \ - "Adding user u20 to group \"Administrators\"" - rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-kra-group-member-add-groupadd-20_2.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find Administrators > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_4.out" \ - 0 \ - "List members of Administrators group" - rlAssertGrep "User: u20" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_4.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del u20 > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_6.out" \ - 0 \ - "Delete user u20" - rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_6.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find Administrators > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_7.out" \ - 0 \ - "List members of Administrators group" - rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_7.out" - rlPhaseEnd - - #Usability tests - rlPhaseStartTest "pki_group_cli_group_member-del-kra-018: User deleted from Administrators group cannnot create a new user" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-kra-group-member-del-user-add-0021.out" \ - 0 \ - "Adding user testuser1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"Administrators\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-21_2.out" \ - 0 \ - "Adding user testuser1 to group \"Administrators\"" - rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-21_2.out" - - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out -t \"u,u,u\"" - - #Add certificate to the user - rlRun "pki -d $CERTDB_DIR/ \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-cert-add testuser1 --input $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ - 0 \ - "Cert is added to the user testuser1" - - #Add a new user using testuser1 - rlLog "pki -d $TEMP_NSS_DB/ \ - -n testuser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName='test_user' u9" - rlRun "pki -d $TEMP_NSS_DB/ \ - -n testuser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-kra-021_4.out" - rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-kra-021_4.out" - rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-kra-021_4.out" - rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-kra-021_4.out" - - #Delete testuser1 from the Administrators group - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-del \"Administrators\" testuser1 > $TmpDir/pki-kra-group-member-del-groupdel-del-021_5.out" \ - 0 \ - "User deleted from group \"Administrators\"" - rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-kra-group-member-del-groupdel-del-021_5.out" - - #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group - command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT -t kra user-add --fullName=test_user u212" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" - - rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - #Usability tests - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-019: Delete group and check for user membership" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName='Test User2' testuser2" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ - 0 \ - "Adding uid testuser2 " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-kra-group-member-del-groupadd-022_1.out" \ - 0 \ - "Adding group group1" - rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" - rlAssertGrep "Group ID: group1" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" - rlAssertGrep "Description: New Group" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"group1\" testuser2" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"group1\" testuser2 > $TmpDir/pki-kra-group-member-del-groupadd-022_2.out" \ - 0 \ - "Adding user testuser2 to group \"group1\"" - rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-kra-group-member-del-groupadd-022_2.out" - rlAssertGrep "User: testuser2" "$TmpDir/pki-kra-group-member-del-groupadd-022_2.out" - rlLog "Delete group member from the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'group1' > $TmpDir/pki-kra-group-member-del-022_3.out" \ - 0 \ - "Delete group \"group1\"" - rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-kra-group-member-del-022_3.out" - rlLog "Check if the user is removed from the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-membership-find testuser2 > $TmpDir/pki-kra-group-member-del-groupadd-find-022_4.out" \ - 0 \ - "Find user-membership of testuser2" - rlAssertNotGrep "Group: group1" "$TmpDir/pki-kra-group-member-del-groupadd-find-022_4.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-del-kra-cleanup-001: Deleting the temp directory and users" - - #===Deleting users created using KRA_adminV cert===# - i=1 - while [ $i -lt 11 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del u$i > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-00$i.out" \ - 0 \ - "Deleted user u$i" - rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-00$i.out" - let i=$i+1 - done - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del userall > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ - 0 \ - "Deleted user userall" - rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del user1 > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ - 0 \ - "Deleted user user1" - rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del user2 > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ - 0 \ - "Deleted user user2" - rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del user123 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-user123.out" \ - 0 \ - "Deleted user user123" - rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-user123.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del testuser1 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser1.out" \ - 0 \ - "Deleted user testuser1" - rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser1.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del testuser2 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser2.out" \ - 0 \ - "Deleted user testuser2" - rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser2.out" - - #===Deleting i18n group created using CA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ - 0 \ - "Deleting group dadministʁasjɔ̃" - rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" - - #Delete temporary directory - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh deleted file mode 100755 index e5009fa08..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh +++ /dev/null @@ -1,778 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI user-cli-group-member-find CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-member-find Find group members. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh -###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-member-find-ca.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## - -run_pki-group-cli-group-member-find-ca_tests(){ - #Local variables - #Available groups ca-group-find - groupid1="Certificate Manager Agents" - groupid2="Registration Manager Agents" - groupid3="Subsystem Group" - groupid4="Trusted Managers" - groupid5="Administrators" - groupid6="Auditors" - groupid7="ClonedSubsystems" - groupid8="Security Domain Administrators" - groupid9="Enterprise CA Administrators" - groupid10="Enterprise KRA Administrators" - groupid11="Enterprise OCSP Administrators" - groupid12="Enterprise TKS Administrators" - groupid13="Enterprise RA Administrators" - groupid14="Enterprise TPS Administrators" - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-001: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - else - prefix=ROOTCA - fi -else - prefix=$MYROLE -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-002: pki group-member-find --help configuration test" - rlRun "pki group-member-find --help > $TmpDir/pki_group_member_find_cfg.out 2>&1" \ - 0 \ - "pki group-member-find --help" - rlAssertGrep "usage: group-member-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_group_member_find_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_find_cfg.out" - rlAssertGrep "\--size Page size" "$TmpDir/pki_group_member_find_cfg.out" - rlAssertGrep "\--start Page start" "$TmpDir/pki_group_member_find_cfg.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-003: pki group-member-find configuration test" - rlRun "pki group-member-find > $TmpDir/pki_group_member_find_2_cfg.out 2>&1" \ - 255 \ - "pki group-member-find" - rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_group_member_find_2_cfg.out" - rlAssertGrep "usage: group-member-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_group_member_find_2_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_find_2_cfg.out" - rlAssertGrep "\--size Page size" "$TmpDir/pki_group_member_find_2_cfg.out" - rlAssertGrep "\--start Page start" "$TmpDir/pki_group_member_find_2_cfg.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-004: Find group-member when user is added to different groups" - i=1 - while [ $i -lt 15 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu$i\" u$i " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-group-member-find-user-find-ca-00$i.out" \ - 0 \ - "Adding user u$i" - rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-group-member-find-user-find-ca-00$i.out" - rlAssertGrep "User ID: u$i" "$TmpDir/pki-group-member-find-user-find-ca-00$i.out" - rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-group-member-find-user-find-ca-00$i.out" - rlLog "Adding the user to a group" - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" u$i" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" u$i > $TmpDir/pki-group-member-find-groupadd-ca-00$i.out" \ - 0 \ - "Adding user u$i to group \"$gid\"" - rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-group-member-find-groupadd-ca-00$i.out" - rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-find-groupadd-ca-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"$gid\" > $TmpDir/pki-group-member-find-groupadd-find-ca-00$i.out" \ - 0 \ - "Find group-members with group \"$gid\"" - rlAssertGrep "User: u$i" "$TmpDir/pki-group-member-find-groupadd-find-ca-00$i.out" - - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-005: Find group-member when the same user is added to many groups" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-group-member-find-user-find-ca-userall-001.out" \ - 0 \ - "Adding user userall" - rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-group-member-find-user-find-ca-userall-001.out" - rlAssertGrep "User ID: userall" "$TmpDir/pki-group-member-find-user-find-ca-userall-001.out" - rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-group-member-find-user-find-ca-userall-001.out" - rlLog "Adding the user to all the groups" - i=1 - while [ $i -lt 15 ] ; do - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" userall" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"$gid\" userall > $TmpDir/pki-group-member-find-groupadd-ca-userall-00$i.out" \ - 0 \ - "Adding user userall to group \"$gid\"" - rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-group-member-find-groupadd-ca-userall-00$i.out" - rlAssertGrep "User: userall" "$TmpDir/pki-group-member-find-groupadd-ca-userall-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"$gid\" > $TmpDir/pki-group-member-find-groupadd-find-ca-userall-00$i.out" \ - 0 \ - "Find user membership to group \"$gid\"" - rlAssertGrep "User: userall" "$TmpDir/pki-group-member-find-groupadd-find-ca-userall-00$i.out" - - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-006: Find group-member when many users are added to one group" - i=1 - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"Test group\" group1 > $TmpDir/pki-group-member-find-groupadd-ca-006.out" \ - 0 \ - "Adding group group1" - rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-group-member-find-groupadd-ca-006.out" - rlAssertGrep "Group ID: group1" "$TmpDir/pki-group-member-find-groupadd-ca-006.out" - rlAssertGrep "Description: Test group" "$TmpDir/pki-group-member-find-groupadd-ca-006.out" - while [ $i -lt 15 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameuser$i\" user$i " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-group-member-find-useradd-ca-00$i.out" \ - 0 \ - "Adding user user$i" - rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-group-member-find-useradd-ca-00$i.out" - rlAssertGrep "User ID: user$i" "$TmpDir/pki-group-member-find-useradd-ca-00$i.out" - rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-group-member-find-useradd-ca-00$i.out" - rlLog "Adding user user$i to group1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add group1 user$i > $TmpDir/pki-group-member-find-group-member-add-ca-00$i.out" \ - 0 \ - "Adding user user$i" - rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-group-member-find-group-member-add-ca-00$i.out" - rlAssertGrep "User: user$i" "$TmpDir/pki-group-member-find-group-member-add-ca-00$i.out" - let i=$i+1 - done - let i=$i-1 - rlLog "Find group members of group1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group1 > $TmpDir/pki-group-member-find-ca-group1-006.out" \ - 0 \ - "Find users added to group \"$gid\"" - rlAssertGrep "$i entries matched" "$TmpDir/pki-group-member-find-ca-group1-006.out" - rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-group-member-find-ca-group1-006.out" - i=1 - while [ $i -lt 15 ] ; do - rlAssertGrep "User: user$i" "$TmpDir/pki-group-member-find-ca-group1-006.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-007: Find group-member of a user from the 6th position (start=5)" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group1 --start=5 > $TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" \ - 0 \ - "Checking user added to group" - rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlAssertGrep "User: user6" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlAssertGrep "User: user7" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlAssertGrep "User: user8" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlAssertGrep "User: user9" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlAssertGrep "User: user10" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlAssertGrep "User: user11" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlAssertGrep "User: user12" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlAssertGrep "User: user13" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlAssertGrep "User: user14" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-001.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-008: Find all group members of a group (start=0)" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group1 --start=0 > $TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" \ - 0 \ - "Checking group members of a group " - rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" - i=1 - while [ $i -lt 15 ] ; do - eval uid=user$i - rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-002.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-009: Find group members when page start is negative (start=-1)" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=-1" - errmsg="--start option should have argument greater than 0" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" - rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-010: Find group members when page start greater than available number of groups (start=15)" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group1 --start=15 > $TmpDir/pki-group-member-find-groupadd-find-ca-start-004.out" \ - 0 \ - "Checking group members of a group" - rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-004.out" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-member-find-groupadd-find-ca-start-004.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-011: Should not be able to find group members when page start is non integer" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=a" - errmsg="NumberFormatException: For input string: \"a\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-012: Find group member when page size is 0 (size=0)" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group1 --size=0 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-006.out" 0 \ - "group_member-find with size parameter as 0" - rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-006.out" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-006.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-013: Find group members when page size is 1 (size=1)" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group1 --size=1 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" 0 \ - "group_member-find with size parameter as 1" - rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" - rlAssertGrep "User: user1" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" - rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-007.out" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-014: Find group members when page size is 15 (size=15)" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group1 --size=15 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" 0 \ - "group_member-find with size parameter as 15" - rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" - i=1 - while [ $i -lt 15 ] ; do - eval uid=user$i - rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-009.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-015: Find group members when page size greater than available number of groups (size=100)" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group1 --size=100 > $TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" 0 \ - "group_membership-find with size parameter as 100" - rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" - i=1 - while [ $i -lt 15 ] ; do - eval uid=user$i - rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-group-member-find-groupadd-find-ca-size-0010.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-016: Find group-member when page size is negative (size=-1)" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --size=-1" - errmsg="--size option should have argument greater than 0" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if size is less than 0" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-017: Should not be able to find group members when page size is non integer" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --size=a" - errmsg="NumberFormatException: For input string: \"a\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-018: Find group members with -t ca option" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-member-find group1 --size=5" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-member-find group1 --size=5 > $TmpDir/pki-group-member-find-ca-018.out" \ - 0 \ - "Find group-member with -t ca option" - rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-ca-018.out" - i=1 - while [ $i -lt 5 ] ; do - eval uid=user$i - rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-ca-018.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-group-member-find-ca-018.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-019: Find group members with page start and page size option" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group1 --start=6 --size=5" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group1 --start=6 --size=5 > $TmpDir/pki-group-member-find-ca-019.out" \ - 0 \ - "Find group members with page start and page size option" - rlAssertGrep "14 entries matched" "$TmpDir/pki-group-member-find-ca-019.out" - i=7 - while [ $i -lt 12 ] ; do - eval uid=user$i - rlAssertGrep "User: $uid" "$TmpDir/pki-group-member-find-ca-019.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-group-member-find-ca-019.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-020: Find group members with --size more than maximum possible value" - randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --size=$maximum_check" - errmsg="NumberFormatException: For input string: \"$maximum_check\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-021: Find group members with --start more than maximum possible value" - randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=$maximum_check" - errmsg="NumberFormatException: For input string: \"$maximum_check\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-022: Should not be able to group-member-find using a revoked cert CA_adminR" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert CA_adminR" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-023: Should not be able to group-member-find using an agent with revoked cert CA_agentR" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using an agent with revoked cert CA_agentR" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-024: Should not be able to group-member-find using a valid agent CA_agentV user" - command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent CA_agentV user cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-025: Should not be able to group-member-find using admin user with expired cert CA_adminE" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired admin CA_adminE user cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-026: Should not be able to group-member-find using CA_agentE cert" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent CA_agentE user cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-027: Should not be able to group-member-find using CA_auditV cert" - command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor CA_auditV user cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-028: Should not be able to group-member-find using CA_operatorV cert" - command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator CA_operatorV user cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-029: Should not be able to group-member-find using role_user_UTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_adminUTCA user cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-030: Should not be able to group-member-find using role_user_UTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_agentUTCA user cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-031:Find group-member for group id with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName='u15' u15" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName='u15' u15" \ - 0 \ - "Adding uid u15" - rlLog "Create a group dadministʁasjɔ̃ with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-group-member-add-groupadd-ca-031_1.out" \ - 0 \ - "Adding group dadministʁasjɔ̃ with i18n characters" - rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-member-add-groupadd-ca-031_1.out" - rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-group-member-add-groupadd-ca-031_1.out" - rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-group-member-add-groupadd-ca-031_1.out" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"dadministʁasjɔ̃\" u15" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add \"dadministʁasjɔ̃\" u15 > $TmpDir/pki-group-member-find-groupadd-ca-031_2.out" \ - 0 \ - "Adding user u15 to group \"dadministʁasjɔ̃\"" - rlAssertGrep "Added group member \"u15\"" "$TmpDir/pki-group-member-find-groupadd-ca-031_2.out" - rlAssertGrep "User: u15" "$TmpDir/pki-group-member-find-groupadd-ca-031_2.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-group-member-find-groupadd-find-ca-031_3.out" \ - 0 \ - "Find group-member u15 in \"dadministʁasjɔ̃\"" - rlAssertGrep "1 entries matched" "$TmpDir/pki-group-member-find-groupadd-find-ca-031_3.out" - rlAssertGrep "User: u15" "$TmpDir/pki-group-member-find-groupadd-find-ca-031_3.out" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_member-find-CA-032: Find group-member - paging" - i=1 - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"Test group\" group2 > $TmpDir/pki-group-member-find-groupadd-ca-034.out" \ - 0 \ - "Adding group group2" - rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-group-member-find-groupadd-ca-034.out" - rlAssertGrep "Group ID: group2" "$TmpDir/pki-group-member-find-groupadd-ca-034.out" - rlAssertGrep "Description: Test group" "$TmpDir/pki-group-member-find-groupadd-ca-034.out" - while [ $i -lt 25 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameuser$i\" userid$i " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" \ - 0 \ - "Adding user userid$i" - rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" - rlAssertGrep "User ID: userid$i" "$TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" - rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-group-member-find-paging-useradd-ca-00$i.out" - rlLog "Adding user userid$i to group2" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add group2 userid$i > $TmpDir/pki-group-member-find-paging-group-member-add-ca-00$i.out" \ - 0 \ - "Adding user userid$i" - rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-group-member-find-paging-group-member-add-ca-00$i.out" - rlAssertGrep "User: userid$i" "$TmpDir/pki-group-member-find-paging-group-member-add-ca-00$i.out" - let i=$i+1 - done - let i=$i-1 - rlLog "Find group members of group2" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-find group2 > $TmpDir/pki-group-member-find-ca-group1-034.out" \ - 0 \ - "Find users added to group \"group2\"" - rlAssertGrep "$i entries matched" "$TmpDir/pki-group-member-find-ca-group1-034.out" - rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-group-member-find-ca-group1-034.out" - i=1 - while [ $i -lt 20 ] ; do - rlAssertGrep "User: userid$i" "$TmpDir/pki-group-member-find-ca-group1-034.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-ca-cleanup-001: Deleting the temp directory, users and groups" - - #===Deleting users created using CA_adminV cert===# - i=1 - while [ $i -lt 16 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del u$i > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-00$i.out" \ - 0 \ - "Deleted user u$i" - rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-00$i.out" - let i=$i+1 - done - i=1 - while [ $i -lt 15 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del user$i > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group1-00$i.out" \ - 0 \ - "Deleted user user$i" - rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group1-00$i.out" - let i=$i+1 - done - i=1 - while [ $i -lt 25 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del userid$i > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group2-00$i.out" \ - 0 \ - "Deleted user userid$i" - rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-group2-00$i.out" - let i=$i+1 - done - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del userall > $TmpDir/pki-user-del-ca-group-member-find-user-del-ca-userall.out" \ - 0 \ - "Deleted user userall" - rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ca-group-member-find-user-del-ca-userall.out" - - - #===Deleting groups created using CA_adminV===# - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'group1' > $TmpDir/pki-user-del-ca-group1.out" \ - 0 \ - "Deleting group group1" - rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-ca-group1.out" - - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'group2' > $TmpDir/pki-user-del-ca-group2.out" \ - 0 \ - "Deleting group group2" - rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-ca-group2.out" - - - #===Deleting i18n group created using CA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ca-group-i18n_1.out" \ - 0 \ - "Deleting group dadministʁasjɔ̃" - rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ca-group-i18n_1.out" - - #Delete temporary directory - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-kra.sh deleted file mode 100755 index c95a0c44c..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-kra.sh +++ /dev/null @@ -1,793 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-cli-group-member-find-kra CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-member-find-kra Find group members. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh -###################################################################################### -#create_role_users.sh should be first executed prior to pki-group-cli-group-member-find-kra.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## - -run_pki-group-cli-group-member-find-kra_tests(){ - #Local variables - groupid1="Data Recovery Manager Agents" - groupid2="Subsystem Group" - groupid3="Trusted Managers" - groupid4="Administrators" - groupid5="Auditors" - groupid6="ClonedSubsystems" - groupid7="Security Domain Administrators" - groupid8="Enterprise KRA Administrators" - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-001: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 - -KRA_HOST=$(eval echo \$${MYROLE}) -KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) -eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" - - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-002: Find kra-group-member when user is added to different groups" - i=1 - while [ $i -lt 9 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu$i\" u$i " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-find-user-find-00$i.out" \ - 0 \ - "Adding user u$i" - rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" - rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" - rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" - rlLog "Adding the user to a group" - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" u$i" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-find-groupadd-00$i.out" \ - 0 \ - "Adding user u$i to group \"$gid\"" - rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-find-groupadd-00$i.out" - rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-find-groupadd-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-find-groupadd-find-00$i.out" \ - 0 \ - "Find group-members with group \"$gid\"" - rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-find-groupadd-find-00$i.out" - - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-003: Find kra-group-member when the same user is added to many groups" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-find-user-find-userall-001.out" \ - 0 \ - "Adding user userall" - rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" - rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" - rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" - rlLog "Adding the user to all the groups" - i=1 - while [ $i -lt 9 ] ; do - eval gid=\$groupid$i - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" userall" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" \ - 0 \ - "Adding user userall to group \"$gid\"" - rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" - rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-find-groupadd-find-userall-00$i.out" \ - 0 \ - "Find user membership to group \"$gid\"" - rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-find-groupadd-find-userall-00$i.out" - - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-004: Find kra-group-member when many users are added to one group" - i=1 - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"Test group\" group1 > $TmpDir/pki-kra-group-member-find-groupadd-006.out" \ - 0 \ - "Adding group group1" - rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" - rlAssertGrep "Group ID: group1" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" - rlAssertGrep "Description: Test group" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" - while [ $i -lt 15 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameuser$i\" user$i " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-kra-group-member-find-useradd-00$i.out" \ - 0 \ - "Adding user user$i" - rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" - rlAssertGrep "User ID: user$i" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" - rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" - rlLog "Adding user user$i to group1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add group1 user$i > $TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" \ - 0 \ - "Adding user user$i" - rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" - rlAssertGrep "User: user$i" "$TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" - let i=$i+1 - done - let i=$i-1 - rlLog "Find group members of group1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 > $TmpDir/pki-kra-group-member-find-group1-006.out" \ - 0 \ - "Find users added to group \"$gid\"" - rlAssertGrep "$i entries matched" "$TmpDir/pki-kra-group-member-find-group1-006.out" - rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-kra-group-member-find-group1-006.out" - i=1 - while [ $i -lt 15 ] ; do - rlAssertGrep "User: user$i" "$TmpDir/pki-kra-group-member-find-group1-006.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-005: Find group-member of a user from the 6th position (start=5)" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --start=5 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" \ - 0 \ - "Checking user added to group" - rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlAssertGrep "User: user6" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlAssertGrep "User: user7" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlAssertGrep "User: user8" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlAssertGrep "User: user9" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlAssertGrep "User: user10" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlAssertGrep "User: user11" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlAssertGrep "User: user12" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlAssertGrep "User: user13" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlAssertGrep "User: user14" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-006: Find all group members of a group (start=0)" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --start=0 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" \ - 0 \ - "Checking group members of a group " - rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" - i=1 - while [ $i -lt 15 ] ; do - eval uid=user$i - rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-007: Find group members when page start is negative (start=-1)" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=-1" - errmsg="--start option should have argument greater than 0" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" - rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-008: Find group members when page start greater than available number of groups (start=15)" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --start=15 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" \ - 0 \ - "Checking group members of a group" - rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-009: Should not be able to find group members when page start is non integer" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=a" - errmsg="NumberFormatException: For input string: \"a\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-010: Find group member when page size is 0 (size=0)" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --size=0 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" 0 \ - "group_member-find with size parameter as 0" - rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" - rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-011: Find group members when page size is 1 (size=1)" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --size=1 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" 0 \ - "group_member-find with size parameter as 1" - rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" - rlAssertGrep "User: user1" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" - rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-012: Find group members when page size is 15 (size=15)" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --size=15 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" 0 \ - "group_member-find with size parameter as 15" - rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" - i=1 - while [ $i -lt 15 ] ; do - eval uid=user$i - rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-013: Find group members when page size greater than available number of groups (size=100)" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --size=100 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" 0 \ - "kra-group_member-find with size parameter as 100" - rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" - i=1 - while [ $i -lt 15 ] ; do - eval uid=user$i - rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-014: Find group-member when page size is negative (size=-1)" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --size=-1" - errmsg="--size option should have argument greater than 0" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if size is less than 0" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-015: Should not be able to find group members when page size is non integer" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --size=a" - errmsg="NumberFormatException: For input string: \"a\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-016: Find group members with -t option" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --size=5" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --size=5 > $TmpDir/pki-kra-group-member-find-018.out" \ - 0 \ - "Find group-member with -t kra option" - rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-018.out" - i=1 - while [ $i -lt 5 ] ; do - eval uid=user$i - rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-018.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-member-find-018.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-017: Find group members with page start and page size option" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --start=6 --size=5" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group1 --start=6 --size=5 > $TmpDir/pki-kra-group-member-find-019.out" \ - 0 \ - "Find group members with page start and page size option" - rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-019.out" - i=7 - while [ $i -lt 12 ] ; do - eval uid=user$i - rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-019.out" - let i=$i+1 - done - rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-member-find-019.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-018: Find group members with --size more than maximum possible value" - randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --size=$maximum_check" - errmsg="NumberFormatException: For input string: \"$maximum_check\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-019: Find group members with --start more than maximum possible value" - randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') - randhex_covup=${randhex^^} - maximum_check=$(echo "ibase=16;$randhex_covup"|bc) - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=$maximum_check" - errmsg="NumberFormatException: For input string: \"$maximum_check\"" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-020: Should not be able to group-member-find using a revoked cert KRA_adminR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert KRA_adminR" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-021: Should not be able to group-member-find using an agent with revoked cert KRA_agentR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using an agent with revoked cert KRA_agentR" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-022: Should not be able to group-member-find using a valid agent KRA_agentV user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent KRA_agentV user cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-023: Should not be able to group-member-find using admin user with expired cert KRA_adminE" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired admin KRA_adminE user cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-024: Should not be able to group-member-find using KRA_agentE cert" - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent KRA_agentE user cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-025: Should not be able to group-member-find using KRA_auditV cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor KRA_auditV user cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-026: Should not be able to group-member-find using KRA_operatorV cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator KRA_operatorV user cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-027: Should not be able to group-member-find using role_user_UTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_adminUTCA user cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-028: Should not be able to group-member-find using role_user_UTCA cert" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted KRA_agentUTCA user cert" - rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-029:Find group-member for group id with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName='u9' u9" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName='u9' u9" \ - 0 \ - "Adding uid u9" - rlLog "Create a group dadministʁasjɔ̃ with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-add-groupadd-031_1.out" \ - 0 \ - "Adding group dadministʁasjɔ̃ with i18n characters" - rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" - rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" - rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"dadministʁasjɔ̃\" u9" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-kra-group-member-find-groupadd-031_2.out" \ - 0 \ - "Adding user u9 to group \"dadministʁasjɔ̃\"" - rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-kra-group-member-find-groupadd-031_2.out" - rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-find-groupadd-031_2.out" - rlLog "Check if the user is added to the group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" \ - 0 \ - "Find group-member u9 in \"dadministʁasjɔ̃\"" - rlAssertGrep "1 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" - rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-030: Find group-member - paging" - i=1 - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"Test group\" group2 > $TmpDir/pki-kra-group-member-find-groupadd-034.out" \ - 0 \ - "Adding group group2" - rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" - rlAssertGrep "Group ID: group2" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" - rlAssertGrep "Description: Test group" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" - while [ $i -lt 25 ] ; do - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameuser$i\" userid$i " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" \ - 0 \ - "Adding user userid$i" - rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" - rlAssertGrep "User ID: userid$i" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" - rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" - rlLog "Adding user userid$i to group2" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add group2 userid$i > $TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" \ - 0 \ - "Adding user userid$i" - rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" - rlAssertGrep "User: userid$i" "$TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" - let i=$i+1 - done - let i=$i-1 - rlLog "Find group members of group2" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-find group2 > $TmpDir/pki-kra-group-member-find-group1-034.out" \ - 0 \ - "Find users added to group \"group2\"" - rlAssertGrep "$i entries matched" "$TmpDir/pki-kra-group-member-find-group1-034.out" - rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-member-find-group1-034.out" - i=1 - while [ $i -lt 20 ] ; do - rlAssertGrep "User: userid$i" "$TmpDir/pki-kra-group-member-find-group1-034.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member-find-kra-cleanup-001: Deleting the temp directory, users and groups" - - #===Deleting users created using KRA_adminV cert===# - i=1 - while [ $i -lt 10 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del u$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-00$i.out" \ - 0 \ - "Deleted user u$i" - rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-00$i.out" - let i=$i+1 - done - i=1 - while [ $i -lt 15 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del user$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group1-00$i.out" \ - 0 \ - "Deleted user user$i" - rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group1-00$i.out" - let i=$i+1 - done - i=1 - while [ $i -lt 25 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del userid$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group2-00$i.out" \ - 0 \ - "Deleted user userid$i" - rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group2-00$i.out" - let i=$i+1 - done - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del userall > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-userall.out" \ - 0 \ - "Deleted user userall" - rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-userall.out" - - - #===Deleting groups created using KRA_adminV===# - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'group1' > $TmpDir/pki-user-del-kra-group1.out" \ - 0 \ - "Deleting group group1" - rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-kra-group1.out" - - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'group2' > $TmpDir/pki-user-del-kra-group2.out" \ - 0 \ - "Deleting group group2" - rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-kra-group2.out" - - - #===Deleting i18n group created using KRA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ - 0 \ - "Deleting group dadministʁasjɔ̃" - rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" - - #Delete temporary directory - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh deleted file mode 100755 index 3307144a6..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh +++ /dev/null @@ -1,496 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-member-show CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-member-show Show groups members -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -###################################################################################### -#pki-user-cli-user-add-ca.sh should be first executed prior to pki-group-cli-group-member-show-ca.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## - -######################################################################## -run_pki-group-cli-group-member-show-ca_tests(){ - #local variables - group1=test_group - group1desc="Test Group" - group2=test_group2 - group2desc="Test Group 2" - group3=test_group3 - group3desc="Test Group 3" - rlPhaseStartSetup "pki_group_cli_group_member_show-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - else - prefix=ROOTCA - fi -else - prefix=$MYROLE -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -cert_info="$TmpDir/cert_info" - - rlPhaseStartTest "pki_group_member_show-configtest: pki group-member-show configuration test" - rlRun "pki group-member-show --help > $TmpDir/pki_group_member_show_cfg.out 2>&1" \ - 0 \ - "pki group-member-show" - rlAssertGrep "usage: group-member-show \[OPTIONS...\]" "$TmpDir/pki_group_member_show_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_member_show_cfg.out" - rlPhaseEnd - - ##### Tests to show CA groups #### - rlPhaseStartTest "pki_group_cli_group_member_show-CA-001: Add group to CA using CA_adminV, add a user to the group and show group member" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"$group1desc\" $group1" \ - 0 \ - "Add group $group1 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"User1\" u1" \ - 0 \ - "Add user u1 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add $group1 u1" \ - 0 \ - "Add user u1 to group $group1 using CA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-show $group1 u1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-show $group1 u1 > $TmpDir/pki_group_member_show_groupshow001.out" \ - 0 \ - "Show group members of $group1" - rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_group_member_show_groupshow001.out" - rlAssertGrep "User: u1" "$TmpDir/pki_group_member_show_groupshow001.out" - rlPhaseEnd - - - #Negative Cases - rlPhaseStartTest "pki_group_cli_group_member_show-CA-002: Missing required option group id" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-member-show u1" - errmsg="Error: Incorrect number of arguments specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-003: Missing required option member id" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-member-show $group1" - errmsg="Error: Incorrect number of arguments specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-004: A non existing member ID" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-member-show $group1 user1" - errmsg="ResourceNotFoundException: Group member user1 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-005: A non existing group ID" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-member-show group1 u1" - errmsg="GroupNotFoundException: Group group1 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-006: Checking if member id case sensitive " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-member-show $group1 U1 > $TmpDir/pki-group-member-show-ca-006.out 2>&1" \ - 0 \ - "Member ID is not case sensitive" - rlAssertGrep "User \"U1\"" "$TmpDir/pki-group-member-show-ca-006.out" - rlAssertGrep "User: u1" "$TmpDir/pki-group-member-show-ca-006.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-007: Checking if group id case sensitive " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-member-show TEST_GROUP u1 > $TmpDir/pki-group-member-show-ca-007.out 2>&1" \ - 0 \ - "Group ID is not case sensitive" - rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-group-member-show-ca-007.out" - rlAssertGrep "User: u1" "$TmpDir/pki-group-member-show-ca-007.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-008: Should not be able to show group member using a revoked cert CA_adminR" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-009: Should not be able to show group member using an agent with revoked cert CA_agentR" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-010: Should not be able to show group members using a valid agent CA_agentV user" - command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-011: Should not be able to show group members using admin user with expired cert CA_adminE" - #Set datetime 2 days ahead - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-012: Should not be able to show group members using CA_agentE cert" - #Set datetime 2 days ahead - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-013: Should not be able to show group members using a CA_auditV" - command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-014: Should not be able to show group members using a CA_operatorV" - command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-015: Should not be able to show group members using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using CA_adminUTCA" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-ca-016: Should not be able to show group members using a user cert" - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_ca_group_member_show_encoded_0029pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_ca_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" - rlLog "Executing: pki -d $TEMP_NSS_DB \ - -n pkiUser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - ca-group-member-show $group1 u1" - rlRun "pki -d $TEMP_NSS_DB \ - -n pkiUser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - ca-group-member-show $group1 u1 > $TmpDir/pki-ca-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ca-group-member-show-pkiUser1-002.out" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-017: group id with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-member-show-ca-001_56.out 2>&1" \ - 0 \ - "Adding gid ÖrjanÄke with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=test u3 > $TmpDir/pki-group-member-show-ca-001_57.out 2>&1" \ - 0 \ - "Adding user id u3" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-group-member-show-ca-001_56.out 2>&1" \ - 0 \ - "Adding user u3 to group ÖrjanÄke" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-show 'ÖrjanÄke' u3" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-group-member-show-ca-001_56_2.out" \ - 0 \ - "Show group member'ÖrjanÄke'" - rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-group-member-show-ca-001_56_2.out" - rlAssertGrep "User: u3" "$TmpDir/pki-group-member-show-ca-001_56_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-019: Add group to CA using CA_adminV, add a user to the group, delete the group member and show the group member" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"$group2desc\" $group2" \ - 0 \ - "Add group $group2 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"User2\" u2" \ - 0 \ - "Add user u2 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add $group2 u2" \ - 0 \ - "Add user u2 to group $group2 using CA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-show $group2 u2" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-show $group2 u2 > $TmpDir/pki_group_member_show_groupshow019.out" \ - 0 \ - "Show group members of $group2" - rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_group_member_show_groupshow019.out" - rlAssertGrep "User: u2" "$TmpDir/pki_group_member_show_groupshow019.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-del $group2 u2" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group2 u2" - errmsg="ResourceNotFoundException: Group member u2 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the group member is deleted" - - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-020: Add group to CA using CA_adminV, add a user to the group, delete the user and show the group member" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"$group3desc\" $group3" \ - 0 \ - "Add group $group3 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-add --fullName=\"User3\" u4" \ - 0 \ - "Add user u4 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-add $group3 u4" \ - 0 \ - "Add user u4 to group $group3 using CA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-show $group3 u4" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-member-show $group3 u4 > $TmpDir/pki_group_member_show_groupshow020.out" \ - 0 \ - "Show group members of $group3" - rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_group_member_show_groupshow020.out" - rlAssertGrep "User: u4" "$TmpDir/pki_group_member_show_groupshow020.out" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del u4" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group3 u4" - errmsg="ResourceNotFoundException: Group member u4 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the member user is deleted" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-CA-021: A non existing member ID and group ID" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-member-show group1 user1" - errmsg="GroupNotFoundException: Group group1 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_member_show_cleanup-021: Deleting the temp directory and groups" - - #===Deleting groups(symbols) created using CA_adminV cert===# - j=1 - while [ $j -lt 4 ] ; do - eval grp=\$group$j - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del $grp > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \ - 0 \ - "Deleted group $grp" - rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group-symbol-00$j.out" - let j=$j+1 - done - - j=1 - while [ $j -lt 4 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del u$j > $TmpDir/pki-user-del-ca-group-symbol-00$j.out" \ - 0 \ - "Deleted user u$j" - rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-ca-group-symbol-00$j.out" - let j=$j+1 - done - - #===Deleting i18n groups created using CA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ - 0 \ - "Deleted group ÖrjanÄke" - rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" - - #Delete temporary directory - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-kra.sh deleted file mode 100755 index 9976b16af..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-kra.sh +++ /dev/null @@ -1,539 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-member-show CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-member-show-kra Show groups members -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -###################################################################################### -#create_role_users.sh should be first executed prior to pki-group-cli-group-member-show-kra.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## - -######################################################################## -run_pki-group-cli-group-member-show-kra_tests(){ - #local variables - group1=test_group - group1desc="Test Group" - group2=test_group2 - group2desc="Test Group 2" - group3=test_group3 - group3desc="Test Group 3" - rlPhaseStartSetup "pki_group_cli_group_member_show_kra-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 -CA_HOST=$5 -KRA_HOST=$(eval echo \$${MYROLE}) -KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) -eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -cert_info="$TmpDir/cert_info" -ROOTCA_agent_user=${caId}_agentV - - rlPhaseStartTest "pki_kra_group_member_show-configtest: pki kra-group-member-show configuration test" - rlRun "pki kra-group-member-show --help > $TmpDir/pki_kra_group_member_show_cfg.out 2>&1" \ - 0 \ - "pki kra-group-member-show" - rlAssertGrep "usage: kra-group-member-show \[OPTIONS...\]" "$TmpDir/pki_kra_group_member_show_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_member_show_cfg.out" - rlPhaseEnd - - ##### Tests to show KRA groups #### - rlPhaseStartTest "pki_group_cli_group_member_show_kra-001: Add group to KRA using KRA_adminV, add a user to the group and show group member" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$group1desc\" $group1" \ - 0 \ - "Add group $group1 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"User1\" u1" \ - 0 \ - "Add user u1 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add $group1 u1" \ - 0 \ - "Add user u1 to group $group1 using KRA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show $group1 u1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show $group1 u1 > $TmpDir/pki_kra_group_member_show_groupshow001.out" \ - 0 \ - "Show group members of $group1" - rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_kra_group_member_show_groupshow001.out" - rlAssertGrep "User: u1" "$TmpDir/pki_kra_group_member_show_groupshow001.out" - rlPhaseEnd - - - #Negative Cases - rlPhaseStartTest "pki_group_cli_group_member_show_kra-002: Missing required option group id" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show u1" - errmsg="Error: Incorrect number of arguments specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-003: Missing required option member id" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1" - errmsg="Error: Incorrect number of arguments specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-004: A non existing member ID" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 user1" - errmsg="ResourceNotFoundException: Group member user1 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-005: A non existing group ID" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show group1 u1" - errmsg="GroupNotFoundException: Group group1 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-006: Checking if member id case sensitive " - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show $group1 U1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show $group1 U1 > $TmpDir/pki-kra-group-member-show-006.out 2>&1" \ - 0 \ - "Member ID is not case sensitive" - rlAssertGrep "User \"U1\"" "$TmpDir/pki-kra-group-member-show-006.out" - rlAssertGrep "User: u1" "$TmpDir/pki-kra-group-member-show-006.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-007: Checking if group id case sensitive " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show TEST_GROUP u1 > $TmpDir/pki-kra-group-member-show-007.out 2>&1" \ - 0 \ - "Group ID is not case sensitive" - rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-kra-group-member-show-007.out" - rlAssertGrep "User: u1" "$TmpDir/pki-kra-group-member-show-007.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-008: Should not be able to show group member using a revoked cert KRA_adminR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-009: Should not be able to show group member using an agent with revoked cert KRA_agentR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-010: Should not be able to show group members using a valid agent KRA_agentV user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-011: Should not be able to show group members using admin user with expired cert KRA_adminE" - #Set datetime 2 days ahead - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-012: Should not be able to show group members using KRA_agentE cert" - #Set datetime 2 days ahead - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-013: Should not be able to show group members using a KRA_auditV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show-014: Should not be able to show group members using a KRA_operatorV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-015: Should not be able to show group members using a cert created from a untrusted KRA KRA_adminUTCA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using KRA_adminUTCA" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-016: Should not be able to show group members using a user cert" - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" - rlLog "Executing: pki -d $TEMP_NSS_DB \ - -n pkiUser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show $group1 u1" - rlRun "pki -d $TEMP_NSS_DB \ - -n pkiUser1 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show $group1 u1 > $TmpDir/pki-kra-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-member-show-pkiUser1-002.out" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-017: group id with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-member-show-001_56.out 2>&1" \ - 0 \ - "Adding gid ÖrjanÄke with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=test u3 > $TmpDir/pki-kra-group-member-show-001_57.out 2>&1" \ - 0 \ - "Adding user id u3" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-kra-group-member-show-001_56.out 2>&1" \ - 0 \ - "Adding user u3 to group ÖrjanÄke" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show 'ÖrjanÄke' u3" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-kra-group-member-show-001_56_2.out" \ - 0 \ - "Show group member'ÖrjanÄke'" - rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-kra-group-member-show-001_56_2.out" - rlAssertGrep "User: u3" "$TmpDir/pki-kra-group-member-show-001_56_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-018: Add group to KRA using KRA_adminV, add a user to the group, delete the group member and show the group member" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$group2desc\" $group2" \ - 0 \ - "Add group $group2 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"User2\" u2" \ - 0 \ - "Add user u2 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add $group2 u2" \ - 0 \ - "Add user u2 to group $group2 using KRA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show $group2 u2" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show $group2 u2 > $TmpDir/pki_kra_group_member_show_groupshow019.out" \ - 0 \ - "Show group members of $group2" - rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_kra_group_member_show_groupshow019.out" - rlAssertGrep "User: u2" "$TmpDir/pki_kra_group_member_show_groupshow019.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-del $group2 u2" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group2 u2" - errmsg="ResourceNotFoundException: Group member u2 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the group member is deleted" - - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra-019: Add group to KRA using KRA_adminV, add a user to the group, delete the user and show the group member" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$group3desc\" $group3" \ - 0 \ - "Add group $group3 using KRA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"User4\" u4" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-add --fullName=\"User4\" u4" \ - 0 \ - "Add user u3 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-add $group3 u4" \ - 0 \ - "Add user u4 to group $group3 using KRA_adminV" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show $group3 u4" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-member-show $group3 u4 > $TmpDir/pki_kra_group_member_show_groupshow020.out" \ - 0 \ - "Show group members of $group3" - rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_kra_group_member_show_groupshow020.out" - rlAssertGrep "User: u4" "$TmpDir/pki_kra_group_member_show_groupshow020.out" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del u4" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group3 u4" - errmsg="ResourceNotFoundException: Group member u4 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the member user is deleted" - rlPhaseEnd - - rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show_kra-021: A non existing member ID and group ID" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show group1 user1" - errmsg="GroupNotFoundException: Group group1 not found" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_member_show_kra_cleanup-022: Deleting the temp directory and groups" - - #===Deleting groups(symbols) created using KRA_adminV cert===# - j=1 - while [ $j -lt 4 ] ; do - eval grp=\$group$j - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ - 0 \ - "Deleted group $grp" - rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" - let j=$j+1 - done - - j=1 - while [ $j -lt 4 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - user-del u$j > $TmpDir/pki-user-del-kra-group-symbol-00$j.out" \ - 0 \ - "Deleted user u$j" - rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-kra-group-symbol-00$j.out" - let j=$j+1 - done - - #===Deleting i18n groups created using KRA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ - 0 \ - "Deleted group ÖrjanÄke" - rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" - #Delete temporary directory - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh deleted file mode 100755 index 2bc4d68f8..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh +++ /dev/null @@ -1,525 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-group-cli -# Description: PKI group-mod CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-mod Modify existing groups in the pki ca subsystem. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Author: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -###################################################################################### -#pki-user-cli-user-add-ca.sh should be first executed prior to pki-group-cli-group-mod-ca.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## - -######################################################################## -run_pki-group-cli-group-mod-ca_tests(){ - - #####Create temporary dir to save the output files ##### - rlPhaseStartSetup "pki_group_cli_group_mod-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - else - prefix=ROOTCA - fi -else - prefix=$MYROLE -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" - -group1=ca_group -group1desc="Test ca group" -group2=abcdefghijklmnopqrstuvwxyx12345678 -group3=abc# -group4=abc$ -group5=abc@ -group6=abc? -group7=0 -group1_mod_description="Test ca agent Modified" -randsym="" -i18ngroup=i18ngroup -i18ngroupdescription="Örjan Äke" -i18ngroup_mod_description="kakskümmend" - - ##### pki_group_cli_group_mod-configtest #### - rlPhaseStartTest "pki_group_cli_group_mod-configtest-001: pki group-mod configuration test" - rlRun "pki group-mod --help > $TmpDir/pki_group_mod_cfg.out 2>&1" \ - 0 \ - "Group modification configuration" - rlAssertGrep "usage: group-mod \[OPTIONS...\]" "$TmpDir/pki_group_mod_cfg.out" - rlAssertGrep "\--description Description" "$TmpDir/pki_group_mod_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_mod_cfg.out" - rlPhaseEnd - - - ##### Tests to modify CA groups #### - rlPhaseStartTest "pki_group_cli_group_mod-CA-002: Modify a group's description in CA using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"$group1desc\" $group1" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$group1_mod_description\" $group1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-group-mod-ca-002.out" \ - 0 \ - "Modified $group1 description" - rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-group-mod-ca-002.out" - rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-mod-ca-002.out" - rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-group-mod-ca-002.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - - -rlPhaseStartTest "pki_group_cli_group_mod-CA-003:--description with characters and numbers" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test g1" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-group-mod-ca-004.out" \ - 0 \ - "Modified group using CA_adminV with --description with characters and numbers" - rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-group-mod-ca-004.out" - rlAssertGrep "Group ID: g1" "$TmpDir/pki-group-mod-ca-004.out" - rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-group-mod-ca-004.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_mod-CA-004:--description with maximum length and symbols " - randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') - randsym=$(echo $randsym_b64 | sed 's/\///g') - - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test g2" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$randsym\" g2" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$randsym\" g2 > $TmpDir/pki-group-mod-ca-005.out" \ - 0 \ - "Modified group using CA_adminV with maximum --description length and character symbols in it" - actual_group_string=`cat $TmpDir/pki-group-mod-ca-005.out | grep "Description: " | xargs echo` - expected_group_string="Description: $randsym" - rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-group-mod-ca-005.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-mod-ca-005.out" - if [[ $actual_group_string = $expected_group_string ]] ; then - rlPass "$expected_group_string found" - else - rlFail "$expected_group_string not found" - fi - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - - - - rlPhaseStartTest "pki_group_cli_group_mod-CA-005:--description with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test g3" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=$ g3" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=$ g3 > $TmpDir/pki-group-mod-ca-008.out" \ - 0 \ - "Modified group using CA_adminV with --description $ character" - rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-group-mod-ca-008.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-mod-ca-008.out" - rlAssertGrep "Description: \\$" "$TmpDir/pki-group-mod-ca-008.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - - - rlPhaseStartTest "pki_group_cli_group_mod-CA-006: Modify a group to CA with -t option" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-add --description=test g4" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-mod --description=\"$group1desc\" g4" - - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-group-mod-ca-007.out" \ - 0 \ - "Modified group g4 to CA" - rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-group-mod-ca-007.out" - rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-mod-ca-007.out" - rlAssertGrep "Description: $group1desc" "$TmpDir/pki-group-mod-ca-007.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - rlPhaseStartTest "pki_group_cli_group_mod-CA-007: Modify a group -- missing required option group id" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-mod --description='$group1desc'" - errmsg="Error: No Group ID specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" - rlPhaseEnd - - - -##### Tests to modify groups using revoked cert##### - rlPhaseStartTest "pki_group_cli_group_mod-CA-008: Should not be able to modify groups using a revoked cert CA_adminR" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" - rlPhaseEnd - rlPhaseStartTest "pki_group_cli_group_mod-CA-009: Should not be able to modify group using an agent or a revoked cert CA_agentR" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" - rlPhaseEnd - -##### Tests to modify groups using an agent user##### - rlPhaseStartTest "pki_group_cli_group_mod-CA-010: Should not be able to modify groups using a CA_agentV user" - command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" - rlPhaseEnd - -##### Tests to modify groups using expired cert##### - rlPhaseStartTest "pki_group_cli_group_mod-CA-011: Should not be able to modify group using a CA_adminE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_mod-CA-012: Should not be able to modify group using a CA_agentE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - ##### Tests to modify groups using audit users##### - rlPhaseStartTest "pki_group_cli_group_mod-CA-013: Should not be able to modify group using a CA_auditV" - command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an audit cert" - rlPhaseEnd - - ##### Tests to modify groups using operator user### - rlPhaseStartTest "pki_group_cli_group_mod-CA-014: Should not be able to modify group using a CA_operatorV" - command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as CA_operatorV" - rlPhaseEnd - -##### Tests to modify groups using role_user_UTCA user's certificate will be issued by an untrusted CA users##### - rlPhaseStartTest "pki_group_cli_group_mod-CA-015: Should not be able to modify groups using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" - rlPhaseEnd - -rlPhaseStartTest "pki_group_cli_group_mod-CA-016: Modify a group -- Group ID does not exist" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-mod --description='$group1desc' g5" - errmsg="ResourceNotFoundException: Group g5 not found." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" - rlPhaseEnd - -##### Tests to modify CA groups with empty parameters #### - - rlPhaseStartTest "pki_group_cli_group_mod-CA-017: Modify a user created group in CA using CA_adminV - description is empty" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-add --description=\"$group1desc\" g5" - rlLog "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description=\"\" g5" - rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description=\"\" g5 > $TmpDir/pki-group-mod-ca-0017.out" 0 "Group modified successfully with empty description" - rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-group-mod-ca-0017.out" - rlAssertGrep "Group ID: g5" "$TmpDir/pki-group-mod-ca-0017.out" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - - -##### Tests to modify CA groups with the same value #### - - rlPhaseStartTest "pki_group_cli_group_mod-CA-018: Modify a group in CA using CA_adminV - description same old value" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show $group1 > $TmpDir/pki-group-mod-ca-041_1.out" - rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-group-mod-ca-041_1.out" - rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-mod-ca-041_1.out" - rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-group-mod-ca-041_1.out" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$group1_mod_description\" $group1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-group-mod-ca-041_2.out" \ - 0 \ - "Modifying $group1 with same old description" - rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-group-mod-ca-041_2.out" - rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-mod-ca-041_2.out" - rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-group-mod-ca-041_2.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - -##### Tests to modify CA groups having i18n chars in the description #### - -rlPhaseStartTest "pki_group_cli_group_mod-CA-019: Modify a groups's description having i18n chars in CA using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"$i18ngroupdescription\" $i18ngroup" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-group-mod-ca-043.out" \ - 0 \ - "Modified $i18ngroup description" - rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-group-mod-ca-043.out" - rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-group-mod-ca-043.out" - rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-group-mod-ca-043.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - -##### Tests to modify system generated CA groups #### - rlPhaseStartTest "pki_group_cli_group_mod-CA-020: Modify Administrator group's description in CA using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show Administrators > $TmpDir/pki-group-mod-ca-group-show-022.out" - admin_group_desc=$(cat $TmpDir/pki-group-mod-ca-group-show-022.out| grep Description | cut -d- -f2) - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$group1_mod_description\" Administrators" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-group-mod-ca-022.out" \ - 0 \ - "Modified Administrators group description" - rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-group-mod-ca-022.out" - rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-group-mod-ca-022.out" - rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-group-mod-ca-022.out" - #Restoring the original description of Administrators group - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$admin_group_desc\" Administrators" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_mod-CA-021: Modify Administrators group in CA using CA_adminV - description is empty" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show Administrators > $TmpDir/pki-group-mod-ca-group-show-023.out" - admin_group_desc=$(cat $TmpDir/pki-group-mod-ca-group-show-023.out| grep Description | cut -d- -f2) - rlLog "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description=\"\" Administrators" - rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description=\"\" Administrators > $TmpDir/pki-group-mod-ca-023.out" 0 "Successfully modified Administrator group description" - rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-group-mod-ca-023.out" - rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-group-mod-ca-023.out" - #Restoring the original description of Administrators group - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-mod --description=\"$admin_group_desc\" Administrators" - rlPhaseEnd - - -#===Deleting groups===# -rlPhaseStartTest "pki_group_cli_group_cleanup: Deleting role groups" - - i=1 - while [ $i -lt 6 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del g$i > $TmpDir/pki-group-del-ca-group-00$i.out" \ - 0 \ - "Deleted group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group-00$i.out" - let i=$i+1 - done - - j=1 - while [ $j -lt 2 ] ; do - eval grp=\$group$j - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del $grp > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \ - 0 \ - "Deleted group $grp" - rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group-symbol-00$j.out" - let j=$j+1 - done - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del $i18ngroup > $TmpDir/pki-group-del-ca-i18ngroup-001.out" \ - 0 \ - "Deleted group $i18ngroup" - rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-ca-i18ngroup-001.out" - - #Delete temporary directory - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-kra.sh deleted file mode 100755 index 97c0bf2c8..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-kra.sh +++ /dev/null @@ -1,537 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-group-cli -# Description: PKI group-mod CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-mod-kra Modify existing groups in the pki kra subsystem. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Author: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -###################################################################################### -#create-role-users.sh should be first executed prior to pki-group-cli-group-mod-kra.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## - -######################################################################## -run_pki-group-cli-group-mod-kra_tests(){ - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 - -KRA_HOST=$(eval echo \$${MYROLE}) -KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) -eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV - - #####Create temporary dir to save the output files ##### - rlPhaseStartSetup "pki_group_cli_group_mod_kra-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -group1=kra_group -group1desc="Test kra group" -group2=abcdefghijklmnopqrstuvwxyx12345678 -group3=abc# -group4=abc$ -group5=abc@ -group6=abc? -group7=0 -group1_mod_description="Test kra agent Modified" -randsym="" -i18ngroup=i18ngroup -i18ngroupdescription="Örjan Äke" -i18ngroup_mod_description="kakskümmend" -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" - - ##### Tests to modify KRA groups #### - rlPhaseStartTest "pki_group_cli_group_mod_kra-002: Modify a group's description in KRA using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$group1desc\" $group1" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$group1_mod_description\" $group1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-kra-group-mod-002.out" \ - 0 \ - "Modified $group1 description" - rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-kra-group-mod-002.out" - rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-002.out" - rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-002.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - -rlPhaseStartTest "pki_group_cli_group_mod_kra-003:--description with characters and numbers" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test g1" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-kra-group-mod-004.out" \ - 0 \ - "Modified group using KRA_adminV with --description with characters and numbers" - rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-kra-group-mod-004.out" - rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-mod-004.out" - rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-kra-group-mod-004.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_mod_kra-004:--description with maximum length and symbols " - randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') - randsym=$(echo $randsym_b64 | sed 's/\///g') - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test g2" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$randsym\" g2" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$randsym\" g2 > $TmpDir/pki-kra-group-mod-005.out" \ - 0 \ - "Modified group using KRA_adminV with maximum --description length and character symbols in it" - actual_group_string=`cat $TmpDir/pki-kra-group-mod-005.out | grep "Description: " | xargs echo` - expected_group_string="Description: $randsym" - rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-kra-group-mod-005.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-mod-005.out" - if [[ $actual_group_string = $expected_group_string ]] ; then - rlPass "$expected_group_string found" - else - rlFail "$expected_group_string not found" - fi - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_mod_kra-005:--description with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test g3" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=$ g3" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=$ g3 > $TmpDir/pki-kra-group-mod-008.out" \ - 0 \ - "Modified group using CA_adminV with --description $ character" - rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-kra-group-mod-008.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-mod-008.out" - rlAssertGrep "Description: \\$" "$TmpDir/pki-kra-group-mod-008.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_mod_kra-006: Modify a group to KRA with -t option" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test g4" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$group1desc\" g4" - - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-kra-group-mod-007.out" \ - 0 \ - "Modified group g4 to KRA" - rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-kra-group-mod-007.out" - rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-mod-007.out" - rlAssertGrep "Description: $group1desc" "$TmpDir/pki-kra-group-mod-007.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - rlPhaseStartTest "pki_group_cli_group_mod_kra-007: Modify a group -- missing required option group id" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc'" - errmsg="Error: No Group ID specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" - rlPhaseEnd - -##### Tests to modify groups using revoked cert##### - rlPhaseStartTest "pki_group_cli_group_mod_kra-008: Should not be able to modify groups using a revoked cert KRA_adminR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1_mod_description' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - rlPhaseStartTest "pki_group_cli_group_mod_kra-009: Should not be able to modify group using an agent or a revoked cert KRA_agentR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - -##### Tests to modify groups using an agent user##### - rlPhaseStartTest "pki_group_cli_group_mod_kra-010: Should not be able to modify groups using a KRA_agentV user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" - rlPhaseEnd - -##### Tests to modify groups using expired cert##### - rlPhaseStartTest "pki_group_cli_group_mod_kra-011: Should not be able to modify group using a KRA_adminE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_mod_kra-012: Should not be able to modify group using a KRA_agentE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlPhaseEnd - - ##### Tests to modify groups using audit users##### - rlPhaseStartTest "pki_group_cli_group_mod_kra-013: Should not be able to modify group using a KRA_auditV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an audit cert" - rlPhaseEnd - - ##### Tests to modify groups using operator user### - rlPhaseStartTest "pki_group_cli_group_mod_kra-014: Should not be able to modify group using a KRA_operatorV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as KRA_operatorV" - rlPhaseEnd - -##### Tests to modify groups using KRA_adminUTCA and KRA_agentUTCA user's certificate will be issued by an untrusted KRA users##### - rlPhaseStartTest "pki_group_cli_group_mod_kra-015: Should not be able to modify groups using a cert created from a untrusted KRA KRA_adminUTCA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" - rlPhaseEnd - -rlPhaseStartTest "pki_group_cli_group_mod_kra-016: Modify a group -- Group ID does not exist" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' g5" - errmsg="ResourceNotFoundException: Group g5 not found." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" - rlPhaseEnd - -##### Tests to modify KRA groups with empty parameters #### - - rlPhaseStartTest "pki_group_cli_group_mod_kra-017: Modify a user created group in KRA using KRA_adminV - description is empty" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$group1desc\" g5" - rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" g5" - rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" g5 > $TmpDir/pki-kra-group-mod-0017.out" 0 "Group modified successfully with empty description" - rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-kra-group-mod-0017.out" - rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-mod-0017.out" - rlPhaseEnd - - -##### Tests to modify KRA groups with the same value #### - - rlPhaseStartTest "pki_group_cli_group_mod_kra-018: Modify a group in KRA using KRA_adminV - description same old value" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show $group1 > $TmpDir/pki-kra-group-mod-041_1.out" - rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-kra-group-mod-041_1.out" - rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-041_1.out" - rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-041_1.out" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$group1_mod_description\" $group1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-kra-group-mod-041_2.out" \ - 0 \ - "Modifying $group1 with same old description" - rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-kra-group-mod-041_2.out" - rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-041_2.out" - rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-041_2.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - -##### Tests to modify KRA groups having i18n chars in the description #### - -rlPhaseStartTest "pki_group_cli_group_mod_kra-019: Modify a groups's description having i18n chars in KRA using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$i18ngroupdescription\" $i18ngroup" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - kra-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-kra-group-mod-043.out" \ - 0 \ - "Modified $i18ngroup description" - rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-kra-group-mod-043.out" - rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-kra-group-mod-043.out" - rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-kra-group-mod-043.out" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" - rlPhaseEnd - -##### Tests to modify system generated KRA groups #### - rlPhaseStartTest "pki_group_cli_group_mod_kra-021: Modify Administrator group's description in KRA using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show Administrators > $TmpDir/pki-kra-group-mod-group-show-022.out" - admin_group_desc=$(cat $TmpDir/pki-kra-group-mod-group-show-022.out| grep Description | cut -d- -f2) - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$group1_mod_description\" Administrators" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-kra-group-mod-022.out" \ - 0 \ - "Modified Administrators group description" - rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-kra-group-mod-022.out" - rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-mod-022.out" - rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-022.out" - #Restoring the original description of Administrators group - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$admin_group_desc\" Administrators" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_mod_kra-022: Modify Administrators group in KRA using KRA_adminV - description is empty" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show Administrators > $TmpDir/pki-kra-group-mod-group-show-023.out" - admin_group_desc=$(cat $TmpDir/pki-kra-group-mod-group-show-023.out| grep Description | cut -d- -f2) - rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" Administrators" - rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" Administrators > $TmpDir/pki-kra-group-mod-023.out" 0 "Successfully modified Administrator group description" - rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-kra-group-mod-023.out" - rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-mod-023.out" - #Restoring the original description of Administrators group - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-mod --description=\"$admin_group_desc\" Administrators" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" - rlPhaseEnd - - -#===Deleting groups===# -rlPhaseStartTest "pki_group_cli_group_cleanup_kra: Deleting role groups" - - i=1 - while [ $i -lt 6 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g$i > $TmpDir/pki-group-del-kra-group-00$i.out" \ - 0 \ - "Deleted group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-kra-group-00$i.out" - let i=$i+1 - done - - j=1 - while [ $j -lt 2 ] ; do - eval grp=\$group$j - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ - 0 \ - "Deleted group $grp" - rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" - let j=$j+1 - done - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del $i18ngroup > $TmpDir/pki-group-del-kra-i18ngroup-001.out" \ - 0 \ - "Deleted group $i18ngroup" - rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-kra-i18ngroup-001.out" - - #Delete temporary directory - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh deleted file mode 100755 index 174bfca7e..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh +++ /dev/null @@ -1,674 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-show CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-show Show groups -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -###################################################################################### -#pki-user-cli-user-add-ca.sh should be first executed prior to pki-group-cli-group-show-ca.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## - -######################################################################## -run_pki-group-cli-group-show-ca_tests(){ - #local variables - group1=test_group - group1desc="Test Group" - group2=abcdefghijklmnopqrstuvwxyx12345678 - group3=abc# - group4=abc$ - group5=abc@ - group6=abc? - group7=0 - - rlPhaseStartSetup "pki_group_cli_group_show-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - else - prefix=ROOTCA - fi -else - prefix=$MYROLE -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" - - rlPhaseStartTest "pki_group_show-configtest: pki group-show configuration test" - rlRun "pki group-show --help > $TmpDir/pki_group_show_cfg.out 2>&1" \ - 0 \ - "pki group-show" - rlAssertGrep "usage: group-show \[OPTIONS...\]" "$TmpDir/pki_group_show_cfg.out" - rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_show_cfg.out" - rlPhaseEnd - - ##### Tests to show CA groups #### - rlPhaseStartTest "pki_group_cli_group_show-CA-001: Add group to CA using CA_adminV and show group" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=\"$group1desc\" $group1" \ - 0 \ - "Add group $group1 using CA_adminV" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show $group1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show $group1 > $TmpDir/pki-group-show-ca-001.out" \ - 0 \ - "Show group $group1" - rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-group-show-ca-001.out" - rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-show-ca-001.out" - rlAssertGrep "Description: $group1desc" "$TmpDir/pki-group-show-ca-001.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-002: maximum length of group id" - group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test $group2" \ - 0 \ - "Add group $group2 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show $group2 > $TmpDir/pki-group-show-ca-001_1.out" \ - 0 \ - "Show $group2 group" - rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-group-show-ca-001_1.out" - actual_groupid_string=`cat $TmpDir/pki-group-show-ca-001_1.out | grep 'Group ID:' | xargs echo` - expected_groupid_string="Group ID: $group2" - if [[ $actual_groupid_string = $expected_groupid_string ]] ; then - rlPass "Group ID: $group2 found" - else - rlFail "Group ID: $group2 not found" - fi - rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_1.out" - - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-003: Group id with # character" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test $group3" \ - 0 \ - "Add group $group3 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show $group3 > $TmpDir/pki-group-show-ca-001_2.out" \ - 0 \ - "Show $group3 group" - rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-group-show-ca-001_2.out" - rlAssertGrep "Group ID: $user3" "$TmpDir/pki-group-show-ca-001_2.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-004: Group id with $ character" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test $group4" \ - 0 \ - "Add group $group4 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show $group4 > $TmpDir/pki-group-show-ca-001_3.out" \ - 0 \ - "Show $group4 group" - rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-group-show-ca-001_3.out" - rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-group-show-ca-001_3.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_3.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-005: Group id with @ character" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test $group5" \ - 0 \ - "Add $group5 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show $group5 > $TmpDir/pki-group-show-ca-001_4.out" \ - 0 \ - "Show $group5 group" - rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-group-show-ca-001_4.out" - rlAssertGrep "Group ID: $group5" "$TmpDir/pki-group-show-ca-001_4.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_4.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-006: Group id with ? character" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test $group6" \ - 0 \ - "Add $group6 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show $group6 > $TmpDir/pki-group-show-ca-001_5.out" \ - 0 \ - "Show $group6 group" - rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-group-show-ca-001_5.out" - rlAssertGrep "Group ID: $group6" "$TmpDir/pki-group-show-ca-001_5.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_5.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-007: Group id as 0" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test $group7" \ - 0 \ - "Add group $group7 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show $group7 > $TmpDir/pki-group-show-ca-001_6.out" \ - 0 \ - "Show group $group7" - rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-group-show-ca-001_6.out" - rlAssertGrep "Group ID: $group7" "$TmpDir/pki-group-show-ca-001_6.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_6.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-008: --description with maximum length" - desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='$desc' g1" \ - 0 \ - "Added group using CA_adminV with maximum --description length" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g1 > $TmpDir/pki-group-show-ca-001_7.out" \ - 0 \ - "Show group g1" - rlAssertGrep "Group \"g1\"" "$TmpDir/pki-group-show-ca-001_7.out" - rlAssertGrep "Group ID: g1" "$TmpDir/pki-group-show-ca-001_7.out" - actual_desc_string=`cat $TmpDir/pki-group-show-ca-001_7.out | grep Description: | xargs echo` - expected_desc_string="Description: $desc" - if [[ $actual_desc_string = $expected_desc_string ]] ; then - rlPass "Description: $desc found" - else - rlFail "Description: $desc not found" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-009: --description with maximum length and symbols" - desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') - desc=$(echo $desc_b64 | sed 's/\///g') - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description='$desc' g2" \ - 0 \ - "Added group using CA_adminV with maximum --description length and character symbols in it" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g2 > $TmpDir/pki-group-show-ca-001_8.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-001_8.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-001_8.out" - actual_desc_string=`cat $TmpDir/pki-group-show-ca-001_8.out | grep Description: | xargs echo` - expected_desc_string="Description: $desc" - if [[ $actual_desc_string = $expected_desc_string ]] ; then - rlPass "Description: $desc found" - else - rlFail "Description: $desc not found" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-010: --description with # character" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=# g3" \ - 0 \ - "Add group g3 using pki CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g3 > $TmpDir/pki-group-show-ca-001_9.out" \ - 0 \ - "Add group g3" - rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ca-001_9.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ca-001_9.out" - rlAssertGrep "Description: #" "$TmpDir/pki-group-show-ca-001_9.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-011: --description with * character" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=* g4" \ - 0 \ - "Add group g4 using pki CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g4 > $TmpDir/pki-group-show-ca-001_10.out" \ - 0 \ - "Show group g4 using CA_adminV" - rlAssertGrep "Group \"g4\"" "$TmpDir/pki-group-show-ca-001_10.out" - rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-show-ca-001_10.out" - rlAssertGrep "Description: *" "$TmpDir/pki-group-show-ca-001_10.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-012: --description with $ character" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=$ g5" \ - 0 \ - "Add group g5 using pki CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g5 > $TmpDir/pki-group-show-ca-001_11.out" \ - 0 \ - "Show group g5 using CA_adminV" - rlAssertGrep "Group \"g5\"" "$TmpDir/pki-group-show-ca-001_11.out" - rlAssertGrep "Group ID: g5" "$TmpDir/pki-group-show-ca-001_11.out" - rlAssertGrep "Description: \\$" "$TmpDir/pki-group-show-ca-001_11.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-013: --description as number 0" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=0 g6" \ - 0 \ - "Add group g6 using pki CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g6 > $TmpDir/pki-group-show-ca-001_12.out" \ - 0 \ - "Show group g6 using CA_adminV" - rlAssertGrep "Group \"g6\"" "$TmpDir/pki-group-show-ca-001_12.out" - rlAssertGrep "Group ID: g6" "$TmpDir/pki-group-show-ca-001_12.out" - rlAssertGrep "Description: 0" "$TmpDir/pki-group-show-ca-001_12.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-014: Show group with -t ca option" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test g7 > /tmp/groupg7.out 2>&1" \ - 0 \ - "Adding group g7 using CA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-show g7 > $TmpDir/pki-group-show-ca-001_32.out" \ - 0 \ - "Show group g7 using CA_adminV" - rlAssertGrep "Group \"g7\"" "$TmpDir/pki-group-show-ca-001_32.out" - rlAssertGrep "Group ID: g7" "$TmpDir/pki-group-show-ca-001_32.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_32.out" - rlPhaseEnd - - - #Negative Cases - rlPhaseStartTest "pki_group_cli_group_show-CA-015: Missing required option group id" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t ca group-show" - errmsg="Error: No Group ID specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-016: Checking if group id case sensitive " - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - -t ca \ - group-show G7 > $TmpDir/pki-group-show-ca-001_35.out 2>&1" \ - 0 \ - "Group ID is not case sensitive" - rlAssertGrep "Group \"G7\"" "$TmpDir/pki-group-show-ca-001_35.out" - rlAssertGrep "Group ID: g7" "$TmpDir/pki-group-show-ca-001_35.out" - rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_35.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-017: Should not be able to show group using a revoked cert CA_adminR" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-018: Should not be able to show group using an agent with revoked cert CA_agentR" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-019: Should not be able to show group using a valid agent CA_agentV user" - command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-020: Should not be able to show group using admin user with expired cert CA_adminE" - #Set datetime 2 days ahead - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-021: Should not be able to show group using CA_agentE cert" - #Set datetime 2 days ahead - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-022: Should not be able to show group using a CA_auditV" - command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-023: Should not be able to show group using a CA_operatorV" - command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-024: Should not be able to show group using a cert created from a untrusted CA role_user_UTCA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using CA_adminUTCA" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-ca-025: Should not be able to show group using a user cert" - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_show_encoded_0025pkcs10.out > $TmpDir/pki_ca_group_show_encoded_0025pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_ca_group_show_encoded_0025pkcs10.pem -t "u,u,u"" - rlLog "Executing: pki -d $TEMP_NSS_DB \ - -n pkiUser2 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g7" - rlRun "pki -d $TEMP_NSS_DB \ - -n pkiUser2 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show g7 > $TmpDir/pki-ca-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" - - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ca-group-show-pkiUser1-0025.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-027: group id length exceeds maximum limit defined in the schema" - group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show '$group_length_exceed_max'" - errmsg="ClientResponseFailure: ldap can't save, exceeds max length" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using CA_adminV with group id length exceed maximum defined in ldap schema should fail" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-028: group id with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-show-ca-001_56.out 2>&1" \ - 0 \ - "Adding gid ÖrjanÄke with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show 'ÖrjanÄke'" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show 'ÖrjanÄke' > $TmpDir/pki-group-show-ca-001_56_2.out" \ - 0 \ - "Show group 'ÖrjanÄke'" - rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-group-show-ca-001_56_2.out" - rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-show-ca-001_56_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-CA-029: groupid with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-show-ca-001_57.out 2>&1" \ - 0 \ - "Adding group id ÉricTêko with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show 'ÉricTêko'" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-show 'ÉricTêko' > $TmpDir/pki-group-show-ca-001_57_2.out" \ - 0 \ - "Show group 'ÉricTêko'" - rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-show-ca-001_57_2.out" - rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-show-ca-001_57_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_cleanup-046: Deleting the temp directory and groups" - - #===Deleting groups created using CA_adminV cert===# - i=1 - while [ $i -lt 8 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del g$i > $TmpDir/pki-group-del-ca-group-00$i.out" \ - 0 \ - "Deleted group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group-00$i.out" - let i=$i+1 - done - #===Deleting groups(symbols) created using CA_adminV cert===# - j=1 - while [ $j -lt 8 ] ; do - eval grp=\$group$j - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del $grp > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \ - 0 \ - "Deleted group $grp" - rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group-symbol-00$j.out" - let j=$j+1 - done - - #===Deleting i18n groups created using CA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \ - 0 \ - "Deleted group ÖrjanÄke" - rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out" - - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-group-i18n_2.out" \ - 0 \ - "Deleted group ÉricTêko" - rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-group-i18n_2.out" - - #Delete temporary directory - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-kra.sh deleted file mode 100755 index 57fe3549e..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-kra.sh +++ /dev/null @@ -1,711 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli -# Description: PKI group-show CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-group-cli-group-show-kra Show groups -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -###################################################################################### -#create-role-users.sh should be first executed prior to pki-group-cli-group-show-kra.sh -###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## - -######################################################################## -run_pki-group-cli-group-show-kra_tests(){ - -rlPhaseStartSetup "pki_group_cli_group_show_kra-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 -CA_HOST=$5 -KRA_HOST=$(eval echo \$${MYROLE}) -KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) -eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -ROOTCA_agent_user=${caId}_agentV -local TEMP_NSS_DB="$TmpDir/nssdb" -local TEMP_NSS_DB_PASSWD="redhat123" -local cert_info="$TmpDir/cert_info" - #local variables - group1=test_group - group1desc="Test Group" - group2=abcdefghijklmnopqrstuvwxyx12345678 - group3=abc# - group4=abc$ - group5=abc@ - group6=abc? - group7=0 - - ##### Tests to show KRA groups #### - rlPhaseStartTest "pki_group_cli_group_show_kra-001: Add group to KRA using KRA_adminV and show group" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=\"$group1desc\" $group1" \ - 0 \ - "Add group $group1 using KRA_adminV" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show $group1" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show $group1 > $TmpDir/pki-kra-group-show-001.out" \ - 0 \ - "Show group $group1" - rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-kra-group-show-001.out" - rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-show-001.out" - rlAssertGrep "Description: $group1desc" "$TmpDir/pki-kra-group-show-001.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-002: maximum length of group id" - group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test $group2" \ - 0 \ - "Add group $group2 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show $group2 > $TmpDir/pki-kra-group-show-001_1.out" \ - 0 \ - "Show $group2 group" - rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-kra-group-show-001_1.out" - actual_groupid_string=`cat $TmpDir/pki-kra-group-show-001_1.out | grep 'Group ID:' | xargs echo` - expected_groupid_string="Group ID: $group2" - if [[ $actual_groupid_string = $expected_groupid_string ]] ; then - rlPass "Group ID: $group2 found" - else - rlFail "Group ID: $group2 not found" - fi - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_1.out" - - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-003: Group id with # character" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test $group3" \ - 0 \ - "Add group $group3 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show $group3 > $TmpDir/pki-kra-group-show-001_2.out" \ - 0 \ - "Show $group3 group" - rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-kra-group-show-001_2.out" - rlAssertGrep "Group ID: $group3" "$TmpDir/pki-kra-group-show-001_2.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-004: Group id with $ character" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test $group4" \ - 0 \ - "Add group $group4 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show $group4 > $TmpDir/pki-kra-group-show-001_3.out" \ - 0 \ - "Show $group4 group" - rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-kra-group-show-001_3.out" - rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-kra-group-show-001_3.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_3.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-005: Group id with @ character" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test $group5" \ - 0 \ - "Add $group5 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show $group5 > $TmpDir/pki-kra-group-show-001_4.out" \ - 0 \ - "Show $group5 group" - rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-kra-group-show-001_4.out" - rlAssertGrep "Group ID: $group5" "$TmpDir/pki-kra-group-show-001_4.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_4.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-006: Group id with ? character" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test $group6" \ - 0 \ - "Add $group6 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show $group6 > $TmpDir/pki-kra-group-show-001_5.out" \ - 0 \ - "Show $group6 group" - rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-kra-group-show-001_5.out" - rlAssertGrep "Group ID: $group6" "$TmpDir/pki-kra-group-show-001_5.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_5.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-007: Group id as 0" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test $group7" \ - 0 \ - "Add group $group7 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show $group7 > $TmpDir/pki-kra-group-show-001_6.out" \ - 0 \ - "Show group $group7" - rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-kra-group-show-001_6.out" - rlAssertGrep "Group ID: $group7" "$TmpDir/pki-kra-group-show-001_6.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_6.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-008: --description with maximum length" - desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='$desc' g1" \ - 0 \ - "Added group using KRA_adminV with maximum --description length" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g1 > $TmpDir/pki-kra-group-show-001_7.out" \ - 0 \ - "Show group g1" - rlAssertGrep "Group \"g1\"" "$TmpDir/pki-kra-group-show-001_7.out" - rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-show-001_7.out" - actual_desc_string=`cat $TmpDir/pki-kra-group-show-001_7.out | grep Description: | xargs echo` - expected_desc_string="Description: $desc" - if [[ $actual_desc_string = $expected_desc_string ]] ; then - rlPass "Description: $desc found" - else - rlFail "Description: $desc not found" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-009: --description with maximum length and symbols" - desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') - desc=$(echo $desc_b64 | sed 's/\///g') - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description='$desc' g2" \ - 0 \ - "Added group using CA_adminV with maximum --description length and character symbols in it" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g2 > $TmpDir/pki-kra-group-show-001_8.out" \ - 0 \ - "Show group g2" - rlAssertGrep "Group \"g2\"" "$TmpDir/pki-kra-group-show-001_8.out" - rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-show-001_8.out" - actual_desc_string=`cat $TmpDir/pki-kra-group-show-001_8.out | grep Description: | xargs echo` - expected_desc_string="Description: $desc" - if [[ $actual_desc_string = $expected_desc_string ]] ; then - rlPass "Description: $desc found" - else - rlFail "Description: $desc not found" - fi - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-010: --description with # character" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=# g3" \ - 0 \ - "Add group g3 using pki KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g3 > $TmpDir/pki-kra-group-show-001_9.out" \ - 0 \ - "Add group g3" - rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-001_9.out" - rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-001_9.out" - rlAssertGrep "Description: #" "$TmpDir/pki-kra-group-show-001_9.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-011: --description with * character" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=* g4" \ - 0 \ - "Add group g4 using pki KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g4 > $TmpDir/pki-kra-group-show-001_10.out" \ - 0 \ - "Show group g4 using KRA_adminV" - rlAssertGrep "Group \"g4\"" "$TmpDir/pki-kra-group-show-001_10.out" - rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-show-001_10.out" - rlAssertGrep "Description: *" "$TmpDir/pki-kra-group-show-001_10.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-012: --description with $ character" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=$ g5" \ - 0 \ - "Add group g5 using pki KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g5 > $TmpDir/pki-kra-group-show-001_11.out" \ - 0 \ - "Show group g5 using KRA_adminV" - rlAssertGrep "Group \"g5\"" "$TmpDir/pki-kra-group-show-001_11.out" - rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-show-001_11.out" - rlAssertGrep "Description: \\$" "$TmpDir/pki-kra-group-show-001_11.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-013: --description as number 0" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=0 g6" \ - 0 \ - "Add group g6 using pki KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g6 > $TmpDir/pki-kra-group-show-001_12.out" \ - 0 \ - "Show group g6 using KRA_adminV" - rlAssertGrep "Group \"g6\"" "$TmpDir/pki-kra-group-show-001_12.out" - rlAssertGrep "Group ID: g6" "$TmpDir/pki-kra-group-show-001_12.out" - rlAssertGrep "Description: 0" "$TmpDir/pki-kra-group-show-001_12.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-014: Show group with -t kra option" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test g7" \ - 0 \ - "Adding group g7 using KRA_adminV" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g7 > $TmpDir/pki-kra-group-show-001_32.out" \ - 0 \ - "Show group g7 using KRA_adminV" - rlAssertGrep "Group \"g7\"" "$TmpDir/pki-kra-group-show-001_32.out" - rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-show-001_32.out" - rlAssertGrep "Description: $test" "$TmpDir/pki-kra-group-show-001_32.out" - rlPhaseEnd - - - #Negative Cases - rlPhaseStartTest "pki_group_cli_group_show_kra-015: Missing required option group id" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show" - errmsg="Error: No Group ID specified." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-016: Checking if group id case sensitive " - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show G7 > $TmpDir/pki-kra-group-show-001_35.out 2>&1" \ - 0 \ - "Group ID is not case sensitive" - rlAssertGrep "Group \"G7\"" "$TmpDir/pki-kra-group-show-001_35.out" - rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-show-001_35.out" - rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_35.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show-017: Should not be able to show group using a revoked cert KRA_adminR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-018: Should not be able to show group using an agent with revoked cert KRA_agentR" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" - rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-019: Should not be able to show group using a valid agent KRA_agentV user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-020: Should not be able to show group using admin user with expired cert KRA_adminE" - #Set datetime 2 days ahead - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-021: Should not be able to show group using KRA_agentE cert" - #Set datetime 2 days ahead - rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" - rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-022: Should not be able to show group using a KRA_auditV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-023: Should not be able to show group using a KRA_operatorV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" - errmsg="ForbiddenException: Authorization Error" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-024: Should not be able to show group using a cert created from a untrusted KRA KRA_adminUTCA" - command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" - errmsg="PKIException: Unauthorized" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using KRA_adminUTCA" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-025: Should not be able to show group using a user cert" - #Create a user cert - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ - organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ - target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ - certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" - local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_show_encoded_0025pkcs10.out > $TmpDir/pki_kra_group_show_encoded_0025pkcs10.pem" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_kra_group_show_encoded_0025pkcs10.pem -t "u,u,u"" - rlLog "Executing: pki -d $TEMP_NSS_DB \ - -n pkiUser2 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g7" - rlRun "pki -d $TEMP_NSS_DB \ - -n pkiUser2 \ - -c $TEMP_NSS_DB_PASSWD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show g7 > $TmpDir/pki-kra-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" - - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-show-pkiUser1-0025.out" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-026: group id length exceeds maximum limit defined in the schema" - group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show '$group_length_exceed_max'" - errmsg="ClientResponseFailure: ldap can't save, exceeds max length" - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using KRA_adminV with group id length exceed maximum defined in ldap schema should fail" - rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-027: group id with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-show-001_56.out 2>&1" \ - 0 \ - "Adding gid ÖrjanÄke with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show 'ÖrjanÄke'" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show 'ÖrjanÄke' > $TmpDir/pki-kra-group-show-001_56_2.out" \ - 0 \ - "Show group 'ÖrjanÄke'" - rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-show-001_56_2.out" - rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-show-001_56_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_show_kra-028: groupid with i18n characters" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-add --description=test 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_57.out 2>&1" \ - 0 \ - "Adding group id ÉricTêko with i18n characters" - rlLog "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show 'ÉricTêko'" - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-show 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_57_2.out" \ - 0 \ - "Show group 'ÉricTêko'" - rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-kra-group-show-001_57_2.out" - rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-show-001_57_2.out" - rlPhaseEnd - - rlPhaseStartTest "pki_group_cli_group_cleanup_kra: Deleting the temp directory and groups" - - #===Deleting groups created using KRA_adminV cert===# - i=1 - while [ $i -lt 8 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del g$i > $TmpDir/pki-kra-group-del-group-00$i.out" \ - 0 \ - "Deleted group g$i" - rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group-00$i.out" - let i=$i+1 - done - #===Deleting groups(symbols) created using KRA_adminV cert===# - j=1 - while [ $j -lt 8 ] ; do - eval grp=\$group$j - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ - 0 \ - "Deleted group $grp" - rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" - let j=$j+1 - done - - #===Deleting i18n groups created using KRA_adminV cert===# - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ - 0 \ - "Deleted group ÖrjanÄke" - rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" - - rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ - -c $CERTDB_DIR_PASSWORD \ - -h $KRA_HOST \ - -p $KRA_PORT \ - -t kra \ - group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-group-i18n_2.out" \ - 0 \ - "Deleted group ÉricTêko" - rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-group-i18n_2.out" - - #Delete temporary directory - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -} -- cgit