diff options
| author | Ana Krivokapic <akrivoka@redhat.com> | 2013-04-12 17:38:09 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2013-04-12 14:15:59 -0400 |
| commit | 0d5e310231962fb10a5396477bbcd2ce99b4e544 (patch) | |
| tree | eca6baf18a7e4764469e35fb141463943061a119 | |
| parent | 592db35c87ea8eee0f28b87c12dd889fead98701 (diff) | |
| download | freeipa.git-0d5e310231962fb10a5396477bbcd2ce99b4e544.tar.gz freeipa.git-0d5e310231962fb10a5396477bbcd2ce99b4e544.tar.xz freeipa.git-0d5e310231962fb10a5396477bbcd2ce99b4e544.zip | |
Deprecate HBAC source hosts from CLI
Hide the commands and options listed below from the CLI,
but keep them in the API. When called directly from the API,
raise appropriate exceptions informing the user that the
functionality has been deprecated.
Affected commands: hbacrule_add_sourcehost, hbacrule_remove_sourcehost.
Affected options: sourcehostcategory, sourcehost_host and
sourcehost_hostgroup (hbacrule); sourcehost (hbactest).
https://fedorahosted.org/freeipa/ticket/3528
| -rw-r--r-- | API.txt | 20 | ||||
| -rw-r--r-- | VERSION | 2 | ||||
| -rw-r--r-- | ipalib/__init__.py | 2 | ||||
| -rw-r--r-- | ipalib/errors.py | 15 | ||||
| -rw-r--r-- | ipalib/parameters.py | 17 | ||||
| -rw-r--r-- | ipalib/plugins/hbacrule.py | 49 | ||||
| -rw-r--r-- | ipalib/plugins/hbactest.py | 26 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_hbac_plugin.py | 131 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_hbactest_plugin.py | 80 |
9 files changed, 86 insertions, 256 deletions
@@ -1378,15 +1378,17 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('value', <type 'unicode'>, None) command: hbacrule_add -args: 1,13,3 +args: 1,15,3 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True) option: StrEnum('accessruletype', attribute=True, autofill=True, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=True, values=(u'allow', u'deny')) option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',)) option: StrEnum('hostcategory', attribute=True, cli_name='hostcat', multivalue=False, required=False, values=(u'all',)) -option: StrEnum('sourcehostcategory', attribute=True, cli_name='srchostcat', multivalue=False, required=False, values=(u'all',)) +option: DeprecatedParam('sourcehostcategory', attribute=True, cli_name='sourcehostcategory', multivalue=False, required=False) option: StrEnum('servicecategory', attribute=True, cli_name='servicecat', multivalue=False, required=False, values=(u'all',)) option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=False) option: Bool('ipaenabledflag', attribute=True, cli_name='ipaenabledflag', multivalue=False, required=False) +option: DeprecatedParam('sourcehost_host', attribute=True, cli_name='sourcehost_host', multivalue=False, required=False) +option: DeprecatedParam('sourcehost_hostgroup', attribute=True, cli_name='sourcehost_hostgroup', multivalue=False, required=False) option: Str('externalhost', attribute=True, cli_name='externalhost', multivalue=True, required=False) option: Str('setattr*', cli_name='setattr', exclude='webui') option: Str('addattr*', cli_name='addattr', exclude='webui') @@ -1463,16 +1465,18 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('result', <type 'bool'>, None) output: Output('value', <type 'unicode'>, None) command: hbacrule_find -args: 1,15,4 +args: 1,17,4 arg: Str('criteria?', noextrawhitespace=False) option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False) option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, query=True, required=False, values=(u'allow', u'deny')) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, query=True, required=False, values=(u'all',)) option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostcat', multivalue=False, query=True, required=False, values=(u'all',)) -option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', multivalue=False, query=True, required=False, values=(u'all',)) +option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, query=True, required=False) option: StrEnum('servicecategory', attribute=True, autofill=False, cli_name='servicecat', multivalue=False, query=True, required=False, values=(u'all',)) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False) option: Bool('ipaenabledflag', attribute=True, autofill=False, cli_name='ipaenabledflag', multivalue=False, query=True, required=False) +option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, query=True, required=False) +option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, query=True, required=False) option: Str('externalhost', attribute=True, autofill=False, cli_name='externalhost', multivalue=True, query=True, required=False) option: Int('timelimit?', autofill=False, minvalue=0) option: Int('sizelimit?', autofill=False, minvalue=0) @@ -1485,15 +1489,17 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list output: Output('count', <type 'int'>, None) output: Output('truncated', <type 'bool'>, None) command: hbacrule_mod -args: 1,15,3 +args: 1,17,3 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=False, values=(u'allow', u'deny')) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',)) option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostcat', multivalue=False, required=False, values=(u'all',)) -option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', multivalue=False, required=False, values=(u'all',)) +option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, required=False) option: StrEnum('servicecategory', attribute=True, autofill=False, cli_name='servicecat', multivalue=False, required=False, values=(u'all',)) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False) option: Bool('ipaenabledflag', attribute=True, autofill=False, cli_name='ipaenabledflag', multivalue=False, required=False) +option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, required=False) +option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, required=False) option: Str('externalhost', attribute=True, autofill=False, cli_name='externalhost', multivalue=True, required=False) option: Str('setattr*', cli_name='setattr', exclude='webui') option: Str('addattr*', cli_name='addattr', exclude='webui') @@ -1700,7 +1706,7 @@ output: Output('value', <type 'unicode'>, None) command: hbactest args: 0,10,6 option: Str('user', cli_name='user', primary_key=True) -option: Str('sourcehost?', cli_name='srchost') +option: DeprecatedParam('sourcehost?') option: Str('targethost', cli_name='host') option: Str('service', cli_name='service') option: Str('rules*', cli_name='rules', csv=True) @@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=53 +IPA_API_VERSION_MINOR=54 diff --git a/ipalib/__init__.py b/ipalib/__init__.py index aab74008..57f78472 100644 --- a/ipalib/__init__.py +++ b/ipalib/__init__.py @@ -885,7 +885,7 @@ from backend import Backend from frontend import Command, LocalOrRemote, Updater from frontend import Object, Method, Property from crud import Create, Retrieve, Update, Delete, Search -from parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam +from parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam, DeprecatedParam from parameters import BytesEnum, StrEnum, AccessTime, File from errors import SkipPluginModule from text import _, ngettext, GettextFactory, NGettextFactory diff --git a/ipalib/errors.py b/ipalib/errors.py index 3f53889f..d360b68a 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -796,6 +796,21 @@ class PromptFailed(InvocationError): format = _('Could not get %(name)s interactively') +class DeprecationError(InvocationError): + """ + **3015** Raise when a command has been deprecated + + For example: + + >>> raise DeprecationError(name='hbacrule_add_sourcehost') + Traceback (most recent call last): + ... + DeprecationError: Command 'hbacrule_add_sourcehost' has been deprecated + """ + errno = 3015 + format = _("Command '%(name)s' has been deprecated") + + ############################################################################## # 4000 - 4999: Execution errors diff --git a/ipalib/parameters.py b/ipalib/parameters.py index be94fe49..b894290f 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -1871,6 +1871,23 @@ class DNParam(Param): error=ugettext(e)) return dn + +class DeprecatedParam(Any): + kwargs = Param.kwargs + ( + ('deprecate', bool, True), + ) + + def __init__(self, name, *rules, **kw): + if 'flags' in kw: + kw['flags'] = list(kw['flags']) + ['no_option'] + else: + kw['flags'] = ['no_option'] + + super(DeprecatedParam, self).__init__(name, *rules, **kw) + + def _rule_deprecate(self, _, value): + return _('this option is deprecated') + def create_param(spec): """ Create an `Str` instance from the shorthand ``spec``. diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index fb602d81..42a6fe37 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipalib import api, errors -from ipalib import AccessTime, Password, Str, StrEnum, Bool +from ipalib import AccessTime, Password, Str, StrEnum, Bool, DeprecatedParam from ipalib.plugins.baseldap import * from ipalib import _, ngettext @@ -150,7 +150,7 @@ class hbacrule(LDAPObject): exclude='webui', flags=['no_option', 'no_output'], ), - # FIXME: {user,host,sourcehost,service}categories should expand in the future + # FIXME: {user,host,service}categories should expand in the future StrEnum('usercategory?', cli_name='usercat', label=_('User category'), @@ -163,12 +163,7 @@ class hbacrule(LDAPObject): doc=_('Host category the rule applies to'), values=(u'all', ), ), - StrEnum('sourcehostcategory?', - cli_name='srchostcat', - label=_('Source host category'), - doc=_('Source host category the rule applies to'), - values=(u'all', ), - ), + DeprecatedParam('sourcehostcategory?'), StrEnum('servicecategory?', cli_name='servicecat', label=_('Service category'), @@ -203,14 +198,8 @@ class hbacrule(LDAPObject): label=_('Host Groups'), flags=['no_create', 'no_update', 'no_search'], ), - Str('sourcehost_host?', - label=_('Source Hosts'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('sourcehost_hostgroup?', - label=_('Source Host Groups'), - flags=['no_create', 'no_update', 'no_search'], - ), + DeprecatedParam('sourcehost_host?'), + DeprecatedParam('sourcehost_hostgroup?'), Str('memberservice_hbacsvc?', label=_('Services'), flags=['no_create', 'no_update', 'no_search'], @@ -272,8 +261,6 @@ class hbacrule_mod(LDAPUpdate): raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are allowed users")) if is_all(options, 'hostcategory') and 'memberhost' in entry_attrs: raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are allowed hosts")) - if is_all(options, 'sourcehostcategory') and 'sourcehost' in entry_attrs: - raise errors.MutuallyExclusiveError(reason=_("sourcehost category cannot be set to 'all' while there are allowed sourcehosts")) if is_all(options, 'servicecategory') and 'memberservice' in entry_attrs: raise errors.MutuallyExclusiveError(reason=_("service category cannot be set to 'all' while there are allowed services")) return dn @@ -493,39 +480,25 @@ api.register(hbacrule_remove_host) class hbacrule_add_sourcehost(LDAPAddMember): - __doc__ = _('Add source hosts and hostgroups from a HBAC rule.') + NO_CLI = True member_attributes = ['sourcehost'] member_count_out = ('%i object added.', '%i objects added.') - def pre_callback(self, ldap, dn, found, not_found, *keys, **options): - assert isinstance(dn, DN) - try: - (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes) - except errors.NotFound: - self.obj.handle_not_found(*keys) - if 'sourcehostcategory' in entry_attrs and \ - entry_attrs['sourcehostcategory'][0].lower() == 'all': - raise errors.MutuallyExclusiveError(reason=_( - "source hosts cannot be added when sourcehost category='all'")) - return add_external_pre_callback('host', ldap, dn, keys, options) - - def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): - assert isinstance(dn, DN) - return add_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) + def validate(self, **kw): + raise errors.DeprecationError(name='hbacrule_add_sourcehost') api.register(hbacrule_add_sourcehost) class hbacrule_remove_sourcehost(LDAPRemoveMember): - __doc__ = _('Remove source hosts and hostgroups from an HBAC rule.') + NO_CLI = True member_attributes = ['sourcehost'] member_count_out = ('%i object removed.', '%i objects removed.') - def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): - assert isinstance(dn, DN) - return remove_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) + def validate(self, **kw): + raise errors.DeprecationError(name='hbacrule_remove_sourcehost') api.register(hbacrule_remove_sourcehost) diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py index da4be28b..a20a95da 100644 --- a/ipalib/plugins/hbactest.py +++ b/ipalib/plugins/hbactest.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipalib import api, errors, output, util -from ipalib import Command, Str, Flag, Int +from ipalib import Command, Str, Flag, Int, DeprecatedParam from types import NoneType from ipalib.cli import to_cli from ipalib import _, ngettext @@ -255,10 +255,7 @@ class hbactest(Command): label=_('User name'), primary_key=True, ), - Str('sourcehost?', - cli_name='srchost', - label=_('Source host'), - ), + DeprecatedParam('sourcehost?'), Str('targethost', cli_name='host', label=_('Target host'), @@ -304,7 +301,7 @@ class hbactest(Command): def execute(self, *args, **options): # First receive all needed information: # 1. HBAC rules (whether enabled or disabled) - # 2. Required options are (user, source host, target host, service) + # 2. Required options are (user, target host, service) # 3. Options: rules to test (--rules, --enabled, --disabled), request for detail output rules = [] @@ -436,21 +433,6 @@ class hbactest(Command): except: pass - if options.get('sourcehost'): - warning_flag = True - if options['sourcehost'] != u'all': - try: - request.srchost.name = self.canonicalize(options['sourcehost']) - srchost_result = self.api.Command.host_show(request.srchost.name)['result'] - groups = srchost_result['memberof_hostgroup'] - if 'memberofindirect_hostgroup' in srchost_result: - groups += srchost_result['memberofindirect_hostgroup'] - request.srchost.groups = sorted(set(groups)) - except: - pass - else: - warning_flag = False - if options['targethost'] != u'all': try: request.targethost.name = self.canonicalize(options['targethost']) @@ -477,8 +459,6 @@ class hbactest(Command): matched_rules.append(ipa_rule.name) if res == pyhbac.HBAC_EVAL_DENY: notmatched_rules.append(ipa_rule.name) - if warning_flag: - warning_rules.append(_(u'Sourcehost value of rule "%s" is ignored') % (ipa_rule.name)) except pyhbac.HbacError as (code, rule_name): if code == pyhbac.HBAC_EVAL_ERROR: error_rules.append(rule_name) diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py index 22c9b74e..c0f8b530 100644 --- a/tests/test_xmlrpc/test_hbac_plugin.py +++ b/tests/test_xmlrpc/test_hbac_plugin.py @@ -45,8 +45,6 @@ class test_hbac(XMLRPC_test): test_group = u'hbacrule_test_group' test_host = u'hbacrule.testnetgroup' test_hostgroup = u'hbacrule_test_hostgroup' - test_sourcehost = u'hbacrule.testsrchost' - test_sourcehostgroup = u'hbacrule_test_src_hostgroup' test_service = u'sshd' test_host_external = u'notfound.example.com' @@ -150,12 +148,6 @@ class test_hbac(XMLRPC_test): self.failsafe_add(api.Object.hostgroup, self.test_hostgroup, description=u'description' ) - self.failsafe_add(api.Object.host, - self.test_sourcehost, force=True - ) - self.failsafe_add(api.Object.hostgroup, - self.test_sourcehostgroup, description=u'desc' - ) self.failsafe_add(api.Object.hbacsvc, self.test_service, description=u'desc', ) @@ -268,34 +260,14 @@ class test_hbac(XMLRPC_test): assert 'memberhost_host' not in entry assert 'memberhost_hostgroup' not in entry - def test_a_hbacrule_add_sourcehost(self): + @raises(errors.DeprecationError) + def test_a_hbacrule_add_sourcehost_deprecated(self): """ - Test adding source host and hostgroup to HBAC rule using `xmlrpc.hbacrule_add_host`. + Test deprecated command hbacrule_add_sourcehost. """ ret = api.Command['hbacrule_add_sourcehost']( self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup ) - assert ret['completed'] == 2 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert_attr_equal(entry, 'sourcehost_host', self.test_host) - assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup) - - def test_a_hbacrule_add_invalid_sourcehost(self): - """ - Test adding invalid source host to HBAC rule using `xmlrpc.hbacrule_add_host`. - """ - try: - api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_invalid_sourcehost, hostgroup=self.test_hostgroup - ) - except errors.ValidationError: - pass def test_a_hbacrule_add_service(self): """ @@ -327,55 +299,14 @@ class test_hbac(XMLRPC_test): entry = ret['result'] assert 'memberservice service' not in entry - def test_b_hbacrule_remove_sourcehost(self): + @raises(errors.DeprecationError) + def test_b_hbacrule_remove_sourcehost_deprecated(self): """ - Test removing source host and hostgroup from HBAC rule using `xmlrpc.hbacrule_remove_host`. + Test deprecated command hbacrule_remove_sourcehost. """ ret = api.Command['hbacrule_remove_sourcehost']( self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup ) - assert ret['completed'] == 2 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert 'sourcehost host' not in entry - assert 'sourcehost hostgroup' not in entry - - def test_c_hbacrule_add_external_host(self): - """ - Test adding an external host using `xmlrpc.hbacrule_add_host`. - """ - ret = api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 1 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert_attr_equal(entry, 'externalhost', self.test_host_external) - - def test_c_hbacrule_add_same_external(self): - """ - Test adding the same external host using `xmlrpc.hbacrule_add_host`. - """ - ret = api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 0 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert (self.test_host_external, unicode(errors.AlreadyGroupMember())) in failed['sourcehost']['host'] - entry = ret['result'] - assert_attr_equal(entry, 'externalhost', self.test_host_external) @raises(errors.ValidationError) def test_c_hbacrule_mod_invalid_external_setattr(self): @@ -386,40 +317,6 @@ class test_hbac(XMLRPC_test): self.rule_name, setattr=self.test_invalid_sourcehost ) - def test_c_hbacrule_remove_external_host(self): - """ - Test removing external source host using `xmlrpc.hbacrule_remove_host`. - """ - ret = api.Command['hbacrule_remove_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 1 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert 'sourcehost host' not in entry - assert 'sourcehost hostgroup' not in entry - - def test_c_hbacrule_remove_nonexist_external(self): - """ - Test removing non-existent external source host using `xmlrpc.hbacrule_remove_host`. - """ - ret = api.Command['hbacrule_remove_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 0 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert (self.test_host_external, unicode(errors.NotGroupMember())) in failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - def test_d_hbacrule_disable(self): """ Test disabling HBAC rule using `xmlrpc.hbacrule_disable`. @@ -551,17 +448,12 @@ class test_hbac(XMLRPC_test): """ Test adding various links to HBAC rule """ - api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup - ) api.Command['hbacrule_add_service']( self.rule_name, hbacsvc=self.test_service ) entry = api.Command['hbacrule_show'](self.rule_name)['result'] assert_attr_equal(entry, 'cn', self.rule_name) - assert_attr_equal(entry, 'sourcehost_host', self.test_host) - assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup) assert_attr_equal(entry, 'memberservice_hbacsvc', self.test_service) def test_y_hbacrule_zap_testing_data(self): @@ -574,8 +466,6 @@ class test_hbac(XMLRPC_test): api.Command['group_del'](self.test_group) api.Command['host_del'](self.test_host) api.Command['hostgroup_del'](self.test_hostgroup) - api.Command['host_del'](self.test_sourcehost) - api.Command['hostgroup_del'](self.test_sourcehostgroup) api.Command['hbacsvc_del'](self.test_service) def test_k_2_sudorule_referential_integrity(self): @@ -596,3 +486,12 @@ class test_hbac(XMLRPC_test): # verify that it's gone with assert_raises(errors.NotFound): api.Command['hbacrule_show'](self.rule_name) + + @raises(errors.ValidationError) + def test_zz_hbacrule_add_with_deprecated_option(self): + """ + Test using a deprecated command option 'sourcehostcategory' with 'hbacrule_add'. + """ + api.Command['hbacrule_add']( + self.rule_name, sourcehostcategory=u'all' + ) diff --git a/tests/test_xmlrpc/test_hbactest_plugin.py b/tests/test_xmlrpc/test_hbactest_plugin.py index bc12e897..520f2024 100644 --- a/tests/test_xmlrpc/test_hbactest_plugin.py +++ b/tests/test_xmlrpc/test_hbactest_plugin.py @@ -25,6 +25,7 @@ from xmlrpc_test import XMLRPC_test, assert_attr_equal from ipalib import api from ipalib import errors from types import NoneType +from nose.tools import raises # Test strategy: # 1. Create few allow rules: with user categories, with explicit users, with user groups, with groups, with services @@ -95,10 +96,6 @@ class test_hbactest(XMLRPC_test): self.rule_names[i], host=self.test_host, hostgroup=self.test_hostgroup ) - ret = api.Command['hbacrule_add_sourcehost']( - self.rule_names[i], host=self.test_sourcehost, hostgroup=self.test_sourcehostgroup - ) - ret = api.Command['hbacrule_add_service']( self.rule_names[i], hbacsvc=self.test_service ) @@ -112,20 +109,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, - targethost=self.test_host, - service=self.test_service, - rules=self.rule_names - ) - assert ret['value'] == True - assert type(ret['error']) == NoneType - for i in [0,1,2,3]: - assert self.rule_names[i] in ret['matched'] - assert self.rule_names[i] in ret['warning'][i] - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, targethost=self.test_host, service=self.test_service, rules=self.rule_names @@ -141,21 +124,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, - targethost=self.test_host, - service=self.test_service, - rules=self.rule_names, - nodetail=True - ) - assert ret['value'] == True - assert ret['error'] == None - assert ret['matched'] == None - assert ret['notmatched'] == None - assert ret['warning'] == None - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, targethost=self.test_host, service=self.test_service, rules=self.rule_names, @@ -172,7 +140,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, targethost=self.test_host, service=self.test_service, enabled=True @@ -182,17 +149,6 @@ class test_hbactest(XMLRPC_test): # Thus, check that our two enabled rules are in matched, nothing more for i in [0,2]: assert self.rule_names[i] in ret['matched'] - assert self.check_rule_presence(self.rule_names[i], ret['warning']) - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, - targethost=self.test_host, - service=self.test_service, - enabled=True - ) - for i in [0,2]: - assert self.rule_names[i] in ret['matched'] def test_d_hbactest_check_rules_disabled_detail(self): """ @@ -200,7 +156,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, targethost=self.test_host, service=self.test_service, disabled=True @@ -210,17 +165,6 @@ class test_hbactest(XMLRPC_test): # Thus, check that our two disabled rules are in matched, nothing more for i in [1,3]: assert self.rule_names[i] in ret['matched'] - assert self.check_rule_presence(self.rule_names[i], ret['warning']) - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, - targethost=self.test_host, - service=self.test_service, - disabled=True - ) - for i in [1,3]: - assert self.rule_names[i] in ret['matched'] def test_e_hbactest_check_non_existing_rule_detail(self): """ @@ -228,7 +172,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, targethost=self.test_host, service=self.test_service, rules=[u'%s_1x1' % (rule) for rule in self.rule_names], @@ -241,30 +184,27 @@ class test_hbactest(XMLRPC_test): for rule in self.rule_names: assert u'%s_1x1' % (rule) in ret['error'] - # same test without sourcehost value - ret = api.Command['hbactest']( + @raises(errors.ValidationError) + def test_f_hbactest_check_sourcehost_option_is_deprecated(self): + """ + Test running 'ipa hbactest' with --srchost option raises ValidationError + """ + api.Command['hbactest']( user=self.test_user, targethost=self.test_host, + sourcehost=self.test_sourcehost, service=self.test_service, - rules=[u'%s_1x1' % (rule) for rule in self.rule_names], + rules=[u'%s_1x1' % rule for rule in self.rule_names], nodetail=True ) - assert ret['value'] == False - assert ret['matched'] == None - assert ret['notmatched'] == None - for rule in self.rule_names: - assert u'%s_1x1' % (rule) in ret['error'] - - def test_f_hbactest_clear_testing_data(self): + def test_g_hbactest_clear_testing_data(self): """ Clear data for HBAC test plugin testing. """ for i in [0,1,2,3]: api.Command['hbacrule_remove_host'](self.rule_names[i], host=self.test_host) api.Command['hbacrule_remove_host'](self.rule_names[i], hostgroup=self.test_hostgroup) - api.Command['hbacrule_remove_sourcehost'](self.rule_names[i], host=self.test_sourcehost) - api.Command['hbacrule_remove_sourcehost'](self.rule_names[i], hostgroup=self.test_sourcehostgroup) api.Command['hbacrule_del'](self.rule_names[i]) api.Command['user_del'](self.test_user) |