HBAC test optional sourcehost option

New version of SSSD begins ignoring sourcehost value of HBAC rules by default. In order to match this behaviour the sourcehost option in hbactest is optional now, but the value of sourcehost is ignored in all rules. Every rule's sourcehost value is set to 'ALL' what turns sourchost value comparation off. If srchost option is used, warning is displayed to inform the user about changes. Text of plugin help was also updated. Also the unit tests for hbactest plugin were updated. Every test was doubled. The second ones test the plugin without sourcehost option. They are supposed to have the same result. https://fedorahosted.org/freeipa/ticket/2085
author: Ondrej Hamada <ohamada@redhat.com> 2012-01-07 20:17:25 +0100
committer: Simo Sorce <ssorce@redhat.com> 2012-01-11 12:04:22 -0500
commit: 3dc5be6465e29c4ce73a966678d65b7a4a3d77ff (patch)
tree: a0236832080067d259674090dc2f558c8bd3cd6f /tests
parent: 04d8e76a0aee3ed3ee590582eb4c25569e00d8f6 (diff)
download: freeipa.git-3dc5be6465e29c4ce73a966678d65b7a4a3d77ff.tar.gz
freeipa.git-3dc5be6465e29c4ce73a966678d65b7a4a3d77ff.tar.xz
freeipa.git-3dc5be6465e29c4ce73a966678d65b7a4a3d77ff.zip
1 files changed, 71 insertions, 0 deletions
diff --git a/tests/test_xmlrpc/test_hbactest_plugin.py b/tests/test_xmlrpc/test_hbactest_plugin.py
index 7e4607c8..7899d540 100644
--- a/tests/test_xmlrpc/test_hbactest_plugin.py
+++ b/tests/test_xmlrpc/test_hbactest_plugin.py
@@ -48,6 +48,13 @@ class test_hbactest(XMLRPC_test):
     test_sourcehostgroup = u'hbacrule_test_src_hostgroup'
     test_service = u'ssh'
 
+    # Auxiliary funcion for checking existence of warning for specified rule
+    def check_rule_presence(self,rule_name,warnings):
+        for warning in warnings:
+            if rule_name in warning:
+                return True
+        return False
+
     def test_0_hbactest_addrules(self):
         """
         Prepare data by adding test HBAC rules using `xmlrpc.hbacrule_add'.
@@ -114,6 +121,19 @@ class test_hbactest(XMLRPC_test):
         assert type(ret['error']) == NoneType
         for i in [0,1,2,3]:
             assert self.rule_names[i] in ret['matched']
+            assert self.rule_names[i] in ret['warning'][i]
+
+        # same test without sourcehost value
+        ret = api.Command['hbactest'](
+            user=self.test_user,
+            targethost=self.test_host,
+            service=self.test_service,
+            rules=self.rule_names
+        )
+        assert ret['value'] == True
+        assert type(ret['error']) == NoneType
+        for i in [0,1,2,3]:
+            assert self.rule_names[i] in ret['matched']
 
     def test_b_hbactest_check_rules_nodetail(self):
         """
@@ -131,6 +151,20 @@ class test_hbactest(XMLRPC_test):
         assert ret['error'] == None
         assert ret['matched'] == None
         assert ret['notmatched'] == None
+        assert ret['warning'] == None
+
+        # same test without sourcehost value
+        ret = api.Command['hbactest'](
+            user=self.test_user,
+            targethost=self.test_host,
+            service=self.test_service,
+            rules=self.rule_names,
+            nodetail=True
+        )
+        assert ret['value'] == True
+        assert ret['error'] == None
+        assert ret['matched'] == None
+        assert ret['notmatched'] == None
 
     def test_c_hbactest_check_rules_enabled_detail(self):
         """
@@ -148,6 +182,17 @@ class test_hbactest(XMLRPC_test):
         # Thus, check that our two enabled rules are in matched, nothing more
         for i in [0,2]:
             assert self.rule_names[i] in ret['matched']
+            assert self.check_rule_presence(self.rule_names[i], ret['warning'])
+
+        # same test without sourcehost value
+        ret = api.Command['hbactest'](
+            user=self.test_user,
+            targethost=self.test_host,
+            service=self.test_service,
+            enabled=True
+        )
+        for i in [0,2]:
+            assert self.rule_names[i] in ret['matched']
 
     def test_d_hbactest_check_rules_disabled_detail(self):
         """
@@ -165,6 +210,17 @@ class test_hbactest(XMLRPC_test):
         # Thus, check that our two disabled rules are in matched, nothing more
         for i in [1,3]:
             assert self.rule_names[i] in ret['matched']
+            assert self.check_rule_presence(self.rule_names[i], ret['warning'])
+
+        # same test without sourcehost value
+        ret = api.Command['hbactest'](
+            user=self.test_user,
+            targethost=self.test_host,
+            service=self.test_service,
+            disabled=True
+        )
+        for i in [1,3]:
+            assert self.rule_names[i] in ret['matched']
 
     def test_e_hbactest_check_non_existing_rule_detail(self):
         """
@@ -185,6 +241,21 @@ class test_hbactest(XMLRPC_test):
         for rule in self.rule_names:
             assert u'%s_1x1' % (rule) in ret['error']
 
+        # same test without sourcehost value
+        ret = api.Command['hbactest'](
+            user=self.test_user,
+            targethost=self.test_host,
+            service=self.test_service,
+            rules=[u'%s_1x1' % (rule) for rule in self.rule_names],
+            nodetail=True
+        )
+
+        assert ret['value'] == False
+        assert ret['matched'] == None
+        assert ret['notmatched'] == None
+        for rule in self.rule_names:
+            assert u'%s_1x1' % (rule) in ret['error']
+
     def test_f_hbactest_clear_testing_data(self):
         """
         Clear data for HBAC test plugin testing.
author	Ondrej Hamada <ohamada@redhat.com>	2012-01-07 20:17:25 +0100
committer	Simo Sorce <ssorce@redhat.com>	2012-01-11 12:04:22 -0500
commit	3dc5be6465e29c4ce73a966678d65b7a4a3d77ff (patch)
tree	a0236832080067d259674090dc2f558c8bd3cd6f /tests
parent	04d8e76a0aee3ed3ee590582eb4c25569e00d8f6 (diff)
download	freeipa.git-3dc5be6465e29c4ce73a966678d65b7a4a3d77ff.tar.gz freeipa.git-3dc5be6465e29c4ce73a966678d65b7a4a3d77ff.tar.xz freeipa.git-3dc5be6465e29c4ce73a966678d65b7a4a3d77ff.zip