diff options
| author | Tomas Babej <tbabej@redhat.com> | 2015-12-02 15:25:49 +0100 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-12-11 14:25:50 +0100 |
| commit | a02f83ff9c6a1920cedebee69dc6857c3521f161 (patch) | |
| tree | 606f700807773e6481a0d3f9198133188c73ddfa /ipatests/test_integration/test_sudo.py | |
| parent | 7c4ce9a09863d5364b4634fac03e83a4e9caae42 (diff) | |
| download | freeipa-a02f83ff9c6a1920cedebee69dc6857c3521f161.tar.gz freeipa-a02f83ff9c6a1920cedebee69dc6857c3521f161.tar.xz freeipa-a02f83ff9c6a1920cedebee69dc6857c3521f161.zip | |
tests: Add hostmask detection for sudo rules validating on hostmask
IPA sudo tests worked under the assumption that the clients
that are executing the sudo commands have their IPs assigned
within 255.255.255.0 hostmask.
Removes this (invalid) assumption and adds a
dynamic detection of the hostmask of the IPA client.
https://fedorahosted.org/freeipa/ticket/5501
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
Diffstat (limited to 'ipatests/test_integration/test_sudo.py')
| -rw-r--r-- | ipatests/test_integration/test_sudo.py | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py index 1dd4c5d73..b1f31556a 100644 --- a/ipatests/test_integration/test_sudo.py +++ b/ipatests/test_integration/test_sudo.py @@ -17,8 +17,11 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import pytest + from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration.tasks import clear_sssd_cache +from ipatests.test_integration import util class TestSudo(IntegrationTest): @@ -269,13 +272,25 @@ class TestSudo(IntegrationTest): '--hostgroups', 'testhostgroup']) def test_sudo_rule_restricted_to_one_hostmask_setup(self): - # Add the client's /24 hostmask to the rule - ip = self.client.ip + # We need to detect the hostmask first + full_ip = util.get_host_ip_with_hostmask(self.client) + + # Make a note for the next test, which needs to be skipped + # if hostmask detection failed + self.__class__.skip_hostmask_based = False + + if not full_ip: + self.__class__.skip_hostmask_based = True + raise pytest.skip("Hostmask could not be detected") + self.master.run_command(['ipa', '-n', 'sudorule-add-host', 'testrule', - '--hostmask', '%s/24' % ip]) + '--hostmask', full_ip]) def test_sudo_rule_restricted_to_one_hostmask(self): + if self.__class__.skip_hostmask_based: + raise pytest.skip("Hostmask could not be detected") + result1 = self.list_sudo_commands("testuser1") assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text @@ -284,11 +299,16 @@ class TestSudo(IntegrationTest): assert result.returncode != 0 def test_sudo_rule_restricted_to_one_hostmask_teardown(self): - # Remove the client's /24 hostmask from the rule - ip = self.client.ip + if self.__class__.skip_hostmask_based: + raise pytest.skip("Hostmask could not be detected") + + # Detect the hostmask first to delete the hostmask based rule + full_ip = util.get_host_ip_with_hostmask(self.client) + + # Remove the client's hostmask from the rule self.master.run_command(['ipa', '-n', 'sudorule-remove-host', 'testrule', - '--hostmask', '%s/24' % ip]) + '--hostmask', full_ip]) def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self): # Add the master's hostmask to the rule |