diff options
| -rw-r--r-- | API.txt | 20 | ||||
| -rw-r--r-- | VERSION | 2 | ||||
| -rw-r--r-- | ipalib/__init__.py | 2 | ||||
| -rw-r--r-- | ipalib/errors.py | 15 | ||||
| -rw-r--r-- | ipalib/parameters.py | 17 | ||||
| -rw-r--r-- | ipalib/plugins/hbacrule.py | 49 | ||||
| -rw-r--r-- | ipalib/plugins/hbactest.py | 26 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_hbac_plugin.py | 131 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_hbactest_plugin.py | 80 |
9 files changed, 86 insertions, 256 deletions
@@ -1379,7 +1379,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('value', <type 'unicode'>, None) command: hbacrule_add -args: 1,13,3 +args: 1,15,3 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True) option: StrEnum('accessruletype', attribute=True, autofill=True, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=True, values=(u'allow', u'deny')) option: Str('addattr*', cli_name='addattr', exclude='webui') @@ -1391,7 +1391,9 @@ option: Bool('ipaenabledflag', attribute=True, cli_name='ipaenabledflag', multiv option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: StrEnum('servicecategory', attribute=True, cli_name='servicecat', multivalue=False, required=False, values=(u'all',)) option: Str('setattr*', cli_name='setattr', exclude='webui') -option: StrEnum('sourcehostcategory', attribute=True, cli_name='srchostcat', multivalue=False, required=False, values=(u'all',)) +option: DeprecatedParam('sourcehost_host', attribute=True, cli_name='sourcehost_host', multivalue=False, required=False) +option: DeprecatedParam('sourcehost_hostgroup', attribute=True, cli_name='sourcehost_hostgroup', multivalue=False, required=False) +option: DeprecatedParam('sourcehostcategory', attribute=True, cli_name='sourcehostcategory', multivalue=False, required=False) option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',)) option: Str('version?', exclude='webui') output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) @@ -1464,7 +1466,7 @@ output: Output('result', <type 'bool'>, None) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('value', <type 'unicode'>, None) command: hbacrule_find -args: 1,15,4 +args: 1,17,4 arg: Str('criteria?', noextrawhitespace=False) option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, query=True, required=False, values=(u'allow', u'deny')) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -1477,7 +1479,9 @@ option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: StrEnum('servicecategory', attribute=True, autofill=False, cli_name='servicecat', multivalue=False, query=True, required=False, values=(u'all',)) option: Int('sizelimit?', autofill=False, minvalue=0) -option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', multivalue=False, query=True, required=False, values=(u'all',)) +option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, query=True, required=False) +option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, query=True, required=False) +option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, query=True, required=False) option: Int('timelimit?', autofill=False, minvalue=0) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, query=True, required=False, values=(u'all',)) option: Str('version?', exclude='webui') @@ -1486,7 +1490,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('truncated', <type 'bool'>, None) command: hbacrule_mod -args: 1,15,3 +args: 1,17,3 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=False, values=(u'allow', u'deny')) option: Str('addattr*', cli_name='addattr', exclude='webui') @@ -1500,7 +1504,9 @@ option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui option: Flag('rights', autofill=True, default=False) option: StrEnum('servicecategory', attribute=True, autofill=False, cli_name='servicecat', multivalue=False, required=False, values=(u'all',)) option: Str('setattr*', cli_name='setattr', exclude='webui') -option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', multivalue=False, required=False, values=(u'all',)) +option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, required=False) +option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, required=False) +option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, required=False) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',)) option: Str('version?', exclude='webui') output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) @@ -1706,7 +1712,7 @@ option: Flag('nodetail?', autofill=True, cli_name='nodetail', default=False) option: Str('rules*', cli_name='rules', csv=True) option: Str('service', cli_name='service') option: Int('sizelimit?', autofill=False, minvalue=0) -option: Str('sourcehost?', cli_name='srchost') +option: DeprecatedParam('sourcehost?') option: Str('targethost', cli_name='host') option: Str('user', cli_name='user', primary_key=True) option: Str('version?', exclude='webui') @@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=56 +IPA_API_VERSION_MINOR=57 diff --git a/ipalib/__init__.py b/ipalib/__init__.py index aab740081..57f784721 100644 --- a/ipalib/__init__.py +++ b/ipalib/__init__.py @@ -885,7 +885,7 @@ from backend import Backend from frontend import Command, LocalOrRemote, Updater from frontend import Object, Method, Property from crud import Create, Retrieve, Update, Delete, Search -from parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam +from parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam, DeprecatedParam from parameters import BytesEnum, StrEnum, AccessTime, File from errors import SkipPluginModule from text import _, ngettext, GettextFactory, NGettextFactory diff --git a/ipalib/errors.py b/ipalib/errors.py index 658c8cbc2..716decb2b 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -796,6 +796,21 @@ class PromptFailed(InvocationError): format = _('Could not get %(name)s interactively') +class DeprecationError(InvocationError): + """ + **3015** Raise when a command has been deprecated + + For example: + + >>> raise DeprecationError(name='hbacrule_add_sourcehost') + Traceback (most recent call last): + ... + DeprecationError: Command 'hbacrule_add_sourcehost' has been deprecated + """ + errno = 3015 + format = _("Command '%(name)s' has been deprecated") + + ############################################################################## # 4000 - 4999: Execution errors diff --git a/ipalib/parameters.py b/ipalib/parameters.py index a934a8fb2..ab4b83216 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -1800,6 +1800,23 @@ class DNParam(Param): error=ugettext(e)) return dn + +class DeprecatedParam(Any): + kwargs = Param.kwargs + ( + ('deprecate', bool, True), + ) + + def __init__(self, name, *rules, **kw): + if 'flags' in kw: + kw['flags'] = list(kw['flags']) + ['no_option'] + else: + kw['flags'] = ['no_option'] + + super(DeprecatedParam, self).__init__(name, *rules, **kw) + + def _rule_deprecate(self, _, value): + return _('this option is deprecated') + def create_param(spec): """ Create an `Str` instance from the shorthand ``spec``. diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 41aaf97ee..5cc8bc1a3 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipalib import api, errors -from ipalib import AccessTime, Password, Str, StrEnum, Bool +from ipalib import AccessTime, Password, Str, StrEnum, Bool, DeprecatedParam from ipalib.plugins.baseldap import * from ipalib import _, ngettext @@ -150,7 +150,7 @@ class hbacrule(LDAPObject): exclude='webui', flags=['no_option', 'no_output'], ), - # FIXME: {user,host,sourcehost,service}categories should expand in the future + # FIXME: {user,host,service}categories should expand in the future StrEnum('usercategory?', cli_name='usercat', label=_('User category'), @@ -163,12 +163,7 @@ class hbacrule(LDAPObject): doc=_('Host category the rule applies to'), values=(u'all', ), ), - StrEnum('sourcehostcategory?', - cli_name='srchostcat', - label=_('Source host category'), - doc=_('Source host category the rule applies to'), - values=(u'all', ), - ), + DeprecatedParam('sourcehostcategory?'), StrEnum('servicecategory?', cli_name='servicecat', label=_('Service category'), @@ -203,14 +198,8 @@ class hbacrule(LDAPObject): label=_('Host Groups'), flags=['no_create', 'no_update', 'no_search'], ), - Str('sourcehost_host?', - label=_('Source Hosts'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('sourcehost_hostgroup?', - label=_('Source Host Groups'), - flags=['no_create', 'no_update', 'no_search'], - ), + DeprecatedParam('sourcehost_host?'), + DeprecatedParam('sourcehost_hostgroup?'), Str('memberservice_hbacsvc?', label=_('Services'), flags=['no_create', 'no_update', 'no_search'], @@ -272,8 +261,6 @@ class hbacrule_mod(LDAPUpdate): raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are allowed users")) if is_all(options, 'hostcategory') and 'memberhost' in entry_attrs: raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are allowed hosts")) - if is_all(options, 'sourcehostcategory') and 'sourcehost' in entry_attrs: - raise errors.MutuallyExclusiveError(reason=_("sourcehost category cannot be set to 'all' while there are allowed sourcehosts")) if is_all(options, 'servicecategory') and 'memberservice' in entry_attrs: raise errors.MutuallyExclusiveError(reason=_("service category cannot be set to 'all' while there are allowed services")) return dn @@ -493,39 +480,25 @@ api.register(hbacrule_remove_host) class hbacrule_add_sourcehost(LDAPAddMember): - __doc__ = _('Add source hosts and hostgroups from a HBAC rule.') + NO_CLI = True member_attributes = ['sourcehost'] member_count_out = ('%i object added.', '%i objects added.') - def pre_callback(self, ldap, dn, found, not_found, *keys, **options): - assert isinstance(dn, DN) - try: - (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes) - except errors.NotFound: - self.obj.handle_not_found(*keys) - if 'sourcehostcategory' in entry_attrs and \ - entry_attrs['sourcehostcategory'][0].lower() == 'all': - raise errors.MutuallyExclusiveError(reason=_( - "source hosts cannot be added when sourcehost category='all'")) - return add_external_pre_callback('host', ldap, dn, keys, options) - - def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): - assert isinstance(dn, DN) - return add_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) + def validate(self, **kw): + raise errors.DeprecationError(name='hbacrule_add_sourcehost') api.register(hbacrule_add_sourcehost) class hbacrule_remove_sourcehost(LDAPRemoveMember): - __doc__ = _('Remove source hosts and hostgroups from an HBAC rule.') + NO_CLI = True member_attributes = ['sourcehost'] member_count_out = ('%i object removed.', '%i objects removed.') - def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): - assert isinstance(dn, DN) - return remove_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) + def validate(self, **kw): + raise errors.DeprecationError(name='hbacrule_remove_sourcehost') api.register(hbacrule_remove_sourcehost) diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py index 25c64ea4d..eeb0281f5 100644 --- a/ipalib/plugins/hbactest.py +++ b/ipalib/plugins/hbactest.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipalib import api, errors, output, util -from ipalib import Command, Str, Flag, Int +from ipalib import Command, Str, Flag, Int, DeprecatedParam from types import NoneType from ipalib.cli import to_cli from ipalib import _, ngettext @@ -255,10 +255,7 @@ class hbactest(Command): label=_('User name'), primary_key=True, ), - Str('sourcehost?', - cli_name='srchost', - label=_('Source host'), - ), + DeprecatedParam('sourcehost?'), Str('targethost', cli_name='host', label=_('Target host'), @@ -304,7 +301,7 @@ class hbactest(Command): def execute(self, *args, **options): # First receive all needed information: # 1. HBAC rules (whether enabled or disabled) - # 2. Required options are (user, source host, target host, service) + # 2. Required options are (user, target host, service) # 3. Options: rules to test (--rules, --enabled, --disabled), request for detail output rules = [] @@ -436,21 +433,6 @@ class hbactest(Command): except: pass - if options.get('sourcehost'): - warning_flag = True - if options['sourcehost'] != u'all': - try: - request.srchost.name = self.canonicalize(options['sourcehost']) - srchost_result = self.api.Command.host_show(request.srchost.name)['result'] - groups = srchost_result['memberof_hostgroup'] - if 'memberofindirect_hostgroup' in srchost_result: - groups += srchost_result['memberofindirect_hostgroup'] - request.srchost.groups = sorted(set(groups)) - except: - pass - else: - warning_flag = False - if options['targethost'] != u'all': try: request.targethost.name = self.canonicalize(options['targethost']) @@ -477,8 +459,6 @@ class hbactest(Command): matched_rules.append(ipa_rule.name) if res == pyhbac.HBAC_EVAL_DENY: notmatched_rules.append(ipa_rule.name) - if warning_flag: - warning_rules.append(_(u'Sourcehost value of rule "%s" is ignored') % (ipa_rule.name)) except pyhbac.HbacError as (code, rule_name): if code == pyhbac.HBAC_EVAL_ERROR: error_rules.append(rule_name) diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py index 22c9b74e9..c0f8b5307 100644 --- a/tests/test_xmlrpc/test_hbac_plugin.py +++ b/tests/test_xmlrpc/test_hbac_plugin.py @@ -45,8 +45,6 @@ class test_hbac(XMLRPC_test): test_group = u'hbacrule_test_group' test_host = u'hbacrule.testnetgroup' test_hostgroup = u'hbacrule_test_hostgroup' - test_sourcehost = u'hbacrule.testsrchost' - test_sourcehostgroup = u'hbacrule_test_src_hostgroup' test_service = u'sshd' test_host_external = u'notfound.example.com' @@ -150,12 +148,6 @@ class test_hbac(XMLRPC_test): self.failsafe_add(api.Object.hostgroup, self.test_hostgroup, description=u'description' ) - self.failsafe_add(api.Object.host, - self.test_sourcehost, force=True - ) - self.failsafe_add(api.Object.hostgroup, - self.test_sourcehostgroup, description=u'desc' - ) self.failsafe_add(api.Object.hbacsvc, self.test_service, description=u'desc', ) @@ -268,34 +260,14 @@ class test_hbac(XMLRPC_test): assert 'memberhost_host' not in entry assert 'memberhost_hostgroup' not in entry - def test_a_hbacrule_add_sourcehost(self): + @raises(errors.DeprecationError) + def test_a_hbacrule_add_sourcehost_deprecated(self): """ - Test adding source host and hostgroup to HBAC rule using `xmlrpc.hbacrule_add_host`. + Test deprecated command hbacrule_add_sourcehost. """ ret = api.Command['hbacrule_add_sourcehost']( self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup ) - assert ret['completed'] == 2 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert_attr_equal(entry, 'sourcehost_host', self.test_host) - assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup) - - def test_a_hbacrule_add_invalid_sourcehost(self): - """ - Test adding invalid source host to HBAC rule using `xmlrpc.hbacrule_add_host`. - """ - try: - api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_invalid_sourcehost, hostgroup=self.test_hostgroup - ) - except errors.ValidationError: - pass def test_a_hbacrule_add_service(self): """ @@ -327,55 +299,14 @@ class test_hbac(XMLRPC_test): entry = ret['result'] assert 'memberservice service' not in entry - def test_b_hbacrule_remove_sourcehost(self): + @raises(errors.DeprecationError) + def test_b_hbacrule_remove_sourcehost_deprecated(self): """ - Test removing source host and hostgroup from HBAC rule using `xmlrpc.hbacrule_remove_host`. + Test deprecated command hbacrule_remove_sourcehost. """ ret = api.Command['hbacrule_remove_sourcehost']( self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup ) - assert ret['completed'] == 2 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert 'sourcehost host' not in entry - assert 'sourcehost hostgroup' not in entry - - def test_c_hbacrule_add_external_host(self): - """ - Test adding an external host using `xmlrpc.hbacrule_add_host`. - """ - ret = api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 1 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert_attr_equal(entry, 'externalhost', self.test_host_external) - - def test_c_hbacrule_add_same_external(self): - """ - Test adding the same external host using `xmlrpc.hbacrule_add_host`. - """ - ret = api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 0 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert (self.test_host_external, unicode(errors.AlreadyGroupMember())) in failed['sourcehost']['host'] - entry = ret['result'] - assert_attr_equal(entry, 'externalhost', self.test_host_external) @raises(errors.ValidationError) def test_c_hbacrule_mod_invalid_external_setattr(self): @@ -386,40 +317,6 @@ class test_hbac(XMLRPC_test): self.rule_name, setattr=self.test_invalid_sourcehost ) - def test_c_hbacrule_remove_external_host(self): - """ - Test removing external source host using `xmlrpc.hbacrule_remove_host`. - """ - ret = api.Command['hbacrule_remove_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 1 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert not failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - assert 'sourcehost host' not in entry - assert 'sourcehost hostgroup' not in entry - - def test_c_hbacrule_remove_nonexist_external(self): - """ - Test removing non-existent external source host using `xmlrpc.hbacrule_remove_host`. - """ - ret = api.Command['hbacrule_remove_sourcehost']( - self.rule_name, host=self.test_host_external - ) - assert ret['completed'] == 0 - failed = ret['failed'] - assert 'sourcehost' in failed - assert 'host' in failed['sourcehost'] - assert (self.test_host_external, unicode(errors.NotGroupMember())) in failed['sourcehost']['host'] - assert 'hostgroup' in failed['sourcehost'] - assert not failed['sourcehost']['hostgroup'] - entry = ret['result'] - def test_d_hbacrule_disable(self): """ Test disabling HBAC rule using `xmlrpc.hbacrule_disable`. @@ -551,17 +448,12 @@ class test_hbac(XMLRPC_test): """ Test adding various links to HBAC rule """ - api.Command['hbacrule_add_sourcehost']( - self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup - ) api.Command['hbacrule_add_service']( self.rule_name, hbacsvc=self.test_service ) entry = api.Command['hbacrule_show'](self.rule_name)['result'] assert_attr_equal(entry, 'cn', self.rule_name) - assert_attr_equal(entry, 'sourcehost_host', self.test_host) - assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup) assert_attr_equal(entry, 'memberservice_hbacsvc', self.test_service) def test_y_hbacrule_zap_testing_data(self): @@ -574,8 +466,6 @@ class test_hbac(XMLRPC_test): api.Command['group_del'](self.test_group) api.Command['host_del'](self.test_host) api.Command['hostgroup_del'](self.test_hostgroup) - api.Command['host_del'](self.test_sourcehost) - api.Command['hostgroup_del'](self.test_sourcehostgroup) api.Command['hbacsvc_del'](self.test_service) def test_k_2_sudorule_referential_integrity(self): @@ -596,3 +486,12 @@ class test_hbac(XMLRPC_test): # verify that it's gone with assert_raises(errors.NotFound): api.Command['hbacrule_show'](self.rule_name) + + @raises(errors.ValidationError) + def test_zz_hbacrule_add_with_deprecated_option(self): + """ + Test using a deprecated command option 'sourcehostcategory' with 'hbacrule_add'. + """ + api.Command['hbacrule_add']( + self.rule_name, sourcehostcategory=u'all' + ) diff --git a/tests/test_xmlrpc/test_hbactest_plugin.py b/tests/test_xmlrpc/test_hbactest_plugin.py index bc12e8974..520f20247 100644 --- a/tests/test_xmlrpc/test_hbactest_plugin.py +++ b/tests/test_xmlrpc/test_hbactest_plugin.py @@ -25,6 +25,7 @@ from xmlrpc_test import XMLRPC_test, assert_attr_equal from ipalib import api from ipalib import errors from types import NoneType +from nose.tools import raises # Test strategy: # 1. Create few allow rules: with user categories, with explicit users, with user groups, with groups, with services @@ -95,10 +96,6 @@ class test_hbactest(XMLRPC_test): self.rule_names[i], host=self.test_host, hostgroup=self.test_hostgroup ) - ret = api.Command['hbacrule_add_sourcehost']( - self.rule_names[i], host=self.test_sourcehost, hostgroup=self.test_sourcehostgroup - ) - ret = api.Command['hbacrule_add_service']( self.rule_names[i], hbacsvc=self.test_service ) @@ -112,20 +109,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, - targethost=self.test_host, - service=self.test_service, - rules=self.rule_names - ) - assert ret['value'] == True - assert type(ret['error']) == NoneType - for i in [0,1,2,3]: - assert self.rule_names[i] in ret['matched'] - assert self.rule_names[i] in ret['warning'][i] - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, targethost=self.test_host, service=self.test_service, rules=self.rule_names @@ -141,21 +124,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, - targethost=self.test_host, - service=self.test_service, - rules=self.rule_names, - nodetail=True - ) - assert ret['value'] == True - assert ret['error'] == None - assert ret['matched'] == None - assert ret['notmatched'] == None - assert ret['warning'] == None - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, targethost=self.test_host, service=self.test_service, rules=self.rule_names, @@ -172,7 +140,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, targethost=self.test_host, service=self.test_service, enabled=True @@ -182,17 +149,6 @@ class test_hbactest(XMLRPC_test): # Thus, check that our two enabled rules are in matched, nothing more for i in [0,2]: assert self.rule_names[i] in ret['matched'] - assert self.check_rule_presence(self.rule_names[i], ret['warning']) - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, - targethost=self.test_host, - service=self.test_service, - enabled=True - ) - for i in [0,2]: - assert self.rule_names[i] in ret['matched'] def test_d_hbactest_check_rules_disabled_detail(self): """ @@ -200,7 +156,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, targethost=self.test_host, service=self.test_service, disabled=True @@ -210,17 +165,6 @@ class test_hbactest(XMLRPC_test): # Thus, check that our two disabled rules are in matched, nothing more for i in [1,3]: assert self.rule_names[i] in ret['matched'] - assert self.check_rule_presence(self.rule_names[i], ret['warning']) - - # same test without sourcehost value - ret = api.Command['hbactest']( - user=self.test_user, - targethost=self.test_host, - service=self.test_service, - disabled=True - ) - for i in [1,3]: - assert self.rule_names[i] in ret['matched'] def test_e_hbactest_check_non_existing_rule_detail(self): """ @@ -228,7 +172,6 @@ class test_hbactest(XMLRPC_test): """ ret = api.Command['hbactest']( user=self.test_user, - sourcehost=self.test_sourcehost, targethost=self.test_host, service=self.test_service, rules=[u'%s_1x1' % (rule) for rule in self.rule_names], @@ -241,30 +184,27 @@ class test_hbactest(XMLRPC_test): for rule in self.rule_names: assert u'%s_1x1' % (rule) in ret['error'] - # same test without sourcehost value - ret = api.Command['hbactest']( + @raises(errors.ValidationError) + def test_f_hbactest_check_sourcehost_option_is_deprecated(self): + """ + Test running 'ipa hbactest' with --srchost option raises ValidationError + """ + api.Command['hbactest']( user=self.test_user, targethost=self.test_host, + sourcehost=self.test_sourcehost, service=self.test_service, - rules=[u'%s_1x1' % (rule) for rule in self.rule_names], + rules=[u'%s_1x1' % rule for rule in self.rule_names], nodetail=True ) - assert ret['value'] == False - assert ret['matched'] == None - assert ret['notmatched'] == None - for rule in self.rule_names: - assert u'%s_1x1' % (rule) in ret['error'] - - def test_f_hbactest_clear_testing_data(self): + def test_g_hbactest_clear_testing_data(self): """ Clear data for HBAC test plugin testing. """ for i in [0,1,2,3]: api.Command['hbacrule_remove_host'](self.rule_names[i], host=self.test_host) api.Command['hbacrule_remove_host'](self.rule_names[i], hostgroup=self.test_hostgroup) - api.Command['hbacrule_remove_sourcehost'](self.rule_names[i], host=self.test_sourcehost) - api.Command['hbacrule_remove_sourcehost'](self.rule_names[i], hostgroup=self.test_sourcehostgroup) api.Command['hbacrule_del'](self.rule_names[i]) api.Command['user_del'](self.test_user) |