diff options
author | Tomas Babej <tbabej@redhat.com> | 2014-05-14 15:26:59 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-06-25 20:14:51 +0200 |
commit | d537da8b8a52dde18f4d07455fef8a4ef1c4ef04 (patch) | |
tree | 0be7f39cdc860e9a0be06cded529890e2651345f /ipatests | |
parent | b1275c5b1c2038c9769377e9cf0afe04139d1d8d (diff) | |
download | freeipa-d537da8b8a52dde18f4d07455fef8a4ef1c4ef04.tar.gz freeipa-d537da8b8a52dde18f4d07455fef8a4ef1c4ef04.tar.xz freeipa-d537da8b8a52dde18f4d07455fef8a4ef1c4ef04.zip |
ipatests: test_sudo: Add tests for allowing hosts via hostmasks
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipatests')
-rw-r--r-- | ipatests/test_integration/test_sudo.py | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py index 42c9b6b6a..40fb68581 100644 --- a/ipatests/test_integration/test_sudo.py +++ b/ipatests/test_integration/test_sudo.py @@ -226,6 +226,42 @@ class TestSudo(IntegrationTest): 'testrule', '--hostgroups', 'testhostgroup']) + def test_sudo_rule_restricted_to_one_hostmask_setup(self): + # Add the client's /24 hostmask to the rule + ip = self.client.ip + self.master.run_command(['ipa', '-n', 'sudorule-add-host', + 'testrule', + '--hostmask', '%s/24' % ip]) + + def test_sudo_rule_restricted_to_one_hostmask(self): + result1 = self.list_sudo_commands("testuser1") + assert "(ALL) NOPASSWD: ALL" in result1.stdout_text + + def test_sudo_rule_restricted_to_one_hostmask_teardown(self): + # Remove the client's /24 hostmask from the rule + ip = self.client.ip + self.master.run_command(['ipa', '-n', 'sudorule-remove-host', + 'testrule', + '--hostmask', '%s/24' % ip]) + + def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self): + # Add the master's hostmask to the rule + ip = self.master.ip + self.master.run_command(['ipa', '-n', 'sudorule-add-host', + 'testrule', + '--hostmask', '%s/32' % ip]) + + def test_sudo_rule_restricted_to_one_hostmask_negative(self): + result1 = self.list_sudo_commands("testuser1") + assert result1.returncode != 0 + + def test_sudo_rule_restricted_to_one_hostmask_negative_teardown(self): + # Remove the master's hostmask from the rule + ip = self.master.ip + self.master.run_command(['ipa', '-n', 'sudorule-remove-host', + 'testrule', + '--hostmask', '%s/32' % ip]) + def test_sudo_rule_restricted_to_one_command_setup(self): # Reset testrule configuration self.reset_rule_categories() |