diff options
| author | Milan KubĂk <mkubik@redhat.com> | 2015-08-07 15:54:18 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2015-10-27 09:57:48 +0100 |
| commit | 897c9c9c439b4736413480b53b17de3cad76db4a (patch) | |
| tree | 7380933c501cce26c034d645906bb158e43d239a /ipatests | |
| parent | 36f7074683a3dab10c22efaf7439d8b549516349 (diff) | |
| download | freeipa-897c9c9c439b4736413480b53b17de3cad76db4a.tar.gz freeipa-897c9c9c439b4736413480b53b17de3cad76db4a.tar.xz freeipa-897c9c9c439b4736413480b53b17de3cad76db4a.zip | |
tests: add test to check the default ACL
Also includes basic ACL manipulation and adding
and removing members to/from the acl.
https://fedorahosted.org/freeipa/ticket/57
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipatests')
| -rw-r--r-- | ipatests/test_xmlrpc/test_caacl_plugin.py | 135 |
1 files changed, 128 insertions, 7 deletions
diff --git a/ipatests/test_xmlrpc/test_caacl_plugin.py b/ipatests/test_xmlrpc/test_caacl_plugin.py index 6cf835b22..33268d6dd 100644 --- a/ipatests/test_xmlrpc/test_caacl_plugin.py +++ b/ipatests/test_xmlrpc/test_caacl_plugin.py @@ -6,20 +6,20 @@ Test the `ipalib.plugins.caacl` module. """ -import os - import pytest -from ipapython import ipautil -from ipalib import errors, x509 -from ipapython.dn import DN +from ipalib import errors from ipatests.test_xmlrpc.ldaptracker import Tracker from ipatests.test_xmlrpc.xmlrpc_test import (XMLRPC_test, fuzzy_caacldn, - fuzzy_uuid, fuzzy_ipauniqueid, - raises_exact) + fuzzy_uuid, fuzzy_ipauniqueid) + from ipatests.test_xmlrpc import objectclasses from ipatests.util import assert_deepequal +# reuse the fixture +from ipatests.test_xmlrpc.test_certprofile_plugin import default_profile +from ipatests.test_xmlrpc.test_stageuser_plugin import StageUserTracker + class CAACLTracker(Tracker): """Tracker class for CA ACL LDAP object. @@ -376,3 +376,124 @@ class CAACLTracker(Tracker): command = self.make_command(u'caacl_disable', self.name) self.attrs.update({u'ipaenabledflag': [u'FALSE']}) command() + + +@pytest.fixture(scope='class') +def default_acl(request): + name = u'hosts_services_caIPAserviceCert' + tracker = CAACLTracker(name, service_category=u'all', host_category=u'all') + tracker.track_create() + tracker.attrs.update( + {u'ipamembercertprofile_certprofile': [u'caIPAserviceCert']}) + return tracker + + +@pytest.fixture(scope='class') +def crud_acl(request): + name = u'crud-acl' + tracker = CAACLTracker(name) + + return tracker.make_fixture(request) + + +@pytest.fixture(scope='class') +def category_acl(request): + name = u'category_acl' + tracker = CAACLTracker(name, ipacertprofile_category=u'all', + user_category=u'all', service_category=u'all', + host_category=u'all') + + return tracker.make_fixture(request) + + +@pytest.fixture(scope='class') +def staged_user(request): + name = u'st-user' + tracker = StageUserTracker(name, u'stage', u'test') + + return tracker.make_fixture(request) + + +class TestDefaultACL(XMLRPC_test): + def test_default_acl_present(self, default_acl): + default_acl.retrieve() + + +class TestCAACLbasicCRUD(XMLRPC_test): + def test_create(self, crud_acl): + crud_acl.create() + + def test_delete(self, crud_acl): + crud_acl.delete() + + def test_disable(self, crud_acl): + crud_acl.ensure_exists() + crud_acl.disable() + crud_acl.retrieve() + + def test_disable_twice(self, crud_acl): + crud_acl.disable() + crud_acl.retrieve() + + def test_enable(self, crud_acl): + crud_acl.enable() + crud_acl.retrieve() + + def test_enable_twice(self, crud_acl): + crud_acl.enable() + crud_acl.retrieve() + + def test_find(self, crud_acl): + crud_acl.find() + + +class TestCAACLMembers(XMLRPC_test): + def test_category_member_exclusivity(self, category_acl, default_profile): + category_acl.create() + default_profile.ensure_exists() + with pytest.raises(errors.MutuallyExclusiveError): + category_acl.add_profile(default_profile.name, track=False) + + def test_mod_delete_category(self, category_acl): + updates = dict( + hostcategory=None, + servicecategory=None, + ipacertprofilecategory=None, + usercategory=None) + category_acl.update(updates) + + def test_add_profile(self, category_acl, default_profile): + category_acl.add_profile(certprofile=default_profile.name) + category_acl.retrieve() + + def test_remove_profile(self, category_acl, default_profile): + category_acl.remove_profile(certprofile=default_profile.name) + category_acl.retrieve() + + def test_add_invalid_value_service(self, category_acl, default_profile): + res = category_acl.add_service(service=default_profile.name, track=False) + assert len(res['failed']) == 1 + + # the same for other types + + def test_add_invalid_value_user(self, category_acl, default_profile): + res = category_acl.add_user(user=default_profile.name, track=False) + assert len(res['failed']) == 1 + + res = category_acl.add_user(group=default_profile.name, track=False) + assert len(res['failed']) == 1 + + def test_add_invalid_value_host(self, category_acl, default_profile): + res = category_acl.add_host(host=default_profile.name, track=False) + assert len(res['failed']) == 1 + + res = category_acl.add_host(hostgroup=default_profile.name, track=False) + assert len(res['failed']) == 1 + + def test_add_invalid_value_profile(self, category_acl): + res = category_acl.add_profile(certprofile=category_acl.name, track=False) + assert len(res['failed']) == 1 + + def test_add_staged_user_to_acl(self, category_acl, staged_user): + res = category_acl.add_user(user=staged_user.name, track=False) + assert len(res['failed']) == 1 |