Require rid-base and secondary-rid-base in idrange-add after ipa-adtrust-install

Add a new API command 'adtrust_is_enabled', which can be used to determine
whether ipa-adtrust-install has been run on the system. This new command is not
visible in IPA CLI.

Use this command in idrange_add to conditionally require rid-base and
secondary-rid-base options.

Add tests to cover the new functionality

https://fedorahosted.org/freeipa/ticket/3634

3 files changed, 129 insertions, 71 deletions

diff --git a/ipatests/test_cmdline/test_cli.py b/ipatests/test_cmdline/test_cli.py
index fe411b703..fe5ffacd1 100644
--- a/ipatests/test_cmdline/test_cli.py
+++ b/ipatests/test_cmdline/test_cli.py
@@ -325,3 +325,77 @@ class TestCLIParsing(object):
             force=False,
             version=API_VERSION
         )
+
+    def test_idrange_add(self):
+        """
+        Test idrange-add with interative prompt
+        """
+        def test_with_interactive_input():
+            with self.fake_stdin('5\n500000\n'):
+                self.check_command(
+                    'idrange_add range1 --base-id=1 --range-size=1',
+                    'idrange_add',
+                    cn=u'range1',
+                    ipabaseid=u'1',
+                    ipaidrangesize=u'1',
+                    ipabaserid=5,
+                    ipasecondarybaserid=500000,
+                    all=False,
+                    raw=False,
+                    version=API_VERSION
+                )
+
+        def test_with_command_line_options():
+            self.check_command(
+                'idrange_add range1 --base-id=1 --range-size=1 '
+                '--rid-base=5 --secondary-rid-base=500000',
+                'idrange_add',
+                cn=u'range1',
+                ipabaseid=u'1',
+                ipaidrangesize=u'1',
+                ipabaserid=u'5',
+                ipasecondarybaserid=u'500000',
+                all=False,
+                raw=False,
+                version=API_VERSION
+            )
+
+        def test_without_options():
+            self.check_command(
+                'idrange_add range1 --base-id=1 --range-size=1',
+                'idrange_add',
+                cn=u'range1',
+                ipabaseid=u'1',
+                ipaidrangesize=u'1',
+                all=False,
+                raw=False,
+                version=API_VERSION
+            )
+
+        adtrust_dn = 'cn=ADTRUST,cn=%s,cn=masters,cn=ipa,cn=etc,%s' % \
+                     (api.env.host, api.env.basedn)
+        adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result']
+        mockldap = None
+
+        if not adtrust_is_enabled:
+            # ipa-adtrust-install not run - no need to pass rid-base
+            # and secondary-rid-base
+            test_without_options()
+
+            # Create a mock service object to test against
+            adtrust_add = dict(
+                ipaconfigstring='enabledService',
+                objectclass=['top', 'nsContainer', 'ipaConfigObject']
+            )
+
+            mockldap = util.MockLDAP()
+            mockldap.add_entry(adtrust_dn, adtrust_add)
+
+        # Pass rid-base and secondary-rid-base interactively
+        test_with_interactive_input()
+
+        # Pass rid-base and secondary-rid-base on the command-line
+        test_with_command_line_options()
+
+        if not adtrust_is_enabled:
+            mockldap.del_entry(adtrust_dn)
diff --git a/ipatests/test_xmlrpc/test_range_plugin.py b/ipatests/test_xmlrpc/test_range_plugin.py
index 3292d6a94..df80e2fb7 100644
--- a/ipatests/test_xmlrpc/test_range_plugin.py
+++ b/ipatests/test_xmlrpc/test_range_plugin.py
@@ -21,13 +21,11 @@
 Test the `ipalib/plugins/idrange.py` module, and XML-RPC in general.
 """
 
-from ipalib import api, errors, _
-from ipatests.util import assert_equal, Fuzzy
-from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid
+from ipalib import api, errors
+from xmlrpc_test import Declarative, fuzzy_uuid
 from ipatests.test_xmlrpc import objectclasses
-from ipapython.dn import *
-
-import ldap, ldap.sasl, ldap.modlist
+from ipatests.util import MockLDAP
+from ipapython.dn import DN
 
 id_shift = 0
 rid_shift = 0
@@ -99,6 +97,7 @@ testrange8 = u'testrange8'
 testrange8_base_id = id_shift + 700
 testrange8_size = 50
 testrange8_base_rid = rid_shift + 700
+testrange8_secondary_base_rid = rid_shift + 800
 
 testrange9 = u'testrange9'
 testrange9_base_id = id_shift + 800
@@ -155,59 +154,23 @@ group1_gid = id_shift + 900100
 
 
 class test_range(Declarative):
-
-    def __init__(self):
-        super(test_range, self).__init__()
-        self.connection = None
-
-    @classmethod
-    def connect_ldap(self):
-        self.connection = ldap.initialize('ldap://{host}'
-                                     .format(host=api.env.host))
-
-        auth = ldap.sasl.gssapi("")
-        self.connection.sasl_interactive_bind_s('', auth)
-
-    @classmethod
-    def add_entry(self, dn, mods):
-        ldif = ldap.modlist.addModlist(mods)
-        self.connection.add_s(dn, ldif)
-
     @classmethod
-    def setUpClass(self):
-        super(test_range, self).setUpClass()
-
-        self.tearDownClass()
-
-        try:
-            self.connect_ldap()
-
-            self.add_entry(testrange9_dn, testrange9_add)
-            self.add_entry(testrange10_dn, testrange10_add)
-            self.add_entry(testtrust_dn, testtrust_add)
-
-        except ldap.ALREADY_EXISTS:
-            pass
-
-        finally:
-            if self.connection is not None:
-                self.connection.unbind_s()
+    def setUpClass(cls):
+        super(test_range, cls).setUpClass()
+        cls.tearDownClass()
+        cls.mockldap = MockLDAP()
+        cls.mockldap.add_entry(testrange9_dn, testrange9_add)
+        cls.mockldap.add_entry(testrange10_dn, testrange10_add)
+        cls.mockldap.add_entry(testtrust_dn, testtrust_add)
+        cls.mockldap.unbind()
 
     @classmethod
-    def tearDownClass(self):
-
-        try:
-            self.connect_ldap()
-            self.connection.delete_s(testrange9_dn)
-            self.connection.delete_s(testrange10_dn)
-            self.connection.delete_s(testtrust_dn)
-
-        except ldap.NO_SUCH_OBJECT:
-            pass
-
-        finally:
-            if self.connection is not None:
-                self.connection.unbind_s()
+    def tearDownClass(cls):
+        cls.mockldap = MockLDAP()
+        cls.mockldap.del_entry(testrange9_dn)
+        cls.mockldap.del_entry(testrange10_dn)
+        cls.mockldap.del_entry(testtrust_dn)
+        cls.mockldap.unbind()
 
     cleanup_commands = [
         ('idrange_del', [testrange1, testrange2, testrange3, testrange4,
@@ -508,7 +471,9 @@ class test_range(Declarative):
             desc='Create ID range %r' % (testrange8),
             command=('idrange_add', [testrange8],
                       dict(ipabaseid=testrange8_base_id,
-                          ipaidrangesize=testrange8_size)),
+                          ipaidrangesize=testrange8_size,
+                          ipabaserid=testrange8_base_rid,
+                          ipasecondarybaserid=testrange8_secondary_base_rid)),
             expected=dict(
                 result=dict(
                     dn=DN(('cn',testrange8),('cn','ranges'),('cn','etc'),
@@ -518,6 +483,8 @@ class test_range(Declarative):
                     ipabaseid=[unicode(testrange8_base_id)],
                     ipaidrangesize=[unicode(testrange8_size)],
                     iparangetype=[u'local domain range'],
+                    ipabaserid=[unicode(testrange8_base_rid)],
+                    ipasecondarybaserid=[unicode(testrange8_secondary_base_rid)]
                 ),
                 value=testrange8,
                 summary=u'Added ID range "%s"' % (testrange8),
@@ -525,14 +492,6 @@ class test_range(Declarative):
         ),
 
         dict(
-            desc='Try to modify ID range %r so it has only primary rid range set' % (testrange8),
-            command=('idrange_mod', [testrange8],
-                      dict(ipabaserid=testrange8_base_rid)),
-            expected=errors.ValidationError(
-                name='ID Range setup', error='Options secondary-rid-base and rid-base must be used together'),
-        ),
-
-        dict(
             desc='Delete ID range %r' % testrange8,
             command=('idrange_del', [testrange8], {}),
             expected=dict(
diff --git a/ipatests/util.py b/ipatests/util.py
index 117d2c834..30fafdc76 100644
--- a/ipatests/util.py
+++ b/ipatests/util.py
@@ -24,6 +24,9 @@ Common utility functions and classes for unit tests.
 import inspect
 import os
 from os import path
+import ldap
+import ldap.sasl
+import ldap.modlist
 import tempfile
 import shutil
 import re
@@ -32,6 +35,7 @@ from ipalib.plugable import Plugin
 from ipalib.request import context
 from ipapython.dn import DN
 
+
 class TempDir(object):
     def __init__(self):
         self.__path = tempfile.mkdtemp(prefix='ipa.tests.')
@@ -451,12 +455,6 @@ class ClassChecker(object):
         context.__dict__.clear()
 
 
-
-
-
-
-
-
 def check_TypeError(value, type_, name, callback, *args, **kw):
     """
     Tests a standard TypeError raised with `errors.raise_TypeError`.
@@ -635,3 +633,30 @@ class DummyClass(object):
 
     def _calledall(self):
         return self.__i == len(self.__calls)
+
+
+class MockLDAP(object):
+    def __init__(self):
+        self.connection = ldap.initialize(
+            'ldap://{host}'.format(host=ipalib.api.env.host)
+        )
+
+        auth = ldap.sasl.gssapi('')
+        self.connection.sasl_interactive_bind_s('', auth)
+
+    def add_entry(self, dn, mods):
+        try:
+            ldif = ldap.modlist.addModlist(mods)
+            self.connection.add_s(dn, ldif)
+        except ldap.ALREADY_EXISTS:
+            pass
+
+    def del_entry(self, dn):
+        try:
+            self.connection.delete_s(dn)
+        except ldap.NO_SUCH_OBJECT:
+            pass
+
+    def unbind(self):
+        if self.connection is not None:
+            self.connection.unbind_s()