diff options
| -rw-r--r-- | ipatests/test_integration/test_sudo.py | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py index 42c9b6b6a..40fb68581 100644 --- a/ipatests/test_integration/test_sudo.py +++ b/ipatests/test_integration/test_sudo.py @@ -226,6 +226,42 @@ class TestSudo(IntegrationTest): 'testrule', '--hostgroups', 'testhostgroup']) + def test_sudo_rule_restricted_to_one_hostmask_setup(self): + # Add the client's /24 hostmask to the rule + ip = self.client.ip + self.master.run_command(['ipa', '-n', 'sudorule-add-host', + 'testrule', + '--hostmask', '%s/24' % ip]) + + def test_sudo_rule_restricted_to_one_hostmask(self): + result1 = self.list_sudo_commands("testuser1") + assert "(ALL) NOPASSWD: ALL" in result1.stdout_text + + def test_sudo_rule_restricted_to_one_hostmask_teardown(self): + # Remove the client's /24 hostmask from the rule + ip = self.client.ip + self.master.run_command(['ipa', '-n', 'sudorule-remove-host', + 'testrule', + '--hostmask', '%s/24' % ip]) + + def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self): + # Add the master's hostmask to the rule + ip = self.master.ip + self.master.run_command(['ipa', '-n', 'sudorule-add-host', + 'testrule', + '--hostmask', '%s/32' % ip]) + + def test_sudo_rule_restricted_to_one_hostmask_negative(self): + result1 = self.list_sudo_commands("testuser1") + assert result1.returncode != 0 + + def test_sudo_rule_restricted_to_one_hostmask_negative_teardown(self): + # Remove the master's hostmask from the rule + ip = self.master.ip + self.master.run_command(['ipa', '-n', 'sudorule-remove-host', + 'testrule', + '--hostmask', '%s/32' % ip]) + def test_sudo_rule_restricted_to_one_command_setup(self): # Reset testrule configuration self.reset_rule_categories() |