diff options
| -rw-r--r-- | ipatests/test_integration/test_sudo.py | 32 | ||||
| -rw-r--r-- | ipatests/test_integration/util.py | 17 |
2 files changed, 43 insertions, 6 deletions
diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py index 1dd4c5d73..b1f31556a 100644 --- a/ipatests/test_integration/test_sudo.py +++ b/ipatests/test_integration/test_sudo.py @@ -17,8 +17,11 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import pytest + from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration.tasks import clear_sssd_cache +from ipatests.test_integration import util class TestSudo(IntegrationTest): @@ -269,13 +272,25 @@ class TestSudo(IntegrationTest): '--hostgroups', 'testhostgroup']) def test_sudo_rule_restricted_to_one_hostmask_setup(self): - # Add the client's /24 hostmask to the rule - ip = self.client.ip + # We need to detect the hostmask first + full_ip = util.get_host_ip_with_hostmask(self.client) + + # Make a note for the next test, which needs to be skipped + # if hostmask detection failed + self.__class__.skip_hostmask_based = False + + if not full_ip: + self.__class__.skip_hostmask_based = True + raise pytest.skip("Hostmask could not be detected") + self.master.run_command(['ipa', '-n', 'sudorule-add-host', 'testrule', - '--hostmask', '%s/24' % ip]) + '--hostmask', full_ip]) def test_sudo_rule_restricted_to_one_hostmask(self): + if self.__class__.skip_hostmask_based: + raise pytest.skip("Hostmask could not be detected") + result1 = self.list_sudo_commands("testuser1") assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text @@ -284,11 +299,16 @@ class TestSudo(IntegrationTest): assert result.returncode != 0 def test_sudo_rule_restricted_to_one_hostmask_teardown(self): - # Remove the client's /24 hostmask from the rule - ip = self.client.ip + if self.__class__.skip_hostmask_based: + raise pytest.skip("Hostmask could not be detected") + + # Detect the hostmask first to delete the hostmask based rule + full_ip = util.get_host_ip_with_hostmask(self.client) + + # Remove the client's hostmask from the rule self.master.run_command(['ipa', '-n', 'sudorule-remove-host', 'testrule', - '--hostmask', '%s/24' % ip]) + '--hostmask', full_ip]) def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self): # Add the master's hostmask to the rule diff --git a/ipatests/test_integration/util.py b/ipatests/test_integration/util.py index 1a1bb3fcc..5cfbb2e94 100644 --- a/ipatests/test_integration/util.py +++ b/ipatests/test_integration/util.py @@ -18,6 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import time +import re def run_repeatedly(host, command, assert_zero_rc=True, test=None, @@ -58,3 +59,19 @@ def run_repeatedly(host, command, assert_zero_rc=True, test=None, .format(cmd=' '.join(command), times=timeout / time_step, timeout=timeout)) + + +def get_host_ip_with_hostmask(host): + """ + Detects the IP of the host including the hostmask. + + Returns None if the IP could not be detected. + """ + + ip = host.ip + result = host.run_command(['ip', 'addr']) + full_ip_regex = r'(?P<full_ip>%s/\d{1,2}) ' % re.escape(ip) + match = re.search(full_ip_regex, result.stdout_text) + + if match: + return match.group('full_ip') |