diff options
Diffstat (limited to 'ipatests/test_xmlrpc/test_ca_plugin.py')
-rw-r--r-- | ipatests/test_xmlrpc/test_ca_plugin.py | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/test_ca_plugin.py b/ipatests/test_xmlrpc/test_ca_plugin.py new file mode 100644 index 000000000..1e0e52ff7 --- /dev/null +++ b/ipatests/test_xmlrpc/test_ca_plugin.py @@ -0,0 +1,175 @@ +# +# Copyright (C) 2016 FreeIPA Contributors see COPYING for license +# + +""" +Test the `ipalib.plugins.ca` module. +""" + +import pytest + +from ipalib import errors +from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test, fuzzy_issuer + +from ipatests.test_xmlrpc.tracker.certprofile_plugin import CertprofileTracker +from ipatests.test_xmlrpc.tracker.caacl_plugin import CAACLTracker +from ipatests.test_xmlrpc.tracker.ca_plugin import CATracker + + +@pytest.fixture(scope='module') +def default_profile(request): + name = 'caIPAserviceCert' + desc = u'Standard profile for network services' + tracker = CertprofileTracker(name, store=True, desc=desc) + tracker.track_create() + return tracker + + +@pytest.fixture(scope='module') +def default_acl(request): + name = u'hosts_services_caIPAserviceCert' + tracker = CAACLTracker(name, service_category=u'all', host_category=u'all') + tracker.track_create() + tracker.attrs.update( + {u'ipamembercertprofile_certprofile': [u'caIPAserviceCert']}) + return tracker + + +@pytest.fixture(scope='module') +def default_ca(request): + name = u'ipa' + desc = u'IPA CA' + tracker = CATracker(name, fuzzy_issuer, desc=desc) + tracker.track_create() + return tracker + + +@pytest.fixture(scope='class') +def crud_subca(request): + name = u'crud-subca' + subject = u'CN=crud subca test,O=crud testing inc' + tracker = CATracker(name, subject) + + return tracker.make_fixture(request) + + +@pytest.fixture(scope='class') +def subject_conflict_subca(request): + name = u'crud-subca-2' + subject = u'CN=crud subca test,O=crud testing inc' + tracker = CATracker(name, subject) + + # Should not get created, no need to delete + return tracker + + +@pytest.mark.tier0 +class TestDefaultCA(XMLRPC_test): + def test_default_ca_present(self, default_ca): + default_ca.retrieve() + + def test_default_ca_delete(self, default_ca): + with pytest.raises(errors.ProtectedEntryError): + default_ca.delete() + + +@pytest.mark.tier1 +class TestCAbasicCRUD(XMLRPC_test): + + ATTR_ERROR_MSG = u'attribute is not configurable' + + def test_create(self, crud_subca): + crud_subca.create() + + def test_retrieve(self, crud_subca): + crud_subca.retrieve() + + def test_retrieve_all(self, crud_subca): + crud_subca.retrieve(all=True) + + def test_delete(self, crud_subca): + crud_subca.delete() + + def test_find(self, crud_subca): + crud_subca.ensure_exists() + crud_subca.find() + + def test_modify_description(self, crud_subca): + new_desc = u'updated CA description' + crud_subca.update( + dict( + description=new_desc, + ), + expected_updates=dict( + description=[new_desc] + ) + ) + + def test_modify_issuerdn(self, crud_subca): + bogus_issuer = u'ipacaissuerdn="cn=phony issuer,o=phony industries' + cmd = crud_subca.make_update_command( + updates=dict(setattr=bogus_issuer) + ) + + with pytest.raises(errors.ValidationError) as error: + cmd() + + assert self.ATTR_ERROR_MSG in str(error.value) + + def test_modify_subjectdn(self, crud_subca): + bogus_subject = u'ipacasubjectdn="cn=phony subject,o=phony industries' + cmd = crud_subca.make_update_command( + updates=dict(setattr=bogus_subject) + ) + + with pytest.raises(errors.ValidationError) as error: + cmd() + + assert self.ATTR_ERROR_MSG in str(error.value) + + def test_delete_subjectdn(self, crud_subca): + cmd = crud_subca.make_update_command( + updates=dict(delattr=u'ipacasubjectdn=%s' + % crud_subca.ipasubjectdn) + ) + + with pytest.raises(errors.ValidationError) as error: + cmd() + + assert self.ATTR_ERROR_MSG in str(error.value) + + def test_add_bogus_subjectdn(self, crud_subca): + bogus_subject = u'ipacasubjectdn="cn=phony subject,o=phony industries' + cmd = crud_subca.make_update_command( + updates=dict(addattr=bogus_subject) + ) + + with pytest.raises(errors.ValidationError) as error: + cmd() + + assert self.ATTR_ERROR_MSG in str(error.value) + + def test_add_bogus_issuerdn(self, crud_subca): + bogus_issuer = u'ipacaissuerdn="cn=phony issuer,o=phony industries' + cmd = crud_subca.make_update_command( + updates=dict(addattr=bogus_issuer) + ) + + with pytest.raises(errors.ValidationError) as error: + cmd() + + assert self.ATTR_ERROR_MSG in str(error.value) + + def test_create_subca_with_conflicting_name(self, crud_subca): + crud_subca.ensure_exists() + + cmd = crud_subca.make_create_command() + with pytest.raises(errors.DuplicateEntry): + cmd() + + def test_create_subca_with_subject_conflict( + self, crud_subca, subject_conflict_subca): + crud_subca.ensure_exists() + + with pytest.raises(errors.DuplicateEntry): + subject_conflict_subca.create() |