From 5b37aaad7718bd0214053fd2e758ba7dc332e21d Mon Sep 17 00:00:00 2001 From: Milan KubĂ­k Date: Tue, 21 Jun 2016 13:45:54 +0200 Subject: ipatests: Extend CAACL suite to cover Sub CA members https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Fraser Tweedale --- ipatests/test_xmlrpc/test_caacl_plugin.py | 26 ++++++++++++++++++++++++-- ipatests/test_xmlrpc/tracker/caacl_plugin.py | 26 +++++++++++++++++++++----- 2 files changed, 45 insertions(+), 7 deletions(-) (limited to 'ipatests/test_xmlrpc') diff --git a/ipatests/test_xmlrpc/test_caacl_plugin.py b/ipatests/test_xmlrpc/test_caacl_plugin.py index f20b02b29..dce12e484 100644 --- a/ipatests/test_xmlrpc/test_caacl_plugin.py +++ b/ipatests/test_xmlrpc/test_caacl_plugin.py @@ -14,6 +14,7 @@ from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test from ipatests.test_xmlrpc.tracker.certprofile_plugin import CertprofileTracker from ipatests.test_xmlrpc.tracker.caacl_plugin import CAACLTracker from ipatests.test_xmlrpc.tracker.stageuser_plugin import StageUserTracker +from ipatests.test_xmlrpc.tracker.ca_plugin import CATracker @pytest.fixture(scope='class') @@ -48,11 +49,18 @@ def category_acl(request): name = u'category_acl' tracker = CAACLTracker(name, ipacertprofile_category=u'all', user_category=u'all', service_category=u'all', - host_category=u'all') + host_category=u'all', ipaca_category=u'all') return tracker.make_fixture(request) +@pytest.fixture(scope='class') +def caacl_test_ca(request): + name = u'caacl-test-ca' + subject = u'CN=caacl test subca,O=test industries inc.' + return CATracker(name, subject).make_fixture(request) + + @pytest.fixture(scope='class') def staged_user(request): name = u'st-user' @@ -109,7 +117,8 @@ class TestCAACLMembers(XMLRPC_test): hostcategory=None, servicecategory=None, ipacertprofilecategory=None, - usercategory=None) + usercategory=None, + ipacacategory=None) category_acl.update(updates) def test_add_profile(self, category_acl, default_profile): @@ -120,6 +129,15 @@ class TestCAACLMembers(XMLRPC_test): category_acl.remove_profile(certprofile=default_profile.name) category_acl.retrieve() + def test_add_ca(self, category_acl, caacl_test_ca): + caacl_test_ca.ensure_exists() + category_acl.add_ca(ca=caacl_test_ca.name) + category_acl.retrieve() + + def test_remove_ca(self, category_acl, caacl_test_ca): + category_acl.remove_ca(ca=caacl_test_ca.name) + category_acl.retrieve() + def test_add_invalid_value_service(self, category_acl, default_profile): res = category_acl.add_service(service=default_profile.name, track=False) assert len(res['failed']) == 1 @@ -144,6 +162,10 @@ class TestCAACLMembers(XMLRPC_test): res = category_acl.add_profile(certprofile=category_acl.name, track=False) assert len(res['failed']) == 1 + def test_add_invalid_value_ca(self, category_acl): + res = category_acl.add_ca(ca=category_acl.name, track=False) + assert len(res['failed']) == 1 + def test_add_staged_user_to_acl(self, category_acl, staged_user): res = category_acl.add_user(user=staged_user.name, track=False) assert len(res['failed']) == 1 diff --git a/ipatests/test_xmlrpc/tracker/caacl_plugin.py b/ipatests/test_xmlrpc/tracker/caacl_plugin.py index afe7ee0c0..79c892d27 100644 --- a/ipatests/test_xmlrpc/tracker/caacl_plugin.py +++ b/ipatests/test_xmlrpc/tracker/caacl_plugin.py @@ -35,10 +35,11 @@ class CAACLTracker(Tracker): u'memberuser_user', u'memberuser_group', u'memberhost_host', u'memberhost_hostgroup', u'memberservice_service', - u'ipamembercertprofile_certprofile'} + u'ipamembercertprofile_certprofile', + u'ipamemberca_ca'} category_keys = { u'ipacacategory', u'ipacertprofilecategory', u'usercategory', - u'hostcategory', u'servicecategory'} + u'hostcategory', u'servicecategory', u'ipacacategory'} retrieve_keys = { u'dn', u'cn', u'description', u'ipaenabledflag', u'ipamemberca', u'ipamembercertprofile', u'memberuser', @@ -51,14 +52,15 @@ class CAACLTracker(Tracker): update_keys = create_keys - {u'dn'} def __init__(self, name, ipacertprofile_category=None, user_category=None, - service_category=None, host_category=None, description=None, - default_version=None): + service_category=None, host_category=None, + ipaca_category=None, description=None, default_version=None): super(CAACLTracker, self).__init__(default_version=default_version) self._name = name self.description = description self._categories = dict( ipacertprofilecategory=ipacertprofile_category, + ipacacategory=ipaca_category, usercategory=user_category, servicecategory=service_category, hostcategory=host_category) @@ -200,7 +202,7 @@ class CAACLTracker(Tracker): # implemented in standalone test # # The methods implemented here will be: - # caacl_{add,remove}_{host, service, certprofile, user [, subca]} + # caacl_{add,remove}_{host, service, certprofile, user, ca} def _add_acl_component(self, command_name, keys, track): """ Add a resource into ACL rule and track it. @@ -356,6 +358,20 @@ class CAACLTracker(Tracker): return self._remove_acl_component(u'caacl_remove_profile', options, track) + def add_ca(self, ca=None, track=True): + options = { + u'ipamemberca_ca': + {u'ca': ca}} + + return self._add_acl_component(u'caacl_add_ca', options, track) + + def remove_ca(self, ca=None, track=True): + options = { + u'ipamemberca_ca': + {u'ca': ca}} + + return self._remove_acl_component(u'caacl_remove_ca', options, track) + def enable(self): command = self.make_command(u'caacl_enable', self.name) self.attrs.update({u'ipaenabledflag': [u'TRUE']}) -- cgit