1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
|
#
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
from __future__ import print_function
from ipapython.dn import DN
from ipatests.test_xmlrpc.tracker.base import Tracker
from ipatests.test_xmlrpc.tracker.kerberos_aliases import KerberosAliasMixin
from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_uuid
from ipatests.test_xmlrpc import objectclasses
from ipatests.util import assert_deepequal
from ipalib import errors
class HostTracker(KerberosAliasMixin, Tracker):
"""Wraps and tracks modifications to a Host object
Implements the helper functions for host plugin.
The HostTracker object stores information about the host, e.g.
``fqdn`` and ``dn``.
"""
retrieve_keys = {
'dn', 'fqdn', 'description', 'l', 'krbcanonicalname',
'krbprincipalname', 'managedby_host',
'has_keytab', 'has_password', 'issuer', 'md5_fingerprint',
'serial_number', 'serial_number_hex', 'sha1_fingerprint',
'subject', 'usercertificate', 'valid_not_after', 'valid_not_before',
'macaddress', 'sshpubkeyfp', 'ipaallowedtoperform_read_keys_user',
'memberof_hostgroup', 'memberofindirect_hostgroup',
'ipaallowedtoperform_read_keys_group',
'ipaallowedtoperform_read_keys_host',
'ipaallowedtoperform_read_keys_hostgroup',
'ipaallowedtoperform_write_keys_user',
'ipaallowedtoperform_write_keys_group',
'ipaallowedtoperform_write_keys_host',
'ipaallowedtoperform_write_keys_hostgroup'}
retrieve_all_keys = retrieve_keys | {
u'cn', u'ipakrbokasdelegate', u'ipakrbrequirespreauth', u'ipauniqueid',
u'krbcanonicalname', u'managing_host', u'objectclass',
u'serverhostname', u'ipakrboktoauthasdelegate',
u'krbpwdpolicyreference'}
create_keys = retrieve_keys | {'objectclass', 'ipauniqueid',
'randompassword'}
update_keys = retrieve_keys - {'dn'}
managedby_keys = retrieve_keys - {'has_keytab', 'has_password'}
allowedto_keys = retrieve_keys - {'has_keytab', 'has_password'}
find_keys = retrieve_keys - {
'has_keytab', 'has_password', 'memberof_hostgroup',
'memberofindirect_hostgroup', 'managedby_host',
}
find_all_keys = retrieve_all_keys - {'has_keytab', 'has_password'}
def __init__(self, name, fqdn=None, default_version=None):
super(HostTracker, self).__init__(default_version=default_version)
self.shortname = name
if fqdn:
self.fqdn = fqdn
else:
self.fqdn = u'%s.%s' % (name, self.api.env.domain)
self.dn = DN(('fqdn', self.fqdn), 'cn=computers', 'cn=accounts',
self.api.env.basedn)
self.description = u'Test host <%s>' % name
self.location = u'Undisclosed location <%s>' % name
def make_create_command(self, force=True):
"""Make function that creates this host using host_add"""
return self.make_command('host_add', self.fqdn,
description=self.description,
l=self.location,
force=force)
def make_delete_command(self):
"""Make function that deletes the host using host_del"""
return self.make_command('host_del', self.fqdn)
def make_retrieve_command(self, all=False, raw=False):
"""Make function that retrieves the host using host_show"""
return self.make_command('host_show', self.fqdn, all=all, raw=raw)
def make_find_command(self, *args, **kwargs):
"""Make function that finds hosts using host_find
Note that the fqdn (or other search terms) needs to be specified
in arguments.
"""
return self.make_command('host_find', *args, **kwargs)
def make_update_command(self, updates):
"""Make function that modifies the host using host_mod"""
return self.make_command('host_mod', self.fqdn, **updates)
def create(self, force=True):
"""Helper function to create an entry and check the result"""
self.ensure_missing()
self.track_create()
command = self.make_create_command(force=force)
result = command()
self.check_create(result)
def track_create(self):
"""Update expected state for host creation"""
self.attrs = dict(
dn=self.dn,
fqdn=[self.fqdn],
description=[self.description],
l=[self.location],
krbprincipalname=[u'host/%s@%s' % (self.fqdn, self.api.env.realm)],
krbcanonicalname=[u'host/%s@%s' % (self.fqdn, self.api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[self.fqdn],
has_keytab=False,
has_password=False,
cn=[self.fqdn],
ipakrbokasdelegate=False,
ipakrbrequirespreauth=True,
managing_host=[self.fqdn],
serverhostname=[self.shortname],
ipakrboktoauthasdelegate=False,
krbpwdpolicyreference=[DN(
u'cn=Default Host Password Policy',
self.api.env.container_host,
self.api.env.basedn,
)],
)
self.exists = True
def check_create(self, result):
"""Check `host_add` command result"""
assert_deepequal(dict(
value=self.fqdn,
summary=u'Added host "%s"' % self.fqdn,
result=self.filter_attrs(self.create_keys),
), result)
def check_delete(self, result):
"""Check `host_del` command result"""
assert_deepequal(dict(
value=[self.fqdn],
summary=u'Deleted host "%s"' % self.fqdn,
result=dict(failed=[]),
), result)
def check_retrieve(self, result, all=False, raw=False):
"""Check `host_show` command result"""
if all:
expected = self.filter_attrs(self.retrieve_all_keys)
else:
expected = self.filter_attrs(self.retrieve_keys)
assert_deepequal(dict(
value=self.fqdn,
summary=None,
result=expected,
), result)
def check_find(self, result, all=False, raw=False):
"""Check `host_find` command result"""
if all:
expected = self.filter_attrs(self.find_all_keys)
else:
expected = self.filter_attrs(self.find_keys)
assert_deepequal(dict(
count=1,
truncated=False,
summary=u'1 host matched',
result=[expected],
), result)
def check_update(self, result, extra_keys=()):
"""Check `host_update` command result"""
assert_deepequal(dict(
value=self.fqdn,
summary=u'Modified host "%s"' % self.fqdn,
result=self.filter_attrs(self.update_keys | set(extra_keys))
), result)
def add_finalizer_certcleanup(self, request):
""" Fixture to cleanup certificate from local host """
cleanup_command = self.make_update_command(
updates={'usercertificate':''})
def cleanup():
try:
cleanup_command()
except errors.EmptyModlist:
pass
request.addfinalizer(cleanup)
# Kerberos aliases methods
def _make_add_alias_cmd(self):
return self.make_command('host_add_principal', self.name)
def _make_remove_alias_cmd(self):
return self.make_command('host_remove_principal', self.name)
|
