def track_create(self):
""" Update expected state for user creation """
self.attrs = dict(
dn=self.dn,
uid=[self.uid],
givenname=[self.givenname],
sn=[self.sn],
homedirectory=[u'/home/%s' % self.uid],
displayname=[u'%s %s' % (self.givenname, self.sn)],
cn=[u'%s %s' % (self.givenname, self.sn)],
initials=[u'%s%s' % (self.givenname[0], self.sn[0])],
objectclass=fuzzy_set_optional_oc(objectclasses.user,
'ipantuserattrs'),
description=[u'__no_upg__'],
ipauniqueid=[fuzzy_uuid],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
krbprincipalname=[u'%s@%s' % (self.uid, self.api.env.realm)],
krbcanonicalname=[u'%s@%s' % (self.uid, self.api.env.realm)],
mail=[u'%s@%s' % (self.uid, self.api.env.domain)],
gecos=[u'%s %s' % (self.givenname, self.sn)],
loginshell=[platformconstants.DEFAULT_SHELL],
has_keytab=False,
has_password=False,
mepmanagedentry=[get_group_dn(self.uid)],
memberof_group=[u'ipausers'],
nsaccountlock=[u'false'],
ipantsecurityidentifier=[fuzzy_user_or_group_sid],
)
for key, value in self.kwargs.items():
if key == "krbprincipalname":
try:
princ_splitted = value.split("@", maxsplit=1)
self.attrs[key] = [
"{}@{}".format(
princ_splitted[0].lower(),
princ_splitted[1],
)
]
except IndexError:
# we can provide just principal part
self.attrs[key] = [
"{}@{}".format(value.lower(), self.api.env.realm)
]
else:
if not isinstance(value, list):
self.attrs[key] = [value]
else:
self.attrs[key] = value
self.exists = True
def track_create(self):
""" Updates expected state for group creation"""
self.attrs = dict(
dn=get_group_dn(self.cn),
cn=[self.cn],
description=[self.description],
gidnumber=[fuzzy_digits],
ipauniqueid=[fuzzy_uuid],
objectclass=fuzzy_set_optional_oc(objectclasses.posixgroup,
'ipantgroupattrs'),
ipantsecurityidentifier=[fuzzy_user_or_group_sid],
)
self.exists = True
class test_selinuxusermap(Declarative):
cleanup_commands = [
('selinuxusermap_del', [rule1], {}),
('group_del', [group1], {}),
('user_del', [user1], {}),
('host_del', [host1], {}),
('hbacrule_del', [hbacrule1], {}),
('hbacrule_del', [hbacrule2], {}),
]
tests = [
dict(
desc='Try to retrieve non-existent %r' % rule1,
command=('selinuxusermap_show', [rule1], {}),
expected=errors.NotFound(
reason=u'%s: SELinux User Map rule not found' % rule1),
),
dict(
desc='Try to update non-existent %r' % rule1,
command=('selinuxusermap_mod', [rule1], dict(description=u'Foo')),
expected=errors.NotFound(
reason=u'%s: SELinux User Map rule not found' % rule1),
),
dict(
desc='Try to delete non-existent %r' % rule1,
command=('selinuxusermap_del', [rule1], {}),
expected=errors.NotFound(
reason=u'%s: SELinux User Map rule not found' % rule1),
),
dict(
desc='Create rule %r' % rule1,
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=selinuxuser1)
),
expected=dict(
value=rule1,
summary=u'Added SELinux User Map "%s"' % rule1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser1],
objectclass=objectclasses.selinuxusermap,
ipauniqueid=[fuzzy_uuid],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
),
),
),
dict(
desc='Try to create duplicate %r' % rule1,
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=selinuxuser1)
),
expected=errors.DuplicateEntry(message=u'SELinux User Map rule ' +
u'with name "%s" already exists' % rule1),
),
dict(
desc='Retrieve rule %r' % rule1,
command=('selinuxusermap_show', [rule1], {}),
expected=dict(
value=rule1,
summary=None,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser1],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
),
),
),
dict(
desc='Update rule %r' % rule1,
command=(
'selinuxusermap_mod', [rule1],
dict(ipaselinuxuser=selinuxuser2)
),
expected=dict(
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
),
summary=u'Modified SELinux User Map "%s"' % rule1,
value=rule1,
),
),
dict(
desc='Retrieve %r to verify update' % rule1,
command=('selinuxusermap_show', [rule1], {}),
expected=dict(
value=rule1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
),
summary=None,
),
),
dict(
desc='Search for rule %r' % rule1,
command=('selinuxusermap_find', [], dict(cn=rule1)),
expected=dict(
count=1,
truncated=False,
result=[
dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
),
],
summary=u'1 SELinux User Map matched',
),
),
###############
# Create additional entries needed for testing
dict(
desc='Create %r' % user1,
command=(
'user_add', [], dict(givenname=u'Test', sn=u'User1')
),
expected=dict(
value=user1,
summary=u'Added user "%s"' % user1,
result=get_user_result(user1, u'Test', u'User1', 'add'),
),
),
dict(
desc='Create group %r' % group1,
command=(
'group_add', [group1], dict(description=u'Test desc 1')
),
expected=dict(
value=group1,
summary=u'Added group "%s"' % group1,
result=dict(
cn=[group1],
description=[u'Test desc 1'],
gidnumber=[fuzzy_digits],
objectclass=fuzzy_set_optional_oc(
objectclasses.posixgroup, 'ipantgroupattrs'),
ipauniqueid=[fuzzy_uuid],
dn=DN(('cn', group1), ('cn', 'groups'), ('cn', 'accounts'),
api.env.basedn),
),
),
),
dict(
desc='Add member %r to %r' % (user1, group1),
command=(
'group_add_member', [group1], dict(user=user1)
),
expected=dict(
completed=1,
failed=dict(
member=dict(
group=tuple(),
user=tuple(),
service=tuple(),
idoverrideuser=tuple(),
),
),
result={
'dn': DN(('cn', group1), ('cn', 'groups'),
('cn', 'accounts'), api.env.basedn),
'member_user': (user1,),
'gidnumber': [fuzzy_digits],
'cn': [group1],
'description': [u'Test desc 1'],
},
),
),
dict(
desc='Create host %r' % host1,
command=('host_add', [host1],
dict(
description=u'Test host 1',
l=u'Undisclosed location 1',
force=True,
),
),
expected=dict(
value=host1,
summary=u'Added host "%s"' % host1,
result=dict(
dn=hostdn1,
fqdn=[host1],
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (host1, api.env.realm)],
krbcanonicalname=[u'host/%s@%s' % (host1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[host1],
has_keytab=False,
has_password=False,
),
),
),
dict(
desc='Create HBAC rule %r' % hbacrule1,
command=(
'hbacrule_add', [hbacrule1], {}
),
expected=dict(
value=hbacrule1,
summary=u'Added HBAC rule "%s"' % hbacrule1,
result=dict(
cn=[hbacrule1],
objectclass=objectclasses.hbacrule,
ipauniqueid=[fuzzy_uuid],
accessruletype=[u'allow'],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_hbacruledn,
),
),
),
dict(
desc='Create HBAC rule %r' % hbacrule2,
command=(
'hbacrule_add', [hbacrule2], {}
),
expected=dict(
value=hbacrule2,
summary=u'Added HBAC rule "%s"' % hbacrule2,
result=dict(
cn=[hbacrule2],
objectclass=objectclasses.hbacrule,
ipauniqueid=[fuzzy_uuid],
accessruletype=[u'allow'],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_hbacruledn,
),
),
),
###############
# Fill out rule with members and/or pointers to HBAC rules
dict(
desc='Add user to %r' % rule1,
command=('selinuxusermap_add_user', [rule1], dict(user=user1)),
expected=dict(
failed=dict(memberuser=dict(group=[], user=[])),
completed=1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
memberuser_user=[user1],
dn=fuzzy_selinuxusermapdn,
),
)
),
dict(
desc='Add non-existent user to %r' % rule1,
command=('selinuxusermap_add_user', [rule1],
dict(user=u'notfound')),
expected=dict(
failed=dict(
memberuser=dict(group=[],
user=[(u'notfound', u'no such entry')])
),
completed=0,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
memberuser_user=[user1],
dn=fuzzy_selinuxusermapdn,
),
)
),
dict(
desc='Remove user from %r' % rule1,
command=('selinuxusermap_remove_user', [rule1], dict(user=user1)),
expected=dict(
failed=dict(memberuser=dict(group=[], user=[])),
completed=1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
),
)
),
dict(
desc='Remove non-existent user to %r' % rule1,
command=('selinuxusermap_remove_user', [rule1],
dict(user=u'notfound')),
expected=dict(
failed=dict(
memberuser=dict(group=[],
user=[(u'notfound', u'This entry is not a member')]
)
),
completed=0,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
),
)
),
dict(
desc='Add group to %r' % rule1,
command=('selinuxusermap_add_user', [rule1], dict(group=group1)),
expected=dict(
failed=dict(memberuser=dict(group=[], user=[])),
completed=1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
memberuser_group=[group1],
dn=fuzzy_selinuxusermapdn,
),
)
),
dict(
desc='Add host to %r' % rule1,
command=('selinuxusermap_add_host', [rule1], dict(host=host1)),
expected=dict(
failed=dict(memberhost=dict(hostgroup=[], host=[])),
completed=1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
memberhost_host=[host1],
memberuser_group=[group1],
dn=fuzzy_selinuxusermapdn,
),
)
),
###############
# Test enabling and disabling
dict(
desc='Disable %r' % rule1,
command=('selinuxusermap_disable', [rule1], {}),
expected=dict(
result=True,
value=rule1,
summary=u'Disabled SELinux User Map "%s"' % rule1,
)
),
dict(
desc='Disable %r again' % rule1,
command=('selinuxusermap_disable', [rule1], {}),
expected=errors.AlreadyInactive(),
),
dict(
desc='Enable %r' % rule1,
command=('selinuxusermap_enable', [rule1], {}),
expected=dict(
result=True,
value=rule1,
summary=u'Enabled SELinux User Map "%s"' % rule1,
)
),
dict(
desc='Re-enable %r again' % rule1,
command=('selinuxusermap_enable', [rule1], {}),
expected=errors.AlreadyActive(),
),
# Point to an HBAC Rule
dict(
desc='Add an HBAC rule to %r that has other members' % rule1,
command=(
'selinuxusermap_mod', [rule1], dict(seealso=hbacrule1)
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Remove host from %r' % rule1,
command=('selinuxusermap_remove_host', [rule1], dict(host=host1)),
expected=dict(
failed=dict(memberhost=dict(hostgroup=[], host=[])),
completed=1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
memberuser_group=[group1],
dn=fuzzy_selinuxusermapdn,
),
)
),
dict(
desc='Remove group from %r' % rule1,
command=('selinuxusermap_remove_user', [rule1],
dict(group=group1)),
expected=dict(
failed=dict(memberuser=dict(group=[], user=[])),
completed=1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
),
)
),
dict(
desc='Add non-existent HBAC rule to %r' % rule1,
command=(
'selinuxusermap_mod', [rule1], dict(seealso=u'notfound')
),
expected=errors.NotFound(
reason=u'HBAC rule notfound not found'),
),
dict(
desc='Add an HBAC rule to %r' % rule1,
command=(
'selinuxusermap_mod', [rule1], dict(seealso=hbacrule1)
),
expected=dict(
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser2],
ipaenabledflag=[u'TRUE'],
seealso=hbacrule1,
),
summary=u'Modified SELinux User Map "%s"' % rule1,
value=rule1,
),
),
dict(
desc='Add user to %r that has HBAC' % rule1,
command=('selinuxusermap_add_user', [rule1], dict(user=user1)),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Add host to %r that has HBAC' % rule1,
command=('selinuxusermap_add_host', [rule1], dict(host=host1)),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Try to delete HBAC rule pointed to by %r' % rule1,
command=('hbacrule_del', [hbacrule1], {}),
expected=errors.DependentEntry(key=hbacrule1,
label=u'SELinux User Map', dependent=rule1)
),
# This tests selinuxusermap-find --hbacrule=<foo> returns an
# exact match
dict(
desc='Try to delete similarly named HBAC rule %r' % hbacrule2,
command=('hbacrule_del', [hbacrule2], {}),
expected=dict(
result=dict(failed=[]),
value=[hbacrule2],
summary=u'Deleted HBAC rule "%s"' % hbacrule2,
)
),
# Test clean up
dict(
desc='Delete %r' % rule1,
command=('selinuxusermap_del', [rule1], {}),
expected=dict(
result=dict(failed=[]),
value=[rule1],
summary=u'Deleted SELinux User Map "%s"' % rule1,
)
),
dict(
desc='Try to delete non-existent %r' % rule1,
command=('selinuxusermap_del', [rule1], {}),
expected=errors.NotFound(
reason=u'%s: SELinux User Map rule not found' % rule1),
),
# Some negative tests
dict(
desc='Create rule with unknown user %r' % rule1,
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=u'notfound:s0:c0')
),
expected=errors.NotFound(reason=u'SELinux user notfound:s0:c0 ' +
u'not found in ordering list (in config)'),
),
dict(
desc='Create rule with invalid user bad+user',
command=(
'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'bad+user')
),
expected=errors.ValidationError(
name='selinuxuser',
error=u'Invalid SELinux user name, must match {}'.format(
platformconstants.SELINUX_USER_REGEX)
),
),
dict(
desc='Create rule with invalid MLS foo:s{}'.format(
platformconstants.SELINUX_MLS_MAX + 1),
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=u'foo:s{}'.format(
platformconstants.SELINUX_MLS_MAX + 1))
),
expected=errors.ValidationError(name='selinuxuser',
error=INVALID_MLS),
),
dict(
desc='Create rule with invalid MCS foo:s0:p88',
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=u'foo:s0:p88')
),
expected=errors.ValidationError(name='selinuxuser',
error=INVALID_MCS),
),
dict(
desc='Create rule with invalid MCS foo:s0:c0.c{}'.format(
platformconstants.SELINUX_MCS_MAX + 1),
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=u'foo:s0-s0:c0.c{}'.format(
platformconstants.SELINUX_MCS_MAX + 1))
),
expected=errors.ValidationError(name='selinuxuser',
error=INVALID_MCS),
),
dict(
desc='Create rule with invalid user via setattr',
command=(
'selinuxusermap_mod', [rule1],
dict(setattr=u'ipaselinuxuser=deny')
),
expected=errors.ValidationError(name='ipaselinuxuser',
error=INVALID_MLS),
),
dict(
desc='Create rule with both --hbacrule and --usercat set',
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=selinuxuser1,
seealso=hbacrule1,
usercategory=u'all')
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Create rule with both --hbacrule and --hostcat set',
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=selinuxuser1,
seealso=hbacrule1,
hostcategory=u'all')
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Create rule with both --hbacrule '
'and --usercat set via setattr',
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=selinuxuser1,
seealso=hbacrule1,
setattr=u'usercategory=all')
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Create rule with both --hbacrule '
'and --hostcat set via setattr',
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=selinuxuser1,
seealso=hbacrule1,
setattr=u'hostcategory=all')
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Create rule %r with --hbacrule' % rule1,
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=selinuxuser1, seealso=hbacrule1)
),
expected=dict(
value=rule1,
summary=u'Added SELinux User Map "%s"' % rule1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser1],
objectclass=objectclasses.selinuxusermap,
ipauniqueid=[fuzzy_uuid],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
seealso=hbacrule1
),
),
),
dict(
desc='Add an --usercat to %r that has HBAC set' % rule1,
command=(
'selinuxusermap_mod', [rule1], dict(usercategory=u'all')
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Add an --hostcat to %r that has HBAC set' % rule1,
command=(
'selinuxusermap_mod', [rule1], dict(hostcategory=u'all')
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Add an usercat via setattr to %r that has HBAC set' % rule1,
command=(
'selinuxusermap_mod', [rule1],
dict(setattr=u'usercategory=all')
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Add an hostcat via setattr to %r that has HBAC set' % rule1,
command=(
'selinuxusermap_mod', [rule1],
dict(setattr=u'hostcategory=all')
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Delete %r' % rule1,
command=('selinuxusermap_del', [rule1], {}),
expected=dict(
result=dict(failed=[]),
value=[rule1],
summary=u'Deleted SELinux User Map "%s"' % rule1,
)
),
dict(
desc='Create rule %r with usercat and hostcat set' % rule1,
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=selinuxuser1,
usercategory=u'all',
hostcategory=u'all')
),
expected=dict(
value=rule1,
summary=u'Added SELinux User Map "%s"' % rule1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser1],
objectclass=objectclasses.selinuxusermap,
ipauniqueid=[fuzzy_uuid],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
usercategory=[u'all'],
hostcategory=[u'all']
),
),
),
dict(
desc='Add HBAC rule to %r that has usercat and hostcat' % rule1,
command=(
'selinuxusermap_mod', [rule1], dict(seealso=hbacrule1)
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Delete %r' % rule1,
command=('selinuxusermap_del', [rule1], {}),
expected=dict(
result=dict(failed=[]),
value=[rule1],
summary=u'Deleted SELinux User Map "%s"' % rule1,
)
),
dict(
desc='Create rule %r' % rule1,
command=(
'selinuxusermap_add', [rule1],
dict(ipaselinuxuser=selinuxuser1)
),
expected=dict(
value=rule1,
summary=u'Added SELinux User Map "%s"' % rule1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser1],
objectclass=objectclasses.selinuxusermap,
ipauniqueid=[fuzzy_uuid],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
),
),
),
dict(
desc='Add HBAC rule, hostcat and usercat to %r' % rule1,
command=(
'selinuxusermap_mod', [rule1],
dict(seealso=hbacrule1,
usercategory=u'all',
hostcategory=u'all')
),
expected=errors.MutuallyExclusiveError(
reason=u'HBAC rule and local members cannot both be set'),
),
dict(
desc='Delete %r' % rule1,
command=('selinuxusermap_del', [rule1], {}),
expected=dict(
result=dict(failed=[]),
value=[rule1],
summary=u'Deleted SELinux User Map "%s"' % rule1,
)
),
dict(
desc='Create rule %r with '
'--setattr=seealso=<allow_all rule DN>' % rule1,
command=(
'selinuxusermap_add',
[rule1],
dict(ipaselinuxuser=selinuxuser1,
setattr=u'seealso=%s' % allow_all_rule_dn)
),
expected=dict(
value=rule1,
summary=u'Added SELinux User Map "%s"' % rule1,
result=dict(
cn=[rule1],
ipaselinuxuser=[selinuxuser1],
objectclass=objectclasses.selinuxusermap,
ipauniqueid=[fuzzy_uuid],
ipaenabledflag=[u'TRUE'],
dn=fuzzy_selinuxusermapdn,
seealso=u'allow_all',
),
),
),
dict(
desc='Delete %r' % rule1,
command=('selinuxusermap_del', [rule1], {}),
expected=dict(
result=dict(failed=[]),
value=[rule1],
summary=u'Deleted SELinux User Map "%s"' % rule1,
)
),
]
def get_user_result(uid,
givenname,
sn,
operation='show',
omit=[],
**overrides):
"""Get a user result for a user-{add,mod,find,show} command
This gives the result as from a user_add(uid, givenname=givenname, sn=sn);
modifications to that can be specified in ``omit`` and ``overrides``.
The ``operation`` can be one of:
- add
- show
- show-all ((show with the --all flag)
- find
- mod
Attributes named in ``omit`` are removed from the result; any additional
or non-default values can be specified in ``overrides``.
"""
# sn can be None; this should only be used from `get_admin_result`
cn = overrides.get('cn', ['%s %s' % (givenname, sn or '')])
cn[0] = cn[0].strip()
result = dict(
homedirectory=[u'/home/%s' % uid],
loginshell=[platformconstants.DEFAULT_SHELL],
uid=[uid],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)],
krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
mail=[u'%s@%s' % (uid, api.env.domain)],
has_keytab=False,
has_password=False,
)
if sn:
result['sn'] = [sn]
if givenname:
result['givenname'] = [givenname]
if operation in ('add', 'show', 'show-all', 'find'):
result.update(dn=get_user_dn(uid), )
if operation in ('add', 'show-all'):
result.update(
cn=cn,
displayname=cn,
gecos=cn,
initials=[givenname[0] + (sn or '')[:1]],
ipauniqueid=[fuzzy_uuid],
mepmanagedentry=[get_group_dn(uid)],
objectclass=fuzzy_set_optional_oc(objectclasses.user,
'ipantuserattrs'),
krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)],
)
if operation == 'show-all':
result.update(ipantsecurityidentifier=[fuzzy_user_or_group_sid], )
if operation in ('show', 'show-all', 'find', 'mod'):
result.update(nsaccountlock=False, )
if operation in ('add', 'show', 'show-all', 'mod'):
result.update(memberof_group=[u'ipausers'], )
for key in omit:
del result[key]
result.update(overrides)
return result
class test_netgroup(Declarative):
"""
Test the `netgroup` plugin.
"""
cleanup_commands = [
('netgroup_del', [netgroup1], {}),
('netgroup_del', [netgroup2], {}),
('host_del', [host1], {}),
('hostgroup_del', [hostgroup1], {}),
('user_del', [user1], {}),
('user_del', [user2], {}),
('group_del', [group1], {}),
]
tests = [
dict(
desc='Try to retrieve non-existent %r' % netgroup1,
command=('netgroup_show', [netgroup1], {}),
expected=errors.NotFound(reason=u'%s: netgroup not found' %
netgroup1),
),
dict(
desc='Try to update non-existent %r' % netgroup1,
command=('netgroup_mod', [netgroup1],
dict(description=u'Updated hostgroup 1')),
expected=errors.NotFound(reason=u'%s: netgroup not found' %
netgroup1),
),
dict(
desc='Try to delete non-existent %r' % netgroup1,
command=('netgroup_del', [netgroup1], {}),
expected=errors.NotFound(reason=u'%s: netgroup not found' %
netgroup1),
),
dict(
desc='Test an invalid netgroup name %r' % invalidnetgroup1,
command=('netgroup_add', [invalidnetgroup1],
dict(description=u'Test')),
expected=errors.ValidationError(
name='name',
error=u'may only include letters, numbers, _, -, and .'),
),
dict(
desc='Test an invalid nisdomain1 name %r' % invalidnisdomain1,
command=('netgroup_add', [netgroup1],
dict(description=u'Test',
nisdomainname=invalidnisdomain1)),
expected=errors.ValidationError(
name='nisdomain',
error='may only include letters, numbers, _, -, and .'),
),
dict(
desc='Test an invalid nisdomain2 name %r' % invalidnisdomain2,
command=('netgroup_add', [netgroup1],
dict(description=u'Test',
nisdomainname=invalidnisdomain2)),
expected=errors.ValidationError(
name='nisdomain',
error='may only include letters, numbers, _, -, and .'),
),
dict(
desc='Create %r' % netgroup1,
command=('netgroup_add', [netgroup1],
dict(description=u'Test netgroup 1')),
expected=dict(
value=netgroup1,
summary=u'Added netgroup "%s"' % netgroup1,
result=dict(
dn=fuzzy_netgroupdn,
cn=[netgroup1],
objectclass=objectclasses.netgroup,
description=[u'Test netgroup 1'],
nisdomainname=['%s' % api.env.domain],
ipauniqueid=[fuzzy_uuid],
),
),
),
dict(
desc='Create %r' % netgroup2,
command=('netgroup_add', [netgroup2],
dict(description=u'Test netgroup 2')),
expected=dict(
value=netgroup2,
summary=u'Added netgroup "%s"' % netgroup2,
result=dict(
dn=fuzzy_netgroupdn,
cn=[netgroup2],
objectclass=objectclasses.netgroup,
description=[u'Test netgroup 2'],
nisdomainname=['%s' % api.env.domain],
ipauniqueid=[fuzzy_uuid],
),
),
),
dict(
desc='Create netgroup with name containing only one letter: %r' %
netgroup_single,
command=('netgroup_add', [netgroup_single],
dict(description=u'Test netgroup_single')),
expected=dict(
value=netgroup_single,
summary=u'Added netgroup "%s"' % netgroup_single,
result=dict(
dn=fuzzy_netgroupdn,
cn=[netgroup_single],
objectclass=objectclasses.netgroup,
description=[u'Test netgroup_single'],
nisdomainname=['%s' % api.env.domain],
ipauniqueid=[fuzzy_uuid],
),
),
),
dict(
desc='Delete %r' % netgroup_single,
command=('netgroup_del', [netgroup_single], {}),
expected=dict(
value=[netgroup_single],
summary=u'Deleted netgroup "%s"' % netgroup_single,
result=dict(failed=[]),
),
),
dict(
desc='Try to create duplicate %r' % netgroup1,
command=('netgroup_add', [netgroup1],
dict(description=u'Test netgroup 1')),
expected=errors.DuplicateEntry(
message=u'netgroup with name "%s" already exists' % netgroup1),
),
dict(
desc='Create host %r' % host1,
command=(
'host_add',
[host1],
dict(
description=u'Test host 1',
l=u'Undisclosed location 1',
force=True,
),
),
expected=dict(
value=host1,
summary=u'Added host "%s"' % host1,
result=dict(
dn=host_dn1,
fqdn=[host1],
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (host1, api.env.realm)],
krbcanonicalname=[u'host/%s@%s' % (host1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[host1],
has_keytab=False,
has_password=False,
),
),
),
dict(
desc='Create %r' % hostgroup1,
command=('hostgroup_add', [hostgroup1],
dict(description=u'Test hostgroup 1')),
expected=dict(
value=hostgroup1,
summary=u'Added hostgroup "%s"' % hostgroup1,
result=dict(
dn=hostgroup_dn1,
cn=[hostgroup1],
objectclass=objectclasses.hostgroup,
description=[u'Test hostgroup 1'],
mepmanagedentry=[
DN(('cn', hostgroup1), ('cn', 'ng'), ('cn', 'alt'),
api.env.basedn)
],
ipauniqueid=[fuzzy_uuid],
),
),
),
dict(
desc='Create %r' % user1,
command=('user_add', [user1], dict(givenname=u'Test',
sn=u'User1')),
expected=dict(
value=user1,
summary=u'Added user "%s"' % user1,
result=get_user_result(user1, u'Test', u'User1', 'add'),
),
),
dict(
desc='Create %r' % user2,
command=('user_add', [user2], dict(givenname=u'Test',
sn=u'User2')),
expected=dict(
value=user2,
summary=u'Added user "%s"' % user2,
result=get_user_result(user2, u'Test', u'User2', 'add'),
),
),
dict(
desc='Create %r' % group1,
command=('group_add', [group1], dict(description=u'Test desc 1')),
expected=dict(
value=group1,
summary=u'Added group "%s"' % group1,
result=dict(
cn=[group1],
description=[u'Test desc 1'],
gidnumber=[fuzzy_digits],
objectclass=fuzzy_set_optional_oc(objectclasses.posixgroup,
'ipantgroupattrs'),
ipauniqueid=[fuzzy_uuid],
dn=DN(('cn', group1), ('cn', 'groups'), ('cn', 'accounts'),
api.env.basedn),
),
),
),
dict(
desc='Add user %r to group %r' % (user2, group1),
command=('group_add_member', [group1], dict(user=user2)),
expected=dict(
completed=1,
failed=dict(member=dict(
group=tuple(),
user=tuple(),
service=tuple(),
idoverrideuser=tuple(),
), ),
result={
'dn':
DN(('cn', group1), ('cn', 'groups'), ('cn', 'accounts'),
api.env.basedn),
'member_user': (user2, ),
'gidnumber': [fuzzy_digits],
'cn': [group1],
'description': [u'Test desc 1'],
},
),
),
dict(
desc='Add invalid host %r to netgroup %r' %
(invalidhost, netgroup1),
command=('netgroup_add_member', [netgroup1],
dict(host=invalidhost)),
expected=errors.ValidationError(
name='host',
error=u"only letters, numbers, '_', '-' are allowed. " +
u"DNS label may not start or end with '-'"),
),
dict(
desc='Add host %r to netgroup %r' % (host1, netgroup1),
command=('netgroup_add_member', [netgroup1], dict(host=host1)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
),
),
dict(
desc='Add hostgroup %r to netgroup %r' % (hostgroup1, netgroup1),
command=('netgroup_add_member', [netgroup1],
dict(hostgroup=hostgroup1)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
),
),
dict(
desc='Search for netgroups using no_user with members',
command=('netgroup_find', [], dict(no_user=user1,
no_members=False)),
expected=dict(
count=2,
truncated=False,
summary=u'2 netgroups matched',
result=[
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc='Search for netgroups using no_user',
command=('netgroup_find', [], dict(no_user=user1)),
expected=dict(
count=2,
truncated=False,
summary=u'2 netgroups matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc="Check %r doesn't match when searching for %s" %
(netgroup1, user1),
command=('netgroup_find', [], dict(user=user1)),
expected=dict(
count=0,
truncated=False,
summary=u'0 netgroups matched',
result=[],
),
),
dict(
desc='Add user %r to netgroup %r' % (user1, netgroup1),
command=('netgroup_add_member', [netgroup1], dict(user=user1)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
),
),
dict(
desc="Check %r doesn't match when searching for no %s" %
(netgroup1, user1),
command=('netgroup_find', [], dict(no_user=user1)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc='Add group %r to netgroup %r' % (group1, netgroup1),
command=('netgroup_add_member', [netgroup1], dict(group=group1)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
),
),
dict(
desc='Add netgroup %r to netgroup %r' % (netgroup2, netgroup1),
command=('netgroup_add_member', [netgroup1],
dict(netgroup=netgroup2)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
),
),
dict(
desc='Add non-existent netgroup to netgroup %r' % (netgroup1),
command=('netgroup_add_member', [netgroup1],
dict(netgroup=u'notfound')),
expected=dict(
completed=0,
failed=dict(
member=dict(netgroup=[(u'notfound', u'no such entry')], ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
),
),
dict(
desc='Add duplicate user %r to netgroup %r' % (user1, netgroup1),
command=('netgroup_add_member', [netgroup1], dict(user=user1)),
expected=dict(
completed=0,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=[('%s' % user1, u'This entry is already a member')
],
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
),
),
dict(
desc='Add duplicate group %r to netgroup %r' % (group1, netgroup1),
command=('netgroup_add_member', [netgroup1], dict(group=group1)),
expected=dict(
completed=0,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=[('%s' % group1,
u'This entry is already a member')],
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
),
),
dict(
desc='Add duplicate host %r to netgroup %r' % (host1, netgroup1),
command=('netgroup_add_member', [netgroup1], dict(host=host1)),
expected=dict(
completed=0,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=[('%s' % host1, u'This entry is already a member')
],
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
),
),
dict(
desc='Add duplicate hostgroup %r to netgroup %r' %
(hostgroup1, netgroup1),
command=('netgroup_add_member', [netgroup1],
dict(hostgroup=hostgroup1)),
expected=dict(
completed=0,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=[('%s' % hostgroup1,
u'This entry is already a member')],
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
),
),
dict(
desc='Add unknown host %r to netgroup %r' %
(unknown_host, netgroup1),
command=('netgroup_add_member', [netgroup1],
dict(host=unknown_host)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Add invalid host %r to netgroup %r using setattr' %
(invalidhost, netgroup1),
command=('netgroup_mod', [netgroup1],
dict(setattr='externalhost=%s' % invalidhost)),
expected=errors.ValidationError(
name='externalhost',
error=u"only letters, numbers, '_', '-' are allowed. " +
u"DNS label may not start or end with '-'"),
),
dict(desc='Add unknown host %r to netgroup %r using addattr' %
(unknown_host2, netgroup1),
command=('netgroup_mod', [netgroup1],
dict(addattr='externalhost=%s' % unknown_host2)),
expected=dict(
value=u'netgroup1',
summary=u'Modified netgroup "netgroup1"',
result={
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host, unknown_host2],
},
)),
dict(desc='Remove unknown host %r from netgroup %r using delattr' %
(unknown_host2, netgroup1),
command=('netgroup_mod', [netgroup1],
dict(delattr='externalhost=%s' % unknown_host2)),
expected=dict(
value=u'netgroup1',
summary=u'Modified netgroup "netgroup1"',
result={
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
)),
dict(
desc='Retrieve %r' % netgroup1,
command=('netgroup_show', [netgroup1], {}),
expected=dict(
value=netgroup1,
summary=None,
result={
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Search for %r with members' % netgroup1,
command=('netgroup_find', [], dict(cn=netgroup1,
no_members=False)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
],
),
),
dict(
desc='Search for %r' % netgroup1,
command=('netgroup_find', [], dict(cn=netgroup1)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
],
),
),
dict(
desc='Search for %r using user with members' % netgroup1,
command=('netgroup_find', [], dict(user=user1, no_members=False)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
],
),
),
dict(
desc='Search for %r using user' % netgroup1,
command=('netgroup_find', [], dict(user=user1)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
],
),
),
dict(
desc=('Search for all netgroups using empty member user with '
'members'),
command=('netgroup_find', [], dict(user=None, no_members=False)),
expected=dict(
count=2,
truncated=False,
summary=u'2 netgroups matched',
result=[
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
{
'dn': fuzzy_netgroupdn,
'memberof_netgroup': (netgroup1, ),
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc='Search for all netgroups using empty member user',
command=('netgroup_find', [], dict(user=None)),
expected=dict(
count=2,
truncated=False,
summary=u'2 netgroups matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc='Update %r' % netgroup1,
command=('netgroup_mod', [netgroup1],
dict(description=u'Updated netgroup 1')),
expected=dict(
value=netgroup1,
summary=u'Modified netgroup "%s"' % netgroup1,
result={
'memberhost_host': (host1, ),
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Remove host %r from netgroup %r' % (host1, netgroup1),
command=('netgroup_remove_member', [netgroup1], dict(host=host1)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberhost_hostgroup': (hostgroup1, ),
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Remove hostgroup %r from netgroup %r' %
(hostgroup1, netgroup1),
command=('netgroup_remove_member', [netgroup1],
dict(hostgroup=hostgroup1)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberuser_user': (user1, ),
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Remove user %r from netgroup %r' % (user1, netgroup1),
command=('netgroup_remove_member', [netgroup1], dict(user=user1)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'memberuser_group': (group1, ),
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Remove group %r from netgroup %r' % (group1, netgroup1),
command=('netgroup_remove_member', [netgroup1],
dict(group=group1)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'member_netgroup': (netgroup2, ),
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Remove netgroup %r from netgroup %r' %
(netgroup2, netgroup1),
command=('netgroup_remove_member', [netgroup1],
dict(netgroup=netgroup2)),
expected=dict(
completed=1,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Remove host %r from netgroup %r again' % (host1, netgroup1),
command=('netgroup_remove_member', [netgroup1], dict(host=host1)),
expected=dict(
completed=0,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(hostgroup=tuple(),
host=[('%s' % host1,
u'This entry is not a member')]),
),
result={
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Remove hostgroup %r from netgroup %r again' %
(hostgroup1, netgroup1),
command=('netgroup_remove_member', [netgroup1],
dict(hostgroup=hostgroup1)),
expected=dict(
completed=0,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=[('%s' % hostgroup1,
u'This entry is not a member')],
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Remove user %r from netgroup %r again' % (user1, netgroup1),
command=('netgroup_remove_member', [netgroup1], dict(user=user1)),
expected=dict(
completed=0,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=tuple(),
user=[('%s' % user1, u'This entry is not a member')],
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Remove group %r from netgroup %r again' %
(group1, netgroup1),
command=('netgroup_remove_member', [netgroup1],
dict(group=group1)),
expected=dict(
completed=0,
failed=dict(
member=dict(netgroup=tuple(), ),
memberuser=dict(
group=[('%s' % group1, u'This entry is not a member')],
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Remove netgroup %r from netgroup %r again' %
(netgroup2, netgroup1),
command=('netgroup_remove_member', [netgroup1],
dict(netgroup=netgroup2)),
expected=dict(
completed=0,
failed=dict(
member=dict(netgroup=[('%s' % netgroup2,
u'This entry is not a member')], ),
memberuser=dict(
group=tuple(),
user=tuple(),
),
memberhost=dict(
hostgroup=tuple(),
host=tuple(),
),
),
result={
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
),
),
dict(
desc='Delete %r' % netgroup1,
command=('netgroup_del', [netgroup1], {}),
expected=dict(
value=[netgroup1],
summary=u'Deleted netgroup "%s"' % netgroup1,
result=dict(failed=[]),
),
),
]
class test_trustconfig(Declarative):
@pytest.fixture(autouse=True, scope="class")
def trustconfig_setup(self, declarative_setup):
if not api.Backend.rpcclient.isconnected():
api.Backend.rpcclient.connect()
try:
api.Command['trustconfig_show'](trust_type=u'ad')
except errors.NotFound:
pytest.skip('Trusts are not configured')
cleanup_commands = [
('group_del', [testgroup], {}),
('trustconfig_mod', [], {
'trust_type': u'ad',
'ipantfallbackprimarygroup': default_group
}),
]
tests = [
dict(
desc='Retrieve trust configuration for AD domains',
command=('trustconfig_show', [], {
'trust_type': u'ad'
}),
expected={
'value': u'ad',
'summary': None,
'result': {
'dn': trustconfig_ad_config,
'cn': [api.env.domain],
'ipantdomainguid': [fuzzy_guid],
'ipantfallbackprimarygroup': [default_group],
'ipantflatname': [fuzzy_string],
'ipantsecurityidentifier': [fuzzy_domain_sid],
'ad_trust_agent_server': [api.env.host],
'ad_trust_controller_server': [api.env.host]
},
},
),
dict(
desc='Retrieve trust configuration for AD domains with --raw',
command=('trustconfig_show', [], {
'trust_type': u'ad',
'raw': True
}),
expected={
'value': u'ad',
'summary': None,
'result': {
'dn': trustconfig_ad_config,
'cn': [api.env.domain],
'ipantdomainguid': [fuzzy_guid],
'ipantfallbackprimarygroup': [default_group_dn],
'ipantflatname': [fuzzy_string],
'ipantsecurityidentifier': [fuzzy_domain_sid]
},
},
),
dict(
desc='Create auxiliary group %r' % testgroup,
command=('group_add', [testgroup],
dict(description=u'Test group')),
expected=dict(
value=testgroup,
summary=u'Added group "%s"' % testgroup,
result=dict(
cn=[testgroup],
description=[u'Test group'],
gidnumber=[fuzzy_digits],
objectclass=fuzzy_set_optional_oc(objectclasses.posixgroup,
'ipantgroupattrs'),
ipauniqueid=[fuzzy_uuid],
dn=testgroup_dn,
),
),
),
dict(desc='Try to change primary fallback group to nonexistent group',
command=('trustconfig_mod', [], {
'trust_type': u'ad',
'ipantfallbackprimarygroup': u'doesnotexist'
}),
expected=errors.NotFound(reason=u'%s: group not found' %
'doesnotexist')),
dict(
desc='Try to change primary fallback group to nonexistent group DN',
command=('trustconfig_mod', [], {
'trust_type': u'ad',
'ipantfallbackprimarygroup': u'cn=doesnotexist,dc=test'
}),
expected=errors.NotFound(reason=u'%s: group not found' %
'cn=doesnotexist,dc=test')),
dict(
desc='Change primary fallback group to "%s"' % testgroup,
command=('trustconfig_mod', [], {
'trust_type': u'ad',
'ipantfallbackprimarygroup': testgroup
}),
expected={
'value': u'ad',
'summary': u'Modified "ad" trust configuration',
'result': {
'cn': [api.env.domain],
'ipantdomainguid': [fuzzy_guid],
'ipantfallbackprimarygroup': [testgroup],
'ipantflatname': [fuzzy_string],
'ipantsecurityidentifier': [fuzzy_domain_sid],
'ad_trust_agent_server': [api.env.host],
'ad_trust_controller_server': [api.env.host]
},
},
),
dict(
desc='Change primary fallback group back to "%s" using DN' %
default_group,
command=('trustconfig_mod', [], {
'trust_type': u'ad',
'ipantfallbackprimarygroup': unicode(default_group_dn)
}),
expected={
'value': u'ad',
'summary': u'Modified "ad" trust configuration',
'result': {
'cn': [api.env.domain],
'ipantdomainguid': [fuzzy_guid],
'ipantfallbackprimarygroup': [default_group],
'ipantflatname': [fuzzy_string],
'ipantsecurityidentifier': [fuzzy_domain_sid],
'ad_trust_agent_server': [api.env.host],
'ad_trust_controller_server': [api.env.host]
},
},
),
]
class test_batch(Declarative):
cleanup_commands = [
('group_del', [group1], {}),
]
tests = [
dict(
desc='Batch ping',
command=('batch', [dict(method=u'ping', params=([], {}))], {}),
expected=dict(count=1,
results=[
dict(summary=Fuzzy('IPA server version .*'),
error=None),
]),
),
dict(
desc='Batch two pings',
command=('batch', [dict(method=u'ping', params=([], {}))] * 2, {}),
expected=dict(count=2,
results=[
dict(summary=Fuzzy('IPA server version .*'),
error=None),
dict(summary=Fuzzy('IPA server version .*'),
error=None),
]),
),
dict(
desc='Create and deleting a group',
command=('batch', [
dict(method=u'group_add',
params=([group1], dict(description=u'Test desc 1'))),
dict(method=u'group_del', params=([group1], dict())),
], {}),
expected=dict(
count=2,
results=deepequal_list(
dict(value=group1,
summary=u'Added group "testgroup1"',
result=dict(
cn=[group1],
description=[u'Test desc 1'],
objectclass=fuzzy_set_optional_oc(
objectclasses.posixgroup, 'ipantgroupattrs'),
ipauniqueid=[fuzzy_uuid],
gidnumber=[fuzzy_digits],
dn=DN(('cn', 'testgroup1'), ('cn', 'groups'),
('cn', 'accounts'), api.env.basedn),
),
error=None),
dict(summary=u'Deleted group "%s"' % group1,
result=dict(failed=[]),
value=[group1],
error=None),
),
),
),
dict(
desc='Try to delete nonexistent group twice',
command=('batch', [
dict(method=u'group_del', params=([group1], dict())),
dict(method=u'group_del', params=([group1], dict())),
], {}),
expected=dict(
count=2,
results=[
dict(
error=u'%s: group not found' % group1,
error_name=u'NotFound',
error_code=4001,
error_kw=dict(reason=u'%s: group not found' %
group1, ),
),
dict(
error=u'%s: group not found' % group1,
error_name=u'NotFound',
error_code=4001,
error_kw=dict(reason=u'%s: group not found' %
group1, ),
),
],
),
),
dict(
desc='Try to delete non-existent group first, then create it',
command=('batch', [
dict(method=u'group_del', params=([group1], dict())),
dict(method=u'group_add',
params=([group1], dict(description=u'Test desc 1'))),
], {}),
expected=dict(
count=2,
results=deepequal_list(
dict(
error=u'%s: group not found' % group1,
error_name=u'NotFound',
error_code=4001,
error_kw=dict(reason=u'%s: group not found' %
group1, ),
),
dict(value=group1,
summary=u'Added group "testgroup1"',
result=dict(
cn=[group1],
description=[u'Test desc 1'],
objectclass=fuzzy_set_optional_oc(
objectclasses.posixgroup, 'ipantgroupattrs'),
ipauniqueid=[fuzzy_uuid],
gidnumber=[fuzzy_digits],
dn=DN(('cn', 'testgroup1'), ('cn', 'groups'),
('cn', 'accounts'), api.env.basedn),
),
error=None),
),
),
),
dict(
desc='Try bad command invocations',
command=(
'batch',
[
# bad command name
dict(method=u'nonexistent_ipa_command',
params=([], dict())),
# dash, not underscore, in command name
dict(method=u'user-del', params=([], dict())),
# missing command name
dict(params=([group1], dict())),
# missing params
dict(method=u'user_del'),
# missing required argument
dict(method=u'user_add', params=([], dict())),
# missing required option
dict(method=u'user_add',
params=([], dict(givenname=first1))),
# bad type
dict(method=u'group_add',
params=([group1],
dict(description=u't', gidnumber=u'bad'))),
],
{}),
expected=dict(
count=7,
results=deepequal_list(
dict(
error=u"unknown command 'nonexistent_ipa_command'",
error_name=u'CommandError',
error_code=905,
error_kw=dict(name=u'nonexistent_ipa_command', ),
),
dict(
error=u"unknown command 'user-del'",
error_name=u'CommandError',
error_code=905,
error_kw=dict(name=u'user-del', ),
),
dict(
error=u"'method' is required",
error_name=u'RequirementError',
error_code=3007,
error_kw=dict(name=u'method', ),
),
dict(
error=u"'params' is required",
error_name=u'RequirementError',
error_code=3007,
error_kw=dict(name=u'params', ),
),
dict(
error=u"'givenname' is required",
error_name=u'RequirementError',
error_code=3007,
error_kw=dict(name=u'givenname', ),
),
dict(
error=u"'sn' is required",
error_name=u'RequirementError',
error_code=3007,
error_kw=dict(name=u'sn', ),
),
dict(
error=Fuzzy(u"invalid 'gid'.*"),
error_name=u'ConversionError',
error_code=3008,
error_kw=dict(
name=u'gid',
error=Fuzzy(u'.*'),
),
),
),
),
),
]
