def track_create(self): """ Update expected state for user creation """ self.attrs = dict( dn=self.dn, uid=[self.uid], givenname=[self.givenname], sn=[self.sn], homedirectory=[u'/home/%s' % self.uid], displayname=[u'%s %s' % (self.givenname, self.sn)], cn=[u'%s %s' % (self.givenname, self.sn)], initials=[u'%s%s' % (self.givenname[0], self.sn[0])], objectclass=fuzzy_set_optional_oc(objectclasses.user, 'ipantuserattrs'), description=[u'__no_upg__'], ipauniqueid=[fuzzy_uuid], uidnumber=[fuzzy_digits], gidnumber=[fuzzy_digits], krbprincipalname=[u'%s@%s' % (self.uid, self.api.env.realm)], krbcanonicalname=[u'%s@%s' % (self.uid, self.api.env.realm)], mail=[u'%s@%s' % (self.uid, self.api.env.domain)], gecos=[u'%s %s' % (self.givenname, self.sn)], loginshell=[platformconstants.DEFAULT_SHELL], has_keytab=False, has_password=False, mepmanagedentry=[get_group_dn(self.uid)], memberof_group=[u'ipausers'], nsaccountlock=[u'false'], ipantsecurityidentifier=[fuzzy_user_or_group_sid], ) for key, value in self.kwargs.items(): if key == "krbprincipalname": try: princ_splitted = value.split("@", maxsplit=1) self.attrs[key] = [ "{}@{}".format( princ_splitted[0].lower(), princ_splitted[1], ) ] except IndexError: # we can provide just principal part self.attrs[key] = [ "{}@{}".format(value.lower(), self.api.env.realm) ] else: if not isinstance(value, list): self.attrs[key] = [value] else: self.attrs[key] = value self.exists = True
def track_create(self): """ Updates expected state for group creation""" self.attrs = dict( dn=get_group_dn(self.cn), cn=[self.cn], description=[self.description], gidnumber=[fuzzy_digits], ipauniqueid=[fuzzy_uuid], objectclass=fuzzy_set_optional_oc(objectclasses.posixgroup, 'ipantgroupattrs'), ipantsecurityidentifier=[fuzzy_user_or_group_sid], ) self.exists = True
class test_selinuxusermap(Declarative): cleanup_commands = [ ('selinuxusermap_del', [rule1], {}), ('group_del', [group1], {}), ('user_del', [user1], {}), ('host_del', [host1], {}), ('hbacrule_del', [hbacrule1], {}), ('hbacrule_del', [hbacrule2], {}), ] tests = [ dict( desc='Try to retrieve non-existent %r' % rule1, command=('selinuxusermap_show', [rule1], {}), expected=errors.NotFound( reason=u'%s: SELinux User Map rule not found' % rule1), ), dict( desc='Try to update non-existent %r' % rule1, command=('selinuxusermap_mod', [rule1], dict(description=u'Foo')), expected=errors.NotFound( reason=u'%s: SELinux User Map rule not found' % rule1), ), dict( desc='Try to delete non-existent %r' % rule1, command=('selinuxusermap_del', [rule1], {}), expected=errors.NotFound( reason=u'%s: SELinux User Map rule not found' % rule1), ), dict( desc='Create rule %r' % rule1, command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=selinuxuser1) ), expected=dict( value=rule1, summary=u'Added SELinux User Map "%s"' % rule1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser1], objectclass=objectclasses.selinuxusermap, ipauniqueid=[fuzzy_uuid], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, ), ), ), dict( desc='Try to create duplicate %r' % rule1, command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=selinuxuser1) ), expected=errors.DuplicateEntry(message=u'SELinux User Map rule ' + u'with name "%s" already exists' % rule1), ), dict( desc='Retrieve rule %r' % rule1, command=('selinuxusermap_show', [rule1], {}), expected=dict( value=rule1, summary=None, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser1], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, ), ), ), dict( desc='Update rule %r' % rule1, command=( 'selinuxusermap_mod', [rule1], dict(ipaselinuxuser=selinuxuser2) ), expected=dict( result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], ), summary=u'Modified SELinux User Map "%s"' % rule1, value=rule1, ), ), dict( desc='Retrieve %r to verify update' % rule1, command=('selinuxusermap_show', [rule1], {}), expected=dict( value=rule1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, ), summary=None, ), ), dict( desc='Search for rule %r' % rule1, command=('selinuxusermap_find', [], dict(cn=rule1)), expected=dict( count=1, truncated=False, result=[ dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, ), ], summary=u'1 SELinux User Map matched', ), ), ############### # Create additional entries needed for testing dict( desc='Create %r' % user1, command=( 'user_add', [], dict(givenname=u'Test', sn=u'User1') ), expected=dict( value=user1, summary=u'Added user "%s"' % user1, result=get_user_result(user1, u'Test', u'User1', 'add'), ), ), dict( desc='Create group %r' % group1, command=( 'group_add', [group1], dict(description=u'Test desc 1') ), expected=dict( value=group1, summary=u'Added group "%s"' % group1, result=dict( cn=[group1], description=[u'Test desc 1'], gidnumber=[fuzzy_digits], objectclass=fuzzy_set_optional_oc( objectclasses.posixgroup, 'ipantgroupattrs'), ipauniqueid=[fuzzy_uuid], dn=DN(('cn', group1), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn), ), ), ), dict( desc='Add member %r to %r' % (user1, group1), command=( 'group_add_member', [group1], dict(user=user1) ), expected=dict( completed=1, failed=dict( member=dict( group=tuple(), user=tuple(), service=tuple(), idoverrideuser=tuple(), ), ), result={ 'dn': DN(('cn', group1), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn), 'member_user': (user1,), 'gidnumber': [fuzzy_digits], 'cn': [group1], 'description': [u'Test desc 1'], }, ), ), dict( desc='Create host %r' % host1, command=('host_add', [host1], dict( description=u'Test host 1', l=u'Undisclosed location 1', force=True, ), ), expected=dict( value=host1, summary=u'Added host "%s"' % host1, result=dict( dn=hostdn1, fqdn=[host1], description=[u'Test host 1'], l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (host1, api.env.realm)], krbcanonicalname=[u'host/%s@%s' % (host1, api.env.realm)], objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[host1], has_keytab=False, has_password=False, ), ), ), dict( desc='Create HBAC rule %r' % hbacrule1, command=( 'hbacrule_add', [hbacrule1], {} ), expected=dict( value=hbacrule1, summary=u'Added HBAC rule "%s"' % hbacrule1, result=dict( cn=[hbacrule1], objectclass=objectclasses.hbacrule, ipauniqueid=[fuzzy_uuid], accessruletype=[u'allow'], ipaenabledflag=[u'TRUE'], dn=fuzzy_hbacruledn, ), ), ), dict( desc='Create HBAC rule %r' % hbacrule2, command=( 'hbacrule_add', [hbacrule2], {} ), expected=dict( value=hbacrule2, summary=u'Added HBAC rule "%s"' % hbacrule2, result=dict( cn=[hbacrule2], objectclass=objectclasses.hbacrule, ipauniqueid=[fuzzy_uuid], accessruletype=[u'allow'], ipaenabledflag=[u'TRUE'], dn=fuzzy_hbacruledn, ), ), ), ############### # Fill out rule with members and/or pointers to HBAC rules dict( desc='Add user to %r' % rule1, command=('selinuxusermap_add_user', [rule1], dict(user=user1)), expected=dict( failed=dict(memberuser=dict(group=[], user=[])), completed=1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], memberuser_user=[user1], dn=fuzzy_selinuxusermapdn, ), ) ), dict( desc='Add non-existent user to %r' % rule1, command=('selinuxusermap_add_user', [rule1], dict(user=u'notfound')), expected=dict( failed=dict( memberuser=dict(group=[], user=[(u'notfound', u'no such entry')]) ), completed=0, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], memberuser_user=[user1], dn=fuzzy_selinuxusermapdn, ), ) ), dict( desc='Remove user from %r' % rule1, command=('selinuxusermap_remove_user', [rule1], dict(user=user1)), expected=dict( failed=dict(memberuser=dict(group=[], user=[])), completed=1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, ), ) ), dict( desc='Remove non-existent user to %r' % rule1, command=('selinuxusermap_remove_user', [rule1], dict(user=u'notfound')), expected=dict( failed=dict( memberuser=dict(group=[], user=[(u'notfound', u'This entry is not a member')] ) ), completed=0, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, ), ) ), dict( desc='Add group to %r' % rule1, command=('selinuxusermap_add_user', [rule1], dict(group=group1)), expected=dict( failed=dict(memberuser=dict(group=[], user=[])), completed=1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], memberuser_group=[group1], dn=fuzzy_selinuxusermapdn, ), ) ), dict( desc='Add host to %r' % rule1, command=('selinuxusermap_add_host', [rule1], dict(host=host1)), expected=dict( failed=dict(memberhost=dict(hostgroup=[], host=[])), completed=1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], memberhost_host=[host1], memberuser_group=[group1], dn=fuzzy_selinuxusermapdn, ), ) ), ############### # Test enabling and disabling dict( desc='Disable %r' % rule1, command=('selinuxusermap_disable', [rule1], {}), expected=dict( result=True, value=rule1, summary=u'Disabled SELinux User Map "%s"' % rule1, ) ), dict( desc='Disable %r again' % rule1, command=('selinuxusermap_disable', [rule1], {}), expected=errors.AlreadyInactive(), ), dict( desc='Enable %r' % rule1, command=('selinuxusermap_enable', [rule1], {}), expected=dict( result=True, value=rule1, summary=u'Enabled SELinux User Map "%s"' % rule1, ) ), dict( desc='Re-enable %r again' % rule1, command=('selinuxusermap_enable', [rule1], {}), expected=errors.AlreadyActive(), ), # Point to an HBAC Rule dict( desc='Add an HBAC rule to %r that has other members' % rule1, command=( 'selinuxusermap_mod', [rule1], dict(seealso=hbacrule1) ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Remove host from %r' % rule1, command=('selinuxusermap_remove_host', [rule1], dict(host=host1)), expected=dict( failed=dict(memberhost=dict(hostgroup=[], host=[])), completed=1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], memberuser_group=[group1], dn=fuzzy_selinuxusermapdn, ), ) ), dict( desc='Remove group from %r' % rule1, command=('selinuxusermap_remove_user', [rule1], dict(group=group1)), expected=dict( failed=dict(memberuser=dict(group=[], user=[])), completed=1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, ), ) ), dict( desc='Add non-existent HBAC rule to %r' % rule1, command=( 'selinuxusermap_mod', [rule1], dict(seealso=u'notfound') ), expected=errors.NotFound( reason=u'HBAC rule notfound not found'), ), dict( desc='Add an HBAC rule to %r' % rule1, command=( 'selinuxusermap_mod', [rule1], dict(seealso=hbacrule1) ), expected=dict( result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser2], ipaenabledflag=[u'TRUE'], seealso=hbacrule1, ), summary=u'Modified SELinux User Map "%s"' % rule1, value=rule1, ), ), dict( desc='Add user to %r that has HBAC' % rule1, command=('selinuxusermap_add_user', [rule1], dict(user=user1)), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Add host to %r that has HBAC' % rule1, command=('selinuxusermap_add_host', [rule1], dict(host=host1)), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Try to delete HBAC rule pointed to by %r' % rule1, command=('hbacrule_del', [hbacrule1], {}), expected=errors.DependentEntry(key=hbacrule1, label=u'SELinux User Map', dependent=rule1) ), # This tests selinuxusermap-find --hbacrule=<foo> returns an # exact match dict( desc='Try to delete similarly named HBAC rule %r' % hbacrule2, command=('hbacrule_del', [hbacrule2], {}), expected=dict( result=dict(failed=[]), value=[hbacrule2], summary=u'Deleted HBAC rule "%s"' % hbacrule2, ) ), # Test clean up dict( desc='Delete %r' % rule1, command=('selinuxusermap_del', [rule1], {}), expected=dict( result=dict(failed=[]), value=[rule1], summary=u'Deleted SELinux User Map "%s"' % rule1, ) ), dict( desc='Try to delete non-existent %r' % rule1, command=('selinuxusermap_del', [rule1], {}), expected=errors.NotFound( reason=u'%s: SELinux User Map rule not found' % rule1), ), # Some negative tests dict( desc='Create rule with unknown user %r' % rule1, command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'notfound:s0:c0') ), expected=errors.NotFound(reason=u'SELinux user notfound:s0:c0 ' + u'not found in ordering list (in config)'), ), dict( desc='Create rule with invalid user bad+user', command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'bad+user') ), expected=errors.ValidationError( name='selinuxuser', error=u'Invalid SELinux user name, must match {}'.format( platformconstants.SELINUX_USER_REGEX) ), ), dict( desc='Create rule with invalid MLS foo:s{}'.format( platformconstants.SELINUX_MLS_MAX + 1), command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'foo:s{}'.format( platformconstants.SELINUX_MLS_MAX + 1)) ), expected=errors.ValidationError(name='selinuxuser', error=INVALID_MLS), ), dict( desc='Create rule with invalid MCS foo:s0:p88', command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'foo:s0:p88') ), expected=errors.ValidationError(name='selinuxuser', error=INVALID_MCS), ), dict( desc='Create rule with invalid MCS foo:s0:c0.c{}'.format( platformconstants.SELINUX_MCS_MAX + 1), command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'foo:s0-s0:c0.c{}'.format( platformconstants.SELINUX_MCS_MAX + 1)) ), expected=errors.ValidationError(name='selinuxuser', error=INVALID_MCS), ), dict( desc='Create rule with invalid user via setattr', command=( 'selinuxusermap_mod', [rule1], dict(setattr=u'ipaselinuxuser=deny') ), expected=errors.ValidationError(name='ipaselinuxuser', error=INVALID_MLS), ), dict( desc='Create rule with both --hbacrule and --usercat set', command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=selinuxuser1, seealso=hbacrule1, usercategory=u'all') ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Create rule with both --hbacrule and --hostcat set', command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=selinuxuser1, seealso=hbacrule1, hostcategory=u'all') ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Create rule with both --hbacrule ' 'and --usercat set via setattr', command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=selinuxuser1, seealso=hbacrule1, setattr=u'usercategory=all') ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Create rule with both --hbacrule ' 'and --hostcat set via setattr', command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=selinuxuser1, seealso=hbacrule1, setattr=u'hostcategory=all') ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Create rule %r with --hbacrule' % rule1, command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=selinuxuser1, seealso=hbacrule1) ), expected=dict( value=rule1, summary=u'Added SELinux User Map "%s"' % rule1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser1], objectclass=objectclasses.selinuxusermap, ipauniqueid=[fuzzy_uuid], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, seealso=hbacrule1 ), ), ), dict( desc='Add an --usercat to %r that has HBAC set' % rule1, command=( 'selinuxusermap_mod', [rule1], dict(usercategory=u'all') ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Add an --hostcat to %r that has HBAC set' % rule1, command=( 'selinuxusermap_mod', [rule1], dict(hostcategory=u'all') ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Add an usercat via setattr to %r that has HBAC set' % rule1, command=( 'selinuxusermap_mod', [rule1], dict(setattr=u'usercategory=all') ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Add an hostcat via setattr to %r that has HBAC set' % rule1, command=( 'selinuxusermap_mod', [rule1], dict(setattr=u'hostcategory=all') ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Delete %r' % rule1, command=('selinuxusermap_del', [rule1], {}), expected=dict( result=dict(failed=[]), value=[rule1], summary=u'Deleted SELinux User Map "%s"' % rule1, ) ), dict( desc='Create rule %r with usercat and hostcat set' % rule1, command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=selinuxuser1, usercategory=u'all', hostcategory=u'all') ), expected=dict( value=rule1, summary=u'Added SELinux User Map "%s"' % rule1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser1], objectclass=objectclasses.selinuxusermap, ipauniqueid=[fuzzy_uuid], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, usercategory=[u'all'], hostcategory=[u'all'] ), ), ), dict( desc='Add HBAC rule to %r that has usercat and hostcat' % rule1, command=( 'selinuxusermap_mod', [rule1], dict(seealso=hbacrule1) ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Delete %r' % rule1, command=('selinuxusermap_del', [rule1], {}), expected=dict( result=dict(failed=[]), value=[rule1], summary=u'Deleted SELinux User Map "%s"' % rule1, ) ), dict( desc='Create rule %r' % rule1, command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=selinuxuser1) ), expected=dict( value=rule1, summary=u'Added SELinux User Map "%s"' % rule1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser1], objectclass=objectclasses.selinuxusermap, ipauniqueid=[fuzzy_uuid], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, ), ), ), dict( desc='Add HBAC rule, hostcat and usercat to %r' % rule1, command=( 'selinuxusermap_mod', [rule1], dict(seealso=hbacrule1, usercategory=u'all', hostcategory=u'all') ), expected=errors.MutuallyExclusiveError( reason=u'HBAC rule and local members cannot both be set'), ), dict( desc='Delete %r' % rule1, command=('selinuxusermap_del', [rule1], {}), expected=dict( result=dict(failed=[]), value=[rule1], summary=u'Deleted SELinux User Map "%s"' % rule1, ) ), dict( desc='Create rule %r with ' '--setattr=seealso=<allow_all rule DN>' % rule1, command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=selinuxuser1, setattr=u'seealso=%s' % allow_all_rule_dn) ), expected=dict( value=rule1, summary=u'Added SELinux User Map "%s"' % rule1, result=dict( cn=[rule1], ipaselinuxuser=[selinuxuser1], objectclass=objectclasses.selinuxusermap, ipauniqueid=[fuzzy_uuid], ipaenabledflag=[u'TRUE'], dn=fuzzy_selinuxusermapdn, seealso=u'allow_all', ), ), ), dict( desc='Delete %r' % rule1, command=('selinuxusermap_del', [rule1], {}), expected=dict( result=dict(failed=[]), value=[rule1], summary=u'Deleted SELinux User Map "%s"' % rule1, ) ), ]
def get_user_result(uid, givenname, sn, operation='show', omit=[], **overrides): """Get a user result for a user-{add,mod,find,show} command This gives the result as from a user_add(uid, givenname=givenname, sn=sn); modifications to that can be specified in ``omit`` and ``overrides``. The ``operation`` can be one of: - add - show - show-all ((show with the --all flag) - find - mod Attributes named in ``omit`` are removed from the result; any additional or non-default values can be specified in ``overrides``. """ # sn can be None; this should only be used from `get_admin_result` cn = overrides.get('cn', ['%s %s' % (givenname, sn or '')]) cn[0] = cn[0].strip() result = dict( homedirectory=[u'/home/%s' % uid], loginshell=[platformconstants.DEFAULT_SHELL], uid=[uid], uidnumber=[fuzzy_digits], gidnumber=[fuzzy_digits], krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)], krbprincipalname=[u'%s@%s' % (uid, api.env.realm)], mail=[u'%s@%s' % (uid, api.env.domain)], has_keytab=False, has_password=False, ) if sn: result['sn'] = [sn] if givenname: result['givenname'] = [givenname] if operation in ('add', 'show', 'show-all', 'find'): result.update(dn=get_user_dn(uid), ) if operation in ('add', 'show-all'): result.update( cn=cn, displayname=cn, gecos=cn, initials=[givenname[0] + (sn or '')[:1]], ipauniqueid=[fuzzy_uuid], mepmanagedentry=[get_group_dn(uid)], objectclass=fuzzy_set_optional_oc(objectclasses.user, 'ipantuserattrs'), krbprincipalname=[u'%s@%s' % (uid, api.env.realm)], krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)], ) if operation == 'show-all': result.update(ipantsecurityidentifier=[fuzzy_user_or_group_sid], ) if operation in ('show', 'show-all', 'find', 'mod'): result.update(nsaccountlock=False, ) if operation in ('add', 'show', 'show-all', 'mod'): result.update(memberof_group=[u'ipausers'], ) for key in omit: del result[key] result.update(overrides) return result
class test_netgroup(Declarative): """ Test the `netgroup` plugin. """ cleanup_commands = [ ('netgroup_del', [netgroup1], {}), ('netgroup_del', [netgroup2], {}), ('host_del', [host1], {}), ('hostgroup_del', [hostgroup1], {}), ('user_del', [user1], {}), ('user_del', [user2], {}), ('group_del', [group1], {}), ] tests = [ dict( desc='Try to retrieve non-existent %r' % netgroup1, command=('netgroup_show', [netgroup1], {}), expected=errors.NotFound(reason=u'%s: netgroup not found' % netgroup1), ), dict( desc='Try to update non-existent %r' % netgroup1, command=('netgroup_mod', [netgroup1], dict(description=u'Updated hostgroup 1')), expected=errors.NotFound(reason=u'%s: netgroup not found' % netgroup1), ), dict( desc='Try to delete non-existent %r' % netgroup1, command=('netgroup_del', [netgroup1], {}), expected=errors.NotFound(reason=u'%s: netgroup not found' % netgroup1), ), dict( desc='Test an invalid netgroup name %r' % invalidnetgroup1, command=('netgroup_add', [invalidnetgroup1], dict(description=u'Test')), expected=errors.ValidationError( name='name', error=u'may only include letters, numbers, _, -, and .'), ), dict( desc='Test an invalid nisdomain1 name %r' % invalidnisdomain1, command=('netgroup_add', [netgroup1], dict(description=u'Test', nisdomainname=invalidnisdomain1)), expected=errors.ValidationError( name='nisdomain', error='may only include letters, numbers, _, -, and .'), ), dict( desc='Test an invalid nisdomain2 name %r' % invalidnisdomain2, command=('netgroup_add', [netgroup1], dict(description=u'Test', nisdomainname=invalidnisdomain2)), expected=errors.ValidationError( name='nisdomain', error='may only include letters, numbers, _, -, and .'), ), dict( desc='Create %r' % netgroup1, command=('netgroup_add', [netgroup1], dict(description=u'Test netgroup 1')), expected=dict( value=netgroup1, summary=u'Added netgroup "%s"' % netgroup1, result=dict( dn=fuzzy_netgroupdn, cn=[netgroup1], objectclass=objectclasses.netgroup, description=[u'Test netgroup 1'], nisdomainname=['%s' % api.env.domain], ipauniqueid=[fuzzy_uuid], ), ), ), dict( desc='Create %r' % netgroup2, command=('netgroup_add', [netgroup2], dict(description=u'Test netgroup 2')), expected=dict( value=netgroup2, summary=u'Added netgroup "%s"' % netgroup2, result=dict( dn=fuzzy_netgroupdn, cn=[netgroup2], objectclass=objectclasses.netgroup, description=[u'Test netgroup 2'], nisdomainname=['%s' % api.env.domain], ipauniqueid=[fuzzy_uuid], ), ), ), dict( desc='Create netgroup with name containing only one letter: %r' % netgroup_single, command=('netgroup_add', [netgroup_single], dict(description=u'Test netgroup_single')), expected=dict( value=netgroup_single, summary=u'Added netgroup "%s"' % netgroup_single, result=dict( dn=fuzzy_netgroupdn, cn=[netgroup_single], objectclass=objectclasses.netgroup, description=[u'Test netgroup_single'], nisdomainname=['%s' % api.env.domain], ipauniqueid=[fuzzy_uuid], ), ), ), dict( desc='Delete %r' % netgroup_single, command=('netgroup_del', [netgroup_single], {}), expected=dict( value=[netgroup_single], summary=u'Deleted netgroup "%s"' % netgroup_single, result=dict(failed=[]), ), ), dict( desc='Try to create duplicate %r' % netgroup1, command=('netgroup_add', [netgroup1], dict(description=u'Test netgroup 1')), expected=errors.DuplicateEntry( message=u'netgroup with name "%s" already exists' % netgroup1), ), dict( desc='Create host %r' % host1, command=( 'host_add', [host1], dict( description=u'Test host 1', l=u'Undisclosed location 1', force=True, ), ), expected=dict( value=host1, summary=u'Added host "%s"' % host1, result=dict( dn=host_dn1, fqdn=[host1], description=[u'Test host 1'], l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (host1, api.env.realm)], krbcanonicalname=[u'host/%s@%s' % (host1, api.env.realm)], objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[host1], has_keytab=False, has_password=False, ), ), ), dict( desc='Create %r' % hostgroup1, command=('hostgroup_add', [hostgroup1], dict(description=u'Test hostgroup 1')), expected=dict( value=hostgroup1, summary=u'Added hostgroup "%s"' % hostgroup1, result=dict( dn=hostgroup_dn1, cn=[hostgroup1], objectclass=objectclasses.hostgroup, description=[u'Test hostgroup 1'], mepmanagedentry=[ DN(('cn', hostgroup1), ('cn', 'ng'), ('cn', 'alt'), api.env.basedn) ], ipauniqueid=[fuzzy_uuid], ), ), ), dict( desc='Create %r' % user1, command=('user_add', [user1], dict(givenname=u'Test', sn=u'User1')), expected=dict( value=user1, summary=u'Added user "%s"' % user1, result=get_user_result(user1, u'Test', u'User1', 'add'), ), ), dict( desc='Create %r' % user2, command=('user_add', [user2], dict(givenname=u'Test', sn=u'User2')), expected=dict( value=user2, summary=u'Added user "%s"' % user2, result=get_user_result(user2, u'Test', u'User2', 'add'), ), ), dict( desc='Create %r' % group1, command=('group_add', [group1], dict(description=u'Test desc 1')), expected=dict( value=group1, summary=u'Added group "%s"' % group1, result=dict( cn=[group1], description=[u'Test desc 1'], gidnumber=[fuzzy_digits], objectclass=fuzzy_set_optional_oc(objectclasses.posixgroup, 'ipantgroupattrs'), ipauniqueid=[fuzzy_uuid], dn=DN(('cn', group1), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn), ), ), ), dict( desc='Add user %r to group %r' % (user2, group1), command=('group_add_member', [group1], dict(user=user2)), expected=dict( completed=1, failed=dict(member=dict( group=tuple(), user=tuple(), service=tuple(), idoverrideuser=tuple(), ), ), result={ 'dn': DN(('cn', group1), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn), 'member_user': (user2, ), 'gidnumber': [fuzzy_digits], 'cn': [group1], 'description': [u'Test desc 1'], }, ), ), dict( desc='Add invalid host %r to netgroup %r' % (invalidhost, netgroup1), command=('netgroup_add_member', [netgroup1], dict(host=invalidhost)), expected=errors.ValidationError( name='host', error=u"only letters, numbers, '_', '-' are allowed. " + u"DNS label may not start or end with '-'"), ), dict( desc='Add host %r to netgroup %r' % (host1, netgroup1), command=('netgroup_add_member', [netgroup1], dict(host=host1)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, ), ), dict( desc='Add hostgroup %r to netgroup %r' % (hostgroup1, netgroup1), command=('netgroup_add_member', [netgroup1], dict(hostgroup=hostgroup1)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, ), ), dict( desc='Search for netgroups using no_user with members', command=('netgroup_find', [], dict(no_user=user1, no_members=False)), expected=dict( count=2, truncated=False, summary=u'2 netgroups matched', result=[ { 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, { 'dn': fuzzy_netgroupdn, 'cn': [netgroup2], 'description': [u'Test netgroup 2'], 'nisdomainname': [u'%s' % api.env.domain], }, ], ), ), dict( desc='Search for netgroups using no_user', command=('netgroup_find', [], dict(no_user=user1)), expected=dict( count=2, truncated=False, summary=u'2 netgroups matched', result=[ { 'dn': fuzzy_netgroupdn, 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, { 'dn': fuzzy_netgroupdn, 'cn': [netgroup2], 'description': [u'Test netgroup 2'], 'nisdomainname': [u'%s' % api.env.domain], }, ], ), ), dict( desc="Check %r doesn't match when searching for %s" % (netgroup1, user1), command=('netgroup_find', [], dict(user=user1)), expected=dict( count=0, truncated=False, summary=u'0 netgroups matched', result=[], ), ), dict( desc='Add user %r to netgroup %r' % (user1, netgroup1), command=('netgroup_add_member', [netgroup1], dict(user=user1)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, ), ), dict( desc="Check %r doesn't match when searching for no %s" % (netgroup1, user1), command=('netgroup_find', [], dict(no_user=user1)), expected=dict( count=1, truncated=False, summary=u'1 netgroup matched', result=[ { 'dn': fuzzy_netgroupdn, 'cn': [netgroup2], 'description': [u'Test netgroup 2'], 'nisdomainname': [u'%s' % api.env.domain], }, ], ), ), dict( desc='Add group %r to netgroup %r' % (group1, netgroup1), command=('netgroup_add_member', [netgroup1], dict(group=group1)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, ), ), dict( desc='Add netgroup %r to netgroup %r' % (netgroup2, netgroup1), command=('netgroup_add_member', [netgroup1], dict(netgroup=netgroup2)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, ), ), dict( desc='Add non-existent netgroup to netgroup %r' % (netgroup1), command=('netgroup_add_member', [netgroup1], dict(netgroup=u'notfound')), expected=dict( completed=0, failed=dict( member=dict(netgroup=[(u'notfound', u'no such entry')], ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, ), ), dict( desc='Add duplicate user %r to netgroup %r' % (user1, netgroup1), command=('netgroup_add_member', [netgroup1], dict(user=user1)), expected=dict( completed=0, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=[('%s' % user1, u'This entry is already a member') ], ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, ), ), dict( desc='Add duplicate group %r to netgroup %r' % (group1, netgroup1), command=('netgroup_add_member', [netgroup1], dict(group=group1)), expected=dict( completed=0, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=[('%s' % group1, u'This entry is already a member')], user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, ), ), dict( desc='Add duplicate host %r to netgroup %r' % (host1, netgroup1), command=('netgroup_add_member', [netgroup1], dict(host=host1)), expected=dict( completed=0, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=[('%s' % host1, u'This entry is already a member') ], ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, ), ), dict( desc='Add duplicate hostgroup %r to netgroup %r' % (hostgroup1, netgroup1), command=('netgroup_add_member', [netgroup1], dict(hostgroup=hostgroup1)), expected=dict( completed=0, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=[('%s' % hostgroup1, u'This entry is already a member')], host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], }, ), ), dict( desc='Add unknown host %r to netgroup %r' % (unknown_host, netgroup1), command=('netgroup_add_member', [netgroup1], dict(host=unknown_host)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Add invalid host %r to netgroup %r using setattr' % (invalidhost, netgroup1), command=('netgroup_mod', [netgroup1], dict(setattr='externalhost=%s' % invalidhost)), expected=errors.ValidationError( name='externalhost', error=u"only letters, numbers, '_', '-' are allowed. " + u"DNS label may not start or end with '-'"), ), dict(desc='Add unknown host %r to netgroup %r using addattr' % (unknown_host2, netgroup1), command=('netgroup_mod', [netgroup1], dict(addattr='externalhost=%s' % unknown_host2)), expected=dict( value=u'netgroup1', summary=u'Modified netgroup "netgroup1"', result={ 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host, unknown_host2], }, )), dict(desc='Remove unknown host %r from netgroup %r using delattr' % (unknown_host2, netgroup1), command=('netgroup_mod', [netgroup1], dict(delattr='externalhost=%s' % unknown_host2)), expected=dict( value=u'netgroup1', summary=u'Modified netgroup "netgroup1"', result={ 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, )), dict( desc='Retrieve %r' % netgroup1, command=('netgroup_show', [netgroup1], {}), expected=dict( value=netgroup1, summary=None, result={ 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Search for %r with members' % netgroup1, command=('netgroup_find', [], dict(cn=netgroup1, no_members=False)), expected=dict( count=1, truncated=False, summary=u'1 netgroup matched', result=[ { 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ], ), ), dict( desc='Search for %r' % netgroup1, command=('netgroup_find', [], dict(cn=netgroup1)), expected=dict( count=1, truncated=False, summary=u'1 netgroup matched', result=[ { 'dn': fuzzy_netgroupdn, 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ], ), ), dict( desc='Search for %r using user with members' % netgroup1, command=('netgroup_find', [], dict(user=user1, no_members=False)), expected=dict( count=1, truncated=False, summary=u'1 netgroup matched', result=[ { 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ], ), ), dict( desc='Search for %r using user' % netgroup1, command=('netgroup_find', [], dict(user=user1)), expected=dict( count=1, truncated=False, summary=u'1 netgroup matched', result=[ { 'dn': fuzzy_netgroupdn, 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ], ), ), dict( desc=('Search for all netgroups using empty member user with ' 'members'), command=('netgroup_find', [], dict(user=None, no_members=False)), expected=dict( count=2, truncated=False, summary=u'2 netgroups matched', result=[ { 'dn': fuzzy_netgroupdn, 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, { 'dn': fuzzy_netgroupdn, 'memberof_netgroup': (netgroup1, ), 'cn': [netgroup2], 'description': [u'Test netgroup 2'], 'nisdomainname': [u'%s' % api.env.domain], }, ], ), ), dict( desc='Search for all netgroups using empty member user', command=('netgroup_find', [], dict(user=None)), expected=dict( count=2, truncated=False, summary=u'2 netgroups matched', result=[ { 'dn': fuzzy_netgroupdn, 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, { 'dn': fuzzy_netgroupdn, 'cn': [netgroup2], 'description': [u'Test netgroup 2'], 'nisdomainname': [u'%s' % api.env.domain], }, ], ), ), dict( desc='Update %r' % netgroup1, command=('netgroup_mod', [netgroup1], dict(description=u'Updated netgroup 1')), expected=dict( value=netgroup1, summary=u'Modified netgroup "%s"' % netgroup1, result={ 'memberhost_host': (host1, ), 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Remove host %r from netgroup %r' % (host1, netgroup1), command=('netgroup_remove_member', [netgroup1], dict(host=host1)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberhost_hostgroup': (hostgroup1, ), 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Remove hostgroup %r from netgroup %r' % (hostgroup1, netgroup1), command=('netgroup_remove_member', [netgroup1], dict(hostgroup=hostgroup1)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberuser_user': (user1, ), 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Remove user %r from netgroup %r' % (user1, netgroup1), command=('netgroup_remove_member', [netgroup1], dict(user=user1)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'memberuser_group': (group1, ), 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Remove group %r from netgroup %r' % (group1, netgroup1), command=('netgroup_remove_member', [netgroup1], dict(group=group1)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'member_netgroup': (netgroup2, ), 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Remove netgroup %r from netgroup %r' % (netgroup2, netgroup1), command=('netgroup_remove_member', [netgroup1], dict(netgroup=netgroup2)), expected=dict( completed=1, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Remove host %r from netgroup %r again' % (host1, netgroup1), command=('netgroup_remove_member', [netgroup1], dict(host=host1)), expected=dict( completed=0, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict(hostgroup=tuple(), host=[('%s' % host1, u'This entry is not a member')]), ), result={ 'dn': fuzzy_netgroupdn, 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Remove hostgroup %r from netgroup %r again' % (hostgroup1, netgroup1), command=('netgroup_remove_member', [netgroup1], dict(hostgroup=hostgroup1)), expected=dict( completed=0, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=[('%s' % hostgroup1, u'This entry is not a member')], host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Remove user %r from netgroup %r again' % (user1, netgroup1), command=('netgroup_remove_member', [netgroup1], dict(user=user1)), expected=dict( completed=0, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=tuple(), user=[('%s' % user1, u'This entry is not a member')], ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Remove group %r from netgroup %r again' % (group1, netgroup1), command=('netgroup_remove_member', [netgroup1], dict(group=group1)), expected=dict( completed=0, failed=dict( member=dict(netgroup=tuple(), ), memberuser=dict( group=[('%s' % group1, u'This entry is not a member')], user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Remove netgroup %r from netgroup %r again' % (netgroup2, netgroup1), command=('netgroup_remove_member', [netgroup1], dict(netgroup=netgroup2)), expected=dict( completed=0, failed=dict( member=dict(netgroup=[('%s' % netgroup2, u'This entry is not a member')], ), memberuser=dict( group=tuple(), user=tuple(), ), memberhost=dict( hostgroup=tuple(), host=tuple(), ), ), result={ 'dn': fuzzy_netgroupdn, 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], 'externalhost': [unknown_host], }, ), ), dict( desc='Delete %r' % netgroup1, command=('netgroup_del', [netgroup1], {}), expected=dict( value=[netgroup1], summary=u'Deleted netgroup "%s"' % netgroup1, result=dict(failed=[]), ), ), ]
class test_trustconfig(Declarative): @pytest.fixture(autouse=True, scope="class") def trustconfig_setup(self, declarative_setup): if not api.Backend.rpcclient.isconnected(): api.Backend.rpcclient.connect() try: api.Command['trustconfig_show'](trust_type=u'ad') except errors.NotFound: pytest.skip('Trusts are not configured') cleanup_commands = [ ('group_del', [testgroup], {}), ('trustconfig_mod', [], { 'trust_type': u'ad', 'ipantfallbackprimarygroup': default_group }), ] tests = [ dict( desc='Retrieve trust configuration for AD domains', command=('trustconfig_show', [], { 'trust_type': u'ad' }), expected={ 'value': u'ad', 'summary': None, 'result': { 'dn': trustconfig_ad_config, 'cn': [api.env.domain], 'ipantdomainguid': [fuzzy_guid], 'ipantfallbackprimarygroup': [default_group], 'ipantflatname': [fuzzy_string], 'ipantsecurityidentifier': [fuzzy_domain_sid], 'ad_trust_agent_server': [api.env.host], 'ad_trust_controller_server': [api.env.host] }, }, ), dict( desc='Retrieve trust configuration for AD domains with --raw', command=('trustconfig_show', [], { 'trust_type': u'ad', 'raw': True }), expected={ 'value': u'ad', 'summary': None, 'result': { 'dn': trustconfig_ad_config, 'cn': [api.env.domain], 'ipantdomainguid': [fuzzy_guid], 'ipantfallbackprimarygroup': [default_group_dn], 'ipantflatname': [fuzzy_string], 'ipantsecurityidentifier': [fuzzy_domain_sid] }, }, ), dict( desc='Create auxiliary group %r' % testgroup, command=('group_add', [testgroup], dict(description=u'Test group')), expected=dict( value=testgroup, summary=u'Added group "%s"' % testgroup, result=dict( cn=[testgroup], description=[u'Test group'], gidnumber=[fuzzy_digits], objectclass=fuzzy_set_optional_oc(objectclasses.posixgroup, 'ipantgroupattrs'), ipauniqueid=[fuzzy_uuid], dn=testgroup_dn, ), ), ), dict(desc='Try to change primary fallback group to nonexistent group', command=('trustconfig_mod', [], { 'trust_type': u'ad', 'ipantfallbackprimarygroup': u'doesnotexist' }), expected=errors.NotFound(reason=u'%s: group not found' % 'doesnotexist')), dict( desc='Try to change primary fallback group to nonexistent group DN', command=('trustconfig_mod', [], { 'trust_type': u'ad', 'ipantfallbackprimarygroup': u'cn=doesnotexist,dc=test' }), expected=errors.NotFound(reason=u'%s: group not found' % 'cn=doesnotexist,dc=test')), dict( desc='Change primary fallback group to "%s"' % testgroup, command=('trustconfig_mod', [], { 'trust_type': u'ad', 'ipantfallbackprimarygroup': testgroup }), expected={ 'value': u'ad', 'summary': u'Modified "ad" trust configuration', 'result': { 'cn': [api.env.domain], 'ipantdomainguid': [fuzzy_guid], 'ipantfallbackprimarygroup': [testgroup], 'ipantflatname': [fuzzy_string], 'ipantsecurityidentifier': [fuzzy_domain_sid], 'ad_trust_agent_server': [api.env.host], 'ad_trust_controller_server': [api.env.host] }, }, ), dict( desc='Change primary fallback group back to "%s" using DN' % default_group, command=('trustconfig_mod', [], { 'trust_type': u'ad', 'ipantfallbackprimarygroup': unicode(default_group_dn) }), expected={ 'value': u'ad', 'summary': u'Modified "ad" trust configuration', 'result': { 'cn': [api.env.domain], 'ipantdomainguid': [fuzzy_guid], 'ipantfallbackprimarygroup': [default_group], 'ipantflatname': [fuzzy_string], 'ipantsecurityidentifier': [fuzzy_domain_sid], 'ad_trust_agent_server': [api.env.host], 'ad_trust_controller_server': [api.env.host] }, }, ), ]
class test_batch(Declarative): cleanup_commands = [ ('group_del', [group1], {}), ] tests = [ dict( desc='Batch ping', command=('batch', [dict(method=u'ping', params=([], {}))], {}), expected=dict(count=1, results=[ dict(summary=Fuzzy('IPA server version .*'), error=None), ]), ), dict( desc='Batch two pings', command=('batch', [dict(method=u'ping', params=([], {}))] * 2, {}), expected=dict(count=2, results=[ dict(summary=Fuzzy('IPA server version .*'), error=None), dict(summary=Fuzzy('IPA server version .*'), error=None), ]), ), dict( desc='Create and deleting a group', command=('batch', [ dict(method=u'group_add', params=([group1], dict(description=u'Test desc 1'))), dict(method=u'group_del', params=([group1], dict())), ], {}), expected=dict( count=2, results=deepequal_list( dict(value=group1, summary=u'Added group "testgroup1"', result=dict( cn=[group1], description=[u'Test desc 1'], objectclass=fuzzy_set_optional_oc( objectclasses.posixgroup, 'ipantgroupattrs'), ipauniqueid=[fuzzy_uuid], gidnumber=[fuzzy_digits], dn=DN(('cn', 'testgroup1'), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn), ), error=None), dict(summary=u'Deleted group "%s"' % group1, result=dict(failed=[]), value=[group1], error=None), ), ), ), dict( desc='Try to delete nonexistent group twice', command=('batch', [ dict(method=u'group_del', params=([group1], dict())), dict(method=u'group_del', params=([group1], dict())), ], {}), expected=dict( count=2, results=[ dict( error=u'%s: group not found' % group1, error_name=u'NotFound', error_code=4001, error_kw=dict(reason=u'%s: group not found' % group1, ), ), dict( error=u'%s: group not found' % group1, error_name=u'NotFound', error_code=4001, error_kw=dict(reason=u'%s: group not found' % group1, ), ), ], ), ), dict( desc='Try to delete non-existent group first, then create it', command=('batch', [ dict(method=u'group_del', params=([group1], dict())), dict(method=u'group_add', params=([group1], dict(description=u'Test desc 1'))), ], {}), expected=dict( count=2, results=deepequal_list( dict( error=u'%s: group not found' % group1, error_name=u'NotFound', error_code=4001, error_kw=dict(reason=u'%s: group not found' % group1, ), ), dict(value=group1, summary=u'Added group "testgroup1"', result=dict( cn=[group1], description=[u'Test desc 1'], objectclass=fuzzy_set_optional_oc( objectclasses.posixgroup, 'ipantgroupattrs'), ipauniqueid=[fuzzy_uuid], gidnumber=[fuzzy_digits], dn=DN(('cn', 'testgroup1'), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn), ), error=None), ), ), ), dict( desc='Try bad command invocations', command=( 'batch', [ # bad command name dict(method=u'nonexistent_ipa_command', params=([], dict())), # dash, not underscore, in command name dict(method=u'user-del', params=([], dict())), # missing command name dict(params=([group1], dict())), # missing params dict(method=u'user_del'), # missing required argument dict(method=u'user_add', params=([], dict())), # missing required option dict(method=u'user_add', params=([], dict(givenname=first1))), # bad type dict(method=u'group_add', params=([group1], dict(description=u't', gidnumber=u'bad'))), ], {}), expected=dict( count=7, results=deepequal_list( dict( error=u"unknown command 'nonexistent_ipa_command'", error_name=u'CommandError', error_code=905, error_kw=dict(name=u'nonexistent_ipa_command', ), ), dict( error=u"unknown command 'user-del'", error_name=u'CommandError', error_code=905, error_kw=dict(name=u'user-del', ), ), dict( error=u"'method' is required", error_name=u'RequirementError', error_code=3007, error_kw=dict(name=u'method', ), ), dict( error=u"'params' is required", error_name=u'RequirementError', error_code=3007, error_kw=dict(name=u'params', ), ), dict( error=u"'givenname' is required", error_name=u'RequirementError', error_code=3007, error_kw=dict(name=u'givenname', ), ), dict( error=u"'sn' is required", error_name=u'RequirementError', error_code=3007, error_kw=dict(name=u'sn', ), ), dict( error=Fuzzy(u"invalid 'gid'.*"), error_name=u'ConversionError', error_code=3008, error_kw=dict( name=u'gid', error=Fuzzy(u'.*'), ), ), ), ), ), ]