def test_delete_nonexistent(self, sudocmdgroup1, sudocmdgroup2):
""" Try to delete non-existent sudocmdgroups """
sudocmdgroup1.ensure_missing()
command = sudocmdgroup1.make_delete_command()
with raises_exact(errors.NotFound(
reason=u'%s: sudo command group not found' %
sudocmdgroup1.cn)):
command()
sudocmdgroup2.ensure_missing()
command = sudocmdgroup2.make_delete_command()
with raises_exact(errors.NotFound(
reason=u'%s: sudo command group not found' %
sudocmdgroup2.cn)):
command()
def test_update_nonexistent(self, sudocmdgroup1, sudocmdgroup2):
""" Try to update non-existent sudocmdgroups """
sudocmdgroup1.ensure_missing()
command = sudocmdgroup1.make_update_command(dict(description=u'Foo'))
with raises_exact(errors.NotFound(
reason=u'%s: sudo command group not found' %
sudocmdgroup1.cn)):
command()
sudocmdgroup2.ensure_missing()
command = sudocmdgroup2.make_update_command(dict(description=u'Foo2'))
with raises_exact(errors.NotFound(
reason=u'%s: sudo command group not found' %
sudocmdgroup2.cn)):
command()
def test_create_duplicates(self, sudocmd1, sudocmd2):
""" Try to create duplicate sudocmds """
sudocmd1.ensure_exists()
sudocmd2.ensure_exists()
command1 = sudocmd1.make_create_command()
command2 = sudocmd2.make_create_command()
with raises_exact(errors.DuplicateEntry(
message=u'sudo command with name "%s" already exists' %
sudocmd1.cmd)):
command1()
with raises_exact(errors.DuplicateEntry(
message=u'sudo command with name "%s" already exists' %
sudocmd2.cmd)):
command2()
def test_create_with_nonexistent_group(self, automember_group, group1):
""" Try to add a rule with non-existent group """
group1.ensure_missing()
command = automember_group.make_create_command()
with raises_exact(errors.NotFound(
reason=u'group "%s" not found' % group1.cn)):
command()
def test_update_nonexistent(self, location):
location.ensure_missing()
command = location.make_update_command(updates=dict(
description=u'Nope'))
with raises_exact(errors.NotFound(
reason=u'%s: location not found' % location.idnsname)):
command()
def test_update_nonexistent(self, host):
host.ensure_missing()
command = host.make_update_command(
updates=dict(description=u'Nope'))
with raises_exact(errors.NotFound(
reason=u'%s: host not found' % host.fqdn)):
command()
def test_create_duplicate(self, location):
location.ensure_exists()
command = location.make_create_command()
with raises_exact(errors.DuplicateEntry(
message=u'location with name "%s" already exists' %
location.idnsname)):
command()
def test_validation_disabled_on_show(self):
""" Test that validation is disabled on user retrieves """
tracker = Tracker()
command = tracker.make_command('user_show', invaliduser1)
with raises_exact(errors.NotFound(
reason=u'%s: user not found' % invaliduser1)):
command()
def test_create_duplicate(self, stageduser):
stageduser.ensure_exists()
command = stageduser.make_create_command()
with raises_exact(errors.DuplicateEntry(
message=u'stage user with name "%s" already exists' %
stageduser.uid)):
command()
def test_update_nonexistent(self, stageduser):
stageduser.ensure_missing()
command = stageduser.make_update_command(
updates=dict(givenname=u'changed'))
with raises_exact(errors.NotFound(
reason=u'%s: stage user not found' % stageduser.uid)):
command()
def test_try_illegal_ssh_pubkey(self, host):
host.ensure_exists()
command = host.make_update_command(
updates=dict(ipasshpubkey=[u'no-pty %s' % sshpubkey]))
with raises_exact(errors.ValidationError(
name='sshpubkey', error=u'options are not allowed')):
command()
def test_create_with_attr(self, stageduser2, user, user_activated):
""" Tests creating a user with various valid attributes listed
in 'options_ok' list"""
# create staged user with specified parameters
user.ensure_exists() # necessary for manager test
stageduser2.ensure_missing()
command = stageduser2.make_create_command()
result = command()
stageduser2.track_create()
stageduser2.check_create(result)
# activate user, verify that specified values were preserved
# after activation
user_activated.ensure_missing()
user_activated = UserTracker(
stageduser2.uid, stageduser2.givenname,
stageduser2.sn, **stageduser2.kwargs)
user_activated.create_from_staged(stageduser2)
command = stageduser2.make_activate_command()
result = command()
user_activated.check_activate(result)
# verify the staged user does not exist after activation
command = stageduser2.make_retrieve_command()
with raises_exact(errors.NotFound(
reason=u'%s: stage user not found' % stageduser2.uid)):
command()
user_activated.delete()
def test_rename_admins_using_setattr(self, admins):
""" Try to rename the protected admins group using setattr """
command = admins.make_command('group_mod', *[admins.cn],
**dict(setattr=u'cn=%s' % renamedgroup1))
with raises_exact(errors.ProtectedEntryError(label=u'group',
key=admins.cn, reason='Cannot be renamed')):
command()
def test_delete_nonexistent(self, user):
""" Try to delete a non-existent user """
user.ensure_missing()
command = user.make_delete_command()
with raises_exact(errors.NotFound(
reason=u'%s: user not found' % user.uid)):
command()
def test_update_gid_string(self, stageduser):
stageduser.ensure_exists()
command = stageduser.make_update_command(
updates={u'gidnumber': u'text'})
with raises_exact(errors.ConversionError(
message=u'invalid \'gidnumber\': must be an integer')):
command()
def test_create_uid_negative(self, stageduser):
stageduser.ensure_missing()
command = stageduser.make_create_command(
options={u'uidnumber': u'-123'})
with raises_exact(errors.ValidationError(
message=u'invalid \'uid\': must be at least 1')):
command()
def test_enable_preserved(self, user):
user.make_preserved_user()
command = user.make_enable_command()
with raises_exact(errors.MidairCollision(
message=u'change collided with another change')):
command()
user.delete()
def test_update_gid_negative(self, stageduser):
stageduser.ensure_exists()
command = stageduser.make_update_command(
updates={u'gidnumber': u'-123'})
with raises_exact(errors.ValidationError(
message=u'invalid \'gidnumber\': must be at least 1')):
command()
def test_try_rename_by_setattr(self, default_profile):
command = default_profile.make_update_command(
updates=dict(setattr=u'cn=bogus'))
errmsg = RENAME_ERR_TEMPL.format(default_profile.name)
with raises_exact(errors.ProtectedEntryError(message=errmsg)):
command()
def test_create_duplicate(self, user_profile):
msg = u'Certificate Profile with name "{}" already exists'
user_profile.ensure_exists()
command = user_profile.make_create_command()
with raises_exact(errors.DuplicateEntry(
message=msg.format(user_profile.name))):
command()
def test_delete_nonexistent(self, hostgroup):
""" Try to delete non-existent hostgroup """
hostgroup.ensure_missing()
command = hostgroup.make_delete_command()
with raises_exact(errors.NotFound(
reason=u'%s: host group not found' % hostgroup.cn)):
command()
def test_convert_posix_to_external(self, group):
""" Try to convert a posix group to external """
command = group.make_update_command(dict(external=True))
with raises_exact(errors.PosixGroupViolation(
reason=u"""This is already a posix group and cannot
be converted to external one""")):
command()
def test_create_uid_string(self, stageduser):
stageduser.ensure_missing()
command = stageduser.make_create_command(
options={u'uidnumber': u'text'})
with raises_exact(errors.ConversionError(
message=u'invalid \'uid\': must be an integer')):
command()
def test_delete_nonexistent(self, group):
""" Try to delete a non-existent user """
group.ensure_missing()
command = group.make_delete_command()
with raises_exact(errors.NotFound(
reason=u'%s: group not found' % group.cn)):
command()
def test_create_long_uid(self):
invalid = StageUserTracker(invaliduser2, u'invalid', u'user')
command = invalid.make_create_command()
with raises_exact(errors.ValidationError(
name='login',
error=u"can be at most 32 characters")):
command()
def test_rename_trust_admins(self, trustadmins):
""" Try to rename the protected 'trust admins' group """
command = trustadmins.make_command('group_mod', *[trustadmins.cn],
**dict(rename=renamedgroup1))
with raises_exact(errors.ProtectedEntryError(label=u'group',
key=trustadmins.cn, reason='Cannot be renamed')):
command()
def test_create_invalid_uid(self):
invalid = StageUserTracker(invaliduser1, u'invalid', u'user')
command = invalid.make_create_command()
with raises_exact(errors.ValidationError(
name='login',
error=u"may only include letters, numbers, _, -, . and $")):
command()
def test_delete_with_nonexistent_group(self, automember_group, group1):
""" Try to delete a rule with non-existent group """
group1.ensure_missing()
command = automember_group.make_delete_command()
with raises_exact(errors.NotFound(
reason=u': Automember rule not found')):
command()
def test_try_validate_create(self, invalid_host):
command = invalid_host.make_create_command()
with raises_exact(errors.ValidationError(
name='hostname',
error=u"invalid domain-name: only letters, numbers, '-' are " +
u"allowed. DNS label may not start or end with '-'")):
command()
def test_rebuild_membership_with_invalid_user_in_users(self,
automember_group):
""" Try to rebuild membership with invalid user in --users """
command = automember_group.make_rebuild_command(
users=user_does_not_exist)
with raises_exact(errors.NotFound(
reason=u'%s: user not found' % user_does_not_exist)):
command()
def test_delete_bogus_attribute(self, user):
""" Try deleting bogus attribute """
command = user.make_command('config_mod',
**dict(delattr=u'bogusattribute=xyz'))
with raises_exact(
errors.ValidationError(
name='bogusattribute',
error='No such attribute on this entry')):
command()
def test_update_nonexistent(self, hostgroup):
""" Try to update non-existent hostgroup """
hostgroup.ensure_missing()
command = hostgroup.make_update_command(
dict(description=u'Updated hostgroup 1')
)
with raises_exact(errors.NotFound(
reason=u'%s: host group not found' % hostgroup.cn)):
command()
def test_add_a_new_cert_subject_base_config_entry(self, user):
""" Try adding a new cert subject base config entry """
command = user.make_command(
'config_mod',
**dict(addattr=u'ipacertificatesubjectbase=0=DOMAIN.COM'))
with raises_exact(
errors.ValidationError(name='ipacertificatesubjectbase',
error='attribute is not configurable')):
command()
def test_rebuild_membership_with_invalid_user_in_users(
self, automember_group):
""" Try to rebuild membership with invalid user in --users """
command = automember_group.make_rebuild_command(
users=user_does_not_exist)
with raises_exact(
errors.NotFound(reason=u'%s: user not found' %
user_does_not_exist)):
command()
def test_update_nonexistent(self, idp):
""" Try to update a non-existent idp """
idp.ensure_missing()
command = idp.make_update_command(updates=dict(
ipaidpclientid='idpclient2'))
with raises_exact(
errors.NotFound(
reason='%s: Identity Provider server not found' % idp.cn)):
command()
def test_create_duplicate(self, sudocmdgroup1):
""" Try to create duplicate sudocmdgroup """
sudocmdgroup1.ensure_exists()
command = sudocmdgroup1.make_create_command()
with raises_exact(
errors.DuplicateEntry(
message=u'sudo command group ' +
u'with name "%s" already exists' % sudocmdgroup1.cn)):
command()
def test_add_with_invalid_name(self, group):
""" Try to add group with an invalid name """
command = group.make_command(
'group_add', *[invalidgroup1], **dict(description=u'Test')
)
with raises_exact(errors.ValidationError(
name='group_name',
error=u'may only include letters, numbers, _, -, . and $')):
command()
def test_del_dependent_sudocmd_sudorule_deny(self, sudocmd1, sudorule1):
""" Try to delete sudocmd that is in sudorule deny list """
sudocmd1.ensure_exists()
command = sudocmd1.make_delete_command()
with raises_exact(
errors.DependentEntry(key=sudocmd1.cmd,
label='sudorule',
dependent=sudorule1)):
command()
def test_rename_trust_admins(self, trustadmins):
""" Try to rename the protected 'trust admins' group """
command = trustadmins.make_command('group_mod', *[trustadmins.cn],
**dict(rename=renamedgroup1))
with raises_exact(
errors.ProtectedEntryError(label=u'group',
key=trustadmins.cn,
reason='Cannot be renamed')):
command()
def test_rebuild_membership_hosts_group(self, automember_hostgroup, user1,
host1):
""" Try to issue rebuild membership command with type --users and
hosts specified """
command = automember_hostgroup.make_rebuild_command(hosts=host1.fqdn,
type=u'group')
with raises_exact(errors.MutuallyExclusiveError(
reason=u"hosts cannot be set when type is 'group'")):
command()
def test_add_nonexistent_location_to_server(self, server):
nonexistent_loc = DNSName(u'nonexistent-location')
command = server.make_update_command(
updates=dict(ipalocation_location=nonexistent_loc, ))
with raises_exact(
errors.NotFound(
reason=u"{location}: location not found".format(
location=nonexistent_loc))):
command()
def test_rebuild_membership_users_hostgroup(self, automember_hostgroup,
user1):
""" Try to issue rebuild membership command with type --hosts and
users specified """
command = automember_hostgroup.make_rebuild_command(users=user1.name,
type=u'hostgroup')
with raises_exact(errors.MutuallyExclusiveError(
reason=u"users cannot be set when type is 'hostgroup'")):
command()
def test_rebuild_membership_user_hosts(self, automember_hostgroup, user1,
host1):
""" Try to issue rebuild membership command with --users and --hosts
together """
command = automember_hostgroup.make_rebuild_command(users=user1.name,
hosts=host1.fqdn)
with raises_exact(errors.MutuallyExclusiveError(
reason=u'users and hosts cannot both be set')):
command()
def test_try_validate_create(self, invalid_host):
command = invalid_host.make_create_command()
with raises_exact(
errors.ValidationError(
name='hostname',
error=
u"invalid domain-name: only letters, numbers, '-' are " +
u"allowed. DNS label may not start or end with '-'")):
command()
def test_create_duplicate_hostgroup(self, hostgroup):
""" Try to create duplicate hostgroup """
hostgroup.ensure_exists()
command = hostgroup.make_create_command()
with raises_exact(
errors.DuplicateEntry(
message=u'host group with name "%s" already exists' %
hostgroup.cn)):
command()
def test_rename_admins_using_setattr(self, admins):
""" Try to rename the protected admins group using setattr """
command = admins.make_command('group_mod', *[admins.cn],
**dict(setattr=u'cn=%s' % renamedgroup1))
with raises_exact(
errors.ProtectedEntryError(label=u'group',
key=admins.cn,
reason='Cannot be renamed')):
command()
def test_invalid_name(self, hostgroup_invalid):
""" Test an invalid hostgroup name """
hostgroup_invalid.ensure_missing()
command = hostgroup_invalid.make_create_command()
with raises_exact(
errors.ValidationError(
name='hostgroup_name',
error=u'may only include letters, numbers, _, -, and .')):
command()
def test_remove_all_admins_from_admins(self, admins, user):
""" Try to remove both original and our admin from admins group """
command = admins.make_remove_member_command(
dict(user=[u'admin', user.uid]))
with raises_exact(
errors.LastMemberError(key=u'admin',
label=u'group',
container=admins.cn)):
command()
def test_delete_detached_managed(self, managed_group, user):
""" Delete a previously managed group that is now detached
and verify it's really gone """
managed_group.delete()
command = managed_group.make_retrieve_command()
with raises_exact(errors.NotFound(
reason=u'%s: group not found' % managed_group.cn)):
command()
user.ensure_missing()
def test_rename_nonexistent(self, idp, renamedidp):
""" Try to rename a non-existent idp """
idp.ensure_missing()
command = idp.make_update_command(updates=dict(setattr='cn=%s' %
renamedidp.cn))
with raises_exact(
errors.NotFound(
reason='%s: Identity Provider server not found' % idp.cn)):
command()
def test_create_invalid_uid(self):
invalid = StageUserTracker(invaliduser1, u'invalid', u'user')
command = invalid.make_create_command()
with raises_exact(
errors.ValidationError(
name='login',
error=u"may only include letters, numbers, _, -, . and $")
):
command()
def test_create_krbprincipal_malformed(self, stageduser):
stageduser.ensure_missing()
command = stageduser.make_create_command(
options={u'krbprincipalname': invalidrealm2})
with raises_exact(
errors.ConversionError(
name='principal',
error="Malformed principal: '{}'".format(invalidrealm2))):
command()
def test_rebuild_membership_hosts_incorrectly(self, automember_hostgroup):
""" Try to issue rebuild automember command without 'type' parameter
"""
command = automember_hostgroup.make_rebuild_command()
with raises_exact(
errors.MutuallyExclusiveError(
reason=u'at least one of options: '
'type, users, hosts must be specified')):
command()
def test_create_krbprincipal_bad_realm(self, stageduser):
stageduser.ensure_missing()
command = stageduser.make_create_command(
options={u'krbprincipalname': invalidrealm1})
with raises_exact(
errors.RealmMismatch(
message=u'The realm for the principal does not match '
'the realm for this IPA server')):
command()
def test_delete_with_nonexistent_hostgroup(self, automember_hostgroup,
hostgroup1):
""" Try to delete a rule with non-existent group """
hostgroup1.ensure_missing()
command = automember_hostgroup.make_delete_command()
with raises_exact(
errors.NotFound(reason=u'%s: Automember rule not found' %
hostgroup1.cn)):
command()
def test_create_where_managed_group_exists(self, user, group):
""" Create a managed group and then try to create user
with the same name the group has """
group.create()
command = user.make_command(
'user_add', group.cn, **dict(givenname=u'Test', sn=u'User1')
)
with raises_exact(errors.ManagedGroupExistsError(group=group.cn)):
command()
def test_rebuild_membership_with_invalid_hosts_in_hosts(
self, automember_hostgroup):
""" Try to rebuild membership with invalid host in --hosts """
command = automember_hostgroup.make_rebuild_command(
hosts=fqdn_does_not_exist)
with raises_exact(
errors.NotFound(reason=u'%s: host not found' %
fqdn_does_not_exist)):
command()
def test_find_orphan_automember_rules(self, hostgroup1):
""" Remove hostgroup1, find and remove obsolete automember rules. """
# Remove hostgroup1
hostgroup1.ensure_missing()
# Test rebuild (is failing)
# rebuild fails if 389-ds is older than 1.4.0.22 where unmembering
# feature was implemented: https://pagure.io/389-ds-base/issue/50077
if not have_ldap2:
pytest.skip('server plugin not available')
ldap = ldap2(api)
ldap.connect()
rootdse = ldap.get_entry(DN(''), ['vendorVersion'])
version = rootdse.single_value.get('vendorVersion')
# The format of vendorVersion is the following:
# 389-Directory/1.3.8.4 B2019.037.1535
# Extract everything between 389-Directory/ and ' B'
mo = re.search(r'389-Directory/(.*) B', version)
vendor_version = parse_version(mo.groups()[0])
expected_failure = vendor_version < parse_version('1.4.0.22')
try:
api.Command['automember_rebuild'](type=u'hostgroup')
except errors.DatabaseError:
rebuild_failure = True
else:
rebuild_failure = False
if expected_failure != rebuild_failure:
pytest.fail("unexpected result for automember_rebuild with "
"an orphan automember rule")
# Find obsolete automember rules
result = api.Command['automember_find_orphans'](type=u'hostgroup')
assert result['count'] == 1
# Find and remove obsolete automember rules
result = api.Command['automember_find_orphans'](type=u'hostgroup',
remove=True)
assert result['count'] == 1
# Find obsolete automember rules
result = api.Command['automember_find_orphans'](type=u'hostgroup')
assert result['count'] == 0
# Test rebuild (may not be failing)
try:
api.Command['automember_rebuild'](type=u'hostgroup')
except errors.DatabaseError:
assert False
# Final cleanup of automember rule if it still exists
with raises_exact(
errors.NotFound(reason=u'%s: Automember rule not found' %
hostgroup1.cn)):
api.Command['automember_del'](hostgroup1.cn, type=u'hostgroup')
def test_active_same_as_preserved(self, user4, user5):
user4.ensure_missing()
user5.make_preserved_user()
command = user4.make_create_command()
with raises_exact(
errors.DuplicateEntry(
message=u'user with name "%s" already exists' %
user4.uid)):
command()
user5.delete()
def test_preserved_manager(self, user, user3):
user.ensure_exists()
user3.make_preserved_user()
command = user.make_update_command(updates=dict(manager=user3.uid))
with raises_exact(
errors.NotFound(reason=u'manager %s not found' % user3.uid)):
command()
user3.delete()