def test_delete_nonexistent(self, sudocmdgroup1, sudocmdgroup2):
        """ Try to delete non-existent sudocmdgroups """
        sudocmdgroup1.ensure_missing()
        command = sudocmdgroup1.make_delete_command()
        with raises_exact(errors.NotFound(
                reason=u'%s: sudo command group not found' %
                sudocmdgroup1.cn)):
            command()

        sudocmdgroup2.ensure_missing()
        command = sudocmdgroup2.make_delete_command()
        with raises_exact(errors.NotFound(
                reason=u'%s: sudo command group not found' %
                sudocmdgroup2.cn)):
            command()
    def test_update_nonexistent(self, sudocmdgroup1, sudocmdgroup2):
        """ Try to update non-existent sudocmdgroups """
        sudocmdgroup1.ensure_missing()
        command = sudocmdgroup1.make_update_command(dict(description=u'Foo'))
        with raises_exact(errors.NotFound(
                reason=u'%s: sudo command group not found' %
                sudocmdgroup1.cn)):
            command()

        sudocmdgroup2.ensure_missing()
        command = sudocmdgroup2.make_update_command(dict(description=u'Foo2'))
        with raises_exact(errors.NotFound(
                reason=u'%s: sudo command group not found' %
                sudocmdgroup2.cn)):
            command()
    def test_create_duplicates(self, sudocmd1, sudocmd2):
        """ Try to create duplicate sudocmds """
        sudocmd1.ensure_exists()
        sudocmd2.ensure_exists()
        command1 = sudocmd1.make_create_command()
        command2 = sudocmd2.make_create_command()

        with raises_exact(errors.DuplicateEntry(
                message=u'sudo command with name "%s" already exists' %
                sudocmd1.cmd)):
            command1()
        with raises_exact(errors.DuplicateEntry(
                message=u'sudo command with name "%s" already exists' %
                sudocmd2.cmd)):
            command2()
 def test_create_with_nonexistent_group(self, automember_group, group1):
     """ Try to add a rule with non-existent group """
     group1.ensure_missing()
     command = automember_group.make_create_command()
     with raises_exact(errors.NotFound(
             reason=u'group "%s" not found' % group1.cn)):
         command()
 def test_update_nonexistent(self, location):
     location.ensure_missing()
     command = location.make_update_command(updates=dict(
         description=u'Nope'))
     with raises_exact(errors.NotFound(
             reason=u'%s: location not found' % location.idnsname)):
         command()
Beispiel #6
0
 def test_update_nonexistent(self, host):
     host.ensure_missing()
     command = host.make_update_command(
         updates=dict(description=u'Nope'))
     with raises_exact(errors.NotFound(
             reason=u'%s: host not found' % host.fqdn)):
         command()
 def test_create_duplicate(self, location):
     location.ensure_exists()
     command = location.make_create_command()
     with raises_exact(errors.DuplicateEntry(
             message=u'location with name "%s" already exists' %
                     location.idnsname)):
         command()
Beispiel #8
0
 def test_validation_disabled_on_show(self):
     """ Test that validation is disabled on user retrieves """
     tracker = Tracker()
     command = tracker.make_command('user_show', invaliduser1)
     with raises_exact(errors.NotFound(
             reason=u'%s: user not found' % invaliduser1)):
         command()
 def test_create_duplicate(self, stageduser):
     stageduser.ensure_exists()
     command = stageduser.make_create_command()
     with raises_exact(errors.DuplicateEntry(
             message=u'stage user with name "%s" already exists' %
             stageduser.uid)):
         command()
 def test_update_nonexistent(self, stageduser):
     stageduser.ensure_missing()
     command = stageduser.make_update_command(
         updates=dict(givenname=u'changed'))
     with raises_exact(errors.NotFound(
             reason=u'%s: stage user not found' % stageduser.uid)):
         command()
Beispiel #11
0
 def test_try_illegal_ssh_pubkey(self, host):
     host.ensure_exists()
     command = host.make_update_command(
         updates=dict(ipasshpubkey=[u'no-pty %s' % sshpubkey]))
     with raises_exact(errors.ValidationError(
             name='sshpubkey', error=u'options are not allowed')):
         command()
    def test_create_with_attr(self, stageduser2, user, user_activated):
        """ Tests creating a user with various valid attributes listed
        in 'options_ok' list"""
        # create staged user with specified parameters
        user.ensure_exists()  # necessary for manager test
        stageduser2.ensure_missing()
        command = stageduser2.make_create_command()
        result = command()
        stageduser2.track_create()
        stageduser2.check_create(result)

        # activate user, verify that specified values were preserved
        # after activation
        user_activated.ensure_missing()
        user_activated = UserTracker(
            stageduser2.uid, stageduser2.givenname,
            stageduser2.sn, **stageduser2.kwargs)
        user_activated.create_from_staged(stageduser2)
        command = stageduser2.make_activate_command()
        result = command()
        user_activated.check_activate(result)

        # verify the staged user does not exist after activation
        command = stageduser2.make_retrieve_command()
        with raises_exact(errors.NotFound(
                reason=u'%s: stage user not found' % stageduser2.uid)):
            command()

        user_activated.delete()
Beispiel #13
0
 def test_rename_admins_using_setattr(self, admins):
     """ Try to rename the protected admins group using setattr """
     command = admins.make_command('group_mod', *[admins.cn],
                                   **dict(setattr=u'cn=%s' % renamedgroup1))
     with raises_exact(errors.ProtectedEntryError(label=u'group',
                       key=admins.cn, reason='Cannot be renamed')):
         command()
Beispiel #14
0
 def test_delete_nonexistent(self, user):
     """ Try to delete a non-existent user """
     user.ensure_missing()
     command = user.make_delete_command()
     with raises_exact(errors.NotFound(
             reason=u'%s: user not found' % user.uid)):
         command()
 def test_update_gid_string(self, stageduser):
     stageduser.ensure_exists()
     command = stageduser.make_update_command(
         updates={u'gidnumber': u'text'})
     with raises_exact(errors.ConversionError(
             message=u'invalid \'gidnumber\': must be an integer')):
         command()
 def test_create_uid_negative(self, stageduser):
     stageduser.ensure_missing()
     command = stageduser.make_create_command(
         options={u'uidnumber': u'-123'})
     with raises_exact(errors.ValidationError(
             message=u'invalid \'uid\': must be at least 1')):
         command()
 def test_enable_preserved(self, user):
     user.make_preserved_user()
     command = user.make_enable_command()
     with raises_exact(errors.MidairCollision(
             message=u'change collided with another change')):
         command()
     user.delete()
 def test_update_gid_negative(self, stageduser):
     stageduser.ensure_exists()
     command = stageduser.make_update_command(
         updates={u'gidnumber': u'-123'})
     with raises_exact(errors.ValidationError(
             message=u'invalid \'gidnumber\': must be at least 1')):
         command()
    def test_try_rename_by_setattr(self, default_profile):
        command = default_profile.make_update_command(
            updates=dict(setattr=u'cn=bogus'))
        errmsg = RENAME_ERR_TEMPL.format(default_profile.name)

        with raises_exact(errors.ProtectedEntryError(message=errmsg)):
            command()
 def test_create_duplicate(self, user_profile):
     msg = u'Certificate Profile with name "{}" already exists'
     user_profile.ensure_exists()
     command = user_profile.make_create_command()
     with raises_exact(errors.DuplicateEntry(
             message=msg.format(user_profile.name))):
         command()
 def test_delete_nonexistent(self, hostgroup):
     """ Try to delete non-existent hostgroup """
     hostgroup.ensure_missing()
     command = hostgroup.make_delete_command()
     with raises_exact(errors.NotFound(
             reason=u'%s: host group not found' % hostgroup.cn)):
         command()
Beispiel #22
0
 def test_convert_posix_to_external(self, group):
     """ Try to convert a posix group to external """
     command = group.make_update_command(dict(external=True))
     with raises_exact(errors.PosixGroupViolation(
             reason=u"""This is already a posix group and cannot
                     be converted to external one""")):
         command()
 def test_create_uid_string(self, stageduser):
     stageduser.ensure_missing()
     command = stageduser.make_create_command(
         options={u'uidnumber': u'text'})
     with raises_exact(errors.ConversionError(
             message=u'invalid \'uid\': must be an integer')):
         command()
Beispiel #24
0
 def test_delete_nonexistent(self, group):
     """ Try to delete a non-existent user """
     group.ensure_missing()
     command = group.make_delete_command()
     with raises_exact(errors.NotFound(
             reason=u'%s: group not found' % group.cn)):
         command()
 def test_create_long_uid(self):
     invalid = StageUserTracker(invaliduser2, u'invalid', u'user')
     command = invalid.make_create_command()
     with raises_exact(errors.ValidationError(
             name='login',
             error=u"can be at most 32 characters")):
         command()
Beispiel #26
0
 def test_rename_trust_admins(self, trustadmins):
     """ Try to rename the protected 'trust admins' group """
     command = trustadmins.make_command('group_mod', *[trustadmins.cn],
                                        **dict(rename=renamedgroup1))
     with raises_exact(errors.ProtectedEntryError(label=u'group',
                       key=trustadmins.cn, reason='Cannot be renamed')):
         command()
 def test_create_invalid_uid(self):
     invalid = StageUserTracker(invaliduser1, u'invalid', u'user')
     command = invalid.make_create_command()
     with raises_exact(errors.ValidationError(
         name='login',
             error=u"may only include letters, numbers, _, -, . and $")):
         command()
 def test_delete_with_nonexistent_group(self, automember_group, group1):
     """ Try to delete a rule with non-existent group """
     group1.ensure_missing()
     command = automember_group.make_delete_command()
     with raises_exact(errors.NotFound(
             reason=u': Automember rule not found')):
         command()
Beispiel #29
0
 def test_try_validate_create(self, invalid_host):
     command = invalid_host.make_create_command()
     with raises_exact(errors.ValidationError(
             name='hostname',
             error=u"invalid domain-name: only letters, numbers, '-' are " +
                   u"allowed. DNS label may not start or end with '-'")):
         command()
 def test_rebuild_membership_with_invalid_user_in_users(self,
                                                        automember_group):
     """ Try to rebuild membership with invalid user in --users """
     command = automember_group.make_rebuild_command(
         users=user_does_not_exist)
     with raises_exact(errors.NotFound(
             reason=u'%s: user not found' % user_does_not_exist)):
         command()
Beispiel #31
0
 def test_delete_bogus_attribute(self, user):
     """ Try deleting bogus attribute """
     command = user.make_command('config_mod',
                                 **dict(delattr=u'bogusattribute=xyz'))
     with raises_exact(
             errors.ValidationError(
                 name='bogusattribute',
                 error='No such attribute on this entry')):
         command()
 def test_update_nonexistent(self, hostgroup):
     """ Try to update non-existent hostgroup """
     hostgroup.ensure_missing()
     command = hostgroup.make_update_command(
         dict(description=u'Updated hostgroup 1')
     )
     with raises_exact(errors.NotFound(
             reason=u'%s: host group not found' % hostgroup.cn)):
         command()
Beispiel #33
0
 def test_add_a_new_cert_subject_base_config_entry(self, user):
     """ Try adding a new cert subject base config entry """
     command = user.make_command(
         'config_mod',
         **dict(addattr=u'ipacertificatesubjectbase=0=DOMAIN.COM'))
     with raises_exact(
             errors.ValidationError(name='ipacertificatesubjectbase',
                                    error='attribute is not configurable')):
         command()
 def test_rebuild_membership_with_invalid_user_in_users(
         self, automember_group):
     """ Try to rebuild membership with invalid user in --users """
     command = automember_group.make_rebuild_command(
         users=user_does_not_exist)
     with raises_exact(
             errors.NotFound(reason=u'%s: user not found' %
                             user_does_not_exist)):
         command()
Beispiel #35
0
 def test_update_nonexistent(self, idp):
     """ Try to update a non-existent idp """
     idp.ensure_missing()
     command = idp.make_update_command(updates=dict(
         ipaidpclientid='idpclient2'))
     with raises_exact(
             errors.NotFound(
                 reason='%s: Identity Provider server not found' % idp.cn)):
         command()
 def test_create_duplicate(self, sudocmdgroup1):
     """ Try to create duplicate sudocmdgroup """
     sudocmdgroup1.ensure_exists()
     command = sudocmdgroup1.make_create_command()
     with raises_exact(
             errors.DuplicateEntry(
                 message=u'sudo command group ' +
                 u'with name "%s" already exists' % sudocmdgroup1.cn)):
         command()
Beispiel #37
0
 def test_add_with_invalid_name(self, group):
     """ Try to add group with an invalid name """
     command = group.make_command(
         'group_add', *[invalidgroup1], **dict(description=u'Test')
     )
     with raises_exact(errors.ValidationError(
             name='group_name',
             error=u'may only include letters, numbers, _, -, . and $')):
         command()
Beispiel #38
0
 def test_del_dependent_sudocmd_sudorule_deny(self, sudocmd1, sudorule1):
     """ Try to delete sudocmd that is in sudorule deny list """
     sudocmd1.ensure_exists()
     command = sudocmd1.make_delete_command()
     with raises_exact(
             errors.DependentEntry(key=sudocmd1.cmd,
                                   label='sudorule',
                                   dependent=sudorule1)):
         command()
Beispiel #39
0
 def test_rename_trust_admins(self, trustadmins):
     """ Try to rename the protected 'trust admins' group """
     command = trustadmins.make_command('group_mod', *[trustadmins.cn],
                                        **dict(rename=renamedgroup1))
     with raises_exact(
             errors.ProtectedEntryError(label=u'group',
                                        key=trustadmins.cn,
                                        reason='Cannot be renamed')):
         command()
Beispiel #40
0
 def test_rebuild_membership_hosts_group(self, automember_hostgroup, user1,
                                         host1):
     """ Try to issue rebuild membership command with type --users and
     hosts specified """
     command = automember_hostgroup.make_rebuild_command(hosts=host1.fqdn,
                                                         type=u'group')
     with raises_exact(errors.MutuallyExclusiveError(
             reason=u"hosts cannot be set when type is 'group'")):
         command()
Beispiel #41
0
 def test_add_nonexistent_location_to_server(self, server):
     nonexistent_loc = DNSName(u'nonexistent-location')
     command = server.make_update_command(
         updates=dict(ipalocation_location=nonexistent_loc, ))
     with raises_exact(
             errors.NotFound(
                 reason=u"{location}: location not found".format(
                     location=nonexistent_loc))):
         command()
Beispiel #42
0
 def test_rebuild_membership_users_hostgroup(self, automember_hostgroup,
                                             user1):
     """ Try to issue rebuild membership command with type --hosts and
     users specified """
     command = automember_hostgroup.make_rebuild_command(users=user1.name,
                                                         type=u'hostgroup')
     with raises_exact(errors.MutuallyExclusiveError(
             reason=u"users cannot be set when type is 'hostgroup'")):
         command()
Beispiel #43
0
 def test_rebuild_membership_user_hosts(self, automember_hostgroup, user1,
                                        host1):
     """ Try to issue rebuild membership command with --users and --hosts
     together """
     command = automember_hostgroup.make_rebuild_command(users=user1.name,
                                                         hosts=host1.fqdn)
     with raises_exact(errors.MutuallyExclusiveError(
             reason=u'users and hosts cannot both be set')):
         command()
 def test_try_validate_create(self, invalid_host):
     command = invalid_host.make_create_command()
     with raises_exact(
             errors.ValidationError(
                 name='hostname',
                 error=
                 u"invalid domain-name: only letters, numbers, '-' are " +
                 u"allowed. DNS label may not start or end with '-'")):
         command()
 def test_create_duplicate_hostgroup(self, hostgroup):
     """ Try to create duplicate hostgroup """
     hostgroup.ensure_exists()
     command = hostgroup.make_create_command()
     with raises_exact(
             errors.DuplicateEntry(
                 message=u'host group with name "%s" already exists' %
                 hostgroup.cn)):
         command()
Beispiel #46
0
 def test_rename_admins_using_setattr(self, admins):
     """ Try to rename the protected admins group using setattr """
     command = admins.make_command('group_mod', *[admins.cn],
                                   **dict(setattr=u'cn=%s' % renamedgroup1))
     with raises_exact(
             errors.ProtectedEntryError(label=u'group',
                                        key=admins.cn,
                                        reason='Cannot be renamed')):
         command()
 def test_invalid_name(self, hostgroup_invalid):
     """ Test an invalid hostgroup name """
     hostgroup_invalid.ensure_missing()
     command = hostgroup_invalid.make_create_command()
     with raises_exact(
             errors.ValidationError(
                 name='hostgroup_name',
                 error=u'may only include letters, numbers, _, -, and .')):
         command()
Beispiel #48
0
 def test_remove_all_admins_from_admins(self, admins, user):
     """ Try to remove both original and our admin from admins group """
     command = admins.make_remove_member_command(
         dict(user=[u'admin', user.uid]))
     with raises_exact(
             errors.LastMemberError(key=u'admin',
                                    label=u'group',
                                    container=admins.cn)):
         command()
Beispiel #49
0
 def test_delete_detached_managed(self, managed_group, user):
     """ Delete a previously managed group that is now detached
     and verify it's really gone """
     managed_group.delete()
     command = managed_group.make_retrieve_command()
     with raises_exact(errors.NotFound(
             reason=u'%s: group not found' % managed_group.cn)):
         command()
     user.ensure_missing()
Beispiel #50
0
 def test_rename_nonexistent(self, idp, renamedidp):
     """ Try to rename a non-existent idp """
     idp.ensure_missing()
     command = idp.make_update_command(updates=dict(setattr='cn=%s' %
                                                    renamedidp.cn))
     with raises_exact(
             errors.NotFound(
                 reason='%s: Identity Provider server not found' % idp.cn)):
         command()
Beispiel #51
0
 def test_create_invalid_uid(self):
     invalid = StageUserTracker(invaliduser1, u'invalid', u'user')
     command = invalid.make_create_command()
     with raises_exact(
             errors.ValidationError(
                 name='login',
                 error=u"may only include letters, numbers, _, -, . and $")
     ):
         command()
Beispiel #52
0
 def test_create_krbprincipal_malformed(self, stageduser):
     stageduser.ensure_missing()
     command = stageduser.make_create_command(
         options={u'krbprincipalname': invalidrealm2})
     with raises_exact(
             errors.ConversionError(
                 name='principal',
                 error="Malformed principal: '{}'".format(invalidrealm2))):
         command()
 def test_rebuild_membership_hosts_incorrectly(self, automember_hostgroup):
     """ Try to issue rebuild automember command without 'type' parameter
     """
     command = automember_hostgroup.make_rebuild_command()
     with raises_exact(
             errors.MutuallyExclusiveError(
                 reason=u'at least one of options: '
                 'type, users, hosts must be specified')):
         command()
Beispiel #54
0
 def test_create_krbprincipal_bad_realm(self, stageduser):
     stageduser.ensure_missing()
     command = stageduser.make_create_command(
         options={u'krbprincipalname': invalidrealm1})
     with raises_exact(
             errors.RealmMismatch(
                 message=u'The realm for the principal does not match '
                 'the realm for this IPA server')):
         command()
 def test_delete_with_nonexistent_hostgroup(self, automember_hostgroup,
                                            hostgroup1):
     """ Try to delete a rule with non-existent group """
     hostgroup1.ensure_missing()
     command = automember_hostgroup.make_delete_command()
     with raises_exact(
             errors.NotFound(reason=u'%s: Automember rule not found' %
                             hostgroup1.cn)):
         command()
Beispiel #56
0
 def test_create_where_managed_group_exists(self, user, group):
     """ Create a managed group and then try to create user
     with the same name the group has """
     group.create()
     command = user.make_command(
         'user_add', group.cn, **dict(givenname=u'Test', sn=u'User1')
     )
     with raises_exact(errors.ManagedGroupExistsError(group=group.cn)):
         command()
 def test_rebuild_membership_with_invalid_hosts_in_hosts(
         self, automember_hostgroup):
     """ Try to rebuild membership with invalid host in --hosts """
     command = automember_hostgroup.make_rebuild_command(
         hosts=fqdn_does_not_exist)
     with raises_exact(
             errors.NotFound(reason=u'%s: host not found' %
                             fqdn_does_not_exist)):
         command()
Beispiel #58
0
    def test_find_orphan_automember_rules(self, hostgroup1):
        """ Remove hostgroup1, find and remove obsolete automember rules. """
        # Remove hostgroup1

        hostgroup1.ensure_missing()

        # Test rebuild (is failing)
        # rebuild fails if 389-ds is older than 1.4.0.22 where unmembering
        # feature was implemented: https://pagure.io/389-ds-base/issue/50077
        if not have_ldap2:
            pytest.skip('server plugin not available')
        ldap = ldap2(api)
        ldap.connect()
        rootdse = ldap.get_entry(DN(''), ['vendorVersion'])
        version = rootdse.single_value.get('vendorVersion')
        # The format of vendorVersion is the following:
        # 389-Directory/1.3.8.4 B2019.037.1535
        # Extract everything between 389-Directory/ and ' B'
        mo = re.search(r'389-Directory/(.*) B', version)
        vendor_version = parse_version(mo.groups()[0])
        expected_failure = vendor_version < parse_version('1.4.0.22')

        try:
            api.Command['automember_rebuild'](type=u'hostgroup')
        except errors.DatabaseError:
            rebuild_failure = True
        else:
            rebuild_failure = False
        if expected_failure != rebuild_failure:
            pytest.fail("unexpected result for automember_rebuild with "
                        "an orphan automember rule")

        # Find obsolete automember rules
        result = api.Command['automember_find_orphans'](type=u'hostgroup')
        assert result['count'] == 1

        # Find and remove obsolete automember rules
        result = api.Command['automember_find_orphans'](type=u'hostgroup',
                                                        remove=True)
        assert result['count'] == 1

        # Find obsolete automember rules
        result = api.Command['automember_find_orphans'](type=u'hostgroup')
        assert result['count'] == 0

        # Test rebuild (may not be failing)
        try:
            api.Command['automember_rebuild'](type=u'hostgroup')
        except errors.DatabaseError:
            assert False

        # Final cleanup of automember rule if it still exists
        with raises_exact(
                errors.NotFound(reason=u'%s: Automember rule not found' %
                                hostgroup1.cn)):
            api.Command['automember_del'](hostgroup1.cn, type=u'hostgroup')
Beispiel #59
0
 def test_active_same_as_preserved(self, user4, user5):
     user4.ensure_missing()
     user5.make_preserved_user()
     command = user4.make_create_command()
     with raises_exact(
             errors.DuplicateEntry(
                 message=u'user with name "%s" already exists' %
                 user4.uid)):
         command()
     user5.delete()
Beispiel #60
0
    def test_preserved_manager(self, user, user3):
        user.ensure_exists()
        user3.make_preserved_user()

        command = user.make_update_command(updates=dict(manager=user3.uid))
        with raises_exact(
                errors.NotFound(reason=u'manager %s not found' % user3.uid)):
            command()

        user3.delete()