def setup_class(cls):
super(CertManipCmdTestBase, cls).setup_class()
cls.delete_entity()
cls.add_entity()
cls.add_caacl()
cls.disable_profile_store()
# list of certificates to add to entry
cls.certs = [get_testcert(DN(("CN", cls.entity_subject)), cls.entity_principal) for _i in range(3)]
# list of certificates for testing of removal of non-existent certs
cls.nonexistent_certs = [get_testcert(DN(("CN", cls.entity_subject)), cls.entity_principal) for _j in range(2)]
# cert subset to remove from entry
cls.certs_subset = cls.certs[:2]
# remaining subset
cls.certs_remainder = cls.certs[2:]
# mixture of certs which exist and do not exists in the entry
cls.mixed_certs = cls.certs[:2] + cls.nonexistent_certs[:1]
# invalid base64 encoding
cls.invalid_b64 = [u"few4w24gvrae54y6463234f"]
# malformed certificate
cls.malformed_cert = [base64.b64encode(b"malformed cert")]
# store entity info for the final test
cls.entity_attrs = api.Command["%s_show" % cls.entity_class](cls.entity_pkey)
def test_update_simple(self, host):
host.update(dict(description=u'Updated host 1',
usercertificate=get_testcert()),
expected_updates=dict(
description=[u'Updated host 1'],
usercertificate=[base64.b64decode(get_testcert())],
issuer=fuzzy_issuer,
md5_fingerprint=fuzzy_hash,
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
subject=DN(('CN', api.env.host), x509.subject_base()),
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
))
host.retrieve()
def test_update_simple(self, host):
host.update(dict(
description=u'Updated host 1',
usercertificate=get_testcert()),
expected_updates=dict(
description=[u'Updated host 1'],
usercertificate=[base64.b64decode(get_testcert())],
issuer=fuzzy_issuer,
md5_fingerprint=fuzzy_hash,
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
subject=DN(('CN', api.env.host), x509.subject_base()),
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
))
host.retrieve()
def setup_class(cls):
super(CertManipCmdTestBase, cls).setup_class()
cls.delete_entity()
cls.add_entity()
cls.add_caacl()
cls.disable_profile_store()
# list of certificates to add to entry
cls.certs = [
get_testcert(DN(('CN', cls.entity_subject)), cls.entity_principal)
for _i in range(3)
]
# list of certificates for testing of removal of non-existent certs
cls.nonexistent_certs = [
get_testcert(DN(('CN', cls.entity_subject)), cls.entity_principal)
for _j in range(2)
]
# cert subset to remove from entry
cls.certs_subset = cls.certs[:2]
# remaining subset
cls.certs_remainder = cls.certs[2:]
# mixture of certs which exist and do not exists in the entry
cls.mixed_certs = cls.certs[:2] + cls.nonexistent_certs[:1]
# invalid base64 encoding
cls.invalid_b64 = [u'few4w24gvrae54y6463234f']
# malformed certificate
cls.malformed_cert = [base64.b64encode(b'malformed cert')]
# store entity info for the final test
cls.entity_attrs = api.Command['%s_show' % cls.entity_class](
cls.entity_pkey)
ipv6_fromip_ptr_dn = DN(('idnsname', ipv6_fromip_ptr), revipv6zone_dn)
sshpubkey = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6XHBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGIwA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNmcSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM019Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF0L public key test'
sshpubkeyfp = u'SHA256:cStA9o5TRSARbeketEOooMUMSWRSsArIAXloBZ4vNsE public key test (ssh-rsa)'
user1 = u'tuser1'
user2 = u'tuser2'
group1 = u'group1'
group1_dn = get_group_dn(group1)
group2 = u'group2'
group2_dn = get_group_dn(group2)
hostgroup1 = u'testhostgroup1'
hostgroup1_dn = DN(('cn', hostgroup1), ('cn', 'hostgroups'),
('cn', 'accounts'), api.env.basedn)
host_cert = get_testcert(DN(('CN', api.env.host), subject_base()),
'host/%s@%s' % (api.env.host, api.env.realm))
missingrevzone = u'22.30.16.172.in-addr.arpa.'
ipv4_in_missingrevzone_ip = u'172.16.30.22'
@pytest.fixture(scope='class')
def host(request):
tracker = HostTracker(name=u'testhost1')
return tracker.make_fixture(request)
@pytest.fixture(scope='class')
def host2(request):
tracker = HostTracker(name=u'testhost2')
return tracker.make_fixture(request)
fqdn1 = u'testhost1.%s' % api.env.domain
fqdn2 = u'testhost2.%s' % api.env.domain
fqdn3 = u'TestHost3.%s' % api.env.domain
service1_no_realm = u'HTTP/%s' % fqdn1
service1 = u'%s@%s' % (service1_no_realm, api.env.realm)
hostprincipal1 = u'host/%s@%s' % (fqdn1, api.env.realm)
service1dn = DN(('krbprincipalname',service1),('cn','services'),('cn','accounts'),api.env.basedn)
host1dn = DN(('fqdn',fqdn1),('cn','computers'),('cn','accounts'),api.env.basedn)
host2dn = DN(('fqdn',fqdn2),('cn','computers'),('cn','accounts'),api.env.basedn)
host3dn = DN(('fqdn',fqdn3),('cn','computers'),('cn','accounts'),api.env.basedn)
role1 = u'Test Role'
role1_dn = DN(('cn', role1), api.env.container_rolegroup, api.env.basedn)
servercert= get_testcert(DN(('CN', api.env.host), x509.subject_base()),
'unittest/%s@%s' % (api.env.host, api.env.realm))
badservercert = 'MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXDuqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHYd+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pekiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0WyDGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv'
user1 = u'tuser1'
user2 = u'tuser2'
group1 = u'group1'
group1_dn = get_group_dn(group1)
group2 = u'group2'
group2_dn = get_group_dn(group2)
hostgroup1 = u'testhostgroup1'
hostgroup1_dn = DN(('cn',hostgroup1),('cn','hostgroups'),('cn','accounts'),
api.env.basedn)
@pytest.mark.tier1
class test_service(Declarative):
def cert2(request):
return get_testcert(DN(('CN', u'testuser')), u'testuser')
def cert2(request, xmlrpc_setup):
return get_testcert(DN(('CN', u'testuser')), u'testuser')
ipv6_fromip_ptr_dn = DN(('idnsname', ipv6_fromip_ptr), revipv6zone_dn)
sshpubkey = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6XHBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGIwA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNmcSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM019Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF0L public key test'
sshpubkeyfp = u'SHA256:cStA9o5TRSARbeketEOooMUMSWRSsArIAXloBZ4vNsE public key test (ssh-rsa)'
user1 = u'tuser1'
user2 = u'tuser2'
group1 = u'group1'
group1_dn = get_group_dn(group1)
group2 = u'group2'
group2_dn = get_group_dn(group2)
hostgroup1 = u'testhostgroup1'
hostgroup1_dn = DN(('cn',hostgroup1),('cn','hostgroups'),('cn','accounts'),
api.env.basedn)
host_cert = get_testcert(DN(('CN', api.env.host), subject_base()),
'host/%s@%s' % (api.env.host, api.env.realm))
missingrevzone = u'22.30.16.172.in-addr.arpa.'
ipv4_in_missingrevzone_ip = u'172.16.30.22'
@pytest.fixture(scope='class')
def host(request):
tracker = HostTracker(name=u'testhost1')
return tracker.make_fixture(request)
@pytest.fixture(scope='class')
def host2(request):
tracker = HostTracker(name=u'testhost2')
return tracker.make_fixture(request)
class test_service(Declarative):
cleanup_commands = [
('host_del', [fqdn1], {}),
('host_del', [fqdn2], {}),
('host_del', [fqdn3], {}),
('service_del', [service1], {}),
]
tests = [
dict(
desc='Try to retrieve non-existent %r' % service1,
command=('service_show', [service1], {}),
expected=errors.NotFound(reason=u'%s: service not found' %
service1),
),
dict(
desc='Try to update non-existent %r' % service1,
command=('service_mod', [service1],
dict(usercertificate=get_testcert())),
expected=errors.NotFound(reason=u'%s: service not found' %
service1),
),
dict(
desc='Try to delete non-existent %r' % service1,
command=('service_del', [service1], {}),
expected=errors.NotFound(reason=u'%s: service not found' %
service1),
),
dict(
desc='Create %r' % fqdn1,
command=(
'host_add',
[fqdn1],
dict(
description=u'Test host 1',
l=u'Undisclosed location 1',
force=True,
),
),
expected=dict(
value=fqdn1,
summary=u'Added host "%s"' % fqdn1,
result=dict(
dn=host1dn,
fqdn=[fqdn1],
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn1],
has_keytab=False,
has_password=False,
),
),
),
dict(
desc='Create %r' % fqdn2,
command=(
'host_add',
[fqdn2],
dict(
description=u'Test host 2',
l=u'Undisclosed location 2',
force=True,
),
),
expected=dict(
value=fqdn2,
summary=u'Added host "%s"' % fqdn2,
result=dict(
dn=host2dn,
fqdn=[fqdn2],
description=[u'Test host 2'],
l=[u'Undisclosed location 2'],
krbprincipalname=[u'host/%s@%s' % (fqdn2, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn2],
has_keytab=False,
has_password=False,
),
),
),
dict(
desc='Create %r' % fqdn3,
command=(
'host_add',
[fqdn3],
dict(
description=u'Test host 3',
l=u'Undisclosed location 3',
force=True,
),
),
expected=dict(
value=fqdn3.lower(),
summary=u'Added host "%s"' % fqdn3.lower(),
result=dict(
dn=host3dn,
fqdn=[fqdn3.lower()],
description=[u'Test host 3'],
l=[u'Undisclosed location 3'],
krbprincipalname=[
u'host/%s@%s' % (fqdn3.lower(), api.env.realm)
],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn3.lower()],
has_keytab=False,
has_password=False,
),
),
),
dict(
desc='Create %r' % service1,
command=(
'service_add',
[service1],
dict(force=True, ),
),
expected=dict(
value=service1,
summary=u'Added service "%s"' % service1,
result=dict(
dn=service1dn,
krbprincipalname=[service1],
objectclass=objectclasses.service,
ipauniqueid=[fuzzy_uuid],
managedby_host=[fqdn1],
),
),
),
dict(
desc='Try to create duplicate %r' % service1,
command=(
'service_add',
[service1],
dict(force=True, ),
),
expected=errors.DuplicateEntry(
message=u'service with name "%s" already exists' % service1),
),
dict(
desc='Retrieve %r' % service1,
command=('service_show', [service1], {}),
expected=dict(
value=service1,
summary=None,
result=dict(
dn=service1dn,
krbprincipalname=[service1],
has_keytab=False,
managedby_host=[fqdn1],
),
),
),
dict(
desc='Retrieve %r with all=True' % service1,
command=('service_show', [service1], dict(all=True)),
expected=dict(
value=service1,
summary=None,
result=dict(
dn=service1dn,
krbprincipalname=[service1],
ipakrbprincipalalias=[service1],
objectclass=objectclasses.service,
ipauniqueid=[fuzzy_uuid],
managedby_host=[fqdn1],
has_keytab=False,
ipakrbrequirespreauth=True,
ipakrbokasdelegate=False,
),
),
),
dict(
desc='Search for %r' % service1,
command=('service_find', [service1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 service matched',
result=[
dict(
dn=service1dn,
krbprincipalname=[service1],
managedby_host=[fqdn1],
has_keytab=False,
),
],
),
),
dict(
desc='Search for %r with all=True' % service1,
command=('service_find', [service1], dict(all=True)),
expected=dict(
count=1,
truncated=False,
summary=u'1 service matched',
result=[
dict(
dn=service1dn,
krbprincipalname=[service1],
ipakrbprincipalalias=[service1],
objectclass=objectclasses.service,
ipauniqueid=[fuzzy_uuid],
has_keytab=False,
managedby_host=[fqdn1],
ipakrbrequirespreauth=True,
ipakrbokasdelegate=False,
),
],
),
),
dict(
desc='Add non-existent host to %r' % service1,
command=('service_add_host', [service1], dict(host=u'notfound')),
expected=dict(
failed=dict(managedby=dict(host=[(u'notfound',
u'no such entry')])),
completed=0,
result=dict(
dn=service1dn,
krbprincipalname=[service1],
managedby_host=[fqdn1],
),
),
),
dict(
desc='Remove non-existent host from %r' % service1,
command=('service_remove_host', [service1],
dict(host=u'notfound')),
expected=dict(
failed=dict(managedby=dict(
host=[(u'notfound', u'This entry is not a member')])),
completed=0,
result=dict(
dn=service1dn,
krbprincipalname=[service1],
managedby_host=[fqdn1],
),
),
),
dict(
desc='Add host to %r' % service1,
command=('service_add_host', [service1], dict(host=fqdn2)),
expected=dict(
failed=dict(managedby=dict(host=[])),
completed=1,
result=dict(
dn=service1dn,
krbprincipalname=[service1],
managedby_host=[fqdn1, fqdn2],
),
),
),
dict(
desc='Remove host from %r' % service1,
command=('service_remove_host', [service1], dict(host=fqdn2)),
expected=dict(
failed=dict(managedby=dict(host=[])),
completed=1,
result=dict(
dn=service1dn,
krbprincipalname=[service1],
managedby_host=[fqdn1],
),
),
),
dict(
desc='Add mixed-case host to %r' % service1,
command=('service_add_host', [service1], dict(host=fqdn3)),
expected=dict(
failed=dict(managedby=dict(host=[])),
completed=1,
result=dict(
dn=service1dn,
krbprincipalname=[service1],
managedby_host=[fqdn1, fqdn3.lower()],
),
),
),
dict(
desc='Remove mixed-case host from %r' % service1,
command=('service_remove_host', [service1], dict(host=fqdn3)),
expected=dict(
failed=dict(managedby=dict(host=[])),
completed=1,
result=dict(
dn=service1dn,
krbprincipalname=[service1],
managedby_host=[fqdn1],
),
),
),
dict(
desc='Update %r with a bad certificate' % service1,
command=('service_mod', [service1],
dict(usercertificate=badservercert)),
expected=errors.CertificateOperationError(
error=u'Issuer "CN=IPA Test Certificate Authority" does not ' +
u'match the expected issuer'),
),
dict(
desc='Update %r' % service1,
command=('service_mod', [service1],
dict(usercertificate=get_testcert())),
expected=dict(
value=service1,
summary=u'Modified service "%s"' % service1,
result=dict(
usercertificate=[base64.b64decode(get_testcert())],
krbprincipalname=[service1],
managedby_host=[fqdn1],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN', api.env.host), x509.subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
md5_fingerprint=fuzzy_hash,
sha1_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
),
),
),
dict(desc='Try to update %r with invalid ipakrbauthz data '
'combination' % service1,
command=('service_mod', [service1],
dict(ipakrbauthzdata=[u'MS-PAC', u'NONE'])),
expected=errors.ValidationError(
name='ipakrbauthzdata',
error=u'NONE value cannot be combined with other PAC types')),
dict(
desc='Update %r with valid ipakrbauthz data '
'combination' % service1,
command=('service_mod', [service1],
dict(ipakrbauthzdata=[u'MS-PAC'])),
expected=dict(
value=service1,
summary=u'Modified service "%s"' % service1,
result=dict(
usercertificate=[base64.b64decode(get_testcert())],
krbprincipalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN', api.env.host), x509.subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
md5_fingerprint=fuzzy_hash,
sha1_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
),
),
),
dict(
desc='Retrieve %r to verify update' % service1,
command=('service_show', [service1], {}),
expected=dict(
value=service1,
summary=None,
result=dict(
dn=service1dn,
usercertificate=[base64.b64decode(get_testcert())],
krbprincipalname=[service1],
has_keytab=False,
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
# These values come from the servercert that is in this
# test case.
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN', api.env.host), x509.subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
md5_fingerprint=fuzzy_hash,
sha1_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
),
),
),
dict(
desc='Enable %r OK_AS_DELEGATE Kerberos ticket flag' % service1,
command=('service_mod', [service1], dict(ipakrbokasdelegate=True)),
expected=dict(
value=service1,
summary=u'Modified service "%s"' % service1,
result=dict(
usercertificate=[base64.b64decode(get_testcert())],
krbprincipalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN', api.env.host), x509.subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
md5_fingerprint=fuzzy_hash,
sha1_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
krbticketflags=[u'1048704'],
ipakrbokasdelegate=True,
),
),
),
dict(
desc='Update %r Kerberos ticket flags with setattr' % service1,
command=('service_mod', [service1],
dict(setattr=[u'krbTicketFlags=1048577'])),
expected=dict(
value=service1,
summary=u'Modified service "%s"' % service1,
result=dict(
usercertificate=[base64.b64decode(get_testcert())],
krbprincipalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN', api.env.host), x509.subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
md5_fingerprint=fuzzy_hash,
sha1_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
krbticketflags=[u'1048577'],
),
),
),
dict(
desc='Disable %r OK_AS_DELEGATE Kerberos ticket flag' % service1,
command=('service_mod', [service1],
dict(ipakrbokasdelegate=False)),
expected=dict(
value=service1,
summary=u'Modified service "%s"' % service1,
result=dict(
usercertificate=[base64.b64decode(get_testcert())],
krbprincipalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN', api.env.host), x509.subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
md5_fingerprint=fuzzy_hash,
sha1_fingerprint=fuzzy_hash,
issuer=fuzzy_issuer,
krbticketflags=[u'1'],
ipakrbokasdelegate=False,
),
),
),
dict(
desc='Delete %r' % service1,
command=('service_del', [service1], {}),
expected=dict(
value=[service1],
summary=u'Deleted service "%s"' % service1,
result=dict(failed=[]),
),
),
dict(
desc='Try to retrieve non-existent %r' % service1,
command=('service_show', [service1], {}),
expected=errors.NotFound(reason=u'%s: service not found' %
service1),
),
dict(
desc='Try to update non-existent %r' % service1,
command=('service_mod', [service1],
dict(usercertificate=get_testcert())),
expected=errors.NotFound(reason=u'%s: service not found' %
service1),
),
dict(
desc='Try to delete non-existent %r' % service1,
command=('service_del', [service1], {}),
expected=errors.NotFound(reason=u'%s: service not found' %
service1),
),
dict(desc='Create service with malformed principal "foo"',
command=('service_add', [u'foo'], {}),
expected=errors.MalformedServicePrincipal(
reason='missing service')),
dict(
desc='Create service with bad realm "HTTP/[email protected]"',
command=('service_add', [u'HTTP/[email protected]'], {}),
expected=errors.RealmMismatch(),
),
dict(desc='Create a host service %r' % hostprincipal1,
command=('service_add', [hostprincipal1], {}),
expected=errors.HostService()),
# These tests will only succeed when running against lite-server.py
# on same box as IPA install.
dict(
desc=
'Delete the current host (master?) %s HTTP service, should be caught'
% api.env.host,
command=('service_del', ['HTTP/%s' % api.env.host], {}),
expected=errors.ValidationError(
name='principal',
error='This principal is required by the IPA master'),
),
dict(
desc=
'Delete the current host (master?) %s ldap service, should be caught'
% api.env.host,
command=('service_del', ['ldap/%s' % api.env.host], {}),
expected=errors.ValidationError(
name='principal',
error='This principal is required by the IPA master'),
),
dict(
desc=
'Disable the current host (master?) %s HTTP service, should be caught'
% api.env.host,
command=('service_disable', ['HTTP/%s' % api.env.host], {}),
expected=errors.ValidationError(
name='principal',
error='This principal is required by the IPA master'),
),
dict(
desc=
'Disable the current host (master?) %s ldap service, should be caught'
% api.env.host,
command=('service_disable', ['ldap/%s' % api.env.host], {}),
expected=errors.ValidationError(
name='principal',
error='This principal is required by the IPA master'),
),
]
service1_no_realm = u'HTTP/%s' % fqdn1
service1 = u'%s@%s' % (service1_no_realm, api.env.realm)
hostprincipal1 = u'host/%s@%s' % (fqdn1, api.env.realm)
service1dn = DN(('krbprincipalname', service1), ('cn', 'services'),
('cn', 'accounts'), api.env.basedn)
host1dn = DN(('fqdn', fqdn1), ('cn', 'computers'), ('cn', 'accounts'),
api.env.basedn)
host2dn = DN(('fqdn', fqdn2), ('cn', 'computers'), ('cn', 'accounts'),
api.env.basedn)
host3dn = DN(('fqdn', fqdn3), ('cn', 'computers'), ('cn', 'accounts'),
api.env.basedn)
role1 = u'Test Role'
role1_dn = DN(('cn', role1), api.env.container_rolegroup, api.env.basedn)
servercert = get_testcert(DN(('CN', api.env.host), x509.subject_base()),
'unittest/%s@%s' % (api.env.host, api.env.realm))
randomissuercert = (
"MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3Q"
"gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1"
"owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqh"
"kiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXD"
"uqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHY"
"d+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f"
"0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61"
"lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pe"
"kiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgU"
"gMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd"
"9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0Wy"
"DGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv")
randomissuer = DN(('CN', 'puma.greyoak.com'), 'O=IPA')
fqdn1 = u"testhost1.%s" % api.env.domain
fqdn2 = u"testhost2.%s" % api.env.domain
fqdn3 = u"TestHost3.%s" % api.env.domain
service1_no_realm = u"HTTP/%s" % fqdn1
service1 = u"%s@%s" % (service1_no_realm, api.env.realm)
hostprincipal1 = u"host/%s@%s" % (fqdn1, api.env.realm)
service1dn = DN(("krbprincipalname", service1), ("cn", "services"), ("cn", "accounts"), api.env.basedn)
host1dn = DN(("fqdn", fqdn1), ("cn", "computers"), ("cn", "accounts"), api.env.basedn)
host2dn = DN(("fqdn", fqdn2), ("cn", "computers"), ("cn", "accounts"), api.env.basedn)
host3dn = DN(("fqdn", fqdn3), ("cn", "computers"), ("cn", "accounts"), api.env.basedn)
role1 = u"Test Role"
role1_dn = DN(("cn", role1), api.env.container_rolegroup, api.env.basedn)
servercert = get_testcert(
DN(("CN", api.env.host), x509.subject_base()), "unittest/%s@%s" % (api.env.host, api.env.realm)
)
randomissuercert = (
"MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3Q"
"gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1"
"owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqh"
"kiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXD"
"uqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHY"
"d+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f"
"0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61"
"lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pe"
"kiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgU"
"gMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd"
"9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0Wy"
"DGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv"
)
def cert2(request):
return get_testcert(DN(("CN", u"testuser")), u"testuser")
def cert2(request):
return get_testcert(DN(('CN', u'testuser')), u'testuser')