def test_delete_nonexistent(self, sudocmdgroup1, sudocmdgroup2): """ Try to delete non-existent sudocmdgroups """ sudocmdgroup1.ensure_missing() command = sudocmdgroup1.make_delete_command() with raises_exact(errors.NotFound( reason=u'%s: sudo command group not found' % sudocmdgroup1.cn)): command() sudocmdgroup2.ensure_missing() command = sudocmdgroup2.make_delete_command() with raises_exact(errors.NotFound( reason=u'%s: sudo command group not found' % sudocmdgroup2.cn)): command()
def test_update_nonexistent(self, sudocmdgroup1, sudocmdgroup2): """ Try to update non-existent sudocmdgroups """ sudocmdgroup1.ensure_missing() command = sudocmdgroup1.make_update_command(dict(description=u'Foo')) with raises_exact(errors.NotFound( reason=u'%s: sudo command group not found' % sudocmdgroup1.cn)): command() sudocmdgroup2.ensure_missing() command = sudocmdgroup2.make_update_command(dict(description=u'Foo2')) with raises_exact(errors.NotFound( reason=u'%s: sudo command group not found' % sudocmdgroup2.cn)): command()
def test_create_duplicates(self, sudocmd1, sudocmd2): """ Try to create duplicate sudocmds """ sudocmd1.ensure_exists() sudocmd2.ensure_exists() command1 = sudocmd1.make_create_command() command2 = sudocmd2.make_create_command() with raises_exact(errors.DuplicateEntry( message=u'sudo command with name "%s" already exists' % sudocmd1.cmd)): command1() with raises_exact(errors.DuplicateEntry( message=u'sudo command with name "%s" already exists' % sudocmd2.cmd)): command2()
def test_create_with_nonexistent_group(self, automember_group, group1): """ Try to add a rule with non-existent group """ group1.ensure_missing() command = automember_group.make_create_command() with raises_exact(errors.NotFound( reason=u'group "%s" not found' % group1.cn)): command()
def test_update_nonexistent(self, location): location.ensure_missing() command = location.make_update_command(updates=dict( description=u'Nope')) with raises_exact(errors.NotFound( reason=u'%s: location not found' % location.idnsname)): command()
def test_update_nonexistent(self, host): host.ensure_missing() command = host.make_update_command( updates=dict(description=u'Nope')) with raises_exact(errors.NotFound( reason=u'%s: host not found' % host.fqdn)): command()
def test_create_duplicate(self, location): location.ensure_exists() command = location.make_create_command() with raises_exact(errors.DuplicateEntry( message=u'location with name "%s" already exists' % location.idnsname)): command()
def test_validation_disabled_on_show(self): """ Test that validation is disabled on user retrieves """ tracker = Tracker() command = tracker.make_command('user_show', invaliduser1) with raises_exact(errors.NotFound( reason=u'%s: user not found' % invaliduser1)): command()
def test_create_duplicate(self, stageduser): stageduser.ensure_exists() command = stageduser.make_create_command() with raises_exact(errors.DuplicateEntry( message=u'stage user with name "%s" already exists' % stageduser.uid)): command()
def test_update_nonexistent(self, stageduser): stageduser.ensure_missing() command = stageduser.make_update_command( updates=dict(givenname=u'changed')) with raises_exact(errors.NotFound( reason=u'%s: stage user not found' % stageduser.uid)): command()
def test_try_illegal_ssh_pubkey(self, host): host.ensure_exists() command = host.make_update_command( updates=dict(ipasshpubkey=[u'no-pty %s' % sshpubkey])) with raises_exact(errors.ValidationError( name='sshpubkey', error=u'options are not allowed')): command()
def test_create_with_attr(self, stageduser2, user, user_activated): """ Tests creating a user with various valid attributes listed in 'options_ok' list""" # create staged user with specified parameters user.ensure_exists() # necessary for manager test stageduser2.ensure_missing() command = stageduser2.make_create_command() result = command() stageduser2.track_create() stageduser2.check_create(result) # activate user, verify that specified values were preserved # after activation user_activated.ensure_missing() user_activated = UserTracker( stageduser2.uid, stageduser2.givenname, stageduser2.sn, **stageduser2.kwargs) user_activated.create_from_staged(stageduser2) command = stageduser2.make_activate_command() result = command() user_activated.check_activate(result) # verify the staged user does not exist after activation command = stageduser2.make_retrieve_command() with raises_exact(errors.NotFound( reason=u'%s: stage user not found' % stageduser2.uid)): command() user_activated.delete()
def test_rename_admins_using_setattr(self, admins): """ Try to rename the protected admins group using setattr """ command = admins.make_command('group_mod', *[admins.cn], **dict(setattr=u'cn=%s' % renamedgroup1)) with raises_exact(errors.ProtectedEntryError(label=u'group', key=admins.cn, reason='Cannot be renamed')): command()
def test_delete_nonexistent(self, user): """ Try to delete a non-existent user """ user.ensure_missing() command = user.make_delete_command() with raises_exact(errors.NotFound( reason=u'%s: user not found' % user.uid)): command()
def test_update_gid_string(self, stageduser): stageduser.ensure_exists() command = stageduser.make_update_command( updates={u'gidnumber': u'text'}) with raises_exact(errors.ConversionError( message=u'invalid \'gidnumber\': must be an integer')): command()
def test_create_uid_negative(self, stageduser): stageduser.ensure_missing() command = stageduser.make_create_command( options={u'uidnumber': u'-123'}) with raises_exact(errors.ValidationError( message=u'invalid \'uid\': must be at least 1')): command()
def test_enable_preserved(self, user): user.make_preserved_user() command = user.make_enable_command() with raises_exact(errors.MidairCollision( message=u'change collided with another change')): command() user.delete()
def test_update_gid_negative(self, stageduser): stageduser.ensure_exists() command = stageduser.make_update_command( updates={u'gidnumber': u'-123'}) with raises_exact(errors.ValidationError( message=u'invalid \'gidnumber\': must be at least 1')): command()
def test_try_rename_by_setattr(self, default_profile): command = default_profile.make_update_command( updates=dict(setattr=u'cn=bogus')) errmsg = RENAME_ERR_TEMPL.format(default_profile.name) with raises_exact(errors.ProtectedEntryError(message=errmsg)): command()
def test_create_duplicate(self, user_profile): msg = u'Certificate Profile with name "{}" already exists' user_profile.ensure_exists() command = user_profile.make_create_command() with raises_exact(errors.DuplicateEntry( message=msg.format(user_profile.name))): command()
def test_delete_nonexistent(self, hostgroup): """ Try to delete non-existent hostgroup """ hostgroup.ensure_missing() command = hostgroup.make_delete_command() with raises_exact(errors.NotFound( reason=u'%s: host group not found' % hostgroup.cn)): command()
def test_convert_posix_to_external(self, group): """ Try to convert a posix group to external """ command = group.make_update_command(dict(external=True)) with raises_exact(errors.PosixGroupViolation( reason=u"""This is already a posix group and cannot be converted to external one""")): command()
def test_create_uid_string(self, stageduser): stageduser.ensure_missing() command = stageduser.make_create_command( options={u'uidnumber': u'text'}) with raises_exact(errors.ConversionError( message=u'invalid \'uid\': must be an integer')): command()
def test_delete_nonexistent(self, group): """ Try to delete a non-existent user """ group.ensure_missing() command = group.make_delete_command() with raises_exact(errors.NotFound( reason=u'%s: group not found' % group.cn)): command()
def test_create_long_uid(self): invalid = StageUserTracker(invaliduser2, u'invalid', u'user') command = invalid.make_create_command() with raises_exact(errors.ValidationError( name='login', error=u"can be at most 32 characters")): command()
def test_rename_trust_admins(self, trustadmins): """ Try to rename the protected 'trust admins' group """ command = trustadmins.make_command('group_mod', *[trustadmins.cn], **dict(rename=renamedgroup1)) with raises_exact(errors.ProtectedEntryError(label=u'group', key=trustadmins.cn, reason='Cannot be renamed')): command()
def test_create_invalid_uid(self): invalid = StageUserTracker(invaliduser1, u'invalid', u'user') command = invalid.make_create_command() with raises_exact(errors.ValidationError( name='login', error=u"may only include letters, numbers, _, -, . and $")): command()
def test_delete_with_nonexistent_group(self, automember_group, group1): """ Try to delete a rule with non-existent group """ group1.ensure_missing() command = automember_group.make_delete_command() with raises_exact(errors.NotFound( reason=u': Automember rule not found')): command()
def test_try_validate_create(self, invalid_host): command = invalid_host.make_create_command() with raises_exact(errors.ValidationError( name='hostname', error=u"invalid domain-name: only letters, numbers, '-' are " + u"allowed. DNS label may not start or end with '-'")): command()
def test_rebuild_membership_with_invalid_user_in_users(self, automember_group): """ Try to rebuild membership with invalid user in --users """ command = automember_group.make_rebuild_command( users=user_does_not_exist) with raises_exact(errors.NotFound( reason=u'%s: user not found' % user_does_not_exist)): command()
def test_delete_bogus_attribute(self, user): """ Try deleting bogus attribute """ command = user.make_command('config_mod', **dict(delattr=u'bogusattribute=xyz')) with raises_exact( errors.ValidationError( name='bogusattribute', error='No such attribute on this entry')): command()
def test_update_nonexistent(self, hostgroup): """ Try to update non-existent hostgroup """ hostgroup.ensure_missing() command = hostgroup.make_update_command( dict(description=u'Updated hostgroup 1') ) with raises_exact(errors.NotFound( reason=u'%s: host group not found' % hostgroup.cn)): command()
def test_add_a_new_cert_subject_base_config_entry(self, user): """ Try adding a new cert subject base config entry """ command = user.make_command( 'config_mod', **dict(addattr=u'ipacertificatesubjectbase=0=DOMAIN.COM')) with raises_exact( errors.ValidationError(name='ipacertificatesubjectbase', error='attribute is not configurable')): command()
def test_rebuild_membership_with_invalid_user_in_users( self, automember_group): """ Try to rebuild membership with invalid user in --users """ command = automember_group.make_rebuild_command( users=user_does_not_exist) with raises_exact( errors.NotFound(reason=u'%s: user not found' % user_does_not_exist)): command()
def test_update_nonexistent(self, idp): """ Try to update a non-existent idp """ idp.ensure_missing() command = idp.make_update_command(updates=dict( ipaidpclientid='idpclient2')) with raises_exact( errors.NotFound( reason='%s: Identity Provider server not found' % idp.cn)): command()
def test_create_duplicate(self, sudocmdgroup1): """ Try to create duplicate sudocmdgroup """ sudocmdgroup1.ensure_exists() command = sudocmdgroup1.make_create_command() with raises_exact( errors.DuplicateEntry( message=u'sudo command group ' + u'with name "%s" already exists' % sudocmdgroup1.cn)): command()
def test_add_with_invalid_name(self, group): """ Try to add group with an invalid name """ command = group.make_command( 'group_add', *[invalidgroup1], **dict(description=u'Test') ) with raises_exact(errors.ValidationError( name='group_name', error=u'may only include letters, numbers, _, -, . and $')): command()
def test_del_dependent_sudocmd_sudorule_deny(self, sudocmd1, sudorule1): """ Try to delete sudocmd that is in sudorule deny list """ sudocmd1.ensure_exists() command = sudocmd1.make_delete_command() with raises_exact( errors.DependentEntry(key=sudocmd1.cmd, label='sudorule', dependent=sudorule1)): command()
def test_rename_trust_admins(self, trustadmins): """ Try to rename the protected 'trust admins' group """ command = trustadmins.make_command('group_mod', *[trustadmins.cn], **dict(rename=renamedgroup1)) with raises_exact( errors.ProtectedEntryError(label=u'group', key=trustadmins.cn, reason='Cannot be renamed')): command()
def test_rebuild_membership_hosts_group(self, automember_hostgroup, user1, host1): """ Try to issue rebuild membership command with type --users and hosts specified """ command = automember_hostgroup.make_rebuild_command(hosts=host1.fqdn, type=u'group') with raises_exact(errors.MutuallyExclusiveError( reason=u"hosts cannot be set when type is 'group'")): command()
def test_add_nonexistent_location_to_server(self, server): nonexistent_loc = DNSName(u'nonexistent-location') command = server.make_update_command( updates=dict(ipalocation_location=nonexistent_loc, )) with raises_exact( errors.NotFound( reason=u"{location}: location not found".format( location=nonexistent_loc))): command()
def test_rebuild_membership_users_hostgroup(self, automember_hostgroup, user1): """ Try to issue rebuild membership command with type --hosts and users specified """ command = automember_hostgroup.make_rebuild_command(users=user1.name, type=u'hostgroup') with raises_exact(errors.MutuallyExclusiveError( reason=u"users cannot be set when type is 'hostgroup'")): command()
def test_rebuild_membership_user_hosts(self, automember_hostgroup, user1, host1): """ Try to issue rebuild membership command with --users and --hosts together """ command = automember_hostgroup.make_rebuild_command(users=user1.name, hosts=host1.fqdn) with raises_exact(errors.MutuallyExclusiveError( reason=u'users and hosts cannot both be set')): command()
def test_try_validate_create(self, invalid_host): command = invalid_host.make_create_command() with raises_exact( errors.ValidationError( name='hostname', error= u"invalid domain-name: only letters, numbers, '-' are " + u"allowed. DNS label may not start or end with '-'")): command()
def test_create_duplicate_hostgroup(self, hostgroup): """ Try to create duplicate hostgroup """ hostgroup.ensure_exists() command = hostgroup.make_create_command() with raises_exact( errors.DuplicateEntry( message=u'host group with name "%s" already exists' % hostgroup.cn)): command()
def test_rename_admins_using_setattr(self, admins): """ Try to rename the protected admins group using setattr """ command = admins.make_command('group_mod', *[admins.cn], **dict(setattr=u'cn=%s' % renamedgroup1)) with raises_exact( errors.ProtectedEntryError(label=u'group', key=admins.cn, reason='Cannot be renamed')): command()
def test_invalid_name(self, hostgroup_invalid): """ Test an invalid hostgroup name """ hostgroup_invalid.ensure_missing() command = hostgroup_invalid.make_create_command() with raises_exact( errors.ValidationError( name='hostgroup_name', error=u'may only include letters, numbers, _, -, and .')): command()
def test_remove_all_admins_from_admins(self, admins, user): """ Try to remove both original and our admin from admins group """ command = admins.make_remove_member_command( dict(user=[u'admin', user.uid])) with raises_exact( errors.LastMemberError(key=u'admin', label=u'group', container=admins.cn)): command()
def test_delete_detached_managed(self, managed_group, user): """ Delete a previously managed group that is now detached and verify it's really gone """ managed_group.delete() command = managed_group.make_retrieve_command() with raises_exact(errors.NotFound( reason=u'%s: group not found' % managed_group.cn)): command() user.ensure_missing()
def test_rename_nonexistent(self, idp, renamedidp): """ Try to rename a non-existent idp """ idp.ensure_missing() command = idp.make_update_command(updates=dict(setattr='cn=%s' % renamedidp.cn)) with raises_exact( errors.NotFound( reason='%s: Identity Provider server not found' % idp.cn)): command()
def test_create_invalid_uid(self): invalid = StageUserTracker(invaliduser1, u'invalid', u'user') command = invalid.make_create_command() with raises_exact( errors.ValidationError( name='login', error=u"may only include letters, numbers, _, -, . and $") ): command()
def test_create_krbprincipal_malformed(self, stageduser): stageduser.ensure_missing() command = stageduser.make_create_command( options={u'krbprincipalname': invalidrealm2}) with raises_exact( errors.ConversionError( name='principal', error="Malformed principal: '{}'".format(invalidrealm2))): command()
def test_rebuild_membership_hosts_incorrectly(self, automember_hostgroup): """ Try to issue rebuild automember command without 'type' parameter """ command = automember_hostgroup.make_rebuild_command() with raises_exact( errors.MutuallyExclusiveError( reason=u'at least one of options: ' 'type, users, hosts must be specified')): command()
def test_create_krbprincipal_bad_realm(self, stageduser): stageduser.ensure_missing() command = stageduser.make_create_command( options={u'krbprincipalname': invalidrealm1}) with raises_exact( errors.RealmMismatch( message=u'The realm for the principal does not match ' 'the realm for this IPA server')): command()
def test_delete_with_nonexistent_hostgroup(self, automember_hostgroup, hostgroup1): """ Try to delete a rule with non-existent group """ hostgroup1.ensure_missing() command = automember_hostgroup.make_delete_command() with raises_exact( errors.NotFound(reason=u'%s: Automember rule not found' % hostgroup1.cn)): command()
def test_create_where_managed_group_exists(self, user, group): """ Create a managed group and then try to create user with the same name the group has """ group.create() command = user.make_command( 'user_add', group.cn, **dict(givenname=u'Test', sn=u'User1') ) with raises_exact(errors.ManagedGroupExistsError(group=group.cn)): command()
def test_rebuild_membership_with_invalid_hosts_in_hosts( self, automember_hostgroup): """ Try to rebuild membership with invalid host in --hosts """ command = automember_hostgroup.make_rebuild_command( hosts=fqdn_does_not_exist) with raises_exact( errors.NotFound(reason=u'%s: host not found' % fqdn_does_not_exist)): command()
def test_find_orphan_automember_rules(self, hostgroup1): """ Remove hostgroup1, find and remove obsolete automember rules. """ # Remove hostgroup1 hostgroup1.ensure_missing() # Test rebuild (is failing) # rebuild fails if 389-ds is older than 1.4.0.22 where unmembering # feature was implemented: https://pagure.io/389-ds-base/issue/50077 if not have_ldap2: pytest.skip('server plugin not available') ldap = ldap2(api) ldap.connect() rootdse = ldap.get_entry(DN(''), ['vendorVersion']) version = rootdse.single_value.get('vendorVersion') # The format of vendorVersion is the following: # 389-Directory/1.3.8.4 B2019.037.1535 # Extract everything between 389-Directory/ and ' B' mo = re.search(r'389-Directory/(.*) B', version) vendor_version = parse_version(mo.groups()[0]) expected_failure = vendor_version < parse_version('1.4.0.22') try: api.Command['automember_rebuild'](type=u'hostgroup') except errors.DatabaseError: rebuild_failure = True else: rebuild_failure = False if expected_failure != rebuild_failure: pytest.fail("unexpected result for automember_rebuild with " "an orphan automember rule") # Find obsolete automember rules result = api.Command['automember_find_orphans'](type=u'hostgroup') assert result['count'] == 1 # Find and remove obsolete automember rules result = api.Command['automember_find_orphans'](type=u'hostgroup', remove=True) assert result['count'] == 1 # Find obsolete automember rules result = api.Command['automember_find_orphans'](type=u'hostgroup') assert result['count'] == 0 # Test rebuild (may not be failing) try: api.Command['automember_rebuild'](type=u'hostgroup') except errors.DatabaseError: assert False # Final cleanup of automember rule if it still exists with raises_exact( errors.NotFound(reason=u'%s: Automember rule not found' % hostgroup1.cn)): api.Command['automember_del'](hostgroup1.cn, type=u'hostgroup')
def test_active_same_as_preserved(self, user4, user5): user4.ensure_missing() user5.make_preserved_user() command = user4.make_create_command() with raises_exact( errors.DuplicateEntry( message=u'user with name "%s" already exists' % user4.uid)): command() user5.delete()
def test_preserved_manager(self, user, user3): user.ensure_exists() user3.make_preserved_user() command = user.make_update_command(updates=dict(manager=user3.uid)) with raises_exact( errors.NotFound(reason=u'manager %s not found' % user3.uid)): command() user3.delete()