def check_retrieve(self, result, all=False, raw=False):
"""Check `location-show` command result"""
if all:
expected = self.filter_attrs(self.retrieve_all_keys)
else:
expected = self.filter_attrs(self.retrieve_keys)
assert_deepequal(dict(value=self.idnsname_obj, summary=None, result=expected, servers=self.servers), result)
def check_update(self, result, extra_keys=()):
""" Check 'stageuser-mod' command result """
assert_deepequal(dict(
value=self.uid,
summary=u'Modified stage user "%s"' % self.uid,
result=self.filter_attrs(self.update_keys | set(extra_keys))
), result)
def check_create(self, result):
"""Check `host_add` command result"""
assert_deepequal(dict(
value=self.fqdn,
summary=u'Added host "%s"' % self.fqdn,
result=self.filter_attrs(self.create_keys),
), result)
def check_update(self, result, extra_keys=()):
"""Check the plugin's `find` command result"""
assert_deepequal(dict(
value=self.name,
summary=u'Modified CA "{}"'.format(self.name),
result=self.filter_attrs(self.update_keys | set(extra_keys))
), result)
def test_add_ipv6_host_from_ip(self, dns_setup, ipv6_fromip_host):
ipv6_fromip_host.ensure_missing()
ipv6_fromip_host.track_create()
command = ipv6_fromip_host.make_create_command(force=False)
result = command(ip_address=ipv6_fromip_ipv6)
ipv6_fromip_host.check_create(result)
result = ipv6_fromip_host.run_command('dnsrecord_show', dnszone,
ipv6_fromip_host.shortname)
assert_deepequal(dict(
value=ipv6_fromip_dnsname,
summary=None,
result=dict(
dn=ipv6_fromip_dn,
idnsname=[ipv6_fromip_dnsname],
aaaarecord=[ipv6_fromip_aaaarec],
),
), result)
result = ipv6_fromip_host.run_command('dnsrecord_show', revipv6zone,
ipv6_fromip_ptr)
assert_deepequal(dict(
value=ipv6_fromip_ptr_dnsname,
summary=None,
result=dict(
dn=ipv6_fromip_ptr_dn,
idnsname=[ipv6_fromip_ptr_dnsname],
ptrrecord=[ipv6_fromip_host.fqdn + '.'],
),
), result)
def check_delete(self, result):
""" Checks 'automember_del' command result """
assert_deepequal(dict(
value=[self.cn],
summary=u'Deleted automember rule "%s"' % self.cn,
result=dict(failed=[]),
), result)
def check_create(self, result):
assert_deepequal(dict(
value=self.name,
summary=u'Added Certificate Identity Mapping Rule "{}"'
u''.format(self.name),
result=self.filter_attrs(self.create_keys),
), result)
def check_update(self, result, extra_keys=()):
""" Check service-mod command result """
assert_deepequal({
u'value': u'{0}'.format(self.name),
u'summary': u'Modified service "{0}"'.format(self.name),
u'result': self.filter_attrs(self.update_keys | set(extra_keys))
}, result)
def check_delete(self, result):
""" Checks 'sudocmdgroup_del' command result """
assert_deepequal(dict(
value=[self.cn],
summary=u'Deleted Sudo Command Group "%s"' % self.cn,
result=dict(failed=[]),
), result)
def check_create(self, result):
""" Check service-add command result """
assert_deepequal({
u'value': u'{0}'.format(self.name),
u'summary': u'Added service "{0}"'.format(self.name),
u'result': self.filter_attrs(self.create_keys)
}, result)
def check_delete(self, result):
""" Check service-del command result """
assert_deepequal({
u'value': [u'{0}'.format(self.name)],
u'summary': u'Deleted service "{0}"'.format(self.name),
u'result': {u'failed': []}
}, result)
def check_find(self, result, all=False, raw=False):
"""Check `host_find` command result"""
if all:
expected = self.filter_attrs(self.find_all_keys)
else:
expected = self.filter_attrs(self.find_keys)
assert_deepequal(dict(count=1, truncated=False, summary=u"1 host matched", result=[expected]), result)
def check_retrieve(self, result, all=False, raw=False):
"""Check `host_show` command result"""
if all:
expected = self.filter_attrs(self.retrieve_all_keys)
else:
expected = self.filter_attrs(self.retrieve_keys)
assert_deepequal(dict(value=self.fqdn, summary=None, result=expected), result)
def check_update(self, result, extra_keys={}):
""" Checks 'sudocmdgroup_mod' command result """
assert_deepequal(dict(
value=self.cn,
summary=u'Modified Sudo Command Group "%s"' % self.cn,
result=self.filter_attrs(self.update_keys | set(extra_keys))
), result)
def add_certmap(self, **kwargs):
cmd = self._make_add_certmap()
try:
expected_certmapdata = self._data_from_options(**kwargs)
except Exception as e:
with pytest.raises(type(e)):
cmd(**kwargs)
else:
result = cmd(**kwargs)
self.attrs.setdefault(u'ipacertmapdata', []).extend(
expected_certmapdata)
expected = dict(
summary=(u'Added certificate mappings to user '
u'"{}"'.format(self.name)),
value=self.name,
result=dict(
uid=(self.name,),
),
)
if self.attrs[u'ipacertmapdata']:
expected[u'result'][u'ipacertmapdata'] = (
self.attrs[u'ipacertmapdata'])
assert_deepequal(expected, result)
def check_create(self, result):
""" Checks 'sudocmdgroup_add' command result """
assert_deepequal(dict(
value=self.cn,
summary=u'Added Sudo Command Group "%s"' % self.cn,
result=self.filter_attrs(self.create_keys)
), result)
def check_create(self, result):
""" Checks 'automember_add' command result """
assert_deepequal(dict(
value=self.cn,
summary=u'Added automember rule "%s"' % self.cn,
result=self.filter_attrs(self.create_keys)
), result)
def check_undel(self, result):
""" Check 'user-undel' command result """
assert_deepequal(dict(
value=self.uid,
summary=u'Undeleted user account "%s"' % self.uid,
result=True
), result)
def check_update(self, result, extra_keys={}):
""" Checks 'automember_mod' command result """
assert_deepequal(dict(
value=self.cn,
summary=u'Modified automember rule "%s"' % self.cn,
result=self.filter_attrs(self.update_keys | set(extra_keys))
), result)
def test_search_for_all_nonposix(self, group):
""" Perform a search for all non-posix groups """
command = group.make_command(
'group_find', **dict(nonposix=True, all=True)
)
result = command()
assert_deepequal(dict(
summary=u'3 groups matched',
count=3,
truncated=False,
result=[
{
'dn': get_group_dn('ipausers'),
'cn': [u'ipausers'],
'description': [u'Default group for all users'],
'objectclass': fuzzy_set_ci(objectclasses.group),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn': get_group_dn(group.cn),
'cn': [group.cn],
'description': [u'New desc'],
'objectclass': fuzzy_set_ci(objectclasses.group),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn': get_group_dn('trust admins'),
'member_user': [u'admin'],
'cn': [u'trust admins'],
'description': [u'Trusts administrators group'],
'objectclass': fuzzy_set_ci(objectclasses.group),
'ipauniqueid': [fuzzy_uuid],
},
],
), result)
def check_delete(self, result):
""" Check 'user-del' command result """
assert_deepequal(dict(
value=[self.uid],
summary=u'Deleted user "%s"' % self.uid,
result=dict(failed=[]),
), result)
def check_disable(self, result):
""" Check result of disable user operation """
assert_deepequal(dict(
value=self.name,
summary=u'Disabled user account "%s"' % self.name,
result=True
), result)
def check_create(self, result):
""" Check 'stageuser-add' command result """
assert_deepequal(dict(
value=self.uid,
summary=u'Added stage user "%s"' % self.uid,
result=self.filter_attrs(self.create_keys),
), result)
def check_find(self, result, all=False, pkey_only=False, raw=False,
expected_override=None):
""" Check 'user-find' command result """
if all:
if u'preserved' not in self.attrs:
self.attrs.update(preserved=False)
expected = self.filter_attrs(self.find_all_keys)
elif pkey_only:
expected = self.filter_attrs(self.primary_keys)
else:
expected = self.filter_attrs(self.find_keys)
if all and self.attrs[u'preserved']:
del expected[u'mepmanagedentry']
if u'nsaccountlock' in expected:
if expected[u'nsaccountlock'] == [u'true']:
expected[u'nsaccountlock'] = True
elif expected[u'nsaccountlock'] == [u'false']:
expected[u'nsaccountlock'] = False
if expected_override:
assert isinstance(expected_override, dict)
expected.update(expected_override)
assert_deepequal(dict(
count=1,
truncated=False,
summary=u'1 user matched',
result=[expected],
), result)
def check_update(self, result, extra_keys=()):
"""Check `host_update` command result"""
assert_deepequal(dict(
value=self.fqdn,
summary=u'Modified host "%s"' % self.fqdn,
result=self.filter_attrs(self.update_keys | set(extra_keys))
), result)
def check_retrieve(self, result, all=False, raw=False):
""" Check 'user-show' command result """
if u'preserved' in self.attrs and self.attrs[u'preserved']:
self.retrieve_all_keys = self.retrieve_preserved_all_keys
self.retrieve_keys = self.retrieve_preserved_keys
elif u'preserved' not in self.attrs and all:
self.attrs[u'preserved'] = False
if all:
expected = self.filter_attrs(self.retrieve_all_keys)
else:
expected = self.filter_attrs(self.retrieve_keys)
# small override because stageuser-find returns different type
# of nsaccountlock value than DS, but overall the value fits
# expected result
if u'nsaccountlock' in expected:
if expected[u'nsaccountlock'] == [u'true']:
expected[u'nsaccountlock'] = True
elif expected[u'nsaccountlock'] == [u'false']:
expected[u'nsaccountlock'] = False
assert_deepequal(dict(
value=self.uid,
summary=None,
result=expected,
), result)
def check_delete(self, result):
"""Check `host_del` command result"""
assert_deepequal(dict(
value=[self.fqdn],
summary=u'Deleted host "%s"' % self.fqdn,
result=dict(failed=[]),
), result)
def remove_certmap(self, **kwargs):
cmd = self._make_remove_certmap()
try:
expected_certmapdata = self._data_from_options(**kwargs)
except Exception as e:
with pytest.raises(type(e)):
cmd(**kwargs)
else:
result = cmd(**kwargs)
for data in expected_certmapdata:
self.attrs[u'ipacertmapdata'].remove(data)
expected = dict(
summary=(u'Removed certificate mappings from user '
u'"{}"'.format(self.name)),
value=self.name,
result=dict(
uid=(self.name,),
),
)
if self.attrs[u'ipacertmapdata']:
expected[u'result'][u'ipacertmapdata'] = (
self.attrs[u'ipacertmapdata'])
assert_deepequal(expected, result)
def test_user_allow_retrieve_keytab(self, allowedto_context, host):
host.ensure_exists()
result = host.run_command('host_allow_retrieve_keytab', host.fqdn,
user=user1)
host.attrs['ipaallowedtoperform_read_keys_user'] = [user1]
assert_deepequal(dict(
failed=dict(
ipaallowedtoperform_read_keys=dict(
group=[], host=[], hostgroup=[], user=[]),
),
completed=1,
result=host.filter_attrs(host.allowedto_keys),
), result)
# Duplicates should not be accepted
result = host.run_command('host_allow_retrieve_keytab', host.fqdn,
user=user1)
assert_deepequal(dict(
failed=dict(
ipaallowedtoperform_read_keys=dict(
group=[], host=[], hostgroup=[],
user=[[user1, u'This entry is already a member']],
),
),
completed=0,
result=host.filter_attrs(host.allowedto_keys),
), result)
def check_add_member(self, result):
""" Checks 'sudocmdgroup_add_member' command result """
assert_deepequal(dict(
completed=1,
failed={u'member': {u'sudocmd': ()}},
result=self.filter_attrs(self.add_member_keys)
), result)
def test_topology_updated_on_replica_install_remove(self):
"""
Install and remove a replica and make sure topology information is
updated on all other replicas
Testcase: http://www.freeipa.org/page/V4/Manage_replication_topology/
Test_plan#Test_case:
_Replication_topology_should_be_saved_in_the_LDAP_tree
"""
tasks.kinit_admin(self.master)
result1 = self.master.run_command(
['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]).stdout_text
segment_name = self.segmentnames_re.findall(result1)[0]
assert (self.master.hostname in segment_name), (
"Segment %s does not contain master hostname" % segment_name)
assert (self.replicas[0].hostname in segment_name), (
"Segment %s does not contain replica hostname" % segment_name)
tasks.install_replica(self.master,
self.replicas[1],
setup_ca=False,
setup_dns=False)
# We need to make sure topology information is consistent across all
# replicas
result2 = self.master.run_command(
['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME])
result3 = self.replicas[0].run_command(
['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME])
result4 = self.replicas[1].run_command(
['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME])
segments = self.tokenize_topologies(result2.stdout_text)
assert (len(segments) == 2), "Unexpected number of segments found"
assert_deepequal(result2.stdout_text, result3.stdout_text)
assert_deepequal(result3.stdout_text, result4.stdout_text)
# Now let's check that uninstalling the replica will update the topology
# info on the rest of replicas.
# first step of uninstallation is removal of the replica on other
# master, then it can be uninstalled. Doing it the other way is also
# possible, but not reliable - some data might not be replicated.
tasks.clean_replication_agreement(self.master, self.replicas[1])
tasks.uninstall_master(self.replicas[1])
result5 = self.master.run_command(
['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME])
num_entries = self.noentries_re.search(result5.stdout_text).group(1)
assert (num_entries == "1"), "Incorrect number of entries displayed"
def test_a2_automountmap_tofiles(self):
"""
Test the `automountlocation_tofiles` command.
"""
res = api.Command['automountlocation_tofiles'](self.locname,
version=u'2.88')
assert_deepequal(
dict(result=dict(
keys={'auto.direct': ()},
orphanmaps=(dict(dn=DN(('automountmapname', self.mapname), (
'cn', self.locname), ('cn', 'automount'), api.env.basedn),
description=(u'new description', ),
automountmapname=(u'testmap', )), ),
orphankeys=[(dict(
dn=DN(('description',
self.keyname2), ('automountmapname',
'testmap'), ('cn', self.locname), (
'cn',
'automount'), api.env.basedn),
automountkey=(self.keyname2, ),
description=(self.keyname2, ),
automountinformation=(u'ro', ),
),
dict(
dn=DN(('description', self.keyname_rename), (
'automountmapname',
'testmap'), ('cn', self.locname), (
'cn', 'automount'), api.env.basedn),
automountkey=(self.keyname_rename, ),
description=(self.keyname_rename, ),
automountinformation=(u'rw', ),
))],
maps=(dict(dn=DN(('description', '/- auto.direct'), (
'automountmapname', 'auto.master'), ('cn', self.locname), (
'cn', 'automount'), api.env.basedn),
automountkey=(u'/-', ),
description=(u'/- auto.direct', ),
automountinformation=(u'auto.direct', )), ))), res)
# Also check the CLI output
self.check_tofiles()
def test_entry_to_dict():
class FakeAttributeType(object):
def __init__(self, name, syntax):
self.names = (name, )
self.syntax = syntax
class FakeSchema(object):
def get_obj(self, type, name):
if type != ldap.schema.AttributeType:
return
if name == 'binaryattr':
return FakeAttributeType(name, '1.3.6.1.4.1.1466.115.121.1.40')
elif name == 'textattr':
return FakeAttributeType(name, '1.3.6.1.4.1.1466.115.121.1.15')
elif name == 'dnattr':
return FakeAttributeType(name, '1.3.6.1.4.1.1466.115.121.1.12')
class FakeLDAPClient(ipaldap.LDAPClient):
def __init__(self):
super(FakeLDAPClient, self).__init__('ldap://test',
force_schema_updates=False)
self._has_schema = True
self._schema = FakeSchema()
conn = FakeLDAPClient()
rights = {'nothing': 'is'}
entry = ipaldap.LDAPEntry(conn,
DN('cn=test'),
textattr=[u'text'],
dnattr=[DN('cn=test')],
binaryattr=[b'\xffabcd'],
attributelevelrights=rights)
the_dict = {
u'dn': u'cn=test',
u'textattr': [u'text'],
u'dnattr': [u'cn=test'],
u'binaryattr': [b'\xffabcd'],
u'attributelevelrights': rights
}
assert_deepequal(baseldap.entry_to_dict(entry, all=True, raw=True),
the_dict)
def test_set_default_group_for_automembers(self, defaultgroup1):
""" Set new default group for group automembers """
result = api.Command['automember_default_group_set'](
type=u'group',
automemberdefaultgroup=defaultgroup1.cn
)
assert_deepequal(
dict(
result=dict(
cn=[u'Group'],
automemberdefaultgroup=[DN(('cn', defaultgroup1.cn),
('cn', 'groups'),
('cn', 'accounts'),
api.env.basedn)],
),
value=u'group',
summary=u'Set default (fallback) group for automember "group"'
),
result)
result = api.Command['automember_default_group_show'](
type=u'group',
)
assert_deepequal(
dict(
result=dict(dn=DN(('cn', 'group'),
('cn', 'automember'),
('cn', 'etc'), api.env.basedn),
cn=[u'Group'],
automemberdefaultgroup=[
DN(('cn', defaultgroup1.cn),
('cn', 'groups'),
('cn', 'accounts'),
api.env.basedn)
],
),
value=u'group',
summary=None,
),
result)
def check_retrieve(self, result, all=False, raw=False):
""" Check 'stageuser-show' command result """
if all:
expected = self.filter_attrs(self.retrieve_all_keys)
else:
expected = self.filter_attrs(self.retrieve_keys)
# small override because stageuser-find returns different
# type of nsaccountlock value than DS, but overall the value
# fits expected result
if expected[u'nsaccountlock'] == [u'true']:
expected[u'nsaccountlock'] = True
elif expected[u'nsaccountlock'] == [u'false']:
expected[u'nsaccountlock'] = False
assert_deepequal(dict(
value=self.uid,
summary=None,
result=expected,
), result)
def check_find(self, result, all=False, raw=False):
""" Check 'stageuser-find' command result """
if all:
expected = self.filter_attrs(self.find_all_keys)
else:
expected = self.filter_attrs(self.find_keys)
# small override because stageuser-find returns different
# type of nsaccountlock value than DS, but overall the value
# fits expected result
if expected[u'nsaccountlock'] == [u'true']:
expected[u'nsaccountlock'] = True
elif expected[u'nsaccountlock'] == [u'false']:
expected[u'nsaccountlock'] = False
assert_deepequal(dict(
count=1,
truncated=False,
summary=u'1 user matched',
result=[expected],
), result)
def test_search_for_all_nonposix_with_criteria(self, group):
""" Search for all non-posix groups with additional
criteria filter """
command = group.make_command('group_find', *[u'users'],
**dict(nonposix=True, all=True))
result = command()
assert_deepequal(
dict(
summary=u'1 group matched',
count=1,
truncated=False,
result=[
{
'dn': get_group_dn('ipausers'),
'cn': [u'ipausers'],
'description': [u'Default group for all users'],
'objectclass': fuzzy_set_ci(objectclasses.group),
'ipauniqueid': [fuzzy_uuid],
},
],
), result)
def check_exception(self, nice, cmd, args, options, expected):
klass = expected.__class__
expected_name = klass.__name__
try:
output = api.Command[cmd](*args, **options)
except Exception as e:
got = e
else:
raise AssertionError(EXPECTED %
(cmd, expected_name, args, options, output))
if not isinstance(got, klass):
raise AssertionError(
UNEXPECTED % (cmd, expected_name, args, options, expected_name,
expected, got.__class__.__name__, got))
# FIXME: the XML-RPC transport doesn't allow us to return structured
# information through the exception, so we can't test the kw on the
# client side. However, if we switch to using JSON-RPC for the default
# transport, the exception is a free-form data structure (dict).
# For now just compare the strings
# pylint: disable=no-member
assert_deepequal(expected.strerror, got.strerror)
def make_admin(self, admin_group=u'admins'):
""" Add user to the administrator's group """
result = self.run_command('group_show', admin_group)
admin_group_content = result[u'result'][u'member_user']
admin_group_expected = list(admin_group_content) + [self.name]
command = self.make_group_add_member_command(admin_group,
**dict(user=self.name))
result = command()
assert_deepequal(
dict(
completed=1,
failed=dict(member=dict(group=tuple(), user=tuple())),
result={
'dn': get_group_dn(admin_group),
'member_user': admin_group_expected,
'gidnumber': [fuzzy_digits],
'cn': [admin_group],
'description': [u'Account administrators group'],
},
), result)
def test_query_status(self, user):
""" Query user_status on a user """
user.ensure_exists()
result = user.run_command('user_status', user.uid)
assert_deepequal(
dict(
count=1,
result=[
dict(
dn=user.dn,
krblastfailedauth=[u'N/A'],
krblastsuccessfulauth=[u'N/A'],
krbloginfailedcount=u'0',
now=isodate_re.match,
server=api.env.host,
),
],
summary=u'Account disabled: False',
truncated=False,
), result)
user.delete()
def test_host_with_service(self, host):
host.ensure_exists()
service1 = u'dns/%s@%s' % (host.fqdn, host.api.env.realm)
service1dn = DN(('krbprincipalname', service1.lower()),
('cn', 'services'), ('cn', 'accounts'),
host.api.env.basedn)
try:
result = host.run_command('service_add', service1, force=True)
assert_deepequal(
dict(
value=service1,
summary=u'Added service "%s"' % service1,
result=dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=[service1],
objectclass=objectclasses.service,
managedby_host=[host.fqdn],
ipauniqueid=[fuzzy_uuid],
),
), result)
host.delete()
result = host.run_command('service_find', host.fqdn)
assert_deepequal(
dict(
count=0,
truncated=False,
summary=u'0 services matched',
result=[],
), result)
finally:
try:
host.run_command('service_del', service1)
except errors.NotFound:
pass
def check_add_member_negative(self, result, options={}):
""" Checks 'group_add_member' command result
when expected result is failure of the operation"""
expected = dict(completed=0,
failed={u'member': {
u'group': (),
u'user': ()
}},
result=self.filter_attrs(self.add_member_keys))
if not options:
try:
options = self.adds
except NameError:
pass
if u'user' in options:
expected[u'failed'][u'member'][u'user'] = [(options[u'user'],
u'no such entry')]
elif u'group' in options:
expected[u'failed'][u'member'][u'group'] = [(options[u'group'],
u'no such entry')]
assert_deepequal(expected, result)
def test_reset_automember_default_groups(self, defaultgroup1, user1,
defaulthostgroup1, manager1):
""" Reset automember group defaults """
manager1.delete()
user1.delete()
result = api.Command['automember_default_group_remove'](
type=u'group',
)
assert_deepequal(
dict(
result=dict(
automemberdefaultgroup=u'No default (fallback) group set',
cn=([u'Group'])
),
value=u'group',
summary=u'Removed default (fallback) group'
' for automember "group"'),
result)
result = api.Command['automember_default_group_remove'](
type=u'hostgroup',
)
assert_deepequal(
dict(
result=dict(
automemberdefaultgroup=u'No default (fallback) group set',
cn=([u'Hostgroup'])
),
value=u'hostgroup',
summary=u'Removed default (fallback) group'
' for automember "hostgroup"'),
result)
defaultgroup1.ensure_missing()
defaulthostgroup1.ensure_missing()
def check_find(self,
result,
all=False,
pkey_only=False,
raw=False,
expected_override=None):
""" Check 'user-find' command result """
if all:
if u'preserved' not in self.attrs:
self.attrs.update(preserved=False)
expected = self.filter_attrs(self.find_all_keys)
elif pkey_only:
expected = self.filter_attrs(self.primary_keys)
else:
expected = self.filter_attrs(self.find_keys)
if all and self.attrs[u'preserved']:
del expected[u'mepmanagedentry']
if u'nsaccountlock' in expected:
if expected[u'nsaccountlock'] == [u'true']:
expected[u'nsaccountlock'] = True
elif expected[u'nsaccountlock'] == [u'false']:
expected[u'nsaccountlock'] = False
if expected_override:
assert isinstance(expected_override, dict)
expected.update(expected_override)
assert_deepequal(
dict(
count=1,
truncated=False,
summary=u'1 user matched',
result=[expected],
), result)
def test_group_allow_retrieve_keytab(self, allowedto_context, host, host3):
host.ensure_exists()
host3.ensure_exists()
result = host.run_command('host_allow_retrieve_keytab',
host.fqdn,
group=[group1, group2],
host=[host3.fqdn],
hostgroup=[hostgroup1])
host.attrs['ipaallowedtoperform_read_keys_group'] = [group1, group2]
host.attrs['ipaallowedtoperform_read_keys_host'] = [host3.fqdn]
host.attrs['ipaallowedtoperform_read_keys_hostgroup'] = [hostgroup1]
assert_deepequal(
dict(
failed=dict(ipaallowedtoperform_read_keys=dict(group=[],
host=[],
hostgroup=[],
user=[]), ),
completed=4,
result=host.filter_attrs(host.allowedto_keys),
), result)
# Non-members cannot be removed
result = host.run_command('host_disallow_retrieve_keytab',
host.fqdn,
user=[user2])
assert_deepequal(
dict(
failed=dict(ipaallowedtoperform_read_keys=dict(
group=[],
host=[],
hostgroup=[],
user=[[user2, u'This entry is not a member']],
), ),
completed=0,
result=host.filter_attrs(host.allowedto_keys),
), result)
# Disallow one of the existing allowed groups
result = host.run_command('host_disallow_retrieve_keytab',
host.fqdn,
group=[group2])
host.attrs['ipaallowedtoperform_read_keys_group'] = [group1]
assert_deepequal(
dict(
failed=dict(ipaallowedtoperform_read_keys=dict(group=[],
host=[],
hostgroup=[],
user=[]), ),
completed=1,
result=host.filter_attrs(host.allowedto_keys),
), result)
host.retrieve()
def check_create(self, result):
assert_deepequal(dict(
value=self.name,
summary=u'Imported profile "{}"'.format(self.name),
result=dict(self.filter_attrs(self.create_keys))
), result)
def check_undel(self, result):
""" Check 'user-undel' command result """
assert_deepequal(
dict(value=self.uid,
summary=u'Undeleted user account "%s"' % self.uid,
result=True), result)
def test_search_for_all_posix(self, group, group2):
""" Search for all posix groups """
command = group.make_command('group_find', **dict(posix=True,
all=True))
result = command()
assert_deepequal(
dict(summary=u'4 groups matched',
count=4,
truncated=False,
result=[
{
'dn':
get_group_dn('admins'),
'member_user': [u'admin'],
'gidnumber': [fuzzy_digits],
'cn': [u'admins'],
'description': [u'Account administrators group'],
'objectclass':
fuzzy_set_ci(
add_oc(objectclasses.posixgroup,
u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn':
get_group_dn('editors'),
'gidnumber': [fuzzy_digits],
'cn': [u'editors'],
'description':
[u'Limited admins who can edit other users'],
'objectclass':
fuzzy_set_ci(
add_oc(objectclasses.posixgroup,
u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn':
get_group_dn(group.cn),
'cn': [group.cn],
'description': [u'Test desc1'],
'gidnumber': [fuzzy_digits],
'objectclass':
fuzzy_set_ci(
add_oc(objectclasses.posixgroup,
u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn':
get_group_dn(group2.cn),
'cn': [group2.cn],
'description': [u'Test desc2'],
'gidnumber': [fuzzy_digits],
'objectclass':
fuzzy_set_ci(
add_oc(objectclasses.posixgroup,
u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
]), result)
def check_update(self, result, extra_keys=()):
assert_deepequal(dict(
value=self.name,
summary=u'Modified Certificate Profile "{}"'.format(self.name),
result=self.filter_attrs(self.update_keys | set(extra_keys))
), result)
try:
output = api.Command[cmd](*args, **options)
except StandardError, e:
pass
else:
raise AssertionError(EXPECTED % (cmd, name, args, options, output))
if not isinstance(e, klass):
raise AssertionError(
UNEXPECTED %
(cmd, name, args, options, e.__class__.__name__, e))
# FIXME: the XML-RPC transport doesn't allow us to return structured
# information through the exception, so we can't test the kw on the
# client side. However, if we switch to using JSON-RPC for the default
# transport, the exception is a free-form data structure (dict).
# For now just compare the strings
assert_deepequal(expected.strerror, e.strerror)
def check_callable(self, nice, cmd, args, options, expected):
name = expected.__class__.__name__
output = dict()
e = None
try:
output = api.Command[cmd](*args, **options)
except StandardError, e:
pass
if not expected(e, output):
raise AssertionError(
UNEXPECTED %
(cmd, name, args, options, e.__class__.__name__, e))
def check_output(self, nice, cmd, args, options, expected, extra_check):
def check_delete(self, result):
assert_deepequal(
dict(value=[self.name],
summary=u'Deleted CA "{}"'.format(self.name),
result=dict(failed=[])), result)
def check_restore_preserved(self, result):
assert_deepequal(dict(
value=[self.uid],
summary=u'Staged user account "%s"' % self.uid,
result=dict(failed=[]),
), result)
def test_04_user_show_displays_cert(self, testuser, idview, cert1, cert2):
result = api.Command.idoverrideuser_show(idview.cn, testuser.name)
assert_deepequal((base64.b64decode(cert1), base64.b64decode(cert2)),
result['result']['usercertificate'])
def test_from_json_file(self):
file = write_tmp_file(json.dumps(self.get_input_dict()))
conf = config.Config.from_env({'IPATEST_JSON_CONFIG': file.name})
assert_deepequal(self.get_output_dict(), conf.to_dict())
self.check_config(conf)
def test_dict_roundtrip(self):
conf = config.Config.from_dict(self.get_output_dict())
assert_deepequal(self.get_output_dict(), conf.to_dict())
self.check_config(conf)
def test_dict_to_env(self):
conf = config.Config.from_dict(self.get_input_dict())
assert_deepequal(self.get_output_env(), dict(conf.to_env()))
self.check_config(conf)
def assert_entries_equal(a, b):
assert_deepequal(a.dn, b.dn)
assert_deepequal(dict(a), dict(b))
def check_disable(self, result):
""" Check result of disable user operation """
assert_deepequal(
dict(value=self.name,
summary=u'Disabled user account "%s"' % self.name,
result=True), result)
def check_output(self, nice, cmd, args, options, expected, extra_check):
got = api.Command[cmd](*args, **options)
assert_deepequal(expected, got, nice)
if extra_check and not extra_check(got):
raise AssertionError('Extra check %s failed' % extra_check)
def check_delete(self, result):
assert_deepequal(dict(
value=[self.name], # correctly a list?
summary=u'Deleted profile "{}"'.format(self.name),
result=dict(failed=[]),
), result)
