Пример #1
0
 def check_retrieve(self, result, all=False, raw=False):
     """Check `location-show` command result"""
     if all:
         expected = self.filter_attrs(self.retrieve_all_keys)
     else:
         expected = self.filter_attrs(self.retrieve_keys)
     assert_deepequal(dict(value=self.idnsname_obj, summary=None, result=expected, servers=self.servers), result)
Пример #2
0
 def check_update(self, result, extra_keys=()):
     """ Check 'stageuser-mod' command result """
     assert_deepequal(dict(
         value=self.uid,
         summary=u'Modified stage user "%s"' % self.uid,
         result=self.filter_attrs(self.update_keys | set(extra_keys))
     ), result)
Пример #3
0
 def check_create(self, result):
     """Check `host_add` command result"""
     assert_deepequal(dict(
         value=self.fqdn,
         summary=u'Added host "%s"' % self.fqdn,
         result=self.filter_attrs(self.create_keys),
     ), result)
Пример #4
0
 def check_update(self, result, extra_keys=()):
     """Check the plugin's `find` command result"""
     assert_deepequal(dict(
         value=self.name,
         summary=u'Modified CA "{}"'.format(self.name),
         result=self.filter_attrs(self.update_keys | set(extra_keys))
     ), result)
Пример #5
0
    def test_add_ipv6_host_from_ip(self, dns_setup, ipv6_fromip_host):
        ipv6_fromip_host.ensure_missing()
        ipv6_fromip_host.track_create()
        command = ipv6_fromip_host.make_create_command(force=False)
        result = command(ip_address=ipv6_fromip_ipv6)
        ipv6_fromip_host.check_create(result)

        result = ipv6_fromip_host.run_command('dnsrecord_show', dnszone,
                                              ipv6_fromip_host.shortname)
        assert_deepequal(dict(
            value=ipv6_fromip_dnsname,
            summary=None,
            result=dict(
                dn=ipv6_fromip_dn,
                idnsname=[ipv6_fromip_dnsname],
                aaaarecord=[ipv6_fromip_aaaarec],
            ),
        ), result)

        result = ipv6_fromip_host.run_command('dnsrecord_show', revipv6zone,
                                              ipv6_fromip_ptr)
        assert_deepequal(dict(
            value=ipv6_fromip_ptr_dnsname,
            summary=None,
            result=dict(
                dn=ipv6_fromip_ptr_dn,
                idnsname=[ipv6_fromip_ptr_dnsname],
                ptrrecord=[ipv6_fromip_host.fqdn + '.'],
            ),
        ), result)
Пример #6
0
 def check_delete(self, result):
     """ Checks 'automember_del' command result """
     assert_deepequal(dict(
         value=[self.cn],
         summary=u'Deleted automember rule "%s"' % self.cn,
         result=dict(failed=[]),
         ), result)
Пример #7
0
 def check_create(self, result):
     assert_deepequal(dict(
         value=self.name,
         summary=u'Added Certificate Identity Mapping Rule "{}"'
                 u''.format(self.name),
         result=self.filter_attrs(self.create_keys),
     ), result)
Пример #8
0
 def check_update(self, result, extra_keys=()):
     """ Check service-mod command result """
     assert_deepequal({
         u'value': u'{0}'.format(self.name),
         u'summary': u'Modified service "{0}"'.format(self.name),
         u'result': self.filter_attrs(self.update_keys | set(extra_keys))
         }, result)
Пример #9
0
 def check_delete(self, result):
     """ Checks 'sudocmdgroup_del' command result """
     assert_deepequal(dict(
         value=[self.cn],
         summary=u'Deleted Sudo Command Group "%s"' % self.cn,
         result=dict(failed=[]),
         ), result)
Пример #10
0
 def check_create(self, result):
     """ Check service-add command result """
     assert_deepequal({
         u'value': u'{0}'.format(self.name),
         u'summary': u'Added service "{0}"'.format(self.name),
         u'result': self.filter_attrs(self.create_keys)
         }, result)
Пример #11
0
 def check_delete(self, result):
     """ Check service-del command result """
     assert_deepequal({
         u'value': [u'{0}'.format(self.name)],
         u'summary': u'Deleted service "{0}"'.format(self.name),
         u'result': {u'failed': []}
         }, result)
Пример #12
0
 def check_find(self, result, all=False, raw=False):
     """Check `host_find` command result"""
     if all:
         expected = self.filter_attrs(self.find_all_keys)
     else:
         expected = self.filter_attrs(self.find_keys)
     assert_deepequal(dict(count=1, truncated=False, summary=u"1 host matched", result=[expected]), result)
Пример #13
0
 def check_retrieve(self, result, all=False, raw=False):
     """Check `host_show` command result"""
     if all:
         expected = self.filter_attrs(self.retrieve_all_keys)
     else:
         expected = self.filter_attrs(self.retrieve_keys)
     assert_deepequal(dict(value=self.fqdn, summary=None, result=expected), result)
Пример #14
0
 def check_update(self, result, extra_keys={}):
     """ Checks 'sudocmdgroup_mod' command result """
     assert_deepequal(dict(
         value=self.cn,
         summary=u'Modified Sudo Command Group "%s"' % self.cn,
         result=self.filter_attrs(self.update_keys | set(extra_keys))
     ), result)
Пример #15
0
    def add_certmap(self, **kwargs):
        cmd = self._make_add_certmap()

        try:
            expected_certmapdata = self._data_from_options(**kwargs)
        except Exception as e:
            with pytest.raises(type(e)):
                cmd(**kwargs)
        else:
            result = cmd(**kwargs)
            self.attrs.setdefault(u'ipacertmapdata', []).extend(
                expected_certmapdata)

            expected = dict(
                summary=(u'Added certificate mappings to user '
                         u'"{}"'.format(self.name)),
                value=self.name,
                result=dict(
                    uid=(self.name,),
                ),
            )

            if self.attrs[u'ipacertmapdata']:
                expected[u'result'][u'ipacertmapdata'] = (
                    self.attrs[u'ipacertmapdata'])

            assert_deepequal(expected, result)
Пример #16
0
 def check_create(self, result):
     """ Checks 'sudocmdgroup_add' command result """
     assert_deepequal(dict(
         value=self.cn,
         summary=u'Added Sudo Command Group "%s"' % self.cn,
         result=self.filter_attrs(self.create_keys)
         ), result)
Пример #17
0
 def check_create(self, result):
     """ Checks 'automember_add' command result """
     assert_deepequal(dict(
         value=self.cn,
         summary=u'Added automember rule "%s"' % self.cn,
         result=self.filter_attrs(self.create_keys)
         ), result)
Пример #18
0
 def check_undel(self, result):
     """ Check 'user-undel' command result """
     assert_deepequal(dict(
         value=self.uid,
         summary=u'Undeleted user account "%s"' % self.uid,
         result=True
         ), result)
Пример #19
0
 def check_update(self, result, extra_keys={}):
     """ Checks 'automember_mod' command result """
     assert_deepequal(dict(
         value=self.cn,
         summary=u'Modified automember rule "%s"' % self.cn,
         result=self.filter_attrs(self.update_keys | set(extra_keys))
     ), result)
Пример #20
0
 def test_search_for_all_nonposix(self, group):
     """ Perform a search for all non-posix groups """
     command = group.make_command(
         'group_find', **dict(nonposix=True, all=True)
     )
     result = command()
     assert_deepequal(dict(
         summary=u'3 groups matched',
         count=3,
         truncated=False,
         result=[
             {
                 'dn': get_group_dn('ipausers'),
                 'cn': [u'ipausers'],
                 'description': [u'Default group for all users'],
                 'objectclass': fuzzy_set_ci(objectclasses.group),
                 'ipauniqueid': [fuzzy_uuid],
             },
             {
                 'dn': get_group_dn(group.cn),
                 'cn': [group.cn],
                 'description': [u'New desc'],
                 'objectclass': fuzzy_set_ci(objectclasses.group),
                 'ipauniqueid': [fuzzy_uuid],
             },
             {
                 'dn': get_group_dn('trust admins'),
                 'member_user': [u'admin'],
                 'cn': [u'trust admins'],
                 'description': [u'Trusts administrators group'],
                 'objectclass': fuzzy_set_ci(objectclasses.group),
                 'ipauniqueid': [fuzzy_uuid],
             },
         ],
     ), result)
Пример #21
0
 def check_delete(self, result):
     """ Check 'user-del' command result """
     assert_deepequal(dict(
         value=[self.uid],
         summary=u'Deleted user "%s"' % self.uid,
         result=dict(failed=[]),
         ), result)
Пример #22
0
 def check_disable(self, result):
     """ Check result of disable user operation """
     assert_deepequal(dict(
         value=self.name,
         summary=u'Disabled user account "%s"' % self.name,
         result=True
     ), result)
Пример #23
0
 def check_create(self, result):
     """ Check 'stageuser-add' command result """
     assert_deepequal(dict(
         value=self.uid,
         summary=u'Added stage user "%s"' % self.uid,
         result=self.filter_attrs(self.create_keys),
     ), result)
Пример #24
0
    def check_find(self, result, all=False, pkey_only=False, raw=False,
                   expected_override=None):
        """ Check 'user-find' command result """
        if all:
            if u'preserved' not in self.attrs:
                self.attrs.update(preserved=False)
            expected = self.filter_attrs(self.find_all_keys)
        elif pkey_only:
            expected = self.filter_attrs(self.primary_keys)
        else:
            expected = self.filter_attrs(self.find_keys)

        if all and self.attrs[u'preserved']:
            del expected[u'mepmanagedentry']

        if u'nsaccountlock' in expected:
            if expected[u'nsaccountlock'] == [u'true']:
                expected[u'nsaccountlock'] = True
            elif expected[u'nsaccountlock'] == [u'false']:
                expected[u'nsaccountlock'] = False

        if expected_override:
            assert isinstance(expected_override, dict)
            expected.update(expected_override)

        assert_deepequal(dict(
            count=1,
            truncated=False,
            summary=u'1 user matched',
            result=[expected],
        ), result)
Пример #25
0
 def check_update(self, result, extra_keys=()):
     """Check `host_update` command result"""
     assert_deepequal(dict(
         value=self.fqdn,
         summary=u'Modified host "%s"' % self.fqdn,
         result=self.filter_attrs(self.update_keys | set(extra_keys))
     ), result)
Пример #26
0
    def check_retrieve(self, result, all=False, raw=False):
        """ Check 'user-show' command result """
        if u'preserved' in self.attrs and self.attrs[u'preserved']:
            self.retrieve_all_keys = self.retrieve_preserved_all_keys
            self.retrieve_keys = self.retrieve_preserved_keys
        elif u'preserved' not in self.attrs and all:
            self.attrs[u'preserved'] = False

        if all:
            expected = self.filter_attrs(self.retrieve_all_keys)
        else:
            expected = self.filter_attrs(self.retrieve_keys)

        # small override because stageuser-find returns different type
        # of nsaccountlock value than DS, but overall the value fits
        # expected result
        if u'nsaccountlock' in expected:
            if expected[u'nsaccountlock'] == [u'true']:
                expected[u'nsaccountlock'] = True
            elif expected[u'nsaccountlock'] == [u'false']:
                expected[u'nsaccountlock'] = False

        assert_deepequal(dict(
            value=self.uid,
            summary=None,
            result=expected,
        ), result)
Пример #27
0
 def check_delete(self, result):
     """Check `host_del` command result"""
     assert_deepequal(dict(
         value=[self.fqdn],
         summary=u'Deleted host "%s"' % self.fqdn,
         result=dict(failed=[]),
     ), result)
Пример #28
0
    def remove_certmap(self, **kwargs):
        cmd = self._make_remove_certmap()

        try:
            expected_certmapdata = self._data_from_options(**kwargs)
        except Exception as e:
            with pytest.raises(type(e)):
                cmd(**kwargs)
        else:
            result = cmd(**kwargs)

            for data in expected_certmapdata:
                self.attrs[u'ipacertmapdata'].remove(data)

            expected = dict(
                summary=(u'Removed certificate mappings from user '
                         u'"{}"'.format(self.name)),
                value=self.name,
                result=dict(
                    uid=(self.name,),
                ),
            )
            if self.attrs[u'ipacertmapdata']:
                expected[u'result'][u'ipacertmapdata'] = (
                    self.attrs[u'ipacertmapdata'])

            assert_deepequal(expected, result)
Пример #29
0
    def test_user_allow_retrieve_keytab(self, allowedto_context, host):
        host.ensure_exists()
        result = host.run_command('host_allow_retrieve_keytab', host.fqdn,
                                  user=user1)
        host.attrs['ipaallowedtoperform_read_keys_user'] = [user1]
        assert_deepequal(dict(
            failed=dict(
                ipaallowedtoperform_read_keys=dict(
                    group=[], host=[], hostgroup=[], user=[]),
            ),
            completed=1,
            result=host.filter_attrs(host.allowedto_keys),
        ), result)

        # Duplicates should not be accepted
        result = host.run_command('host_allow_retrieve_keytab', host.fqdn,
                                  user=user1)
        assert_deepequal(dict(
            failed=dict(
                ipaallowedtoperform_read_keys=dict(
                    group=[], host=[], hostgroup=[],
                    user=[[user1, u'This entry is already a member']],
                ),
            ),
            completed=0,
            result=host.filter_attrs(host.allowedto_keys),
        ), result)
Пример #30
0
 def check_add_member(self, result):
     """ Checks 'sudocmdgroup_add_member' command result """
     assert_deepequal(dict(
         completed=1,
         failed={u'member': {u'sudocmd': ()}},
         result=self.filter_attrs(self.add_member_keys)
     ), result)
Пример #31
0
 def test_topology_updated_on_replica_install_remove(self):
     """
     Install and remove a replica and make sure topology information is
     updated on all other replicas
     Testcase: http://www.freeipa.org/page/V4/Manage_replication_topology/
     Test_plan#Test_case:
     _Replication_topology_should_be_saved_in_the_LDAP_tree
     """
     tasks.kinit_admin(self.master)
     result1 = self.master.run_command(
         ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]).stdout_text
     segment_name = self.segmentnames_re.findall(result1)[0]
     assert (self.master.hostname in segment_name), (
         "Segment %s does not contain master hostname" % segment_name)
     assert (self.replicas[0].hostname in segment_name), (
         "Segment %s does not contain replica hostname" % segment_name)
     tasks.install_replica(self.master,
                           self.replicas[1],
                           setup_ca=False,
                           setup_dns=False)
     # We need to make sure topology information is consistent across all
     # replicas
     result2 = self.master.run_command(
         ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME])
     result3 = self.replicas[0].run_command(
         ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME])
     result4 = self.replicas[1].run_command(
         ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME])
     segments = self.tokenize_topologies(result2.stdout_text)
     assert (len(segments) == 2), "Unexpected number of segments found"
     assert_deepequal(result2.stdout_text, result3.stdout_text)
     assert_deepequal(result3.stdout_text, result4.stdout_text)
     # Now let's check that uninstalling the replica will update the topology
     # info on the rest of replicas.
     # first step of uninstallation is removal of the replica on other
     # master, then it can be uninstalled. Doing it the other way is also
     # possible, but not reliable - some data might not be replicated.
     tasks.clean_replication_agreement(self.master, self.replicas[1])
     tasks.uninstall_master(self.replicas[1])
     result5 = self.master.run_command(
         ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME])
     num_entries = self.noentries_re.search(result5.stdout_text).group(1)
     assert (num_entries == "1"), "Incorrect number of entries displayed"
Пример #32
0
    def test_a2_automountmap_tofiles(self):
        """
        Test the `automountlocation_tofiles` command.
        """
        res = api.Command['automountlocation_tofiles'](self.locname,
                                                       version=u'2.88')
        assert_deepequal(
            dict(result=dict(
                keys={'auto.direct': ()},
                orphanmaps=(dict(dn=DN(('automountmapname', self.mapname), (
                    'cn', self.locname), ('cn', 'automount'), api.env.basedn),
                                 description=(u'new description', ),
                                 automountmapname=(u'testmap', )), ),
                orphankeys=[(dict(
                    dn=DN(('description',
                           self.keyname2), ('automountmapname',
                                            'testmap'), ('cn', self.locname), (
                                                'cn',
                                                'automount'), api.env.basedn),
                    automountkey=(self.keyname2, ),
                    description=(self.keyname2, ),
                    automountinformation=(u'ro', ),
                ),
                             dict(
                                 dn=DN(('description', self.keyname_rename), (
                                     'automountmapname',
                                     'testmap'), ('cn', self.locname), (
                                         'cn', 'automount'), api.env.basedn),
                                 automountkey=(self.keyname_rename, ),
                                 description=(self.keyname_rename, ),
                                 automountinformation=(u'rw', ),
                             ))],
                maps=(dict(dn=DN(('description', '/- auto.direct'), (
                    'automountmapname', 'auto.master'), ('cn', self.locname), (
                        'cn', 'automount'), api.env.basedn),
                           automountkey=(u'/-', ),
                           description=(u'/- auto.direct', ),
                           automountinformation=(u'auto.direct', )), ))), res)

        # Also check the CLI output

        self.check_tofiles()
Пример #33
0
def test_entry_to_dict():
    class FakeAttributeType(object):
        def __init__(self, name, syntax):
            self.names = (name, )
            self.syntax = syntax

    class FakeSchema(object):
        def get_obj(self, type, name):
            if type != ldap.schema.AttributeType:
                return
            if name == 'binaryattr':
                return FakeAttributeType(name, '1.3.6.1.4.1.1466.115.121.1.40')
            elif name == 'textattr':
                return FakeAttributeType(name, '1.3.6.1.4.1.1466.115.121.1.15')
            elif name == 'dnattr':
                return FakeAttributeType(name, '1.3.6.1.4.1.1466.115.121.1.12')

    class FakeLDAPClient(ipaldap.LDAPClient):
        def __init__(self):
            super(FakeLDAPClient, self).__init__('ldap://test',
                                                 force_schema_updates=False)
            self._has_schema = True
            self._schema = FakeSchema()

    conn = FakeLDAPClient()
    rights = {'nothing': 'is'}

    entry = ipaldap.LDAPEntry(conn,
                              DN('cn=test'),
                              textattr=[u'text'],
                              dnattr=[DN('cn=test')],
                              binaryattr=[b'\xffabcd'],
                              attributelevelrights=rights)
    the_dict = {
        u'dn': u'cn=test',
        u'textattr': [u'text'],
        u'dnattr': [u'cn=test'],
        u'binaryattr': [b'\xffabcd'],
        u'attributelevelrights': rights
    }
    assert_deepequal(baseldap.entry_to_dict(entry, all=True, raw=True),
                     the_dict)
Пример #34
0
    def test_set_default_group_for_automembers(self, defaultgroup1):
        """ Set new default group for group automembers """
        result = api.Command['automember_default_group_set'](
            type=u'group',
            automemberdefaultgroup=defaultgroup1.cn
        )

        assert_deepequal(
            dict(
                result=dict(
                    cn=[u'Group'],
                    automemberdefaultgroup=[DN(('cn', defaultgroup1.cn),
                                            ('cn', 'groups'),
                                            ('cn', 'accounts'),
                                            api.env.basedn)],
                ),
                value=u'group',
                summary=u'Set default (fallback) group for automember "group"'
                ),
            result)

        result = api.Command['automember_default_group_show'](
            type=u'group',
        )

        assert_deepequal(
            dict(
                result=dict(dn=DN(('cn', 'group'),
                                  ('cn', 'automember'),
                                  ('cn', 'etc'), api.env.basedn),
                            cn=[u'Group'],
                            automemberdefaultgroup=[
                                DN(('cn', defaultgroup1.cn),
                                   ('cn', 'groups'),
                                   ('cn', 'accounts'),
                                   api.env.basedn)
                                ],
                            ),
                value=u'group',
                summary=None,
            ),
            result)
Пример #35
0
    def check_retrieve(self, result, all=False, raw=False):
        """ Check 'stageuser-show' command result """
        if all:
            expected = self.filter_attrs(self.retrieve_all_keys)
        else:
            expected = self.filter_attrs(self.retrieve_keys)

        # small override because stageuser-find returns different
        # type of nsaccountlock value than DS, but overall the value
        # fits expected result
        if expected[u'nsaccountlock'] == [u'true']:
            expected[u'nsaccountlock'] = True
        elif expected[u'nsaccountlock'] == [u'false']:
            expected[u'nsaccountlock'] = False

        assert_deepequal(dict(
            value=self.uid,
            summary=None,
            result=expected,
        ), result)
Пример #36
0
    def check_find(self, result, all=False, raw=False):
        """ Check 'stageuser-find' command result """
        if all:
            expected = self.filter_attrs(self.find_all_keys)
        else:
            expected = self.filter_attrs(self.find_keys)

        # small override because stageuser-find returns different
        # type of nsaccountlock value than DS, but overall the value
        # fits expected result
        if expected[u'nsaccountlock'] == [u'true']:
            expected[u'nsaccountlock'] = True
        elif expected[u'nsaccountlock'] == [u'false']:
            expected[u'nsaccountlock'] = False

        assert_deepequal(dict(
            count=1,
            truncated=False,
            summary=u'1 user matched',
            result=[expected],
        ), result)
Пример #37
0
 def test_search_for_all_nonposix_with_criteria(self, group):
     """ Search for all non-posix groups with additional
     criteria filter """
     command = group.make_command('group_find', *[u'users'],
                                  **dict(nonposix=True, all=True))
     result = command()
     assert_deepequal(
         dict(
             summary=u'1 group matched',
             count=1,
             truncated=False,
             result=[
                 {
                     'dn': get_group_dn('ipausers'),
                     'cn': [u'ipausers'],
                     'description': [u'Default group for all users'],
                     'objectclass': fuzzy_set_ci(objectclasses.group),
                     'ipauniqueid': [fuzzy_uuid],
                 },
             ],
         ), result)
Пример #38
0
 def check_exception(self, nice, cmd, args, options, expected):
     klass = expected.__class__
     expected_name = klass.__name__
     try:
         output = api.Command[cmd](*args, **options)
     except Exception as e:
         got = e
     else:
         raise AssertionError(EXPECTED %
                              (cmd, expected_name, args, options, output))
     if not isinstance(got, klass):
         raise AssertionError(
             UNEXPECTED % (cmd, expected_name, args, options, expected_name,
                           expected, got.__class__.__name__, got))
     # FIXME: the XML-RPC transport doesn't allow us to return structured
     # information through the exception, so we can't test the kw on the
     # client side.  However, if we switch to using JSON-RPC for the default
     # transport, the exception is a free-form data structure (dict).
     # For now just compare the strings
     # pylint: disable=no-member
     assert_deepequal(expected.strerror, got.strerror)
Пример #39
0
    def make_admin(self, admin_group=u'admins'):
        """ Add user to the administrator's group """
        result = self.run_command('group_show', admin_group)
        admin_group_content = result[u'result'][u'member_user']
        admin_group_expected = list(admin_group_content) + [self.name]

        command = self.make_group_add_member_command(admin_group,
                                                     **dict(user=self.name))
        result = command()
        assert_deepequal(
            dict(
                completed=1,
                failed=dict(member=dict(group=tuple(), user=tuple())),
                result={
                    'dn': get_group_dn(admin_group),
                    'member_user': admin_group_expected,
                    'gidnumber': [fuzzy_digits],
                    'cn': [admin_group],
                    'description': [u'Account administrators group'],
                },
            ), result)
Пример #40
0
 def test_query_status(self, user):
     """ Query user_status on a user """
     user.ensure_exists()
     result = user.run_command('user_status', user.uid)
     assert_deepequal(
         dict(
             count=1,
             result=[
                 dict(
                     dn=user.dn,
                     krblastfailedauth=[u'N/A'],
                     krblastsuccessfulauth=[u'N/A'],
                     krbloginfailedcount=u'0',
                     now=isodate_re.match,
                     server=api.env.host,
                 ),
             ],
             summary=u'Account disabled: False',
             truncated=False,
         ), result)
     user.delete()
Пример #41
0
    def test_host_with_service(self, host):
        host.ensure_exists()

        service1 = u'dns/%s@%s' % (host.fqdn, host.api.env.realm)
        service1dn = DN(('krbprincipalname', service1.lower()),
                        ('cn', 'services'), ('cn', 'accounts'),
                        host.api.env.basedn)

        try:
            result = host.run_command('service_add', service1, force=True)
            assert_deepequal(
                dict(
                    value=service1,
                    summary=u'Added service "%s"' % service1,
                    result=dict(
                        dn=service1dn,
                        krbprincipalname=[service1],
                        krbcanonicalname=[service1],
                        objectclass=objectclasses.service,
                        managedby_host=[host.fqdn],
                        ipauniqueid=[fuzzy_uuid],
                    ),
                ), result)

            host.delete()

            result = host.run_command('service_find', host.fqdn)
            assert_deepequal(
                dict(
                    count=0,
                    truncated=False,
                    summary=u'0 services matched',
                    result=[],
                ), result)
        finally:
            try:
                host.run_command('service_del', service1)
            except errors.NotFound:
                pass
Пример #42
0
    def check_add_member_negative(self, result, options={}):
        """ Checks 'group_add_member' command result
        when expected result is failure of the operation"""
        expected = dict(completed=0,
                        failed={u'member': {
                            u'group': (),
                            u'user': ()
                        }},
                        result=self.filter_attrs(self.add_member_keys))
        if not options:
            try:
                options = self.adds
            except NameError:
                pass
        if u'user' in options:
            expected[u'failed'][u'member'][u'user'] = [(options[u'user'],
                                                        u'no such entry')]
        elif u'group' in options:
            expected[u'failed'][u'member'][u'group'] = [(options[u'group'],
                                                         u'no such entry')]

        assert_deepequal(expected, result)
Пример #43
0
    def test_reset_automember_default_groups(self, defaultgroup1, user1,
                                             defaulthostgroup1, manager1):
        """ Reset automember group defaults """
        manager1.delete()
        user1.delete()
        result = api.Command['automember_default_group_remove'](
            type=u'group',
        )

        assert_deepequal(
            dict(
                result=dict(
                    automemberdefaultgroup=u'No default (fallback) group set',
                    cn=([u'Group'])
                    ),
                value=u'group',
                summary=u'Removed default (fallback) group'
                        ' for automember "group"'),
            result)

        result = api.Command['automember_default_group_remove'](
            type=u'hostgroup',
        )

        assert_deepequal(
            dict(
                result=dict(
                    automemberdefaultgroup=u'No default (fallback) group set',
                    cn=([u'Hostgroup'])
                    ),
                value=u'hostgroup',
                summary=u'Removed default (fallback) group'
                        ' for automember "hostgroup"'),
            result)

        defaultgroup1.ensure_missing()
        defaulthostgroup1.ensure_missing()
Пример #44
0
    def check_find(self,
                   result,
                   all=False,
                   pkey_only=False,
                   raw=False,
                   expected_override=None):
        """ Check 'user-find' command result """
        if all:
            if u'preserved' not in self.attrs:
                self.attrs.update(preserved=False)
            expected = self.filter_attrs(self.find_all_keys)
        elif pkey_only:
            expected = self.filter_attrs(self.primary_keys)
        else:
            expected = self.filter_attrs(self.find_keys)

        if all and self.attrs[u'preserved']:
            del expected[u'mepmanagedentry']

        if u'nsaccountlock' in expected:
            if expected[u'nsaccountlock'] == [u'true']:
                expected[u'nsaccountlock'] = True
            elif expected[u'nsaccountlock'] == [u'false']:
                expected[u'nsaccountlock'] = False

        if expected_override:
            assert isinstance(expected_override, dict)
            expected.update(expected_override)

        assert_deepequal(
            dict(
                count=1,
                truncated=False,
                summary=u'1 user matched',
                result=[expected],
            ), result)
Пример #45
0
    def test_group_allow_retrieve_keytab(self, allowedto_context, host, host3):
        host.ensure_exists()
        host3.ensure_exists()
        result = host.run_command('host_allow_retrieve_keytab',
                                  host.fqdn,
                                  group=[group1, group2],
                                  host=[host3.fqdn],
                                  hostgroup=[hostgroup1])
        host.attrs['ipaallowedtoperform_read_keys_group'] = [group1, group2]
        host.attrs['ipaallowedtoperform_read_keys_host'] = [host3.fqdn]
        host.attrs['ipaallowedtoperform_read_keys_hostgroup'] = [hostgroup1]
        assert_deepequal(
            dict(
                failed=dict(ipaallowedtoperform_read_keys=dict(group=[],
                                                               host=[],
                                                               hostgroup=[],
                                                               user=[]), ),
                completed=4,
                result=host.filter_attrs(host.allowedto_keys),
            ), result)

        # Non-members cannot be removed
        result = host.run_command('host_disallow_retrieve_keytab',
                                  host.fqdn,
                                  user=[user2])
        assert_deepequal(
            dict(
                failed=dict(ipaallowedtoperform_read_keys=dict(
                    group=[],
                    host=[],
                    hostgroup=[],
                    user=[[user2, u'This entry is not a member']],
                ), ),
                completed=0,
                result=host.filter_attrs(host.allowedto_keys),
            ), result)

        # Disallow one of the existing allowed groups
        result = host.run_command('host_disallow_retrieve_keytab',
                                  host.fqdn,
                                  group=[group2])
        host.attrs['ipaallowedtoperform_read_keys_group'] = [group1]
        assert_deepequal(
            dict(
                failed=dict(ipaallowedtoperform_read_keys=dict(group=[],
                                                               host=[],
                                                               hostgroup=[],
                                                               user=[]), ),
                completed=1,
                result=host.filter_attrs(host.allowedto_keys),
            ), result)

        host.retrieve()
Пример #46
0
 def check_create(self, result):
     assert_deepequal(dict(
         value=self.name,
         summary=u'Imported profile "{}"'.format(self.name),
         result=dict(self.filter_attrs(self.create_keys))
     ), result)
Пример #47
0
 def check_undel(self, result):
     """ Check 'user-undel' command result """
     assert_deepequal(
         dict(value=self.uid,
              summary=u'Undeleted user account "%s"' % self.uid,
              result=True), result)
Пример #48
0
 def test_search_for_all_posix(self, group, group2):
     """ Search for all posix groups """
     command = group.make_command('group_find', **dict(posix=True,
                                                       all=True))
     result = command()
     assert_deepequal(
         dict(summary=u'4 groups matched',
              count=4,
              truncated=False,
              result=[
                  {
                      'dn':
                      get_group_dn('admins'),
                      'member_user': [u'admin'],
                      'gidnumber': [fuzzy_digits],
                      'cn': [u'admins'],
                      'description': [u'Account administrators group'],
                      'objectclass':
                      fuzzy_set_ci(
                          add_oc(objectclasses.posixgroup,
                                 u'ipantgroupattrs')),
                      'ipauniqueid': [fuzzy_uuid],
                  },
                  {
                      'dn':
                      get_group_dn('editors'),
                      'gidnumber': [fuzzy_digits],
                      'cn': [u'editors'],
                      'description':
                      [u'Limited admins who can edit other users'],
                      'objectclass':
                      fuzzy_set_ci(
                          add_oc(objectclasses.posixgroup,
                                 u'ipantgroupattrs')),
                      'ipauniqueid': [fuzzy_uuid],
                  },
                  {
                      'dn':
                      get_group_dn(group.cn),
                      'cn': [group.cn],
                      'description': [u'Test desc1'],
                      'gidnumber': [fuzzy_digits],
                      'objectclass':
                      fuzzy_set_ci(
                          add_oc(objectclasses.posixgroup,
                                 u'ipantgroupattrs')),
                      'ipauniqueid': [fuzzy_uuid],
                  },
                  {
                      'dn':
                      get_group_dn(group2.cn),
                      'cn': [group2.cn],
                      'description': [u'Test desc2'],
                      'gidnumber': [fuzzy_digits],
                      'objectclass':
                      fuzzy_set_ci(
                          add_oc(objectclasses.posixgroup,
                                 u'ipantgroupattrs')),
                      'ipauniqueid': [fuzzy_uuid],
                  },
              ]), result)
Пример #49
0
 def check_update(self, result, extra_keys=()):
     assert_deepequal(dict(
         value=self.name,
         summary=u'Modified Certificate Profile "{}"'.format(self.name),
         result=self.filter_attrs(self.update_keys | set(extra_keys))
     ), result)
Пример #50
0
        try:
            output = api.Command[cmd](*args, **options)
        except StandardError, e:
            pass
        else:
            raise AssertionError(EXPECTED % (cmd, name, args, options, output))
        if not isinstance(e, klass):
            raise AssertionError(
                UNEXPECTED %
                (cmd, name, args, options, e.__class__.__name__, e))
        # FIXME: the XML-RPC transport doesn't allow us to return structured
        # information through the exception, so we can't test the kw on the
        # client side.  However, if we switch to using JSON-RPC for the default
        # transport, the exception is a free-form data structure (dict).
        # For now just compare the strings
        assert_deepequal(expected.strerror, e.strerror)

    def check_callable(self, nice, cmd, args, options, expected):
        name = expected.__class__.__name__
        output = dict()
        e = None
        try:
            output = api.Command[cmd](*args, **options)
        except StandardError, e:
            pass
        if not expected(e, output):
            raise AssertionError(
                UNEXPECTED %
                (cmd, name, args, options, e.__class__.__name__, e))

    def check_output(self, nice, cmd, args, options, expected, extra_check):
Пример #51
0
 def check_delete(self, result):
     assert_deepequal(
         dict(value=[self.name],
              summary=u'Deleted CA "{}"'.format(self.name),
              result=dict(failed=[])), result)
Пример #52
0
 def check_restore_preserved(self, result):
     assert_deepequal(dict(
         value=[self.uid],
         summary=u'Staged user account "%s"' % self.uid,
         result=dict(failed=[]),
     ), result)
Пример #53
0
 def test_04_user_show_displays_cert(self, testuser, idview, cert1, cert2):
     result = api.Command.idoverrideuser_show(idview.cn, testuser.name)
     assert_deepequal((base64.b64decode(cert1), base64.b64decode(cert2)),
                      result['result']['usercertificate'])
Пример #54
0
 def test_from_json_file(self):
     file = write_tmp_file(json.dumps(self.get_input_dict()))
     conf = config.Config.from_env({'IPATEST_JSON_CONFIG': file.name})
     assert_deepequal(self.get_output_dict(), conf.to_dict())
     self.check_config(conf)
Пример #55
0
 def test_dict_roundtrip(self):
     conf = config.Config.from_dict(self.get_output_dict())
     assert_deepequal(self.get_output_dict(), conf.to_dict())
     self.check_config(conf)
Пример #56
0
 def test_dict_to_env(self):
     conf = config.Config.from_dict(self.get_input_dict())
     assert_deepequal(self.get_output_env(), dict(conf.to_env()))
     self.check_config(conf)
Пример #57
0
def assert_entries_equal(a, b):
    assert_deepequal(a.dn, b.dn)
    assert_deepequal(dict(a), dict(b))
Пример #58
0
 def check_disable(self, result):
     """ Check result of disable user operation """
     assert_deepequal(
         dict(value=self.name,
              summary=u'Disabled user account "%s"' % self.name,
              result=True), result)
Пример #59
0
 def check_output(self, nice, cmd, args, options, expected, extra_check):
     got = api.Command[cmd](*args, **options)
     assert_deepequal(expected, got, nice)
     if extra_check and not extra_check(got):
         raise AssertionError('Extra check %s failed' % extra_check)
Пример #60
0
 def check_delete(self, result):
     assert_deepequal(dict(
         value=[self.name],  # correctly a list?
         summary=u'Deleted profile "{}"'.format(self.name),
         result=dict(failed=[]),
     ), result)