freeipa/ipatests/test_integration/test_ipa_cli.py

#
# Copyright (C) 2018  FreeIPA Contributors see COPYING for license
#
"""Misc test for 'ipa' CLI regressions
"""
from __future__ import absolute_import

import base64
import ssl


from ipaplatform.paths import paths

from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_plugins.integration import tasks


class TestIPACommand(IntegrationTest):
    topology = 'line'

    def get_cert_base64(self, host, path):
        """Retrieve cert and return content as single line, base64 encoded
        """
        cacrt = host.get_file_contents(path, encoding='ascii')
        cader = ssl.PEM_cert_to_DER_cert(cacrt)
        return base64.b64encode(cader).decode('ascii')

    def test_certmap_match_issue7520(self):
        # https://pagure.io/freeipa/issue/7520
        tasks.kinit_admin(self.master)
        result = self.master.run_command(
            ['ipa', 'certmap-match', paths.IPA_CA_CRT],
            raiseonerr=False
        )
        assert result.returncode == 1
        assert not result.stderr_text
        assert "0 users matched" in result.stdout_text

        cab64 = self.get_cert_base64(self.master, paths.IPA_CA_CRT)
        result = self.master.run_command(
            ['ipa', 'certmap-match', '--certificate', cab64],
            raiseonerr=False
        )
        assert result.returncode == 1
        assert not result.stderr_text
        assert "0 users matched" in result.stdout_text

    def test_cert_find_issue7520(self):
        # https://pagure.io/freeipa/issue/7520
        tasks.kinit_admin(self.master)
        subject = 'CN=Certificate Authority,O={}'.format(
            self.master.domain.realm)

        # by cert file
        result = self.master.run_command(
            ['ipa', 'cert-find', '--file', paths.IPA_CA_CRT]
        )
        assert subject in result.stdout_text
        assert '1 certificate matched' in result.stdout_text

        # by base64 cert
        cab64 = self.get_cert_base64(self.master, paths.IPA_CA_CRT)
        result = self.master.run_command(
            ['ipa', 'cert-find', '--certificate', cab64]
        )
        assert subject in result.stdout_text
        assert '1 certificate matched' in result.stdout_text

    def test_add_permission_failure_issue5923(self):
        # https://pagure.io/freeipa/issue/5923
        # error response used to contain bytes instead of text

        tasks.kinit_admin(self.master)
        # neither privilege nor permission exists
        result = self.master.run_command(
            ["ipa", "privilege-add-permission", "loc",
             "--permission='System: Show IPA Locations"],
            raiseonerr=False
        )
        assert result.returncode == 2
        err = result.stderr_text.strip()  # pylint: disable=no-member
        assert err == "ipa: ERROR: loc: privilege not found"
        # add privilege
        result = self.master.run_command(
            ["ipa", "privilege-add", "loc"],
        )
        assert 'Added privilege "loc"' in result.stdout_text
        # permission is still missing
        result = self.master.run_command(
            ["ipa", "privilege-add-permission", "loc",
             "--permission='System: Show IPA Locations"],
            raiseonerr=False
        )
        assert result.returncode == 1
        assert "Number of permissions added 0" in result.stdout_text
Load certificate files as binary data In Python 3, cryptography requires certificate data to be binary. Even PEM encoded files are treated as binary content. certmap-match and cert-find were loading certificates as text files. A new BinaryFile type loads files as binary content. Fixes: https://pagure.io/freeipa/issue/7520 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 2018-04-27 05:29:17 -05:00			`#`
			`# Copyright (C) 2018 FreeIPA Contributors see COPYING for license`
			`#`
			`"""Misc test for 'ipa' CLI regressions`
			`"""`
			`from __future__ import absolute_import`

			`import base64`
			`import ssl`


			`from ipaplatform.paths import paths`

			`from ipatests.test_integration.base import IntegrationTest`
			`from ipatests.pytest_plugins.integration import tasks`


			`class TestIPACommand(IntegrationTest):`
			`topology = 'line'`

			`def get_cert_base64(self, host, path):`
			`"""Retrieve cert and return content as single line, base64 encoded`
			`"""`
			`cacrt = host.get_file_contents(path, encoding='ascii')`
			`cader = ssl.PEM_cert_to_DER_cert(cacrt)`
			`return base64.b64encode(cader).decode('ascii')`

			`def test_certmap_match_issue7520(self):`
			`# https://pagure.io/freeipa/issue/7520`
			`tasks.kinit_admin(self.master)`
			`result = self.master.run_command(`
			`['ipa', 'certmap-match', paths.IPA_CA_CRT],`
			`raiseonerr=False`
			`)`
			`assert result.returncode == 1`
			`assert not result.stderr_text`
			`assert "0 users matched" in result.stdout_text`

			`cab64 = self.get_cert_base64(self.master, paths.IPA_CA_CRT)`
			`result = self.master.run_command(`
			`['ipa', 'certmap-match', '--certificate', cab64],`
			`raiseonerr=False`
			`)`
			`assert result.returncode == 1`
			`assert not result.stderr_text`
			`assert "0 users matched" in result.stdout_text`

			`def test_cert_find_issue7520(self):`
			`# https://pagure.io/freeipa/issue/7520`
			`tasks.kinit_admin(self.master)`
			`subject = 'CN=Certificate Authority,O={}'.format(`
			`self.master.domain.realm)`

			`# by cert file`
			`result = self.master.run_command(`
			`['ipa', 'cert-find', '--file', paths.IPA_CA_CRT]`
			`)`
			`assert subject in result.stdout_text`
			`assert '1 certificate matched' in result.stdout_text`

			`# by base64 cert`
			`cab64 = self.get_cert_base64(self.master, paths.IPA_CA_CRT)`
			`result = self.master.run_command(`
			`['ipa', 'cert-find', '--certificate', cab64]`
			`)`
			`assert subject in result.stdout_text`
			`assert '1 certificate matched' in result.stdout_text`
Reproducer for issue 5923 (bytes in error response) Error response used to contain bytes instead of text, which triggered an exception. See: https://pagure.io/freeipa/issue/5923 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 2018-05-24 08:38:33 -05:00
			`def test_add_permission_failure_issue5923(self):`
			`# https://pagure.io/freeipa/issue/5923`
			`# error response used to contain bytes instead of text`

			`tasks.kinit_admin(self.master)`
			`# neither privilege nor permission exists`
			`result = self.master.run_command(`
			`["ipa", "privilege-add-permission", "loc",`
			`"--permission='System: Show IPA Locations"],`
			`raiseonerr=False`
			`)`
			`assert result.returncode == 2`
			`err = result.stderr_text.strip() # pylint: disable=no-member`
			`assert err == "ipa: ERROR: loc: privilege not found"`
			`# add privilege`
			`result = self.master.run_command(`
			`["ipa", "privilege-add", "loc"],`
			`)`
			`assert 'Added privilege "loc"' in result.stdout_text`
			`# permission is still missing`
			`result = self.master.run_command(`
			`["ipa", "privilege-add-permission", "loc",`
			`"--permission='System: Show IPA Locations"],`
			`raiseonerr=False`
			`)`
			`assert result.returncode == 1`
			`assert "Number of permissions added 0" in result.stdout_text`