ipatests: Extend CAACL suite to cover Sub CA members

https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-06-21 13:45:54 +02:00 · 2016-06-21 13:45:54 +02:00 · 5b37aaad77
commit 5b37aaad77
parent ea9b15f435
2 changed files with 45 additions and 7 deletions
--- a/ipatests/test_xmlrpc/test_caacl_plugin.py
+++ b/ipatests/test_xmlrpc/test_caacl_plugin.py
@ -14,6 +14,7 @@ from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test
 from ipatests.test_xmlrpc.tracker.certprofile_plugin import CertprofileTracker
 from ipatests.test_xmlrpc.tracker.caacl_plugin import CAACLTracker
 from ipatests.test_xmlrpc.tracker.stageuser_plugin import StageUserTracker
+from ipatests.test_xmlrpc.tracker.ca_plugin import CATracker


@pytest.fixture(scope='class')
@ -48,11 +49,18 @@ def category_acl(request):
    name = u'category_acl'
    tracker = CAACLTracker(name, ipacertprofile_category=u'all',
                           user_category=u'all', service_category=u'all',
-                           host_category=u'all')
+                           host_category=u'all', ipaca_category=u'all')

    return tracker.make_fixture(request)


+@pytest.fixture(scope='class')
+def caacl_test_ca(request):
+    name = u'caacl-test-ca'
+    subject = u'CN=caacl test subca,O=test industries inc.'
+    return CATracker(name, subject).make_fixture(request)
+
+
@pytest.fixture(scope='class')
 def staged_user(request):
    name = u'st-user'
@ -109,7 +117,8 @@ class TestCAACLMembers(XMLRPC_test):
            hostcategory=None,
            servicecategory=None,
            ipacertprofilecategory=None,
-            usercategory=None)
+            usercategory=None,
+            ipacacategory=None)
        category_acl.update(updates)

    def test_add_profile(self, category_acl, default_profile):
@ -120,6 +129,15 @@ class TestCAACLMembers(XMLRPC_test):
        category_acl.remove_profile(certprofile=default_profile.name)
        category_acl.retrieve()

+    def test_add_ca(self, category_acl, caacl_test_ca):
+        caacl_test_ca.ensure_exists()
+        category_acl.add_ca(ca=caacl_test_ca.name)
+        category_acl.retrieve()
+
+    def test_remove_ca(self, category_acl, caacl_test_ca):
+        category_acl.remove_ca(ca=caacl_test_ca.name)
+        category_acl.retrieve()
+
    def test_add_invalid_value_service(self, category_acl, default_profile):
        res = category_acl.add_service(service=default_profile.name, track=False)
        assert len(res['failed']) == 1
@ -144,6 +162,10 @@ class TestCAACLMembers(XMLRPC_test):
        res = category_acl.add_profile(certprofile=category_acl.name, track=False)
        assert len(res['failed']) == 1

+    def test_add_invalid_value_ca(self, category_acl):
+        res = category_acl.add_ca(ca=category_acl.name, track=False)
+        assert len(res['failed']) == 1
+
    def test_add_staged_user_to_acl(self, category_acl, staged_user):
        res = category_acl.add_user(user=staged_user.name, track=False)
        assert len(res['failed']) == 1
--- a/ipatests/test_xmlrpc/tracker/caacl_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/caacl_plugin.py
@ -35,10 +35,11 @@ class CAACLTracker(Tracker):
        u'memberuser_user', u'memberuser_group',
        u'memberhost_host', u'memberhost_hostgroup',
        u'memberservice_service',
-        u'ipamembercertprofile_certprofile'}
+        u'ipamembercertprofile_certprofile',
+        u'ipamemberca_ca'}
    category_keys = {
        u'ipacacategory', u'ipacertprofilecategory', u'usercategory',
-        u'hostcategory', u'servicecategory'}
+        u'hostcategory', u'servicecategory', u'ipacacategory'}
    retrieve_keys = {
        u'dn', u'cn', u'description', u'ipaenabledflag',
        u'ipamemberca', u'ipamembercertprofile', u'memberuser',
@ -51,14 +52,15 @@ class CAACLTracker(Tracker):
    update_keys = create_keys - {u'dn'}

    def __init__(self, name, ipacertprofile_category=None, user_category=None,
-                 service_category=None, host_category=None, description=None,
-                 default_version=None):
+                 service_category=None, host_category=None,
+                 ipaca_category=None, description=None, default_version=None):
        super(CAACLTracker, self).__init__(default_version=default_version)

        self._name = name
        self.description = description
        self._categories = dict(
            ipacertprofilecategory=ipacertprofile_category,
+            ipacacategory=ipaca_category,
            usercategory=user_category,
            servicecategory=service_category,
            hostcategory=host_category)
@ -200,7 +202,7 @@ class CAACLTracker(Tracker):
    # implemented in standalone test
    #
    # The methods implemented here will be:
-    # caacl_{add,remove}_{host, service, certprofile, user [, subca]}
+    # caacl_{add,remove}_{host, service, certprofile, user, ca}

    def _add_acl_component(self, command_name, keys, track):
        """ Add a resource into ACL rule and track it.
@ -356,6 +358,20 @@ class CAACLTracker(Tracker):

        return self._remove_acl_component(u'caacl_remove_profile', options, track)

+    def add_ca(self, ca=None, track=True):
+        options = {
+            u'ipamemberca_ca':
+                {u'ca': ca}}
+
+        return self._add_acl_component(u'caacl_add_ca', options, track)
+
+    def remove_ca(self, ca=None, track=True):
+        options = {
+            u'ipamemberca_ca':
+                {u'ca': ca}}
+
+        return self._remove_acl_component(u'caacl_remove_ca', options, track)
+
    def enable(self):
        command = self.make_command(u'caacl_enable', self.name)
        self.attrs.update({u'ipaenabledflag': [u'TRUE']})