IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Modernize ipa-getkeytab test suite

Browse Source 
The test suite is now leveraging host/service tracker objects as test case
fixture, removing much of ad-hoc setup/teardown.

https://fedorahosted.org/freeipa/ticket/6409

Reviewed-By: Simo Sorce <ssorce@redhat.com>
This commit is contained in:
Martin Babinsky 2016-10-31 12:30:34 +01:00
parent 0c68c27e51
commit 8480d0e333
2 changed files with 70 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
ipatests/test_cmdline/test_ipagetkeytab.py
View File

@ -28,10 +28,10 @@ import gssapi
import pytest import pytest
from ipalib import api from ipalib import api
from ipalib import errors
from ipapython import ipautil, ipaldap from ipapython import ipautil, ipaldap
from ipaserver.plugins.ldap2 import ldap2 from ipaserver.plugins.ldap2 import ldap2
from ipatests.test_cmdline.cmdline import cmdline_test from ipatests.test_cmdline.cmdline import cmdline_test
from ipatests.test_xmlrpc.tracker import host_plugin, service_plugin
def use_keytab(principal, keytab): def use_keytab(principal, keytab):
try: try:
@ -53,104 +53,110 @@ def use_keytab(principal, keytab):
shutil.rmtree(tmpdir) shutil.rmtree(tmpdir)
@pytest.fixture(scope='class')
def test_host(request):
host_tracker = host_plugin.HostTracker(u'test-host')
return host_tracker.make_fixture(request)
@pytest.fixture(scope='class')
def test_service(request, test_host):
service_tracker = service_plugin.ServiceTracker(u'srv', test_host.name)
test_host.ensure_exists()
return service_tracker.make_fixture(request)
@pytest.mark.tier0 @pytest.mark.tier0
class test_ipagetkeytab(cmdline_test): class test_ipagetkeytab(cmdline_test):
""" """
Test `ipa-getkeytab`. Test `ipa-getkeytab`.
""" """
command = "ipa-getkeytab" command = "ipa-getkeytab"
host_fqdn = u'ipatest.%s' % api.env.domain keytabname = None
service_princ = u'test/%s@%s' % (host_fqdn, api.env.realm)
[keytabfd, keytabname] = tempfile.mkstemp() @classmethod
os.close(keytabfd) def setup_class(cls):
super(test_ipagetkeytab, cls).setup_class()
keytabfd, keytabname = tempfile.mkstemp()
os.close(keytabfd)
os.unlink(keytabname)
cls.keytabname = keytabname
@classmethod
def teardown_class(cls):
super(test_ipagetkeytab, cls).teardown_class()
def test_0_setup(self):
"""
Create a host to test against.
"""
# Create the service
try: try:
api.Command['host_add'](self.host_fqdn, force=True) os.unlink(cls.keytabname)
except errors.DuplicateEntry: except OSError:
# it already exists, no problem
pass pass
def test_1_run(self): def run_ipagetkeytab(self, service_principal, raiseonerr=False):
new_args = [self.command,
"-s", api.env.host,
"-p", service_principal,
"-k", self.keytabname]
return ipautil.run(
new_args,
stdin=None,
raiseonerr=raiseonerr,
capture_error=True)
def test_1_run(self, test_service):
""" """
Create a keytab with `ipa-getkeytab` for a non-existent service. Create a keytab with `ipa-getkeytab` for a non-existent service.
""" """
new_args = [self.command, test_service.ensure_missing()
"-s", api.env.host, result = self.run_ipagetkeytab(test_service.name)
"-p", "test/notfound.example.com",
"-k", self.keytabname,
]
result = ipautil.run(new_args, stdin=None, raiseonerr=False,
capture_error=True)
err = result.error_output err = result.error_output
assert 'Failed to parse result: PrincipalName not found.\n' in err, err assert 'Failed to parse result: PrincipalName not found.\n' in err, err
rc = result.returncode rc = result.returncode
assert rc > 0, rc assert rc > 0, rc
def test_2_run(self): def test_2_run(self, test_service):
""" """
Create a keytab with `ipa-getkeytab` for an existing service. Create a keytab with `ipa-getkeytab` for an existing service.
""" """
# Create the service test_service.ensure_exists()
try:
api.Command['service_add'](self.service_princ, force=True)
except errors.DuplicateEntry:
# it already exists, no problem
pass
os.unlink(self.keytabname) result = self.run_ipagetkeytab(test_service.name, raiseonerr=True)
new_args = [self.command, expected = 'Keytab successfully retrieved and stored in: %s\n' % (
"-s", api.env.host, self.keytabname)
"-p", self.service_princ, assert expected in result.error_output, (
"-k", self.keytabname, 'Success message not in output:\n%s' % result.error_output)
]
try:
result = ipautil.run(new_args, None, capture_error=True)
expected = 'Keytab successfully retrieved and stored in: %s\n' % (
self.keytabname)
assert expected in result.error_output, (
'Success message not in output:\n%s' % result.error_output)
except ipautil.CalledProcessError:
assert (False)
def test_3_use(self): def test_3_use(self, test_service):
""" """
Try to use the service keytab. Try to use the service keytab.
""" """
use_keytab(self.service_princ, self.keytabname) use_keytab(test_service.name, self.keytabname)
def test_4_disable(self): def test_4_disable(self, test_service):
""" """
Disable a kerberos principal Disable a kerberos principal
""" """
retrieve_cmd = test_service.make_retrieve_command()
result = retrieve_cmd()
# Verify that it has a principal key # Verify that it has a principal key
entry = api.Command['service_show'](self.service_princ)['result'] assert result[u'result'][u'has_keytab']
assert(entry['has_keytab'] == True)
# Disable it # Disable it
api.Command['service_disable'](self.service_princ) disable_cmd = test_service.make_disable_command()
disable_cmd()
# Verify that it looks disabled # Verify that it looks disabled
entry = api.Command['service_show'](self.service_princ)['result'] result = retrieve_cmd()
assert(entry['has_keytab'] == False) assert not result[u'result'][u'has_keytab']
def test_5_use_disabled(self): def test_5_use_disabled(self, test_service):
""" """
Try to use the disabled keytab Try to use the disabled keytab
""" """
try: try:
use_keytab(self.service_princ, self.keytabname) use_keytab(test_service.name, self.keytabname)
except Exception as errmsg: except Exception as errmsg:
assert('Unable to bind to LDAP. Error initializing principal' in str(errmsg)) assert('Unable to bind to LDAP. Error initializing principal' in str(errmsg))
def test_9_cleanup(self):
"""
Clean up test data
"""
# First create the host that will use this policy
os.unlink(self.keytabname)
api.Command['host_del'](self.host_fqdn)

4
ipatests/test_xmlrpc/tracker/service_plugin.py
View File

@ -85,6 +85,10 @@ class ServiceTracker(KerberosAliasMixin, Tracker):
return self.make_command('service_mod', self.name, **updates) return self.make_command('service_mod', self.name, **updates)
def make_disable_command(self):
""" make command that disables the service principal """
return self.make_command('service_disable', self.name)
def create(self, force=True): def create(self, force=True):
"""Helper function to create an entry and check the result""" """Helper function to create an entry and check the result"""
self.ensure_missing() self.ensure_missing()