IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Show group-add/remove-member-manager failures

Browse Source 
Commands like ipa group-add-member-manager now show permission
errors on failed operations.

Fixes: https://pagure.io/freeipa/issue/8122
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Christian Heimes 2019-11-18 12:02:51 +01:00
parent ba466a8021
commit b216701d9a
9 changed files with 63 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ipaclient/frontend.py
View File

@ -65,6 +65,11 @@ class ClientMethod(ClientCommand, Method):
'ipamemberca', 'ipamemberca',
label=_("Failed CAs"), label=_("Failed CAs"),
), ),
# group, hostgroup
Str(
'membermanager',
label=_("Failed member manager"),
),
# host # host
Str( Str(
'managedby', 'managedby',

2
ipaserver/plugins/group.py
View File

@ -179,7 +179,7 @@ group_output_params = (
), ),
Str( Str(
'membermanager', 'membermanager',
label=_('Failed membermanager'), label=_('Failed member manager'),
), ),
) )

2
ipaserver/plugins/hostgroup.py
View File

@ -92,7 +92,7 @@ hostgroup_output_params = (
), ),
Str( Str(
'membermanager', 'membermanager',
label=_('Failed membermanager'), label=_('Failed member manager'),
), ),
) )

4
ipatests/prci_definitions/gating.yaml
View File

@ -251,7 +251,7 @@ jobs:
timeout: 3600 timeout: 3600
topology: *master_1repl topology: *master_1repl
fedora-latest/membermanager: fedora-latest/test_membermanager:
requires: [fedora-latest/build] requires: [fedora-latest/build]
priority: 100 priority: 100
job: job:
@ -261,7 +261,7 @@ jobs:
test_suite: test_integration/test_membermanager.py test_suite: test_integration/test_membermanager.py
template: *ci-master-latest template: *ci-master-latest
timeout: 1800 timeout: 1800
topology: *ipaserver topology: *master_1repl
fedora-latest/test_smb: fedora-latest/test_smb:
requires: [fedora-latest/build] requires: [fedora-latest/build]

4
ipatests/prci_definitions/nightly_latest.yaml
View File

@ -1373,7 +1373,7 @@ jobs:
timeout: 7200 timeout: 7200
topology: *master_1repl topology: *master_1repl
fedora-latest/membermanager: fedora-latest/test_membermanager:
requires: [fedora-latest/build] requires: [fedora-latest/build]
priority: 100 priority: 100
job: job:
@ -1383,4 +1383,4 @@ jobs:
test_suite: test_integration/test_membermanager.py test_suite: test_integration/test_membermanager.py
template: *ci-master-latest template: *ci-master-latest
timeout: 1800 timeout: 1800
topology: *ipaserver topology: *master_1repl

12
ipatests/prci_definitions/nightly_latest_testing.yaml
View File

@ -1467,3 +1467,15 @@ jobs:
template: *testing-master-latest template: *testing-master-latest
timeout: 7200 timeout: 7200
topology: *master_1repl topology: *master_1repl
testing-fedora/test_membermanager:
requires: [testing-fedora/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{testing-fedora/build_url}'
test_suite: test_integration/test_membermanager.py
template: *testing-master-latest
timeout: 1800
topology: *master_1repl

4
ipatests/prci_definitions/nightly_previous.yaml
View File

@ -1349,7 +1349,7 @@ jobs:
timeout: 7200 timeout: 7200
topology: *master_1repl topology: *master_1repl
fedora-previous/membermanager: fedora-previous/test_membermanager:
requires: [fedora-previous/build] requires: [fedora-previous/build]
priority: 50 priority: 50
job: job:
@ -1359,4 +1359,4 @@ jobs:
test_suite: test_integration/test_membermanager.py test_suite: test_integration/test_membermanager.py
template: *ci-master-previous template: *ci-master-previous
timeout: 1800 timeout: 1800
topology: *ipaserver topology: *master_1repl

4
ipatests/prci_definitions/nightly_rawhide.yaml
View File

@ -1373,7 +1373,7 @@ jobs:
timeout: 7200 timeout: 7200
topology: *master_1repl topology: *master_1repl
fedora-rawhide/membermanager: fedora-rawhide/test_membermanager:
requires: [fedora-rawhide/build] requires: [fedora-rawhide/build]
priority: 50 priority: 50
job: job:
@ -1383,4 +1383,4 @@ jobs:
test_suite: test_integration/test_membermanager.py test_suite: test_integration/test_membermanager.py
template: *ci-master-frawhide template: *ci-master-frawhide
timeout: 1800 timeout: 1800
topology: *ipaserver topology: *master_1repl

37
ipatests/test_integration/test_membermanager.py
View File

@ -24,6 +24,8 @@ HOSTGROUP1 = "testhostgroup1"
class TestMemberManager(IntegrationTest): class TestMemberManager(IntegrationTest):
"""Tests for member manager feature for groups and hostgroups """Tests for member manager feature for groups and hostgroups
""" """
topology = "line"
@classmethod @classmethod
def install(cls, mh): def install(cls, mh):
super(TestMemberManager, cls).install(mh) super(TestMemberManager, cls).install(mh)
@ -31,6 +33,7 @@ class TestMemberManager(IntegrationTest):
tasks.create_active_user(master, USER_MM, PASSWORD) tasks.create_active_user(master, USER_MM, PASSWORD)
tasks.create_active_user(master, USER_INDIRECT, PASSWORD) tasks.create_active_user(master, USER_INDIRECT, PASSWORD)
tasks.create_active_user(master, USER1, PASSWORD)
tasks.kinit_admin(master) tasks.kinit_admin(master)
tasks.group_add(master, GROUP_INDIRECT) tasks.group_add(master, GROUP_INDIRECT)
@ -38,7 +41,6 @@ class TestMemberManager(IntegrationTest):
'ipa', 'group-add-member', GROUP_INDIRECT, '--users', USER_INDIRECT 'ipa', 'group-add-member', GROUP_INDIRECT, '--users', USER_INDIRECT
]) ])
tasks.user_add(master, USER1)
tasks.user_add(master, USER2) tasks.user_add(master, USER2)
tasks.group_add(master, GROUP1) tasks.group_add(master, GROUP1)
tasks.group_add(master, GROUP2) tasks.group_add(master, GROUP2)
@ -152,6 +154,22 @@ class TestMemberManager(IntegrationTest):
result = master.run_command(['ipa', 'group-show', GROUP1]) result = master.run_command(['ipa', 'group-show', GROUP1])
assert GROUP2 in result.stdout_text assert GROUP2 in result.stdout_text
def test_group_member_manager_nopermission(self):
master = self.master
tasks.kinit_as_user(master, USER1, PASSWORD)
result = master.run_command(
[
'ipa', 'group-add-member-manager', GROUP1, '--users', USER1
],
raiseonerr=False
)
assert result.returncode != 0
expected = (
f"member user: {USER1}: Insufficient access: Insufficient "
"'write' privilege to the 'memberManager' attribute of entry"
)
assert expected in result.stdout_text
def test_hostgroup_member_manager_user(self): def test_hostgroup_member_manager_user(self):
master = self.master master = self.master
# mmuser: add a host to host group # mmuser: add a host to host group
@ -177,3 +195,20 @@ class TestMemberManager(IntegrationTest):
]) ])
result = master.run_command(['ipa', 'hostgroup-show', HOSTGROUP1]) result = master.run_command(['ipa', 'hostgroup-show', HOSTGROUP1])
assert master.hostname in result.stdout_text assert master.hostname in result.stdout_text
def test_hostgroup_member_manager_nopermission(self):
master = self.master
tasks.kinit_as_user(master, USER1, PASSWORD)
result = master.run_command(
[
'ipa', 'hostgroup-add-member-manager', HOSTGROUP1,
'--users', USER1
],
raiseonerr=False
)
assert result.returncode != 0
expected = (
f"member user: {USER1}: Insufficient access: Insufficient "
"'write' privilege to the 'memberManager' attribute of entry"
)
assert expected in result.stdout_text