IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate HBAC source hosts from CLI

Browse Source 
Hide the commands and options listed below from the CLI,
but keep them in the API. When called directly from the API,
raise appropriate exceptions informing the user that the
functionality has been deprecated.

Affected commands: hbacrule_add_sourcehost, hbacrule_remove_sourcehost.
Affected options: sourcehostcategory, sourcehost_host and
sourcehost_hostgroup (hbacrule); sourcehost (hbactest).

https://fedorahosted.org/freeipa/ticket/3528
This commit is contained in:
Ana Krivokapic
2013-04-12 17:38:09 +02:00
committed by Rob Crittenden
parent d03255571c
commit b8b573a966
9 changed files with 86 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
API.txt
View File

@@ -1379,7 +1379,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('value', <type 'unicode'>, None)
command: hbacrule_add
args: 1,13,3
args: 1,15,3
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
option: StrEnum('accessruletype', attribute=True, autofill=True, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=True, values=(u'allow', u'deny'))
option: Str('addattr*', cli_name='addattr', exclude='webui')
@@ -1391,7 +1391,9 @@ option: Bool('ipaenabledflag', attribute=True, cli_name='ipaenabledflag', multiv
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: StrEnum('servicecategory', attribute=True, cli_name='servicecat', multivalue=False, required=False, values=(u'all',))
option: Str('setattr*', cli_name='setattr', exclude='webui')
option: StrEnum('sourcehostcategory', attribute=True, cli_name='srchostcat', multivalue=False, required=False, values=(u'all',))
option: DeprecatedParam('sourcehost_host', attribute=True, cli_name='sourcehost_host', multivalue=False, required=False)
option: DeprecatedParam('sourcehost_hostgroup', attribute=True, cli_name='sourcehost_hostgroup', multivalue=False, required=False)
option: DeprecatedParam('sourcehostcategory', attribute=True, cli_name='sourcehostcategory', multivalue=False, required=False)
option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
option: Str('version?', exclude='webui')
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
@@ -1464,7 +1466,7 @@ output: Output('result', <type 'bool'>, None)
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('value', <type 'unicode'>, None)
command: hbacrule_find
args: 1,15,4
args: 1,17,4
arg: Str('criteria?', noextrawhitespace=False)
option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, query=True, required=False, values=(u'allow', u'deny'))
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -1477,7 +1479,9 @@ option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: StrEnum('servicecategory', attribute=True, autofill=False, cli_name='servicecat', multivalue=False, query=True, required=False, values=(u'all',))
option: Int('sizelimit?', autofill=False, minvalue=0)
option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', multivalue=False, query=True, required=False, values=(u'all',))
option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, query=True, required=False)
option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, query=True, required=False)
option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, query=True, required=False)
option: Int('timelimit?', autofill=False, minvalue=0)
option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, query=True, required=False, values=(u'all',))
option: Str('version?', exclude='webui')
@@ -1486,7 +1490,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('truncated', <type 'bool'>, None)
command: hbacrule_mod
args: 1,15,3
args: 1,17,3
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=False, values=(u'allow', u'deny'))
option: Str('addattr*', cli_name='addattr', exclude='webui')
@@ -1500,7 +1504,9 @@ option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui
option: Flag('rights', autofill=True, default=False)
option: StrEnum('servicecategory', attribute=True, autofill=False, cli_name='servicecat', multivalue=False, required=False, values=(u'all',))
option: Str('setattr*', cli_name='setattr', exclude='webui')
option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', multivalue=False, required=False, values=(u'all',))
option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, required=False)
option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, required=False)
option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, required=False)
option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
option: Str('version?', exclude='webui')
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
@@ -1706,7 +1712,7 @@ option: Flag('nodetail?', autofill=True, cli_name='nodetail', default=False)
option: Str('rules*', cli_name='rules', csv=True)
option: Str('service', cli_name='service')
option: Int('sizelimit?', autofill=False, minvalue=0)
option: Str('sourcehost?', cli_name='srchost')
option: DeprecatedParam('sourcehost?')
option: Str('targethost', cli_name='host')
option: Str('user', cli_name='user', primary_key=True)
option: Str('version?', exclude='webui')

2
VERSION
View File

@@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=56
IPA_API_VERSION_MINOR=57

2
ipalib/__init__.py
View File

@@ -885,7 +885,7 @@ from backend import Backend
from frontend import Command, LocalOrRemote, Updater
from frontend import Object, Method, Property
from crud import Create, Retrieve, Update, Delete, Search
from parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam
from parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam, DeprecatedParam
from parameters import BytesEnum, StrEnum, AccessTime, File
from errors import SkipPluginModule
from text import _, ngettext, GettextFactory, NGettextFactory

15
ipalib/errors.py
View File

@@ -796,6 +796,21 @@ class PromptFailed(InvocationError):
format = _('Could not get %(name)s interactively')
class DeprecationError(InvocationError):
"""
**3015** Raise when a command has been deprecated
For example:
>>> raise DeprecationError(name='hbacrule_add_sourcehost')
Traceback (most recent call last):
...
DeprecationError: Command 'hbacrule_add_sourcehost' has been deprecated
"""
errno = 3015
format = _("Command '%(name)s' has been deprecated")
##############################################################################
# 4000 - 4999: Execution errors

17
ipalib/parameters.py
View File

@@ -1800,6 +1800,23 @@ class DNParam(Param):
error=ugettext(e))
return dn
class DeprecatedParam(Any):
kwargs = Param.kwargs + (
('deprecate', bool, True),
)
def __init__(self, name, *rules, **kw):
if 'flags' in kw:
kw['flags'] = list(kw['flags']) + ['no_option']
else:
kw['flags'] = ['no_option']
super(DeprecatedParam, self).__init__(name, *rules, **kw)
def _rule_deprecate(self, _, value):
return _('this option is deprecated')
def create_param(spec):
"""
Create an `Str` instance from the shorthand ``spec``.

49
ipalib/plugins/hbacrule.py
View File

@@ -18,7 +18,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipalib import api, errors
from ipalib import AccessTime, Password, Str, StrEnum, Bool
from ipalib import AccessTime, Password, Str, StrEnum, Bool, DeprecatedParam
from ipalib.plugins.baseldap import *
from ipalib import _, ngettext
@@ -150,7 +150,7 @@ class hbacrule(LDAPObject):
exclude='webui',
flags=['no_option', 'no_output'],
),
# FIXME: {user,host,sourcehost,service}categories should expand in the future
# FIXME: {user,host,service}categories should expand in the future
StrEnum('usercategory?',
cli_name='usercat',
label=_('User category'),
@@ -163,12 +163,7 @@ class hbacrule(LDAPObject):
doc=_('Host category the rule applies to'),
values=(u'all', ),
),
StrEnum('sourcehostcategory?',
cli_name='srchostcat',
label=_('Source host category'),
doc=_('Source host category the rule applies to'),
values=(u'all', ),
),
DeprecatedParam('sourcehostcategory?'),
StrEnum('servicecategory?',
cli_name='servicecat',
label=_('Service category'),
@@ -203,14 +198,8 @@ class hbacrule(LDAPObject):
label=_('Host Groups'),
flags=['no_create', 'no_update', 'no_search'],
),
Str('sourcehost_host?',
label=_('Source Hosts'),
flags=['no_create', 'no_update', 'no_search'],
),
Str('sourcehost_hostgroup?',
label=_('Source Host Groups'),
flags=['no_create', 'no_update', 'no_search'],
),
DeprecatedParam('sourcehost_host?'),
DeprecatedParam('sourcehost_hostgroup?'),
Str('memberservice_hbacsvc?',
label=_('Services'),
flags=['no_create', 'no_update', 'no_search'],
@@ -272,8 +261,6 @@ class hbacrule_mod(LDAPUpdate):
raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are allowed users"))
if is_all(options, 'hostcategory') and 'memberhost' in entry_attrs:
raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are allowed hosts"))
if is_all(options, 'sourcehostcategory') and 'sourcehost' in entry_attrs:
raise errors.MutuallyExclusiveError(reason=_("sourcehost category cannot be set to 'all' while there are allowed sourcehosts"))
if is_all(options, 'servicecategory') and 'memberservice' in entry_attrs:
raise errors.MutuallyExclusiveError(reason=_("service category cannot be set to 'all' while there are allowed services"))
return dn
@@ -493,39 +480,25 @@ api.register(hbacrule_remove_host)
class hbacrule_add_sourcehost(LDAPAddMember):
__doc__ = _('Add source hosts and hostgroups from a HBAC rule.')
NO_CLI = True
member_attributes = ['sourcehost']
member_count_out = ('%i object added.', '%i objects added.')
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
(dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'sourcehostcategory' in entry_attrs and \
entry_attrs['sourcehostcategory'][0].lower() == 'all':
raise errors.MutuallyExclusiveError(reason=_(
"source hosts cannot be added when sourcehost category='all'"))
return add_external_pre_callback('host', ldap, dn, keys, options)
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
return add_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options)
def validate(self, **kw):
raise errors.DeprecationError(name='hbacrule_add_sourcehost')
api.register(hbacrule_add_sourcehost)
class hbacrule_remove_sourcehost(LDAPRemoveMember):
__doc__ = _('Remove source hosts and hostgroups from an HBAC rule.')
NO_CLI = True
member_attributes = ['sourcehost']
member_count_out = ('%i object removed.', '%i objects removed.')
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
return remove_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options)
def validate(self, **kw):
raise errors.DeprecationError(name='hbacrule_remove_sourcehost')
api.register(hbacrule_remove_sourcehost)

26
ipalib/plugins/hbactest.py
View File

@@ -18,7 +18,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipalib import api, errors, output, util
from ipalib import Command, Str, Flag, Int
from ipalib import Command, Str, Flag, Int, DeprecatedParam
from types import NoneType
from ipalib.cli import to_cli
from ipalib import _, ngettext
@@ -255,10 +255,7 @@ class hbactest(Command):
label=_('User name'),
primary_key=True,
),
Str('sourcehost?',
cli_name='srchost',
label=_('Source host'),
),
DeprecatedParam('sourcehost?'),
Str('targethost',
cli_name='host',
label=_('Target host'),
@@ -304,7 +301,7 @@ class hbactest(Command):
def execute(self, *args, **options):
# First receive all needed information:
# 1. HBAC rules (whether enabled or disabled)
# 2. Required options are (user, source host, target host, service)
# 2. Required options are (user, target host, service)
# 3. Options: rules to test (--rules, --enabled, --disabled), request for detail output
rules = []
@@ -436,21 +433,6 @@ class hbactest(Command):
except:
pass
if options.get('sourcehost'):
warning_flag = True
if options['sourcehost'] != u'all':
try:
request.srchost.name = self.canonicalize(options['sourcehost'])
srchost_result = self.api.Command.host_show(request.srchost.name)['result']
groups = srchost_result['memberof_hostgroup']
if 'memberofindirect_hostgroup' in srchost_result:
groups += srchost_result['memberofindirect_hostgroup']
request.srchost.groups = sorted(set(groups))
except:
pass
else:
warning_flag = False
if options['targethost'] != u'all':
try:
request.targethost.name = self.canonicalize(options['targethost'])
@@ -477,8 +459,6 @@ class hbactest(Command):
matched_rules.append(ipa_rule.name)
if res == pyhbac.HBAC_EVAL_DENY:
notmatched_rules.append(ipa_rule.name)
if warning_flag:
warning_rules.append(_(u'Sourcehost value of rule "%s" is ignored') % (ipa_rule.name))
except pyhbac.HbacError as (code, rule_name):
if code == pyhbac.HBAC_EVAL_ERROR:
error_rules.append(rule_name)

131
tests/test_xmlrpc/test_hbac_plugin.py
View File

@@ -45,8 +45,6 @@ class test_hbac(XMLRPC_test):
test_group = u'hbacrule_test_group'
test_host = u'hbacrule.testnetgroup'
test_hostgroup = u'hbacrule_test_hostgroup'
test_sourcehost = u'hbacrule.testsrchost'
test_sourcehostgroup = u'hbacrule_test_src_hostgroup'
test_service = u'sshd'
test_host_external = u'notfound.example.com'
@@ -150,12 +148,6 @@ class test_hbac(XMLRPC_test):
self.failsafe_add(api.Object.hostgroup,
self.test_hostgroup, description=u'description'
)
self.failsafe_add(api.Object.host,
self.test_sourcehost, force=True
)
self.failsafe_add(api.Object.hostgroup,
self.test_sourcehostgroup, description=u'desc'
)
self.failsafe_add(api.Object.hbacsvc,
self.test_service, description=u'desc',
)
@@ -268,34 +260,14 @@ class test_hbac(XMLRPC_test):
assert 'memberhost_host' not in entry
assert 'memberhost_hostgroup' not in entry
def test_a_hbacrule_add_sourcehost(self):
@raises(errors.DeprecationError)
def test_a_hbacrule_add_sourcehost_deprecated(self):
"""
Test adding source host and hostgroup to HBAC rule using `xmlrpc.hbacrule_add_host`.
Test deprecated command hbacrule_add_sourcehost.
"""
ret = api.Command['hbacrule_add_sourcehost'](
self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
)
assert ret['completed'] == 2
failed = ret['failed']
assert 'sourcehost' in failed
assert 'host' in failed['sourcehost']
assert not failed['sourcehost']['host']
assert 'hostgroup' in failed['sourcehost']
assert not failed['sourcehost']['hostgroup']
entry = ret['result']
assert_attr_equal(entry, 'sourcehost_host', self.test_host)
assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup)
def test_a_hbacrule_add_invalid_sourcehost(self):
"""
Test adding invalid source host to HBAC rule using `xmlrpc.hbacrule_add_host`.
"""
try:
api.Command['hbacrule_add_sourcehost'](
self.rule_name, host=self.test_invalid_sourcehost, hostgroup=self.test_hostgroup
)
except errors.ValidationError:
pass
def test_a_hbacrule_add_service(self):
"""
@@ -327,55 +299,14 @@ class test_hbac(XMLRPC_test):
entry = ret['result']
assert 'memberservice service' not in entry
def test_b_hbacrule_remove_sourcehost(self):
@raises(errors.DeprecationError)
def test_b_hbacrule_remove_sourcehost_deprecated(self):
"""
Test removing source host and hostgroup from HBAC rule using `xmlrpc.hbacrule_remove_host`.
Test deprecated command hbacrule_remove_sourcehost.
"""
ret = api.Command['hbacrule_remove_sourcehost'](
self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
)
assert ret['completed'] == 2
failed = ret['failed']
assert 'sourcehost' in failed
assert 'host' in failed['sourcehost']
assert not failed['sourcehost']['host']
assert 'hostgroup' in failed['sourcehost']
assert not failed['sourcehost']['hostgroup']
entry = ret['result']
assert 'sourcehost host' not in entry
assert 'sourcehost hostgroup' not in entry
def test_c_hbacrule_add_external_host(self):
"""
Test adding an external host using `xmlrpc.hbacrule_add_host`.
"""
ret = api.Command['hbacrule_add_sourcehost'](
self.rule_name, host=self.test_host_external
)
assert ret['completed'] == 1
failed = ret['failed']
assert 'sourcehost' in failed
assert 'host' in failed['sourcehost']
assert not failed['sourcehost']['host']
assert 'hostgroup' in failed['sourcehost']
assert not failed['sourcehost']['hostgroup']
entry = ret['result']
assert_attr_equal(entry, 'externalhost', self.test_host_external)
def test_c_hbacrule_add_same_external(self):
"""
Test adding the same external host using `xmlrpc.hbacrule_add_host`.
"""
ret = api.Command['hbacrule_add_sourcehost'](
self.rule_name, host=self.test_host_external
)
assert ret['completed'] == 0
failed = ret['failed']
assert 'sourcehost' in failed
assert 'host' in failed['sourcehost']
assert (self.test_host_external, unicode(errors.AlreadyGroupMember())) in failed['sourcehost']['host']
entry = ret['result']
assert_attr_equal(entry, 'externalhost', self.test_host_external)
@raises(errors.ValidationError)
def test_c_hbacrule_mod_invalid_external_setattr(self):
@@ -386,40 +317,6 @@ class test_hbac(XMLRPC_test):
self.rule_name, setattr=self.test_invalid_sourcehost
)
def test_c_hbacrule_remove_external_host(self):
"""
Test removing external source host using `xmlrpc.hbacrule_remove_host`.
"""
ret = api.Command['hbacrule_remove_sourcehost'](
self.rule_name, host=self.test_host_external
)
assert ret['completed'] == 1
failed = ret['failed']
assert 'sourcehost' in failed
assert 'host' in failed['sourcehost']
assert not failed['sourcehost']['host']
assert 'hostgroup' in failed['sourcehost']
assert not failed['sourcehost']['hostgroup']
entry = ret['result']
assert 'sourcehost host' not in entry
assert 'sourcehost hostgroup' not in entry
def test_c_hbacrule_remove_nonexist_external(self):
"""
Test removing non-existent external source host using `xmlrpc.hbacrule_remove_host`.
"""
ret = api.Command['hbacrule_remove_sourcehost'](
self.rule_name, host=self.test_host_external
)
assert ret['completed'] == 0
failed = ret['failed']
assert 'sourcehost' in failed
assert 'host' in failed['sourcehost']
assert (self.test_host_external, unicode(errors.NotGroupMember())) in failed['sourcehost']['host']
assert 'hostgroup' in failed['sourcehost']
assert not failed['sourcehost']['hostgroup']
entry = ret['result']
def test_d_hbacrule_disable(self):
"""
Test disabling HBAC rule using `xmlrpc.hbacrule_disable`.
@@ -551,17 +448,12 @@ class test_hbac(XMLRPC_test):
"""
Test adding various links to HBAC rule
"""
api.Command['hbacrule_add_sourcehost'](
self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
)
api.Command['hbacrule_add_service'](
self.rule_name, hbacsvc=self.test_service
)
entry = api.Command['hbacrule_show'](self.rule_name)['result']
assert_attr_equal(entry, 'cn', self.rule_name)
assert_attr_equal(entry, 'sourcehost_host', self.test_host)
assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup)
assert_attr_equal(entry, 'memberservice_hbacsvc', self.test_service)
def test_y_hbacrule_zap_testing_data(self):
@@ -574,8 +466,6 @@ class test_hbac(XMLRPC_test):
api.Command['group_del'](self.test_group)
api.Command['host_del'](self.test_host)
api.Command['hostgroup_del'](self.test_hostgroup)
api.Command['host_del'](self.test_sourcehost)
api.Command['hostgroup_del'](self.test_sourcehostgroup)
api.Command['hbacsvc_del'](self.test_service)
def test_k_2_sudorule_referential_integrity(self):
@@ -596,3 +486,12 @@ class test_hbac(XMLRPC_test):
# verify that it's gone
with assert_raises(errors.NotFound):
api.Command['hbacrule_show'](self.rule_name)
@raises(errors.ValidationError)
def test_zz_hbacrule_add_with_deprecated_option(self):
"""
Test using a deprecated command option 'sourcehostcategory' with 'hbacrule_add'.
"""
api.Command['hbacrule_add'](
self.rule_name, sourcehostcategory=u'all'
)

80
tests/test_xmlrpc/test_hbactest_plugin.py
View File

@@ -25,6 +25,7 @@ from xmlrpc_test import XMLRPC_test, assert_attr_equal
from ipalib import api
from ipalib import errors
from types import NoneType
from nose.tools import raises
# Test strategy:
# 1. Create few allow rules: with user categories, with explicit users, with user groups, with groups, with services
@@ -95,10 +96,6 @@ class test_hbactest(XMLRPC_test):
self.rule_names[i], host=self.test_host, hostgroup=self.test_hostgroup
)
ret = api.Command['hbacrule_add_sourcehost'](
self.rule_names[i], host=self.test_sourcehost, hostgroup=self.test_sourcehostgroup
)
ret = api.Command['hbacrule_add_service'](
self.rule_names[i], hbacsvc=self.test_service
)
@@ -110,20 +107,6 @@ class test_hbactest(XMLRPC_test):
"""
Test 'ipa hbactest --rules' (explicit IPA rules, detailed output)
"""
ret = api.Command['hbactest'](
user=self.test_user,
sourcehost=self.test_sourcehost,
targethost=self.test_host,
service=self.test_service,
rules=self.rule_names
)
assert ret['value'] == True
assert type(ret['error']) == NoneType
for i in [0,1,2,3]:
assert self.rule_names[i] in ret['matched']
assert self.rule_names[i] in ret['warning'][i]
# same test without sourcehost value
ret = api.Command['hbactest'](
user=self.test_user,
targethost=self.test_host,
@@ -139,21 +122,6 @@ class test_hbactest(XMLRPC_test):
"""
Test 'ipa hbactest --rules --nodetail' (explicit IPA rules, no detailed output)
"""
ret = api.Command['hbactest'](
user=self.test_user,
sourcehost=self.test_sourcehost,
targethost=self.test_host,
service=self.test_service,
rules=self.rule_names,
nodetail=True
)
assert ret['value'] == True
assert ret['error'] == None
assert ret['matched'] == None
assert ret['notmatched'] == None
assert ret['warning'] == None
# same test without sourcehost value
ret = api.Command['hbactest'](
user=self.test_user,
targethost=self.test_host,
@@ -172,7 +140,6 @@ class test_hbactest(XMLRPC_test):
"""
ret = api.Command['hbactest'](
user=self.test_user,
sourcehost=self.test_sourcehost,
targethost=self.test_host,
service=self.test_service,
enabled=True
@@ -182,17 +149,6 @@ class test_hbactest(XMLRPC_test):
# Thus, check that our two enabled rules are in matched, nothing more
for i in [0,2]:
assert self.rule_names[i] in ret['matched']
assert self.check_rule_presence(self.rule_names[i], ret['warning'])
# same test without sourcehost value
ret = api.Command['hbactest'](
user=self.test_user,
targethost=self.test_host,
service=self.test_service,
enabled=True
)
for i in [0,2]:
assert self.rule_names[i] in ret['matched']
def test_d_hbactest_check_rules_disabled_detail(self):
"""
@@ -200,7 +156,6 @@ class test_hbactest(XMLRPC_test):
"""
ret = api.Command['hbactest'](
user=self.test_user,
sourcehost=self.test_sourcehost,
targethost=self.test_host,
service=self.test_service,
disabled=True
@@ -210,17 +165,6 @@ class test_hbactest(XMLRPC_test):
# Thus, check that our two disabled rules are in matched, nothing more
for i in [1,3]:
assert self.rule_names[i] in ret['matched']
assert self.check_rule_presence(self.rule_names[i], ret['warning'])
# same test without sourcehost value
ret = api.Command['hbactest'](
user=self.test_user,
targethost=self.test_host,
service=self.test_service,
disabled=True
)
for i in [1,3]:
assert self.rule_names[i] in ret['matched']
def test_e_hbactest_check_non_existing_rule_detail(self):
"""
@@ -228,7 +172,6 @@ class test_hbactest(XMLRPC_test):
"""
ret = api.Command['hbactest'](
user=self.test_user,
sourcehost=self.test_sourcehost,
targethost=self.test_host,
service=self.test_service,
rules=[u'%s_1x1' % (rule) for rule in self.rule_names],
@@ -241,30 +184,27 @@ class test_hbactest(XMLRPC_test):
for rule in self.rule_names:
assert u'%s_1x1' % (rule) in ret['error']
# same test without sourcehost value
ret = api.Command['hbactest'](
@raises(errors.ValidationError)
def test_f_hbactest_check_sourcehost_option_is_deprecated(self):
"""
Test running 'ipa hbactest' with --srchost option raises ValidationError
"""
api.Command['hbactest'](
user=self.test_user,
targethost=self.test_host,
sourcehost=self.test_sourcehost,
service=self.test_service,
rules=[u'%s_1x1' % (rule) for rule in self.rule_names],
rules=[u'%s_1x1' % rule for rule in self.rule_names],
nodetail=True
)
assert ret['value'] == False
assert ret['matched'] == None
assert ret['notmatched'] == None
for rule in self.rule_names:
assert u'%s_1x1' % (rule) in ret['error']
def test_f_hbactest_clear_testing_data(self):
def test_g_hbactest_clear_testing_data(self):
"""
Clear data for HBAC test plugin testing.
"""
for i in [0,1,2,3]:
api.Command['hbacrule_remove_host'](self.rule_names[i], host=self.test_host)
api.Command['hbacrule_remove_host'](self.rule_names[i], hostgroup=self.test_hostgroup)
api.Command['hbacrule_remove_sourcehost'](self.rule_names[i], host=self.test_sourcehost)
api.Command['hbacrule_remove_sourcehost'](self.rule_names[i], hostgroup=self.test_sourcehostgroup)
api.Command['hbacrule_del'](self.rule_names[i])
api.Command['user_del'](self.test_user)