IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Rename hbac module to hbacrule

Browse Source 
The renaming follows previous discussion on mailing list and it leads to
name compatibility with other plugins (e.g. sudorule). It is also
necessary for following changes in ipa help.
This commit is contained in:
Jan Zeleny 2010-12-21 13:20:18 +01:00 committed by Rob Crittenden
parent a1188d95e8
commit bfc338d81c
3 changed files with 143 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
ipalib/plugins/hbac.py → ipalib/plugins/hbacrule.py
View File

@ -36,32 +36,32 @@ EXAMPLES:
Create a rule, "test1", that grants all users access to the host "server" from
anywhere:
ipa hbac-add --type=allow --usercat=all --srchostcat=all test1
ipa hbac-add-host --hosts=server.example.com test1
ipa hbacrule-add --type=allow --usercat=all --srchostcat=all test1
ipa hbacrule-add-host --hosts=server.example.com test1
Display the properties of a named HBAC rule:
ipa hbac-show test1
ipa hbacrule-show test1
Create a rule for a specific service. This lets the user john access
the sshd service on any machine from any machine:
ipa hbac-add --type=allow --hostcat=all --srchostcat=all john_sshd
ipa hbac-add-user --users=john john_sshd
ipa hbac-add-service --hbacsvcs=sshd john_sshd
ipa hbacrule-add --type=allow --hostcat=all --srchostcat=all john_sshd
ipa hbacrule-add-user --users=john john_sshd
ipa hbacrule-add-service --hbacsvcs=sshd john_sshd
Create a rule for a new service group. This lets the user john access
the any FTP service on any machine from any machine:
ipa hbacsvcgroup-add ftpers
ipa hbacsvc-add sftp
ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers
ipa hbac-add --type=allow --hostcat=all --srchostcat=all john_ftp
ipa hbac-add-user --users=john john_ftp
ipa hbac-add-service --hbacsvcgroups=ftpers john_ftp
ipa hbacrule-add --type=allow --hostcat=all --srchostcat=all john_ftp
ipa hbacrule-add-user --users=john john_ftp
ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp
Disable a named HBAC rule:
ipa hbac-disable test1
ipa hbacrule-disable test1
Remove a named HBAC rule:
ipa hbac-del allow_server
ipa hbacrule-del allow_server
"""
@ -73,11 +73,11 @@ EXAMPLES:
# applied in the order displayed.
#
# Specify that the rule "test1" be active every day between 0800 and 1400:
# ipa hbac-add-accesstime --time='periodic daily 0800-1400' test1
# ipa hbacrule-add-accesstime --time='periodic daily 0800-1400' test1
#
# Specify that the rule "test1" be active once, from 10:32 until 10:33 on
# December 16, 2010:
# ipa hbac-add-accesstime --time='absolute 201012161032 ~ 201012161033' test1
# ipa hbacrule-add-accesstime --time='absolute 201012161032 ~ 201012161033' test1
from ipalib import api, errors
@ -97,7 +97,7 @@ def is_all(options, attribute):
return False
class hbac(LDAPObject):
class hbacrule(LDAPObject):
"""
HBAC object.
"""
@ -202,10 +202,10 @@ class hbac(LDAPObject):
),
)
api.register(hbac)
api.register(hbacrule)
class hbac_add(LDAPCreate):
class hbacrule_add(LDAPCreate):
"""
Create a new HBAC rule.
"""
@ -214,18 +214,18 @@ class hbac_add(LDAPCreate):
entry_attrs['ipaenabledflag'] = 'TRUE'
return dn
api.register(hbac_add)
api.register(hbacrule_add)
class hbac_del(LDAPDelete):
class hbacrule_del(LDAPDelete):
"""
Delete an HBAC rule.
"""
api.register(hbac_del)
api.register(hbacrule_del)
class hbac_mod(LDAPUpdate):
class hbacrule_mod(LDAPUpdate):
"""
Modify an HBAC rule.
"""
@ -246,26 +246,26 @@ class hbac_mod(LDAPUpdate):
raise errors.MutuallyExclusiveError(reason="service category cannot be set to 'all' while there are allowed services")
return dn
api.register(hbac_mod)
api.register(hbacrule_mod)
class hbac_find(LDAPSearch):
class hbacrule_find(LDAPSearch):
"""
Search for HBAC rules.
"""
api.register(hbac_find)
api.register(hbacrule_find)
class hbac_show(LDAPRetrieve):
class hbacrule_show(LDAPRetrieve):
"""
Display the properties of an HBAC rule.
"""
api.register(hbac_show)
api.register(hbacrule_show)
class hbac_enable(LDAPQuery):
class hbacrule_enable(LDAPQuery):
"""
Enable an HBAC rule.
"""
@ -288,10 +288,10 @@ class hbac_enable(LDAPQuery):
textui.print_name(self.name)
textui.print_dashed('Enabled HBAC rule "%s".' % cn)
api.register(hbac_enable)
api.register(hbacrule_enable)
class hbac_disable(LDAPQuery):
class hbacrule_disable(LDAPQuery):
"""
Disable an HBAC rule.
"""
@ -314,10 +314,10 @@ class hbac_disable(LDAPQuery):
textui.print_name(self.name)
textui.print_dashed('Disabled HBAC rule "%s".' % cn)
api.register(hbac_disable)
api.register(hbacrule_disable)
class hbac_add_accesstime(LDAPQuery):
class hbacrule_add_accesstime(LDAPQuery):
"""
Add an access time to an HBAC rule.
"""
@ -355,10 +355,10 @@ class hbac_add_accesstime(LDAPQuery):
)
)
#api.register(hbac_add_accesstime)
#api.register(hbacrule_add_accesstime)
class hbac_remove_accesstime(LDAPQuery):
class hbacrule_remove_accesstime(LDAPQuery):
"""
Remove access time to HBAC rule.
"""
@ -395,10 +395,10 @@ class hbac_remove_accesstime(LDAPQuery):
)
)
#api.register(hbac_remove_accesstime)
#api.register(hbacrule_remove_accesstime)
class hbac_add_user(LDAPAddMember):
class hbacrule_add_user(LDAPAddMember):
"""
Add users and groups to an HBAC rule.
"""
@ -412,20 +412,20 @@ class hbac_add_user(LDAPAddMember):
raise errors.MutuallyExclusiveError(reason="users cannot be added when user category='all'")
return dn
api.register(hbac_add_user)
api.register(hbacrule_add_user)
class hbac_remove_user(LDAPRemoveMember):
class hbacrule_remove_user(LDAPRemoveMember):
"""
Remove users and groups from an HBAC rule.
"""
member_attributes = ['memberuser']
member_count_out = ('%i object removed.', '%i objects removed.')
api.register(hbac_remove_user)
api.register(hbacrule_remove_user)
class hbac_add_host(LDAPAddMember):
class hbacrule_add_host(LDAPAddMember):
"""
Add target hosts and hostgroups to an HBAC rule
"""
@ -439,20 +439,20 @@ class hbac_add_host(LDAPAddMember):
raise errors.MutuallyExclusiveError(reason="hosts cannot be added when host category='all'")
return dn
api.register(hbac_add_host)
api.register(hbacrule_add_host)
class hbac_remove_host(LDAPRemoveMember):
class hbacrule_remove_host(LDAPRemoveMember):
"""
Remove target hosts and hostgroups from a HBAC rule.
"""
member_attributes = ['memberhost']
member_count_out = ('%i object removed.', '%i objects removed.')
api.register(hbac_remove_host)
api.register(hbacrule_remove_host)
class hbac_add_sourcehost(LDAPAddMember):
class hbacrule_add_sourcehost(LDAPAddMember):
"""
Add source hosts and hostgroups from a HBAC rule.
"""
@ -466,20 +466,20 @@ class hbac_add_sourcehost(LDAPAddMember):
raise errors.MutuallyExclusiveError(reason="source hosts cannot be added when sourcehost category='all'")
return dn
api.register(hbac_add_sourcehost)
api.register(hbacrule_add_sourcehost)
class hbac_remove_sourcehost(LDAPRemoveMember):
class hbacrule_remove_sourcehost(LDAPRemoveMember):
"""
Remove source hosts and hostgroups from an HBAC rule.
"""
member_attributes = ['sourcehost']
member_count_out = ('%i object removed.', '%i objects removed.')
api.register(hbac_remove_sourcehost)
api.register(hbacrule_remove_sourcehost)
class hbac_add_service(LDAPAddMember):
class hbacrule_add_service(LDAPAddMember):
"""
Add services to an HBAC rule.
"""
@ -493,14 +493,14 @@ class hbac_add_service(LDAPAddMember):
raise errors.MutuallyExclusiveError(reason="services cannot be added when service category='all'")
return dn
api.register(hbac_add_service)
api.register(hbacrule_add_service)
class hbac_remove_service(LDAPRemoveMember):
class hbacrule_remove_service(LDAPRemoveMember):
"""
Remove source hosts and hostgroups from an HBAC rule.
"""
member_attributes = ['memberservice']
member_count_out = ('%i object removed.', '%i objects removed.')
api.register(hbac_remove_service)
api.register(hbacrule_remove_service)

2
ipalib/plugins/netgroup.py
View File

@ -45,7 +45,7 @@ from ipalib import api, errors
from ipalib import Str, StrEnum
from ipalib.plugins.baseldap import *
from ipalib import _, ngettext
from ipalib.plugins.hbac import is_all
from ipalib.plugins.hbacrule import is_all
output_params = (

186
tests/test_xmlrpc/test_hbac_plugin.py
View File

@ -17,7 +17,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Test the `ipalib/plugins/hbac.py` module.
Test the `ipalib/plugins/hbacrule.py` module.
"""
from xmlrpc_test import XMLRPC_test, assert_attr_equal
@ -27,7 +27,7 @@ from ipalib import errors
class test_hbac(XMLRPC_test):
"""
Test the `hbac` plugin.
Test the `hbacrule` plugin.
"""
rule_name = u'testing_rule1234'
rule_type = u'allow'
@ -40,19 +40,19 @@ class test_hbac(XMLRPC_test):
rule_desc = u'description'
rule_desc_mod = u'description modified'
test_user = u'hbac_test_user'
test_group = u'hbac_test_group'
test_host = u'hbac._test_netgroup'
test_hostgroup = u'hbac_test_hostgroup'
test_sourcehost = u'hbac._test_src_host'
test_sourcehostgroup = u'hbac_test_src_hostgroup'
test_user = u'hbacrule_test_user'
test_group = u'hbacrule_test_group'
test_host = u'hbacrule._test_netgroup'
test_hostgroup = u'hbacrule_test_hostgroup'
test_sourcehost = u'hbacrule._test_src_host'
test_sourcehostgroup = u'hbacrule_test_src_hostgroup'
test_service = u'sshd'
def test_0_hbac_add(self):
def test_0_hbacrule_add(self):
"""
Test adding a new HBAC rule using `xmlrpc.hbac_add`.
Test adding a new HBAC rule using `xmlrpc.hbacrule_add`.
"""
ret = self.failsafe_add(api.Object.hbac,
ret = self.failsafe_add(api.Object.hbacrule,
self.rule_name,
accessruletype=self.rule_type,
description=self.rule_desc,
@ -63,12 +63,12 @@ class test_hbac(XMLRPC_test):
assert_attr_equal(entry, 'ipaenabledflag', 'TRUE')
assert_attr_equal(entry, 'description', self.rule_desc)
def test_1_hbac_add(self):
def test_1_hbacrule_add(self):
"""
Test adding an existing HBAC rule using `xmlrpc.hbac_add'.
Test adding an existing HBAC rule using `xmlrpc.hbacrule_add'.
"""
try:
api.Command['hbac_add'](
api.Command['hbacrule_add'](
self.rule_name, accessruletype=self.rule_type
)
except errors.DuplicateEntry:
@ -76,44 +76,44 @@ class test_hbac(XMLRPC_test):
else:
assert False
def test_2_hbac_show(self):
def test_2_hbacrule_show(self):
"""
Test displaying a HBAC rule using `xmlrpc.hbac_show`.
Test displaying a HBAC rule using `xmlrpc.hbacrule_show`.
"""
entry = api.Command['hbac_show'](self.rule_name)['result']
entry = api.Command['hbacrule_show'](self.rule_name)['result']
assert_attr_equal(entry, 'cn', self.rule_name)
assert_attr_equal(entry, 'accessruletype', self.rule_type)
assert_attr_equal(entry, 'ipaenabledflag', 'TRUE')
assert_attr_equal(entry, 'description', self.rule_desc)
def test_3_hbac_mod(self):
def test_3_hbacrule_mod(self):
"""
Test modifying a HBAC rule using `xmlrpc.hbac_mod`.
Test modifying a HBAC rule using `xmlrpc.hbacrule_mod`.
"""
ret = api.Command['hbac_mod'](
ret = api.Command['hbacrule_mod'](
self.rule_name, description=self.rule_desc_mod
)
entry = ret['result']
assert_attr_equal(entry, 'description', self.rule_desc_mod)
# def test_4_hbac_add_accesstime(self):
# def test_4_hbacrule_add_accesstime(self):
# """
# Test adding access time to HBAC rule using `xmlrpc.hbac_add_accesstime`.
# Test adding access time to HBAC rule using `xmlrpc.hbacrule_add_accesstime`.
# """
# return
# ret = api.Command['hbac_add_accesstime'](
# ret = api.Command['hbacrule_add_accesstime'](
# self.rule_name, accesstime=self.rule_time2
# )
# entry = ret['result']
# assert_attr_equal(entry, 'accesstime', self.rule_time);
# assert_attr_equal(entry, 'accesstime', self.rule_time2);
# def test_5_hbac_add_accesstime(self):
# def test_5_hbacrule_add_accesstime(self):
# """
# Test adding invalid access time to HBAC rule using `xmlrpc.hbac_add_accesstime`.
# Test adding invalid access time to HBAC rule using `xmlrpc.hbacrule_add_accesstime`.
# """
# try:
# api.Command['hbac_add_accesstime'](
# api.Command['hbacrule_add_accesstime'](
# self.rule_name, accesstime=self.rule_time_fail
# )
# except errors.ValidationError:
@ -121,11 +121,11 @@ class test_hbac(XMLRPC_test):
# else:
# assert False
def test_6_hbac_find(self):
def test_6_hbacrule_find(self):
"""
Test searching for HBAC rules using `xmlrpc.hbac_find`.
Test searching for HBAC rules using `xmlrpc.hbacrule_find`.
"""
ret = api.Command['hbac_find'](
ret = api.Command['hbacrule_find'](
name=self.rule_name, accessruletype=self.rule_type,
description=self.rule_desc_mod
)
@ -135,7 +135,7 @@ class test_hbac(XMLRPC_test):
assert_attr_equal(entries[0], 'accessruletype', self.rule_type)
assert_attr_equal(entries[0], 'description', self.rule_desc_mod)
def test_7_hbac_init_testing_data(self):
def test_7_hbacrule_init_testing_data(self):
"""
Initialize data for more HBAC plugin testing.
"""
@ -161,11 +161,11 @@ class test_hbac(XMLRPC_test):
self.test_service, description=u'desc', force=True
)
def test_8_hbac_add_user(self):
def test_8_hbacrule_add_user(self):
"""
Test adding user and group to HBAC rule using `xmlrpc.hbac_add_user`.
Test adding user and group to HBAC rule using `xmlrpc.hbacrule_add_user`.
"""
ret = api.Command['hbac_add_user'](
ret = api.Command['hbacrule_add_user'](
self.rule_name, user=self.test_user, group=self.test_group
)
assert ret['completed'] == 2
@ -179,11 +179,11 @@ class test_hbac(XMLRPC_test):
assert_attr_equal(entry, 'memberuser_user', self.test_user)
assert_attr_equal(entry, 'memberuser_group', self.test_group)
def test_9_hbac_remove_user(self):
def test_9_hbacrule_remove_user(self):
"""
Test removing user and group from HBAC rule using `xmlrpc.hbac_remove_user'.
Test removing user and group from HBAC rule using `xmlrpc.hbacrule_remove_user'.
"""
ret = api.Command['hbac_remove_user'](
ret = api.Command['hbacrule_remove_user'](
self.rule_name, user=self.test_user, group=self.test_group
)
assert ret['completed'] == 2
@ -197,11 +197,11 @@ class test_hbac(XMLRPC_test):
assert 'memberuser_user' not in entry
assert 'memberuser_group' not in entry
def test_a_hbac_add_host(self):
def test_a_hbacrule_add_host(self):
"""
Test adding host and hostgroup to HBAC rule using `xmlrpc.hbac_add_host`.
Test adding host and hostgroup to HBAC rule using `xmlrpc.hbacrule_add_host`.
"""
ret = api.Command['hbac_add_host'](
ret = api.Command['hbacrule_add_host'](
self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
)
assert ret['completed'] == 2
@ -215,11 +215,11 @@ class test_hbac(XMLRPC_test):
assert_attr_equal(entry, 'memberhost_host', self.test_host)
assert_attr_equal(entry, 'memberhost_hostgroup', self.test_hostgroup)
def test_b_hbac_remove_host(self):
def test_b_hbacrule_remove_host(self):
"""
Test removing host and hostgroup from HBAC rule using `xmlrpc.hbac_remove_host`.
Test removing host and hostgroup from HBAC rule using `xmlrpc.hbacrule_remove_host`.
"""
ret = api.Command['hbac_remove_host'](
ret = api.Command['hbacrule_remove_host'](
self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
)
assert ret['completed'] == 2
@ -233,11 +233,11 @@ class test_hbac(XMLRPC_test):
assert 'memberhost_host' not in res[1]
assert 'memberhost_hostgroup' not in res[1]
def test_a_hbac_add_sourcehost(self):
def test_a_hbacrule_add_sourcehost(self):
"""
Test adding source host and hostgroup to HBAC rule using `xmlrpc.hbac_add_host`.
Test adding source host and hostgroup to HBAC rule using `xmlrpc.hbacrule_add_host`.
"""
ret = api.Command['hbac_add_sourcehost'](
ret = api.Command['hbacrule_add_sourcehost'](
self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
)
assert ret['completed'] == 2
@ -251,11 +251,11 @@ class test_hbac(XMLRPC_test):
assert_attr_equal(entry, 'sourcehost_host', self.test_host)
assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup)
def test_a_hbac_add_service(self):
def test_a_hbacrule_add_service(self):
"""
Test adding service to HBAC rule using `xmlrpc.hbac_add_service`.
Test adding service to HBAC rule using `xmlrpc.hbacrule_add_service`.
"""
ret = api.Command['hbac_add_service'](
ret = api.Command['hbacrule_add_service'](
self.rule_name, hbacsvc=self.test_service
)
assert ret['completed'] == 1
@ -266,11 +266,11 @@ class test_hbac(XMLRPC_test):
entry = ret['result']
assert_attr_equal(entry, 'memberservice_hbacsvc', self.test_service)
def test_a_hbac_remove_service(self):
def test_a_hbacrule_remove_service(self):
"""
Test removing service to HBAC rule using `xmlrpc.hbac_remove_service`.
Test removing service to HBAC rule using `xmlrpc.hbacrule_remove_service`.
"""
ret = api.Command['hbac_remove_service'](
ret = api.Command['hbacrule_remove_service'](
self.rule_name, hbacsvc=self.test_service
)
assert ret['completed'] == 1
@ -281,11 +281,11 @@ class test_hbac(XMLRPC_test):
entry = ret['result']
assert 'memberservice service' not in entry
def test_b_hbac_remove_host(self):
def test_b_hbacrule_remove_host(self):
"""
Test removing source host and hostgroup from HBAC rule using `xmlrpc.hbac_remove_host`.
Test removing source host and hostgroup from HBAC rule using `xmlrpc.hbacrule_remove_host`.
"""
ret = api.Command['hbac_remove_sourcehost'](
ret = api.Command['hbacrule_remove_sourcehost'](
self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
)
assert ret['completed'] == 2
@ -299,12 +299,12 @@ class test_hbac(XMLRPC_test):
assert 'sourcehost host' not in entry
assert 'sourcehost hostgroup' not in entry
def test_c_hbac_clear_testing_data(self):
def test_c_hbacrule_clear_testing_data(self):
"""
Clear data for HBAC plugin testing.
"""
api.Command['hbac_remove_host'](self.rule_name, host=self.test_host)
api.Command['hbac_remove_host'](self.rule_name, hostgroup=self.test_hostgroup)
api.Command['hbacrule_remove_host'](self.rule_name, host=self.test_host)
api.Command['hbacrule_remove_host'](self.rule_name, hostgroup=self.test_hostgroup)
api.Command['user_del'](self.test_user)
api.Command['group_del'](self.test_group)
api.Command['host_del'](self.test_host)
@ -313,102 +313,102 @@ class test_hbac(XMLRPC_test):
api.Command['hostgroup_del'](self.test_sourcehostgroup)
api.Command['hbacsvc_del'](self.test_service)
def test_d_hbac_disable(self):
def test_d_hbacrule_disable(self):
"""
Test disabling HBAC rule using `xmlrpc.hbac_disable`.
Test disabling HBAC rule using `xmlrpc.hbacrule_disable`.
"""
assert api.Command['hbac_disable'](self.rule_name)['result'] is True
entry = api.Command['hbac_show'](self.rule_name)['result']
assert api.Command['hbacrule_disable'](self.rule_name)['result'] is True
entry = api.Command['hbacrule_show'](self.rule_name)['result']
# FIXME: Should this be 'disabled' or 'FALSE'?
assert_attr_equal(entry, 'ipaenabledflag', 'FALSE')
def test_e_hbac_enabled(self):
def test_e_hbacrule_enabled(self):
"""
Test enabling HBAC rule using `xmlrpc.hbac_enable`.
Test enabling HBAC rule using `xmlrpc.hbacrule_enable`.
"""
assert api.Command['hbac_enable'](self.rule_name)['result'] is True
assert api.Command['hbacrule_enable'](self.rule_name)['result'] is True
# check it's really enabled
entry = api.Command['hbac_show'](self.rule_name)['result']
entry = api.Command['hbacrule_show'](self.rule_name)['result']
# FIXME: Should this be 'enabled' or 'TRUE'?
assert_attr_equal(entry, 'ipaenabledflag', 'TRUE')
def test_f_hbac_exclusiveuser(self):
def test_f_hbacrule_exclusiveuser(self):
"""
Test adding a user to an HBAC rule when usercat='all'
"""
api.Command['hbac_mod'](self.rule_name, usercategory=u'all')
api.Command['hbacrule_mod'](self.rule_name, usercategory=u'all')
try:
api.Command['hbac_add_user'](self.rule_name, users='admin')
api.Command['hbacrule_add_user'](self.rule_name, users='admin')
except errors.MutuallyExclusiveError:
pass
api.Command['hbac_mod'](self.rule_name, usercategory=u'')
api.Command['hbacrule_mod'](self.rule_name, usercategory=u'')
def test_g_hbac_exclusiveuser(self):
def test_g_hbacrule_exclusiveuser(self):
"""
Test setting usercat='all' in an HBAC rule when there are users
"""
api.Command['hbac_add_user'](self.rule_name, users='admin')
api.Command['hbacrule_add_user'](self.rule_name, users='admin')
try:
api.Command['hbac_mod'](self.rule_name, usercategory=u'all')
api.Command['hbacrule_mod'](self.rule_name, usercategory=u'all')
except errors.MutuallyExclusiveError:
pass
finally:
api.Command['hbac_remove_user'](self.rule_name, users='admin')
api.Command['hbacrule_remove_user'](self.rule_name, users='admin')
def test_h_hbac_exclusivehost(self):
def test_h_hbacrule_exclusivehost(self):
"""
Test adding a host to an HBAC rule when hostcat='all'
"""
api.Command['hbac_mod'](self.rule_name, hostcategory=u'all')
api.Command['hbacrule_mod'](self.rule_name, hostcategory=u'all')
try:
api.Command['hbac_add_host'](self.rule_name, host=self.test_host)
api.Command['hbacrule_add_host'](self.rule_name, host=self.test_host)
except errors.MutuallyExclusiveError:
pass
api.Command['hbac_mod'](self.rule_name, hostcategory=u'')
api.Command['hbacrule_mod'](self.rule_name, hostcategory=u'')
def test_i_hbac_exclusivehost(self):
def test_i_hbacrule_exclusivehost(self):
"""
Test setting hostcat='all' in an HBAC rule when there are hosts
"""
api.Command['hbac_add_host'](self.rule_name, host=self.test_host)
api.Command['hbacrule_add_host'](self.rule_name, host=self.test_host)
try:
api.Command['hbac_mod'](self.rule_name, hostcategory=u'all')
api.Command['hbacrule_mod'](self.rule_name, hostcategory=u'all')
except errors.MutuallyExclusiveError:
pass
finally:
api.Command['hbac_remove_host'](self.rule_name, host=self.test_host)
api.Command['hbacrule_remove_host'](self.rule_name, host=self.test_host)
def test_j_hbac_exclusiveservice(self):
def test_j_hbacrule_exclusiveservice(self):
"""
Test adding a service to an HBAC rule when servicecat='all'
"""
api.Command['hbac_mod'](self.rule_name, servicecategory=u'all')
api.Command['hbacrule_mod'](self.rule_name, servicecategory=u'all')
try:
api.Command['hbac_add_host'](self.rule_name, hbacsvc=self.test_service)
api.Command['hbacrule_add_host'](self.rule_name, hbacsvc=self.test_service)
except errors.MutuallyExclusiveError:
pass
api.Command['hbac_mod'](self.rule_name, servicecategory=u'')
api.Command['hbacrule_mod'](self.rule_name, servicecategory=u'')
def test_k_hbac_exclusiveservice(self):
def test_k_hbacrule_exclusiveservice(self):
"""
Test setting servicecat='all' in an HBAC rule when there are services
"""
api.Command['hbac_add_service'](self.rule_name, hbacsvc=self.test_service)
api.Command['hbacrule_add_service'](self.rule_name, hbacsvc=self.test_service)
try:
api.Command['hbac_mod'](self.rule_name, servicecategory=u'all')
api.Command['hbacrule_mod'](self.rule_name, servicecategory=u'all')
except errors.MutuallyExclusiveError:
pass
finally:
api.Command['hbac_remove_service'](self.rule_name, hbacsvc=self.test_service)
api.Command['hbacrule_remove_service'](self.rule_name, hbacsvc=self.test_service)
def test_z_hbac_del(self):
def test_z_hbacrule_del(self):
"""
Test deleting a HBAC rule using `xmlrpc.hbac_del`.
Test deleting a HBAC rule using `xmlrpc.hbacrule_del`.
"""
assert api.Command['hbac_del'](self.rule_name)['result'] is True
assert api.Command['hbacrule_del'](self.rule_name)['result'] is True
# verify that it's gone
try:
api.Command['hbac_show'](self.rule_name)
api.Command['hbacrule_show'](self.rule_name)
except errors.NotFound:
pass
else: