Prevent the admin user from being deleted

admin is required for trust operations Note that testing for removing the last member is now irrelevant because admin must always exist so the test for it was removed, but the code check remains. It is done after the protected member check. Fixes: https://pagure.io/freeipa/issue/8878 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2023-05-25 18:24:29 -04:00
parent 69e4397421
commit dea35922cd
2 changed files with 37 additions and 22 deletions
--- a/ipatests/test_xmlrpc/test_user_plugin.py
+++ b/ipatests/test_xmlrpc/test_user_plugin.py
@@ -979,22 +979,32 @@ class TestManagers(XMLRPC_test):

@pytest.mark.tier1
 class TestAdmins(XMLRPC_test):
-    def test_remove_original_admin(self):
-        """ Try to remove the only admin """
+    def test_delete_admin(self):
+        """ Try to delete the protected admin user """
        tracker = Tracker()
-        command = tracker.make_command('user_del', [admin1])
+        command = tracker.make_command('user_del', admin1)

-        with raises_exact(errors.LastMemberError(
-                key=admin1, label=u'group', container=admin_group)):
+        with raises_exact(errors.ProtectedEntryError(label=u'user',
+                          key=admin1, reason='privileged user')):
+            command()
+
+    def test_rename_admin(self):
+        """ Try to rename the admin user """
+        tracker = Tracker()
+        command = tracker.make_command('user_mod', admin1,
+                                       **dict(rename=u'newadmin'))
+
+        with raises_exact(errors.ProtectedEntryError(label=u'user',
+                          key=admin1, reason='privileged user')):
            command()

    def test_disable_original_admin(self):
-        """ Try to disable the only admin """
+        """ Try to disable the original admin """
        tracker = Tracker()
        command = tracker.make_command('user_disable', admin1)

-        with raises_exact(errors.LastMemberError(
-                key=admin1, label=u'group', container=admin_group)):
+        with raises_exact(errors.ProtectedEntryError(label=u'user',
+                          key=admin1, reason='privileged user')):
            command()

    def test_create_admin2(self, admin2):
@@ -1012,21 +1022,11 @@ class TestAdmins(XMLRPC_test):
        admin2.disable()
        tracker = Tracker()

-        with raises_exact(errors.LastMemberError(
-                key=admin1, label=u'group', container=admin_group)):
+        with raises_exact(errors.ProtectedEntryError(label=u'user',
+                          key=admin1, reason='privileged user')):
            tracker.run_command('user_disable', admin1)
-        with raises_exact(errors.LastMemberError(
-                key=admin1, label=u'group', container=admin_group)):
-            tracker.run_command('user_del', admin1)
        admin2.delete()

-        with raises_exact(errors.LastMemberError(
-                key=admin1, label=u'group', container=admin_group)):
-            tracker.run_command('user_disable', admin1)
-        with raises_exact(errors.LastMemberError(
-                key=admin1, label=u'group', container=admin_group)):
-            tracker.run_command('user_del', admin1)
-

@pytest.mark.tier1
 class TestPreferredLanguages(XMLRPC_test):