# Authors: # Petr Viktorin # Lenka Doudova # # Copyright (C) 2010, 2016 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . """ Test the `ipalib/plugins/config.py` module. """ from ipalib import errors from ipatests.test_xmlrpc.xmlrpc_test import Declarative import pytest @pytest.mark.tier1 class test_config(Declarative): cleanup_commands = [ ] tests = [ dict( desc='Try to add an unrelated objectclass to ipauserobjectclasses', command=('config_mod', [], dict(addattr=u'ipauserobjectclasses=ipahost')), expected=dict( result=lambda d: 'ipahost' in d['ipauserobjectclasses'], value=None, summary=None, ), ), dict( desc='Remove the unrelated objectclass from ipauserobjectclasses', command=('config_mod', [], dict(delattr=u'ipauserobjectclasses=ipahost')), expected=dict( result=lambda d: 'ipahost' not in d['ipauserobjectclasses'], value=None, summary=None, ), ), dict( desc='Try to remove ipausersearchfields', command=('config_mod', [], dict(delattr=u'ipausersearchfields=uid,givenname,sn,telephonenumber,ou,title')), expected=errors.RequirementError(name='usersearch'), ), dict( desc='Try to set ipaselinuxusermapdefault not in selinux order list', command=('config_mod', [], dict(ipaselinuxusermapdefault=u'unknown_u:s0')), expected=errors.ValidationError(name='ipaselinuxusermapdefault', error='SELinux user map default user not in order list'), ), dict( desc='Try to set invalid ipaselinuxusermapdefault', command=('config_mod', [], dict(ipaselinuxusermapdefault=u'foo')), expected=errors.ValidationError(name='ipaselinuxusermapdefault', error='Invalid MLS value, must match s[0-15](-s[0-15])'), ), dict( desc='Try to set invalid ipaselinuxusermapdefault with setattr', command=('config_mod', [], dict(setattr=u'ipaselinuxusermapdefault=unknown_u:s0')), expected=errors.ValidationError(name='ipaselinuxusermapdefault', error='SELinux user map default user not in order list'), ), dict( desc='Try to set ipaselinuxusermaporder without ipaselinuxusermapdefault out of it', command=('config_mod', [], dict(ipaselinuxusermaporder=u'notfound_u:s0')), expected=errors.ValidationError(name='ipaselinuxusermaporder', error='SELinux user map default user not in order list'), ), dict( desc='Try to set invalid ipaselinuxusermaporder', command=('config_mod', [], dict(ipaselinuxusermaporder=u'$')), expected=errors.ValidationError(name='ipaselinuxusermaporder', error='A list of SELinux users delimited by $ expected'), ), dict( desc='Try to set invalid selinux user in ipaselinuxusermaporder', command=('config_mod', [], dict(ipaselinuxusermaporder=u'unconfined_u:s0-s0:c0.c1023$baduser$guest_u:s0')), expected=errors.ValidationError(name='ipaselinuxusermaporder', error='SELinux user \'baduser\' is not valid: Invalid MLS ' 'value, must match s[0-15](-s[0-15])'), ), dict( desc='Try to set new selinux order and invalid default user', command=('config_mod', [], dict(ipaselinuxusermaporder=u'xguest_u:s0$guest_u:s0$user_u:s0-s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023', ipaselinuxusermapdefault=u'unknown_u:s0')), expected=errors.ValidationError(name='ipaselinuxusermapdefault', error='SELinux user map default user not in order list'), ), dict( desc='Set user auth type', command=('config_mod', [], dict(ipauserauthtype=u'password')), expected=dict( result=lambda d: d['ipauserauthtype'] == (u'password',), value=None, summary=None, ), ), dict( desc='Check user auth type', command=('config_show', [], {}), expected=dict( result=lambda d: d['ipauserauthtype'] == (u'password',), value=None, summary=None, ), ), dict( desc='Unset user auth type', command=('config_mod', [], dict(ipauserauthtype=None)), expected=dict( result=lambda d: 'ipauserauthtype' not in d, value=None, summary=None, ), ), dict( desc='Set maximum username length higher than limit of 255', command=('config_mod', [], dict(ipamaxusernamelength=256)), expected=errors.ValidationError( name='maxusername', error='can be at most 255'), ), dict( desc='Set maximum username length equal to limit 255', command=('config_mod', [], dict(ipamaxusernamelength=255)), expected=dict( result=lambda d: d['ipamaxusernamelength'] == (u'255',), value=None, summary=None, ), ), # Cleanup after previous test - returns max username length to 32 dict( desc='Return maximum username length to default value', command=('config_mod', [], dict(ipamaxusernamelength=32)), expected=dict( result=lambda d: d['ipamaxusernamelength'] == (u'32',), value=None, summary=None, ), ), ]