freeipa/ipatests/test_webui/test_host.py
Petr Vobornik edf0719409 Allow edit of ipakrbokasdelegate in Web UI when attrlevelrights are unknown
Old host entries are missing object class with krbticketflags attribute. Therefore UI does not receive attrlevelrights for it. This OC is added when ipakrbokasdelegate is set.

This patch adds the usual hack for such cases.

https://fedorahosted.org/freeipa/ticket/3940
2013-09-26 10:24:14 +02:00

316 lines
10 KiB
Python

# Authors:
# Petr Vobornik <pvoborni@redhat.com>
#
# Copyright (C) 2013 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Host tests
"""
from ipatests.test_webui.ui_driver import UI_driver
import ipatests.test_webui.data_hostgroup as hostgroup
import ipatests.test_webui.data_netgroup as netgroup
import ipatests.test_webui.data_hbac as hbac
import ipatests.test_webui.test_rbac as rbac
import ipatests.test_webui.data_sudo as sudo
ENTITY = 'host'
class host_tasks(UI_driver):
def __init__(self, *args, **kwargs):
super(host_tasks, self).__init__(args, kwargs)
self.prep_data()
self.prep_data2()
def prep_data(self):
host = 'itest'
domain = self.config.get('ipa_domain')
ip = self.get_ip()
self.data = self.get_data(host, domain, ip)
self.pkey = self.data['pkey']
return self.data
def prep_data2(self):
host = 'itest2'
domain = self.config.get('ipa_domain')
self.data2 = self.get_data(host, domain)
self.pkey2 = self.data2['pkey']
return self.data2
def get_data(self, host, domain, ip=None):
if self.has_dns():
add_data = [
('textbox', 'hostname', host),
('combobox', 'dnszone', domain),
]
if ip:
add_data.append(('textbox', 'ip_address', ip))
add_data.append(('checkbox', 'force', ''))
del_data = [
('checkbox', 'updatedns', '')
]
else:
add_data = [
('textbox', 'fqdn', '%s.%s' % (host, domain)),
('checkbox', 'force', ''),
]
del_data = None
data = {
'pkey': '%s.%s' % (host, domain),
'add': add_data,
'mod': [
('textarea', 'description', 'Desc'),
],
'del': del_data,
}
return data
def get_ip(self):
"""
Get next IP
"""
ip = self.config.get('ipa_ip')
if not ip:
self.skip('FreeIPA Server IP address not configured')
ip = ip.split('.')
last = int(ip.pop())
ip.append(str(last + 1))
return '.'.join(ip)
def load_csr(self, path):
# ENHANCEMENT: generate csr dynamically
with open(path, 'r') as csr_file:
csr = csr_file.read()
return csr
class test_host(host_tasks):
def test_crud(self):
"""
Basic CRUD: host
"""
self.init_app()
self.basic_crud(ENTITY, self.data)
def test_certificates(self):
"""
Test host certificate actions
Requires to have CA installed and 'host_csr_path' configuration option
set.
"""
if not self.has_ca():
self.skip('CA is not configured')
csr_path = self.config.get('host_csr_path')
if not csr_path:
self.skip('CSR file is not configured')
self.init_app()
csr = self.load_csr(csr_path)
panel = 'cert_actions'
realm = self.config.get('ipa_realm')
self.add_record(ENTITY, self.data)
self.navigate_to_record(self.pkey)
self.assert_visible("div[name='certificate-missing']")
# cert request
self.action_panel_action(panel, 'request_cert')
self.fill_text('textarea.certificate', csr)
self.dialog_button_click('issue')
self.wait_for_request(n=2, d=0.5)
self.assert_visible("div[name='certificate-valid']")
# cert view
self.action_panel_action(panel, 'view_cert')
self.wait()
self.assert_text("tbody tr:nth-child(2) td:nth-child(2)", self.pkey)
self.assert_text("tbody tr:nth-child(3) td:nth-child(2)", realm)
self.dialog_button_click('close')
# cert get
self.action_panel_action(panel, 'get_cert')
self.wait()
# We don't know the cert text, so at least open and close the dialog
self.dialog_button_click('close')
## cert revoke
self.action_panel_action(panel, 'revoke_cert')
self.wait()
self.select('select', '6')
self.dialog_button_click('ok')
self.wait_for_request(n=2)
self.assert_visible("div[name='certificate-revoked']")
## cert restore
self.action_panel_action(panel, 'restore_cert')
self.wait()
self.dialog_button_click('ok')
self.wait_for_request(n=2)
self.assert_visible("div[name='certificate-valid']")
# cleanup
self.navigate_to_entity(ENTITY, 'search')
self.delete_record(self.pkey, self.data.get('del'))
def test_ca_less(self):
"""
Test host certificate actions in CA-less install
http://www.freeipa.org/page/V3/CA-less_install
"""
if self.has_ca():
self.skip('CA is installed')
self.init_app()
self.add_record(ENTITY, self.data)
self.navigate_to_record(self.pkey)
panel = 'cert_actions'
self.assert_action_panel_action(panel, 'request_cert', visible=False)
self.assert_action_panel_action(panel, 'revoke_cert', visible=False)
self.assert_action_panel_action(panel, 'restore_cert', visible=False)
self.assert_action_panel_action(panel, 'view_cert', enabled=False)
self.assert_action_panel_action(panel, 'get_cert', enabled=False)
self.navigate_by_breadcrumb('Hosts')
self.delete_record(self.pkey, self.data.get('del'))
def test_kerberos_flags(self):
"""
Test Kerberos flags
http://www.freeipa.org/page/V3/Kerberos_Flags
"""
name = 'ipakrbokasdelegate'
mod = {'mod': [('checkbox', name, '')]}
checked = ['checked']
self.init_app()
self.add_record(ENTITY, self.data)
self.navigate_to_record(self.pkey)
if self.get_field_checked(name) == checked:
self.mod_record(ENTITY, mod) # uncheck
self.mod_record(ENTITY, mod)
self.validate_fields([('checkbox', name, checked)])
self.mod_record(ENTITY, mod)
self.validate_fields([('checkbox', name, [])])
self.delete_record(self.pkey, self.data.get('del'))
def test_associations(self):
"""
Host direct associations
"""
self.init_app()
# prepare
# -------
self.add_record(ENTITY, self.data)
self.add_record(ENTITY, self.data2, navigate=False)
self.add_record(hostgroup.ENTITY, hostgroup.DATA)
self.add_record(netgroup.ENTITY, netgroup.DATA)
self.add_record(rbac.ROLE_ENTITY, rbac.ROLE_DATA)
self.add_record(hbac.RULE_ENTITY, hbac.RULE_DATA)
self.add_record(sudo.RULE_ENTITY, sudo.RULE_DATA)
# add & remove associations
# -------------------------
self.navigate_to_entity(ENTITY)
self.navigate_to_record(self.pkey)
self.add_associations([hostgroup.PKEY], facet='memberof_hostgroup', delete=True)
self.add_associations([netgroup.PKEY], facet='memberof_netgroup', delete=True)
self.add_associations([rbac.ROLE_PKEY], facet='memberof_role', delete=True)
self.add_associations([hbac.RULE_PKEY], facet='memberof_hbacrule', delete=True)
self.add_associations([sudo.RULE_PKEY], facet='memberof_sudorule', delete=True)
self.add_associations([self.pkey2], facet='managedby_host', delete=True)
# cleanup
# -------
self.delete(ENTITY, [self.data, self.data2])
self.delete(hostgroup.ENTITY, [hostgroup.DATA])
self.delete(netgroup.ENTITY, [netgroup.DATA])
self.delete(rbac.ROLE_ENTITY, [rbac.ROLE_DATA])
self.delete(hbac.RULE_ENTITY, [hbac.RULE_DATA])
self.delete(sudo.RULE_ENTITY, [sudo.RULE_DATA])
def test_indirect_associations(self):
"""
Host indirect associations
"""
self.init_app()
# add
# ---
self.add_record(ENTITY, self.data)
self.add_record(hostgroup.ENTITY, hostgroup.DATA)
self.navigate_to_record(hostgroup.PKEY)
self.add_associations([self.pkey])
self.add_record(hostgroup.ENTITY, hostgroup.DATA2)
self.navigate_to_record(hostgroup.PKEY2)
self.switch_to_facet('member_hostgroup')
self.add_associations([hostgroup.PKEY])
self.add_record(netgroup.ENTITY, netgroup.DATA)
self.navigate_to_record(netgroup.PKEY)
self.add_table_associations('memberhost_hostgroup', [hostgroup.PKEY2])
self.add_record(rbac.ROLE_ENTITY, rbac.ROLE_DATA)
self.navigate_to_record(rbac.ROLE_PKEY)
self.switch_to_facet('member_hostgroup')
self.add_associations([hostgroup.PKEY2])
self.add_record(hbac.RULE_ENTITY, hbac.RULE_DATA)
self.navigate_to_record(hbac.RULE_PKEY)
self.add_table_associations('memberhost_hostgroup', [hostgroup.PKEY2])
self.add_record(sudo.RULE_ENTITY, sudo.RULE_DATA)
self.navigate_to_record(sudo.RULE_PKEY)
self.add_table_associations('memberhost_hostgroup', [hostgroup.PKEY2])
# check indirect associations
# ---------------------------
self.navigate_to_entity(ENTITY, 'search')
self.navigate_to_record(self.pkey)
self.assert_indirect_record(hostgroup.PKEY2, ENTITY, 'memberof_hostgroup')
self.assert_indirect_record(netgroup.PKEY, ENTITY, 'memberof_netgroup')
self.assert_indirect_record(rbac.ROLE_PKEY, ENTITY, 'memberof_role')
self.assert_indirect_record(hbac.RULE_PKEY, ENTITY, 'memberof_hbacrule')
self.assert_indirect_record(sudo.RULE_PKEY, ENTITY, 'memberof_sudorule')
## cleanup
## -------
self.delete(ENTITY, [self.data])
self.delete(hostgroup.ENTITY, [hostgroup.DATA, hostgroup.DATA2])
self.delete(netgroup.ENTITY, [netgroup.DATA])
self.delete(rbac.ROLE_ENTITY, [rbac.ROLE_DATA])
self.delete(hbac.RULE_ENTITY, [hbac.RULE_DATA])
self.delete(sudo.RULE_ENTITY, [sudo.RULE_DATA])