freeipa/ipatests/test_xmlrpc/tracker/group_plugin.py
Florence Blanc-Renaud fdfde9ce52 ipatests: adapt expected output with SID
From now on, new users/groups automatically get a SID.
Update the expect test outputs.

Related: https://pagure.io/freeipa/issue/8995
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-11-02 10:11:28 +01:00

372 lines
14 KiB
Python

#
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
from ipatests.test_xmlrpc import objectclasses
from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_digits, fuzzy_uuid
from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_user_or_group_sid
from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_set_optional_oc
from ipatests.test_xmlrpc.tracker.base import Tracker
from ipatests.util import assert_deepequal, get_group_dn
class GroupTracker(Tracker):
""" Class for host plugin like tests """
retrieve_keys = {
'dn', 'cn', 'gidnumber', 'member_user', 'member_group',
'member_service', 'description', 'memberof_group',
'memberofindirect_group', 'memberindirect_group',
'memberindirect_user', 'memberindirect_service',
'membermanager_group', 'membermanager_user',
'member_idoverrideuser', 'memberindirect_idoverrideuser',
'idoverrideuser'
}
retrieve_all_keys = retrieve_keys | {u'ipauniqueid', u'objectclass',
'ipantsecurityidentifier'}
create_keys = retrieve_all_keys - {u'ipantsecurityidentifier'}
update_keys = retrieve_keys - {u'dn'}
add_member_keys = retrieve_keys | {u'description'}
def __init__(self, name, description=u'Group desc'):
super(GroupTracker, self).__init__(default_version=None)
self.cn = name
self.description = description
self.dn = get_group_dn(self.cn)
def make_create_command(self, nonposix=False, external=False,
*args, **kwargs):
""" Make function that creates a group using 'group-add' """
return self.make_command('group_add', self.cn,
description=self.description,
nonposix=nonposix, external=external,
*args, **kwargs)
def make_delete_command(self):
""" Make function that deletes a group using 'group-del' """
return self.make_command('group_del', self.cn)
def make_retrieve_command(self, all=False, raw=False):
""" Make function that retrieves a group using 'group-show' """
return self.make_command('group_show', self.cn, all=all)
def make_find_command(self, *args, **kwargs):
""" Make function that searches for a group using 'group-find' """
return self.make_command('group_find', *args, **kwargs)
def make_update_command(self, updates):
""" Make function that updates a group using 'group-mod' """
return self.make_command('group_mod', self.cn, **updates)
def make_add_member_command(self, options={}):
""" Make function that adds a member to a group """
self.adds = options
return self.make_command('group_add_member', self.cn, **options)
def make_remove_member_command(self, options={}):
""" Make function that removes a member from a group """
return self.make_command('group_remove_member', self.cn, **options)
def make_detach_command(self):
""" Make function that detaches a managed group using
'group-detach' """
self.exists = True
return self.make_command('group_detach', self.cn)
def make_add_member_manager_command(self, options={}):
return self.make_command(
'group_add_member_manager', self.cn, **options
)
def make_remove_member_manager_command(self, options={}):
return self.make_command(
'group_remove_member_manager', self.cn, **options
)
def track_create(self):
""" Updates expected state for group creation"""
self.attrs = dict(
dn=get_group_dn(self.cn),
cn=[self.cn],
description=[self.description],
gidnumber=[fuzzy_digits],
ipauniqueid=[fuzzy_uuid],
objectclass=fuzzy_set_optional_oc(
objectclasses.posixgroup, 'ipantgroupattrs'),
ipantsecurityidentifier=[fuzzy_user_or_group_sid],
)
self.exists = True
def update(self, updates, expected_updates=None):
"""Helper function to update the group and check the result
Overriding Tracker method for setting self.attrs correctly;
* most attributes stores its value in list
* the rest can be overridden by expected_updates
* allow deleting parametrs if update value is None
"""
if expected_updates is None:
expected_updates = {}
self.ensure_exists()
command = self.make_update_command(updates)
result = command()
for key, value in updates.items():
if value is None:
del self.attrs[key]
else:
self.attrs[key] = [value]
for key, value in expected_updates.items():
if value is None:
del self.attrs[key]
else:
self.attrs[key] = value
self.check_update(
result,
extra_keys=set(updates.keys()) | set(expected_updates.keys())
)
def add_member(self, options):
""" Add a member (group OR user OR service OR idoverrideuser)
and performs check
"""
if u'user' in options:
try:
self.attrs[u'member_user'] =\
self.attrs[u'member_user'] + [options[u'user']]
except KeyError:
self.attrs[u'member_user'] = [options[u'user']]
elif u'group' in options:
try:
self.attrs[u'member_group'] =\
self.attrs[u'member_group'] + [options[u'group']]
except KeyError:
self.attrs[u'member_group'] = [options[u'group']]
elif u'service' in options:
try:
self.attrs[u'member_service'] =\
self.attrs[u'member_service'] + [options[u'service']]
except KeyError:
self.attrs[u'member_service'] = [options[u'service']]
elif u'idoverrideuser' in options:
try:
self.attrs[u'member_idoverrideuser'] =\
self.attrs[u'member_idoverrideuser'] + \
[options[u'idoverrideuser']]
except KeyError:
self.attrs[u'member_idoverrideuser'] =\
[options[u'idoverrideuser']]
command = self.make_add_member_command(options)
result = command()
self.check_add_member(result)
def remove_member(self, options):
""" Remove a member (group OR user) and performs check """
if u'user' in options:
self.attrs[u'member_user'].remove(options[u'user'])
elif u'group' in options:
self.attrs[u'member_group'].remove(options[u'group'])
elif u'service' in options:
self.attrs[u'member_service'].remove(options[u'service'])
try:
if not self.attrs[u'member_user']:
del self.attrs[u'member_user']
except KeyError:
pass
try:
if not self.attrs[u'member_group']:
del self.attrs[u'member_group']
except KeyError:
pass
try:
if not self.attrs[u'member_service']:
del self.attrs[u'member_service']
except KeyError:
pass
try:
if not self.attrs[u'member_idoverrideuser']:
del self.attrs[u'member_idoverrideuser']
except KeyError:
pass
command = self.make_remove_member_command(options)
result = command()
self.check_remove_member(result)
def add_member_manager(self, options):
"""Add a member manager (user or group) and perform checks"""
if "user" in options:
members = self.attrs.setdefault("membermanager_user", [])
members.append(options["user"])
elif "group" in options:
members = self.attrs.setdefault("membermanager_group", [])
members.append(options["group"])
command = self.make_add_member_manager_command(options)
result = command()
self.check_add_member_manager(result)
def remove_member_manager(self, options):
if "user" in options:
members = self.attrs["membermanager_user"]
members.remove(options["user"])
if not members:
self.attrs.pop("membermanager_user")
elif "group" in options:
members = self.attrs["membermanager_group"]
members.remove(options["group"])
if not members:
self.attrs.pop("membermanager_group")
command = self.make_remove_member_manager_command(options)
result = command()
self.check_remove_member_manager(result)
def retrieve(self, all=False, raw=False):
command = self.make_retrieve_command(all=all, raw=raw)
result = command()
self.check_retrieve(result, all=all, raw=raw)
def check_create(self, result):
""" Checks 'group_add' command result """
assert_deepequal(dict(
value=self.cn,
summary=u'Added group "%s"' % self.cn,
result=self.filter_attrs(self.create_keys)
), result)
def check_delete(self, result):
""" Checks 'group_del' command result """
assert_deepequal(dict(
value=[self.cn],
summary=u'Deleted group "%s"' % self.cn,
result=dict(failed=[]),
), result)
def check_retrieve(self, result, all=False, raw=False):
""" Checks 'group_show' command result """
if all:
expected = self.filter_attrs(self.retrieve_all_keys)
else:
expected = self.filter_attrs(self.retrieve_keys)
assert_deepequal(dict(
value=self.cn,
summary=None,
result=expected
), result)
def check_find(self, result, all=False, raw=False):
""" Checks 'group_find' command result """
if all:
expected = self.filter_attrs(self.retrieve_all_keys)
else:
expected = self.filter_attrs(self.retrieve_keys)
assert_deepequal(dict(
count=1,
truncated=False,
summary=u'1 group matched',
result=[expected],
), result)
def check_update(self, result, extra_keys={}):
""" Checks 'group_mod' command result """
assert_deepequal(dict(
value=self.cn,
summary=u'Modified group "%s"' % self.cn,
result=self.filter_attrs(self.update_keys | set(extra_keys))
), result)
def check_add_member(self, result):
""" Checks 'group_add_member' command result """
assert_deepequal(dict(
completed=1,
failed={u'member': {u'group': (), u'user': (),
u'service': (), u'idoverrideuser': ()}},
result=self.filter_attrs(self.add_member_keys)
), result)
def check_add_member_negative(self, result, options={}):
""" Checks 'group_add_member' command result
when expected result is failure of the operation"""
expected = dict(
completed=0,
failed={u'member': {u'group': (), u'user': (),
u'service': (), u'idoverrideuser': ()}},
result=self.filter_attrs(self.add_member_keys)
)
if not options:
try:
options = self.adds
except NameError:
pass
if u'user' in options:
expected[u'failed'][u'member'][u'user'] = [(
options[u'user'], u'no such entry')]
elif u'group' in options:
expected[u'failed'][u'member'][u'group'] = [(
options[u'group'], u'no such entry')]
elif u'service' in options:
expected[u'failed'][u'member'][u'service'] = [(
options[u'service'], u'no such entry')]
elif u'idoverrideuser' in options:
expected[u'failed'][u'member'][u'idoverrideuser'] = [(
options[u'idoverrideuser'], u'no such entry')]
assert_deepequal(expected, result)
def check_remove_member_negative(self, result, options):
""" Checks 'group_remove_member' command result
when expected result is failure of the operation"""
expected = dict(
completed=0,
failed={u'member': {u'group': (), u'user': (),
u'service': (), u'idoverrideuser': ()}},
result=self.filter_attrs(self.add_member_keys)
)
if u'user' in options:
expected[u'failed'][u'member'][u'user'] = [(
options[u'user'], u'This entry is not a member')]
elif u'group' in options:
expected[u'failed'][u'member'][u'group'] = [(
options[u'group'], u'This entry is not a member')]
elif u'service' in options:
expected[u'failed'][u'member'][u'service'] = [(
options[u'service'], u'This entry is not a member')]
elif u'idoverrideuser' in options:
expected[u'failed'][u'member'][u'idoverrideuser'] = [(
options[u'service'], u'This entry is not a member')]
assert_deepequal(expected, result)
def check_remove_member(self, result):
""" Checks 'group_remove_member' command result """
self.check_add_member(result)
def check_add_member_manager(self, result):
assert_deepequal(dict(
completed=1,
failed={'membermanager': {'group': (), 'user': ()}},
result=self.filter_attrs(self.add_member_keys)
), result)
def check_remove_member_manager(self, result):
self.check_add_member_manager(result)
def check_detach(self, result):
""" Checks 'group_detach' command result """
assert_deepequal(dict(
value=self.cn,
summary=u'Detached group "%s" from user "%s"' % (
self.cn, self.cn),
result=True
), result)