mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
fdfde9ce52
From now on, new users/groups automatically get a SID. Update the expect test outputs. Related: https://pagure.io/freeipa/issue/8995 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
372 lines
14 KiB
Python
372 lines
14 KiB
Python
#
|
|
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
|
|
#
|
|
|
|
from ipatests.test_xmlrpc import objectclasses
|
|
from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_digits, fuzzy_uuid
|
|
from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_user_or_group_sid
|
|
from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_set_optional_oc
|
|
|
|
from ipatests.test_xmlrpc.tracker.base import Tracker
|
|
from ipatests.util import assert_deepequal, get_group_dn
|
|
|
|
|
|
class GroupTracker(Tracker):
|
|
""" Class for host plugin like tests """
|
|
retrieve_keys = {
|
|
'dn', 'cn', 'gidnumber', 'member_user', 'member_group',
|
|
'member_service', 'description', 'memberof_group',
|
|
'memberofindirect_group', 'memberindirect_group',
|
|
'memberindirect_user', 'memberindirect_service',
|
|
'membermanager_group', 'membermanager_user',
|
|
'member_idoverrideuser', 'memberindirect_idoverrideuser',
|
|
'idoverrideuser'
|
|
}
|
|
|
|
retrieve_all_keys = retrieve_keys | {u'ipauniqueid', u'objectclass',
|
|
'ipantsecurityidentifier'}
|
|
|
|
create_keys = retrieve_all_keys - {u'ipantsecurityidentifier'}
|
|
update_keys = retrieve_keys - {u'dn'}
|
|
|
|
add_member_keys = retrieve_keys | {u'description'}
|
|
|
|
def __init__(self, name, description=u'Group desc'):
|
|
super(GroupTracker, self).__init__(default_version=None)
|
|
self.cn = name
|
|
self.description = description
|
|
self.dn = get_group_dn(self.cn)
|
|
|
|
def make_create_command(self, nonposix=False, external=False,
|
|
*args, **kwargs):
|
|
""" Make function that creates a group using 'group-add' """
|
|
return self.make_command('group_add', self.cn,
|
|
description=self.description,
|
|
nonposix=nonposix, external=external,
|
|
*args, **kwargs)
|
|
|
|
def make_delete_command(self):
|
|
""" Make function that deletes a group using 'group-del' """
|
|
return self.make_command('group_del', self.cn)
|
|
|
|
def make_retrieve_command(self, all=False, raw=False):
|
|
""" Make function that retrieves a group using 'group-show' """
|
|
return self.make_command('group_show', self.cn, all=all)
|
|
|
|
def make_find_command(self, *args, **kwargs):
|
|
""" Make function that searches for a group using 'group-find' """
|
|
return self.make_command('group_find', *args, **kwargs)
|
|
|
|
def make_update_command(self, updates):
|
|
""" Make function that updates a group using 'group-mod' """
|
|
return self.make_command('group_mod', self.cn, **updates)
|
|
|
|
def make_add_member_command(self, options={}):
|
|
""" Make function that adds a member to a group """
|
|
self.adds = options
|
|
return self.make_command('group_add_member', self.cn, **options)
|
|
|
|
def make_remove_member_command(self, options={}):
|
|
""" Make function that removes a member from a group """
|
|
return self.make_command('group_remove_member', self.cn, **options)
|
|
|
|
def make_detach_command(self):
|
|
""" Make function that detaches a managed group using
|
|
'group-detach' """
|
|
self.exists = True
|
|
return self.make_command('group_detach', self.cn)
|
|
|
|
def make_add_member_manager_command(self, options={}):
|
|
return self.make_command(
|
|
'group_add_member_manager', self.cn, **options
|
|
)
|
|
|
|
def make_remove_member_manager_command(self, options={}):
|
|
return self.make_command(
|
|
'group_remove_member_manager', self.cn, **options
|
|
)
|
|
|
|
def track_create(self):
|
|
""" Updates expected state for group creation"""
|
|
self.attrs = dict(
|
|
dn=get_group_dn(self.cn),
|
|
cn=[self.cn],
|
|
description=[self.description],
|
|
gidnumber=[fuzzy_digits],
|
|
ipauniqueid=[fuzzy_uuid],
|
|
objectclass=fuzzy_set_optional_oc(
|
|
objectclasses.posixgroup, 'ipantgroupattrs'),
|
|
ipantsecurityidentifier=[fuzzy_user_or_group_sid],
|
|
)
|
|
self.exists = True
|
|
|
|
def update(self, updates, expected_updates=None):
|
|
"""Helper function to update the group and check the result
|
|
|
|
Overriding Tracker method for setting self.attrs correctly;
|
|
* most attributes stores its value in list
|
|
* the rest can be overridden by expected_updates
|
|
* allow deleting parametrs if update value is None
|
|
"""
|
|
if expected_updates is None:
|
|
expected_updates = {}
|
|
|
|
self.ensure_exists()
|
|
command = self.make_update_command(updates)
|
|
result = command()
|
|
|
|
for key, value in updates.items():
|
|
if value is None:
|
|
del self.attrs[key]
|
|
else:
|
|
self.attrs[key] = [value]
|
|
for key, value in expected_updates.items():
|
|
if value is None:
|
|
del self.attrs[key]
|
|
else:
|
|
self.attrs[key] = value
|
|
|
|
self.check_update(
|
|
result,
|
|
extra_keys=set(updates.keys()) | set(expected_updates.keys())
|
|
)
|
|
|
|
def add_member(self, options):
|
|
""" Add a member (group OR user OR service OR idoverrideuser)
|
|
and performs check
|
|
"""
|
|
if u'user' in options:
|
|
try:
|
|
self.attrs[u'member_user'] =\
|
|
self.attrs[u'member_user'] + [options[u'user']]
|
|
except KeyError:
|
|
self.attrs[u'member_user'] = [options[u'user']]
|
|
elif u'group' in options:
|
|
try:
|
|
self.attrs[u'member_group'] =\
|
|
self.attrs[u'member_group'] + [options[u'group']]
|
|
except KeyError:
|
|
self.attrs[u'member_group'] = [options[u'group']]
|
|
elif u'service' in options:
|
|
try:
|
|
self.attrs[u'member_service'] =\
|
|
self.attrs[u'member_service'] + [options[u'service']]
|
|
except KeyError:
|
|
self.attrs[u'member_service'] = [options[u'service']]
|
|
elif u'idoverrideuser' in options:
|
|
try:
|
|
self.attrs[u'member_idoverrideuser'] =\
|
|
self.attrs[u'member_idoverrideuser'] + \
|
|
[options[u'idoverrideuser']]
|
|
except KeyError:
|
|
self.attrs[u'member_idoverrideuser'] =\
|
|
[options[u'idoverrideuser']]
|
|
|
|
command = self.make_add_member_command(options)
|
|
result = command()
|
|
self.check_add_member(result)
|
|
|
|
def remove_member(self, options):
|
|
""" Remove a member (group OR user) and performs check """
|
|
if u'user' in options:
|
|
self.attrs[u'member_user'].remove(options[u'user'])
|
|
elif u'group' in options:
|
|
self.attrs[u'member_group'].remove(options[u'group'])
|
|
elif u'service' in options:
|
|
self.attrs[u'member_service'].remove(options[u'service'])
|
|
|
|
try:
|
|
if not self.attrs[u'member_user']:
|
|
del self.attrs[u'member_user']
|
|
except KeyError:
|
|
pass
|
|
try:
|
|
if not self.attrs[u'member_group']:
|
|
del self.attrs[u'member_group']
|
|
except KeyError:
|
|
pass
|
|
try:
|
|
if not self.attrs[u'member_service']:
|
|
del self.attrs[u'member_service']
|
|
except KeyError:
|
|
pass
|
|
try:
|
|
if not self.attrs[u'member_idoverrideuser']:
|
|
del self.attrs[u'member_idoverrideuser']
|
|
except KeyError:
|
|
pass
|
|
|
|
command = self.make_remove_member_command(options)
|
|
result = command()
|
|
self.check_remove_member(result)
|
|
|
|
def add_member_manager(self, options):
|
|
"""Add a member manager (user or group) and perform checks"""
|
|
if "user" in options:
|
|
members = self.attrs.setdefault("membermanager_user", [])
|
|
members.append(options["user"])
|
|
elif "group" in options:
|
|
members = self.attrs.setdefault("membermanager_group", [])
|
|
members.append(options["group"])
|
|
|
|
command = self.make_add_member_manager_command(options)
|
|
result = command()
|
|
self.check_add_member_manager(result)
|
|
|
|
def remove_member_manager(self, options):
|
|
if "user" in options:
|
|
members = self.attrs["membermanager_user"]
|
|
members.remove(options["user"])
|
|
if not members:
|
|
self.attrs.pop("membermanager_user")
|
|
elif "group" in options:
|
|
members = self.attrs["membermanager_group"]
|
|
members.remove(options["group"])
|
|
if not members:
|
|
self.attrs.pop("membermanager_group")
|
|
|
|
command = self.make_remove_member_manager_command(options)
|
|
result = command()
|
|
self.check_remove_member_manager(result)
|
|
|
|
def retrieve(self, all=False, raw=False):
|
|
command = self.make_retrieve_command(all=all, raw=raw)
|
|
result = command()
|
|
self.check_retrieve(result, all=all, raw=raw)
|
|
|
|
def check_create(self, result):
|
|
""" Checks 'group_add' command result """
|
|
assert_deepequal(dict(
|
|
value=self.cn,
|
|
summary=u'Added group "%s"' % self.cn,
|
|
result=self.filter_attrs(self.create_keys)
|
|
), result)
|
|
|
|
def check_delete(self, result):
|
|
""" Checks 'group_del' command result """
|
|
assert_deepequal(dict(
|
|
value=[self.cn],
|
|
summary=u'Deleted group "%s"' % self.cn,
|
|
result=dict(failed=[]),
|
|
), result)
|
|
|
|
def check_retrieve(self, result, all=False, raw=False):
|
|
""" Checks 'group_show' command result """
|
|
if all:
|
|
expected = self.filter_attrs(self.retrieve_all_keys)
|
|
else:
|
|
expected = self.filter_attrs(self.retrieve_keys)
|
|
|
|
assert_deepequal(dict(
|
|
value=self.cn,
|
|
summary=None,
|
|
result=expected
|
|
), result)
|
|
|
|
def check_find(self, result, all=False, raw=False):
|
|
""" Checks 'group_find' command result """
|
|
if all:
|
|
expected = self.filter_attrs(self.retrieve_all_keys)
|
|
else:
|
|
expected = self.filter_attrs(self.retrieve_keys)
|
|
|
|
assert_deepequal(dict(
|
|
count=1,
|
|
truncated=False,
|
|
summary=u'1 group matched',
|
|
result=[expected],
|
|
), result)
|
|
|
|
def check_update(self, result, extra_keys={}):
|
|
""" Checks 'group_mod' command result """
|
|
assert_deepequal(dict(
|
|
value=self.cn,
|
|
summary=u'Modified group "%s"' % self.cn,
|
|
result=self.filter_attrs(self.update_keys | set(extra_keys))
|
|
), result)
|
|
|
|
def check_add_member(self, result):
|
|
""" Checks 'group_add_member' command result """
|
|
assert_deepequal(dict(
|
|
completed=1,
|
|
failed={u'member': {u'group': (), u'user': (),
|
|
u'service': (), u'idoverrideuser': ()}},
|
|
result=self.filter_attrs(self.add_member_keys)
|
|
), result)
|
|
|
|
def check_add_member_negative(self, result, options={}):
|
|
""" Checks 'group_add_member' command result
|
|
when expected result is failure of the operation"""
|
|
expected = dict(
|
|
completed=0,
|
|
failed={u'member': {u'group': (), u'user': (),
|
|
u'service': (), u'idoverrideuser': ()}},
|
|
result=self.filter_attrs(self.add_member_keys)
|
|
)
|
|
if not options:
|
|
try:
|
|
options = self.adds
|
|
except NameError:
|
|
pass
|
|
if u'user' in options:
|
|
expected[u'failed'][u'member'][u'user'] = [(
|
|
options[u'user'], u'no such entry')]
|
|
elif u'group' in options:
|
|
expected[u'failed'][u'member'][u'group'] = [(
|
|
options[u'group'], u'no such entry')]
|
|
elif u'service' in options:
|
|
expected[u'failed'][u'member'][u'service'] = [(
|
|
options[u'service'], u'no such entry')]
|
|
elif u'idoverrideuser' in options:
|
|
expected[u'failed'][u'member'][u'idoverrideuser'] = [(
|
|
options[u'idoverrideuser'], u'no such entry')]
|
|
|
|
assert_deepequal(expected, result)
|
|
|
|
def check_remove_member_negative(self, result, options):
|
|
""" Checks 'group_remove_member' command result
|
|
when expected result is failure of the operation"""
|
|
expected = dict(
|
|
completed=0,
|
|
failed={u'member': {u'group': (), u'user': (),
|
|
u'service': (), u'idoverrideuser': ()}},
|
|
result=self.filter_attrs(self.add_member_keys)
|
|
)
|
|
if u'user' in options:
|
|
expected[u'failed'][u'member'][u'user'] = [(
|
|
options[u'user'], u'This entry is not a member')]
|
|
elif u'group' in options:
|
|
expected[u'failed'][u'member'][u'group'] = [(
|
|
options[u'group'], u'This entry is not a member')]
|
|
elif u'service' in options:
|
|
expected[u'failed'][u'member'][u'service'] = [(
|
|
options[u'service'], u'This entry is not a member')]
|
|
elif u'idoverrideuser' in options:
|
|
expected[u'failed'][u'member'][u'idoverrideuser'] = [(
|
|
options[u'service'], u'This entry is not a member')]
|
|
|
|
assert_deepequal(expected, result)
|
|
|
|
def check_remove_member(self, result):
|
|
""" Checks 'group_remove_member' command result """
|
|
self.check_add_member(result)
|
|
|
|
def check_add_member_manager(self, result):
|
|
assert_deepequal(dict(
|
|
completed=1,
|
|
failed={'membermanager': {'group': (), 'user': ()}},
|
|
result=self.filter_attrs(self.add_member_keys)
|
|
), result)
|
|
|
|
def check_remove_member_manager(self, result):
|
|
self.check_add_member_manager(result)
|
|
|
|
def check_detach(self, result):
|
|
""" Checks 'group_detach' command result """
|
|
assert_deepequal(dict(
|
|
value=self.cn,
|
|
summary=u'Detached group "%s" from user "%s"' % (
|
|
self.cn, self.cn),
|
|
result=True
|
|
), result)
|