mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
fec66942d4
Even though Pytest supports xunit style setups, unittest and nose tests, this support is limited and may be dropped in the future releases. Worst of all is that the mixing of various test frameworks results in weird conflicts and of course, is not widely tested. This is a part of work to remove the mixing of test idioms in the IPA's test suite: 1) replace unittest.TestCase subclasses 2) replace unittest test controls (SkipTest, fail, etc.) 3) replace unittest assertions Related: https://pagure.io/freeipa/issue/7989 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Christian Heimes <cheimes@redhat.com>
341 lines
10 KiB
Python
341 lines
10 KiB
Python
# Authors:
|
|
# Rob Crittenden <rcritten@redhat.com>
|
|
#
|
|
# Copyright (C) 2010 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
# Test some simple LDAP requests using the ldap2 backend
|
|
|
|
# This fetches a certificate from a host principal so we can ensure that the
|
|
# schema is working properly. We know this because the schema will tell the
|
|
# encoder not to utf-8 encode binary attributes.
|
|
|
|
# The DM password needs to be set in ~/.ipa/.dmpw
|
|
|
|
from __future__ import absolute_import
|
|
|
|
import os
|
|
import sys
|
|
|
|
import pytest
|
|
import six
|
|
|
|
from ipaplatform.paths import paths
|
|
from ipaserver.plugins.ldap2 import ldap2, AUTOBIND_DISABLED
|
|
from ipalib import api, create_api, errors
|
|
from ipapython.dn import DN
|
|
|
|
if six.PY3:
|
|
unicode = str
|
|
|
|
|
|
@pytest.mark.tier0
|
|
@pytest.mark.needs_ipaapi
|
|
class test_ldap:
|
|
"""
|
|
Test various LDAP client bind methods.
|
|
"""
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def ldap_setup(self, request):
|
|
self.conn = None
|
|
self.ldapuri = api.env.ldap_uri
|
|
self.dn = DN(('krbprincipalname','ldap/%s@%s' % (api.env.host, api.env.realm)),
|
|
('cn','services'),('cn','accounts'),api.env.basedn)
|
|
|
|
def fin():
|
|
if self.conn and self.conn.isconnected():
|
|
self.conn.disconnect()
|
|
request.addfinalizer(fin)
|
|
|
|
def test_anonymous(self):
|
|
"""
|
|
Test an anonymous LDAP bind using ldap2
|
|
"""
|
|
self.conn = ldap2(api)
|
|
self.conn.connect(autobind=AUTOBIND_DISABLED)
|
|
dn = api.env.basedn
|
|
entry_attrs = self.conn.get_entry(dn, ['associateddomain'])
|
|
domain = entry_attrs.single_value['associateddomain']
|
|
assert domain == api.env.domain
|
|
|
|
def test_GSSAPI(self):
|
|
"""
|
|
Test a GSSAPI LDAP bind using ldap2
|
|
"""
|
|
self.conn = ldap2(api)
|
|
self.conn.connect(autobind=AUTOBIND_DISABLED)
|
|
entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
|
|
cert = entry_attrs.get('usercertificate')[0]
|
|
assert cert.serial_number is not None
|
|
|
|
def test_simple(self):
|
|
"""
|
|
Test a simple LDAP bind using ldap2
|
|
"""
|
|
pwfile = api.env.dot_ipa + os.sep + ".dmpw"
|
|
if os.path.isfile(pwfile):
|
|
with open(pwfile, "r") as fp:
|
|
dm_password = fp.read().rstrip()
|
|
else:
|
|
pytest.skip(
|
|
"No directory manager password in %s" % pwfile
|
|
)
|
|
self.conn = ldap2(api)
|
|
self.conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password)
|
|
entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
|
|
cert = entry_attrs.get('usercertificate')[0]
|
|
assert cert.serial_number is not None
|
|
|
|
def test_Backend(self):
|
|
"""
|
|
Test using the ldap2 Backend directly (ala ipa-server-install)
|
|
"""
|
|
|
|
# Create our own api because the one generated for the tests is
|
|
# a client-only api. Then we register in the commands and objects
|
|
# we need for the test.
|
|
myapi = create_api(mode=None)
|
|
myapi.bootstrap(context='cli', in_server=True, confdir=paths.ETC_IPA)
|
|
myapi.finalize()
|
|
|
|
pwfile = api.env.dot_ipa + os.sep + ".dmpw"
|
|
if os.path.isfile(pwfile):
|
|
with open(pwfile, "r") as fp:
|
|
dm_password = fp.read().rstrip()
|
|
else:
|
|
pytest.skip(
|
|
"No directory manager password in %s" % pwfile
|
|
)
|
|
myapi.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password)
|
|
|
|
result = myapi.Command['service_show']('ldap/%s@%s' % (api.env.host, api.env.realm,))
|
|
entry_attrs = result['result']
|
|
cert = entry_attrs.get('usercertificate')[0]
|
|
assert cert.serial_number is not None
|
|
|
|
def test_autobind(self):
|
|
"""
|
|
Test an autobind LDAP bind using ldap2
|
|
"""
|
|
self.conn = ldap2(api)
|
|
try:
|
|
self.conn.connect(autobind=True)
|
|
except errors.ACIError:
|
|
pytest.skip("Only executed as root")
|
|
entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
|
|
cert = entry_attrs.get('usercertificate')[0]
|
|
assert cert.serial_number is not None
|
|
|
|
|
|
@pytest.mark.tier0
|
|
@pytest.mark.needs_ipaapi
|
|
class test_LDAPEntry:
|
|
"""
|
|
Test the LDAPEntry class
|
|
"""
|
|
cn1 = [u'test1']
|
|
cn2 = [u'test2']
|
|
dn1 = DN(('cn', cn1[0]))
|
|
dn2 = DN(('cn', cn2[0]))
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def ldapentry_setup(self, request):
|
|
self.ldapuri = api.env.ldap_uri
|
|
self.conn = ldap2(api)
|
|
self.conn.connect(autobind=AUTOBIND_DISABLED)
|
|
|
|
self.entry = self.conn.make_entry(self.dn1, cn=self.cn1)
|
|
|
|
def fin():
|
|
if self.conn and self.conn.isconnected():
|
|
self.conn.disconnect()
|
|
request.addfinalizer(fin)
|
|
|
|
def test_entry(self):
|
|
e = self.entry
|
|
assert e.dn is self.dn1
|
|
assert u'cn' in e
|
|
assert u'cn' in e.keys()
|
|
assert 'CN' in e
|
|
if six.PY2:
|
|
assert 'CN' not in e.keys()
|
|
else:
|
|
assert 'CN' in e.keys()
|
|
assert 'commonName' in e
|
|
if six.PY2:
|
|
assert 'commonName' not in e.keys()
|
|
else:
|
|
assert 'commonName' in e.keys()
|
|
assert e['CN'] is self.cn1
|
|
assert e['CN'] is e[u'cn']
|
|
|
|
e.dn = self.dn2
|
|
assert e.dn is self.dn2
|
|
|
|
def test_set_attr(self):
|
|
e = self.entry
|
|
e['commonName'] = self.cn2
|
|
assert u'cn' in e
|
|
assert u'cn' in e.keys()
|
|
assert 'CN' in e
|
|
if six.PY2:
|
|
assert 'CN' not in e.keys()
|
|
else:
|
|
assert 'CN' in e.keys()
|
|
assert 'commonName' in e
|
|
if six.PY2:
|
|
assert 'commonName' not in e.keys()
|
|
else:
|
|
assert 'commonName' in e.keys()
|
|
assert e['CN'] is self.cn2
|
|
assert e['CN'] is e[u'cn']
|
|
|
|
def test_del_attr(self):
|
|
e = self.entry
|
|
del e['CN']
|
|
assert 'CN' not in e
|
|
assert 'CN' not in e.keys()
|
|
assert u'cn' not in e
|
|
assert u'cn' not in e.keys()
|
|
assert 'commonName' not in e
|
|
assert 'commonName' not in e.keys()
|
|
|
|
def test_popitem(self):
|
|
e = self.entry
|
|
assert e.popitem() == ('cn', self.cn1)
|
|
assert list(e) == []
|
|
|
|
def test_setdefault(self):
|
|
e = self.entry
|
|
assert e.setdefault('cn', self.cn2) == self.cn1
|
|
assert e['cn'] == self.cn1
|
|
assert e.setdefault('xyz', self.cn2) == self.cn2
|
|
assert e['xyz'] == self.cn2
|
|
|
|
def test_update(self):
|
|
e = self.entry
|
|
e.update({'cn': self.cn2}, xyz=self.cn2)
|
|
assert e['cn'] == self.cn2
|
|
assert e['xyz'] == self.cn2
|
|
|
|
def test_pop(self):
|
|
e = self.entry
|
|
assert e.pop('cn') == self.cn1
|
|
assert 'cn' not in e
|
|
assert e.pop('cn', 'default') == 'default'
|
|
with pytest.raises(KeyError):
|
|
e.pop('cn')
|
|
|
|
def test_clear(self):
|
|
e = self.entry
|
|
e.clear()
|
|
assert not e
|
|
assert 'cn' not in e
|
|
|
|
@pytest.mark.skipif(sys.version_info >= (3, 0), reason="Python 2 only")
|
|
def test_has_key(self):
|
|
e = self.entry
|
|
assert not e.has_key('xyz')
|
|
assert e.has_key('cn')
|
|
assert e.has_key('COMMONNAME')
|
|
|
|
def test_in(self):
|
|
e = self.entry
|
|
assert 'xyz' not in e
|
|
assert 'cn' in e
|
|
assert 'COMMONNAME' in e
|
|
|
|
def test_get(self):
|
|
e = self.entry
|
|
assert e.get('cn') == self.cn1
|
|
assert e.get('commonname') == self.cn1
|
|
assert e.get('COMMONNAME', 'default') == self.cn1
|
|
assert e.get('bad key', 'default') == 'default'
|
|
|
|
def test_single_value(self):
|
|
e = self.entry
|
|
assert e.single_value['cn'] == self.cn1[0]
|
|
assert e.single_value['commonname'] == self.cn1[0]
|
|
assert e.single_value.get('COMMONNAME', 'default') == self.cn1[0]
|
|
assert e.single_value.get('bad key', 'default') == 'default'
|
|
|
|
def test_sync(self):
|
|
e = self.entry
|
|
|
|
nice = e['test'] = [1, 2, 3]
|
|
assert e['test'] is nice
|
|
|
|
raw = e.raw['test']
|
|
assert raw == [b'1', b'2', b'3']
|
|
|
|
nice.remove(1)
|
|
assert e.raw['test'] is raw
|
|
assert raw == [b'2', b'3']
|
|
|
|
raw.append(b'4')
|
|
assert e['test'] is nice
|
|
assert nice == [2, 3, u'4']
|
|
|
|
nice.remove(2)
|
|
raw.append(b'5')
|
|
assert nice == [3, u'4']
|
|
assert raw == [b'2', b'3', b'4', b'5']
|
|
assert e['test'] is nice
|
|
assert e.raw['test'] is raw
|
|
assert nice == [3, u'4', u'5']
|
|
assert raw == [b'3', b'4', b'5']
|
|
|
|
nice.insert(0, 2)
|
|
raw.remove(b'4')
|
|
assert nice == [2, 3, u'4', u'5']
|
|
assert raw == [b'3', b'5']
|
|
assert e.raw['test'] is raw
|
|
assert e['test'] is nice
|
|
assert nice == [2, 3, u'5']
|
|
assert raw == [b'3', b'5', b'2']
|
|
|
|
raw = [b'a', b'b']
|
|
e.raw['test'] = raw
|
|
assert e['test'] is not nice
|
|
assert e['test'] == [u'a', u'b']
|
|
|
|
nice = 'not list'
|
|
e['test'] = nice
|
|
assert e['test'] is nice
|
|
assert e.raw['test'] == [b'not list']
|
|
|
|
e.raw['test'].append(b'second')
|
|
assert e['test'] == ['not list', u'second']
|
|
|
|
def test_modlist_with_varying_encodings(self):
|
|
"""
|
|
Test modlist is correct when only encoding of new value differs
|
|
|
|
See: https://bugzilla.redhat.com/show_bug.cgi?id=1658302
|
|
"""
|
|
dn_ipa_encoded = b'O=Red Hat\\, Inc.'
|
|
dn_389ds_encoded = b'O=Red Hat\\2C Inc.'
|
|
entry = self.entry
|
|
entry.raw['distinguishedName'] = [dn_389ds_encoded]
|
|
# This is to make entry believe that that value was part of the
|
|
# original data we received from LDAP
|
|
entry.reset_modlist()
|
|
entry['distinguishedName'] = [entry['distinguishedName'][0]]
|
|
assert entry.generate_modlist() == [
|
|
(1, 'distinguishedName', [dn_389ds_encoded]),
|
|
(0, 'distinguishedName', [dn_ipa_encoded])]
|