[Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

Lukas Slebodnik lslebodn at redhat.com
Mon Nov 30 16:32:56 UTC 2015 

On (30/11/15 13:09), Tomas Babej wrote:
>Hi,
>
>IPA sudo tests worked under the assumption that the clients that
>are executing the sudo commands have their IPs assigned within
>255.255.255.0 hostmask.
>
>Removes this (invalid) assumption and adds a dynamic detection of
>the hostmask of the IPA client.
>
>https://fedorahosted.org/freeipa/ticket/5501

>From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
>From: Tomas Babej <tbabej at redhat.com>
>Date: Mon, 30 Nov 2015 12:53:39 +0100
>Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
> hostmask
>
>IPA sudo tests worked under the assumption that the clients that
>are executing the sudo commands have their IPs assigned within
>255.255.255.0 hostmask.
>
>Removes this (invalid) assumption and adds a dynamic detection of
>the hostmask of the IPA client.
>
>https://fedorahosted.org/freeipa/ticket/5501
>---
> ipatests/test_integration/test_sudo.py | 25 +++++++++++++++++++++++--
> 1 file changed, 23 insertions(+), 2 deletions(-)
>
>diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
>index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..d97771dfa1a7fd2938a0be20a1b79814b852b03e 100644
>--- a/ipatests/test_integration/test_sudo.py
>+++ b/ipatests/test_integration/test_sudo.py
>@@ -17,6 +17,9 @@
> # You should have received a copy of the GNU General Public License
> # along with this program.  If not, see <http://www.gnu.org/licenses/>.
> 
>+import pytest
>+import re
>+
> from ipatests.test_integration.base import IntegrationTest
> from ipatests.test_integration.tasks import clear_sssd_cache
> 
>@@ -269,13 +272,31 @@ class TestSudo(IntegrationTest):
>                                  '--hostgroups', 'testhostgroup'])
> 
>     def test_sudo_rule_restricted_to_one_hostmask_setup(self):
>-        # Add the client's /24 hostmask to the rule
>+        # Add the client's hostmask to the rule
>         ip = self.client.ip
>+
>+        # We need to detect the hostmask first
>+        result = self.client.run_command(['ip', 'addr'])
>+        full_ip_regex = r'(?P<full_ip>{0}/\d{0,1}) '.format(re.escape(ip))
>+        match = re.search(full_ip_regex, result)
>+
>+        # Make a note for the next test, which needs to be skipped
>+        # if hostmask detection failed
>+        self.skip_hostmask_based = False
>+
>+        if not match:
>+            self.skip_hostmask_based = True
>+            raise pytest.skip("Hostmask could not be detected")
>+
>+        full_ip = match.group('full_ip')
>         self.master.run_command(['ipa', '-n', 'sudorule-add-host',
>                                  'testrule',
>-                                 '--hostmask', '%s/24' % ip])
>+                                 '--hostmask', full_ip])
> 
>     def test_sudo_rule_restricted_to_one_hostmask(self):
>+        if self.skip_hostmask_based:
>+            raise pytest.skip("Hostmask could not be detected")
>+
>         result1 = self.list_sudo_commands("testuser1")
>         assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text

I got following errors with the patch.

=================================== FAILURES ===================================
___________ TestSudo.test_sudo_rule_restricted_to_one_hostmask_setup ___________

self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e7b9cd50>

    def test_sudo_rule_restricted_to_one_hostmask_setup(self):
        # Add the client's hostmask to the rule
        ip = self.client.ip
    
        # We need to detect the hostmask first
        result = self.client.run_command(['ip', 'addr'])
>       full_ip_regex = r'(?P<full_ip>{0}/\d{0,1}) '.format(re.escape(ip))
E       KeyError: '0,1'

test_integration/test_sudo.py:280: KeyError
______________ TestSudo.test_sudo_rule_restricted_to_one_hostmask ______________

self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e7b9e050>

    def test_sudo_rule_restricted_to_one_hostmask(self):
>       if self.skip_hostmask_based:
E       AttributeError: 'TestSudo' object has no attribute 'skip_hostmask_based'

test_integration/test_sudo.py:297: AttributeError
______ TestSudo.test_setting_category_to_all_with_valid_entries_host_mask ______

self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e56dc050>

    def test_setting_category_to_all_with_valid_entries_host_mask(self):
        result = self.reset_rule_categories(safe_delete=False)
>       assert result.returncode != 0
E       assert 0 != 0
E        +  where 0 = <pytest_multihost.transport.SSHCommand object at 0x7fe6e7b9e190>.returncode

test_integration/test_sudo.py:305: AssertionError
______ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative_setup _______

self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e574bbd0>

    def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self):
        # Add the master's hostmask to the rule
        ip = self.master.ip
        self.master.run_command(['ipa', '-n', 'sudorule-add-host',
                                 'testrule',
>                                '--hostmask', '%s/32' % ip])

test_integration/test_sudo.py:319: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../pytest_multihost/host.py:222: in run_command
    command.wait(raiseonerr=raiseonerr)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <pytest_multihost.transport.SSHCommand object at 0x7fe6e574bb10>
raiseonerr = True

    def wait(self, raiseonerr=True):
        """Wait for the remote process to exit
    
            Raises an excption if the exit code is not 0, unless raiseonerr is
            true.
            """
        if self._done:
            return self.returncode
    
        self._end_process()
    
        self._done = True
    
        if raiseonerr and self.returncode:
            self.log.error('Exit code: %s', self.returncode)
>           raise subprocess.CalledProcessError(self.returncode, self.argv)
E           CalledProcessError: Command '['ipa', '-n', 'sudorule-add-host', 'testrule', '--hostmask', '10.16.184.13/32']' returned non-zero exit status 1

../pytest_multihost/transport.py:159: CalledProcessError
_________ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative __________

self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e7c9d410>

    def test_sudo_rule_restricted_to_one_hostmask_negative(self):
        result1 = self.list_sudo_commands("testuser1")
>       assert result1.returncode != 0
E       assert 0 != 0
E        +  where 0 = <pytest_multihost.transport.SSHCommand object at 0x7fe6e7b9e190>.returncode

test_integration/test_sudo.py:323: AssertionError
==================== 5 failed, 70 passed in 679.39 seconds =====================

LS

More information about the Freeipa-devel mailing list