[Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating
Lukas Slebodnik
lslebodn at redhat.com
Mon Nov 30 16:32:56 UTC 2015
On (30/11/15 13:09), Tomas Babej wrote:
>Hi,
>
>IPA sudo tests worked under the assumption that the clients that
>are executing the sudo commands have their IPs assigned within
>255.255.255.0 hostmask.
>
>Removes this (invalid) assumption and adds a dynamic detection of
>the hostmask of the IPA client.
>
>https://fedorahosted.org/freeipa/ticket/5501
>From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
>From: Tomas Babej <tbabej at redhat.com>
>Date: Mon, 30 Nov 2015 12:53:39 +0100
>Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
> hostmask
>
>IPA sudo tests worked under the assumption that the clients that
>are executing the sudo commands have their IPs assigned within
>255.255.255.0 hostmask.
>
>Removes this (invalid) assumption and adds a dynamic detection of
>the hostmask of the IPA client.
>
>https://fedorahosted.org/freeipa/ticket/5501
>---
> ipatests/test_integration/test_sudo.py | 25 +++++++++++++++++++++++--
> 1 file changed, 23 insertions(+), 2 deletions(-)
>
>diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
>index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..d97771dfa1a7fd2938a0be20a1b79814b852b03e 100644
>--- a/ipatests/test_integration/test_sudo.py
>+++ b/ipatests/test_integration/test_sudo.py
>@@ -17,6 +17,9 @@
> # You should have received a copy of the GNU General Public License
> # along with this program. If not, see <http://www.gnu.org/licenses/>.
>
>+import pytest
>+import re
>+
> from ipatests.test_integration.base import IntegrationTest
> from ipatests.test_integration.tasks import clear_sssd_cache
>
>@@ -269,13 +272,31 @@ class TestSudo(IntegrationTest):
> '--hostgroups', 'testhostgroup'])
>
> def test_sudo_rule_restricted_to_one_hostmask_setup(self):
>- # Add the client's /24 hostmask to the rule
>+ # Add the client's hostmask to the rule
> ip = self.client.ip
>+
>+ # We need to detect the hostmask first
>+ result = self.client.run_command(['ip', 'addr'])
>+ full_ip_regex = r'(?P<full_ip>{0}/\d{0,1}) '.format(re.escape(ip))
>+ match = re.search(full_ip_regex, result)
>+
>+ # Make a note for the next test, which needs to be skipped
>+ # if hostmask detection failed
>+ self.skip_hostmask_based = False
>+
>+ if not match:
>+ self.skip_hostmask_based = True
>+ raise pytest.skip("Hostmask could not be detected")
>+
>+ full_ip = match.group('full_ip')
> self.master.run_command(['ipa', '-n', 'sudorule-add-host',
> 'testrule',
>- '--hostmask', '%s/24' % ip])
>+ '--hostmask', full_ip])
>
> def test_sudo_rule_restricted_to_one_hostmask(self):
>+ if self.skip_hostmask_based:
>+ raise pytest.skip("Hostmask could not be detected")
>+
> result1 = self.list_sudo_commands("testuser1")
> assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text
I got following errors with the patch.
=================================== FAILURES ===================================
___________ TestSudo.test_sudo_rule_restricted_to_one_hostmask_setup ___________
self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e7b9cd50>
def test_sudo_rule_restricted_to_one_hostmask_setup(self):
# Add the client's hostmask to the rule
ip = self.client.ip
# We need to detect the hostmask first
result = self.client.run_command(['ip', 'addr'])
> full_ip_regex = r'(?P<full_ip>{0}/\d{0,1}) '.format(re.escape(ip))
E KeyError: '0,1'
test_integration/test_sudo.py:280: KeyError
______________ TestSudo.test_sudo_rule_restricted_to_one_hostmask ______________
self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e7b9e050>
def test_sudo_rule_restricted_to_one_hostmask(self):
> if self.skip_hostmask_based:
E AttributeError: 'TestSudo' object has no attribute 'skip_hostmask_based'
test_integration/test_sudo.py:297: AttributeError
______ TestSudo.test_setting_category_to_all_with_valid_entries_host_mask ______
self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e56dc050>
def test_setting_category_to_all_with_valid_entries_host_mask(self):
result = self.reset_rule_categories(safe_delete=False)
> assert result.returncode != 0
E assert 0 != 0
E + where 0 = <pytest_multihost.transport.SSHCommand object at 0x7fe6e7b9e190>.returncode
test_integration/test_sudo.py:305: AssertionError
______ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative_setup _______
self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e574bbd0>
def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self):
# Add the master's hostmask to the rule
ip = self.master.ip
self.master.run_command(['ipa', '-n', 'sudorule-add-host',
'testrule',
> '--hostmask', '%s/32' % ip])
test_integration/test_sudo.py:319:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../pytest_multihost/host.py:222: in run_command
command.wait(raiseonerr=raiseonerr)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <pytest_multihost.transport.SSHCommand object at 0x7fe6e574bb10>
raiseonerr = True
def wait(self, raiseonerr=True):
"""Wait for the remote process to exit
Raises an excption if the exit code is not 0, unless raiseonerr is
true.
"""
if self._done:
return self.returncode
self._end_process()
self._done = True
if raiseonerr and self.returncode:
self.log.error('Exit code: %s', self.returncode)
> raise subprocess.CalledProcessError(self.returncode, self.argv)
E CalledProcessError: Command '['ipa', '-n', 'sudorule-add-host', 'testrule', '--hostmask', '10.16.184.13/32']' returned non-zero exit status 1
../pytest_multihost/transport.py:159: CalledProcessError
_________ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative __________
self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e7c9d410>
def test_sudo_rule_restricted_to_one_hostmask_negative(self):
result1 = self.list_sudo_commands("testuser1")
> assert result1.returncode != 0
E assert 0 != 0
E + where 0 = <pytest_multihost.transport.SSHCommand object at 0x7fe6e7b9e190>.returncode
test_integration/test_sudo.py:323: AssertionError
==================== 5 failed, 70 passed in 679.39 seconds =====================
LS
More information about the Freeipa-devel
mailing list