On (30/11/15 13:09), Tomas Babej wrote: >Hi, > >IPA sudo tests worked under the assumption that the clients that >are executing the sudo commands have their IPs assigned within >255.255.255.0 hostmask. > >Removes this (invalid) assumption and adds a dynamic detection of >the hostmask of the IPA client. > >https://fedorahosted.org/freeipa/ticket/5501
>From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001 >From: Tomas Babej <[email protected]> >Date: Mon, 30 Nov 2015 12:53:39 +0100 >Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on > hostmask > >IPA sudo tests worked under the assumption that the clients that >are executing the sudo commands have their IPs assigned within >255.255.255.0 hostmask. > >Removes this (invalid) assumption and adds a dynamic detection of >the hostmask of the IPA client. > >https://fedorahosted.org/freeipa/ticket/5501 >--- > ipatests/test_integration/test_sudo.py | 25 +++++++++++++++++++++++-- > 1 file changed, 23 insertions(+), 2 deletions(-) > >diff --git a/ipatests/test_integration/test_sudo.py >b/ipatests/test_integration/test_sudo.py >index >1dd4c5d73c9fa4288af4fc2708aa3abd51407217..d97771dfa1a7fd2938a0be20a1b79814b852b03e > 100644 >--- a/ipatests/test_integration/test_sudo.py >+++ b/ipatests/test_integration/test_sudo.py >@@ -17,6 +17,9 @@ > # You should have received a copy of the GNU General Public License > # along with this program. If not, see <http://www.gnu.org/licenses/>. > >+import pytest >+import re >+ > from ipatests.test_integration.base import IntegrationTest > from ipatests.test_integration.tasks import clear_sssd_cache > >@@ -269,13 +272,31 @@ class TestSudo(IntegrationTest): > '--hostgroups', 'testhostgroup']) > > def test_sudo_rule_restricted_to_one_hostmask_setup(self): >- # Add the client's /24 hostmask to the rule >+ # Add the client's hostmask to the rule > ip = self.client.ip >+ >+ # We need to detect the hostmask first >+ result = self.client.run_command(['ip', 'addr']) >+ full_ip_regex = r'(?P<full_ip>{0}/\d{0,1}) '.format(re.escape(ip)) >+ match = re.search(full_ip_regex, result) >+ >+ # Make a note for the next test, which needs to be skipped >+ # if hostmask detection failed >+ self.skip_hostmask_based = False >+ >+ if not match: >+ self.skip_hostmask_based = True >+ raise pytest.skip("Hostmask could not be detected") >+ >+ full_ip = match.group('full_ip') > self.master.run_command(['ipa', '-n', 'sudorule-add-host', > 'testrule', >- '--hostmask', '%s/24' % ip]) >+ '--hostmask', full_ip]) > > def test_sudo_rule_restricted_to_one_hostmask(self): >+ if self.skip_hostmask_based: >+ raise pytest.skip("Hostmask could not be detected") >+ > result1 = self.list_sudo_commands("testuser1") > assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text I got following errors with the patch. =================================== FAILURES =================================== ___________ TestSudo.test_sudo_rule_restricted_to_one_hostmask_setup ___________ self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e7b9cd50> def test_sudo_rule_restricted_to_one_hostmask_setup(self): # Add the client's hostmask to the rule ip = self.client.ip # We need to detect the hostmask first result = self.client.run_command(['ip', 'addr']) > full_ip_regex = r'(?P<full_ip>{0}/\d{0,1}) '.format(re.escape(ip)) E KeyError: '0,1' test_integration/test_sudo.py:280: KeyError ______________ TestSudo.test_sudo_rule_restricted_to_one_hostmask ______________ self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e7b9e050> def test_sudo_rule_restricted_to_one_hostmask(self): > if self.skip_hostmask_based: E AttributeError: 'TestSudo' object has no attribute 'skip_hostmask_based' test_integration/test_sudo.py:297: AttributeError ______ TestSudo.test_setting_category_to_all_with_valid_entries_host_mask ______ self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e56dc050> def test_setting_category_to_all_with_valid_entries_host_mask(self): result = self.reset_rule_categories(safe_delete=False) > assert result.returncode != 0 E assert 0 != 0 E + where 0 = <pytest_multihost.transport.SSHCommand object at 0x7fe6e7b9e190>.returncode test_integration/test_sudo.py:305: AssertionError ______ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative_setup _______ self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e574bbd0> def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self): # Add the master's hostmask to the rule ip = self.master.ip self.master.run_command(['ipa', '-n', 'sudorule-add-host', 'testrule', > '--hostmask', '%s/32' % ip]) test_integration/test_sudo.py:319: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../pytest_multihost/host.py:222: in run_command command.wait(raiseonerr=raiseonerr) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <pytest_multihost.transport.SSHCommand object at 0x7fe6e574bb10> raiseonerr = True def wait(self, raiseonerr=True): """Wait for the remote process to exit Raises an excption if the exit code is not 0, unless raiseonerr is true. """ if self._done: return self.returncode self._end_process() self._done = True if raiseonerr and self.returncode: self.log.error('Exit code: %s', self.returncode) > raise subprocess.CalledProcessError(self.returncode, self.argv) E CalledProcessError: Command '['ipa', '-n', 'sudorule-add-host', 'testrule', '--hostmask', '10.16.184.13/32']' returned non-zero exit status 1 ../pytest_multihost/transport.py:159: CalledProcessError _________ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative __________ self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fe6e7c9d410> def test_sudo_rule_restricted_to_one_hostmask_negative(self): result1 = self.list_sudo_commands("testuser1") > assert result1.returncode != 0 E assert 0 != 0 E + where 0 = <pytest_multihost.transport.SSHCommand object at 0x7fe6e7b9e190>.returncode test_integration/test_sudo.py:323: AssertionError ==================== 5 failed, 70 passed in 679.39 seconds ===================== LS -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
