On 12/01/2015 06:27 PM, Tomas Babej wrote: > > > On 11/30/2015 05:32 PM, Lukas Slebodnik wrote: >> On (30/11/15 13:09), Tomas Babej wrote: >>> Hi, >>> >>> IPA sudo tests worked under the assumption that the clients that >>> are executing the sudo commands have their IPs assigned within >>> 255.255.255.0 hostmask. >>> >>> Removes this (invalid) assumption and adds a dynamic detection of >>> the hostmask of the IPA client. >>> >>> https://fedorahosted.org/freeipa/ticket/5501 >> >> >From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001 >>> From: Tomas Babej <tba...@redhat.com> >>> Date: Mon, 30 Nov 2015 12:53:39 +0100 >>> Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on >>> hostmask >>> >>> IPA sudo tests worked under the assumption that the clients that >>> are executing the sudo commands have their IPs assigned within >>> 255.255.255.0 hostmask. >>> >>> Removes this (invalid) assumption and adds a dynamic detection of >>> the hostmask of the IPA client. >>> > > Thanks, updated patch attached. > > Tomas >
Actually, a small improvement is necessary. Updated patch attached. Tomas
From 4c1fb168889a074338d90bcbbb155aa7be88eb89 Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Mon, 30 Nov 2015 12:53:39 +0100 Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on hostmask IPA sudo tests worked under the assumption that the clients that are executing the sudo commands have their IPs assigned within 255.255.255.0 hostmask. Removes this (invalid) assumption and adds a dynamic detection of the hostmask of the IPA client. https://fedorahosted.org/freeipa/ticket/5501 --- ipatests/test_integration/test_sudo.py | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..07aae337297587dd3d7e5097c4ef62b656846dac 100644 --- a/ipatests/test_integration/test_sudo.py +++ b/ipatests/test_integration/test_sudo.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import pytest +import re + from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration.tasks import clear_sssd_cache @@ -269,13 +272,31 @@ class TestSudo(IntegrationTest): '--hostgroups', 'testhostgroup']) def test_sudo_rule_restricted_to_one_hostmask_setup(self): - # Add the client's /24 hostmask to the rule + # Add the client's hostmask to the rule ip = self.client.ip + + # We need to detect the hostmask first + result = self.client.run_command(['ip', 'addr']) + full_ip_regex = r'(?P<full_ip>%s/\d{1,2}) ' % re.escape(ip) + match = re.search(full_ip_regex, result.stdout_text) + + # Make a note for the next test, which needs to be skipped + # if hostmask detection failed + self.skip_hostmask_based = False + + if not match: + self.skip_hostmask_based = True + raise pytest.skip("Hostmask could not be detected") + + full_ip = match.group('full_ip') self.master.run_command(['ipa', '-n', 'sudorule-add-host', 'testrule', - '--hostmask', '%s/24' % ip]) + '--hostmask', full_ip]) def test_sudo_rule_restricted_to_one_hostmask(self): + if self.skip_hostmask_based: + raise pytest.skip("Hostmask could not be detected") + result1 = self.list_sudo_commands("testuser1") assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text -- 2.5.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
