On 12/02/2015 09:24 AM, Tomas Babej wrote:
> 
> 
> On 12/01/2015 06:27 PM, Tomas Babej wrote:
>>
>>
>> On 11/30/2015 05:32 PM, Lukas Slebodnik wrote:
>>> On (30/11/15 13:09), Tomas Babej wrote:
>>>> Hi,
>>>>
>>>> IPA sudo tests worked under the assumption that the clients that
>>>> are executing the sudo commands have their IPs assigned within
>>>> 255.255.255.0 hostmask.
>>>>
>>>> Removes this (invalid) assumption and adds a dynamic detection of
>>>> the hostmask of the IPA client.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/5501
>>>
>>> >From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
>>>> From: Tomas Babej <tba...@redhat.com>
>>>> Date: Mon, 30 Nov 2015 12:53:39 +0100
>>>> Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
>>>> hostmask
>>>>
>>>> IPA sudo tests worked under the assumption that the clients that
>>>> are executing the sudo commands have their IPs assigned within
>>>> 255.255.255.0 hostmask.
>>>>
>>>> Removes this (invalid) assumption and adds a dynamic detection of
>>>> the hostmask of the IPA client.
>>>>
>>
>> Thanks, updated patch attached.
>>
>> Tomas
>>
> 
> Actually, a small improvement is necessary.
> 
> Updated patch attached.
> 
> Tomas
> 
> 
> 

Thanks to Lukas, we found another problem with the test.

Updated patch attached.

Tomas
From ca6ed3cdc696f04ad529a4498705f7a6c8b4058a Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 2 Dec 2015 15:25:49 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

IPA sudo tests worked under the assumption that the clients
that are executing the sudo commands have their IPs assigned
within 255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a
dynamic detection of the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
---
 ipatests/test_integration/test_sudo.py | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..444063e10c55e1e6f6bee9a63b1276e2766aee2d 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -17,6 +17,9 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import pytest
+import re
+
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.tasks import clear_sssd_cache
 
@@ -269,13 +272,31 @@ class TestSudo(IntegrationTest):
                                  '--hostgroups', 'testhostgroup'])
 
     def test_sudo_rule_restricted_to_one_hostmask_setup(self):
-        # Add the client's /24 hostmask to the rule
+        # Add the client's hostmask to the rule
         ip = self.client.ip
+
+        # We need to detect the hostmask first
+        result = self.client.run_command(['ip', 'addr'])
+        full_ip_regex = r'(?P<full_ip>%s/\d{1,2}) ' % re.escape(ip)
+        match = re.search(full_ip_regex, result.stdout_text)
+
+        # Make a note for the next test, which needs to be skipped
+        # if hostmask detection failed
+        self.__class__.skip_hostmask_based = False
+
+        if not match:
+            self.__class__.skip_hostmask_based = True
+            raise pytest.skip("Hostmask could not be detected")
+
+        full_ip = match.group('full_ip')
         self.master.run_command(['ipa', '-n', 'sudorule-add-host',
                                  'testrule',
-                                 '--hostmask', '%s/24' % ip])
+                                 '--hostmask', full_ip])
 
     def test_sudo_rule_restricted_to_one_hostmask(self):
+        if self.__class__.skip_hostmask_based:
+            raise pytest.skip("Hostmask could not be detected")
+
         result1 = self.list_sudo_commands("testuser1")
         assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text
 
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to