On 12/03/2015 04:33 PM, Tomas Babej wrote:
> 
> 
> On 12/03/2015 04:26 PM, Aleš Mareček wrote:
>> Hello,
>>
>> ACK for code
>> NACK for the placing "get_client_ip_with_hostmask" function to test_sudo.py 
>> (this function should be in some more general file)
>>
> 
> What place would you propose? The task.py is not a good place, as this
> is not really a task.
> 
> Nevertheless, I'd rather have it moved when an use case outside
> test_sudo.py actually arises. Right now it would lead to unnecessary
> cluttering.
> 
> Tomas
> 

I re-discovered ipatests.test_integration.util (two years after I
created it :D) - which seemed ideal for this function.

Updated patch attached.

Tomas
From 33552d6078d75ee99f9ec19ae143df5a61ba84a4 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 2 Dec 2015 15:25:49 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

IPA sudo tests worked under the assumption that the clients
that are executing the sudo commands have their IPs assigned
within 255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a
dynamic detection of the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
---
 ipatests/test_integration/test_sudo.py | 33 +++++++++++++++++++++++++++------
 ipatests/test_integration/util.py      | 16 ++++++++++++++++
 2 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..fe0a7a3ea5f230053e8c00d21b36ee300acce4c7 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -17,8 +17,12 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import pytest
+import re
+
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.tasks import clear_sssd_cache
+from ipatests.test_integration import util
 
 
 class TestSudo(IntegrationTest):
@@ -269,13 +273,25 @@ class TestSudo(IntegrationTest):
                                  '--hostgroups', 'testhostgroup'])
 
     def test_sudo_rule_restricted_to_one_hostmask_setup(self):
-        # Add the client's /24 hostmask to the rule
-        ip = self.client.ip
+        # We need to detect the hostmask first
+        full_ip = util.get_host_ip_with_hostmask(self.client)
+
+        # Make a note for the next test, which needs to be skipped
+        # if hostmask detection failed
+        self.__class__.skip_hostmask_based = False
+
+        if not full_ip:
+            self.__class__.skip_hostmask_based = True
+            raise pytest.skip("Hostmask could not be detected")
+
         self.master.run_command(['ipa', '-n', 'sudorule-add-host',
                                  'testrule',
-                                 '--hostmask', '%s/24' % ip])
+                                 '--hostmask', full_ip])
 
     def test_sudo_rule_restricted_to_one_hostmask(self):
+        if self.__class__.skip_hostmask_based:
+            raise pytest.skip("Hostmask could not be detected")
+
         result1 = self.list_sudo_commands("testuser1")
         assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text
 
@@ -284,11 +300,16 @@ class TestSudo(IntegrationTest):
         assert result.returncode != 0
 
     def test_sudo_rule_restricted_to_one_hostmask_teardown(self):
-        # Remove the client's /24 hostmask from the rule
-        ip = self.client.ip
+        if self.__class__.skip_hostmask_based:
+            raise pytest.skip("Hostmask could not be detected")
+
+        # Detect the hostmask first to delete the hostmask based rule
+        full_ip = util.get_host_ip_with_hostmask(self.client)
+
+        # Remove the client's hostmask from the rule
         self.master.run_command(['ipa', '-n', 'sudorule-remove-host',
                                  'testrule',
-                                 '--hostmask', '%s/24' % ip])
+                                 '--hostmask', full_ip])
 
     def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self):
         # Add the master's hostmask to the rule
diff --git a/ipatests/test_integration/util.py b/ipatests/test_integration/util.py
index 1a1bb3fcc923c9f2721f0a4c1cb7a1ba2ccc2dd8..187f39e80e84af0eb4938fb19ac3d3c7c2280ed9 100644
--- a/ipatests/test_integration/util.py
+++ b/ipatests/test_integration/util.py
@@ -58,3 +58,19 @@ def run_repeatedly(host, command, assert_zero_rc=True, test=None,
                          .format(cmd=' '.join(command),
                                  times=timeout / time_step,
                                  timeout=timeout))
+
+
+def get_host_ip_with_hostmask(host):
+    """
+    Detects the IP of the host including the hostmask.
+
+    Returns None if the IP could not be detected.
+    """
+
+    ip = host.ip
+    result = host.run_command(['ip', 'addr'])
+    full_ip_regex = r'(?P<full_ip>%s/\d{1,2}) ' % re.escape(ip)
+    match = re.search(full_ip_regex, result.stdout_text)
+
+    if match:
+        return match.group('full_ip')
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to