On 12/10/2015 09:05 AM, Lukas Slebodnik wrote:
> On (08/12/15 14:47), Tomas Babej wrote:
>>
>>
>> On 12/03/2015 04:33 PM, Tomas Babej wrote:
>>>
>>>
>>> On 12/03/2015 04:26 PM, Aleš Mareček wrote:
>>>> Hello,
>>>>
>>>> ACK for code
>>>> NACK for the placing "get_client_ip_with_hostmask" function to 
>>>> test_sudo.py (this function should be in some more general file)
>>>>
>>>
>>> What place would you propose? The task.py is not a good place, as this
>>> is not really a task.
>>>
>>> Nevertheless, I'd rather have it moved when an use case outside
>>> test_sudo.py actually arises. Right now it would lead to unnecessary
>>> cluttering.
>>>
>>> Tomas
>>>
>>
>> I re-discovered ipatests.test_integration.util (two years after I
>> created it :D) - which seemed ideal for this function.
>>
>> Updated patch attached.
>>
>> Tomas
> 
>>From 33552d6078d75ee99f9ec19ae143df5a61ba84a4 Mon Sep 17 00:00:00 2001
>> From: Tomas Babej <tba...@redhat.com>
>> Date: Wed, 2 Dec 2015 15:25:49 +0100
>> Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
>> hostmask
>>
>> IPA sudo tests worked under the assumption that the clients
>> that are executing the sudo commands have their IPs assigned
>> within 255.255.255.0 hostmask.
>>
>> Removes this (invalid) assumption and adds a
>> dynamic detection of the hostmask of the IPA client.
>>
>> https://fedorahosted.org/freeipa/ticket/5501
>> ---
>> ipatests/test_integration/test_sudo.py | 33 +++++++++++++++++++++++++++------
>> ipatests/test_integration/util.py      | 16 ++++++++++++++++
>> 2 files changed, 43 insertions(+), 6 deletions(-)
>>
>> diff --git a/ipatests/test_integration/util.py 
>> b/ipatests/test_integration/util.py
>> index 
>> 1a1bb3fcc923c9f2721f0a4c1cb7a1ba2ccc2dd8..187f39e80e84af0eb4938fb19ac3d3c7c2280ed9
>>  100644
>> --- a/ipatests/test_integration/util.py
>> +++ b/ipatests/test_integration/util.py
>> @@ -58,3 +58,19 @@ def run_repeatedly(host, command, assert_zero_rc=True, 
>> test=None,
>>                          .format(cmd=' '.join(command),
>>                                  times=timeout / time_step,
>>                                  timeout=timeout))
>> +
>> +
>> +def get_host_ip_with_hostmask(host):
>> +    """
>> +    Detects the IP of the host including the hostmask.
>> +
>> +    Returns None if the IP could not be detected.
>> +    """
>> +
>> +    ip = host.ip
>> +    result = host.run_command(['ip', 'addr'])
>> +    full_ip_regex = r'(?P<full_ip>%s/\d{1,2}) ' % re.escape(ip)
>> +    match = re.search(full_ip_regex, result.stdout_text)
> ./make-lint 
> ************* Module ipatests.test_integration.util
> ipatests/test_integration/util.py:72: [E0602(undefined-variable), 
> get_host_ip_with_hostmask] Undefined variable 're')
> ipatests/test_integration/util.py:73: [E0602(undefined-variable), 
> get_host_ip_with_hostmask] Undefined variable 're')
> ===============================================================================
> Errors were found during the static code check.
> If you are certain that any of the reported errors are false positives, please
> mark them in the source code according to the pylint documentation.
> ===============================================================================
> Makefile:124: recipe for target 'lint' failed
> 
> LS
> 

Nothing can break when moving a function, right? Missing import fixed.

Tomas
From c176ff1ab9ea1c56dc0c5d44bc490d925fad1497 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 2 Dec 2015 15:25:49 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

IPA sudo tests worked under the assumption that the clients
that are executing the sudo commands have their IPs assigned
within 255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a
dynamic detection of the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
---
 ipatests/test_integration/test_sudo.py | 32 ++++++++++++++++++++++++++------
 ipatests/test_integration/util.py      | 17 +++++++++++++++++
 2 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..b1f31556a96180c3b30b2fcc03dd35b5cd994ff5 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -17,8 +17,11 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import pytest
+
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.tasks import clear_sssd_cache
+from ipatests.test_integration import util
 
 
 class TestSudo(IntegrationTest):
@@ -269,13 +272,25 @@ class TestSudo(IntegrationTest):
                                  '--hostgroups', 'testhostgroup'])
 
     def test_sudo_rule_restricted_to_one_hostmask_setup(self):
-        # Add the client's /24 hostmask to the rule
-        ip = self.client.ip
+        # We need to detect the hostmask first
+        full_ip = util.get_host_ip_with_hostmask(self.client)
+
+        # Make a note for the next test, which needs to be skipped
+        # if hostmask detection failed
+        self.__class__.skip_hostmask_based = False
+
+        if not full_ip:
+            self.__class__.skip_hostmask_based = True
+            raise pytest.skip("Hostmask could not be detected")
+
         self.master.run_command(['ipa', '-n', 'sudorule-add-host',
                                  'testrule',
-                                 '--hostmask', '%s/24' % ip])
+                                 '--hostmask', full_ip])
 
     def test_sudo_rule_restricted_to_one_hostmask(self):
+        if self.__class__.skip_hostmask_based:
+            raise pytest.skip("Hostmask could not be detected")
+
         result1 = self.list_sudo_commands("testuser1")
         assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text
 
@@ -284,11 +299,16 @@ class TestSudo(IntegrationTest):
         assert result.returncode != 0
 
     def test_sudo_rule_restricted_to_one_hostmask_teardown(self):
-        # Remove the client's /24 hostmask from the rule
-        ip = self.client.ip
+        if self.__class__.skip_hostmask_based:
+            raise pytest.skip("Hostmask could not be detected")
+
+        # Detect the hostmask first to delete the hostmask based rule
+        full_ip = util.get_host_ip_with_hostmask(self.client)
+
+        # Remove the client's hostmask from the rule
         self.master.run_command(['ipa', '-n', 'sudorule-remove-host',
                                  'testrule',
-                                 '--hostmask', '%s/24' % ip])
+                                 '--hostmask', full_ip])
 
     def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self):
         # Add the master's hostmask to the rule
diff --git a/ipatests/test_integration/util.py b/ipatests/test_integration/util.py
index 1a1bb3fcc923c9f2721f0a4c1cb7a1ba2ccc2dd8..5cfbb2e948c04c70e77b29fd3813ae3fb8a1b84c 100644
--- a/ipatests/test_integration/util.py
+++ b/ipatests/test_integration/util.py
@@ -18,6 +18,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import time
+import re
 
 
 def run_repeatedly(host, command, assert_zero_rc=True, test=None,
@@ -58,3 +59,19 @@ def run_repeatedly(host, command, assert_zero_rc=True, test=None,
                          .format(cmd=' '.join(command),
                                  times=timeout / time_step,
                                  timeout=timeout))
+
+
+def get_host_ip_with_hostmask(host):
+    """
+    Detects the IP of the host including the hostmask.
+
+    Returns None if the IP could not be detected.
+    """
+
+    ip = host.ip
+    result = host.run_command(['ip', 'addr'])
+    full_ip_regex = r'(?P<full_ip>%s/\d{1,2}) ' % re.escape(ip)
+    match = re.search(full_ip_regex, result.stdout_text)
+
+    if match:
+        return match.group('full_ip')
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to