Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Tomas Babej]

On 12/10/2015 09:05 AM, Lukas Slebodnik wrote:
> On (08/12/15 14:47), Tomas Babej wrote:
>>
>>
>> On 12/03/2015 04:33 PM, Tomas Babej wrote:
>>>
>>>
>>> On 12/03/2015 04:26 PM, Aleš Mareček wrote:
 Hello,

 ACK for code
 NACK for the placing "get_client_ip_with_hostmask" function to 
 test_sudo.py (this function should be in some more general file)

>>>
>>> What place would you propose? The task.py is not a good place, as this
>>> is not really a task.
>>>
>>> Nevertheless, I'd rather have it moved when an use case outside
>>> test_sudo.py actually arises. Right now it would lead to unnecessary
>>> cluttering.
>>>
>>> Tomas
>>>
>>
>> I re-discovered ipatests.test_integration.util (two years after I
>> created it :D) - which seemed ideal for this function.
>>
>> Updated patch attached.
>>
>> Tomas
> 
>>From 33552d6078d75ee99f9ec19ae143df5a61ba84a4 Mon Sep 17 00:00:00 2001
>> From: Tomas Babej 
>> Date: Wed, 2 Dec 2015 15:25:49 +0100
>> Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
>> hostmask
>>
>> IPA sudo tests worked under the assumption that the clients
>> that are executing the sudo commands have their IPs assigned
>> within 255.255.255.0 hostmask.
>>
>> Removes this (invalid) assumption and adds a
>> dynamic detection of the hostmask of the IPA client.
>>
>> https://fedorahosted.org/freeipa/ticket/5501
>> ---
>> ipatests/test_integration/test_sudo.py | 33 +++--
>> ipatests/test_integration/util.py  | 16 
>> 2 files changed, 43 insertions(+), 6 deletions(-)
>>
>> diff --git a/ipatests/test_integration/util.py 
>> b/ipatests/test_integration/util.py
>> index 
>> 1a1bb3fcc923c9f2721f0a4c1cb7a1ba2ccc2dd8..187f39e80e84af0eb4938fb19ac3d3c7c2280ed9
>>  100644
>> --- a/ipatests/test_integration/util.py
>> +++ b/ipatests/test_integration/util.py
>> @@ -58,3 +58,19 @@ def run_repeatedly(host, command, assert_zero_rc=True, 
>> test=None,
>>  .format(cmd=' '.join(command),
>>  times=timeout / time_step,
>>  timeout=timeout))
>> +
>> +
>> +def get_host_ip_with_hostmask(host):
>> +"""
>> +Detects the IP of the host including the hostmask.
>> +
>> +Returns None if the IP could not be detected.
>> +"""
>> +
>> +ip = host.ip
>> +result = host.run_command(['ip', 'addr'])
>> +full_ip_regex = r'(?P%s/\d{1,2}) ' % re.escape(ip)
>> +match = re.search(full_ip_regex, result.stdout_text)
> ./make-lint 
> * Module ipatests.test_integration.util
> ipatests/test_integration/util.py:72: [E0602(undefined-variable), 
> get_host_ip_with_hostmask] Undefined variable 're')
> ipatests/test_integration/util.py:73: [E0602(undefined-variable), 
> get_host_ip_with_hostmask] Undefined variable 're')
> ===
> Errors were found during the static code check.
> If you are certain that any of the reported errors are false positives, please
> mark them in the source code according to the pylint documentation.
> ===
> Makefile:124: recipe for target 'lint' failed
> 
> LS
> 

Nothing can break when moving a function, right? Missing import fixed.

Tomas
From c176ff1ab9ea1c56dc0c5d44bc490d925fad1497 Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Wed, 2 Dec 2015 15:25:49 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

IPA sudo tests worked under the assumption that the clients
that are executing the sudo commands have their IPs assigned
within 255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a
dynamic detection of the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
---
 ipatests/test_integration/test_sudo.py | 32 ++--
 ipatests/test_integration/util.py  | 17 +
 2 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..b1f31556a96180c3b30b2fcc03dd35b5cd994ff5 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -17,8 +17,11 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
+import pytest
+
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.tasks import clear_sssd_cache
+from ipatests.test_integration import util
 
 
 class TestSudo(IntegrationTest):
@@ -269,13 +272,25 @@ class TestSudo(IntegrationTest):
  '--hostgroups', 'testhostgroup'])
 
 def test_sudo_rule_restricted_to_one_hostmask_setup(self):
-# Add the client's /24 hostmask to the 

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Lukas Slebodnik]

On (10/12/15 11:40), Tomas Babej wrote:
>On 12/10/2015 09:05 AM, Lukas Slebodnik wrote:
>> On (08/12/15 14:47), Tomas Babej wrote:
>>>
>>>
>>> On 12/03/2015 04:33 PM, Tomas Babej wrote:


 On 12/03/2015 04:26 PM, Aleš Mareček wrote:
> Hello,
>
> ACK for code
> NACK for the placing "get_client_ip_with_hostmask" function to 
> test_sudo.py (this function should be in some more general file)
>

 What place would you propose? The task.py is not a good place, as this
 is not really a task.

 Nevertheless, I'd rather have it moved when an use case outside
 test_sudo.py actually arises. Right now it would lead to unnecessary
 cluttering.

 Tomas

>>>
>>> I re-discovered ipatests.test_integration.util (two years after I
>>> created it :D) - which seemed ideal for this function.
>>>
>>> Updated patch attached.
>>>
>>> Tomas
>> 
>>>From 33552d6078d75ee99f9ec19ae143df5a61ba84a4 Mon Sep 17 00:00:00 2001
>>> From: Tomas Babej 
>>> Date: Wed, 2 Dec 2015 15:25:49 +0100
>>> Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
>>> hostmask
>>>
>>> IPA sudo tests worked under the assumption that the clients
>>> that are executing the sudo commands have their IPs assigned
>>> within 255.255.255.0 hostmask.
>>>
>>> Removes this (invalid) assumption and adds a
>>> dynamic detection of the hostmask of the IPA client.
>>>
>>> https://fedorahosted.org/freeipa/ticket/5501
>>> ---
>>> ipatests/test_integration/test_sudo.py | 33 
>>> +++--
>>> ipatests/test_integration/util.py  | 16 
>>> 2 files changed, 43 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/ipatests/test_integration/util.py 
>>> b/ipatests/test_integration/util.py
>>> index 
>>> 1a1bb3fcc923c9f2721f0a4c1cb7a1ba2ccc2dd8..187f39e80e84af0eb4938fb19ac3d3c7c2280ed9
>>>  100644
>>> --- a/ipatests/test_integration/util.py
>>> +++ b/ipatests/test_integration/util.py
>>> @@ -58,3 +58,19 @@ def run_repeatedly(host, command, assert_zero_rc=True, 
>>> test=None,
>>>  .format(cmd=' '.join(command),
>>>  times=timeout / time_step,
>>>  timeout=timeout))
>>> +
>>> +
>>> +def get_host_ip_with_hostmask(host):
>>> +"""
>>> +Detects the IP of the host including the hostmask.
>>> +
>>> +Returns None if the IP could not be detected.
>>> +"""
>>> +
>>> +ip = host.ip
>>> +result = host.run_command(['ip', 'addr'])
>>> +full_ip_regex = r'(?P%s/\d{1,2}) ' % re.escape(ip)
>>> +match = re.search(full_ip_regex, result.stdout_text)
>> ./make-lint 
>> * Module ipatests.test_integration.util
>> ipatests/test_integration/util.py:72: [E0602(undefined-variable), 
>> get_host_ip_with_hostmask] Undefined variable 're')
>> ipatests/test_integration/util.py:73: [E0602(undefined-variable), 
>> get_host_ip_with_hostmask] Undefined variable 're')
>> ===
>> Errors were found during the static code check.
>> If you are certain that any of the reported errors are false positives, 
>> please
>> mark them in the source code according to the pylint documentation.
>> ===
>> Makefile:124: recipe for target 'lint' failed
>> 
>> LS
>> 
>
>Nothing can break when moving a function, right? Missing import fixed.
>
>Tomas

>From c176ff1ab9ea1c56dc0c5d44bc490d925fad1497 Mon Sep 17 00:00:00 2001
>From: Tomas Babej 
>Date: Wed, 2 Dec 2015 15:25:49 +0100
>Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
> hostmask
>
>IPA sudo tests worked under the assumption that the clients
>that are executing the sudo commands have their IPs assigned
>within 255.255.255.0 hostmask.
>
>Removes this (invalid) assumption and adds a
>dynamic detection of the hostmask of the IPA client.
>
>https://fedorahosted.org/freeipa/ticket/5501
>---
> ipatests/test_integration/test_sudo.py | 32 ++--
> ipatests/test_integration/util.py  | 17 +
> 2 files changed, 43 insertions(+), 6 deletions(-)
>
Thank you very much.

ACK

LS

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Tomas Babej]

On 12/11/2015 02:01 PM, Lukas Slebodnik wrote:
> On (10/12/15 11:40), Tomas Babej wrote:
>> On 12/10/2015 09:05 AM, Lukas Slebodnik wrote:
>>> On (08/12/15 14:47), Tomas Babej wrote:


 On 12/03/2015 04:33 PM, Tomas Babej wrote:
>
>
> On 12/03/2015 04:26 PM, Aleš Mareček wrote:
>> Hello,
>>
>> ACK for code
>> NACK for the placing "get_client_ip_with_hostmask" function to 
>> test_sudo.py (this function should be in some more general file)
>>
>
> What place would you propose? The task.py is not a good place, as this
> is not really a task.
>
> Nevertheless, I'd rather have it moved when an use case outside
> test_sudo.py actually arises. Right now it would lead to unnecessary
> cluttering.
>
> Tomas
>

 I re-discovered ipatests.test_integration.util (two years after I
 created it :D) - which seemed ideal for this function.

 Updated patch attached.

 Tomas
>>>
>>> >From 33552d6078d75ee99f9ec19ae143df5a61ba84a4 Mon Sep 17 00:00:00 2001
 From: Tomas Babej 
 Date: Wed, 2 Dec 2015 15:25:49 +0100
 Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

 IPA sudo tests worked under the assumption that the clients
 that are executing the sudo commands have their IPs assigned
 within 255.255.255.0 hostmask.

 Removes this (invalid) assumption and adds a
 dynamic detection of the hostmask of the IPA client.

 https://fedorahosted.org/freeipa/ticket/5501
 ---
 ipatests/test_integration/test_sudo.py | 33 
 +++--
 ipatests/test_integration/util.py  | 16 
 2 files changed, 43 insertions(+), 6 deletions(-)

 diff --git a/ipatests/test_integration/util.py 
 b/ipatests/test_integration/util.py
 index 
 1a1bb3fcc923c9f2721f0a4c1cb7a1ba2ccc2dd8..187f39e80e84af0eb4938fb19ac3d3c7c2280ed9
  100644
 --- a/ipatests/test_integration/util.py
 +++ b/ipatests/test_integration/util.py
 @@ -58,3 +58,19 @@ def run_repeatedly(host, command, assert_zero_rc=True, 
 test=None,
  .format(cmd=' '.join(command),
  times=timeout / time_step,
  timeout=timeout))
 +
 +
 +def get_host_ip_with_hostmask(host):
 +"""
 +Detects the IP of the host including the hostmask.
 +
 +Returns None if the IP could not be detected.
 +"""
 +
 +ip = host.ip
 +result = host.run_command(['ip', 'addr'])
 +full_ip_regex = r'(?P%s/\d{1,2}) ' % re.escape(ip)
 +match = re.search(full_ip_regex, result.stdout_text)
>>> ./make-lint 
>>> * Module ipatests.test_integration.util
>>> ipatests/test_integration/util.py:72: [E0602(undefined-variable), 
>>> get_host_ip_with_hostmask] Undefined variable 're')
>>> ipatests/test_integration/util.py:73: [E0602(undefined-variable), 
>>> get_host_ip_with_hostmask] Undefined variable 're')
>>> ===
>>> Errors were found during the static code check.
>>> If you are certain that any of the reported errors are false positives, 
>>> please
>>> mark them in the source code according to the pylint documentation.
>>> ===
>>> Makefile:124: recipe for target 'lint' failed
>>>
>>> LS
>>>
>>
>> Nothing can break when moving a function, right? Missing import fixed.
>>
>> Tomas
> 
>>From c176ff1ab9ea1c56dc0c5d44bc490d925fad1497 Mon Sep 17 00:00:00 2001
>> From: Tomas Babej 
>> Date: Wed, 2 Dec 2015 15:25:49 +0100
>> Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
>> hostmask
>>
>> IPA sudo tests worked under the assumption that the clients
>> that are executing the sudo commands have their IPs assigned
>> within 255.255.255.0 hostmask.
>>
>> Removes this (invalid) assumption and adds a
>> dynamic detection of the hostmask of the IPA client.
>>
>> https://fedorahosted.org/freeipa/ticket/5501
>> ---
>> ipatests/test_integration/test_sudo.py | 32 ++--
>> ipatests/test_integration/util.py  | 17 +
>> 2 files changed, 43 insertions(+), 6 deletions(-)
>>
> Thank you very much.
> 
> ACK
> 
> LS
> 

Pushed to:
master: a02f83ff9c6a1920cedebee69dc6857c3521f161
ipa-4-2: f676b122848f7d843e200484ac06568d71f2f4ef

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Lukas Slebodnik]

On (08/12/15 14:47), Tomas Babej wrote:
>
>
>On 12/03/2015 04:33 PM, Tomas Babej wrote:
>> 
>> 
>> On 12/03/2015 04:26 PM, Aleš Mareček wrote:
>>> Hello,
>>>
>>> ACK for code
>>> NACK for the placing "get_client_ip_with_hostmask" function to test_sudo.py 
>>> (this function should be in some more general file)
>>>
>> 
>> What place would you propose? The task.py is not a good place, as this
>> is not really a task.
>> 
>> Nevertheless, I'd rather have it moved when an use case outside
>> test_sudo.py actually arises. Right now it would lead to unnecessary
>> cluttering.
>> 
>> Tomas
>> 
>
>I re-discovered ipatests.test_integration.util (two years after I
>created it :D) - which seemed ideal for this function.
>
>Updated patch attached.
>
>Tomas

>From 33552d6078d75ee99f9ec19ae143df5a61ba84a4 Mon Sep 17 00:00:00 2001
>From: Tomas Babej 
>Date: Wed, 2 Dec 2015 15:25:49 +0100
>Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
> hostmask
>
>IPA sudo tests worked under the assumption that the clients
>that are executing the sudo commands have their IPs assigned
>within 255.255.255.0 hostmask.
>
>Removes this (invalid) assumption and adds a
>dynamic detection of the hostmask of the IPA client.
>
>https://fedorahosted.org/freeipa/ticket/5501
>---
> ipatests/test_integration/test_sudo.py | 33 +++--
> ipatests/test_integration/util.py  | 16 
> 2 files changed, 43 insertions(+), 6 deletions(-)
>
>diff --git a/ipatests/test_integration/util.py 
>b/ipatests/test_integration/util.py
>index 
>1a1bb3fcc923c9f2721f0a4c1cb7a1ba2ccc2dd8..187f39e80e84af0eb4938fb19ac3d3c7c2280ed9
> 100644
>--- a/ipatests/test_integration/util.py
>+++ b/ipatests/test_integration/util.py
>@@ -58,3 +58,19 @@ def run_repeatedly(host, command, assert_zero_rc=True, 
>test=None,
>  .format(cmd=' '.join(command),
>  times=timeout / time_step,
>  timeout=timeout))
>+
>+
>+def get_host_ip_with_hostmask(host):
>+"""
>+Detects the IP of the host including the hostmask.
>+
>+Returns None if the IP could not be detected.
>+"""
>+
>+ip = host.ip
>+result = host.run_command(['ip', 'addr'])
>+full_ip_regex = r'(?P%s/\d{1,2}) ' % re.escape(ip)
>+match = re.search(full_ip_regex, result.stdout_text)
./make-lint 
* Module ipatests.test_integration.util
ipatests/test_integration/util.py:72: [E0602(undefined-variable), 
get_host_ip_with_hostmask] Undefined variable 're')
ipatests/test_integration/util.py:73: [E0602(undefined-variable), 
get_host_ip_with_hostmask] Undefined variable 're')
===
Errors were found during the static code check.
If you are certain that any of the reported errors are false positives, please
mark them in the source code according to the pylint documentation.
===
Makefile:124: recipe for target 'lint' failed

LS

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Tomas Babej]

On 12/03/2015 04:33 PM, Tomas Babej wrote:
> 
> 
> On 12/03/2015 04:26 PM, Aleš Mareček wrote:
>> Hello,
>>
>> ACK for code
>> NACK for the placing "get_client_ip_with_hostmask" function to test_sudo.py 
>> (this function should be in some more general file)
>>
> 
> What place would you propose? The task.py is not a good place, as this
> is not really a task.
> 
> Nevertheless, I'd rather have it moved when an use case outside
> test_sudo.py actually arises. Right now it would lead to unnecessary
> cluttering.
> 
> Tomas
> 

I re-discovered ipatests.test_integration.util (two years after I
created it :D) - which seemed ideal for this function.

Updated patch attached.

Tomas
From 33552d6078d75ee99f9ec19ae143df5a61ba84a4 Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Wed, 2 Dec 2015 15:25:49 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

IPA sudo tests worked under the assumption that the clients
that are executing the sudo commands have their IPs assigned
within 255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a
dynamic detection of the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
---
 ipatests/test_integration/test_sudo.py | 33 +++--
 ipatests/test_integration/util.py  | 16 
 2 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..fe0a7a3ea5f230053e8c00d21b36ee300acce4c7 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -17,8 +17,12 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
+import pytest
+import re
+
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.tasks import clear_sssd_cache
+from ipatests.test_integration import util
 
 
 class TestSudo(IntegrationTest):
@@ -269,13 +273,25 @@ class TestSudo(IntegrationTest):
  '--hostgroups', 'testhostgroup'])
 
 def test_sudo_rule_restricted_to_one_hostmask_setup(self):
-# Add the client's /24 hostmask to the rule
-ip = self.client.ip
+# We need to detect the hostmask first
+full_ip = util.get_host_ip_with_hostmask(self.client)
+
+# Make a note for the next test, which needs to be skipped
+# if hostmask detection failed
+self.__class__.skip_hostmask_based = False
+
+if not full_ip:
+self.__class__.skip_hostmask_based = True
+raise pytest.skip("Hostmask could not be detected")
+
 self.master.run_command(['ipa', '-n', 'sudorule-add-host',
  'testrule',
- '--hostmask', '%s/24' % ip])
+ '--hostmask', full_ip])
 
 def test_sudo_rule_restricted_to_one_hostmask(self):
+if self.__class__.skip_hostmask_based:
+raise pytest.skip("Hostmask could not be detected")
+
 result1 = self.list_sudo_commands("testuser1")
 assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text
 
@@ -284,11 +300,16 @@ class TestSudo(IntegrationTest):
 assert result.returncode != 0
 
 def test_sudo_rule_restricted_to_one_hostmask_teardown(self):
-# Remove the client's /24 hostmask from the rule
-ip = self.client.ip
+if self.__class__.skip_hostmask_based:
+raise pytest.skip("Hostmask could not be detected")
+
+# Detect the hostmask first to delete the hostmask based rule
+full_ip = util.get_host_ip_with_hostmask(self.client)
+
+# Remove the client's hostmask from the rule
 self.master.run_command(['ipa', '-n', 'sudorule-remove-host',
  'testrule',
- '--hostmask', '%s/24' % ip])
+ '--hostmask', full_ip])
 
 def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self):
 # Add the master's hostmask to the rule
diff --git a/ipatests/test_integration/util.py b/ipatests/test_integration/util.py
index 1a1bb3fcc923c9f2721f0a4c1cb7a1ba2ccc2dd8..187f39e80e84af0eb4938fb19ac3d3c7c2280ed9 100644
--- a/ipatests/test_integration/util.py
+++ b/ipatests/test_integration/util.py
@@ -58,3 +58,19 @@ def run_repeatedly(host, command, assert_zero_rc=True, test=None,
  .format(cmd=' '.join(command),
  times=timeout / time_step,
  timeout=timeout))
+
+
+def get_host_ip_with_hostmask(host):
+"""
+Detects the IP of the host including the hostmask.
+
+Returns None if the IP could not be detected.
+"""
+
+ip = host.ip
+result = host.run_command(['ip', 'addr'])
+

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Lukas Slebodnik]

On (03/12/15 11:35), Tomas Babej wrote:
>
>
>On 12/02/2015 05:25 PM, Lukas Slebodnik wrote:
>> On (02/12/15 15:41), Tomas Babej wrote:
>>>
>>>
>>> On 12/02/2015 09:24 AM, Tomas Babej wrote:


 On 12/01/2015 06:27 PM, Tomas Babej wrote:
>
>
> On 11/30/2015 05:32 PM, Lukas Slebodnik wrote:
>> On (30/11/15 13:09), Tomas Babej wrote:
>>> Hi,
>>>
>>> IPA sudo tests worked under the assumption that the clients that
>>> are executing the sudo commands have their IPs assigned within
>>> 255.255.255.0 hostmask.
>>>
>>> Removes this (invalid) assumption and adds a dynamic detection of
>>> the hostmask of the IPA client.
>>>
>>> https://fedorahosted.org/freeipa/ticket/5501
>>
>> >From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
>>> From: Tomas Babej 
>>> Date: Mon, 30 Nov 2015 12:53:39 +0100
>>> Subject: [PATCH] tests: Add hostmask detection for sudo rules 
>>> validating on
>>> hostmask
>>>
>>> IPA sudo tests worked under the assumption that the clients that
>>> are executing the sudo commands have their IPs assigned within
>>> 255.255.255.0 hostmask.
>>>
>>> Removes this (invalid) assumption and adds a dynamic detection of
>>> the hostmask of the IPA client.
>>>
>
> Thanks, updated patch attached.
>
> Tomas
>

 Actually, a small improvement is necessary.

 Updated patch attached.

 Tomas



>>>
>>> Thanks to Lukas, we found another problem with the test.
>>>
>>> Updated patch attached.
>>>
>> Thank you for 4th revision of patch
>> but there is still one issue.
>> 
>> === FAILURES 
>> ===
>> _ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative 
>> __
>> 
>> self = > 0x7ff695f56890>
>> 
>> def test_sudo_rule_restricted_to_one_hostmask_negative(self):
>> result1 = self.list_sudo_commands("testuser1")
>>>   assert result1.returncode != 0
>> E   assert 0 != 0
>> E+  where 0 = > 0x7ff695f56bd0>.returncode
>> 
>> test_integration/test_sudo.py:323: AssertionError
>>  1 failed, 74 passed in 807.35 seconds 
>> =
>> 
>> LS
>> 
>
>Here the test affected the negative test setup, which is fixed in the
>latest revision.
>
>Thanks,
>Tomas

>From 6242dfda205f6b2749627023384878448fd9e60c Mon Sep 17 00:00:00 2001
>From: Tomas Babej 
>Date: Wed, 2 Dec 2015 15:25:49 +0100
>Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
> hostmask
>
>IPA sudo tests worked under the assumption that the clients
>that are executing the sudo commands have their IPs assigned
>within 255.255.255.0 hostmask.
>
>Removes this (invalid) assumption and adds a
>dynamic detection of the hostmask of the IPA client.
>
>https://fedorahosted.org/freeipa/ticket/5501

The sudo test passed with this patch.
Thank you very much.

Functional ACK.


LS

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Tomas Babej]

On 12/02/2015 05:25 PM, Lukas Slebodnik wrote:
> On (02/12/15 15:41), Tomas Babej wrote:
>>
>>
>> On 12/02/2015 09:24 AM, Tomas Babej wrote:
>>>
>>>
>>> On 12/01/2015 06:27 PM, Tomas Babej wrote:


 On 11/30/2015 05:32 PM, Lukas Slebodnik wrote:
> On (30/11/15 13:09), Tomas Babej wrote:
>> Hi,
>>
>> IPA sudo tests worked under the assumption that the clients that
>> are executing the sudo commands have their IPs assigned within
>> 255.255.255.0 hostmask.
>>
>> Removes this (invalid) assumption and adds a dynamic detection of
>> the hostmask of the IPA client.
>>
>> https://fedorahosted.org/freeipa/ticket/5501
>
> >From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
>> From: Tomas Babej 
>> Date: Mon, 30 Nov 2015 12:53:39 +0100
>> Subject: [PATCH] tests: Add hostmask detection for sudo rules validating 
>> on
>> hostmask
>>
>> IPA sudo tests worked under the assumption that the clients that
>> are executing the sudo commands have their IPs assigned within
>> 255.255.255.0 hostmask.
>>
>> Removes this (invalid) assumption and adds a dynamic detection of
>> the hostmask of the IPA client.
>>

 Thanks, updated patch attached.

 Tomas

>>>
>>> Actually, a small improvement is necessary.
>>>
>>> Updated patch attached.
>>>
>>> Tomas
>>>
>>>
>>>
>>
>> Thanks to Lukas, we found another problem with the test.
>>
>> Updated patch attached.
>>
> Thank you for 4th revision of patch
> but there is still one issue.
> 
> === FAILURES 
> ===
> _ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative 
> __
> 
> self = 
> 
> def test_sudo_rule_restricted_to_one_hostmask_negative(self):
> result1 = self.list_sudo_commands("testuser1")
>>   assert result1.returncode != 0
> E   assert 0 != 0
> E+  where 0 =  0x7ff695f56bd0>.returncode
> 
> test_integration/test_sudo.py:323: AssertionError
>  1 failed, 74 passed in 807.35 seconds 
> =
> 
> LS
> 

Here the test affected the negative test setup, which is fixed in the
latest revision.

Thanks,
Tomas
From 6242dfda205f6b2749627023384878448fd9e60c Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Wed, 2 Dec 2015 15:25:49 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

IPA sudo tests worked under the assumption that the clients
that are executing the sudo commands have their IPs assigned
within 255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a
dynamic detection of the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
---
 ipatests/test_integration/test_sudo.py | 46 +-
 1 file changed, 40 insertions(+), 6 deletions(-)

diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..a1b7aa6cfc257e0eeb7def3c0e5b3c7fa98ee250 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -17,6 +17,9 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
+import pytest
+import re
+
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.tasks import clear_sssd_cache
 
@@ -104,6 +107,20 @@ class TestSudo(IntegrationTest):
 
 return result
 
+def get_client_ip_with_hostmask(self):
+"""
+Detects the IP of the client including the hostmask.
+"""
+
+ip = self.client.ip
+result = self.client.run_command(['ip', 'addr'])
+full_ip_regex = r'(?P%s/\d{1,2}) ' % re.escape(ip)
+match = re.search(full_ip_regex, result.stdout_text)
+
+if match:
+return match.group('full_ip')
+
+
 def test_nisdomainname(self):
 result = self.client.run_command('nisdomainname')
 assert self.client.domain.name in result.stdout_text
@@ -269,13 +286,25 @@ class TestSudo(IntegrationTest):
  '--hostgroups', 'testhostgroup'])
 
 def test_sudo_rule_restricted_to_one_hostmask_setup(self):
-# Add the client's /24 hostmask to the rule
-ip = self.client.ip
+# We need to detect the hostmask first
+full_ip = self.get_client_ip_with_hostmask()
+
+# Make a note for the next test, which needs to be skipped
+# if hostmask detection failed
+self.__class__.skip_hostmask_based = False
+
+if not full_ip:
+self.__class__.skip_hostmask_based = True
+raise pytest.skip("Hostmask could not be detected")
+
 self.master.run_command(['ipa', '-n', 'sudorule-add-host',
  'testrule',
-  

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Oleg Fayans]

Hi Tomas,

I would prefer get_client_ip_with_hostmask function to go to 
ipatests/test_integration/tasks.py, and to be more generic: we probably 
will need to run it against an arbitrary host.

The rest looks fine

On 12/03/2015 11:35 AM, Tomas Babej wrote:



On 12/02/2015 05:25 PM, Lukas Slebodnik wrote:

On (02/12/15 15:41), Tomas Babej wrote:



On 12/02/2015 09:24 AM, Tomas Babej wrote:



On 12/01/2015 06:27 PM, Tomas Babej wrote:



On 11/30/2015 05:32 PM, Lukas Slebodnik wrote:

On (30/11/15 13:09), Tomas Babej wrote:

Hi,

IPA sudo tests worked under the assumption that the clients that
are executing the sudo commands have their IPs assigned within
255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a dynamic detection of
the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501


>From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001

From: Tomas Babej 
Date: Mon, 30 Nov 2015 12:53:39 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
hostmask

IPA sudo tests worked under the assumption that the clients that
are executing the sudo commands have their IPs assigned within
255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a dynamic detection of
the hostmask of the IPA client.



Thanks, updated patch attached.

Tomas



Actually, a small improvement is necessary.

Updated patch attached.

Tomas





Thanks to Lukas, we found another problem with the test.

Updated patch attached.


Thank you for 4th revision of patch
but there is still one issue.

=== FAILURES ===
_ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative __

self = 

 def test_sudo_rule_restricted_to_one_hostmask_negative(self):
 result1 = self.list_sudo_commands("testuser1")

   assert result1.returncode != 0

E   assert 0 != 0
E+  where 0 = .returncode

test_integration/test_sudo.py:323: AssertionError
 1 failed, 74 passed in 807.35 seconds =

LS



Here the test affected the negative test setup, which is fixed in the
latest revision.

Thanks,
Tomas





--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Tomas Babej]

On 12/03/2015 04:26 PM, Aleš Mareček wrote:
> Hello,
> 
> ACK for code
> NACK for the placing "get_client_ip_with_hostmask" function to test_sudo.py 
> (this function should be in some more general file)
> 

What place would you propose? The task.py is not a good place, as this
is not really a task.

Nevertheless, I'd rather have it moved when an use case outside
test_sudo.py actually arises. Right now it would lead to unnecessary
cluttering.

Tomas

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Aleš Mareček]

Hello,

ACK for code
NACK for the placing "get_client_ip_with_hostmask" function to test_sudo.py 
(this function should be in some more general file)

- Original Message -
> From: "Oleg Fayans" <ofay...@redhat.com>
> To: freeipa-devel@redhat.com
> Sent: Thursday, December 3, 2015 3:32:46 PM
> Subject: Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for 
> sudo rules validating
> 
> Hi Tomas,
> 
> I would prefer get_client_ip_with_hostmask function to go to
> ipatests/test_integration/tasks.py, and to be more generic: we probably
> will need to run it against an arbitrary host.

tasks.py is not the proper place as well

> The rest looks fine
> 
> On 12/03/2015 11:35 AM, Tomas Babej wrote:
> >
> >
> > On 12/02/2015 05:25 PM, Lukas Slebodnik wrote:
> >> On (02/12/15 15:41), Tomas Babej wrote:
> >>>
> >>>
> >>> On 12/02/2015 09:24 AM, Tomas Babej wrote:
> >>>>
> >>>>
> >>>> On 12/01/2015 06:27 PM, Tomas Babej wrote:
> >>>>>
> >>>>>
> >>>>> On 11/30/2015 05:32 PM, Lukas Slebodnik wrote:
> >>>>>> On (30/11/15 13:09), Tomas Babej wrote:
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> IPA sudo tests worked under the assumption that the clients that
> >>>>>>> are executing the sudo commands have their IPs assigned within
> >>>>>>> 255.255.255.0 hostmask.
> >>>>>>>
> >>>>>>> Removes this (invalid) assumption and adds a dynamic detection of
> >>>>>>> the hostmask of the IPA client.
> >>>>>>>
> >>>>>>> https://fedorahosted.org/freeipa/ticket/5501
> >>>>>>
> >>>>>> >From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00
> >>>>>> >2001
> >>>>>>> From: Tomas Babej <tba...@redhat.com>
> >>>>>>> Date: Mon, 30 Nov 2015 12:53:39 +0100
> >>>>>>> Subject: [PATCH] tests: Add hostmask detection for sudo rules
> >>>>>>> validating on
> >>>>>>> hostmask
> >>>>>>>
> >>>>>>> IPA sudo tests worked under the assumption that the clients that
> >>>>>>> are executing the sudo commands have their IPs assigned within
> >>>>>>> 255.255.255.0 hostmask.
> >>>>>>>
> >>>>>>> Removes this (invalid) assumption and adds a dynamic detection of
> >>>>>>> the hostmask of the IPA client.
> >>>>>>>
> >>>>>
> >>>>> Thanks, updated patch attached.
> >>>>>
> >>>>> Tomas
> >>>>>
> >>>>
> >>>> Actually, a small improvement is necessary.
> >>>>
> >>>> Updated patch attached.
> >>>>
> >>>> Tomas
> >>>>
> >>>>
> >>>>
> >>>
> >>> Thanks to Lukas, we found another problem with the test.
> >>>
> >>> Updated patch attached.
> >>>
> >> Thank you for 4th revision of patch
> >> but there is still one issue.
> >>
> >> === FAILURES
> >> ===
> >> _ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative
> >> __
> >>
> >> self =  >> 0x7ff695f56890>
> >>
> >>  def test_sudo_rule_restricted_to_one_hostmask_negative(self):
> >>  result1 = self.list_sudo_commands("testuser1")
> >>>assert result1.returncode != 0
> >> E   assert 0 != 0
> >> E+  where 0 =  >> 0x7ff695f56bd0>.returncode
> >>
> >> test_integration/test_sudo.py:323: AssertionError
> >>  1 failed, 74 passed in 807.35 seconds
> >> =
> >>
> >> LS
> >>
> >
> > Here the test affected the negative test setup, which is fixed in the
> > latest revision.
> >
> > Thanks,
> > Tomas
> >
> >
> >
> 
> --
> Oleg Fayans
> Quality Engineer
> FreeIPA team
> RedHat.
> 
> --
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
> 

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Tomas Babej]

On 12/02/2015 09:24 AM, Tomas Babej wrote:
> 
> 
> On 12/01/2015 06:27 PM, Tomas Babej wrote:
>>
>>
>> On 11/30/2015 05:32 PM, Lukas Slebodnik wrote:
>>> On (30/11/15 13:09), Tomas Babej wrote:
 Hi,

 IPA sudo tests worked under the assumption that the clients that
 are executing the sudo commands have their IPs assigned within
 255.255.255.0 hostmask.

 Removes this (invalid) assumption and adds a dynamic detection of
 the hostmask of the IPA client.

 https://fedorahosted.org/freeipa/ticket/5501
>>>
>>> >From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
 From: Tomas Babej 
 Date: Mon, 30 Nov 2015 12:53:39 +0100
 Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

 IPA sudo tests worked under the assumption that the clients that
 are executing the sudo commands have their IPs assigned within
 255.255.255.0 hostmask.

 Removes this (invalid) assumption and adds a dynamic detection of
 the hostmask of the IPA client.

>>
>> Thanks, updated patch attached.
>>
>> Tomas
>>
> 
> Actually, a small improvement is necessary.
> 
> Updated patch attached.
> 
> Tomas
> 
> 
> 

Thanks to Lukas, we found another problem with the test.

Updated patch attached.

Tomas
From ca6ed3cdc696f04ad529a4498705f7a6c8b4058a Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Wed, 2 Dec 2015 15:25:49 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

IPA sudo tests worked under the assumption that the clients
that are executing the sudo commands have their IPs assigned
within 255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a
dynamic detection of the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
---
 ipatests/test_integration/test_sudo.py | 25 +++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..444063e10c55e1e6f6bee9a63b1276e2766aee2d 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -17,6 +17,9 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
+import pytest
+import re
+
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.tasks import clear_sssd_cache
 
@@ -269,13 +272,31 @@ class TestSudo(IntegrationTest):
  '--hostgroups', 'testhostgroup'])
 
 def test_sudo_rule_restricted_to_one_hostmask_setup(self):
-# Add the client's /24 hostmask to the rule
+# Add the client's hostmask to the rule
 ip = self.client.ip
+
+# We need to detect the hostmask first
+result = self.client.run_command(['ip', 'addr'])
+full_ip_regex = r'(?P%s/\d{1,2}) ' % re.escape(ip)
+match = re.search(full_ip_regex, result.stdout_text)
+
+# Make a note for the next test, which needs to be skipped
+# if hostmask detection failed
+self.__class__.skip_hostmask_based = False
+
+if not match:
+self.__class__.skip_hostmask_based = True
+raise pytest.skip("Hostmask could not be detected")
+
+full_ip = match.group('full_ip')
 self.master.run_command(['ipa', '-n', 'sudorule-add-host',
  'testrule',
- '--hostmask', '%s/24' % ip])
+ '--hostmask', full_ip])
 
 def test_sudo_rule_restricted_to_one_hostmask(self):
+if self.__class__.skip_hostmask_based:
+raise pytest.skip("Hostmask could not be detected")
+
 result1 = self.list_sudo_commands("testuser1")
 assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text
 
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Lukas Slebodnik]

On (02/12/15 15:41), Tomas Babej wrote:
>
>
>On 12/02/2015 09:24 AM, Tomas Babej wrote:
>> 
>> 
>> On 12/01/2015 06:27 PM, Tomas Babej wrote:
>>>
>>>
>>> On 11/30/2015 05:32 PM, Lukas Slebodnik wrote:
 On (30/11/15 13:09), Tomas Babej wrote:
> Hi,
>
> IPA sudo tests worked under the assumption that the clients that
> are executing the sudo commands have their IPs assigned within
> 255.255.255.0 hostmask.
>
> Removes this (invalid) assumption and adds a dynamic detection of
> the hostmask of the IPA client.
>
> https://fedorahosted.org/freeipa/ticket/5501

 >From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
> From: Tomas Babej 
> Date: Mon, 30 Nov 2015 12:53:39 +0100
> Subject: [PATCH] tests: Add hostmask detection for sudo rules validating 
> on
> hostmask
>
> IPA sudo tests worked under the assumption that the clients that
> are executing the sudo commands have their IPs assigned within
> 255.255.255.0 hostmask.
>
> Removes this (invalid) assumption and adds a dynamic detection of
> the hostmask of the IPA client.
>
>>>
>>> Thanks, updated patch attached.
>>>
>>> Tomas
>>>
>> 
>> Actually, a small improvement is necessary.
>> 
>> Updated patch attached.
>> 
>> Tomas
>> 
>> 
>> 
>
>Thanks to Lukas, we found another problem with the test.
>
>Updated patch attached.
>
Thank you for 4th revision of patch
but there is still one issue.

=== FAILURES ===
_ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative __

self = 

def test_sudo_rule_restricted_to_one_hostmask_negative(self):
result1 = self.list_sudo_commands("testuser1")
>   assert result1.returncode != 0
E   assert 0 != 0
E+  where 0 = .returncode

test_integration/test_sudo.py:323: AssertionError
 1 failed, 74 passed in 807.35 seconds =

LS

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Tomas Babej]

On 12/01/2015 06:27 PM, Tomas Babej wrote:
> 
> 
> On 11/30/2015 05:32 PM, Lukas Slebodnik wrote:
>> On (30/11/15 13:09), Tomas Babej wrote:
>>> Hi,
>>>
>>> IPA sudo tests worked under the assumption that the clients that
>>> are executing the sudo commands have their IPs assigned within
>>> 255.255.255.0 hostmask.
>>>
>>> Removes this (invalid) assumption and adds a dynamic detection of
>>> the hostmask of the IPA client.
>>>
>>> https://fedorahosted.org/freeipa/ticket/5501
>>
>> >From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
>>> From: Tomas Babej 
>>> Date: Mon, 30 Nov 2015 12:53:39 +0100
>>> Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
>>> hostmask
>>>
>>> IPA sudo tests worked under the assumption that the clients that
>>> are executing the sudo commands have their IPs assigned within
>>> 255.255.255.0 hostmask.
>>>
>>> Removes this (invalid) assumption and adds a dynamic detection of
>>> the hostmask of the IPA client.
>>>
> 
> Thanks, updated patch attached.
> 
> Tomas
> 

Actually, a small improvement is necessary.

Updated patch attached.

Tomas
From 4c1fb168889a074338d90bcbbb155aa7be88eb89 Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Mon, 30 Nov 2015 12:53:39 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

IPA sudo tests worked under the assumption that the clients that
are executing the sudo commands have their IPs assigned within
255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a dynamic detection of
the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
---
 ipatests/test_integration/test_sudo.py | 25 +++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..07aae337297587dd3d7e5097c4ef62b656846dac 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -17,6 +17,9 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
+import pytest
+import re
+
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.tasks import clear_sssd_cache
 
@@ -269,13 +272,31 @@ class TestSudo(IntegrationTest):
  '--hostgroups', 'testhostgroup'])
 
 def test_sudo_rule_restricted_to_one_hostmask_setup(self):
-# Add the client's /24 hostmask to the rule
+# Add the client's hostmask to the rule
 ip = self.client.ip
+
+# We need to detect the hostmask first
+result = self.client.run_command(['ip', 'addr'])
+full_ip_regex = r'(?P%s/\d{1,2}) ' % re.escape(ip)
+match = re.search(full_ip_regex, result.stdout_text)
+
+# Make a note for the next test, which needs to be skipped
+# if hostmask detection failed
+self.skip_hostmask_based = False
+
+if not match:
+self.skip_hostmask_based = True
+raise pytest.skip("Hostmask could not be detected")
+
+full_ip = match.group('full_ip')
 self.master.run_command(['ipa', '-n', 'sudorule-add-host',
  'testrule',
- '--hostmask', '%s/24' % ip])
+ '--hostmask', full_ip])
 
 def test_sudo_rule_restricted_to_one_hostmask(self):
+if self.skip_hostmask_based:
+raise pytest.skip("Hostmask could not be detected")
+
 result1 = self.list_sudo_commands("testuser1")
 assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text
 
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Tomas Babej]

On 11/30/2015 05:32 PM, Lukas Slebodnik wrote:
> On (30/11/15 13:09), Tomas Babej wrote:
>> Hi,
>>
>> IPA sudo tests worked under the assumption that the clients that
>> are executing the sudo commands have their IPs assigned within
>> 255.255.255.0 hostmask.
>>
>> Removes this (invalid) assumption and adds a dynamic detection of
>> the hostmask of the IPA client.
>>
>> https://fedorahosted.org/freeipa/ticket/5501
> 
>>From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
>> From: Tomas Babej 
>> Date: Mon, 30 Nov 2015 12:53:39 +0100
>> Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
>> hostmask
>>
>> IPA sudo tests worked under the assumption that the clients that
>> are executing the sudo commands have their IPs assigned within
>> 255.255.255.0 hostmask.
>>
>> Removes this (invalid) assumption and adds a dynamic detection of
>> the hostmask of the IPA client.
>>

Thanks, updated patch attached.

Tomas
From cbf65c14b75e75140e601c62e172136fce8d2207 Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Mon, 30 Nov 2015 12:53:39 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

IPA sudo tests worked under the assumption that the clients that
are executing the sudo commands have their IPs assigned within
255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a dynamic detection of
the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
---
 ipatests/test_integration/test_sudo.py | 25 +++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..58bd296edf40e9571783e8f7a2a17502d4c61455 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -17,6 +17,9 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
+import pytest
+import re
+
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.tasks import clear_sssd_cache
 
@@ -269,13 +272,31 @@ class TestSudo(IntegrationTest):
  '--hostgroups', 'testhostgroup'])
 
 def test_sudo_rule_restricted_to_one_hostmask_setup(self):
-# Add the client's /24 hostmask to the rule
+# Add the client's hostmask to the rule
 ip = self.client.ip
+
+# We need to detect the hostmask first
+result = self.client.run_command(['ip', 'addr'])
+full_ip_regex = r'(?P%s/\d{1,2}) ' % re.escape(ip)
+match = re.search(full_ip_regex, result)
+
+# Make a note for the next test, which needs to be skipped
+# if hostmask detection failed
+self.skip_hostmask_based = False
+
+if not match:
+self.skip_hostmask_based = True
+raise pytest.skip("Hostmask could not be detected")
+
+full_ip = match.group('full_ip')
 self.master.run_command(['ipa', '-n', 'sudorule-add-host',
  'testrule',
- '--hostmask', '%s/24' % ip])
+ '--hostmask', full_ip])
 
 def test_sudo_rule_restricted_to_one_hostmask(self):
+if self.skip_hostmask_based:
+raise pytest.skip("Hostmask could not be detected")
+
 result1 = self.list_sudo_commands("testuser1")
 assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text
 
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Lukas Slebodnik]

On (30/11/15 13:09), Tomas Babej wrote:
>Hi,
>
>IPA sudo tests worked under the assumption that the clients that
>are executing the sudo commands have their IPs assigned within
>255.255.255.0 hostmask.
>
>Removes this (invalid) assumption and adds a dynamic detection of
>the hostmask of the IPA client.
>
>https://fedorahosted.org/freeipa/ticket/5501

>From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
>From: Tomas Babej 
>Date: Mon, 30 Nov 2015 12:53:39 +0100
>Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
> hostmask
>
>IPA sudo tests worked under the assumption that the clients that
>are executing the sudo commands have their IPs assigned within
>255.255.255.0 hostmask.
>
>Removes this (invalid) assumption and adds a dynamic detection of
>the hostmask of the IPA client.
>
>https://fedorahosted.org/freeipa/ticket/5501
>---
> ipatests/test_integration/test_sudo.py | 25 +++--
> 1 file changed, 23 insertions(+), 2 deletions(-)
>
>diff --git a/ipatests/test_integration/test_sudo.py 
>b/ipatests/test_integration/test_sudo.py
>index 
>1dd4c5d73c9fa4288af4fc2708aa3abd51407217..d97771dfa1a7fd2938a0be20a1b79814b852b03e
> 100644
>--- a/ipatests/test_integration/test_sudo.py
>+++ b/ipatests/test_integration/test_sudo.py
>@@ -17,6 +17,9 @@
> # You should have received a copy of the GNU General Public License
> # along with this program.  If not, see .
> 
>+import pytest
>+import re
>+
> from ipatests.test_integration.base import IntegrationTest
> from ipatests.test_integration.tasks import clear_sssd_cache
> 
>@@ -269,13 +272,31 @@ class TestSudo(IntegrationTest):
>  '--hostgroups', 'testhostgroup'])
> 
> def test_sudo_rule_restricted_to_one_hostmask_setup(self):
>-# Add the client's /24 hostmask to the rule
>+# Add the client's hostmask to the rule
> ip = self.client.ip
>+
>+# We need to detect the hostmask first
>+result = self.client.run_command(['ip', 'addr'])
>+full_ip_regex = r'(?P{0}/\d{0,1}) '.format(re.escape(ip))
>+match = re.search(full_ip_regex, result)
>+
>+# Make a note for the next test, which needs to be skipped
>+# if hostmask detection failed
>+self.skip_hostmask_based = False
>+
>+if not match:
>+self.skip_hostmask_based = True
>+raise pytest.skip("Hostmask could not be detected")
>+
>+full_ip = match.group('full_ip')
> self.master.run_command(['ipa', '-n', 'sudorule-add-host',
>  'testrule',
>- '--hostmask', '%s/24' % ip])
>+ '--hostmask', full_ip])
> 
> def test_sudo_rule_restricted_to_one_hostmask(self):
>+if self.skip_hostmask_based:
>+raise pytest.skip("Hostmask could not be detected")
>+
> result1 = self.list_sudo_commands("testuser1")
> assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text

I got following errors with the patch.

=== FAILURES ===
___ TestSudo.test_sudo_rule_restricted_to_one_hostmask_setup ___

self = 

def test_sudo_rule_restricted_to_one_hostmask_setup(self):
# Add the client's hostmask to the rule
ip = self.client.ip

# We need to detect the hostmask first
result = self.client.run_command(['ip', 'addr'])
>   full_ip_regex = r'(?P{0}/\d{0,1}) '.format(re.escape(ip))
E   KeyError: '0,1'

test_integration/test_sudo.py:280: KeyError
__ TestSudo.test_sudo_rule_restricted_to_one_hostmask __

self = 

def test_sudo_rule_restricted_to_one_hostmask(self):
>   if self.skip_hostmask_based:
E   AttributeError: 'TestSudo' object has no attribute 'skip_hostmask_based'

test_integration/test_sudo.py:297: AttributeError
__ TestSudo.test_setting_category_to_all_with_valid_entries_host_mask __

self = 

def test_setting_category_to_all_with_valid_entries_host_mask(self):
result = self.reset_rule_categories(safe_delete=False)
>   assert result.returncode != 0
E   assert 0 != 0
E+  where 0 = .returncode

test_integration/test_sudo.py:305: AssertionError
__ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative_setup ___

self = 

def test_sudo_rule_restricted_to_one_hostmask_negative_setup(self):
# Add the master's hostmask to the rule
ip = self.master.ip
self.master.run_command(['ipa', '-n', 'sudorule-add-host',
 'testrule',
>'--hostmask', '%s/32' % ip])

test_integration/test_sudo.py:319: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../pytest_multihost/host.py:222: in run_command
command.wait(raiseonerr=raiseonerr)
_ _ _ _ _ _ _ _ _ _ _ 

[Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

[Tomas Babej]

Hi,

IPA sudo tests worked under the assumption that the clients that
are executing the sudo commands have their IPs assigned within
255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a dynamic detection of
the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Mon, 30 Nov 2015 12:53:39 +0100
Subject: [PATCH] tests: Add hostmask detection for sudo rules validating on
 hostmask

IPA sudo tests worked under the assumption that the clients that
are executing the sudo commands have their IPs assigned within
255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a dynamic detection of
the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501
---
 ipatests/test_integration/test_sudo.py | 25 +++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/test_sudo.py b/ipatests/test_integration/test_sudo.py
index 1dd4c5d73c9fa4288af4fc2708aa3abd51407217..d97771dfa1a7fd2938a0be20a1b79814b852b03e 100644
--- a/ipatests/test_integration/test_sudo.py
+++ b/ipatests/test_integration/test_sudo.py
@@ -17,6 +17,9 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
+import pytest
+import re
+
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.tasks import clear_sssd_cache
 
@@ -269,13 +272,31 @@ class TestSudo(IntegrationTest):
  '--hostgroups', 'testhostgroup'])
 
 def test_sudo_rule_restricted_to_one_hostmask_setup(self):
-# Add the client's /24 hostmask to the rule
+# Add the client's hostmask to the rule
 ip = self.client.ip
+
+# We need to detect the hostmask first
+result = self.client.run_command(['ip', 'addr'])
+full_ip_regex = r'(?P{0}/\d{0,1}) '.format(re.escape(ip))
+match = re.search(full_ip_regex, result)
+
+# Make a note for the next test, which needs to be skipped
+# if hostmask detection failed
+self.skip_hostmask_based = False
+
+if not match:
+self.skip_hostmask_based = True
+raise pytest.skip("Hostmask could not be detected")
+
+full_ip = match.group('full_ip')
 self.master.run_command(['ipa', '-n', 'sudorule-add-host',
  'testrule',
- '--hostmask', '%s/24' % ip])
+ '--hostmask', full_ip])
 
 def test_sudo_rule_restricted_to_one_hostmask(self):
+if self.skip_hostmask_based:
+raise pytest.skip("Hostmask could not be detected")
+
 result1 = self.list_sudo_commands("testuser1")
 assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text
 
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code