Re: [Freeipa-devel] [PATCH] 0003 Test generated passwords composed of all allowed charactes

2014-07-18 Thread Petr Viktorin 

On 07/18/2014 12:39 PM, David Kupka wrote:

Test verifying that IPA server is able to install using passwords
composed of all but forbidden characters.

Related to https://fedorahosted.org/freeipa/ticket/2796


This doesn't work with current master. When you send patches that depend 
on each other, either send them in a single mail, or explicitly say what 
the dependencies are.



When an exception is raised, you're only logging a message and hiding 
the error. So not only is the traceback lost, but the test always passes!


The proper way to do this is:
try:
tasks.install_master(self.master)
finally:
tasks.uninstall_master(self.master)
Any other cleanup task, like restoring passwords in the config, should 
also be in its finally: block.


Currently all our tests are (or try to be :) deterministic; I rely on 
the fact that re-running the tests reproduces the results.
Instead of randomness, just use some well-crafted static passwords. You 
can also test e.g. shorter passwords or ones with longer runs of 
whitespace -- there's not much variety in what you generate here.

And you should be able to get by with fewer than 10 runs.

It would be nice to add some basic smoke test to ensure the installation 
actually works. Something like user-show admin.


Finally, please put integration tests in ipatests/test_integration, if 
there's not big reason against that.


Nitpick: in
set([chr(c) for c in range(0x20, 0x7F)])
you could avoid creating a temporary list:
set(chr(c) for c in range(0x20, 0x7F))

--
PetrĀ³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0003 Test generated passwords composed of all allowed charactes

2014-07-18 Thread David Kupka 
Test verifying that IPA server is able to install using passwords 
composed of all but forbidden characters.


Related to https://fedorahosted.org/freeipa/ticket/2796
--
David Kupka
From e4d1c384288f4b5c5d08f9f3abd9393b3b868c80 Mon Sep 17 00:00:00 2001
From: David Kupka 
Date: Fri, 18 Jul 2014 10:15:05 +0200
Subject: [PATCH] Test generated passwords composed of all allowed charactes.

Test ipaserver installation with generated passwords composed of all allowed characters.
---
 ipatests/test_password/test_password.py | 93 +
 1 file changed, 93 insertions(+)
 create mode 100644 ipatests/test_password/test_password.py

diff --git a/ipatests/test_password/test_password.py b/ipatests/test_password/test_password.py
new file mode 100644
index ..eae7cb54b3e49dd90928100288c6af7ba8869087
--- /dev/null
+++ b/ipatests/test_password/test_password.py
@@ -0,0 +1,93 @@
+# Authors:
+#   David Kupka 
+#
+# Copyright (C) 2014  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+import random
+import itertools
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.test_integration import tasks
+
+
+class PasswordGenerator(object):
+"""
+Generate passwords as a permutation of all allowed (ASCII>0x20 \ banned)
+characters that succeds in validator.
+"""
+__test__ = False
+
+def __init__(self, banned='', validator=lambda p: True):
+self.validator = validator
+# use ASCII characters starting with ' '
+# exclude underlying-tool-specific disallowed characters
+self.allowed = list(set([chr(c) for c in range(0x20, 0x7F)]) - set(banned))
+
+def __call__(self):
+pw = self.allowed
+
+while True:
+random.shuffle(pw)
+if self.validator(''.join(pw)):
+return ''.join(pw)
+
+class TestPassword(IntegrationTest):
+"""
+Test to install ipa-server using passwords composed from all
+allowed characters.
+"""
+__test__ = True
+
+banned_admin = '\\'
+banned_dirman = '\\'
+
+@staticmethod
+def validator_dirman(pw):
+if pw.startswith(' ') or pw.endswith(' '):
+return False
+else:
+return True
+
+def test_password(self):
+# run 10 tests by default
+tests = 10
+# password generator for admin
+pg_admin = PasswordGenerator(self.banned_admin)
+# password generator for dirman
+pg_dirman = PasswordGenerator(self.banned_dirman, self.validator_dirman)
+
+# backup password
+pw_old_admin = self.master.config.admin_password
+pw_old_dirman = self.master.config.dirman_password
+
+for t in range(0, tests):
+# generate passwords
+pw_admin = pg_admin()
+pw_dirman = pg_dirman()
+# set tested password
+self.master.config.admin_password = pw_admin
+self.master.config.dirman_password = pw_dirman
+
+try:
+# install master on configured server
+tasks.install_master(self.master)
+except Exception, e:
+self.log.error('Failed to install ipa with -a=\'%s\', -p=\'%s\': %s' % (pw_admin, pw_dirman, e))
+# uninstall master
+tasks.uninstall_master(self.master)
+
+#restore password
+self.master.config.admin_password = pw_old_admin
+self.master.config.dirman_password = pw_old_dirman
-- 
1.9.3

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel