URL: https://github.com/freeipa/freeipa/pull/399
Author: dkupka
Title: #399: Certificate mapping test
Action: opened
PR body:
"""
https://fedorahosted.org/freeipa/ticket/6542
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/399/head:pr399
git checkout pr399
From fb73c25fa30d0d374010cfc2245fbe60726f7389 Mon Sep 17 00:00:00 2001
From: David Kupka <dku...@redhat.com>
Date: Fri, 13 Jan 2017 13:17:35 +0100
Subject: [PATCH 1/2] test_xmlrpc: tracker: Add enable and disable methods to
tracker
Prepare tracker for easier testing of *-{en,dis}able commands.
---
ipatests/test_xmlrpc/tracker/base.py | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/ipatests/test_xmlrpc/tracker/base.py b/ipatests/test_xmlrpc/tracker/base.py
index aa88e6b..d8cd3a6 100644
--- a/ipatests/test_xmlrpc/tracker/base.py
+++ b/ipatests/test_xmlrpc/tracker/base.py
@@ -198,6 +198,14 @@ def make_update_command(self, updates):
"""Make function that modifies the entry using ${CMD}_mod"""
raise NotImplementedError(self._override_me_msg)
+ def make_enable_command(self):
+ """Make function that enables the entry using ${CMD}_enable"""
+ raise NotImplementedError(self._override_me_msg)
+
+ def make_disable_command(self):
+ """Make function that disables the entry using ${CMD}_disable"""
+ raise NotImplementedError(self._override_me_msg)
+
def create(self):
"""Helper function to create an entry and check the result"""
self.track_create()
@@ -285,3 +293,21 @@ def update(self, updates, expected_updates=None):
def check_update(self, result, extra_keys=()):
"""Check the plugin's `mod` command result"""
raise NotImplementedError(self._override_me_msg)
+
+ def enable(self):
+ command = self.make_enable_command()
+ result = command()
+ self.check_enable(result)
+
+ def check_enable(self, result):
+ """Check the plugin's `enable` command result"""
+ raise NotImplementedError(self._override_me_msg)
+
+ def disable(self):
+ command = self.make_disable_command()
+ result = command()
+ self.check_disable(result)
+
+ def check_disable(self, result):
+ """Check the plugin's `disable` command result"""
+ raise NotImplementedError(self._override_me_msg)
From b9773e1bf5703ee0bbb65287849d6c0062afd15d Mon Sep 17 00:00:00 2001
From: David Kupka <dku...@redhat.com>
Date: Fri, 13 Jan 2017 13:22:45 +0100
Subject: [PATCH 2/2] test: certmap: Add basic tests for certmaprule commands.
https://fedorahosted.org/freeipa/ticket/6542
---
ipatests/test_xmlrpc/objectclasses.py | 5 +
ipatests/test_xmlrpc/test_certmap_plugin.py | 101 +++++++++++++++
ipatests/test_xmlrpc/tracker/certmap_plugin.py | 168 +++++++++++++++++++++++++
3 files changed, 274 insertions(+)
create mode 100644 ipatests/test_xmlrpc/test_certmap_plugin.py
create mode 100644 ipatests/test_xmlrpc/tracker/certmap_plugin.py
diff --git a/ipatests/test_xmlrpc/objectclasses.py b/ipatests/test_xmlrpc/objectclasses.py
index 1ea020b..0a15a21 100644
--- a/ipatests/test_xmlrpc/objectclasses.py
+++ b/ipatests/test_xmlrpc/objectclasses.py
@@ -227,3 +227,8 @@
u'top',
u'ipaca',
]
+
+certmaprule = [
+ u'top',
+ u'ipacertmaprule',
+]
diff --git a/ipatests/test_xmlrpc/test_certmap_plugin.py b/ipatests/test_xmlrpc/test_certmap_plugin.py
new file mode 100644
index 0000000..4086333
--- /dev/null
+++ b/ipatests/test_xmlrpc/test_certmap_plugin.py
@@ -0,0 +1,101 @@
+#
+# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
+#
+
+import pytest
+import itertools
+
+from ipapython.dn import DN
+from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test
+from ipatests.test_xmlrpc.tracker.certmap_plugin import CertmapruleTracker
+
+certmaprule_create_params = {
+ u'cn': u'test_rule',
+ u'description': u'Certificate mapping and matching rule for test '
+ u'purposes',
+ u'ipacertmapissuer': DN('CN=CA,O=EXAMPLE.ORG'),
+ u'ipacertmapmaprule': u'arbitrary free-form mapping rule defined and '
+ u'consumed by SSSD',
+ u'ipacertmapmatchrule': u'arbitrary free-form matching rule defined '
+ u'and consumed by SSSD',
+ u'associateddomain': u'example.org',
+ u'ipacertmappriority': u'1',
+}
+
+certmaprule_update_params = {
+ u'description': u'Changed description',
+ u'ipacertmapissuer': DN('CN=Changed CA,O=OTHER.ORG'),
+ u'ipacertmapmaprule': u'changed arbitrary mapping rule',
+ u'ipacertmapmatchrule': u'changed arbitrary maching rule',
+ u'associateddomain': u'changed.example.org',
+ u'ipacertmappriority': u'5',
+}
+
+certmaprule_optional_params = (
+ 'description',
+ 'ipacertmapissuer',
+ 'ipacertmapmaprule',
+ 'ipacertmapmatchrule',
+ 'ipaassociateddomain',
+ 'ipacertmappriority',
+)
+
+
+@pytest.fixture(scope='class')
+def certmap_rule(request):
+ tracker = CertmapruleTracker(**certmaprule_create_params)
+ return tracker.make_fixture(request)
+
+
+class TestCreate(XMLRPC_test):
+ """
+ Test all combination of optional parameters when creating the object.
+ """
+ @pytest.mark.parametrize(
+ 'dont_fill',
+ itertools.chain(*[
+ itertools.combinations(certmaprule_optional_params, l)
+ for l in range(len(certmaprule_optional_params)+1)
+ ])
+ )
+ def test_create(self, dont_fill, certmap_rule):
+ certmap_rule.ensure_missing()
+ try:
+ certmap_rule.create()
+ finally:
+ certmap_rule.ensure_missing()
+
+
+class TestCRUD(XMLRPC_test):
+ def test_create(self, certmap_rule):
+ certmap_rule.ensure_missing()
+ certmap_rule.create()
+
+ def test_retrieve(self, certmap_rule):
+ certmap_rule.retrieve()
+
+ def test_find(self, certmap_rule):
+ certmap_rule.find()
+
+ @pytest.mark.parametrize('update', [
+ dict(u) for l in range(1, len(certmaprule_update_params)+1)
+ for u in itertools.combinations(certmaprule_update_params.items(), l)
+ ])
+ def test_update(self, update, certmap_rule):
+ certmap_rule.ensure_missing()
+ certmap_rule.ensure_exists()
+ certmap_rule.update(update, {o: [v] for o, v in update.items()})
+
+ def test_delete(self, certmap_rule):
+ certmap_rule.ensure_exists()
+ certmap_rule.delete()
+
+
+class TestEnableDisable(XMLRPC_test):
+ def test_disable(self, certmap_rule):
+ certmap_rule.ensure_exists()
+ certmap_rule.disable()
+
+ def test_enable(self, certmap_rule):
+ certmap_rule.ensure_exists()
+ certmap_rule.enable()
diff --git a/ipatests/test_xmlrpc/tracker/certmap_plugin.py b/ipatests/test_xmlrpc/tracker/certmap_plugin.py
new file mode 100644
index 0000000..b890363
--- /dev/null
+++ b/ipatests/test_xmlrpc/tracker/certmap_plugin.py
@@ -0,0 +1,168 @@
+#
+# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
+#
+
+from ipapython.dn import DN
+from ipatests.test_xmlrpc.tracker.base import Tracker
+from ipatests.test_xmlrpc import objectclasses
+from ipatests.util import assert_deepequal
+
+
+class CertmapruleTracker(Tracker):
+ """
+ """
+ retrieve_keys = {
+ u'dn',
+ u'cn',
+ u'description',
+ u'ipacertmapissuer',
+ u'ipacertmapmaprule',
+ u'ipacertmapmatchrule',
+ u'associateddomain',
+ u'ipacertmappriority',
+ u'ipaenabledflag'
+ }
+ retrieve_all_keys = retrieve_keys | {u'objectclass'}
+ create_keys = retrieve_keys | {u'objectclass'}
+ update_keys = retrieve_keys - {u'dn'}
+
+ def __init__(self, cn, description, ipacertmapissuer, ipacertmapmaprule,
+ ipacertmapmatchrule, associateddomain, ipacertmappriority,
+ default_version=None):
+ super(CertmapruleTracker, self).__init__(
+ default_version=default_version)
+
+ self.dn = DN((u'cn', cn,),
+ self.api.env.container_certmaprules,
+ self.api.env.basedn)
+ self.options = {
+ u'description': description,
+ u'ipacertmapissuer': ipacertmapissuer,
+ u'ipacertmapmaprule': ipacertmapmaprule,
+ u'ipacertmapmatchrule': ipacertmapmatchrule,
+ u'associateddomain': associateddomain,
+ u'ipacertmappriority': ipacertmappriority,
+ }
+
+ def make_create_command(self, dont_fill=()):
+ kwargs = {k: v for k, v in self.options.items() if k not in dont_fill}
+
+ return self.make_command('certmaprule_add', self.name, **kwargs)
+
+ def track_create(self, dont_fill=()):
+ self.attrs = {
+ 'dn': self.dn,
+ 'cn': [self.name],
+ 'ipaenabledflag': [u'TRUE'],
+ 'objectclass': objectclasses.certmaprule,
+ }
+ self.attrs.update({
+ k: [v] for k, v in self.options.items() if k not in dont_fill
+ })
+ self.exists = True
+
+ def check_create(self, result):
+ assert_deepequal(dict(
+ value=self.name,
+ summary=u'Added Certificate Identity Mapping Rule "{}"'
+ u''.format(self.name),
+ result=self.filter_attrs(self.create_keys),
+ ), result)
+
+ def create(self, dont_fill=()):
+ self.track_create(dont_fill)
+ command = self.make_create_command(dont_fill)
+ result = command()
+ self.check_create(result)
+
+ def make_delete_command(self):
+ return self.make_command('certmaprule_del', self.name)
+
+ def check_delete(self, result):
+ assert_deepequal(
+ dict(
+ value=[self.name],
+ summary=u'Deleted Certificate Identity Mapping Rule "{}"'
+ ''.format(self.name),
+ result=dict(failed=[]),
+ ),
+ result
+ )
+
+ def make_retrieve_command(self, all=False, raw=False):
+ return self.make_command('certmaprule_show', self.name, all=all,
+ raw=raw)
+
+ def check_retrieve(self, result, all=False, raw=False):
+ if all:
+ expected = self.filter_attrs(self.retrieve_all_keys)
+ else:
+ expected = self.filter_attrs(self.retrieve_keys)
+ assert_deepequal(
+ dict(
+ value=self.name,
+ summary=None,
+ result=expected,
+ ),
+ result
+ )
+
+ def make_find_command(self, *args, **kwargs):
+ return self.make_command('certmaprule_find', *args, **kwargs)
+
+ def check_find(self, result, all=False, raw=False):
+ if all:
+ expected = self.filter_attrs(self.retrieve_all_keys)
+ else:
+ expected = self.filter_attrs(self.retrieve_keys)
+ assert_deepequal(
+ dict(
+ count=1,
+ truncated=False,
+ summary=u'1 Certificate Identity Mapping Rule matched',
+ result=[expected],
+ ),
+ result
+ )
+
+ def make_update_command(self, updates):
+ return self.make_command('certmaprule_mod', self.name, **updates)
+
+ def check_update(self, result, extra_keys=()):
+ assert_deepequal(
+ dict(
+ value=self.name,
+ summary=u'Modified Certificate Identity Mapping Rule "{}"'
+ u''.format(self.name),
+ result=self.filter_attrs(self.update_keys | set(extra_keys)),
+ ),
+ result
+ )
+
+ def make_enable_command(self):
+ return self.make_command('certmaprule_enable', self.name)
+
+ def check_enable(self, result):
+ assert_deepequal(
+ dict(
+ value=self.name,
+ summary=u'Enabled Certificate Identity Mapping Rule "{}"'
+ u''.format(self.name),
+ result=True,
+ ),
+ result
+ )
+
+ def make_disable_command(self):
+ return self.make_command('certmaprule_disable', self.name)
+
+ def check_disable(self, result):
+ assert_deepequal(
+ dict(
+ value=self.name,
+ summary=u'Disabled Certificate Identity Mapping Rule "{}"'
+ u''.format(self.name),
+ result=True,
+ ),
+ result
+ )
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
