SSSDConfigTest.py revision 7388fc91bd6c22705e60632346ec815f4a4963f1
'''
Created on Sep 18, 2009
@author: sgallagh
'''
import unittest
import os
import shutil
import tempfile
from stat import *
import sys
if srcdir:
else:
srcdir = "."
import SSSDConfig
def create_temp_dir():
def testServices(self):
srcdir + "/etc/sssd.api.d")
# Validate services
#Verify service attributes
del sssdconfig
srcdir + "/etc/sssd.api.d")
del sssdconfig
def testDomains(self):
srcdir + "/etc/sssd.api.d")
#Validate domain list
#Verify domain attributes
del sssdconfig
def testListProviders(self):
srcdir + "/etc/sssd.api.d")
def testCreateNewLocalConfig(self):
srcdir + "/etc/sssd.api.d")
#Ensure the output file doesn't exist
try:
except:
pass
#Write out the file
#Verify that the output file has the correct permissions
#Output files should not be readable or writable by
#non-owners, and should not be executable by anyone
# try to import saved configuration file
srcdir + "/etc/sssd.api.d")
#Remove the output file
def testCreateNewLDAPConfig(self):
srcdir + "/etc/sssd.api.d")
#Ensure the output file doesn't exist
try:
except:
pass
#Write out the file
#Verify that the output file has the correct permissions
#Output files should not be readable or writable by
#non-owners, and should not be executable by anyone
# try to import saved configuration file
srcdir + "/etc/sssd.api.d")
#Remove the output file
def testModifyExistingConfig(self):
srcdir + "/etc/sssd.api.d")
#Ensure the output file doesn't exist
try:
except:
pass
#Write out the file
#Verify that the output file has the correct permissions
#Output files should not be readable or writable by
#non-owners, and should not be executable by anyone
#Remove the output file
def testSpaces(self):
srcdir + "/etc/sssd.api.d")
pass
pass
def testBadBool(self):
srcdir + "/etc/sssd.api.d")
srcdir + "/etc/sssd.api.d")
pass
# Positive test
# Type Error test
# Name is not a string
# TypeError test
# schema is not an SSSDSchema
# ServiceNotRecognizedError test
def testListOptions(self):
control_list = [
'services',
'domains',
'timeout',
'force_timeout',
'sbus_timeout',
're_expression',
'full_name_format',
'krb5_rcache_dir',
'user',
'default_domain_suffix',
'debug_level',
'debug_timestamps',
'debug_microseconds',
'debug_to_files',
'command',
'reconnection_retries',
'fd_limit',
'client_idle_timeout',
'description']
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
"Option values should be a tuple")
"reconnection_retries should require an int. " +
"list_options is requiring a %s" %
"reconnection_retries should not require a subtype. " +
"list_options is requiring a %s" %
"reconnection_retries should have no default")
"Option values should be a tuple")
"services should require an list. " +
"list_options is requiring a %s" %
"services should require a subtype of str. " +
"list_options is requiring a %s" %
def testListMandatoryOptions(self):
control_list = [
'services',
'domains']
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
"Option values should be a tuple")
"services should require an list. " +
"list_options is requiring a %s" %
"services should require a subtype of str. " +
"list_options is requiring a %s" %
def testSetOption(self):
# Positive test - Exactly right
# Positive test - Allow converting "safe" values
# Positive test - Remove option if value is None
# Negative test - Nonexistent Option
# Negative test - Incorrect type
def testGetOption(self):
# Positive test - List of values
# Negative Test - Bad Option
def testGetAllOptions(self):
#Positive test
control_list = ['services']
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
def testRemoveOption(self):
# Positive test - Remove an option that exists
# Positive test - Remove an option that doesn't exist
srcdir + "/etc/sssd.api.d")
pass
# Positive Test
# Negative Test - Name not a string
# Negative Test - Schema is not an SSSDSchema
def testGetName(self):
# Positive Test
def testSetActive(self):
#Positive Test
# Should default to inactive
def testListOptions(self):
# First test default options
control_list = [
'description',
'debug_level',
'debug_timestamps',
'min_id',
'max_id',
'timeout',
'force_timeout',
'offline_timeout',
'try_inotify',
'command',
'enumerate',
'cache_credentials',
'cache_credentials_minimal_first_factor_length',
'store_legacy_passwords',
'use_fully_qualified_names',
'ignore_group_members',
'filter_users',
'filter_groups',
'entry_cache_timeout',
'entry_cache_user_timeout',
'entry_cache_group_timeout',
'entry_cache_netgroup_timeout',
'entry_cache_service_timeout',
'entry_cache_autofs_timeout',
'entry_cache_sudo_timeout',
'entry_cache_ssh_host_timeout',
'refresh_expired_interval',
'lookup_family_order',
'account_cache_expiration',
'dns_resolver_timeout',
'dns_discovery_domain',
'dyndns_update',
'dyndns_ttl',
'dyndns_iface',
'dyndns_refresh_interval',
'dyndns_update_ptr',
'dyndns_force_tcp',
'dyndns_auth',
'dyndns_server',
'subdomain_enumerate',
'override_gid',
'case_sensitive',
'override_homedir',
'fallback_homedir',
'homedir_substring',
'override_shell',
'default_shell',
'pwd_expiration_warning',
'id_provider',
'auth_provider',
'access_provider',
'chpass_provider',
'sudo_provider',
'autofs_provider',
'session_provider',
'hostid_provider',
'subdomains_provider',
'realmd_tags',
'subdomain_refresh_interval',
'subdomain_inherit',
'cached_auth_timeout']
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
"Option values should be a tuple")
"max_id should require an int. " +
"list_options is requiring a %s" %
"max_id should not require a subtype. " +
"list_options is requiring a %s" %
# Add a provider and verify that the new options appear
['default_shell',
'base_directory',
'create_homedir',
'remove_homedir',
'homedir_umask',
'skel_dir',
'mail_dir',
'userdel_cmd'])
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
# Add a provider that has global options and verify that
# The new options appear.
backup_list = control_list[:]
['krb5_server',
'krb5_backup_server',
'krb5_realm',
'krb5_kpasswd',
'krb5_backup_kpasswd',
'krb5_ccachedir',
'krb5_ccname_template',
'krb5_keytab',
'krb5_validate',
'krb5_store_password_if_offline',
'krb5_auth_timeout',
'krb5_renewable_lifetime',
'krb5_lifetime',
'krb5_renew_interval',
'krb5_use_fast',
'krb5_fast_principal',
'krb5_canonicalize',
'krb5_use_enterprise_principal',
'krb5_use_kdcinfo',
'krb5_map_user'])
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
# Remove the auth domain and verify that the options
# revert to the backup_list
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in backup_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
def testListMandatoryOptions(self):
# First test default options
control_list = ['id_provider']
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
# Add a provider that has global options and verify that
# The new options appear.
backup_list = control_list[:]
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
# Remove the auth domain and verify that the options
# revert to the backup_list
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in backup_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
def testListProviders(self):
'ipa': ['id', 'auth', 'access', 'chpass', 'sudo', 'autofs',
'session', 'hostid', 'subdomains'],
'ad': ['id', 'auth', 'access', 'chpass', 'sudo', 'subdomains'],
'local': ['id', 'auth', 'chpass'],
'ldap': ['id', 'auth', 'access', 'chpass', 'sudo', 'autofs'],
'krb5': ['auth', 'access', 'chpass'],
'proxy': ['id', 'auth', 'chpass'],
'simple': ['access'],
'permit': ['access'],
'deny': ['access']}
# Ensure that all of the expected defaults are there
def testListProviderOptions(self):
# Test looking up a specific provider type
control_list = [
'krb5_server',
'krb5_backup_server',
'krb5_kdcip',
'krb5_realm',
'krb5_kpasswd',
'krb5_backup_kpasswd',
'krb5_ccachedir',
'krb5_ccname_template',
'krb5_keytab',
'krb5_validate',
'krb5_store_password_if_offline',
'krb5_auth_timeout',
'krb5_renewable_lifetime',
'krb5_lifetime',
'krb5_renew_interval',
'krb5_use_fast',
'krb5_fast_principal',
'krb5_canonicalize',
'krb5_use_enterprise_principal',
'krb5_use_kdcinfo',
'krb5_map_user']
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
#Test looking up all provider values
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
def testAddProvider(self):
# Positive Test
# Negative Test - No such backend type
# Negative Test - No such backend subtype
# Negative Test - Try to add a second provider of the same type
def testRemoveProvider(self):
# First test default options
control_list = [
'description',
'debug_level',
'debug_timestamps',
'min_id',
'max_id',
'timeout',
'force_timeout',
'offline_timeout',
'try_inotify',
'command',
'enumerate',
'cache_credentials',
'cache_credentials_minimal_first_factor_length',
'store_legacy_passwords',
'use_fully_qualified_names',
'ignore_group_members',
'filter_users',
'filter_groups',
'entry_cache_timeout',
'entry_cache_user_timeout',
'entry_cache_group_timeout',
'entry_cache_netgroup_timeout',
'entry_cache_service_timeout',
'entry_cache_autofs_timeout',
'entry_cache_sudo_timeout',
'entry_cache_ssh_host_timeout',
'refresh_expired_interval',
'account_cache_expiration',
'lookup_family_order',
'dns_resolver_timeout',
'dns_discovery_domain',
'dyndns_update',
'dyndns_ttl',
'dyndns_iface',
'dyndns_refresh_interval',
'dyndns_update_ptr',
'dyndns_force_tcp',
'dyndns_auth',
'dyndns_server',
'subdomain_enumerate',
'override_gid',
'case_sensitive',
'override_homedir',
'fallback_homedir',
'homedir_substring',
'override_shell',
'default_shell',
'pwd_expiration_warning',
'id_provider',
'auth_provider',
'access_provider',
'chpass_provider',
'sudo_provider',
'autofs_provider',
'session_provider',
'hostid_provider',
'subdomains_provider',
'realmd_tags',
'subdomain_refresh_interval',
'subdomain_inherit',
'cached_auth_timeout']
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
"Option values should be a tuple")
"config_file_version should require an int. " +
"list_options is requiring a %s" %
"config_file_version should not require a subtype. " +
"list_options is requiring a %s" %
# Add a provider and verify that the new options appear
['default_shell',
'base_directory',
'create_homedir',
'remove_homedir',
'homedir_umask',
'skel_dir',
'mail_dir',
'userdel_cmd'])
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
# Add a provider that has global options and verify that
# The new options appear.
backup_list = control_list[:]
['krb5_server',
'krb5_backup_server',
'krb5_kdcip',
'krb5_realm',
'krb5_kpasswd',
'krb5_backup_kpasswd',
'krb5_ccachedir',
'krb5_ccname_template',
'krb5_keytab',
'krb5_validate',
'krb5_store_password_if_offline',
'krb5_auth_timeout',
'krb5_renewable_lifetime',
'krb5_lifetime',
'krb5_renew_interval',
'krb5_use_fast',
'krb5_fast_principal',
'krb5_canonicalize',
'krb5_use_enterprise_principal',
'krb5_use_kdcinfo',
'krb5_map_user'])
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in control_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
# Remove the local ID provider and add an LDAP one
# LDAP ID providers can also use the krb5_realm
# Set the krb5_realm option and the ldap_uri option
'EXAMPLE.COM')
'ldap://ldap.example.com')
# Remove the LDAP provider and verify that krb5_realm remains
'EXAMPLE.COM')
# Put the LOCAL provider back
# Remove the auth domain and verify that the options
# revert to the backup_list
"Options should be a dictionary")
# Ensure that all of the expected defaults are there
for option in backup_list:
"Option [%s] missing" %
# Ensure that there aren't any unexpected options listed
'Option [%s] unexpectedly found' %
# Ensure that the krb5_realm option is now gone
# Test removing nonexistent provider - Real
# Test removing nonexistent provider - Bad backend type
# Should pass without complaint
# Test removing nonexistent provider - Bad provider type
# Should pass without complaint
def testGetOption(self):
# Negative Test - Try to get valid option that is not set
# Positive Test - Set the above option and get it
# Negative Test - Try yo get invalid option
def testSetOption(self):
# Positive Test
# Positive Test - Remove option if value is None
# Negative Test - invalid option
# Negative Test - incorrect type
# Positive Test - Coax options to appropriate type
def testRemoveOption(self):
# Positive test - Remove unset but valid option
# Positive test - Remove unset and unknown option
def testSetName(self):
# Positive test - Change the name once
# Positive test - Change the name a second time
# Negative test - try setting the name to a non-string
# Positive test
srcdir + "/etc/sssd.api.d")
# Negative Test - No Such File
# Negative Test - Schema is not parsable
def testImportConfig(self):
# Positive Test
srcdir + "/etc/sssd.api.d")
# Verify that all sections were imported
control_list = [
'sssd',
'nss',
'pam',
'sudo',
]
for section in control_list:
"Section [%s] missing" %
# Verify that all options were imported for a section
control_list = [
'services',
'reconnection_retries',
'domains',
'debug_timestamps',
'config_file_version']
for option in control_list:
"Option [%s] missing from [sssd]" %
continue
"Option [%s] unexpectedly found" %
#TODO: Check the types and values of the settings
# Negative Test - Missing config file
srcdir + "/etc/sssd.api.d")
# Negative Test - Invalid config file
srcdir + "/etc/sssd.api.d")
self.assertRaises(SSSDConfig.ParsingError, sssdconfig.import_config, srcdir + "/testconfigs/sssd-invalid.conf")
# Negative Test - Invalid config file version
srcdir + "/etc/sssd.api.d")
self.assertRaises(SSSDConfig.ParsingError, sssdconfig.import_config, srcdir + "/testconfigs/sssd-badversion.conf")
# Negative Test - Already initialized
srcdir + "/etc/sssd.api.d")
# Positive Test
srcdir + "/etc/sssd.api.d")
)
# Validate services
#Verify service attributes
#Validate domain list
# Verify domain attributes
# Verify domain attributes
# Verify domain attributes
# Verify domain attributes
'cache_credentials',
'id_provider',
'auth_provider',
'access_provider',
'default_shell',
'fallback_homedir',
'cache_credentials',
'use_fully_qualified_names',
]
'ad_server',
'ldap_id_mapping',
'ldap_sasl_authid',
]
def testNewConfig(self):
# Positive Test
srcdir + "/etc/sssd.api.d")
# Check that the defaults were set
control_list = [
'sssd',
'nss',
'pam',
'sudo',
'autofs',
'ssh',
'pac',
'ifp']
for section in control_list:
"Section [%s] missing" %
control_list = ['services']
for option in control_list:
"Option [%s] missing from [sssd]" %
continue
"Option [%s] unexpectedly found" %
# Negative Test - Already Initialized
#TODO Write tests to compare output files
pass
def testListActiveServices(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not Initialized
# Positive Test
control_list = [
'nss',
'pam']
for service in control_list:
"Service [%s] missing" %
for service in active_services:
"Service [%s] unexpectedly found" %
def testListInactiveServices(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not Initialized
# Positive Test
control_list = [
'sssd',
'sudo']
for service in control_list:
"Service [%s] missing" %
for service in inactive_services:
"Service [%s] unexpectedly found" %
def testListServices(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - sssdconfig not initialized
control_list = [
'sssd',
'pam',
'nss',
'sudo',
'autofs',
'ssh',
'pac',
'ifp']
for service in control_list:
"Service [%s] missing" %
for service in service_list:
"Service [%s] unexpectedly found" %
def testGetService(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not initialized
# Verify the contents of this service
# Negative Test - No such service
# Positive test - Service with invalid option loads
# but ignores the invalid option
def testNewService(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not initialized
# Positive Test
# First need to remove the existing service
# TODO: check that the values of this new service
# are set to the defaults from the schema
def testDeleteService(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not initialized
# Positive Test
def testSaveService(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not initialized
# Positive Test
# TODO: check that all entries were saved correctly (change a few)
# Negative Test - Type Error
def testActivateService(self):
srcdir + "/etc/sssd.api.d")
service_name = 'sudo'
# Negative test - Not initialized
# Positive test - Activate an inactive service
# Positive test - Activate an active service
# This should succeed
# Negative test - Invalid service name
# Negative test - Invalid service name type
def testDeactivateService(self):
srcdir + "/etc/sssd.api.d")
service_name = 'pam'
# Negative test - Not initialized
# Positive test -Deactivate an active service
# Positive test - Deactivate an inactive service
# This should succeed
# Negative test - Invalid service name
# Negative test - Invalid service name type
def testListActiveDomains(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not Initialized
# Positive Test
control_list = [
'IPA',
'LOCAL']
for domain in control_list:
"Domain [%s] missing" %
for domain in active_domains:
"Domain [%s] unexpectedly found" %
def testListInactiveDomains(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not Initialized
# Positive Test
control_list = [
'PROXY',
'LDAP',
'INVALIDPROVIDER',
'INVALIDOPTION',
]
for domain in control_list:
"Domain [%s] missing" %
for domain in inactive_domains:
"Domain [%s] unexpectedly found" %
def testListDomains(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not Initialized
# Positive Test
control_list = [
'IPA',
'LOCAL',
'PROXY',
'LDAP',
'INVALIDPROVIDER',
'INVALIDOPTION',
]
for domain in control_list:
"Domain [%s] missing" %
"Domain [%s] unexpectedly found" %
def testGetDomain(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not initialized
# TODO verify the contents of this domain
# Negative Test - No such domain
# Positive Test - Domain with unknown provider
# Expected result: Domain is imported, but does not contain the
# unknown provider entry
# Positive Test - Domain with unknown option
# Expected result: Domain is imported, but does not contain the
# unknown option entry
def testNewDomain(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not initialized
# Positive Test
# TODO: check that the values of this new domain
# are set to the defaults from the schema
def testDeleteDomain(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not initialized
# Positive Test
def testSaveDomain(self):
srcdir + "/etc/sssd.api.d")
# Negative Test - Not initialized
# Positive Test
'ldap://ldap.example.com')
# Negative Test - Type Error
# Positive test - Change the domain name and save it
'ldap_uri'),
'ldap://ldap.example.com')
# Positive test - Set the domain inactive and save it
# Positive test - Set the domain active and save it
# Positive test - Set the domain inactive and save it
# Positive test - Set the domain active and save it
# Positive test - Ensure that saved domains retain values
'cn=accounts, dc=example, dc=com')
'cn=accounts, dc=example, dc=com')
#Ensure the output file doesn't exist
try:
except:
pass
#Write out the file
#Verify that the output file has the correct permissions
#Output files should not be readable or writable by
#non-owners, and should not be executable by anyone
#Remove the output file
def testActivateDomain(self):
srcdir + "/etc/sssd.api.d")
domain_name = 'PROXY'
# Negative test - Not initialized
# Positive test - Activate an inactive domain
# Positive test - Activate an active domain
# This should succeed
# Negative test - Invalid domain name
# Negative test - Invalid domain name type
def testDeactivateDomain(self):
srcdir + "/etc/sssd.api.d")
domain_name = 'IPA'
# Negative test - Not initialized
# Positive test -Deactivate an active domain
# Positive test - Deactivate an inactive domain
# This should succeed
# Negative test - Invalid domain name
# Negative test - Invalid domain name type
if __name__ == "__main__":
error = 0
if not res.wasSuccessful():
error |= 0x1
if not res.wasSuccessful():
error |= 0x2
if not res.wasSuccessful():
error |= 0x4
if not res.wasSuccessful():
error |= 0x8
if not res.wasSuccessful():
error |= 0x10