Imported Upstream version 4.3.1

ipatests/test_xmlrpc/test_sudorule_plugin.py

@@ -18,17 +18,16 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
-Test the `ipaserver/plugins/sudorule.py` module.
+Test the `ipalib/plugins/sudorule.py` module.
 """
 
-import pytest
+from nose.tools import raises, assert_raises  # pylint: disable=E0611
 import six
 
 from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test, assert_attr_equal
 from ipalib import api
 from ipalib import errors
-
-# pylint: disable=unused-variable
+import pytest
 
 if six.PY3:
     unicode = str
@@ -41,7 +40,6 @@ class test_sudorule(XMLRPC_test):
     """
     rule_name = u'testing_sudorule1'
     rule_name2 = u'testing_sudorule2'
-    rule_renamed = u'testing_mega_sudorule'
     rule_command = u'/usr/bin/testsudocmd1'
     rule_desc = u'description'
     rule_desc_mod = u'description modified'
@@ -78,14 +76,14 @@ class test_sudorule(XMLRPC_test):
         assert_attr_equal(entry, 'cn', self.rule_name)
         assert_attr_equal(entry, 'description', self.rule_desc)
 
+    @raises(errors.DuplicateEntry)
     def test_1_sudorule_add(self):
         """
         Test adding an duplicate Sudo rule using `xmlrpc.sudorule_add'.
         """
-        with pytest.raises(errors.DuplicateEntry):
-            api.Command['sudorule_add'](
-                self.rule_name
-            )
+        api.Command['sudorule_add'](
+            self.rule_name
+        )
 
     def test_2_sudorule_show(self):
         """
@@ -393,19 +391,11 @@ class test_sudorule(XMLRPC_test):
         Test adding an option to Sudo rule using
         `xmlrpc.sudorule_add_option`.
         """
-        # Add a user and group to the sudorule so we can test that
-        # membership is properly translated in add_option.
-        ret = api.Command['sudorule_add_user'](
-            self.rule_name, user=self.test_user, group=self.test_group
-        )
-        assert ret['completed'] == 2
         ret = api.Command['sudorule_add_option'](
             self.rule_name, ipasudoopt=self.test_option
         )
         entry = ret['result']
         assert_attr_equal(entry, 'ipasudoopt', self.test_option)
-        assert_attr_equal(entry, 'memberuser_user', self.test_user)
-        assert_attr_equal(entry, 'memberuser_group', self.test_group)
 
     def test_b_sudorule_remove_option(self):
         """
@@ -417,14 +407,6 @@ class test_sudorule(XMLRPC_test):
         )
         entry = ret['result']
         assert 'ipasudoopt' not in entry
-        # Verify that membership is properly converted in remove_option
-        assert_attr_equal(entry, 'memberuser_user', self.test_user)
-        assert_attr_equal(entry, 'memberuser_group', self.test_group)
-        # Clean up by removing the user and group added in add_option
-        ret = api.Command['sudorule_remove_user'](
-            self.rule_name, user=self.test_user, group=self.test_group
-        )
-        assert ret['completed'] == 2
 
     def test_a_sudorule_add_host(self):
         """
@@ -621,107 +603,91 @@ class test_sudorule(XMLRPC_test):
         assert 'memberdenycmd_sudocmd' not in entry
         assert 'memberdenycmd_sudocmdgroup' not in entry
 
+    @raises(errors.MutuallyExclusiveError)
     def test_c_sudorule_exclusiveuser(self):
         """
         Test adding a user to an Sudo rule when usercat='all'
         """
         api.Command['sudorule_mod'](self.rule_name, usercategory=u'all')
         try:
-            with pytest.raises(errors.MutuallyExclusiveError):
-                api.Command['sudorule_add_user'](
-                    self.rule_name, user=u'admin'
-                )
+            api.Command['sudorule_add_user'](self.rule_name, user=u'admin')
         finally:
             api.Command['sudorule_mod'](self.rule_name, usercategory=u'')
 
+    @raises(errors.MutuallyExclusiveError)
     def test_d_sudorule_exclusiveuser(self):
         """
         Test setting usercat='all' in an Sudo rule when there are users
         """
         api.Command['sudorule_add_user'](self.rule_name, user=u'admin')
         try:
-            with pytest.raises(errors.MutuallyExclusiveError):
-                api.Command['sudorule_mod'](
-                    self.rule_name, usercategory=u'all'
-                )
+            api.Command['sudorule_mod'](self.rule_name, usercategory=u'all')
         finally:
             api.Command['sudorule_remove_user'](self.rule_name, user=u'admin')
 
+    @raises(errors.MutuallyExclusiveError)
     def test_e_sudorule_exclusivehost(self):
         """
         Test adding a host to an Sudo rule when hostcat='all'
         """
         api.Command['sudorule_mod'](self.rule_name, hostcategory=u'all')
         try:
-            with pytest.raises(errors.MutuallyExclusiveError):
-                api.Command['sudorule_add_host'](
-                    self.rule_name, host=self.test_host
-                )
+            api.Command['sudorule_add_host'](self.rule_name, host=self.test_host)
         finally:
             api.Command['sudorule_mod'](self.rule_name, hostcategory=u'')
 
+    @raises(errors.MutuallyExclusiveError)
     def test_f_sudorule_exclusivehost(self):
         """
         Test setting hostcat='all' in an Sudo rule when there are hosts
         """
         api.Command['sudorule_add_host'](self.rule_name, host=self.test_host)
         try:
-            with pytest.raises(errors.MutuallyExclusiveError):
-                api.Command['sudorule_mod'](
-                    self.rule_name, hostcategory=u'all'
-                )
+            api.Command['sudorule_mod'](self.rule_name, hostcategory=u'all')
         finally:
             api.Command['sudorule_remove_host'](self.rule_name, host=self.test_host)
 
+    @raises(errors.MutuallyExclusiveError)
     def test_g_sudorule_exclusivecommand(self):
         """
         Test adding a command to an Sudo rule when cmdcategory='all'
         """
         api.Command['sudorule_mod'](self.rule_name, cmdcategory=u'all')
         try:
-            with pytest.raises(errors.MutuallyExclusiveError):
-                api.Command['sudorule_add_allow_command'](
-                    self.rule_name, sudocmd=self.test_command
-                )
+            api.Command['sudorule_add_allow_command'](self.rule_name, sudocmd=self.test_command)
         finally:
             api.Command['sudorule_mod'](self.rule_name, cmdcategory=u'')
 
+    @raises(errors.MutuallyExclusiveError)
     def test_h_sudorule_exclusivecommand(self):
         """
         Test setting cmdcategory='all' in an Sudo rule when there are commands
         """
         api.Command['sudorule_add_allow_command'](self.rule_name, sudocmd=self.test_command)
         try:
-            with pytest.raises(errors.MutuallyExclusiveError):
-                api.Command['sudorule_mod'](
-                    self.rule_name, cmdcategory=u'all'
-                )
+            api.Command['sudorule_mod'](self.rule_name, cmdcategory=u'all')
         finally:
             api.Command['sudorule_remove_allow_command'](self.rule_name, sudocmd=self.test_command)
 
+    @raises(errors.MutuallyExclusiveError)
     def test_i_sudorule_exclusiverunas(self):
         """
         Test adding a runasuser to an Sudo rule when ipasudorunasusercategory='all'
         """
         api.Command['sudorule_mod'](self.rule_name, ipasudorunasusercategory=u'all')
         try:
-            with pytest.raises(errors.MutuallyExclusiveError):
-                api.Command['sudorule_add_runasuser'](
-                    self.rule_name, user=self.test_user
-                )
+            api.Command['sudorule_add_runasuser'](self.rule_name, user=self.test_user)
         finally:
             api.Command['sudorule_mod'](self.rule_name, ipasudorunasusercategory=u'')
 
+    @raises(errors.MutuallyExclusiveError)
     def test_j_1_sudorule_exclusiverunas(self):
         """
         Test setting ipasudorunasusercategory='all' in an Sudo rule when there are runas users
         """
         api.Command['sudorule_add_runasuser'](self.rule_name, user=self.test_user)
         try:
-            with pytest.raises(errors.MutuallyExclusiveError):
-                api.Command['sudorule_mod'](
-                    self.rule_name, ipasudorunasusercategory=u'all'
-                )
+            api.Command['sudorule_mod'](self.rule_name, ipasudorunasusercategory=u'all')
         finally:
             api.Command['sudorule_remove_runasuser'](self.rule_name, user=self.test_command)
 
@@ -797,36 +763,23 @@ class test_sudorule(XMLRPC_test):
         api.Command['sudorule_del'](self.rule_name2)
 
         # add a new rule with a duplicate order
-        with pytest.raises(errors.ValidationError):
+        with assert_raises(errors.ValidationError):
             api.Command['sudorule_add'](self.rule_name2, sudoorder=1)
 
         # add a new rule with a unique order
         api.Command['sudorule_add'](self.rule_name2, sudoorder=2)
-        with pytest.raises(errors.ValidationError):
+        with assert_raises(errors.ValidationError):
             api.Command['sudorule_mod'](self.rule_name2, sudoorder=1)
 
         # Try setting both to 0
         api.Command['sudorule_mod'](self.rule_name2, sudoorder=0)
-        with pytest.raises(errors.ValidationError):
+        with assert_raises(errors.ValidationError):
             api.Command['sudorule_mod'](self.rule_name, sudoorder=0)
 
         # Try unsetting sudoorder from both rules
         api.Command['sudorule_mod'](self.rule_name, sudoorder=None)
         api.Command['sudorule_mod'](self.rule_name2, sudoorder=None)
 
-    def test_l_1_sudorule_rename(self):
-        """
-        Test renaming an HBAC rule, rename it back afterwards
-        """
-        api.Command['sudorule_mod'](
-            self.rule_name, rename=self.rule_renamed
-        )
-        entry = api.Command['sudorule_show'](self.rule_renamed)['result']
-        assert_attr_equal(entry, 'cn', self.rule_renamed)
-        # clean up by renaming the rule back
-        api.Command['sudorule_mod'](
-            self.rule_renamed, rename=self.rule_name
-        )
 
     def test_m_sudorule_del(self):
         """
@@ -834,6 +787,6 @@ class test_sudorule(XMLRPC_test):
         """
         api.Command['sudorule_del'](self.rule_name)
         # verify that it's gone
-        with pytest.raises(errors.NotFound):
+        with assert_raises(errors.NotFound):
             api.Command['sudorule_show'](self.rule_name)
         api.Command['sudorule_del'](self.rule_name2)