Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142
							import logging
import pytest
import os
from lib389.utils import ds_is_older
from lib389._constants import *
from lib389.plugins import AutoMembershipPlugin, AutoMembershipDefinitions
from lib389.idm.user import UserAccounts
from lib389.idm.group import Groups
from lib389.topologies import topology_st as topo

# Skip on older versions
pytestmark = pytest.mark.skipif(ds_is_older('1.4.0'), reason="Not implemented")

DEBUGGING = os.getenv("DEBUGGING", default=False)
if DEBUGGING:
    logging.getLogger(__name__).setLevel(logging.DEBUG)
else:
    logging.getLogger(__name__).setLevel(logging.INFO)
log = logging.getLogger(__name__)


@pytest.fixture(scope="module")
def automember_fixture(topo, request):
    # Create group
    groups = []
    group_obj = Groups(topo.standalone, DEFAULT_SUFFIX)
    groups.append(group_obj.create(properties={'cn': 'testgroup'}))
    groups.append(group_obj.create(properties={'cn': 'testgroup2'}))
    groups.append(group_obj.create(properties={'cn': 'testgroup3'}))

    # Create test user
    user_accts = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
    user = user_accts.create_test_user()

    # Create automember definitions and regex rules
    automember_prop = {
        'cn': 'testgroup_definition',
        'autoMemberScope': DEFAULT_SUFFIX,
        'autoMemberFilter': 'objectclass=posixaccount',
        'autoMemberDefaultGroup': groups[0].dn,
        'autoMemberGroupingAttr': 'member:dn',
    }
    automembers = AutoMembershipDefinitions(topo.standalone)
    auto_def = automembers.create(properties=automember_prop)
    auto_def.add_regex_rule("regex1", groups[1].dn, include_regex=['cn=mark.*'])
    auto_def.add_regex_rule("regex2", groups[2].dn, include_regex=['cn=simon.*'])

    # Enable plugin
    automemberplugin = AutoMembershipPlugin(topo.standalone)
    automemberplugin.enable()
    topo.standalone.restart()

    return (user, groups)


def test_mods(automember_fixture, topo):
    """Modify the user so that it is added to the various automember groups

    :id: 28a2b070-7f16-4905-8831-c80fa6441693
    :setup: Standalone Instance
    :steps:
        1. Update user that should add it to group[0]
        2. Update user that should add it to group[1]
        3. Update user that should add it to group[2]
        4. Update user that should add it to group[0]
        5. Test rebuild task correctly moves user to group[1]
    :expectedresults:
        1. Success
        2. Success
        3. Success
        4. Success
        5. Success
    """
    (user, groups) = automember_fixture

    # Update user which should go into group[0]
    user.replace('cn', 'whatever')
    groups[0].is_member(user.dn)
    if groups[1].is_member(user.dn):
        assert False
    if groups[2].is_member(user.dn):
        assert False

    # Update user0 which should go into group[1]
    user.replace('cn', 'mark')
    groups[1].is_member(user.dn)
    if groups[0].is_member(user.dn):
        assert False
    if groups[2].is_member(user.dn):
        assert False

    # Update user which should go into group[2]
    user.replace('cn', 'simon')
    groups[2].is_member(user.dn)
    if groups[0].is_member(user.dn):
        assert False
    if groups[1].is_member(user.dn):
        assert False

    # Update user which should go back into group[0] (full circle)
    user.replace('cn', 'whatever')
    groups[0].is_member(user.dn)
    if groups[1].is_member(user.dn):
        assert False
    if groups[2].is_member(user.dn):
        assert False

    #
    # Test rebuild task.  First disable plugin
    #
    automemberplugin = AutoMembershipPlugin(topo.standalone)
    automemberplugin.disable()
    topo.standalone.restart()

    # Make change that would move the entry from group[0] to group[1]
    user.replace('cn', 'mark')

    # Enable plugin
    automemberplugin.enable()
    topo.standalone.restart()

    # Run rebuild task
    task = automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=posixaccount")
    task.wait()

    # Test membership
    groups[1].is_member(user.dn)
    if groups[0].is_member(user.dn):
        assert False
    if groups[2].is_member(user.dn):
        assert False

    # Success
    log.info("Test PASSED")


if __name__ == '__main__':
    # Run isolated
    # -s for DEBUG mode
    CURRENT_FILE = os.path.realpath(__file__)
    pytest.main(["-s", CURRENT_FILE])