This is an automated email from the git hooks/post-receive script.
firstyear pushed a commit to branch master
in repository lib389.
commit 709d57247eef82d92d6e05d661ff6f575a25a6cd
Author: Ilias Stamatis <stamatis.iliass(a)gmail.com>
Date: Sun Aug 13 23:00:31 2017 +0300
Issue 45 - Add support for Rootdn Access Control plugin
Description: Add dsconf support for configuring the Rootdn Access
Control plugin from the command line.
https://pagure.io/lib389/issue/45
Author: Ilias95
Review by: wibrown (Thanks!)
---
cli/dsconf | 2 +
lib389/cli_conf/plugins/rootdn_ac.py | 229 +++++++++++++++++++
lib389/plugins.py | 171 ++++++++++++++
lib389/tests/cli/conf_plugins/rootdn_ac_test.py | 281 ++++++++++++++++++++++++
4 files changed, 683 insertions(+)
diff --git a/cli/dsconf b/cli/dsconf
index 765b4e5..73d12a2 100755
--- a/cli/dsconf
+++ b/cli/dsconf
@@ -24,6 +24,7 @@ from lib389.cli_conf import schema as cli_schema
from lib389.cli_conf import health as cli_health
from lib389.cli_conf.plugins import memberof as cli_memberof
from lib389.cli_conf.plugins import usn as cli_usn
+from lib389.cli_conf.plugins import rootdn_ac as cli_rootdn_ac
from lib389.cli_conf.plugins import whoami as cli_whoami
from lib389.cli_base import disconnect_instance, connect_instance
@@ -68,6 +69,7 @@ if __name__ == '__main__':
cli_plugin.create_parser(subparsers)
cli_memberof.create_parser(subparsers)
cli_usn.create_parser(subparsers)
+ cli_rootdn_ac.create_parser(subparsers)
cli_whoami.create_parser(subparsers)
args = parser.parse_args()
diff --git a/lib389/cli_conf/plugins/rootdn_ac.py b/lib389/cli_conf/plugins/rootdn_ac.py
new file mode 100644
index 0000000..1e11504
--- /dev/null
+++ b/lib389/cli_conf/plugins/rootdn_ac.py
@@ -0,0 +1,229 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2017 Red Hat, Inc.
+# All rights reserved.
+#
+# License: GPL (version 3 or any later version).
+# See LICENSE for details.
+# --- END COPYRIGHT BLOCK ---
+
+import ldap
+
+from lib389.plugins import RootDNAccessControlPlugin
+from lib389.cli_conf.plugin import add_generic_plugin_parsers
+
+
+def display_time(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ val = plugin.get_open_time_formatted()
+ if not val:
+ log.info("rootdn-open-time is not set")
+ else:
+ log.info(val)
+ val = plugin.get_close_time_formatted()
+ if not val:
+ log.info("rootdn-close-time is not set")
+ else:
+ log.info(val)
+
+def set_open_time(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ plugin.set_open_time(args.value)
+ log.info('rootdn-open-time set to "{}"'.format(args.value))
+
+def set_close_time(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ plugin.set_close_time(args.value)
+ log.info('rootdn-close-time set to "{}"'.format(args.value))
+
+def clear_time(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ plugin.remove_open_time()
+ plugin.remove_close_time()
+ log.info('time-based policy was cleared')
+
+def display_ips(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ allowed_ips = plugin.get_allow_ip_formatted()
+ denied_ips = plugin.get_deny_ip_formatted()
+ if not allowed_ips and not denied_ips:
+ log.info("No ip-based access control policy has been configured")
+ else:
+ log.info(allowed_ips)
+ log.info(denied_ips)
+
+def allow_ip(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+
+ # remove ip from denied ips
+ try:
+ plugin.remove_deny_ip(args.value)
+ except ldap.NO_SUCH_ATTRIBUTE:
+ pass
+
+ try:
+ plugin.add_allow_ip(args.value)
+ except ldap.TYPE_OR_VALUE_EXISTS:
+ pass
+ log.info('{} added to rootdn-allow-ip'.format(args.value))
+
+def deny_ip(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+
+ # remove ip from allowed ips
+ try:
+ plugin.remove_allow_ip(args.value)
+ except ldap.NO_SUCH_ATTRIBUTE:
+ pass
+
+ try:
+ plugin.add_deny_ip(args.value)
+ except ldap.TYPE_OR_VALUE_EXISTS:
+ pass
+ log.info('{} added to rootdn-deny-ip'.format(args.value))
+
+def clear_all_ips(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ plugin.remove_all_allow_ip()
+ plugin.remove_all_deny_ip()
+ log.info('ip-based policy was cleared')
+
+def display_hosts(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ allowed_hosts = plugin.get_allow_host_formatted()
+ denied_hosts = plugin.get_deny_host_formatted()
+ if not allowed_hosts and not denied_hosts:
+ log.info("No host-based access control policy has been configured")
+ else:
+ log.info(allowed_hosts)
+ log.info(denied_hosts)
+
+def allow_host(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+
+ # remove host from denied hosts
+ try:
+ plugin.remove_deny_host(args.value)
+ except ldap.NO_SUCH_ATTRIBUTE:
+ pass
+
+ try:
+ plugin.add_allow_host(args.value)
+ except ldap.TYPE_OR_VALUE_EXISTS:
+ pass
+ log.info('{} added to rootdn-allow-host'.format(args.value))
+
+def deny_host(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+
+ # remove host from allowed hosts
+ try:
+ plugin.remove_allow_host(args.value)
+ except ldap.NO_SUCH_ATTRIBUTE:
+ pass
+
+ try:
+ plugin.add_deny_host(args.value)
+ except ldap.TYPE_OR_VALUE_EXISTS:
+ pass
+ log.info('{} added to rootdn-deny-host'.format(args.value))
+
+def clear_all_hosts(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ plugin.remove_all_allow_host()
+ plugin.remove_all_deny_host()
+ log.info('host-based policy was cleared')
+
+def display_days(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ days = plugin.get_days_allowed_formatted()
+ if not days:
+ log.info("No day-based access control policy has been configured")
+ else:
+ log.info(days)
+
+def allow_day(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ args.value = args.value[0:3]
+ plugin.add_allow_day(args.value)
+ log.info('{} added to rootdn-days-allowed'.format(args.value))
+
+def deny_day(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ args.value = args.value[0:3]
+ plugin.remove_allow_day(args.value)
+ log.info('{} removed from rootdn-days-allowed'.format(args.value))
+
+def clear_all_days(inst, basedn, log, args):
+ plugin = RootDNAccessControlPlugin(inst)
+ plugin.remove_days_allowed()
+ log.info('day-based policy was cleared')
+
+
+def create_parser(subparsers):
+ rootdnac_parser = subparsers.add_parser('rootdn', help='Manage and
configure RootDN Access Control plugin')
+ subcommands = rootdnac_parser.add_subparsers(help='action')
+ add_generic_plugin_parsers(subcommands, RootDNAccessControlPlugin)
+
+ time_parser = subcommands.add_parser('time', help='get or set rootdn open
and close times')
+ time_parser.set_defaults(func=display_time)
+
+ time_subcommands = time_parser.add_subparsers(help='action')
+
+ open_time_parser = time_subcommands.add_parser('open', help='set open
time value')
+ open_time_parser.set_defaults(func=set_open_time)
+ open_time_parser.add_argument('value', help='Value to set as open
time')
+
+ close_time_parser = time_subcommands.add_parser('close', help='set close
time value')
+ close_time_parser.set_defaults(func=set_close_time)
+ close_time_parser.add_argument('value', help='Value to set as close
time')
+
+ time_clear_parser = time_subcommands.add_parser('clear', help='reset
time-based access policy')
+ time_clear_parser.set_defaults(func=clear_time)
+
+ ip_parser = subcommands.add_parser('ip', help='get or set ip access
policy')
+ ip_parser.set_defaults(func=display_ips)
+
+ ip_subcommands = ip_parser.add_subparsers(help='action')
+
+ ip_allow_parser = ip_subcommands.add_parser('allow', help='allow IP addr
or IP addr range')
+ ip_allow_parser.set_defaults(func=allow_ip)
+ ip_allow_parser.add_argument('value', help='IP addr or IP addr
range')
+
+ ip_deny_parser = ip_subcommands.add_parser('deny', help='deny IP addr or
IP addr range')
+ ip_deny_parser.set_defaults(func=deny_ip)
+ ip_deny_parser.add_argument('value', help='IP addr or IP addr
range')
+
+ ip_clear_parser = ip_subcommands.add_parser('clear', help='reset IP-based
access policy')
+ ip_clear_parser.set_defaults(func=clear_all_ips)
+
+ host_parser = subcommands.add_parser('host', help='get or set host access
policy')
+ host_parser.set_defaults(func=display_hosts)
+
+ host_subcommands = host_parser.add_subparsers(help='action')
+
+ host_allow_parser = host_subcommands.add_parser('allow', help='allow host
address')
+ host_allow_parser.set_defaults(func=allow_host)
+ host_allow_parser.add_argument('value', help='host address')
+
+ host_deny_parser = host_subcommands.add_parser('deny', help='deny host
address')
+ host_deny_parser.set_defaults(func=deny_host)
+ host_deny_parser.add_argument('value', help='host address')
+
+ host_clear_parser = host_subcommands.add_parser('clear', help='reset
host-based access policy')
+ host_clear_parser.set_defaults(func=clear_all_hosts)
+
+ day_parser = subcommands.add_parser('day', help='get or set days access
policy')
+ day_parser.set_defaults(func=display_days)
+
+ day_subcommands = day_parser.add_subparsers(help='action')
+
+ day_allow_parser = day_subcommands.add_parser('allow', help='allow day of
the week')
+ day_allow_parser.set_defaults(func=allow_day)
+ day_allow_parser.add_argument('value', type=str.capitalize, help='day of
the week')
+
+ day_deny_parser = day_subcommands.add_parser('deny', help='deny day of
the week')
+ day_deny_parser.set_defaults(func=deny_day)
+ day_deny_parser.add_argument('value', type=str.capitalize, help='day of
the week')
+
+ day_clear_parser = day_subcommands.add_parser('clear', help='reset
day-based access policy')
+ day_clear_parser.set_defaults(func=clear_all_days)
diff --git a/lib389/plugins.py b/lib389/plugins.py
index 944d130..61567fe 100644
--- a/lib389/plugins.py
+++ b/lib389/plugins.py
@@ -383,8 +383,179 @@ class WhoamiPlugin(Plugin):
super(WhoamiPlugin, self).__init__(instance, dn, batch)
class RootDNAccessControlPlugin(Plugin):
+ _plugin_properties = {
+ 'cn' : 'RootDN Access Control',
+ 'nsslapd-pluginEnabled' : 'off',
+ 'nsslapd-pluginPath' : 'librootdn-access-plugin',
+ 'nsslapd-pluginInitfunc' : 'rootdn_init',
+ 'nsslapd-pluginType' : 'internalpreoperation',
+ 'nsslapd-plugin-depends-on-type' : 'database',
+ 'nsslapd-pluginId' : 'RootDN Access Control',
+ 'nsslapd-pluginVendor' : '389 Project',
+ 'nsslapd-pluginVersion' : '1.3.6',
+ 'nsslapd-pluginDescription' : 'RootDN Access Control plugin',
+ }
+
def __init__(self, instance, dn="cn=RootDN Access
Control,cn=plugins,cn=config", batch=False):
super(RootDNAccessControlPlugin, self).__init__(instance, dn, batch)
+ self._create_objectclasses.extend(['rootDNPluginConfig'])
+
+ def get_open_time(self):
+ return self.get_attr_val_utf8('rootdn-open-time')
+
+ def get_open_time_formatted(self):
+ return self.display_attr('rootdn-open-time')
+
+ def set_open_time(self, attr):
+ self.set('rootdn-open-time', attr)
+
+ def remove_open_time(self):
+ self.remove_all('rootdn-open-time')
+
+ def get_close_time(self):
+ return self.get_attr_val_utf8('rootdn-close-time')
+
+ def get_close_time_formatted(self):
+ return self.display_attr('rootdn-close-time')
+
+ def set_close_time(self, attr):
+ self.set('rootdn-close-time', attr)
+
+ def remove_close_time(self):
+ self.remove_all('rootdn-close-time')
+
+ def get_days_allowed(self):
+ return self.get_attr_val_utf8('rootdn-days-allowed')
+
+ def get_days_allowed_formatted(self):
+ return self.display_attr('rootdn-days-allowed')
+
+ def set_days_allowed(self, attr):
+ self.set('rootdn-days-allowed', attr)
+
+ def remove_days_allowed(self):
+ self.remove_all('rootdn-days-allowed')
+
+ def add_allow_day(self, day):
+ days = self.get_days_allowed()
+ if days is None:
+ days = ""
+ days = self.add_day_to_days(days, day)
+ if days:
+ self.set_days_allowed(days)
+ else:
+ self.remove_days_allowed()
+
+ def remove_allow_day(self, day):
+ days = self.get_days_allowed()
+ if days is None:
+ days = ""
+ days = self.remove_day_from_days(days, day)
+ if days:
+ self.set_days_allowed(days)
+ else:
+ self.remove_days_allowed()
+
+ def get_allow_host(self):
+ return self.get_attr_val_utf8('rootdn-allow-host')
+
+ def get_allow_host_formatted(self):
+ return self.display_attr('rootdn-allow-host')
+
+ def add_allow_host(self, attr):
+ self.add('rootdn-allow-host', attr)
+
+ def remove_allow_host(self, attr):
+ self.remove('rootdn-allow-host', attr)
+
+ def remove_all_allow_host(self):
+ self.remove_all('rootdn-allow-host')
+
+ def get_deny_host(self):
+ return self.get_attr_val_utf8('rootdn-deny-host')
+
+ def get_deny_host_formatted(self):
+ return self.display_attr('rootdn-deny-host')
+
+ def add_deny_host(self, attr):
+ self.add('rootdn-deny-host', attr)
+
+ def remove_deny_host(self, attr):
+ self.remove('rootdn-deny-host', attr)
+
+ def remove_all_deny_host(self):
+ self.remove_all('rootdn-deny-host')
+
+ def get_allow_ip(self):
+ return self.get_attr_val_utf8('rootdn-allow-ip')
+
+ def get_allow_ip_formatted(self):
+ return self.display_attr('rootdn-allow-ip')
+
+ def add_allow_ip(self, attr):
+ self.add('rootdn-allow-ip', attr)
+
+ def remove_allow_ip(self, attr):
+ self.remove('rootdn-allow-ip', attr)
+
+ def remove_all_allow_ip(self):
+ self.remove_all('rootdn-allow-ip')
+
+ def get_deny_ip(self):
+ return self.get_attr_val_utf8('rootdn-deny-ip')
+
+ def get_deny_ip_formatted(self):
+ return self.display_attr('rootdn-deny-ip')
+
+ def add_deny_ip(self, attr):
+ self.add('rootdn-deny-ip', attr)
+
+ def remove_deny_ip(self, attr):
+ self.remove('rootdn-deny-ip', attr)
+
+ def remove_all_deny_ip(self):
+ self.remove_all('rootdn-deny-ip')
+
+ @staticmethod
+ def add_day_to_days(string_of_days, day):
+ """
+ Append a day in a string of comma seperated days and return the string.
+ If day already exists in the string, return processed string.
+
+ Keyword arguments:
+ string_of_days -- a string of comma seperated days
+ examples:
+ Mon
+ Tue, Wed, Thu
+ day -- a day, e.g. Mon, Tue, etc.
+ """
+ days = [i.strip() for i in string_of_days.split(',') if i]
+
+ if not day in days:
+ days.append(day)
+
+ return ", ".join(days)
+
+ @staticmethod
+ def remove_day_from_days(string_of_days, day):
+ """
+ Remove a day from a string of comma seperated days and return the string.
+ If day does not exists in the string, return processed string.
+
+ Keyword arguments:
+ string_of_days -- a string of comma seperated days
+ examples:
+ Mon
+ Tue, Wed, Thu
+ day -- a day, e.g. Mon, Tue, etc.
+ """
+ days = [i.strip() for i in string_of_days.split(',') if i]
+
+ if day in days:
+ days.remove(day)
+
+ return ", ".join(days)
+
class LDBMBackendPlugin(Plugin):
def __init__(self, instance, dn="cn=ldbm database,cn=plugins,cn=config",
batch=False):
diff --git a/lib389/tests/cli/conf_plugins/rootdn_ac_test.py
b/lib389/tests/cli/conf_plugins/rootdn_ac_test.py
new file mode 100644
index 0000000..76650b2
--- /dev/null
+++ b/lib389/tests/cli/conf_plugins/rootdn_ac_test.py
@@ -0,0 +1,281 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2016-2017 Red Hat, Inc.
+# All rights reserved.
+#
+# License: GPL (version 3 or any later version).
+# See LICENSE for details.
+# --- END COPYRIGHT BLOCK ---
+
+import pytest
+
+from lib389.tests.cli import topology as default_topology
+from lib389.cli_base import LogCapture, FakeArgs
+from lib389.plugins import RootDNAccessControlPlugin
+from lib389.cli_conf.plugins import rootdn_ac as rootdn_cli
+
+
+(a)pytest.fixture(scope="module")
+def topology(request):
+ topology = default_topology(request)
+
+ plugin = RootDNAccessControlPlugin(topology.standalone)
+ if not plugin.exists():
+ plugin.create()
+
+ # we need to restart the server after enabling the plugin
+ plugin.enable()
+ topology.standalone.restart()
+ topology.logcap.flush()
+
+ return topology
+
+def test_set_open_time(topology):
+ args = FakeArgs()
+
+ args.value = "1030"
+ rootdn_cli.set_open_time(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-open-time set to")
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_time(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-open-time: 1030")
+ topology.logcap.flush()
+
+def test_set_close_time(topology):
+ args = FakeArgs()
+
+ args.value = "1545"
+ rootdn_cli.set_close_time(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-close-time set to")
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_time(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-close-time: 1545")
+ topology.logcap.flush()
+
+def test_clear_time(topology):
+ args = FakeArgs()
+
+ rootdn_cli.clear_time(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("time-based policy was cleared")
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_time(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-open-time is not set")
+ assert topology.logcap.contains("rootdn-close-time is not set")
+ topology.logcap.flush()
+
+def test_allow_ip(topology):
+ args = FakeArgs()
+
+ args.value = "127.0.0.1"
+ rootdn_cli.allow_ip(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-allow-ip".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_ips(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-allow-ip: 127.0.0.1")
+ topology.logcap.flush()
+
+def test_deny_ip(topology):
+ args = FakeArgs()
+
+ args.value = "127.0.0.2"
+ rootdn_cli.deny_ip(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-deny-ip".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_ips(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-deny-ip: 127.0.0.2")
+ topology.logcap.flush()
+
+def test_when_ip_is_allowed_its_not_denied(topology):
+ args = FakeArgs()
+
+ args.value = "127.0.0.3"
+ rootdn_cli.deny_ip(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-deny-ip".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_ips(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-deny-ip: 127.0.0.3")
+ topology.logcap.flush()
+
+ args.value = "127.0.0.3"
+ rootdn_cli.allow_ip(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-allow-ip".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_ips(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-allow-ip: 127.0.0.3")
+ assert not topology.logcap.contains("rootdn-deny-ip: 127.0.0.3")
+ topology.logcap.flush()
+
+def test_when_ip_is_denied_its_not_allowed(topology):
+ args = FakeArgs()
+
+ args.value = "127.0.0.4"
+ rootdn_cli.allow_ip(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-allow-ip".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_ips(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-allow-ip: 127.0.0.4")
+ topology.logcap.flush()
+
+ args.value = "127.0.0.4"
+ rootdn_cli.deny_ip(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-deny-ip".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_ips(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-deny-ip: 127.0.0.4")
+ assert not topology.logcap.contains("rootdn-allow-ip: 127.0.0.4")
+ topology.logcap.flush()
+
+def test_clear_ips(topology):
+ args = FakeArgs()
+
+ rootdn_cli.clear_all_ips(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("ip-based policy was cleared")
+ topology.logcap.flush()
+
+def test_allow_host(topology):
+ args = FakeArgs()
+
+ args.value = "example1.com"
+ rootdn_cli.allow_host(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-allow-host".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_hosts(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-allow-host: example1.com")
+ topology.logcap.flush()
+
+def test_deny_host(topology):
+ args = FakeArgs()
+
+ args.value = "example2.com"
+ rootdn_cli.deny_host(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-deny-host".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_hosts(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-deny-host: example2.com")
+ topology.logcap.flush()
+
+def test_when_host_is_allowed_its_not_denied(topology):
+ args = FakeArgs()
+
+ args.value = "example3.com"
+ rootdn_cli.deny_host(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-deny-host".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_hosts(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-deny-host: example3.com")
+ topology.logcap.flush()
+
+ args.value = "example3.com"
+ rootdn_cli.allow_host(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-allow-host".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_hosts(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-allow-host: example3.com")
+ assert not topology.logcap.contains("rootdn-deny-host: example3.com")
+ topology.logcap.flush()
+
+def test_when_host_is_denied_its_not_allowed(topology):
+ args = FakeArgs()
+
+ args.value = "example4.com"
+ rootdn_cli.allow_host(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-allow-host".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_hosts(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-allow-host: example4.com")
+ topology.logcap.flush()
+
+ args.value = "example4.com"
+ rootdn_cli.deny_host(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-deny-host".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_hosts(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-deny-host: example4.com")
+ assert not topology.logcap.contains("rootdn-allow-host: example4.com")
+ topology.logcap.flush()
+
+def test_clear_hosts(topology):
+ args = FakeArgs()
+
+ rootdn_cli.clear_all_hosts(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("host-based policy was cleared")
+ topology.logcap.flush()
+
+def test_allow_and_deny_days(topology):
+ args = FakeArgs()
+
+ args.value = "Mon".capitalize()
+ rootdn_cli.allow_day(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("{} added to
rootdn-days-allowed".format(args.value))
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_days(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-days-allowed: Mon")
+ topology.logcap.flush()
+
+ args.value = "friday".capitalize()
+ rootdn_cli.allow_day(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("Fri added to rootdn-days-allowed")
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_days(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-days-allowed: Mon, Fri")
+ topology.logcap.flush()
+
+ args.value = "MONDAY".capitalize()
+ rootdn_cli.deny_day(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("Mon removed from rootdn-days-allowed")
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_days(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("rootdn-days-allowed: Fri")
+ topology.logcap.flush()
+
+ args.value = "fri".capitalize()
+ rootdn_cli.deny_day(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("Fri removed from rootdn-days-allowed")
+ topology.logcap.flush()
+
+ args.value = None
+ rootdn_cli.display_days(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("No day-based access control policy has been
configured")
+ topology.logcap.flush()
+
+def test_clear_days(topology):
+ args = FakeArgs()
+
+ rootdn_cli.clear_all_days(topology.standalone, None, topology.logcap.log, args)
+ assert topology.logcap.contains("day-based policy was cleared")
+ topology.logcap.flush()
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.