From b216701d9a0fcc08479b0976ba332a6a7a50171b Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Nov 20 2019 16:08:40 +0000 Subject: Show group-add/remove-member-manager failures Commands like ipa group-add-member-manager now show permission errors on failed operations. Fixes: https://pagure.io/freeipa/issue/8122 Signed-off-by: Christian Heimes Reviewed-By: Rob Crittenden --- diff --git a/ipaclient/frontend.py b/ipaclient/frontend.py index 587e31c..7c249ba 100644 --- a/ipaclient/frontend.py +++ b/ipaclient/frontend.py @@ -65,6 +65,11 @@ class ClientMethod(ClientCommand, Method): 'ipamemberca', label=_("Failed CAs"), ), + # group, hostgroup + Str( + 'membermanager', + label=_("Failed member manager"), + ), # host Str( 'managedby', diff --git a/ipaserver/plugins/group.py b/ipaserver/plugins/group.py index 60a79dc..4bd5e41 100644 --- a/ipaserver/plugins/group.py +++ b/ipaserver/plugins/group.py @@ -179,7 +179,7 @@ group_output_params = ( ), Str( 'membermanager', - label=_('Failed membermanager'), + label=_('Failed member manager'), ), ) diff --git a/ipaserver/plugins/hostgroup.py b/ipaserver/plugins/hostgroup.py index 6293ea7..85e6e36 100644 --- a/ipaserver/plugins/hostgroup.py +++ b/ipaserver/plugins/hostgroup.py @@ -92,7 +92,7 @@ hostgroup_output_params = ( ), Str( 'membermanager', - label=_('Failed membermanager'), + label=_('Failed member manager'), ), ) diff --git a/ipatests/prci_definitions/gating.yaml b/ipatests/prci_definitions/gating.yaml index 0fbb65c..784f107 100644 --- a/ipatests/prci_definitions/gating.yaml +++ b/ipatests/prci_definitions/gating.yaml @@ -251,7 +251,7 @@ jobs: timeout: 3600 topology: *master_1repl - fedora-latest/membermanager: + fedora-latest/test_membermanager: requires: [fedora-latest/build] priority: 100 job: @@ -261,7 +261,7 @@ jobs: test_suite: test_integration/test_membermanager.py template: *ci-master-latest timeout: 1800 - topology: *ipaserver + topology: *master_1repl fedora-latest/test_smb: requires: [fedora-latest/build] diff --git a/ipatests/prci_definitions/nightly_latest.yaml b/ipatests/prci_definitions/nightly_latest.yaml index 57c72e8..1e492d4 100644 --- a/ipatests/prci_definitions/nightly_latest.yaml +++ b/ipatests/prci_definitions/nightly_latest.yaml @@ -1373,7 +1373,7 @@ jobs: timeout: 7200 topology: *master_1repl - fedora-latest/membermanager: + fedora-latest/test_membermanager: requires: [fedora-latest/build] priority: 100 job: @@ -1383,4 +1383,4 @@ jobs: test_suite: test_integration/test_membermanager.py template: *ci-master-latest timeout: 1800 - topology: *ipaserver + topology: *master_1repl diff --git a/ipatests/prci_definitions/nightly_latest_testing.yaml b/ipatests/prci_definitions/nightly_latest_testing.yaml index 8508061..e271897 100644 --- a/ipatests/prci_definitions/nightly_latest_testing.yaml +++ b/ipatests/prci_definitions/nightly_latest_testing.yaml @@ -1467,3 +1467,15 @@ jobs: template: *testing-master-latest timeout: 7200 topology: *master_1repl + + testing-fedora/test_membermanager: + requires: [testing-fedora/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{testing-fedora/build_url}' + test_suite: test_integration/test_membermanager.py + template: *testing-master-latest + timeout: 1800 + topology: *master_1repl diff --git a/ipatests/prci_definitions/nightly_previous.yaml b/ipatests/prci_definitions/nightly_previous.yaml index 0799c8f..514a1e8 100644 --- a/ipatests/prci_definitions/nightly_previous.yaml +++ b/ipatests/prci_definitions/nightly_previous.yaml @@ -1349,7 +1349,7 @@ jobs: timeout: 7200 topology: *master_1repl - fedora-previous/membermanager: + fedora-previous/test_membermanager: requires: [fedora-previous/build] priority: 50 job: @@ -1359,4 +1359,4 @@ jobs: test_suite: test_integration/test_membermanager.py template: *ci-master-previous timeout: 1800 - topology: *ipaserver + topology: *master_1repl diff --git a/ipatests/prci_definitions/nightly_rawhide.yaml b/ipatests/prci_definitions/nightly_rawhide.yaml index bc1ec05..8d01ad6 100644 --- a/ipatests/prci_definitions/nightly_rawhide.yaml +++ b/ipatests/prci_definitions/nightly_rawhide.yaml @@ -1373,7 +1373,7 @@ jobs: timeout: 7200 topology: *master_1repl - fedora-rawhide/membermanager: + fedora-rawhide/test_membermanager: requires: [fedora-rawhide/build] priority: 50 job: @@ -1383,4 +1383,4 @@ jobs: test_suite: test_integration/test_membermanager.py template: *ci-master-frawhide timeout: 1800 - topology: *ipaserver + topology: *master_1repl diff --git a/ipatests/test_integration/test_membermanager.py b/ipatests/test_integration/test_membermanager.py index 20bf53f..bd26b20 100644 --- a/ipatests/test_integration/test_membermanager.py +++ b/ipatests/test_integration/test_membermanager.py @@ -24,6 +24,8 @@ HOSTGROUP1 = "testhostgroup1" class TestMemberManager(IntegrationTest): """Tests for member manager feature for groups and hostgroups """ + topology = "line" + @classmethod def install(cls, mh): super(TestMemberManager, cls).install(mh) @@ -31,6 +33,7 @@ class TestMemberManager(IntegrationTest): tasks.create_active_user(master, USER_MM, PASSWORD) tasks.create_active_user(master, USER_INDIRECT, PASSWORD) + tasks.create_active_user(master, USER1, PASSWORD) tasks.kinit_admin(master) tasks.group_add(master, GROUP_INDIRECT) @@ -38,7 +41,6 @@ class TestMemberManager(IntegrationTest): 'ipa', 'group-add-member', GROUP_INDIRECT, '--users', USER_INDIRECT ]) - tasks.user_add(master, USER1) tasks.user_add(master, USER2) tasks.group_add(master, GROUP1) tasks.group_add(master, GROUP2) @@ -152,6 +154,22 @@ class TestMemberManager(IntegrationTest): result = master.run_command(['ipa', 'group-show', GROUP1]) assert GROUP2 in result.stdout_text + def test_group_member_manager_nopermission(self): + master = self.master + tasks.kinit_as_user(master, USER1, PASSWORD) + result = master.run_command( + [ + 'ipa', 'group-add-member-manager', GROUP1, '--users', USER1 + ], + raiseonerr=False + ) + assert result.returncode != 0 + expected = ( + f"member user: {USER1}: Insufficient access: Insufficient " + "'write' privilege to the 'memberManager' attribute of entry" + ) + assert expected in result.stdout_text + def test_hostgroup_member_manager_user(self): master = self.master # mmuser: add a host to host group @@ -177,3 +195,20 @@ class TestMemberManager(IntegrationTest): ]) result = master.run_command(['ipa', 'hostgroup-show', HOSTGROUP1]) assert master.hostname in result.stdout_text + + def test_hostgroup_member_manager_nopermission(self): + master = self.master + tasks.kinit_as_user(master, USER1, PASSWORD) + result = master.run_command( + [ + 'ipa', 'hostgroup-add-member-manager', HOSTGROUP1, + '--users', USER1 + ], + raiseonerr=False + ) + assert result.returncode != 0 + expected = ( + f"member user: {USER1}: Insufficient access: Insufficient " + "'write' privilege to the 'memberManager' attribute of entry" + ) + assert expected in result.stdout_text