Bug 31250 – ucs-test permissions on slave and member server

Bug 31250 - ucs-test permissions on slave and member server


Summary:	ucs-test permissions on slave and member server

Status:	CLOSED FIXED

Product:	UCS Test
Classification:	Unclassified
Component:	Framework
Version:	unspecified
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	UCS 3.1-2
Assigned To:	Lukas Walter
QA Contact:	Philipp Hahn

URL:
Keywords:

Duplicates:	16500 17823 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-04-30 15:20 CEST by Stefan Gohmann
Modified:	2023-03-25 06:44 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2013-04-30 15:20:36 CEST

ucs-test should provide a simple mechanism for getting domain admin access.

Something like this:

--------------------------------------------------------------------------
. "$TESTLIBPATH/base.sh" || exit 137

echo "Domainadmin account:       $domainadmin"
echo "Domainadmin password file: $domainadmin_pwd"
echo "Domainadmin password:      $(<$domainadmin_pwd)"
--------------------------------------------------------------------------

The account and the password should be configurable via UCR, for example:

   tests/domainadmin/account=Administrator
   tests/domainadmin/pwdfile=/tmp/pwd

If these UCR variables not set the default (Administrator|univention) should be used.

A check function would be great, for example:
--------------------------------------------------------------------------
. "$TESTLIBPATH/base.sh" || exit 137

check_domainadmin_access || fail_test 137
--------------------------------------------------------------------------

Comment 1 Stefan Gohmann

2013-04-30 15:20:50 CEST

*** Bug 17823 has been marked as a duplicate of this bug. ***

Comment 2 Stefan Gohmann

2013-05-29 06:19:09 CEST

(In reply to comment #0)
>    tests/domainadmin/account=Administrator
>    tests/domainadmin/pwdfile=/tmp/pwd

We should also add the password as variable:
  tests/domainadmin/pwd=univention

Comment 3 Lukas Walter

2013-05-29 16:25:56 CEST

Added three UCR variables to package ucs-test-framework:
    [tests/domainadmin/account], Default: uid=Administrator,cn=users,$ldap_base
    [tests/domainadmin/pwd], Default: univention
    [tests/domainadmin/pwdfile], Default: /usr/share/ucs-test/pwdfile

ucs-test-framework will store a file containing "univention" to /usr/share/ucs-test/pwdfile during installation.

A simple function for getting LDAP access using this variables has been added to univention/testing/ldap.py:

Python 2.6.6 (r266:84292, Oct 25 2012, 14:04:12) 
[GCC 4.4.5] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import univention.testing.ldap as ldap
>>> lo = ldap.getLdapConnection()
>>> lo.search(filter=...)

By default, getLdapConnection() will read from tests/domainadmin/pwd, pass "pwdfile=True" to change this behaviour.

Comment 4 Philipp Hahn

2013-06-14 14:12:40 CEST

OK:
  # ucr search --brief ^tests/domainadmin/
  tests/domainadmin/account: uid=Administrator,cn=users,dc=autotest090,dc=local
  tests/domainadmin/pwd: univention
  tests/domainadmin/pwdfile: /usr/share/ucs-test/pwdfile

OK:
  ldapsearch -xLLLD "$(ucr get tests/domainadmin/account)" -w "$(ucr get tests/domainadmin/pwd)" -b "$(ucr get tests/domainadmin/account)" -s base dn
dn: uid=Administrator,cn=users,dc=autotest090,dc=local

FAIL:
  ldapsearch -xLLLD "$(ucr get tests/domainadmin/account)" -y "$(ucr get tests/domainadmin/pwdfile)" -b "$(ucr get tests/domainadmin/account)" -s base dn
  ldap_bind: Invalid credentials (49)

(In reply to Lukas Walter from comment #3)
> ucs-test-framework will store a file containing "univention" to
> /usr/share/ucs-test/pwdfile during installation.

FAIL: The file contains a trailing newline

FAIL: The UCRVs are (optionally) set using ?, but "univention" is stored unconditionally in the file:
The postinst should set the vars using ?, read back the actual values and store them in files.

FAIL: The file is not removed on uninstall and should not be created below /usr/, but /var/.

> A simple function for getting LDAP access using this variables has been
> added to univention/testing/ldap.py:

FAIL: Unconditionally strips last character.

OK: otherwise works.

Comment 5 Lukas Walter

2013-06-17 14:07:45 CEST

The mentioned points have been corrected.

svn 41426

Comment 6 Philipp Hahn

2013-06-19 11:09:02 CEST

(In reply to Philipp Hahn from comment #4)
> OK:
>   ldapsearch -xLLLD "$(ucr get tests/domainadmin/account)" -y "$(ucr get
> tests/domainadmin/pwdfile)" -b "$(ucr get tests/domainadmin/account)" -s
> base dn

> (In reply to Lukas Walter from comment #3)
> > ucs-test-framework will store a file containing "univention" to
> > /usr/share/ucs-test/pwdfile during installation.
> 
> FAIL: The file contains a trailing newline
OK: now fixed.

> FAIL: The UCRVs are (optionally) set using ?, but "univention" is stored
> unconditionally in the file:
> The postinst should set the vars using ?, read back the actual values and
> store them in files.
OK: now fixed.

> FAIL: The file is not removed on uninstall and should not be created below
> /usr/, but /var/.
OK: apt-get remove ucs-test-framework ; ls -l /var/lib/ucs-test/
OK: dpkg -P ucs-test-framework

> > A simple function for getting LDAP access using this variables has been
> > added to univention/testing/ldap.py:
> 
> FAIL: Unconditionally strips last character.
OK: now fixed

Comment 7 Philipp Hahn

2014-01-29 17:12:09 CET

*** Bug 16500 has been marked as a duplicate of this bug. ***