Univention Bugzilla – Full Text Bug Listing |
Summary: | Test internet rules / squidguard config | ||
---|---|---|---|
Product: | UCS@school | Reporter: | Sönke Schwardt-Krummrich <schwardt> |
Component: | ucs-test | Assignee: | Ammar Najjar <najjar> |
Status: | CLOSED FIXED | QA Contact: | Florian Best <best> |
Severity: | normal | ||
Priority: | P5 | CC: | best |
Version: | UCS@school 3.2 R2 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 34206 | ||
Bug Blocks: | 37198 |
Description
Sönke Schwardt-Krummrich
2014-04-07 17:37:30 CEST
Devided into 5 scripts: define_internet_rules_check Tests the module 'Define Internet rules' including: - defining new rule. - modifying an already defined rule. - delete an already defined rule. - checking results is done through the UMCP and UCR variables. - test fails if any of the above fails to give the expected result. assign_internet_rules_check Tests the module 'Assign Internet rules' includeing: - checking the default assigned rule - assigning new defined rules to workgroups. - changing the assigned rule to workgroups - resetting workgroups to default internet rule - doing the same checks to school classes isntead of workgroups - checking results is done through the UMCP and UCR variables. - test fails if any of the above fails to give the expected result. http_proxy_basic_auth_check Tests if the proxy is working correctly with basic authentication, including: - assign a defined internet rule to a created class - test if the assigned rule is active for teacher and student in class - assigning a defined internet rule with higher priority to a created workgroup which contains the same teacher and student - testing if the rule with higher priority is active for teacher and student in workgroup. - include 'whitelist' and 'blacklist' cases. - test fails if any of the above fails to give the expected result. http_proxy_multi_auth_check Tests if the proxy authentication types are working correctly, including: - test all three types of authentications: basic, ntlm, gssnegotiate. - include all the possible scenarios for enabled(= 1)/disabled(= 0) authentication => (basic, ntlm, gssnegotiate) in all possible cases: [(0, 0, 0), (0, 0, 1), (0, 1, 0), (0, 1, 1), (1, 0, 0), (1, 0, 1), (1, 1, 0), (1, 1, 1)] - testing in case correct password/wrong password is used. - test fails if any of the above fails to give the expected result. http_proxy_auth_after_passwd_reset_check Tests BASIC and NTLM authentication after resetting the user password, including: - student and teacher cases. - access proxy -> reset password -> access proxy again (with old/new password) - test fails if any of the above fails to give the expected result. FYI you can give multiple variables to handler_set, that increases performance. 17_http_proxy_auth_after_passwd_reset_check handler_set(['squid/basicauth=yes']) handler_set(['squid/basicauth/children=1']) handler_set(['squid/ntlmauth=yes']) → handler_set([ 'squid/basicauth=yes', 'squid/basicauth/children=1', 'squid/ntlmauth=yes' ]) When tests fail: 15_http_proxy_multi_auth_check:33: undefined name 'result' 15_http_proxy_multi_auth_check:39: undefined name 'result' 15_http_proxy_multi_auth_check:53: undefined name 'result' 10_assign_internet_rules_check fails with SystemExit(1) on a singlemaster with samba3. ############################################# Assigning rule mlj1sw8fz3 to workgroup: gu5jrreok7 param = [{'group': 'cn=pzweis-gu5jrreok7,cn=schueler,cn=groups,ou=pzweis,dc=ucs,dc=school', 'rule': 'mlj1sw8fz3'}] Assigning rule 4t80mihl4w to workgroup: wxecnk0red param = [{'group': 'cn=pzweis-wxecnk0red,cn=schueler,cn=groups,ou=pzweis,dc=ucs,dc=school', 'rule': '4t80mihl4w'}] Checking gu5jrreok7 rules ### FAIL ### Assigned rule ('mlj1sw8fz3') to workgroup ('gu5jrreok7') doesn't match ############################################# I guess there is a wait_for_replication() missing?! /usr/share/ucs-test/90_ucsschool/essential/simplecurl.py:56: RuntimeWarning: tempnam is a potential security risk to your program self.cookieFilename = os.tempnam() In 14_http_proxy_basic_auth_check I get the following exception: Traceback (most recent call last): File "14_http_proxy_basic_auth_check", line 158, in <module> main() File "14_http_proxy_basic_auth_check", line 139, in main doCheck(host, banPage, stu,'blacklist', rule1) File "14_http_proxy_basic_auth_check", line 52, in doCheck banPage) File "14_http_proxy_basic_auth_check", line 38, in ruleInControl return result[0] IndexError: list index out of range 14_http_proxy_basic_auth_check 17_http_proxy_auth_after_passwd_reset_check On a slave, there are no create_ou scripts, so I am getting this error: *** Calling following command: ['/usr/share/ucs-school-import/scripts/create_ou', 'm2ei3'] *** Cleanup after exception: <type 'exceptions.OSError'> [Errno 2] No such file or directory Comment 2: Considered. Comment 3: issues solved. Comment4: Issues caused when using district mode is solved. Cookie warning remains, it is automatically generated by pycurl when coockies are enabled. self.cookieFilename = os.tempnam() creates a temporary file to save the cookie in it and it is removed when the curl object is deleted. Create_ou scripts issue is not solved yet. - Create_ou script issue is solved. The test cases are: 09_define_internet_rules_check 10_assign_internet_rules_check 11_squidguard_assign_rule_to_2_rooms 14_http_proxy_basic_auth_check 15_http_proxy_multi_auth_check 17_http_proxy_auth_after_passwd_reset_check (In reply to Florian Best from comment #7) > The test cases are: > > 09_define_internet_rules_check OK expectedResult → could be 'force_existence' / 'must_fail' / etc. This line should better be an array: > 61 » » » » ruleName = '-- default settings --' + '-- Voreinstellungen --' > 10_assign_internet_rules_check OK > 14_http_proxy_basic_auth_check OK > 15_http_proxy_multi_auth_check OK > 17_http_proxy_auth_after_passwd_reset_check This currently fails for both NTLM and basic authentication → Bug #34206 REOPEN: Can you please adapt this test case to do some log output so that one can see where the script fails? (In reply to Florian Best from comment #8) > > 09_define_internet_rules_check > OK > expectedResult → could be 'force_existence' / 'must_fail' / etc. > > This line should better be an array: > > 61 » » » » ruleName = '-- default settings --' + '-- Voreinstellungen --' > > 17_http_proxy_auth_after_passwd_reset_check > This currently fails for both NTLM and basic authentication → Bug #34206 > REOPEN: Can you please adapt this test case to do some log output so that > one can see where the script fails? All the mentioned notes are considered. Seems to be OK now ;) Script "17_http_proxy_auth_after_passwd_reset_check" is skipped until bug #34206 is fixed. |