Univention Bugzilla – Bug 34491
Test internet rules / squidguard config
Last modified: 2016-11-03 17:37:36 CET
There should be ucs-test scripts that test the UMC modules "Define internet rules" and "Assign internet rules".
Devided into 5 scripts: define_internet_rules_check Tests the module 'Define Internet rules' including: - defining new rule. - modifying an already defined rule. - delete an already defined rule. - checking results is done through the UMCP and UCR variables. - test fails if any of the above fails to give the expected result. assign_internet_rules_check Tests the module 'Assign Internet rules' includeing: - checking the default assigned rule - assigning new defined rules to workgroups. - changing the assigned rule to workgroups - resetting workgroups to default internet rule - doing the same checks to school classes isntead of workgroups - checking results is done through the UMCP and UCR variables. - test fails if any of the above fails to give the expected result. http_proxy_basic_auth_check Tests if the proxy is working correctly with basic authentication, including: - assign a defined internet rule to a created class - test if the assigned rule is active for teacher and student in class - assigning a defined internet rule with higher priority to a created workgroup which contains the same teacher and student - testing if the rule with higher priority is active for teacher and student in workgroup. - include 'whitelist' and 'blacklist' cases. - test fails if any of the above fails to give the expected result. http_proxy_multi_auth_check Tests if the proxy authentication types are working correctly, including: - test all three types of authentications: basic, ntlm, gssnegotiate. - include all the possible scenarios for enabled(= 1)/disabled(= 0) authentication => (basic, ntlm, gssnegotiate) in all possible cases: [(0, 0, 0), (0, 0, 1), (0, 1, 0), (0, 1, 1), (1, 0, 0), (1, 0, 1), (1, 1, 0), (1, 1, 1)] - testing in case correct password/wrong password is used. - test fails if any of the above fails to give the expected result. http_proxy_auth_after_passwd_reset_check Tests BASIC and NTLM authentication after resetting the user password, including: - student and teacher cases. - access proxy -> reset password -> access proxy again (with old/new password) - test fails if any of the above fails to give the expected result.
FYI you can give multiple variables to handler_set, that increases performance. 17_http_proxy_auth_after_passwd_reset_check handler_set(['squid/basicauth=yes']) handler_set(['squid/basicauth/children=1']) handler_set(['squid/ntlmauth=yes']) → handler_set([ 'squid/basicauth=yes', 'squid/basicauth/children=1', 'squid/ntlmauth=yes' ])
When tests fail: 15_http_proxy_multi_auth_check:33: undefined name 'result' 15_http_proxy_multi_auth_check:39: undefined name 'result' 15_http_proxy_multi_auth_check:53: undefined name 'result'
10_assign_internet_rules_check fails with SystemExit(1) on a singlemaster with samba3. ############################################# Assigning rule mlj1sw8fz3 to workgroup: gu5jrreok7 param = [{'group': 'cn=pzweis-gu5jrreok7,cn=schueler,cn=groups,ou=pzweis,dc=ucs,dc=school', 'rule': 'mlj1sw8fz3'}] Assigning rule 4t80mihl4w to workgroup: wxecnk0red param = [{'group': 'cn=pzweis-wxecnk0red,cn=schueler,cn=groups,ou=pzweis,dc=ucs,dc=school', 'rule': '4t80mihl4w'}] Checking gu5jrreok7 rules ### FAIL ### Assigned rule ('mlj1sw8fz3') to workgroup ('gu5jrreok7') doesn't match ############################################# I guess there is a wait_for_replication() missing?! /usr/share/ucs-test/90_ucsschool/essential/simplecurl.py:56: RuntimeWarning: tempnam is a potential security risk to your program self.cookieFilename = os.tempnam() In 14_http_proxy_basic_auth_check I get the following exception: Traceback (most recent call last): File "14_http_proxy_basic_auth_check", line 158, in <module> main() File "14_http_proxy_basic_auth_check", line 139, in main doCheck(host, banPage, stu,'blacklist', rule1) File "14_http_proxy_basic_auth_check", line 52, in doCheck banPage) File "14_http_proxy_basic_auth_check", line 38, in ruleInControl return result[0] IndexError: list index out of range 14_http_proxy_basic_auth_check 17_http_proxy_auth_after_passwd_reset_check On a slave, there are no create_ou scripts, so I am getting this error: *** Calling following command: ['/usr/share/ucs-school-import/scripts/create_ou', 'm2ei3'] *** Cleanup after exception: <type 'exceptions.OSError'> [Errno 2] No such file or directory
Comment 2: Considered. Comment 3: issues solved. Comment4: Issues caused when using district mode is solved. Cookie warning remains, it is automatically generated by pycurl when coockies are enabled. self.cookieFilename = os.tempnam() creates a temporary file to save the cookie in it and it is removed when the curl object is deleted. Create_ou scripts issue is not solved yet.
- Create_ou script issue is solved.
The test cases are: 09_define_internet_rules_check 10_assign_internet_rules_check 11_squidguard_assign_rule_to_2_rooms 14_http_proxy_basic_auth_check 15_http_proxy_multi_auth_check 17_http_proxy_auth_after_passwd_reset_check
(In reply to Florian Best from comment #7) > The test cases are: > > 09_define_internet_rules_check OK expectedResult → could be 'force_existence' / 'must_fail' / etc. This line should better be an array: > 61 » » » » ruleName = '-- default settings --' + '-- Voreinstellungen --' > 10_assign_internet_rules_check OK > 14_http_proxy_basic_auth_check OK > 15_http_proxy_multi_auth_check OK > 17_http_proxy_auth_after_passwd_reset_check This currently fails for both NTLM and basic authentication → Bug #34206 REOPEN: Can you please adapt this test case to do some log output so that one can see where the script fails?
(In reply to Florian Best from comment #8) > > 09_define_internet_rules_check > OK > expectedResult → could be 'force_existence' / 'must_fail' / etc. > > This line should better be an array: > > 61 » » » » ruleName = '-- default settings --' + '-- Voreinstellungen --' > > 17_http_proxy_auth_after_passwd_reset_check > This currently fails for both NTLM and basic authentication → Bug #34206 > REOPEN: Can you please adapt this test case to do some log output so that > one can see where the script fails? All the mentioned notes are considered.
Seems to be OK now ;)
Script "17_http_proxy_auth_after_passwd_reset_check" is skipped until bug #34206 is fixed.