Comment 1 Ammar Najjar 2014-05-09 09:39:25 CEST

Devided into 5 scripts:

define_internet_rules_check
Tests the module 'Define Internet rules' including:
 - defining new rule.
 - modifying an already defined rule.
 - delete an already defined rule.
 - checking results is done through the UMCP and UCR variables.
 - test fails if any of the above fails to give the expected result.

assign_internet_rules_check
Tests the module 'Assign Internet rules' includeing:
 - checking the default assigned rule
 - assigning new defined rules to workgroups.
 - changing the assigned rule to workgroups
 - resetting workgroups to default internet rule
 - doing the same checks to school classes isntead of workgroups
 - checking results is done through the UMCP and UCR variables.
 - test fails if any of the above fails to give the expected result.

http_proxy_basic_auth_check
Tests if the proxy is working correctly with basic authentication, including:
 - assign a defined internet rule to a created class
 - test if the assigned rule is active for teacher and student in class
 - assigning a defined internet rule with higher priority to a 
   created workgroup which contains the same teacher and student
 - testing if the rule with higher priority is active for teacher and student
   in workgroup.
 - include 'whitelist' and 'blacklist' cases. 
 - test fails if any of the above fails to give the expected result.

http_proxy_multi_auth_check
Tests if the proxy authentication types are working correctly, including:
 - test all three types of authentications: basic, ntlm, gssnegotiate.
 - include all the possible scenarios for enabled(= 1)/disabled(= 0)
   authentication => (basic, ntlm, gssnegotiate) in all possible cases:
   [(0, 0, 0), (0, 0, 1), (0, 1, 0), (0, 1, 1), 
    (1, 0, 0), (1, 0, 1), (1, 1, 0), (1, 1, 1)]
 - testing in case correct password/wrong password is used.
 - test fails if any of the above fails to give the expected result.

http_proxy_auth_after_passwd_reset_check
Tests BASIC and NTLM authentication after resetting the user password, including:
 - student and teacher cases.
 - access proxy -> reset password -> access proxy again (with old/new password)
 - test fails if any of the above fails to give the expected result.

Comment 2 Florian Best 2014-05-26 15:49:59 CEST

FYI you can give multiple variables to handler_set, that increases performance.

17_http_proxy_auth_after_passwd_reset_check
                handler_set(['squid/basicauth=yes'])
                handler_set(['squid/basicauth/children=1'])
                handler_set(['squid/ntlmauth=yes'])

→

handler_set([
    'squid/basicauth=yes',
    'squid/basicauth/children=1',
    'squid/ntlmauth=yes'
])

Comment 3 Florian Best 2014-05-26 16:26:16 CEST

When tests fail:
15_http_proxy_multi_auth_check:33: undefined name 'result'
15_http_proxy_multi_auth_check:39: undefined name 'result'
15_http_proxy_multi_auth_check:53: undefined name 'result'

Comment 4 Florian Best 2014-05-26 17:35:46 CEST

10_assign_internet_rules_check fails with SystemExit(1) on a singlemaster with samba3.

#############################################
Assigning rule mlj1sw8fz3 to workgroup: gu5jrreok7
param = [{'group': 'cn=pzweis-gu5jrreok7,cn=schueler,cn=groups,ou=pzweis,dc=ucs,dc=school', 'rule': 'mlj1sw8fz3'}]
Assigning rule 4t80mihl4w to workgroup: wxecnk0red
param = [{'group': 'cn=pzweis-wxecnk0red,cn=schueler,cn=groups,ou=pzweis,dc=ucs,dc=school', 'rule': '4t80mihl4w'}]
Checking gu5jrreok7 rules
### FAIL ###
Assigned rule ('mlj1sw8fz3') to workgroup ('gu5jrreok7') doesn't match
#############################################

I guess there is a wait_for_replication() missing?!

/usr/share/ucs-test/90_ucsschool/essential/simplecurl.py:56: RuntimeWarning: tempnam is a potential security risk to your program
  self.cookieFilename = os.tempnam()

In 14_http_proxy_basic_auth_check I get the following exception:
Traceback (most recent call last):
  File "14_http_proxy_basic_auth_check", line 158, in <module>
    main()
  File "14_http_proxy_basic_auth_check", line 139, in main
    doCheck(host, banPage, stu,'blacklist', rule1)
  File "14_http_proxy_basic_auth_check", line 52, in doCheck
    banPage)
  File "14_http_proxy_basic_auth_check", line 38, in ruleInControl
    return result[0]
IndexError: list index out of range

14_http_proxy_basic_auth_check
17_http_proxy_auth_after_passwd_reset_check
On a slave, there are no create_ou scripts, so I am getting this error:
*** Calling following command: ['/usr/share/ucs-school-import/scripts/create_ou', 'm2ei3']
*** Cleanup after exception: <type 'exceptions.OSError'> [Errno 2] No such file or directory

Comment 5 Ammar Najjar 2014-05-28 11:32:56 CEST

Comment 2: 
Considered.

Comment 3: 
issues solved.

Comment4:
Issues caused when using district mode is solved.
Cookie warning remains, it is automatically generated by pycurl when coockies are enabled.
self.cookieFilename = os.tempnam()
creates a temporary file to save the cookie in it and it is removed when the curl object is deleted.

Create_ou scripts issue is not solved yet.

Comment 6 Ammar Najjar 2014-06-12 10:30:59 CEST

 - Create_ou script issue is solved.

Comment 7 Florian Best 2014-07-14 11:36:54 CEST

The test cases are:

09_define_internet_rules_check
10_assign_internet_rules_check
11_squidguard_assign_rule_to_2_rooms
14_http_proxy_basic_auth_check
15_http_proxy_multi_auth_check
17_http_proxy_auth_after_passwd_reset_check

Comment 8 Florian Best 2014-07-22 12:42:59 CEST

(In reply to Florian Best from comment #7)
> The test cases are:
> 
> 09_define_internet_rules_check
OK
expectedResult → could be 'force_existence' / 'must_fail' / etc.

This line should better be an array:
> 61 »   »   »   »   ruleName = '-- default settings --' + '-- Voreinstellungen --'

> 10_assign_internet_rules_check
OK

> 14_http_proxy_basic_auth_check
OK

> 15_http_proxy_multi_auth_check
OK

> 17_http_proxy_auth_after_passwd_reset_check
This currently fails for both NTLM and basic authentication → Bug #34206 
REOPEN: Can you please adapt this test case to do some log output so that one can see where the script fails?

Comment 9 Ammar Najjar 2014-07-23 10:03:41 CEST

(In reply to Florian Best from comment #8)
> > 09_define_internet_rules_check
> OK
> expectedResult → could be 'force_existence' / 'must_fail' / etc.
> 
> This line should better be an array:
> > 61 »   »   »   »   ruleName = '-- default settings --' + '-- Voreinstellungen --'
> > 17_http_proxy_auth_after_passwd_reset_check
> This currently fails for both NTLM and basic authentication → Bug #34206 
> REOPEN: Can you please adapt this test case to do some log output so that
> one can see where the script fails?


All the mentioned notes are considered.

Comment 10 Florian Best 2014-07-29 13:15:40 CEST

Seems to be OK now ;)

Comment 11 Ammar Najjar 2014-12-15 10:18:17 CET

Script "17_http_proxy_auth_after_passwd_reset_check" is skipped until bug #34206 is fixed.