Commit b208d48e authored by Fabien Combernous's avatar Fabien Combernous

Merge branch '7-test-hbac-rule-2' into 'master'

Resolve "Test  HBAC Rule"

Closes #7

See merge request adullact/puppet-freeipa!25
parents 1a31e676 e82a7c96
......@@ -90,5 +90,67 @@ describe 'freeipa class' do
end
end
end
### Test HBAC (ssh connections for a user with limited rights)
context 'Test ssh connnections for toto user with pre-defined ssh-key' do
context 'with default parameters' do
# Install ssh key on root on master
hosts_as('master').each do |master|
it 'doest a kinit' do
on(master, "echo 'vagrant123' | kinit admin")
end
it 'creates user toto in freeipa' do
on(master, "echo 'vagrant123' | ipa user-add toto --first=John --last=Smith --password")
end
it 'creates ssh key' do
on(master, "ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa")
end
it 'adds the public key in freeipa to toto' do
on(master, "key=`cat /root/.ssh/id_rsa.pub`; ipa user-mod toto --sshpubkey=\"$key\"")
end
# Add HBAC Rule to give all ipa users access to ipa-client-centos
it 'creates a HBAC rule for all users' do
on(master, "ipa hbacrule-add --usercat=all --servicecat=all allGroup")
end
it 'adds centos client to allGroup rule' do
on(master, "ipa hbacrule-add-host --hosts=ipa-client-centos allGroup")
end
# Remove allow_all HBAC
it 'deletes the allow_all default rule' do
on(master, "ipa hbacrule-del allow_all")
end
it 'test ssh on allowed host with returns' do
pp = <<-EOS
exec { 'test ssh':
path => '/bin/',
command => 'ssh -o "StrictHostKeyChecking no" toto@192.168.44.37 id',
returns => "0",
}
EOS
apply_manifest_on(master, pp, catch_failures: true)
end
it 'test ssh on not allowed host with returns' do
pp = <<-EOS
exec { 'test ssh':
path => '/bin/',
command => 'ssh -o "StrictHostKeyChecking no" toto@localhost id',
returns => "255",
}
EOS
apply_manifest_on(master, pp, catch_failures: true)
end
end
end
end
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment