[Freeipa-devel] [freeipa PR#5008][opened] EPN: handle empty attributes

Thu, 06 Aug 2020 16:02:13 -0700 

   URL: https://github.com/freeipa/freeipa/pull/5008
Author: rcritten
 Title: #5008: EPN: handle empty attributes
Action: opened

PR body:
"""
The admin user doesn't have a givenname and mail is empty by default. Handle 
those in a general way.

Add test for this case.

Based on https://github.com/freeipa/freeipa/pull/5006/
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5008/head:pr5008
git checkout pr5008

From 24ba3df7e66a681acf3d4938b5191dd929459bee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com>
Date: Thu, 6 Aug 2020 17:07:36 +0200
Subject: [PATCH 1/4] IPA-EPN: Use a helper to retrieve LDAP attributes from an
 entry

Allow for empty attributes.
---
 ipaclient/install/ipa_epn.py | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/ipaclient/install/ipa_epn.py b/ipaclient/install/ipa_epn.py
index 65f9f3d47f..0d1ae2addf 100644
--- a/ipaclient/install/ipa_epn.py
+++ b/ipaclient/install/ipa_epn.py
@@ -122,22 +122,30 @@ def __len__(self):
         """Return len(self)."""
         return len(self._expiring_password_user_dq)
 
+    def get_ldap_attr(self, entry, attr):
+        """Get a single value from a multi-valued attr in a safe way"""
+        return str(entry.get(attr, [""]).pop(0))
+
     def add(self, entry):
         """Parses and appends an LDAP user entry with the uid, cn,
            givenname, sn, krbpasswordexpiration and mail attributes.
         """
         try:
             self._sorted = False
+            if entry.get("mail") is None:
+                logger.error("IPA-EPN: No mail address defined for: %s",
+                             entry.dn)
+                return
             self._expiring_password_user_dq.append(
                 dict(
-                    uid=str(entry["uid"].pop(0)),
-                    cn=str(entry["cn"].pop(0)),
-                    givenname=str(entry["givenname"].pop(0)),
-                    sn=str(entry["sn"].pop(0)),
-                    krbpasswordexpiration=str(
-                        entry["krbpasswordexpiration"].pop(0)
+                    uid=self.get_ldap_attr(entry, "uid"),
+                    cn=self.get_ldap_attr(entry, "cn"),
+                    givenname=self.get_ldap_attr(entry, "givenname"),
+                    sn=self.get_ldap_attr(entry, "sn"),
+                    krbpasswordexpiration=(
+                        self.get_ldap_attr(entry,"krbpasswordexpiration")
                     ),
-                    mail=str(entry["mail"]),
+                    mail=str(entry.get("mail")),
                 )
             )
         except IndexError as e:

From 9d6bbb0244c2388906ce273bc40bae7bcb7377db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com>
Date: Thu, 6 Aug 2020 17:13:19 +0200
Subject: [PATCH 2/4] IPA-EPN: fix configuration file typo
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: François Cami <fc...@redhat.com>
---
 client/share/epn.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/share/epn.conf b/client/share/epn.conf
index 0e590dfc3b..e3645801cb 100644
--- a/client/share/epn.conf
+++ b/client/share/epn.conf
@@ -23,7 +23,7 @@ smtp_port = 25
 # Default None (empty value).
 # smtp_password =
 
-# pecifies the number of seconds to wait for SMTP to respond.
+# Specifies the number of seconds to wait for SMTP to respond.
 smtp_timeout = 60
 
 # Specifies the type of secure connection to make. Options are: none,

From 8e157ce02595c115c36983fd90110189d0e0bf07 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Thu, 6 Aug 2020 18:57:10 -0400
Subject: [PATCH 3/4] IPA-EPN: Test that users without givenname and/or mail
 are handled

The admin user does not have a givenname by default, allow for that.

Report errors for users without a default e-mail address.

Update the SHA256 hash with the typo fix.
---
 ipatests/test_integration/test_epn.py | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/ipatests/test_integration/test_epn.py b/ipatests/test_integration/test_epn.py
index f4c123c6d8..946e8e602a 100644
--- a/ipatests/test_integration/test_epn.py
+++ b/ipatests/test_integration/test_epn.py
@@ -231,7 +231,7 @@ def test_EPN_config_file(self):
         assert epn_conf in cmd1.stdout_text
         assert epn_template in cmd1.stdout_text
         cmd2 = self.master.run_command(["sha256sum", epn_conf])
-        ck = "4c207b5c9c760c36db0d3b2b93da50ea49edcc4002d6d1e7383601f0ec30b957"
+        ck = "192481b52fb591112afd7b55b12a44c6618fdbc7e05a3b1866fd67ec579c51df"
         assert cmd2.stdout_text.find(ck) == 0
 
     def test_EPN_smoketest_1(self):
@@ -487,3 +487,23 @@ def test_EPN_delay_config(self, cleanupmail):
         self.master.put_file_contents('/etc/ipa/epn.conf', epn_conf)
         result = tasks.ipa_epn(self.master, raiseonerr=False)
         assert "smtp_delay cannot be less than zero" in result.stderr_text
+
+    def test_EPN_admin(self):
+        """The admin user is special and has no givenName by default
+           It also doesn't by default have an e-mail address
+           Check --dry-run output.
+        """
+        epn_conf = textwrap.dedent('''
+            [global]
+        ''')
+        self.master.put_file_contents('/etc/ipa/epn.conf', epn_conf)
+        self.master.run_command(
+            ['ipa', 'user-mod', 'admin', '--password-expiration',
+             datetime_to_generalized_time(
+                 datetime.datetime.utcnow() + datetime.timedelta(days=7)
+             )]
+        )
+        (unused, stderr_text) = self._check_epn_output(
+            self.master, dry_run=True
+        )
+        assert "uid=admin" in stderr_text

From 2584b43be7ae74b45c6445d325c5be57d5046bbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com>
Date: Thu, 6 Aug 2020 17:09:23 +0200
Subject: [PATCH 4/4] temp commit

---
 .freeipa-pr-ci.yaml                        | 2 +-
 ipatests/prci_definitions/temp_commit.yaml | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index abcf8c5b63..8065669008 120000
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -1 +1 @@
-ipatests/prci_definitions/gating.yaml
\ No newline at end of file
+ipatests/prci_definitions/temp_commit.yaml
\ No newline at end of file
diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml
index e337068145..8a857acaaf 100644
--- a/ipatests/prci_definitions/temp_commit.yaml
+++ b/ipatests/prci_definitions/temp_commit.yaml
@@ -61,14 +61,14 @@ jobs:
         timeout: 1800
         topology: *build
 
-  fedora-latest/temp_commit:
+  fedora-latest/test_epn:
     requires: [fedora-latest/build]
     priority: 50
     job:
       class: RunPytest
       args:
         build_url: '{fedora-latest/build_url}'
-        test_suite: test_integration/test_REPLACEME.py
+        test_suite: test_integration/test_epn.py
         template: *ci-master-latest
-        timeout: 3600
-        topology: *master_1repl_1client
+        timeout: 7200
+        topology: *master_3client

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

Reply via email to