samba-tool: Test gpo manage access remove command

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index f9a17f64a2be40c38933ab6935e36b40e4923cc8..ce838551442ee70f79edbe20e0eb60bfc3140b8d 100644 (file)
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -3884,11 +3884,41 @@ samba-tool gpo manage access add {31B2F340-016D-11D2-945F-00C04FB984F9} allow go
                                    "not have sufficient privileges")
             raise
 
+class cmd_remove_access(Command):
+    """Remove a VGP Host Access Group Policy from the sysvol
+
+This command removes a host access setting from the sysvol for applying to
+winbind clients.
+
+Example:
+samba-tool gpo manage access remove {31B2F340-016D-11D2-945F-00C04FB984F9} allow goodguy example.com
+    """
+
+    synopsis = "%prog <gpo> <allow/deny> <name> <domain> [options]"
+
+    takes_optiongroups = {
+        "sambaopts": options.SambaOptions,
+        "versionopts": options.VersionOptions,
+        "credopts": options.CredentialsOptions,
+    }
+
+    takes_options = [
+        Option("-H", "--URL", help="LDB URL for database or target server", type=str,
+                metavar="URL", dest="H"),
+    ]
+
+    takes_args = ["gpo", "etype", "name", "domain"]
+
+    def run(self, gpo, etype, name, domain, H=None, sambaopts=None,
+            credopts=None, versionopts=None):
+        pass
+
 class cmd_access(SuperCommand):
     """Manage Host Access Group Policy Objects"""
     subcommands = {}
     subcommands["list"] = cmd_list_access()
     subcommands["add"] = cmd_add_access()
+    subcommands["remove"] = cmd_remove_access()
 
 class cmd_manage(SuperCommand):
     """Manage Group Policy Objects"""

diff --git a/python/samba/tests/samba_tool/gpo_exts.py b/python/samba/tests/samba_tool/gpo_exts.py
index e4cef47513f982c255ace9d614b05c878df75183..99c970f35ce48f73613c75166ada28b9b2bb4524 100644 (file)
--- a/python/samba/tests/samba_tool/gpo_exts.py
+++ b/python/samba/tests/samba_tool/gpo_exts.py
@@ -135,6 +135,40 @@ class GpoCmdTestCase(SambaToolCmdTest):
         self.assertIn(allow_entry, out, 'The test entry was not found!')
         self.assertIn(deny_entry, out, 'The test entry was not found!')
 
+        (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+                                                 "access", "remove"),
+                                                 self.gpo_guid,
+                                                 "allow", self.test_user,
+                                                 lp.get('realm').lower(),
+                                                 "-H", "ldap://%s" %
+                                                 os.environ["SERVER"],
+                                                 "-U%s%%%s" %
+                                                 (os.environ["USERNAME"],
+                                                 os.environ["PASSWORD"]))
+        self.assertCmdSuccess(result, out, err, 'Access remove failed')
+        (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+                                                 "access", "remove"),
+                                                 self.gpo_guid,
+                                                 "deny", self.test_group,
+                                                 lp.get('realm').lower(),
+                                                 "-H", "ldap://%s" %
+                                                 os.environ["SERVER"],
+                                                 "-U%s%%%s" %
+                                                 (os.environ["USERNAME"],
+                                                 os.environ["PASSWORD"]))
+        self.assertCmdSuccess(result, out, err, 'Access remove failed')
+
+        (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+                                                 "access", "list"),
+                                                 self.gpo_guid, "-H",
+                                                 "ldap://%s" %
+                                                 os.environ["SERVER"],
+                                                 "-U%s%%%s" %
+                                                 (os.environ["USERNAME"],
+                                                 os.environ["PASSWORD"]))
+        self.assertNotIn(allow_entry, out, 'The test entry was still found!')
+        self.assertNotIn(deny_entry, out, 'The test entry was still found!')
+
     def setUp(self):
         """set up a temporary GPO to work with"""
         super(GpoCmdTestCase, self).setUp()

diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
new file mode 100644 (file)
index 0000000..837f9c7
--- /dev/null
+++ b/selftest/knownfail.d/gpo
@@ -0,0 +1 @@
+^samba.tests.samba_tool.gpo_exts.samba.tests.samba_tool.gpo_exts.GpoCmdTestCase.test_vgp_access_list