gp: Test modifying firefox policy enforces changes

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index 13cc435b20fd99143ec80e0e05490f4c7ba2d51f..cc609b311fc561802e73116ef83c13243045c61d 100644 (file)
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -6946,6 +6946,43 @@ class GPOTests(tests.TestCase):
                                  policy_data['policies'][name],
                                  'Policies were not applied')
 
+            # Check that modifying the policy will enforce the correct settings
+            entries = [e for e in parser.pol_file.entries \
+                       if e.valuename != 'AppUpdateURL']
+            for e in entries:
+                if e.valuename == 'AppAutoUpdate':
+                    e.data = 0
+            parser.pol_file.entries = entries
+            parser.pol_file.num_entries = len(entries)
+            # Stage the Registry.pol file with altered test data
+            unstage_file(reg_pol)
+            ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
+            self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
+
+            # Enforce the altered policy
+            ext.process_group_policy([], gpos)
+
+            # Check that the App Update policy was altered
+            with open(policies_file, 'r') as r:
+                policy_data = json.load(r)
+            self.assertIn('policies', policy_data, 'Policies were not applied')
+            keys = list(expected_policy_data['policies'].keys())
+            keys.remove('AppUpdateURL')
+            keys.sort()
+            policy_keys = list(policy_data['policies'].keys())
+            policy_keys.sort()
+            self.assertEqual(keys, policy_keys, 'Firefox policies are incorrect')
+            for name in policy_data['policies'].keys():
+                self.assertNotEqual(name, 'AppUpdateURL',
+                                    'Failed to remove AppUpdateURL policy')
+                if name == 'AppAutoUpdate':
+                    self.assertEqual(False, policy_data['policies'][name],
+                                     'Failed to alter AppAutoUpdate policy')
+                    continue
+                self.assertEqual(expected_policy_data['policies'][name],
+                                 policy_data['policies'][name],
+                                 'Policies were not applied')
+
             # Verify RSOP does not fail
             ext.rsop([g for g in gpos if g.name == guid][0])
 
@@ -6963,6 +7000,45 @@ class GPOTests(tests.TestCase):
                     self.assertEqual(len(data['policies'].keys()), 0,
                                      'The policy was not unapplied')
 
+            # Initialize the cache with old style existing policies,
+            # ensure they are overwritten.
+            old_cache = {'policies': {}}
+            ext.cache_add_attribute(guid, 'policies.json',
+                                    json.dumps(old_cache))
+            with open(policies_file, 'w') as w:
+                w.write(firefox_json_expected)
+
+            # Overwrite policy
+            ext.process_group_policy([], gpos)
+
+            # Check that policy was overwritten
+            with open(policies_file, 'r') as r:
+                policy_data = json.load(r)
+            self.assertIn('policies', policy_data, 'Policies were not applied')
+            policy_keys = list(policy_data['policies'].keys())
+            policy_keys.sort()
+            self.assertEqual(keys, policy_keys, 'Firefox policies are incorrect')
+            for name in policy_data['policies'].keys():
+                self.assertNotEqual(name, 'AppUpdateURL',
+                                    'Failed to remove AppUpdateURL policy')
+                if name == 'AppAutoUpdate':
+                    self.assertEqual(False, policy_data['policies'][name],
+                                     'Failed to overwrite AppAutoUpdate policy')
+                    continue
+                self.assertEqual(expected_policy_data['policies'][name],
+                                 policy_data['policies'][name],
+                                 'Policies were not applied')
+
+            # Unapply the policy
+            gp_db = store.get_gplog(machine_creds.get_username())
+            del_gpos = get_deleted_gpos_list(gp_db, [])
+            ext.process_group_policy(del_gpos, [], dname)
+            if os.path.exists(policies_file):
+                data = json.load(open(policies_file, 'r'))
+                if 'policies' in data.keys():
+                    self.assertEqual(len(data['policies'].keys()), 0,
+                                     'The policy was not unapplied')
+
         # Unstage the Registry.pol file
         unstage_file(reg_pol)
 

diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
index 74e2de0dd3911c4975cc07c2636d55d989bad0d0..ff2fb10859ac875ced69a3bb09a338bcb8f14a61 100644 (file)
--- a/selftest/knownfail.d/gpo
+++ b/selftest/knownfail.d/gpo
@@ -1 +1,2 @@
 ^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_firewalld_ext
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_firefox_ext