freeipa.git/tests/test_xmlrpc, branch adwork FreeIPA project Add support for external group members 2012-06-27T14:13:42+00:00 Alexander Bokovoy abokovoy@redhat.com 2012-06-20T13:08:33+00:00 70d1870e99ccad9ca41c3f40d380f1348b895bb6 When using ipaExternalGroup/ipaExternalMember attributes it is possible to add group members which don't exist in IPA database. This is primarily is required for AD trusts support and therefore validation is accepting only secure identifier (SID) format. https://fedorahosted.org/freeipa/ticket/2664 
When using ipaExternalGroup/ipaExternalMember attributes it is
possible to add group members which don't exist in IPA database.
This is primarily is required for AD trusts support and therefore
validation is accepting only secure identifier (SID) format.

https://fedorahosted.org/freeipa/ticket/2664
Case sensitive renaming of objects 2012-06-20T13:47:02+00:00 Ondrej Hamada ohamada@redhat.com 2012-06-19T12:49:19+00:00 f298a20d27701cf617c5b146a2d22c9c94d85bc3 When renaming object its case sensitivity is obeyed. This was DS bug. Unit tests were corrected and minimal DS version was updated in spec file. https://fedorahosted.org/freeipa/ticket/2620 
When renaming object its case sensitivity is obeyed. This was DS bug.
Unit tests were corrected and minimal DS version was updated in spec
file.

https://fedorahosted.org/freeipa/ticket/2620
Fail on unknown Command options 2012-06-20T13:18:42+00:00 Petr Viktorin pviktori@redhat.com 2012-04-17T16:42:35+00:00 1235dfa7bf4b249eb6da8eab8d8a2c7b0eef98db When unknown keyword arguments are passed to a Command, raise an error instead of ignoring them. Options used when IPA calls its commands internally are listed in a new Command attribute called internal_options, and allowed. Previous patches (0b01751c, c45174d6, c5689e7f) made IPA not use unknown keyword arguments in its own commands and tests, but since that some violations were reintroduced in permission_find and tests. Fix those. Tests included; both a frontend unittest and a XML-RPC test via the ping plugin (which was untested previously). https://fedorahosted.org/freeipa/ticket/2509 
When unknown keyword arguments are passed to a Command, raise an
error instead of ignoring them.

Options used when IPA calls its commands internally are listed
in a new Command attribute called internal_options, and allowed.

Previous patches (0b01751c, c45174d6, c5689e7f) made IPA not use
unknown keyword arguments in its own commands and tests, but since
that some violations were reintroduced in permission_find and tests.
Fix those.

Tests included; both a frontend unittest and a XML-RPC test via the
ping plugin (which was untested previously).

https://fedorahosted.org/freeipa/ticket/2509
Remove trust work unit test failures 2012-06-14T10:21:18+00:00 Martin Kosek mkosek@redhat.com 2012-06-14T09:02:16+00:00 0c96f5935607e3825ed76330d3375dec9689c8ba Trust work that was pushed recently requires few changes in unit tests to prevent test failures. This patch also removes repetitive construction of group DN in group unit tests. 
Trust work that was pushed recently requires few changes in unit
tests to prevent test failures. This patch also removes repetitive
construction of group DN in group unit tests.
Rework the CallbackInterface 2012-06-14T09:09:43+00:00 Petr Viktorin pviktori@redhat.com 2012-04-25T14:31:10+00:00 9960149e3f84564ab324bfb9db7c50063d87a7bd Fix several problems with the callback interface: - Automatically registered callbacks (i.e. methods named exc_callback, pre_callback etc) were registered on every instantiation. Fix: Do not register callbacks in __init__; instead return the method when asked for it. - The calling code had to distinguish between bound methods and plain functions by checking the 'im_self' attribute. Fix: Always return the "default" callback as an unbound method. Registered callbacks now always take the extra `self` argument, whether they happen to be bound methods or not. Calling code now always needs to pass the `self` argument. - Did not work well with inheritance: due to the fact that Python looks up missing attributes in superclasses, callbacks could get attached to a superclass if it was instantiated early enough. * Fix: Instead of attribute lookup, use a dictionary with class keys. - The interface included the callback types, which are LDAP-specific. Fix: Create generic register_callback and get_callback mehods, move LDAP-specific code to BaseLDAPCommand Update code that calls the callbacks. Add tests. Remove lint exceptions for CallbackInterface. * https://fedorahosted.org/freeipa/ticket/2674 
Fix several problems with the callback interface:
- Automatically registered callbacks (i.e. methods named
    exc_callback, pre_callback etc) were registered on every
    instantiation.
    Fix: Do not register callbacks in __init__; instead return the
    method when asked for it.
- The calling code had to distinguish between bound methods and
    plain functions by checking the 'im_self' attribute.
    Fix: Always return the "default" callback as an unbound method.
    Registered callbacks now always take the extra `self` argument,
    whether they happen to be bound methods or not.
    Calling code now always needs to pass the `self` argument.
- Did not work well with inheritance: due to the fact that Python
    looks up missing attributes in superclasses, callbacks could
    get attached to a superclass if it was instantiated early enough. *
    Fix: Instead of attribute lookup, use a dictionary with class keys.
- The interface included the callback types, which are LDAP-specific.
    Fix: Create generic register_callback and get_callback mehods,
    move LDAP-specific code to BaseLDAPCommand

Update code that calls the callbacks.
Add tests.
Remove lint exceptions for CallbackInterface.

* https://fedorahosted.org/freeipa/ticket/2674
Prevent deletion of the last admin 2012-06-07T01:57:12+00:00 Petr Viktorin pviktori@redhat.com 2012-05-23T09:44:53+00:00 f8e7b516d923142a23058cb23ee817522686cfe3 Raise an error when trying to delete the last user in the 'admins' group, or remove the last member from the group, or delete the group itself. https://fedorahosted.org/freeipa/ticket/2564 
Raise an error when trying to delete the last user in the
'admins' group, or remove the last member from the group,
or delete the group itself.

https://fedorahosted.org/freeipa/ticket/2564
Fill new DNS zone update policy by default 2012-06-05T06:41:46+00:00 Martin Kosek mkosek@redhat.com 2012-06-04T15:53:34+00:00 c06cbb12ac2080e75578645b5e74adf7496de1fa For security reasons, dynamic updates are not enabled for new DNS zones. In order to enable the dynamic zone securely, user needs to allow dynamic updates and create a zone update policy. The policy is not easy to construct for regular users, we should rather fill it by default and let users just switch the policy on or off. https://fedorahosted.org/freeipa/ticket/2441 
For security reasons, dynamic updates are not enabled for new DNS
zones. In order to enable the dynamic zone securely, user needs to
allow dynamic updates and create a zone update policy.

The policy is not easy to construct for regular users, we should
rather fill it by default and let users just switch the policy
on or off.

https://fedorahosted.org/freeipa/ticket/2441
Add more automount tests 2012-06-01T00:16:29+00:00 Petr Viktorin pviktori@redhat.com 2012-05-25T14:53:23+00:00 c799f6a0bf28280b3b9c473c3888367d5bdbde58 This adds tests for the automountlocation_tofiles and automountlocation_import commands, and to automountmap_add_indirect with the --parentmap option. The tofiles test checks not only the XML-RPC output, but also the output_for_cli method. The import tests load data from tofiles output to the directory and check that tofiles output matches. This only works when all maps are connected to auto.master. Two minor touches to the automount plugin itself: remove an extra space, and don't hide the traceback when re-raising an exception. 
This adds tests for the automountlocation_tofiles and
automountlocation_import commands, and to automountmap_add_indirect
with the --parentmap option.

The tofiles test checks not only the XML-RPC output, but also the
output_for_cli method.

The import tests load data from tofiles output to the directory
and check that tofiles output matches.
This only works when all maps are connected to auto.master.

Two minor touches to the automount plugin itself: remove an extra
space, and don't hide the traceback when re-raising an exception.
Allow relative DNS name in NS validator 2012-06-01T10:26:57+00:00 Martin Kosek mkosek@redhat.com 2012-05-29T13:06:31+00:00 895203c47780033b010cd1e0e9ccb21db835ea16 Precallback validator was failing when a zone-relative name was used as a NS record (for example record "ns" in a zone "example.com"). However, this is valid in BIND and we should allow it as well. Imports in dns module had to be switched to absolute imports (available from Python 2.5) to deal with a conflict of IPA dns module and dnspython module. https://fedorahosted.org/freeipa/ticket/2630 
Precallback validator was failing when a zone-relative name was
used as a NS record (for example record "ns" in a zone "example.com").
However, this is valid in BIND and we should allow it as well.

Imports in dns module had to be switched to absolute imports
(available from Python 2.5) to deal with a conflict of IPA dns
module and dnspython module.

https://fedorahosted.org/freeipa/ticket/2630
permission-find missed some results with --pkey-only option 2012-06-01T05:51:59+00:00 Martin Kosek mkosek@redhat.com 2012-05-31T10:39:24+00:00 6ff5f28142c46bf5f08fef74c261f75e1baa9f66 When permission-find post callback detected a --pkey-only option, it just terminated. However, this way the results that could have been added from aci_find matches were not included. Fix the post callback to go through the entire matching process. Also make sure that DNS permissions have a correct objectclass (ipapermission), otherwise such objects are not matched by the permission LDAP search. https://fedorahosted.org/freeipa/ticket/2658 
When permission-find post callback detected a --pkey-only option,
it just terminated. However, this way the results that could have
been added from aci_find matches were not included.

Fix the post callback to go through the entire matching process.
Also make sure that DNS permissions have a correct objectclass
(ipapermission), otherwise such objects are not matched by the
permission LDAP search.

https://fedorahosted.org/freeipa/ticket/2658