freeipa.git/tests/test_xmlrpc, branch testing FreeIPA project Update test_role_plugin test to include a comma in a privilege 2011-06-22T06:06:02+00:00 John Dennis jdennis@redhat.com 2011-06-15T20:05:19+00:00 d9d00f152267780d8251ee6e935645f397f2c0d7 Introduce a comma into a privilege name to assure we can handle commas. Commas must be escaped for some parameters, add escape_comma() utility and invoke it for the necessary parameters. Utilize a DN object to properly construct a DN and most importantly to allow equality testing beween the DN we expect and the one returned. This is necessary because a DN can be encoded according to different encoding syntaxes all of which are valid. DN objects always decode from their input. DN objects can test for equality between DN's without being affected by DN encoding. Add a equality callback for the dn in the expected dict. When the test framework tests for equality between the expected value and the returned value it will call back into a function we provide which will convert the returned dn into a DN object. An equality test is then performed between two DN objects. This is the only way to properly compare two dn's. 
Introduce a comma into a privilege name to assure we can handle
commas.

Commas must be escaped for some parameters, add escape_comma() utility
and invoke it for the necessary parameters.

Utilize a DN object to properly construct a DN and most importantly to
allow equality testing beween the DN we expect and the one
returned. This is necessary because a DN can be encoded according to
different encoding syntaxes all of which are valid. DN objects always
decode from their input. DN objects can test for equality between DN's
without being affected by DN encoding.

Add a equality callback for the dn in the expected dict. When the test
framework tests for equality between the expected value and the
returned value it will call back into a function we provide which will
convert the returned dn into a DN object. An equality test is then
performed between two DN objects. This is the only way to properly
compare two dn's.
Require an imported certificate's issuer to match our issuer. 2011-06-16T23:27:17+00:00 Rob Crittenden rcritten@redhat.com 2011-04-26T20:45:19+00:00 a2a3782efb386f18689faf35a069c4da1085e87d The goal is to not import foreign certificates. This caused a bunch of tests to fail because we had a hardcoded server certificate. Instead a developer will need to run make-testcert to create a server certificate generated by the local CA to test against. ticket 1134 
The goal is to not import foreign certificates.

This caused a bunch of tests to fail because we had a hardcoded server
certificate. Instead a developer will need to run make-testcert to
create a server certificate generated by the local CA to test against.

ticket 1134
Raise DuplicateEntry Error when adding a duplicate sudo option 2011-06-16T23:21:07+00:00 Jr Aquino jr.aquino@citrix.com 2011-06-16T18:57:13+00:00 44cdf8ef54ff761a5e38919b8cdce5128928985a https://fedorahosted.org/freeipa/ticket/1276 https://fedorahosted.org/freeipa/ticket/1277 https://fedorahosted.org/freeipa/ticket/1308 Added new Exception: AttrValueNotFound Fixed XML Test for Sudorule remove_option 1276 (Raise AttrValueNotFound when trying to remove a non-existent option from Sudo rule) 1277 (Raise DuplicateEntry Error when adding a duplicate sudo option) 1308 (Make sudooption a required option for sudorule_remove_option) 
https://fedorahosted.org/freeipa/ticket/1276
https://fedorahosted.org/freeipa/ticket/1277
https://fedorahosted.org/freeipa/ticket/1308

Added new Exception: AttrValueNotFound
Fixed XML Test for Sudorule remove_option
1276 (Raise AttrValueNotFound when trying to remove a non-existent option from Sudo rule)
1277 (Raise DuplicateEntry Error when adding a duplicate sudo option)
1308 (Make sudooption a required option for sudorule_remove_option)
Add a list of managed hosts 2011-06-15T10:47:57+00:00 Martin Kosek mkosek@redhat.com 2011-06-13T14:23:09+00:00 613804083d40f6d3b64eeaa8da8a4f5b94cb839d Enhance Host plugin to provide not only "Managed By" list but also a list of managed hosts. The new list is generated only when --all option is passed. https://fedorahosted.org/freeipa/ticket/993 
Enhance Host plugin to provide not only "Managed By" list but also
a list of managed hosts. The new list is generated only when --all
option is passed.

https://fedorahosted.org/freeipa/ticket/993
Fix indirect member calculation 2011-06-14T15:34:11+00:00 Rob Crittenden rcritten@redhat.com 2011-06-13T18:54:42+00:00 c5d8618424de3766db9f104d0873c884b53a4feb Indirect membership is calculated by looking at each member and pulling all the memberof out of it. What was missing was doing nested searches on any members in that member group. So if group2 was a member of group1 and group3 was a member of group2 we would miss group3 as being an indirect member of group1. I updated the nesting test to do deeper nested testing. I confirmed that this test failed with the old code and works with the new. This also prevents duplicate indirect users and looping on circular membership. ticket https://fedorahosted.org/freeipa/ticket/1273 
Indirect membership is calculated by looking at each member and pulling
all the memberof out of it. What was missing was doing nested searches
on any members in that member group.

So if group2 was a member of group1 and group3 was a member of group2
we would miss group3 as being an indirect member of group1.

I updated the nesting test to do deeper nested testing. I confirmed
that this test failed with the old code and works with the new.

This also prevents duplicate indirect users and looping on circular
membership.

ticket https://fedorahosted.org/freeipa/ticket/1273
Add UID, GID and e-mail to the user default attributes. 2011-06-08T23:30:11+00:00 Rob Crittenden rcritten@redhat.com 2011-06-08T17:43:20+00:00 4ef8b58c26a2b7fde7d4f1ae98053f56ad2823b7 ticket https://fedorahosted.org/freeipa/ticket/1265 
ticket https://fedorahosted.org/freeipa/ticket/1265
Add sudorule and hbacrule to memberof and indirectmemberof attributes 2011-06-06T17:14:38+00:00 Jr Aquino jr.aquino@citrix.com 2011-05-31T21:52:35+00:00 d7c60205a6232f52eec80126a649b1319ed77974 Add Add tests for users, groups, hosts and hostgroups to verify membership Update API to version 2.3 https://fedorahosted.org/freeipa/ticket/1170 
Add Add tests for users, groups, hosts and hostgroups to verify membership

Update API to version 2.3

https://fedorahosted.org/freeipa/ticket/1170
Add option to limit the attributes allowed in an entry. 2011-05-27T17:51:37+00:00 Rob Crittenden rcritten@redhat.com 2011-05-16T21:39:23+00:00 9cc0754b710500519c6f5fd41a0a0237a43e04b0 Kerberos ticket policy can update policy in a user entry. This allowed set/addattr to be used to modify attributes outside of the ticket policy perview, also bypassing all validation/normalization. Likewise the ticket policy was updatable by the user plugin bypassing all validation. Add two new LDAPObject values to control this behavior: limit_object_classes: only attributes in these are allowed disallow_object_classes: attributes in these are disallowed By default both of these lists are empty so are skipped. ticket 744 
Kerberos ticket policy can update policy in a user entry. This allowed
set/addattr to be used to modify attributes outside of the ticket policy
perview, also bypassing all validation/normalization. Likewise the
ticket policy was updatable by the user plugin bypassing all validation.

Add two new LDAPObject values to control this behavior:

limit_object_classes: only attributes in these are allowed
disallow_object_classes: attributes in these are disallowed

By default both of these lists are empty so are skipped.

ticket 744
A new flag to disable creation of UPG 2011-05-25T06:39:47+00:00 Martin Kosek mkosek@redhat.com 2011-05-16T10:56:04+00:00 dea578a357b2ebc68f56ef31f841cfe056f73303 Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 
Automatic creation may of User Private Groups (UPG) may not be
wanted at all times. This patch adds a new flag --noprivate to
ipa user-add command to disable it.

https://fedorahosted.org/freeipa/ticket/1131
Modify the default attributes shown in user-find to match the UI design. 2011-04-22T18:49:20+00:00 Rob Crittenden rcritten@redhat.com 2011-04-22T17:43:30+00:00 d3b0c64fcec9a97626dbaca238a0186f180fe2fd This change means the UI can stop using the --all option and have to retrieve significantly less information from the server. It also speeds up user-find as it doesn't have to calculate membership. This adds a new baseclass parameter, search_display_attributes, which can provide a separate list from default_attributes just for find commands. The UI will need to be changed to switch from using cn to using givenname and sn. ticket 1136 
This change means the UI can stop using the --all option and have to
retrieve significantly less information from the server. It also
speeds up user-find as it doesn't have to calculate membership.

This adds a new baseclass parameter, search_display_attributes, which
can provide a separate list from default_attributes just for find
commands.

The UI will need to be changed to switch from using cn to using
givenname and sn.

ticket 1136