diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-10-02 17:06:10 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-10-03 08:53:41 +0200 |
| commit | 43f4ca710bfcf2e4076f95b70e8cfc292becec7f (patch) | |
| tree | 623b531013504b62733a9ca9446c2e509a2b20e6 /tests/test_xmlrpc | |
| parent | 941d1e8701c0c3a22ab4e6320686761b64d89c82 (diff) | |
| download | freeipa-43f4ca710bfcf2e4076f95b70e8cfc292becec7f.tar.gz freeipa-43f4ca710bfcf2e4076f95b70e8cfc292becec7f.tar.xz freeipa-43f4ca710bfcf2e4076f95b70e8cfc292becec7f.zip | |
Only use service PAC type as an override
PAC type (ipakrbauthzdata attribute) was being filled for all new
service automatically. However, the PAC type attribute was designed
to serve only as an override to default PAC type configured in
IPA config. With PAC type set in all services, users would have
to update all services to get new PAC types configured in IPA config.
Do not set PAC type for new services. Add new NONE value meaning that
we do not want any PAC for the service (empty/missing attribute means
that the default PAC type list from IPA config is read).
https://fedorahosted.org/freeipa/ticket/2184
Diffstat (limited to 'tests/test_xmlrpc')
| -rw-r--r-- | tests/test_xmlrpc/test_host_plugin.py | 1 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_service_plugin.py | 48 |
2 files changed, 36 insertions, 13 deletions
diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py index 2010af8a3..37b7e407d 100644 --- a/tests/test_xmlrpc/test_host_plugin.py +++ b/tests/test_xmlrpc/test_host_plugin.py @@ -654,7 +654,6 @@ class test_host(Declarative): krbprincipalname=[service1], objectclass=objectclasses.service, managedby_host=[fqdn1], - ipakrbauthzdata=[u'MS-PAC'], ipauniqueid=[fuzzy_uuid], ), ), diff --git a/tests/test_xmlrpc/test_service_plugin.py b/tests/test_xmlrpc/test_service_plugin.py index a76bc9184..29c94e310 100644 --- a/tests/test_xmlrpc/test_service_plugin.py +++ b/tests/test_xmlrpc/test_service_plugin.py @@ -181,7 +181,6 @@ class test_service(Declarative): krbprincipalname=[service1], objectclass=objectclasses.service, ipauniqueid=[fuzzy_uuid], - ipakrbauthzdata=[u'MS-PAC'], managedby_host=[fqdn1], ), ), @@ -210,7 +209,6 @@ class test_service(Declarative): dn=service1dn, krbprincipalname=[service1], has_keytab=False, - ipakrbauthzdata=[u'MS-PAC'], managedby_host=[fqdn1], ), ), @@ -230,7 +228,6 @@ class test_service(Declarative): objectclass=objectclasses.service, ipauniqueid=[fuzzy_uuid], managedby_host=[fqdn1], - ipakrbauthzdata=[u'MS-PAC'], has_keytab=False ), ), @@ -249,7 +246,6 @@ class test_service(Declarative): dn=service1dn, krbprincipalname=[service1], managedby_host=[fqdn1], - ipakrbauthzdata=[u'MS-PAC'], has_keytab=False, ), ], @@ -271,7 +267,6 @@ class test_service(Declarative): ipakrbprincipalalias=[service1], objectclass=objectclasses.service, ipauniqueid=[fuzzy_uuid], - ipakrbauthzdata=[u'MS-PAC'], has_keytab=False, managedby_host=[fqdn1], ), @@ -289,7 +284,6 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], - ipakrbauthzdata=[u'MS-PAC'], managedby_host=[fqdn1], ), ), @@ -305,7 +299,6 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], - ipakrbauthzdata=[u'MS-PAC'], managedby_host=[fqdn1], ), ), @@ -321,7 +314,6 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], - ipakrbauthzdata=[u'MS-PAC'], managedby_host=[fqdn1, fqdn2], ), ), @@ -337,7 +329,6 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], - ipakrbauthzdata=[u'MS-PAC'], managedby_host=[fqdn1], ), ), @@ -353,7 +344,6 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], - ipakrbauthzdata=[u'MS-PAC'], managedby_host=[fqdn1, fqdn3.lower()], ), ), @@ -369,7 +359,6 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], - ipakrbauthzdata=[u'MS-PAC'], managedby_host=[fqdn1], ), ), @@ -394,7 +383,6 @@ class test_service(Declarative): result=dict( usercertificate=[base64.b64decode(servercert)], krbprincipalname=[service1], - ipakrbauthzdata=[u'MS-PAC'], managedby_host=[fqdn1], valid_not_before=fuzzy_date, valid_not_after=fuzzy_date, @@ -410,6 +398,42 @@ class test_service(Declarative): dict( + desc='Try to update %r with invalid ipakrbauthz data ' + 'combination' % service1, + command=('service_mod', [service1], + dict(ipakrbauthzdata=[u'MS-PAC', u'NONE'])), + expected=errors.ValidationError(name='ipakrbauthzdata', + error=u'NONE value cannot be combined with other PAC types') + ), + + + dict( + desc='Update %r with valid ipakrbauthz data ' + 'combination' % service1, + command=('service_mod', [service1], + dict(ipakrbauthzdata=[u'MS-PAC'])), + expected=dict( + value=service1, + summary=u'Modified service "%s"' % service1, + result=dict( + usercertificate=[base64.b64decode(servercert)], + krbprincipalname=[service1], + managedby_host=[fqdn1], + ipakrbauthzdata=[u'MS-PAC'], + valid_not_before=fuzzy_date, + valid_not_after=fuzzy_date, + subject=DN(('CN',api.env.host),x509.subject_base()), + serial_number=fuzzy_digits, + serial_number_hex=fuzzy_hex, + md5_fingerprint=fuzzy_hash, + sha1_fingerprint=fuzzy_hash, + issuer=fuzzy_issuer, + ), + ), + ), + + + dict( desc='Retrieve %r to verify update' % service1, command=('service_show', [service1], {}), expected=dict( |