diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-02-02 21:28:15 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-02-03 17:04:51 +0100 |
commit | cf12f3106a7f55fbdb03d64588e8201f14470fe8 (patch) | |
tree | 2ac3a5941caca7bd85fe50712684712f315a117c /tests/test_xmlrpc | |
parent | 2e860f6d070db3b2fe8799891c3e568ac48a1fac (diff) | |
download | freeipa-cf12f3106a7f55fbdb03d64588e8201f14470fe8.tar.gz freeipa-cf12f3106a7f55fbdb03d64588e8201f14470fe8.tar.xz freeipa-cf12f3106a7f55fbdb03d64588e8201f14470fe8.zip |
Fix raw format for ACI commands
ACI plugins (permission, selfservice and delegation) were not
prepared to serve ACIs in a raw format, i.e. raw "aci" attribute
taken from LDAP. This patch fixes all these plugins and their
commands to provide provide this format. Few ACI raw format unit
tests were added for all these plugins.
https://fedorahosted.org/freeipa/ticket/2010
https://fedorahosted.org/freeipa/ticket/2223
https://fedorahosted.org/freeipa/ticket/2228
https://fedorahosted.org/freeipa/ticket/2232
Diffstat (limited to 'tests/test_xmlrpc')
-rw-r--r-- | tests/test_xmlrpc/test_delegation_plugin.py | 31 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_permission_plugin.py | 37 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_selfservice_plugin.py | 29 |
3 files changed, 97 insertions, 0 deletions
diff --git a/tests/test_xmlrpc/test_delegation_plugin.py b/tests/test_xmlrpc/test_delegation_plugin.py index dbfa5ff75..1a9c36743 100644 --- a/tests/test_xmlrpc/test_delegation_plugin.py +++ b/tests/test_xmlrpc/test_delegation_plugin.py @@ -127,6 +127,20 @@ class test_delegation(Declarative): dict( + desc='Retrieve %r with --raw' % delegation1, + command=('delegation_show', [delegation1], {'raw' : True}), + expected=dict( + value=delegation1, + summary=None, + result={ + 'aci': u'(targetattr = "street || c || l || st || postalcode")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,%s)")(version 3.0;acl "delegation:testdelegation";allow (write) groupdn = "ldap:///cn=editors,cn=groups,cn=accounts,%s";)' \ + % (api.env.basedn, api.env.basedn) + }, + ), + ), + + + dict( desc='Search for %r' % delegation1, command=('delegation_find', [delegation1], {}), expected=dict( @@ -163,6 +177,23 @@ class test_delegation(Declarative): dict( + desc='Search for %r with --raw' % delegation1, + command=('delegation_find', [delegation1], {'raw' : True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 delegation matched', + result=[ + { + 'aci': u'(targetattr = "street || c || l || st || postalcode")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,%s)")(version 3.0;acl "delegation:testdelegation";allow (write) groupdn = "ldap:///cn=editors,cn=groups,cn=accounts,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ], + ), + ), + + + dict( desc='Update %r' % delegation1, command=( 'delegation_mod', [delegation1], dict(permissions=u'read') diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index b71921174..50d368197 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -181,6 +181,23 @@ class test_permission(Declarative): dict( + desc='Retrieve %r with --raw' % permission1, + command=('permission_show', [permission1], {'raw' : True}), + expected=dict( + value=permission1, + summary=None, + result={ + 'dn': unicode(permission1_dn), + 'cn': [permission1], + 'member': [unicode(privilege1_dn)], + 'aci': u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "permission:testperm";allow (write) groupdn = "ldap:///cn=testperm,cn=permissions,cn=pbac,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -221,6 +238,26 @@ class test_permission(Declarative): dict( + desc='Search for %r with --raw' % permission1, + command=('permission_find', [permission1], {'raw' : True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': unicode(permission1_dn), + 'cn': [permission1], + 'member': [unicode(privilege1_dn)], + 'aci': u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "permission:testperm";allow (write) groupdn = "ldap:///cn=testperm,cn=permissions,cn=pbac,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ], + ), + ), + + + dict( desc='Create %r' % permission2, command=( 'permission_add', [permission2], dict( diff --git a/tests/test_xmlrpc/test_selfservice_plugin.py b/tests/test_xmlrpc/test_selfservice_plugin.py index 670e353d8..2ddff50ea 100644 --- a/tests/test_xmlrpc/test_selfservice_plugin.py +++ b/tests/test_xmlrpc/test_selfservice_plugin.py @@ -120,6 +120,19 @@ class test_selfservice(Declarative): dict( + desc='Retrieve %r with --raw' % selfservice1, + command=('selfservice_show', [selfservice1], {'raw':True}), + expected=dict( + value=selfservice1, + summary=None, + result={ + 'aci': u'(targetattr = "street || c || l || st || postalcode")(version 3.0;acl "selfservice:testself";allow (write) userdn = "ldap:///self";)', + }, + ), + ), + + + dict( desc='Search for %r' % selfservice1, command=('selfservice_find', [selfservice1], {}), expected=dict( @@ -173,6 +186,22 @@ class test_selfservice(Declarative): dict( + desc='Search for %r with --raw' % selfservice1, + command=('selfservice_find', [selfservice1], {'raw':True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 selfservice matched', + result=[ + { + 'aci': u'(targetattr = "street || c || l || st || postalcode")(version 3.0;acl "selfservice:testself";allow (write) userdn = "ldap:///self";)' + }, + ], + ), + ), + + + dict( desc='Update %r' % selfservice1, command=( 'selfservice_mod', [selfservice1], dict(permissions=u'read') |