diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2012-05-23 11:00:24 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-05-30 08:46:21 +0200 |
| commit | 8d00d7c13038abc152afbd46c96108753506fb77 (patch) | |
| tree | 8d5242dee69fce097b05f961c2b104f82275213b /tests | |
| parent | d62b2d9be5a1162f5fdb255aa4f361ce048722fa (diff) | |
| download | freeipa-8d00d7c13038abc152afbd46c96108753506fb77.tar.gz freeipa-8d00d7c13038abc152afbd46c96108753506fb77.tar.xz freeipa-8d00d7c13038abc152afbd46c96108753506fb77.zip | |
Enforce sizelimit in permission-find, post_callback returns truncated
We actually perform two searches in permission-find. The first looks
for matches within the permission object itself. The second looks at
matches in the underlying aci.
We need to break out in two places. The first is if we find enough
matches in the permission itself. The second when we are appending
matches from acis.
The post_callback() definition needed to be modified to return
the truncated value so a plugin author can modify that value.
https://fedorahosted.org/freeipa/ticket/2322
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_xmlrpc/test_permission_plugin.py | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index 28db7dc2f..d8ff14903 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -387,6 +387,80 @@ class test_permission(Declarative): dict( + desc='Search for %r with a limit of 1 (truncated)' % permission1, + command=('permission_find', [permission1], dict(sizelimit=1)), + expected=dict( + count=1, + truncated=True, + summary=u'1 permission matched', + result=[ + { + 'dn': lambda x: DN(x) == permission1_dn, + 'cn': [permission1], + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + }, + ], + ), + ), + + + dict( + desc='Search for %r with a limit of 2' % permission1, + command=('permission_find', [permission1], dict(sizelimit=2)), + expected=dict( + count=2, + truncated=False, + summary=u'2 permissions matched', + result=[ + { + 'dn': lambda x: DN(x) == permission1_dn, + 'cn': [permission1], + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + }, + { + 'dn': lambda x: DN(x) == permission2_dn, + 'cn': [permission2], + 'type': u'user', + 'permissions': [u'write'], + }, + ], + ), + ), + + + # This tests setting truncated to True in the post_callback of + # permission_find(). The return order in LDAP is not guaranteed + # but in practice this is the first entry it finds. This is subject + # to change. + dict( + desc='Search for permissions by attr with a limit of 1 (truncated)', + command=('permission_find', [], dict(attrs=u'ipaenabledflag', + sizelimit=1)), + expected=dict( + count=1, + truncated=True, + summary=u'1 permission matched', + result=[ + { + 'dn': lambda x: DN(x) == DN(('cn', 'Modify HBAC rule'), + api.env.container_permission,api.env.basedn), + 'cn': [u'Modify HBAC rule'], + 'member_privilege': [u'HBAC Administrator'], + 'permissions' : [u'write'], + 'attrs': [u'servicecategory', u'sourcehostcategory', u'cn', u'description', u'ipaenabledflag', u'accesstime', u'usercategory', u'hostcategory', u'accessruletype', u'sourcehost'], + 'subtree' : u'ldap:///ipauniqueid=*,cn=hbac,%s' % api.env.basedn, + 'memberindirect': [u'cn=hbac administrator,cn=privileges,cn=pbac,%s' % api.env.basedn, u'cn=it security specialist,cn=roles,cn=accounts,%s' % api.env.basedn], + }, + ], + ), + ), + + + dict( desc='Update %r' % permission1, command=( 'permission_mod', [permission1], dict(permissions=u'read', memberof=u'ipausers') |