Fix aci_mod command. It should handle more complex operations now.

The problem was trying to operate directly on the ACI itself. I
introduced a new function, _aci_to_kw(), that converts an ACI
into a set of keywords. We can take these keywords, like those passed
in when an ACI is created, to merge in any changes and then re-create the
ACI.

I also switched the ACI tests to be declarative and added a lot more
cases around the modify operation.

1 files changed, 201 insertions, 56 deletions

diff --git a/tests/test_xmlrpc/test_aci_plugin.py b/tests/test_xmlrpc/test_aci_plugin.py
index c42f1abd8..14d3c8950 100644
--- a/tests/test_xmlrpc/test_aci_plugin.py
+++ b/tests/test_xmlrpc/test_aci_plugin.py
@@ -1,7 +1,7 @@
 # Authors:
 #   Rob Crittenden <rcritten@redhat.com>
 #
-# Copyright (C) 2009  Red Hat
+# Copyright (C) 2010 Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or
@@ -16,62 +16,207 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
 """
 Test the `ipalib/plugins/aci.py` module.
 """
 
-import sys
-from xmlrpc_test import XMLRPC_test, assert_attr_equal
-from ipalib import api
-from ipalib import errors
-
-
-class test_aci(XMLRPC_test):
-    """
-    Test the `aci` plugin.
-    """
-    aciname = u'acitest'
-    taskgroup = u'testtaskgroup'
-    kw = {'permissions': u'add', 'type': u'user', 'taskgroup': taskgroup }
-    aci = u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "acitest";allow (add) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn)
-
-    def test_1_aci_add(self):
-        """
-        Test adding an aci using the `xmlrpc.aci_add` method.
-        """
-        result = api.Command['aci_add'](self.aciname, **self.kw)['result']
-
-        assert result == self.aci
-
-    def test_2_aci_show(self):
-        """
-        Test showing an aci using the `xmlrpc.aci_show` method.
-        """
-        result = api.Command['aci_show'](self.aciname)['result']
-
-        assert result == self.aci
-
-    def test_3_aci_find(self):
-        """
-        Test showing an aci using the `xmlrpc.aci_show` method.
-        """
-        outcome = api.Command['aci_find'](self.aciname)
-        result = outcome['result']
-        count = outcome['count']
-
-        assert count == 1
-        assert result[0] == self.aci
-
-    def test_4_aci_del(self):
-        """
-        Remove the second test policy with `xmlrpc.aci_del`.
-        """
-        assert api.Command['aci_del'](self.aciname)['result'] is True
-
-        # Verify that it is gone
-        try:
-            api.Command['aci_show'](self.aciname)
-        except errors.NotFound:
-            pass
-        else:
-            assert False
+from ipalib import api, errors
+from tests.test_xmlrpc import objectclasses
+from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid
+
+
+aci1=u'test1'
+taskgroup = u'testtaskgroup'
+
+
+class test_aci(Declarative):
+
+    cleanup_commands = [
+        ('aci_del', [aci1], {}),
+    ]
+
+    tests = [
+
+        dict(
+            desc='Try to retrieve non-existent %r' % aci1,
+            command=('aci_show', [aci1], {}),
+            expected=errors.NotFound(reason='no such entry'),
+        ),
+
+
+        dict(
+            desc='Try to update non-existent %r' % aci1,
+            command=('aci_mod', [aci1], dict(permissions=u'write')),
+            expected=errors.NotFound(reason='no such entry'),
+        ),
+
+
+        dict(
+            desc='Try to delete non-existent %r' % aci1,
+            command=('aci_del', [aci1], {}),
+            expected=errors.NotFound(reason='no such entry'),
+        ),
+
+
+        dict(
+            desc='Create %r' % aci1,
+            command=(
+                'aci_add', [aci1], dict(permissions=u'add', type=u'user', taskgroup=taskgroup)
+            ),
+            expected=dict(
+                value=aci1,
+                summary=u'Created ACI "test1"',
+                result=u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn),
+                ),
+        ),
+
+
+        dict(
+            desc='Try to create duplicate %r' % aci1,
+            command=(
+                'aci_add', [aci1], dict(permissions=u'add', type=u'user', taskgroup=taskgroup)
+            ),
+            expected=errors.DuplicateEntry(),
+        ),
+
+
+        dict(
+            desc='Retrieve %r' % aci1,
+            command=(
+                'aci_show', [aci1], {}
+            ),
+            expected=dict(
+                value=aci1,
+                summary=None,
+                result=u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn),
+                ),
+        ),
+
+
+        dict(
+            desc='Search for %r with all=True' % aci1,
+            command=(
+                'aci_find', [aci1], {'all': True}
+            ),
+            expected=dict(
+                result=[
+                    u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn)
+                ],
+                summary=u'1 ACI matched',
+                count=1,
+            ),
+        ),
+
+
+        dict(
+            desc='Search for %r with minimal attributes' % aci1,
+            command=(
+                'aci_find', [aci1], {}
+            ),
+            expected=dict(
+                result=[
+                    u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn)
+                ],
+                summary=u'1 ACI matched',
+                count=1,
+            ),
+        ),
+
+
+        dict(
+            desc='Update permissions in %r' % aci1,
+            command=(
+                'aci_mod', [aci1], dict(permissions=u'add,write')
+            ),
+            expected=dict(
+                value=aci1,
+                summary=u'Updated ACI "test1"',
+                result=u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add,write) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn),
+            ),
+        ),
+
+
+        dict(
+            desc='Retrieve %r to verify update' % aci1,
+            command=('aci_show', [aci1], {}),
+            expected=dict(
+                value=aci1,
+                summary=None,
+                result=u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add,write) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn),
+            ),
+
+        ),
+
+        dict(
+            desc='Update attributes in %r' % aci1,
+            command=(
+                'aci_mod', [aci1], dict(attrs=u'cn, sn,givenName')
+            ),
+            expected=dict(
+                value=aci1,
+                summary=u'Updated ACI "test1"',
+                result=u'(targetattr = "cn || sn || givenName")(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add,write) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn),
+            ),
+        ),
+
+
+        dict(
+            desc='Update type in %r' % aci1,
+            command=(
+                'aci_mod', [aci1], dict(type=u'group')
+            ),
+            expected=dict(
+                value=aci1,
+                summary=u'Updated ACI "test1"',
+                result=u'(targetattr = "cn || sn || givenName")(target = "ldap:///cn=*,cn=groups,cn=accounts,%s")(version 3.0;acl "test1";allow (add,write) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn),
+            ),
+        ),
+
+
+        dict(
+            desc='Update memberOf in %r' % aci1,
+            command=(
+                'aci_mod', [aci1], dict(memberof=u'ipausers')
+            ),
+            expected=dict(
+                value=aci1,
+                summary=u'Updated ACI "test1"',
+                result=u'(targetattr = "cn || sn || givenName")(targetfilter = "(memberOf=cn=testtaskgroup,cn=taskgroups,cn=accounts,%s)")(target = "ldap:///cn=*,cn=groups,cn=accounts,%s")(version 3.0;acl "test1";allow (add,write) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn, api.env.basedn),
+            ),
+        ),
+
+
+        dict(
+            desc='Delete %r' % aci1,
+            command=('aci_del', [aci1], {}),
+            expected=dict(
+                result=True,
+                summary=u'Deleted ACI "test1"',
+                value=aci1,
+            ),
+        ),
+
+
+        dict(
+            desc='Try to delete non-existent %r' % aci1,
+            command=('aci_del', [aci1], {}),
+            expected=errors.NotFound(reason='no such entry'),
+        ),
+
+
+        dict(
+            desc='Try to retrieve non-existent %r' % aci1,
+            command=('aci_show', [aci1], {}),
+            expected=errors.NotFound(reason='no such entry'),
+        ),
+
+
+        dict(
+            desc='Try to update non-existent %r' % aci1,
+            command=('aci_mod', [aci1], dict(givenname=u'Foo')),
+            expected=errors.NotFound(reason='no such entry'),
+        ),
+
+
+    ]