summaryrefslogtreecommitdiffstats
path: root/ipatests
Commit message (Collapse)AuthorAgeFilesLines
...
* ipatests: legacy clients: Do not use external hostnames for testing login to ↵Tomas Babej2014-05-091-2/+2
| | | | | | | legacy clients from master Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipatests: Add Sudo integration testTomas Babej2014-05-092-1/+336
| | | | | Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fixed typo in ipa-test-task man pageThorsten Scherf2014-05-061-2/+2
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipatests: Add test for denying expired principalsTomas Babej2014-05-051-4/+45
| | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3305 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Simo Sorce <simo@redhat.com>
* ipatests: Add coverage for setting krbPrincipalExpirationTomas Babej2014-05-051-0/+30
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3306 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipatests: Fix formatting errors in test_user_plugin.pyTomas Babej2014-05-051-131/+120
| | | | Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipatests: Cover DateTime in test_parameters.pyTomas Babej2014-05-052-1/+48
| | | | | | | | | Adds tests for newly added DateTime parameter, focusing on conversion of accepted datetime formats. Part of: https://fedorahosted.org/freeipa/ticket/3306 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui-ci: adjust id range tests to new validatorPetr Vobornik2014-05-054-38/+37
| | | | Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* ipalib.aci: Allow alternate "aci" keyword in ACIsPetr Viktorin2014-04-301-0/+4
| | | | | | | | | | | Dogtag adds some ACIs that use an alternate keyword: version 3.0; aci instead of version 3.0; acl Add support for this so the parser does not fail on these ACIs. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Move ACI tests to the testsuitePetr Viktorin2014-04-301-0/+89
| | | | | | Make old debug code into regression tests for ACI parsing and output. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Implement an IPA Foreman smartproxy serverRob Crittenden2014-04-304-0/+447
| | | | | | | | | | | | | | | | | | This currently server supports only host and hostgroup commands for retrieving, adding and deleting entries. The incoming requests are completely unauthenticated and by default requests must be local. Utilize GSS-Proxy to manage the TGT. Configuration information is in the ipa-smartproxy man page. Design: http://www.freeipa.org/page/V3/Smart_Proxy https://fedorahosted.org/freeipa/ticket/4128 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* test_ldap: Read a publicly accessible attribute when testing anonymous bindPetr Viktorin2014-04-251-5/+4
| | | | | | | The usercertificate attribute is slated to not be readable for anonymous users. Use associateddomain in $SUFFIX instead. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipatests: Extend test suite for ID rangesTomas Babej2014-04-231-81/+383
| | | | | | | | | Add tests coverage for recently added ID range checks dependant on the ID range types. Part of: https://fedorahosted.org/freeipa/ticket/4137 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* test_integration.host: Export the hostname to dict as stringPetr Viktorin2014-04-221-1/+1
| | | | | | Our tests do strict type-checking, using unicode string causes failures. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Keep original name when setting attribute in LDAPEntry.Jan Cholasta2014-04-181-2/+2
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Use raw attribute values in command result when --raw is specified.Jan Cholasta2014-04-181-4/+4
| | | | | | | For backward compatibility, the values are converted to unicode, unless the attribute is binary or the conversion fails. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Support API version-specific RPC marshalling.Jan Cholasta2014-04-181-14/+15
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Allow primary keys to use different type than unicode.Jan Cholasta2014-04-1824-183/+188
| | | | | | | | | | Also return list of primary keys instead of a single unicode CSV value from LDAPDelete-based commands. This introduces a new capability 'primary_key_types' for backward compatibility with old clients. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipatests: Fix incorrect UID/GID reference for subdomain users and groupsTomas Babej2014-04-171-4/+8
| | | | | | | | | In legacy client integration test, the test cases that query information from subdomain about subdomain users and group expected subdomain users and groups to have the UIDs/GIDs as users and groups in the root domain. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Allow using FQDN with trailing dot as final hostnameTomas Babej2014-04-171-1/+5
| | | | | | | | | | | | | | | When creating a BaseHost instance, the machine's hostname was reconfigured to have the same shortname prepended the domain name of the domain where it was defined. However, it makes sense in certain use cases to define hosts that have hostnames other than belonging directly in the domain they were defined in. Treat input hostnames with trailing dots as static FQDNs that will not be changed by the name of the domain they were defined in. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: tasks: Accept extra arguments when installing clientTomas Babej2014-04-171-2/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Fix apache semaphores prior to installing IPA serverTomas Babej2014-04-171-0/+14
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* CI - test_forced_client_reenrollment stability fixAdam Misnyovszki2014-04-171-0/+4
| | | | | | | | fixes FreeIPA Jenkins CI test freeipa-integration-forced_client_reenrollment-f19 https://fedorahosted.org/freeipa/ticket/4298 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add managed read permissions to krbtpolicyPetr Viktorin2014-04-161-3/+36
| | | | | | | | | | | | Unlike other objects, the ticket policy is stored in different subtrees: global policy in cn=kerberos and per-user policy in cn=users,cn=accounts. Add two permissions, one for each location. Also, modify tests so that adding new permissions in cn=users doesn't cause failures. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
* webui-ci: adapt to new login screenPetr Vobornik2014-04-151-15/+17
| | | | | | https://fedorahosted.org/freeipa/ticket/3903 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* Fix expected output in permission testsPetr Viktorin2014-04-152-4/+14
| | | | | | | There is now a second permission affecting krbMinPwdLife. Add it to expected output. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* test_realmdomains_plugin: Add default ACI to expected outputPetr Viktorin2014-04-111-0/+9
| | | | | | | Since realmdomains is only one entry, _show with --all will return the ACI on it. Add it to expected output. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* CA-less tests: Use sequential certificate serial numbersPetr Viktorin2014-04-101-1/+4
| | | | | | | | When serial numbers were generated with $RANDOM, there could be collisions. Use sequential numbers instead. Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* automember rebuild nowait feature addedAdam Misnyovszki2014-04-092-9/+68
| | | | | | | | | | | | | | | automember-rebuild uses asynchronous 389 task, and returned success even if the task didn't run. this patch fixes this issue adding a --nowait parameter to 'ipa automember-rebuild', defaulting to False, thus when the script runs without it, it waits for the 'nstaskexitcode' attribute, which means the task has finished. Old usage can be enabled using --nowait, and returns the DN of the task for further polling. New tests added also. https://fedorahosted.org/freeipa/ticket/4239 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* CA-less tests generate failureAdam Misnyovszki2014-04-081-0/+37
| | | | | | | | | | | CA-less test suite always generate failures when installing revoked certificates. This is a known issue, described in https://fedorahosted.org/freeipa/ticket/4270 , this fix skips these tests, outputting a warning for the later ticket. https://fedorahosted.org/freeipa/ticket/4271 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipatests: tasks: Wait 2 seconds after restart of SSSD when clearing the cacheTomas Babej2014-04-041-0/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: legacy_clients: Relax regex checksTomas Babej2014-04-041-3/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: legacy_clients: Use hostname instead of external hostname for AD ↵Tomas Babej2014-04-041-1/+1
| | | | | | subdomain Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Make sure that remnants of PKI are removedTomas Babej2014-04-041-0/+9
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Extending user plugin with inetOrgPerson fieldsAdam Misnyovszki2014-03-281-0/+92
| | | | | | | | | | | | | | | According to http://tools.ietf.org/html/rfc2798 ipa client and web ui extended with inetOrgPerson fields: - employeenumber - employeetype - preferredlanguage - departmentnumber carlicenseplate is now multivalued https://fedorahosted.org/freeipa/ticket/4165 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* webui: replace IPA.command usage with rpc.commandPetr Vobornik2014-03-271-2/+2
| | | | | | | Replace all IPA.command, IPA.batch_command and IPA.concurrent_command usages by equivalents from rpc module. Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* ipatests: Do not depend on the case of the attributes when testing ID rangesTomas Babej2014-03-261-4/+11
| | | | | | | | | In test_trust.py, several tests did case sensitive search on the output of the ipa idrange-show command. This could cause false negatives. Part of: https://fedorahosted.org/freeipa/ticket/4267 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Update pkcs10 module functions to always load CSRs and allow selecting format.Jan Cholasta2014-03-251-4/+3
| | | | | | This change makes the pkcs10 module more consistent with the x509 module. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Allow modifying permissions with ":" in the namePetr Viktorin2014-03-251-0/+25
| | | | | | | | | | | | | | The ":" character will be reserved for default permissions, so that users cannot create a permission with a name that will later be added as a default. Allow the ":" character modifying/deleting permissions*, but not when creating them. Also do not allow the new name to contain ":" when renaming. (* modify/delete have unrelated restrictions on managed permissions) Reviewed-By: Martin Kosek <mkosek@redhat.com>
* test_permission_plugin: Fix tests that make too broad assumptionsPetr Viktorin2014-03-252-44/+28
| | | | | | | | | | | | | | The test that searches with a limit of 1 assumes a specific order LDAP returns entries in. Future patches will change this order. Do not check the specific entry returned. The test that searched for --bindtype assumed that no anonymous permissions exist in a clean install. Again, this will be changed in future patches. Add a name to the bindtype test, and add a negatitive test to verify the filtering works. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Allow indexing API object types by classPetr Viktorin2014-03-251-2/+10
| | | | | | | | | | | | | | This allows code like: from ipalib.plugins.dns import dnszone_mod api.Command[dnszone_mod] This form should be preferred when getting specific objects because it ensures that the appropriate plugin is imported. https://fedorahosted.org/freeipa/ticket/4185 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Do not add the ipapermissionv2 for outputPetr Viktorin2014-03-242-2/+2
| | | | | | | | | As with the flags, the objectclass should be returned as it is on the entry. https://fedorahosted.org/freeipa/ticket/4257 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui-ci: fix test_rebuild_membership_hosts on server without DNSPetr Vobornik2014-03-241-19/+5
| | | | | | | Host adder dialog differs on installations with and without DNS. Previous test used values for adding hosts which were suitable only for IPA servers installed with DNS. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipatests: test_trust: Change expected home directories for posix usersTomas Babej2014-03-242-4/+5
| | | | | | | | | | | | | | Information from the AD about the home directories is not leveraged at all, but is generated from the username and domain. Fix the assumptions in the tests. Also changes 'Subdomain Test User' to 'Subdomaintest User' to be more consistent. https://fedorahosted.org/freeipa/ticket/4184 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* test_integration.tasks: Do not fail cleanup if backup directory does not existPetr Viktorin2014-03-201-1/+2
| | | | | | | | | If the test backup directory was never created (for example if there was an early failure, or install was never run), we don't want the test to fail. Do not restore if the backup dir is not there. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: change permissions UI to v2Petr Vobornik2014-03-201-3/+6
| | | | | | | | | | | | | | reflect ipalib permission changes in Web UI. - http://www.freeipa.org/page/V4/Permissions_V2 - http://www.freeipa.org/page/V4/Anonymous_and_All_permissions - http://www.freeipa.org/page/V4/Managed_Read_permissions - http://www.freeipa.org/page/V4/Multivalued_target_filters_in_permissions https://fedorahosted.org/freeipa/ticket/4079 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com> Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui-css: improve radio,checkbox keyboard support and colorPetr Vobornik2014-03-204-10/+10
| | | | | | | | | | | | | checkboxes and radio buttons: - do not change color on hover when disabled - are focusable and checkable be keyboard again. This uses a little trick where the real checkbox is hidden under the artificial checkbox. That way it has the same position and therefore it works even in containers with overflow set. https://fedorahosted.org/freeipa/ticket/4217 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* permission plugin: Do not change extra target filters by "views"Petr Viktorin2014-03-141-0/+165
| | | | | | | | | | | | | Previously, setting/deleting the "--type" virtual attribute removed all (objectclass=...) target filters. Change so that only the filter associated with --type is removed. The same change applies to --memberof: only filters associated with the option are removed when --memberof is (un-)set. Follow-up to https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Support searching by extratargetfilterPetr Viktorin2014-03-141-0/+42
| | | | | | | | | | The extratargetfilter behaves exactly like targetfilter, so that e.g. ipa permission-find --filter=(objectclass=ipausergroup) finds all permissions with that filter in the ACI. Part of the work for https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Add tests for extratargetfilterPetr Viktorin2014-03-141-0/+317
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
generated by cgit (git 2.34.1) at 2024-11-16 07:29:15 +0000