summaryrefslogtreecommitdiffstats
path: root/tests/test_xmlrpc
Commit message (Collapse)AuthorAgeFilesLines
* Fail on unknown Command optionsPetr Viktorin2012-06-204-4/+68
| | | | | | | | | | | | | | | | | | When unknown keyword arguments are passed to a Command, raise an error instead of ignoring them. Options used when IPA calls its commands internally are listed in a new Command attribute called internal_options, and allowed. Previous patches (0b01751c, c45174d6, c5689e7f) made IPA not use unknown keyword arguments in its own commands and tests, but since that some violations were reintroduced in permission_find and tests. Fix those. Tests included; both a frontend unittest and a XML-RPC test via the ping plugin (which was untested previously). https://fedorahosted.org/freeipa/ticket/2509
* Remove trust work unit test failuresMartin Kosek2012-06-143-67/+35
| | | | | | Trust work that was pushed recently requires few changes in unit tests to prevent test failures. This patch also removes repetitive construction of group DN in group unit tests.
* Rework the CallbackInterfacePetr Viktorin2012-06-141-1/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix several problems with the callback interface: - Automatically registered callbacks (i.e. methods named exc_callback, pre_callback etc) were registered on every instantiation. Fix: Do not register callbacks in __init__; instead return the method when asked for it. - The calling code had to distinguish between bound methods and plain functions by checking the 'im_self' attribute. Fix: Always return the "default" callback as an unbound method. Registered callbacks now always take the extra `self` argument, whether they happen to be bound methods or not. Calling code now always needs to pass the `self` argument. - Did not work well with inheritance: due to the fact that Python looks up missing attributes in superclasses, callbacks could get attached to a superclass if it was instantiated early enough. * Fix: Instead of attribute lookup, use a dictionary with class keys. - The interface included the callback types, which are LDAP-specific. Fix: Create generic register_callback and get_callback mehods, move LDAP-specific code to BaseLDAPCommand Update code that calls the callbacks. Add tests. Remove lint exceptions for CallbackInterface. * https://fedorahosted.org/freeipa/ticket/2674
* Prevent deletion of the last adminPetr Viktorin2012-06-062-0/+96
| | | | | | | | Raise an error when trying to delete the last user in the 'admins' group, or remove the last member from the group, or delete the group itself. https://fedorahosted.org/freeipa/ticket/2564
* Fill new DNS zone update policy by defaultMartin Kosek2012-06-051-0/+12
| | | | | | | | | | | | For security reasons, dynamic updates are not enabled for new DNS zones. In order to enable the dynamic zone securely, user needs to allow dynamic updates and create a zone update policy. The policy is not easy to construct for regular users, we should rather fill it by default and let users just switch the policy on or off. https://fedorahosted.org/freeipa/ticket/2441
* Add more automount testsPetr Viktorin2012-05-311-7/+222
| | | | | | | | | | | | | | | | This adds tests for the automountlocation_tofiles and automountlocation_import commands, and to automountmap_add_indirect with the --parentmap option. The tofiles test checks not only the XML-RPC output, but also the output_for_cli method. The import tests load data from tofiles output to the directory and check that tofiles output matches. This only works when all maps are connected to auto.master. Two minor touches to the automount plugin itself: remove an extra space, and don't hide the traceback when re-raising an exception.
* Allow relative DNS name in NS validatorMartin Kosek2012-06-011-5/+11
| | | | | | | | | | | | Precallback validator was failing when a zone-relative name was used as a NS record (for example record "ns" in a zone "example.com"). However, this is valid in BIND and we should allow it as well. Imports in dns module had to be switched to absolute imports (available from Python 2.5) to deal with a conflict of IPA dns module and dnspython module. https://fedorahosted.org/freeipa/ticket/2630
* permission-find missed some results with --pkey-only optionMartin Kosek2012-06-011-0/+19
| | | | | | | | | | | | | When permission-find post callback detected a --pkey-only option, it just terminated. However, this way the results that could have been added from aci_find matches were not included. Fix the post callback to go through the entire matching process. Also make sure that DNS permissions have a correct objectclass (ipapermission), otherwise such objects are not matched by the permission LDAP search. https://fedorahosted.org/freeipa/ticket/2658
* Add rename option for DNS recordsMartin Kosek2012-05-311-3/+31
| | | | | | | This option will make renaming DNS records much easier. Add a unit test for this new functionality. https://fedorahosted.org/freeipa/ticket/2600
* Enforce sizelimit in permission-find, post_callback returns truncatedRob Crittenden2012-05-301-0/+74
| | | | | | | | | | | | | | | We actually perform two searches in permission-find. The first looks for matches within the permission object itself. The second looks at matches in the underlying aci. We need to break out in two places. The first is if we find enough matches in the permission itself. The second when we are appending matches from acis. The post_callback() definition needed to be modified to return the truncated value so a plugin author can modify that value. https://fedorahosted.org/freeipa/ticket/2322
* Provide a better error message when deleting nonexistent attributesPetr Viktorin2012-05-291-0/+33
| | | | | | | | | If --delattr is used on an attribute that's not present on an entry, and --{set,add}attr isn't being used on that same attribute, say that there's "no such attribute" instead of "<attribute> does not contain <value>". https://fedorahosted.org/freeipa/ticket/2699
* Disallow setattr on no_update/no_create paramsPetr Viktorin2012-05-292-1/+69
| | | | | | | | | | | | | Make --{set,add,del}attr fail on parameters with the no_update/no_create flag for the respective command. For attributes that can be modified, but we just don't want to display in the CLI, use the 'no_option' flag. These are "locking" attributes (ipaenabledflag, nsaccountlock) and externalhost. Document the 'no_option' flag. Add some tests. https://fedorahosted.org/freeipa/ticket/2580
* Reset krbtpolicy when a unit test is finishedMartin Kosek2012-05-281-0/+1
| | | | | | | | | | Kerberos ticket maximum life was being set to 1 hour which then affected lifetime of Kerberos tickets returned by IPA server under the test. Make sure that the policy is reset before and after the unit test to keep the IPA server settings clean and not to disrupt development environment.
* Fix the pwpolicy_find post_callbackPetr Viktorin2012-05-281-1/+15
| | | | | | | | | | | | | Always call convert_time_for_output so time gets reported correctly. That method has its own checks for whether the attributes are present; an additional check is unnecessary. Use a key function for sorting; cmp is deprecated, slower and more complicated. Add a test https://fedorahosted.org/freeipa/ticket/2726
* Check for empty/single value parameters before calling callbacksPetr Viktorin2012-05-151-0/+8
| | | | https://fedorahosted.org/freeipa/ticket/2701
* Implement permission/aci find by subtreeRob Crittenden2012-05-151-0/+41
| | | | https://fedorahosted.org/freeipa/ticket/2321
* Do not use extra command options in ACI, permission, selfservicePetr Viktorin2012-05-141-1/+2
| | | | | | | | | | | Allowing Commands to be called with ignored unknown options opens the door to problems, for example with misspelled option names. Before we start rejecting them, we need to make sure IPA itself does not use them when it calls commands internally. This patch does that for ACI-related plugins. Part of the work for https://fedorahosted.org/freeipa/ticket/2509
* Fix overlapping cn param/option issue, pass cn as aciname in findRob Crittenden2012-05-141-0/+32
| | | | | | | | | | | | permission-find --name wasn't working for two reasons. The first was that the cn to search on in options ended up overlapping the primary key name causing the request to fail. The second reason was aci uses aciname, not cn, as its name field. So searching on --name matched everything because it was as if you were searching on nothing. https://fedorahosted.org/freeipa/ticket/2320
* Validate externalhost (when added by --addattr/--setattr)Petr Viktorin2012-05-113-0/+88
| | | | | | | | | | | | Change the externalhost attribute of hbacrule, netgroup and sudorule into a full-fledged Parameter, and attach a validator to it. The validator is relaxed to allow underscores, so that some hosts with nonstandard names can be added. Tests included. https://fedorahosted.org/freeipa/ticket/2649
* Don't fail when adding default objectclasses using config-modPetr Viktorin2012-05-091-0/+55
| | | | | | | | | | The config plugin was adding together a list and a tuple, then converting to a set. Replace the operation with a set union. Regression test included. https://fedorahosted.org/freeipa/ticket/2706
* Do not crash on empty --setattr, --getattr, --addattrPetr Viktorin2012-05-071-1/+2
| | | | | | Also the unused `append` argument from _convert_2_dict. https://fedorahosted.org/freeipa/ticket/2680
* Do not crash on empty reverse member optionsPetr Viktorin2012-05-072-0/+86
| | | | | | | | | | | Calling a LDAP{Add,Remove}ReverseMember with an empty reverse_member caused an internal error, because empty values are converted to None, which is then iterated. Use an empty list instead of None (or other false falues, of which we only use the empty list). https://fedorahosted.org/freeipa/ticket/2681
* Do not use extra command options in the automount pluginPetr Viktorin2012-05-071-3/+2
| | | | | | | | | | | Allowing Commands to be called with ignored unknown options opens the door to problems, for example with misspelled option names. Before we start rejecting them, we need to make sure IPA itself does not use them when it calls commands internally. This patch does that for the automount plugin and its tests. Part of the work for https://fedorahosted.org/freeipa/ticket/2509
* Allow one letter net/hostgroups namesOndrej Hamada2012-05-072-0/+69
| | | | | | | Changed regex validating net/hostgroup names to allow single letter names. Unit-tests added. https://fedorahosted.org/freeipa/ticket/2671
* Update hostname validator error messages in testsPetr Viktorin2012-05-033-7/+8
| | | | | A recent patch changed the error message from the hostname validator. Update the tests to reflect this change.
* Revert "Validate attributes in permission-add"Rob Crittenden2012-04-291-65/+0
| | | | | | | | This reverts commit 1356988b7a40a60af39807db143860efb4a2f435. We are going to take another approach to this. Instead of erroring out on attributes that don't seem to be allowed we are going to eventually return a warning.
* Revert "Search allowed attributes in superior objectclasses"Rob Crittenden2012-04-291-35/+0
| | | | | | | | This reverts commit a58cbb985ec007c0ef83010b32408efb2f4784d2. We are going to take another approach to this. Instead of erroring out on attributes that don't seem to be allowed we are going to eventually return a warning.
* Additional tests for pwpolicyPetr Viktorin2012-04-261-1/+34
| | | | | | | Test that `pwpolicy_find --pkey-only` works as expected Test that deleting a group removes its password policy Rename the test module to be consistent with other plugin tests.
* Refactor exc_callback invocation.Jan Cholasta2012-04-261-0/+66
| | | | | | | | | Replace _call_exc_callbacks with a function wrapper, which will automatically call exception callbacks when an exception is raised from the function. This removes the need to specify the function and its arguments twice (once in the function call itself and once in _call_exc_callbacks). Add some extra checks to existing exception callbacks.
* Fix DNS and permissions unit testsMartin Kosek2012-04-172-3/+3
| | | | | Amend unit tests to match the latest changes in DNS (tickets 2627, 2628) and hardened exception error message checks.
* Unable to rename permission objectOndrej Hamada2012-04-111-4/+41
| | | | | | | The update was failing because of the case insensitivity of permission object DN. Unit-tests added. https://fedorahosted.org/freeipa/ticket/2571
* Fix expected error messages in testsPetr Viktorin2012-04-1019-182/+334
| | | | | | | | | | | | | | | | | Have the test suite check error messages. Since XMLRPC doesn't give us structured error information, just compare the resulting text. Fix messages that tests expect to cause. Minor changes: Make netgroup-mod's NotFound message consistent with other objects and methods. In test_automember_plugin, test with nonexistent automember rules of both types, instead of nonexistent users. https://fedorahosted.org/freeipa/ticket/2549
* Convert --setattr values for attributes marked no_updatePetr Viktorin2012-04-092-1/+22
| | | | | | | | | | | | | Attribute Patrams marked no_update never get cloned to Update commands, and thus never receive the `attribute` flag. This makes their `encode` method a no-op, which meant they don't get properly encoded when used with --setattr, making the --setattr fail. Introduce a `force` argument to encode, which overrides checking for the attribute flag. Use this in set/add/delattr normalization, where we know we are dealing with attributes. https://fedorahosted.org/freeipa/ticket/2616
* Limit permission and selfservice names to alphanumerics, -, _, spacePetr Viktorin2012-04-092-0/+24
| | | | | | | | The DN and ACI code doesn't always escape special characters properly. Rather than trying to fix it, this patch takes the easy way out and enforces that the names are safe. https://fedorahosted.org/freeipa/ticket/2585
* Check configured maximum user login length on user rename.Jan Cholasta2012-04-081-0/+7
| | | | ticket 2587
* Confusing default user groupsOndrej Hamada2012-04-081-3/+3
| | | | | | | Added 'fallback' into the labels for default automember group and hostgroup. https://fedorahosted.org/freeipa/ticket/2354
* Check whether the default user group is POSIX when adding new user with ↵Jan Cholasta2012-04-052-3/+164
| | | | | | --noprivate. ticket 2572
* Defer conversion and validation until after --{add,del,set}attr are handledPetr Viktorin2012-04-031-0/+113
| | | | | | | | | | | | | | | | | | | | | --addattr & friends that modified attributes known to Python sometimes used converted and validated Python values instead of LDAP strings. This caused a problem for --delattr, which searched for a converted integer in a list of raw strings (ticket 2407). With this patch we work on raw strings, converting only when done. Deferring validation ensures the end result is valid, so proper errors are raised instead of failing later (ticket 2405). Tests included. Replaces previous fix for: https://fedorahosted.org/freeipa/ticket/2418 Fixes: https://fedorahosted.org/freeipa/ticket/2405 https://fedorahosted.org/freeipa/ticket/2407 https://fedorahosted.org/freeipa/ticket/2408
* Test the batch pluginPetr Viktorin2012-04-031-0/+194
| | | | | | | | | This adds tests for the batch plugin, and changes its output declaration to allow results as tuples (this tripped validation). The assert_deepequal function ignores the order of items in lists. Document this in its docstring, and use a custom checker for the batch plugin results.
* Fix little test errorsPetr Viktorin2012-04-031-3/+3
| | | | | | | | | | | Two test methods in test_rpcserver had the same name; the first didn't get to run. Another duplicate pair was in test_hbac_plugin with the same name; the ignored test had small error in it. check_TypeError used a wrong constant name An error reporting function in test.util used uninitialized argument names. This patch fixes these problems.
* Move test skipping to class setupPetr Viktorin2012-04-012-6/+12
| | | | | | | | | | | | | | Currently, each DNS test case first checks if DNS is configured by creating and deleting a test zone. This takes quite a lot of time. This patch moves the check to the setUpClass method, so the check is only done once for all the tests. Similarly, if the server is not available, entire XMLRPC test classes are now skipped. Additionally, CLItests that hit the server are skipped if the server isn't available.
* Netgroup nisdomain and hosts validationOndrej Hamada2012-03-283-16/+114
| | | | | | | | | | | | | | | | | | | | | | | | nisdomain validation: Added pattern to the 'nisdomain' parameter to validate the specified nisdomain name. According to most common use cases the same pattern as for netgroup should fit. Unit-tests added. https://fedorahosted.org/freeipa/ticket/2448 'add_external_pre_callback' function was created to allow validation of all external members. Validation is based on usage of objects primary key parameter. The 'add_external_pre_callback' fucntion has to be called directly from in the 'pre_callback' function. This change affects netgroup, hbacrule and sudorule commands. For hostname, the validator allows non-fqdn and underscore characters. validate_hostname function in ipalib.util was modified and contains additional option that allows hostname to contain underscore characters. This option is disabled by default. Unit-tests added. https://fedorahosted.org/freeipa/ticket/2447
* Fix uses of O=REALM instead of the configured certificate subject base.Jan Cholasta2012-03-264-8/+10
| | | | ticket 2521
* Use valid argument names in testsPetr Viktorin2012-03-258-15/+12
| | | | | | | | | | | Some of our tests used unintended extra options, or options with misspelled, wrongly copy-pasted or otherwise bad names. These are ignored, so the intended argument was treated as missing. The test itself can still pass but may be rendered ineffective or fragile. This only fixes those of such errors that appear in the test suite. Fixing code in the framework and actual rejecting of unknown arguments is deferred for later (ticket #2509).
* Fix unit tests to work with new comma-support, validation requirementsRob Crittenden2012-03-263-7/+7
|
* Harden raw record processing in DNS pluginMartin Kosek2012-03-221-0/+46
| | | | | | | | | | | | | | | | There were cases where DNS plugin was too tolerant in a raw DNS record option (--<rrtype-rec) processing. It let people specify DNS record parts options in dnsrecord-mod operations for some record without specifying the record that should be updated. It also ignored DNS record parts in dnsrecord-add operation when the raw DNS record value was already set via --<rrtype>-rec option. This patch hardens the processing and returns error in both described cases to make the processes clearer and more robust. All these use cases were also covered by new unit tests. https://fedorahosted.org/freeipa/ticket/2551
* Fix precallback validators in DNS pluginMartin Kosek2012-03-221-0/+27
| | | | | | | | | | | | | | | DNS plugin contains several RR type record validators run in pre_callback which cannot be used as standard param validator as it needs more data and resources that standard validators provide. However, the precallback validators are not run for DNS records created by new structured options and thus an invalid value may slip in. This patch moves the execution of these precallback validators _after_ the processing of structured DNS options. It also cleans them up a little and makes them more robust. https://fedorahosted.org/freeipa/ticket/2550
* Search allowed attributes in superior objectclassesOndrej Hamada2012-03-221-0/+35
| | | | | | | | | | get_allowed_attributes function was improved to look for allowed attributes also in the superior objectclasses of specified objectclass. This fixes the regression caused by patch for ticket #2293. Test-case for unit-test was also created. https://fedorahosted.org/freeipa/ticket/2293
* Fix test failure testing rename with an invalid hostname.Rob Crittenden2012-03-211-1/+1
| | | | Validation is going to catch the invalid hostname before the mod is tried.
* Only split CSV in the client, quote instead of escapingPetr Viktorin2012-03-205-15/+13
| | | | | | | | | | | | | | | | | Splitting on commas is not an idempotent operation: 'a,b\,c' -> ('a', 'b,c') -> ('a', 'b', 'c') That means we can't do it when the call is forwarded, so this is only done on the CLI. The UI already sends values as a tuple. Replace escaping in the csv parser with quoting. Quoted strings can have embedded commas instead of having to escape them. This prevents the csv parser from eating all escape characters. Also, document Param's csv arguments, and update tests. https://fedorahosted.org/freeipa/ticket/2417 https://fedorahosted.org/freeipa/ticket/2227
generated by cgit (git 2.34.1) at 2024-06-08 17:47:44 +0000