summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Do not allow removal of ID range of an active trustTomas Babej2013-05-311-10/+134
| | | | | | | | | | When removing an ID range using idrange-del command, validation in pre_callback ensures that the range does not belong to any active trust. In such case, ValidationError is raised. Unit tests to cover the functionality has been added. https://fedorahosted.org/freeipa/ticket/3615
* Handle DIR type CCACHEs in test_cmdline properlyMartin Kosek2013-05-222-2/+2
| | | | | | Pass a whole krbV.CCache object to ldap2 connect() method so that it can properly detect both type and name of a CCAHE. Otherwise the test fails on systems with default DIR type CCACHE.
* Relax getkeytab test to allow additional messages on stderrPetr Viktorin2013-05-221-1/+3
| | | | https://fedorahosted.org/freeipa/ticket/3633
* Prompt for nameserver IP address in dnszone-addAna Krivokapic2013-05-161-0/+67
| | | | | | | | | | | | | | Prompt for nameserver IP address in interactive mode of dnszone-add. Add a corresponding field to dnszone creation dialog in the web UI. This parameter is required if and only if: * New zone is a forward zone * Nameserver is defined inside the new zone Add a new unit test to cover this functionality. https://fedorahosted.org/freeipa/ticket/3603
* Add userClass attribute for hostsMartin Kosek2013-04-261-0/+23
| | | | | | | | | This new freeform host attribute will allow provisioning systems to add custom tags for host objects which can be later used for in automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems Ticket: https://fedorahosted.org/freeipa/ticket/3583
* Allow underscore in record targetsTomas Babej2013-04-251-3/+3
| | | | | | | Makes record target validation less strict and allows underscore. This is requirement for IPA sites. https://fedorahosted.org/freeipa/ticket/3550
* Do not sort dictionaries in assert_deepequal utility functionAna Krivokapic2013-04-192-8/+13
| | | | | | | | Sorting lists of dictionaries in assert_deepequal was causing inconsistencies in unit test execution. To fix this, do not sort lists if their elements are dictionaries. https://fedorahosted.org/freeipa/ticket/3562
* Integrate realmdomains with IPA DNSAna Krivokapic2013-04-162-1/+175
| | | | | | | | | | | | | Add an entry to realmdomains when a DNS zone is added to IPA. Delete the related entry from realmdomains when the DNS zone is deleted from IPA. Add _kerberos TXT record to DNS zone when a new realmdomain is added. Delete _kerberos TXT record from DNS zone when realmdomain is deleted. Add unit tests to cover new functionality. https://fedorahosted.org/freeipa/ticket/3544
* Remove obsolete self-sign references from man pages, docstrings, commentsPetr Viktorin2013-04-151-2/+2
| | | | Part of the work for https://fedorahosted.org/freeipa/ticket/3494
* Deprecate HBAC source hosts from CLIAna Krivokapic2013-04-122-186/+25
| | | | | | | | | | | | | Hide the commands and options listed below from the CLI, but keep them in the API. When called directly from the API, raise appropriate exceptions informing the user that the functionality has been deprecated. Affected commands: hbacrule_add_sourcehost, hbacrule_remove_sourcehost. Affected options: sourcehostcategory, sourcehost_host and sourcehost_hostgroup (hbacrule); sourcehost (hbactest). https://fedorahosted.org/freeipa/ticket/3528
* Revert "Fix permission_find test error"Rob Crittenden2013-04-121-0/+1
| | | | | | | This reverts commit f7e27b547547be06f511a3ddfaff8db7d0b7898f. This test was failing because we were adding a permission as a member of a role before creating the permission, so no memberof was generated.
* Add missing summary message to dnszone_delAna Krivokapic2013-04-111-4/+4
| | | | https://fedorahosted.org/freeipa/ticket/3503
* Fix output for some CLI commandsAna Krivokapic2013-04-111-8/+0
| | | | | | | | | Fix output of dnsrecord_del: it now uses output.standard_delete and excludes --all and --raw flags. Fix output of sudorule_{add,remove}_option: they now use output.standard_entry and include --all and --raw flags. https://fedorahosted.org/freeipa/ticket/3503
* Fix two failing tests due to missing krb ticket flagsRob Crittenden2013-04-091-0/+4
|
* Filter groups by type (POSIX, non-POSIX, external)Petr Vobornik2013-04-093-2/+119
| | | | | | | | | | | Added flag for each groups type: --posix, --nonposix, --external to group-find command. Group types: * non-POSIX: not posix, not external * POSIX: with objectclass posixgroup * external: with objectclass ipaexternalgroup https://fedorahosted.org/freeipa/ticket/3483
* Display full command documentation in online helpPetr Viktorin2013-04-031-0/+11
| | | | | | | | | | ipa <command> -h only showed the summary string, not the full help. Use the full docstring. Add a custom help formatter that disables optparse's reformatting. Test included https://fedorahosted.org/freeipa/ticket/3543
* Improve DNAME record validationMartin Kosek2013-04-021-9/+81
| | | | | | | | | Extend DNS RR conflict check and forbid DNAME+NS combination unless it is done in root DNS zone record. Add tests to verify this enforced check. https://fedorahosted.org/freeipa/ticket/3449
* Improve CNAME record validationMartin Kosek2013-04-021-24/+14
| | | | | | | | | | | Refactor DNS RR conflict validator so that it is better extensible in the future. Also check that there is only one CNAME defined for a DNS record. PTR+CNAME record combination is no longer allowed as we found out it does not make sense to have this combination. https://fedorahosted.org/freeipa/ticket/3450
* Add Kerberos ticket flags management to service and host plugins.Jan Cholasta2013-03-291-1/+83
| | | | https://fedorahosted.org/freeipa/ticket/3329
* Fix structured DNS record outputMartin Kosek2013-03-221-0/+28
| | | | | | | | | | | | | Recent LDAP refactoring replaced entry_attrs regular dict with normalized keys (i.e. lowercase) with LDAPEntry instance which keys may not be normalized. This broke CND command output when --structured and --all options were used. Force lowercase normalization of the LDAPEntry keys in DNS plugin structured format postprocessing. Also add a missing test for DNS record structured output. https://fedorahosted.org/freeipa/ticket/3526
* Realm Domains pageAna Krivokapic2013-03-181-2/+1
| | | | | | Add support for Realm Domains to web UI. https://fedorahosted.org/freeipa/ticket/3407
* Improve error messages for external group membersAna Krivokapic2013-03-142-0/+163
| | | | | | | | | | | | | | | | | When adding a duplicate member to a group, an error message is issued, informing the user that the entry is already a member of the group. Similarly, when trying to delete an entry which is not a member, an error message is issued, informing the user that the entry is not a member of the group. These error messages were missing in case of external members. This patch also adds support for using the AD\name or name@ad.domain.com format in ipa group-remove-member command. This format was supported in group-add-member, but not in group-remove-member. Unit test file covering these cases was also added. https://fedorahosted.org/freeipa/ticket/3254
* Remove implicit Str to DN conversion using *-attrTomas Babej2013-03-131-66/+154
| | | | | | | | | | | DNs represented as strings and passed via --setattr or --addattr are no longer implicitly converted to DN type. This solves various errors associated with this behaviour, see tickets below. Unit tests added. https://fedorahosted.org/freeipa/ticket/3348 https://fedorahosted.org/freeipa/ticket/3349
* Remove unneeded python-ldap importsPetr Viktorin2013-03-131-19/+19
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Use IPAdmin rather than raw python-ldap in migration.py and ipadiscovery.pyPetr Viktorin2013-03-131-3/+2
| | | | | | | | | | | | | These used ipautil.get_ipa_basedn. Convert that to use the new wrappers. Beef up the error handling in ipaldap to accomodate the errors we catch in the server discovery. Add a DatabaseTimeout exception to errors.py. These were the last uses of ipautil.convert_ldap_error, remove that. https://fedorahosted.org/freeipa/ticket/3487 https://fedorahosted.org/freeipa/ticket/3446
* Remove ipaserver/ipaldap.pyPetr Viktorin2013-03-131-4/+3
| | | | | | In addition to removing the module, fix all places where it was imported. Preparation for: https://fedorahosted.org/freeipa/ticket/3446
* Change DNA magic value to -1 to make UID 999 usablePetr Viktorin2013-03-112-2/+88
| | | | | | | | | | | | | Change user-add's uid & gid parameters from autofill to optional. Change the DNA magic value to -1. For old clients, which will still send 999 when they want DNA assignment, translate the 999 to -1. This is done via a new capability, optional_uid_params. Tests included https://fedorahosted.org/freeipa/ticket/2886
* Fix remove while iterating in suppress_netgroup_memberof.Jan Cholasta2013-03-061-1/+0
| | | | https://fedorahosted.org/freeipa/ticket/3464
* Improve LDAPEntry testsPetr Viktorin2013-03-011-18/+86
|
* Support attributes with multiple names in LDAPEntry.Jan Cholasta2013-03-011-2/+8
|
* Aggregate IPASimpleLDAPObject in LDAPEntry.Jan Cholasta2013-03-011-1/+4
|
* Preserve case of attribute names in LDAPEntry.Jan Cholasta2013-03-011-1/+9
|
* Replace getList by a get_entries methodPetr Viktorin2013-03-011-18/+36
| | | | | | | | | | | The find_entries method is cumbersome to use: it requires keyword arguments for simple uses, and callers are tempted to ignore the 'truncated' flag it returns. Introduce a simpler method, get_entries, that returns the found list directly, and raises an errors if the list is truncated. Replace the getList method by get_entries. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace entry.getValue by entry.single_valuePetr Viktorin2013-03-011-13/+13
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace entry.getValues() by entry.get()Petr Viktorin2013-03-011-7/+7
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Move LDAPEntry to ipaserver.ipaldap and derive Entry from itPetr Viktorin2013-03-011-1/+2
| | | | | | | | | | Legacy Entry methods such as setValue are added to LDAPEntry directly, so that we can use connection classes that return LDAPEntry with code that expects Entries. The Entry and its unique __init__ are still kept for compatibility. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove some unused importsPetr Viktorin2013-03-011-2/+2
| | | | | | Remove all unused LDAP-related imports, plus some other ones. This should make it easier to quickly check what uses which LDAP wrapper
* Add custom mapping object for LDAP entry data.Jan Cholasta2013-03-011-1/+28
|
* cli: Do interactive prompting after a context is createdPetr Viktorin2013-02-261-1/+2
| | | | | | | | | | Some commands require a connection for interactive prompting. Prompt after the connection is created. Option parsing is still done before connecting so that help can be printed out without a Kerberos ticket. https://fedorahosted.org/freeipa/ticket/3453
* Make options checks in idrange-add/mod consistentTomas Babej2013-02-261-1/+45
| | | | | | | | | | | | Both now enforce the following checks: - dom_sid and secondary_rid_base cannot be used together - rid_base must be used together if dom_rid is set - secondary_rid_base and rid_base must be used together if dom_rid is not set Unit test for third check has been added. http://fedorahosted.org/freeipa/ticket/3170
* Drop support for CSV in the CLI clientPetr Viktorin2013-02-222-21/+4
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3352 Design: http://freeipa.org/page/V3/Drop_CSV
* Remove csv_separator and csv_skipspace Param argumentsPetr Viktorin2013-02-221-31/+0
| | | | | | These were never set to anything but the defaults. Part of work for https://fedorahosted.org/freeipa/ticket/3352
* Add client capabilities, enable messagesPetr Viktorin2013-02-216-6/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The API version the client sends can now be used to check what the client expects or is capable of. All version tests IPA does will be be named and listed in one module, ipalib.capabilities, which includes a function to test a specific capability against an API version. Similarly to Python's __future__ module, capabilities.py also serves as documentation of backwards-incompatible changes to the API. The first capability to be defined is "messages". Recent enough clients can accept a list of warnings or other info under the "messages" key in the result dict. If a JSON client does not send the API version, it is assumed this is a testing client (e.g. curl from the command line). Such a client "has" all capabilities, but it will always receive a warning mentioning that forward compatibility is not guaranteed. If a XML client does not send the API version, it is assumed it uses the API version before capabilities were introduced. (This is to keep backwards compatibility with clients containing bug https://fedorahosted.org/freeipa/ticket/3294) Whenever a capability is added, the API version must be incremented. To ensure that, capabilities are written to API.txt and checked by `makeapi --validate`. Design page: http://freeipa.org/page/V3/Messages Ticket: https://fedorahosted.org/freeipa/ticket/2732
* Add ipalib.messagesPetr Viktorin2013-02-212-30/+102
| | | | | | | | | | | | | The messages module contains message classes that can be added to a RPC response to provide additional information or warnings. This patch adds only the module with a single public message, VersionMissing, and unit tests. Since message classes are very similar to public errors, some functionality and unit tests were shared. Design page: http://freeipa.org/page/V3/Messages Ticket: https://fedorahosted.org/freeipa/ticket/2732
* Add the version option to all CommandsPetr Viktorin2013-02-214-33/+45
| | | | | | | | | | | | | | | | | | | | | | | | | Several Commands were missing the 'version' option. Add it to those that were missing it. Do not remove the version option before calling commands. This means methods such as execute(), forward(), run() receive it. Several of these needed `**options` added to their signatures. Commands in the Cert plugin passed any unknown options to the underlying functions, these are changed to pass what's needed explicitly. Some commands in DNS and Batch plugins now pass version to commands they call. When the option is not given, fill it in automatically. (In a subsequent commit, a warning will be added in this case). Note that the public API did not change: all RPC calls already accepted a version option. There's no need for an API version bump (even though API.txt changes substantially). Design page: http://freeipa.org/page/V3/Messages Tickets: https://fedorahosted.org/freeipa/ticket/2732 https://fedorahosted.org/freeipa/ticket/3294
* Use fixed test domain in realmdomains testMartin Kosek2013-02-211-1/+1
| | | | | | | | | | Random domain name may bring undererministic behavior. It also breaks the test on some systems as string.lowercase is locale dependent and can return non-ASCII letters and thus later break the unicode encoding and raise UnicodeDecodeError. Use a fixed domain in "test" TLD instead. This domain is guaranteed to be not existent.
* Prevent a sudo command from being deleted if it is a member of a sudo rulePetr Viktorin2013-02-202-0/+72
| | | | Tests included.
* Use ipauniqueid for the RDN of sudo commandsPetr Viktorin2013-02-203-28/+152
| | | | | | | | | Since sudo commands are case-sensitive, we can't use 'sudocmd' as the RDN. Tests for case-sensitive behavior included https://fedorahosted.org/freeipa/ticket/2482
* Prevent changing protected group's name using --setattrTomas Babej2013-02-191-0/+15
| | | | | | | | The name of any protected group now cannot be changed by modifing the cn attribute using --setattr. Unit tests have been added to make sure there is no regression. https://fedorahosted.org/freeipa/ticket/3354
* Implement the cert-find command for the dogtag CA backend.Rob Crittenden2013-02-191-19/+293
| | | | | | | | | | | | | | | | Use a new RESTful API provided by dogtag 10+. Construct an XML document representing the search request. The output is limited to whatever dogtag sends us, there is no way to request additional attributes other than to read each certificate individually. dogtag uses a boolean for each search term to indicate that it is used. Presense of the search item is not enough, both need to be set. The search operation is unauthenticated Design page: http://freeipa.org/page/V3/Cert_find https://fedorahosted.org/freeipa/ticket/2528
generated by cgit (git 2.34.1) at 2024-05-22 12:35:24 +0000