From 93e54366f9afedcdef78c8dfb6373d4813fba8cb Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 11 Jun 2010 12:11:24 -0400 Subject: Fix aci_mod command. It should handle more complex operations now. The problem was trying to operate directly on the ACI itself. I introduced a new function, _aci_to_kw(), that converts an ACI into a set of keywords. We can take these keywords, like those passed in when an ACI is created, to merge in any changes and then re-create the ACI. I also switched the ACI tests to be declarative and added a lot more cases around the modify operation. --- tests/test_xmlrpc/test_aci_plugin.py | 257 +++++++++++++++++++++++++++-------- 1 file changed, 201 insertions(+), 56 deletions(-) (limited to 'tests') diff --git a/tests/test_xmlrpc/test_aci_plugin.py b/tests/test_xmlrpc/test_aci_plugin.py index c42f1abd8..14d3c8950 100644 --- a/tests/test_xmlrpc/test_aci_plugin.py +++ b/tests/test_xmlrpc/test_aci_plugin.py @@ -1,7 +1,7 @@ # Authors: # Rob Crittenden # -# Copyright (C) 2009 Red Hat +# Copyright (C) 2010 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or @@ -16,62 +16,207 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + """ Test the `ipalib/plugins/aci.py` module. """ -import sys -from xmlrpc_test import XMLRPC_test, assert_attr_equal -from ipalib import api -from ipalib import errors - - -class test_aci(XMLRPC_test): - """ - Test the `aci` plugin. - """ - aciname = u'acitest' - taskgroup = u'testtaskgroup' - kw = {'permissions': u'add', 'type': u'user', 'taskgroup': taskgroup } - aci = u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "acitest";allow (add) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn) - - def test_1_aci_add(self): - """ - Test adding an aci using the `xmlrpc.aci_add` method. - """ - result = api.Command['aci_add'](self.aciname, **self.kw)['result'] - - assert result == self.aci - - def test_2_aci_show(self): - """ - Test showing an aci using the `xmlrpc.aci_show` method. - """ - result = api.Command['aci_show'](self.aciname)['result'] - - assert result == self.aci - - def test_3_aci_find(self): - """ - Test showing an aci using the `xmlrpc.aci_show` method. - """ - outcome = api.Command['aci_find'](self.aciname) - result = outcome['result'] - count = outcome['count'] - - assert count == 1 - assert result[0] == self.aci - - def test_4_aci_del(self): - """ - Remove the second test policy with `xmlrpc.aci_del`. - """ - assert api.Command['aci_del'](self.aciname)['result'] is True - - # Verify that it is gone - try: - api.Command['aci_show'](self.aciname) - except errors.NotFound: - pass - else: - assert False +from ipalib import api, errors +from tests.test_xmlrpc import objectclasses +from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid + + +aci1=u'test1' +taskgroup = u'testtaskgroup' + + +class test_aci(Declarative): + + cleanup_commands = [ + ('aci_del', [aci1], {}), + ] + + tests = [ + + dict( + desc='Try to retrieve non-existent %r' % aci1, + command=('aci_show', [aci1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to update non-existent %r' % aci1, + command=('aci_mod', [aci1], dict(permissions=u'write')), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to delete non-existent %r' % aci1, + command=('aci_del', [aci1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Create %r' % aci1, + command=( + 'aci_add', [aci1], dict(permissions=u'add', type=u'user', taskgroup=taskgroup) + ), + expected=dict( + value=aci1, + summary=u'Created ACI "test1"', + result=u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn), + ), + ), + + + dict( + desc='Try to create duplicate %r' % aci1, + command=( + 'aci_add', [aci1], dict(permissions=u'add', type=u'user', taskgroup=taskgroup) + ), + expected=errors.DuplicateEntry(), + ), + + + dict( + desc='Retrieve %r' % aci1, + command=( + 'aci_show', [aci1], {} + ), + expected=dict( + value=aci1, + summary=None, + result=u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn), + ), + ), + + + dict( + desc='Search for %r with all=True' % aci1, + command=( + 'aci_find', [aci1], {'all': True} + ), + expected=dict( + result=[ + u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn) + ], + summary=u'1 ACI matched', + count=1, + ), + ), + + + dict( + desc='Search for %r with minimal attributes' % aci1, + command=( + 'aci_find', [aci1], {} + ), + expected=dict( + result=[ + u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn) + ], + summary=u'1 ACI matched', + count=1, + ), + ), + + + dict( + desc='Update permissions in %r' % aci1, + command=( + 'aci_mod', [aci1], dict(permissions=u'add,write') + ), + expected=dict( + value=aci1, + summary=u'Updated ACI "test1"', + result=u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add,write) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn), + ), + ), + + + dict( + desc='Retrieve %r to verify update' % aci1, + command=('aci_show', [aci1], {}), + expected=dict( + value=aci1, + summary=None, + result=u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add,write) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn), + ), + + ), + + dict( + desc='Update attributes in %r' % aci1, + command=( + 'aci_mod', [aci1], dict(attrs=u'cn, sn,givenName') + ), + expected=dict( + value=aci1, + summary=u'Updated ACI "test1"', + result=u'(targetattr = "cn || sn || givenName")(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "test1";allow (add,write) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn), + ), + ), + + + dict( + desc='Update type in %r' % aci1, + command=( + 'aci_mod', [aci1], dict(type=u'group') + ), + expected=dict( + value=aci1, + summary=u'Updated ACI "test1"', + result=u'(targetattr = "cn || sn || givenName")(target = "ldap:///cn=*,cn=groups,cn=accounts,%s")(version 3.0;acl "test1";allow (add,write) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn), + ), + ), + + + dict( + desc='Update memberOf in %r' % aci1, + command=( + 'aci_mod', [aci1], dict(memberof=u'ipausers') + ), + expected=dict( + value=aci1, + summary=u'Updated ACI "test1"', + result=u'(targetattr = "cn || sn || givenName")(targetfilter = "(memberOf=cn=testtaskgroup,cn=taskgroups,cn=accounts,%s)")(target = "ldap:///cn=*,cn=groups,cn=accounts,%s")(version 3.0;acl "test1";allow (add,write) groupdn = "ldap:///cn=testtaskgroup,cn=taskgroups,cn=accounts,%s";)' % (api.env.basedn, api.env.basedn, api.env.basedn), + ), + ), + + + dict( + desc='Delete %r' % aci1, + command=('aci_del', [aci1], {}), + expected=dict( + result=True, + summary=u'Deleted ACI "test1"', + value=aci1, + ), + ), + + + dict( + desc='Try to delete non-existent %r' % aci1, + command=('aci_del', [aci1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to retrieve non-existent %r' % aci1, + command=('aci_show', [aci1], {}), + expected=errors.NotFound(reason='no such entry'), + ), + + + dict( + desc='Try to update non-existent %r' % aci1, + command=('aci_mod', [aci1], dict(givenname=u'Foo')), + expected=errors.NotFound(reason='no such entry'), + ), + + + ] -- cgit