diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2017-06-07 17:20:43 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-09-01 20:27:01 +0200 |
commit | 109ed7ca1a82420798efdc6a9b019675a5bd0f4f (patch) | |
tree | 7481fd24b18d804485c5dc7d3f02fb8aa60c902e /src/tests | |
parent | 6b3bab516355fdf4cc81e6da9d87ec3818ab190f (diff) | |
download | sssd-109ed7ca1a82420798efdc6a9b019675a5bd0f4f.tar.gz sssd-109ed7ca1a82420798efdc6a9b019675a5bd0f4f.tar.xz sssd-109ed7ca1a82420798efdc6a9b019675a5bd0f4f.zip |
SECRETS: Support 0 as unlimited for the quotas
Add a special value for all the quota-like settings that means 'no
limit'.
Because the responder also had a global limit on the size of the
accepted body (64kiB), this patch also removes the hardcoded limit and
instead keep track of the biggest quota value on startup.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/intg/test_secrets.py | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py index 957a0a8ff..15caa6958 100644 --- a/src/tests/intg/test_secrets.py +++ b/src/tests/intg/test_secrets.py @@ -545,3 +545,58 @@ def test_per_uid_limit(setup_for_uid_limit, secrets_cli): # FIXME - at this point, it would be nice to test that another UID can # still store secrets, but sadly socket_wrapper doesn't allow us to fake # UIDs yet + + +@pytest.fixture +def setup_for_unlimited_quotas(request): + conf = unindent("""\ + [sssd] + domains = local + services = nss + + [domain/local] + id_provider = local + + [secrets] + debug_level = 10 + + [secrets/secrets] + max_secrets = 0 + max_uid_secrets = 0 + max_payload_size = 0 + containers_nest_level = 0 + """).format(**locals()) + + create_conf_fixture(request, conf) + create_sssd_secrets_fixture(request) + return None + + +def test_unlimited_quotas(setup_for_unlimited_quotas, secrets_cli): + """ + Test that setting quotas to zero disabled any checks and lets + store whatever. + """ + cli = secrets_cli + + # test much larger amount of secrets that we allow by default + sec_value = "value" + for i in range(2048): + cli.set_secret(str(i), sec_value) + + # test a much larger secret size than the default one + KILOBYTE = 1024 + payload_size = 32 * KILOBYTE + + sec_value = "x" * payload_size + cli.set_secret("foo", sec_value) + + fooval = cli.get_secret("foo") + assert fooval == sec_value + + # test a deep secret nesting structure + DEFAULT_CONTAINERS_NEST_LEVEL = 128 + container = "mycontainer" + for i in range(DEFAULT_CONTAINERS_NEST_LEVEL): + container += "%s/" % str(i) + cli.create_container(container) |