diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-02-02 21:28:15 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-02-03 17:05:00 +0100 |
| commit | 68d78d37876ade5122f663ec9614283b6921aa23 (patch) | |
| tree | b42ff0bd94cb186fe760503e556e60a28891d483 /tests | |
| parent | 21e6f8e82af680fbbf041315efe77455cdbc3f07 (diff) | |
| download | freeipa.git-68d78d37876ade5122f663ec9614283b6921aa23.tar.gz freeipa.git-68d78d37876ade5122f663ec9614283b6921aa23.tar.xz freeipa.git-68d78d37876ade5122f663ec9614283b6921aa23.zip | |
Fix raw format for ACI commands
ACI plugins (permission, selfservice and delegation) were not
prepared to serve ACIs in a raw format, i.e. raw "aci" attribute
taken from LDAP. This patch fixes all these plugins and their
commands to provide provide this format. Few ACI raw format unit
tests were added for all these plugins.
https://fedorahosted.org/freeipa/ticket/2010
https://fedorahosted.org/freeipa/ticket/2223
https://fedorahosted.org/freeipa/ticket/2228
https://fedorahosted.org/freeipa/ticket/2232
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_xmlrpc/test_delegation_plugin.py | 31 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_permission_plugin.py | 37 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_selfservice_plugin.py | 29 |
3 files changed, 97 insertions, 0 deletions
diff --git a/tests/test_xmlrpc/test_delegation_plugin.py b/tests/test_xmlrpc/test_delegation_plugin.py index dbfa5ff7..1a9c3674 100644 --- a/tests/test_xmlrpc/test_delegation_plugin.py +++ b/tests/test_xmlrpc/test_delegation_plugin.py @@ -127,6 +127,20 @@ class test_delegation(Declarative): dict( + desc='Retrieve %r with --raw' % delegation1, + command=('delegation_show', [delegation1], {'raw' : True}), + expected=dict( + value=delegation1, + summary=None, + result={ + 'aci': u'(targetattr = "street || c || l || st || postalcode")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,%s)")(version 3.0;acl "delegation:testdelegation";allow (write) groupdn = "ldap:///cn=editors,cn=groups,cn=accounts,%s";)' \ + % (api.env.basedn, api.env.basedn) + }, + ), + ), + + + dict( desc='Search for %r' % delegation1, command=('delegation_find', [delegation1], {}), expected=dict( @@ -163,6 +177,23 @@ class test_delegation(Declarative): dict( + desc='Search for %r with --raw' % delegation1, + command=('delegation_find', [delegation1], {'raw' : True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 delegation matched', + result=[ + { + 'aci': u'(targetattr = "street || c || l || st || postalcode")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,%s)")(version 3.0;acl "delegation:testdelegation";allow (write) groupdn = "ldap:///cn=editors,cn=groups,cn=accounts,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ], + ), + ), + + + dict( desc='Update %r' % delegation1, command=( 'delegation_mod', [delegation1], dict(permissions=u'read') diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index b7192117..50d36819 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -181,6 +181,23 @@ class test_permission(Declarative): dict( + desc='Retrieve %r with --raw' % permission1, + command=('permission_show', [permission1], {'raw' : True}), + expected=dict( + value=permission1, + summary=None, + result={ + 'dn': unicode(permission1_dn), + 'cn': [permission1], + 'member': [unicode(privilege1_dn)], + 'aci': u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "permission:testperm";allow (write) groupdn = "ldap:///cn=testperm,cn=permissions,cn=pbac,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -221,6 +238,26 @@ class test_permission(Declarative): dict( + desc='Search for %r with --raw' % permission1, + command=('permission_find', [permission1], {'raw' : True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': unicode(permission1_dn), + 'cn': [permission1], + 'member': [unicode(privilege1_dn)], + 'aci': u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "permission:testperm";allow (write) groupdn = "ldap:///cn=testperm,cn=permissions,cn=pbac,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ], + ), + ), + + + dict( desc='Create %r' % permission2, command=( 'permission_add', [permission2], dict( diff --git a/tests/test_xmlrpc/test_selfservice_plugin.py b/tests/test_xmlrpc/test_selfservice_plugin.py index 670e353d..2ddff50e 100644 --- a/tests/test_xmlrpc/test_selfservice_plugin.py +++ b/tests/test_xmlrpc/test_selfservice_plugin.py @@ -120,6 +120,19 @@ class test_selfservice(Declarative): dict( + desc='Retrieve %r with --raw' % selfservice1, + command=('selfservice_show', [selfservice1], {'raw':True}), + expected=dict( + value=selfservice1, + summary=None, + result={ + 'aci': u'(targetattr = "street || c || l || st || postalcode")(version 3.0;acl "selfservice:testself";allow (write) userdn = "ldap:///self";)', + }, + ), + ), + + + dict( desc='Search for %r' % selfservice1, command=('selfservice_find', [selfservice1], {}), expected=dict( @@ -173,6 +186,22 @@ class test_selfservice(Declarative): dict( + desc='Search for %r with --raw' % selfservice1, + command=('selfservice_find', [selfservice1], {'raw':True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 selfservice matched', + result=[ + { + 'aci': u'(targetattr = "street || c || l || st || postalcode")(version 3.0;acl "selfservice:testself";allow (write) userdn = "ldap:///self";)' + }, + ], + ), + ), + + + dict( desc='Update %r' % selfservice1, command=( 'selfservice_mod', [selfservice1], dict(permissions=u'read') |