From c392146101422808b8781c85f0f2720db230da28 Mon Sep 17 00:00:00 2001 From: Ana Krivokapic Date: Tue, 20 Aug 2013 15:34:39 +0200 Subject: Fix tests which fail after ipa-adtrust-install Some unit tests were failing after ipa-adtrust-install has been run on the IPA server, due to missing attributes ('ipantsecurityidentifier') and objectclasses ('ipantuserattrs' and 'ipantgroupattrs'). This patch detects if ipa-adtrust-install has been run, and adds missing attributes and objectclasses where appropriate. https://fedorahosted.org/freeipa/ticket/3852 --- API.txt | 4 + VERSION | 2 +- ipalib/plugins/trust.py | 44 +++++++ ipatests/test_xmlrpc/test_attr.py | 8 +- ipatests/test_xmlrpc/test_automember_plugin.py | 14 +-- ipatests/test_xmlrpc/test_group_plugin.py | 44 ++++--- ipatests/test_xmlrpc/test_krbtpolicy.py | 8 +- ipatests/test_xmlrpc/test_nesting.py | 30 ++--- ipatests/test_xmlrpc/test_netgroup_plugin.py | 16 +-- ipatests/test_xmlrpc/test_replace.py | 10 +- ipatests/test_xmlrpc/test_selinuxusermap_plugin.py | 8 +- ipatests/test_xmlrpc/test_user_plugin.py | 128 +++++++++++---------- ipatests/test_xmlrpc/xmlrpc_test.py | 22 +++- 13 files changed, 207 insertions(+), 131 deletions(-) diff --git a/API.txt b/API.txt index 5d47956f..761d1d17 100644 --- a/API.txt +++ b/API.txt @@ -2974,6 +2974,10 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: Output('value', , None) +command: sidgen_was_run +args: 0,1,1 +option: Str('version?', exclude='webui') +output: Output('result', None, None) command: sudocmd_add args: 1,7,3 arg: Str('sudocmd', attribute=True, cli_name='command', multivalue=False, primary_key=True, required=True) diff --git a/VERSION b/VERSION index 44132d07..64de0c31 100644 --- a/VERSION +++ b/VERSION @@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=64 +IPA_API_VERSION_MINOR=65 diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index d2348c8e..3c117b49 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -1034,3 +1034,47 @@ class compat_is_enabled(Command): return dict(result=True) api.register(compat_is_enabled) + + +class sidgen_was_run(Command): + """ + This command tries to determine whether the sidgen task was run during + ipa-adtrust-install. It does that by simply checking the "editors" group + for the presence of the ipaNTSecurityIdentifier attribute - if the + attribute is present, the sidgen task was run. + + Since this command relies on the existence of the "editors" group, it will + fail loudly in case this group does not exist. + """ + NO_CLI = True + + __doc__ = _('Determine whether ipa-adtrust-install has been run with ' + 'sidgen task') + + def execute(self, *keys, **options): + ldap = self.api.Backend.ldap2 + editors_dn = DN( + ('cn', 'editors'), + ('cn', 'groups'), + ('cn', 'accounts'), + api.env.basedn + ) + + try: + editors_entry = ldap.get_entry(editors_dn) + except errors.NotFound: + raise errors.NotFound( + name=_('sidgen_was_run'), + reason=_( + 'This command relies on the existence of the "editors" ' + 'group, but this group was not found.' + ) + ) + + attr = editors_entry.get('ipaNTSecurityIdentifier') + if not attr: + return dict(result=False) + + return dict(result=True) + +api.register(sidgen_was_run) diff --git a/ipatests/test_xmlrpc/test_attr.py b/ipatests/test_xmlrpc/test_attr.py index ef5b882c..118eabde 100644 --- a/ipatests/test_xmlrpc/test_attr.py +++ b/ipatests/test_xmlrpc/test_attr.py @@ -23,7 +23,7 @@ Test --setattr and --addattr and other attribute-specific issues from ipalib import api, errors from ipatests.test_xmlrpc import objectclasses -from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid +from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid, add_sid, add_oc from ipapython.dn import DN user1=u'tuser1' @@ -55,13 +55,13 @@ class test_attr(Declarative): expected=dict( value=user1, summary=u'Added user "tuser1"', - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -80,7 +80,7 @@ class test_attr(Declarative): api.env.basedn), has_keytab=False, has_password=False, - ), + )), ), ), diff --git a/ipatests/test_xmlrpc/test_automember_plugin.py b/ipatests/test_xmlrpc/test_automember_plugin.py index a50860e6..2c38b646 100644 --- a/ipatests/test_xmlrpc/test_automember_plugin.py +++ b/ipatests/test_xmlrpc/test_automember_plugin.py @@ -24,7 +24,7 @@ Test the `ipalib/plugins/automember.py` module. from ipalib import api, errors from ipapython.dn import DN from ipatests.test_xmlrpc import objectclasses -from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid +from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid, add_sid, add_oc user1=u'tuser1' @@ -794,7 +794,7 @@ class test_automember(Declarative): expected=dict( value=manager1, summary=u'Added user "mscott"', - result=dict( + result=add_sid(dict( gecos=[u'Michael Scott'], givenname=[u'Michael'], homedirectory=[u'/home/mscott'], @@ -802,7 +802,7 @@ class test_automember(Declarative): has_keytab=False, has_password=False, loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'Scott'], uid=[manager1], uidnumber=[fuzzy_digits], @@ -819,7 +819,7 @@ class test_automember(Declarative): memberof_group=[u'defaultgroup1', u'ipausers'], dn=DN(('uid', 'mscott'), ('cn', 'users'), ('cn', 'accounts'), api.env.basedn), - ), + )), ), ), @@ -832,7 +832,7 @@ class test_automember(Declarative): expected=dict( value=user1, summary=u'Added user "tuser1"', - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], @@ -840,7 +840,7 @@ class test_automember(Declarative): has_keytab=False, has_password=False, loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -858,7 +858,7 @@ class test_automember(Declarative): memberof_group=[u'group1', u'ipausers'], dn=DN(('uid', 'tuser1'), ('cn', 'users'), ('cn', 'accounts'), api.env.basedn), - ), + )), ), ), diff --git a/ipatests/test_xmlrpc/test_group_plugin.py b/ipatests/test_xmlrpc/test_group_plugin.py index 1d0cfeb1..be31af45 100644 --- a/ipatests/test_xmlrpc/test_group_plugin.py +++ b/ipatests/test_xmlrpc/test_group_plugin.py @@ -23,8 +23,8 @@ Test the `ipalib/plugins/group.py` module. from ipalib import api, errors from ipatests.test_xmlrpc import objectclasses -from ipatests.util import Fuzzy -from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid, fuzzy_set_ci +from xmlrpc_test import (Declarative, fuzzy_digits, fuzzy_uuid, fuzzy_set_ci, + add_sid, add_oc) from ipapython.dn import DN group1 = u'testgroup1' @@ -437,23 +437,27 @@ class test_group(Declarative): count=4, truncated=False, result=[ - { + add_sid({ 'dn': get_group_dn('admins'), 'member_user': [u'admin'], 'gidnumber': [fuzzy_digits], 'cn': [u'admins'], 'description': [u'Account administrators group'], - 'objectclass': fuzzy_set_ci(objectclasses.posixgroup), + 'objectclass': fuzzy_set_ci(add_oc( + objectclasses.posixgroup, u'ipantgroupattrs')), 'ipauniqueid': [fuzzy_uuid], - }, - { + }), + add_sid({ 'dn': get_group_dn('editors'), 'gidnumber': [fuzzy_digits], 'cn': [u'editors'], 'description': [u'Limited admins who can edit other users'], - 'objectclass': fuzzy_set_ci(objectclasses.posixgroup), + 'objectclass': fuzzy_set_ci(add_oc( + objectclasses.posixgroup, + u'ipantgroupattrs', + check_sidgen=True)), 'ipauniqueid': [fuzzy_uuid], - }, + }, check_sidgen=True), dict( dn=get_group_dn(group1), cn=[group1], @@ -462,14 +466,15 @@ class test_group(Declarative): objectclass=fuzzy_set_ci(objectclasses.posixgroup), ipauniqueid=[fuzzy_uuid], ), - dict( + add_sid(dict( dn=get_group_dn(group2), cn=[group2], description=[u'New desc 2'], gidnumber=[fuzzy_digits], - objectclass=fuzzy_set_ci(objectclasses.posixgroup), + objectclass=fuzzy_set_ci(add_oc( + objectclasses.posixgroup, u'ipantgroupattrs')), ipauniqueid=[fuzzy_uuid], - ), + )), ], ), ), @@ -538,7 +543,9 @@ class test_group(Declarative): command=( 'group_add_member', [group3], dict(ipaexternalmember=external_sid1) ), - expected=lambda x, output: type(x) == errors.ValidationError or type(x) == errors.NotFound, + expected=lambda x, output: (type(x) == errors.ValidationError + or type(x) == errors.NotFound + or 'failed' in output), ), @@ -789,13 +796,13 @@ class test_group(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/%s' % user1], krbprincipalname=[u'%s@%s' % (user1, api.env.realm)], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -813,7 +820,7 @@ class test_group(Declarative): api.env.basedn), has_keytab=False, has_password=False, - ), + )), ), ), @@ -905,14 +912,15 @@ class test_group(Declarative): expected=dict( value=user1, summary=u'Added user "tuser1"', - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], description=[], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user_base, + objectclass=add_oc(objectclasses.user_base, + u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -929,7 +937,7 @@ class test_group(Declarative): memberof_group=[u'ipausers'], has_keytab=False, has_password=False, - ), + )), ), ), diff --git a/ipatests/test_xmlrpc/test_krbtpolicy.py b/ipatests/test_xmlrpc/test_krbtpolicy.py index b940c5e5..2fac11f1 100644 --- a/ipatests/test_xmlrpc/test_krbtpolicy.py +++ b/ipatests/test_xmlrpc/test_krbtpolicy.py @@ -22,7 +22,7 @@ Test kerberos ticket policy from ipalib import api, errors from ipatests.test_xmlrpc import objectclasses -from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid +from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid, add_sid, add_oc from ipapython.dn import DN user1 = u'tuser1' @@ -94,13 +94,13 @@ class test_krbtpolicy(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -118,7 +118,7 @@ class test_krbtpolicy(Declarative): has_keytab=False, has_password=False, dn=DN(('uid',user1),('cn','users'),('cn','accounts'), api.env.basedn) - ), + )), ), ), diff --git a/ipatests/test_xmlrpc/test_nesting.py b/ipatests/test_xmlrpc/test_nesting.py index 5c093c93..850010b8 100644 --- a/ipatests/test_xmlrpc/test_nesting.py +++ b/ipatests/test_xmlrpc/test_nesting.py @@ -17,12 +17,12 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . """ -Test group nexting an indirect members +Test group nesting and indirect members """ -from ipalib import api, errors +from ipalib import api from ipatests.test_xmlrpc import objectclasses -from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid +from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid, add_sid, add_oc from ipapython.dn import DN group1 = u'testgroup1' @@ -160,13 +160,13 @@ class test_nesting(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -185,7 +185,7 @@ class test_nesting(Declarative): has_password=False, dn=DN(('uid',user1),('cn','users'),('cn','accounts'), api.env.basedn) - ), + )), ), ), @@ -198,13 +198,13 @@ class test_nesting(Declarative): expected=dict( value=user2, summary=u'Added user "%s"' % user2, - result=dict( + result=add_sid(dict( gecos=[u'Test User2'], givenname=[u'Test'], homedirectory=[u'/home/tuser2'], krbprincipalname=[u'tuser2@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User2'], uid=[user2], uidnumber=[fuzzy_digits], @@ -223,7 +223,7 @@ class test_nesting(Declarative): has_password=False, dn=DN(('uid',user2),('cn','users'),('cn','accounts'), api.env.basedn) - ), + )), ), ), @@ -236,13 +236,13 @@ class test_nesting(Declarative): expected=dict( value=user3, summary=u'Added user "%s"' % user3, - result=dict( + result=add_sid(dict( gecos=[u'Test User3'], givenname=[u'Test'], homedirectory=[u'/home/tuser3'], krbprincipalname=[u'tuser3@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User3'], uid=[user3], uidnumber=[fuzzy_digits], @@ -261,7 +261,7 @@ class test_nesting(Declarative): has_password=False, dn=DN(('uid',user3),('cn','users'),('cn','accounts'), api.env.basedn) - ), + )), ), ), @@ -274,13 +274,13 @@ class test_nesting(Declarative): expected=dict( value=user4, summary=u'Added user "%s"' % user4, - result=dict( + result=add_sid(dict( gecos=[u'Test User4'], givenname=[u'Test'], homedirectory=[u'/home/tuser4'], krbprincipalname=[u'tuser4@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User4'], uid=[user4], uidnumber=[fuzzy_digits], @@ -299,7 +299,7 @@ class test_nesting(Declarative): has_password=False, dn=DN(('uid',user4),('cn','users'),('cn','accounts'), api.env.basedn) - ), + )), ), ), diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py index 3dccac1b..09241a7d 100644 --- a/ipatests/test_xmlrpc/test_netgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py @@ -26,8 +26,8 @@ import krbV from ipalib import api from ipalib import errors from ipaserver.plugins.ldap2 import ldap2 -from ipatests.test_xmlrpc.xmlrpc_test import (Declarative, fuzzy_digits, - fuzzy_uuid, fuzzy_netgroupdn) +from xmlrpc_test import (Declarative, fuzzy_digits, fuzzy_uuid, + fuzzy_netgroupdn, add_sid, add_oc) from ipatests.test_xmlrpc import objectclasses from ipapython.dn import DN @@ -272,13 +272,13 @@ class test_netgroup(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/%s' % user1], krbprincipalname=[u'%s@%s' % (user1, api.env.realm)], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -297,7 +297,7 @@ class test_netgroup(Declarative): has_password=False, dn=DN(('uid',user1),('cn','users'),('cn','accounts'), api.env.basedn), - ), + )), ), ), @@ -309,13 +309,13 @@ class test_netgroup(Declarative): expected=dict( value=user2, summary=u'Added user "%s"' % user2, - result=dict( + result=add_sid(dict( gecos=[u'Test User2'], givenname=[u'Test'], homedirectory=[u'/home/%s' % user2], krbprincipalname=[u'%s@%s' % (user2, api.env.realm)], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User2'], uid=[user2], uidnumber=[fuzzy_digits], @@ -334,7 +334,7 @@ class test_netgroup(Declarative): has_password=False, dn=DN(('uid',user2),('cn','users'),('cn','accounts'), api.env.basedn), - ), + )), ), ), diff --git a/ipatests/test_xmlrpc/test_replace.py b/ipatests/test_xmlrpc/test_replace.py index 281714b3..1b946b76 100644 --- a/ipatests/test_xmlrpc/test_replace.py +++ b/ipatests/test_xmlrpc/test_replace.py @@ -25,9 +25,9 @@ Note that member management in other tests also exercises the gen_modlist code. """ -from ipalib import api, errors +from ipalib import api from ipatests.test_xmlrpc import objectclasses -from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid +from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid, add_sid, add_oc from ipapython.dn import DN user1=u'tuser1' @@ -50,13 +50,13 @@ class test_replace(Declarative): expected=dict( value=user1, summary=u'Added user "tuser1"', - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -75,7 +75,7 @@ class test_replace(Declarative): has_password=False, dn=DN(('uid','tuser1'),('cn','users'),('cn','accounts'), api.env.basedn), - ), + )), ), ), diff --git a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py index 5bfe5475..d1fedf1f 100644 --- a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py +++ b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py @@ -22,7 +22,7 @@ Test the `ipalib/plugins/selinuxusermap.py` module. from ipalib import api, errors from ipatests.test_xmlrpc import objectclasses -from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid +from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid, add_sid, add_oc from ipapython.dn import DN from ipatests.util import Fuzzy @@ -200,13 +200,13 @@ class test_selinuxusermap(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/%s' % user1], krbprincipalname=[u'%s@%s' % (user1, api.env.realm)], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -228,7 +228,7 @@ class test_selinuxusermap(Declarative): api.env.basedn), has_keytab=False, has_password=False, - ), + )), ), ), diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py index ca6ff16c..98e1965a 100644 --- a/ipatests/test_xmlrpc/test_user_plugin.py +++ b/ipatests/test_xmlrpc/test_user_plugin.py @@ -23,12 +23,13 @@ Test the `ipalib/plugins/user.py` module. """ -from ipalib import api, errors, messages +from ipalib import api, errors from ipatests.test_xmlrpc import objectclasses from ipatests.util import assert_equal, assert_not_equal -from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid, fuzzy_password, fuzzy_string, fuzzy_dergeneralizedtime +from xmlrpc_test import (Declarative, fuzzy_digits, fuzzy_uuid, fuzzy_password, + fuzzy_string, fuzzy_dergeneralizedtime, add_sid, + add_oc) from ipapython.dn import DN -from ipapython.version import API_VERSION user1=u'tuser1' user2=u'tuser2' @@ -108,13 +109,13 @@ class test_user(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -131,7 +132,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user1), - ), + )), ), extra_check = upg_check, ), @@ -181,7 +182,7 @@ class test_user(Declarative): ), expected=dict( result=[ - { + add_sid({ 'dn': get_user_dn(user1), 'cn': [u'Test User1'], 'gecos': [u'Test User1'], @@ -190,7 +191,8 @@ class test_user(Declarative): 'krbprincipalname': [u'tuser1@' + api.env.realm], 'loginshell': [u'/bin/sh'], 'memberof_group': [u'ipausers'], - 'objectclass': objectclasses.user, + 'objectclass': add_oc(objectclasses.user, + u'ipantuserattrs'), 'sn': [u'User1'], 'uid': [user1], 'uidnumber': [fuzzy_digits], @@ -203,10 +205,9 @@ class test_user(Declarative): 'has_keytab': False, 'has_password': False, 'displayname': [u'Test User1'], - 'cn': [u'Test User1'], 'initials': [u'TU'], 'mail': [u'%s@%s' % (user1, api.env.domain)], - }, + }), ], summary=u'1 user matched', count=1, truncated=False, @@ -575,13 +576,13 @@ class test_user(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -600,7 +601,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user1), - ), + )), ), extra_check = upg_check, ), @@ -633,13 +634,13 @@ class test_user(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -656,7 +657,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user1), - ), + )), ), extra_check = upg_check, ), @@ -670,13 +671,13 @@ class test_user(Declarative): expected=dict( value=user2, summary=u'Added user "%s"' % user2, - result=dict( + result=add_sid(dict( gecos=[u'Test User2'], givenname=[u'Test'], homedirectory=[u'/home/tuser2'], krbprincipalname=[u'tuser2@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User2'], uid=[user2], uidnumber=[fuzzy_digits], @@ -693,7 +694,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user2), - ), + )), ), extra_check = upg_check, ), @@ -886,13 +887,13 @@ class test_user(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -914,7 +915,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user1), - ), + )), ), ), @@ -937,13 +938,13 @@ class test_user(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -964,7 +965,7 @@ class test_user(Declarative): krbpasswordexpiration=[fuzzy_dergeneralizedtime], krblastpwdchange=[fuzzy_dergeneralizedtime], dn=get_user_dn(user1), - ), + )), ), ), @@ -986,13 +987,13 @@ class test_user(Declarative): expected=dict( value=user2, summary=u'Added user "%s"' % user2, - result=dict( + result=add_sid(dict( gecos=[u'Test User2'], givenname=[u'Test'], homedirectory=[u'/home/tuser2'], krbprincipalname=[u'tuser2@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User2'], uid=[user2], uidnumber=[fuzzy_digits], @@ -1009,7 +1010,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user2), - ), + )), ), ), @@ -1058,13 +1059,13 @@ class test_user(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -1081,7 +1082,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user1), - ), + )), ), ), @@ -1131,13 +1132,13 @@ class test_user(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/other-home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -1154,7 +1155,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user1), - ), + )), ), ), @@ -1193,13 +1194,13 @@ class test_user(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/usr/bin/ipython'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -1216,7 +1217,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user1), - ), + )), ), ), @@ -1254,14 +1255,15 @@ class test_user(Declarative): expected=dict( value=user2, summary=u'Added user "%s"' % user2, - result=dict( + result=add_sid(dict( gecos=[u'Test User2'], givenname=[u'Test'], description=[], homedirectory=[u'/home/tuser2'], krbprincipalname=[u'tuser2@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user_base, + objectclass=add_oc(objectclasses.user_base, + u'ipantuserattrs'), sn=[u'User2'], uid=[user2], uidnumber=[fuzzy_digits], @@ -1277,7 +1279,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user2), - ), + )), ), ), @@ -1307,14 +1309,15 @@ class test_user(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], description=[], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user_base, + objectclass=add_oc(objectclasses.user_base, + u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[fuzzy_digits], @@ -1330,7 +1333,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user1), - ), + )), ), extra_check = not_upg_check, ), @@ -1343,14 +1346,15 @@ class test_user(Declarative): expected=dict( value=user2, summary=u'Added user "%s"' % user2, - result=dict( + result=add_sid(dict( gecos=[u'Test User2'], givenname=[u'Test'], description=[], homedirectory=[u'/home/tuser2'], krbprincipalname=[u'tuser2@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user_base, + objectclass=add_oc(objectclasses.user_base, + u'ipantuserattrs'), sn=[u'User2'], uid=[user2], uidnumber=[fuzzy_digits], @@ -1366,7 +1370,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user2), - ), + )), ), ), @@ -1425,13 +1429,14 @@ class test_user(Declarative): 'user_show', [user2], {'all': True} ), expected=dict( - result=dict( + result=add_sid(dict( gecos=[u'Test User2'], givenname=[u'Test'], homedirectory=[u'/home/tuser2'], krbprincipalname=[u'tuser2@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user_base, + objectclass=add_oc(objectclasses.user_base, + u'ipantuserattrs'), sn=[u'User2'], uid=[user2], uidnumber=[fuzzy_digits], @@ -1449,7 +1454,7 @@ class test_user(Declarative): has_password=False, dn=get_user_dn(user2), manager=[renameduser1], - ), + )), value=user2, summary=None, ), @@ -1471,13 +1476,14 @@ class test_user(Declarative): 'user_show', [user2], {'all': True} ), expected=dict( - result=dict( + result=add_sid(dict( gecos=[u'Test User2'], givenname=[u'Test'], homedirectory=[u'/home/tuser2'], krbprincipalname=[u'tuser2@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user_base, + objectclass=add_oc(objectclasses.user_base, + u'ipantuserattrs'), sn=[u'User2'], uid=[user2], uidnumber=[fuzzy_digits], @@ -1494,7 +1500,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user2), - ), + )), value=user2, summary=None, ), @@ -1531,13 +1537,13 @@ class test_user(Declarative): expected=dict( value=admin2, summary=u'Added user "%s"' % admin2, - result=dict( + result=add_sid(dict( gecos=[u'Second Admin'], givenname=[u'Second'], homedirectory=[u'/home/admin2'], krbprincipalname=[u'admin2@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'Admin'], uid=[admin2], uidnumber=[fuzzy_digits], @@ -1554,7 +1560,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(admin2), - ), + )), ), ), @@ -1720,7 +1726,7 @@ class test_user(Declarative): expected=dict( value=user2, summary=u'Added user "tuser2"', - result=dict( + result=add_sid(dict( gecos=[u'Test User2'], givenname=[u'Test'], homedirectory=[u'/home/tuser2'], @@ -1728,7 +1734,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User2'], uid=[user2], uidnumber=[fuzzy_digits], @@ -1745,7 +1751,7 @@ class test_user(Declarative): memberof_group=[u'ipausers'], dn=DN(('uid', 'tuser2'), ('cn', 'users'), ('cn', 'accounts'), api.env.basedn), - ), + )), ), ), @@ -1806,13 +1812,13 @@ class test_user(Declarative): expected=dict( value=user1, summary=u'Added user "%s"' % user1, - result=dict( + result=add_sid(dict( gecos=[u'Test User1'], givenname=[u'Test'], homedirectory=[u'/home/tuser1'], krbprincipalname=[u'tuser1@' + api.env.realm], loginshell=[u'/bin/sh'], - objectclass=objectclasses.user, + objectclass=add_oc(objectclasses.user, u'ipantuserattrs'), sn=[u'User1'], uid=[user1], uidnumber=[lambda v: int(v) != 999], @@ -1829,7 +1835,7 @@ class test_user(Declarative): has_keytab=False, has_password=False, dn=get_user_dn(user1), - ), + )), ), extra_check = upg_check, ), diff --git a/ipatests/test_xmlrpc/xmlrpc_test.py b/ipatests/test_xmlrpc/xmlrpc_test.py index bfe8efa4..2d12bcb3 100644 --- a/ipatests/test_xmlrpc/xmlrpc_test.py +++ b/ipatests/test_xmlrpc/xmlrpc_test.py @@ -21,8 +21,6 @@ Base class for all XML-RPC tests """ -import sys -import socket import nose from ipatests.util import assert_deepequal, Fuzzy from ipalib import api, request, errors @@ -98,6 +96,20 @@ except IOError: except errors.NotFound: server_available = True +adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result'] +sidgen_was_run = api.Command['sidgen_was_run']()['result'] + + +def add_sid(d, check_sidgen=False): + if adtrust_is_enabled and (not check_sidgen or sidgen_was_run): + d['ipantsecurityidentifier'] = (fuzzy_user_or_group_sid,) + return d + + +def add_oc(l, oc, check_sidgen=False): + if adtrust_is_enabled and (not check_sidgen or sidgen_was_run): + return l + [oc] + return l def assert_attr_equal(entry, key, value): @@ -311,15 +323,17 @@ class Declarative(XMLRPC_test): assert_deepequal(expected.strerror, e.strerror) def check_callable(self, nice, cmd, args, options, expected): + name = expected.__class__.__name__ output = dict() e = None try: output = api.Command[cmd](*args, **options) except StandardError, e: - pass + pass if not expected(e, output): raise AssertionError( - UNEXPECTED % (cmd, args, options, e.__class__.__name__, e) + UNEXPECTED % (cmd, name, args, options, + e.__class__.__name__, e) ) def check_output(self, nice, cmd, args, options, expected, extra_check): -- cgit