From cf12f3106a7f55fbdb03d64588e8201f14470fe8 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 2 Feb 2012 21:28:15 +0100 Subject: Fix raw format for ACI commands ACI plugins (permission, selfservice and delegation) were not prepared to serve ACIs in a raw format, i.e. raw "aci" attribute taken from LDAP. This patch fixes all these plugins and their commands to provide provide this format. Few ACI raw format unit tests were added for all these plugins. https://fedorahosted.org/freeipa/ticket/2010 https://fedorahosted.org/freeipa/ticket/2223 https://fedorahosted.org/freeipa/ticket/2228 https://fedorahosted.org/freeipa/ticket/2232 --- tests/test_xmlrpc/test_delegation_plugin.py | 31 +++++++++++++++++++++++ tests/test_xmlrpc/test_permission_plugin.py | 37 ++++++++++++++++++++++++++++ tests/test_xmlrpc/test_selfservice_plugin.py | 29 ++++++++++++++++++++++ 3 files changed, 97 insertions(+) (limited to 'tests/test_xmlrpc') diff --git a/tests/test_xmlrpc/test_delegation_plugin.py b/tests/test_xmlrpc/test_delegation_plugin.py index dbfa5ff7..1a9c3674 100644 --- a/tests/test_xmlrpc/test_delegation_plugin.py +++ b/tests/test_xmlrpc/test_delegation_plugin.py @@ -126,6 +126,20 @@ class test_delegation(Declarative): ), + dict( + desc='Retrieve %r with --raw' % delegation1, + command=('delegation_show', [delegation1], {'raw' : True}), + expected=dict( + value=delegation1, + summary=None, + result={ + 'aci': u'(targetattr = "street || c || l || st || postalcode")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,%s)")(version 3.0;acl "delegation:testdelegation";allow (write) groupdn = "ldap:///cn=editors,cn=groups,cn=accounts,%s";)' \ + % (api.env.basedn, api.env.basedn) + }, + ), + ), + + dict( desc='Search for %r' % delegation1, command=('delegation_find', [delegation1], {}), @@ -162,6 +176,23 @@ class test_delegation(Declarative): ), + dict( + desc='Search for %r with --raw' % delegation1, + command=('delegation_find', [delegation1], {'raw' : True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 delegation matched', + result=[ + { + 'aci': u'(targetattr = "street || c || l || st || postalcode")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,%s)")(version 3.0;acl "delegation:testdelegation";allow (write) groupdn = "ldap:///cn=editors,cn=groups,cn=accounts,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ], + ), + ), + + dict( desc='Update %r' % delegation1, command=( diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index b7192117..50d36819 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -180,6 +180,23 @@ class test_permission(Declarative): ), + dict( + desc='Retrieve %r with --raw' % permission1, + command=('permission_show', [permission1], {'raw' : True}), + expected=dict( + value=permission1, + summary=None, + result={ + 'dn': unicode(permission1_dn), + 'cn': [permission1], + 'member': [unicode(privilege1_dn)], + 'aci': u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "permission:testperm";allow (write) groupdn = "ldap:///cn=testperm,cn=permissions,cn=pbac,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ), + ), + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), @@ -220,6 +237,26 @@ class test_permission(Declarative): ), + dict( + desc='Search for %r with --raw' % permission1, + command=('permission_find', [permission1], {'raw' : True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': unicode(permission1_dn), + 'cn': [permission1], + 'member': [unicode(privilege1_dn)], + 'aci': u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "permission:testperm";allow (write) groupdn = "ldap:///cn=testperm,cn=permissions,cn=pbac,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ], + ), + ), + + dict( desc='Create %r' % permission2, command=( diff --git a/tests/test_xmlrpc/test_selfservice_plugin.py b/tests/test_xmlrpc/test_selfservice_plugin.py index 670e353d..2ddff50e 100644 --- a/tests/test_xmlrpc/test_selfservice_plugin.py +++ b/tests/test_xmlrpc/test_selfservice_plugin.py @@ -119,6 +119,19 @@ class test_selfservice(Declarative): ), + dict( + desc='Retrieve %r with --raw' % selfservice1, + command=('selfservice_show', [selfservice1], {'raw':True}), + expected=dict( + value=selfservice1, + summary=None, + result={ + 'aci': u'(targetattr = "street || c || l || st || postalcode")(version 3.0;acl "selfservice:testself";allow (write) userdn = "ldap:///self";)', + }, + ), + ), + + dict( desc='Search for %r' % selfservice1, command=('selfservice_find', [selfservice1], {}), @@ -172,6 +185,22 @@ class test_selfservice(Declarative): ), + dict( + desc='Search for %r with --raw' % selfservice1, + command=('selfservice_find', [selfservice1], {'raw':True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 selfservice matched', + result=[ + { + 'aci': u'(targetattr = "street || c || l || st || postalcode")(version 3.0;acl "selfservice:testself";allow (write) userdn = "ldap:///self";)' + }, + ], + ), + ), + + dict( desc='Update %r' % selfservice1, command=( -- cgit