From b5d0a9fcb24c5154919f1b83b2fa2f5999f48ba9 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 15 Aug 2012 17:21:19 -0400
Subject: Validate default user in ordered list when using setattr, require MLS

The MLS was optional in the format, it should be required.

https://fedorahosted.org/freeipa/ticket/2984
---
 tests/test_xmlrpc/test_selinuxusermap_plugin.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'tests')

diff --git a/tests/test_xmlrpc/test_selinuxusermap_plugin.py b/tests/test_xmlrpc/test_selinuxusermap_plugin.py
index c1bee54d..06ad751a 100644
--- a/tests/test_xmlrpc/test_selinuxusermap_plugin.py
+++ b/tests/test_xmlrpc/test_selinuxusermap_plugin.py
@@ -605,9 +605,9 @@ class test_selinuxusermap(Declarative):
         dict(
             desc='Create rule with unknown user %r' % rule1,
             command=(
-                'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'notfound')
+                'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'notfound:s0:c0')
             ),
-            expected=errors.NotFound(reason=u'SELinux user notfound not ' +
+            expected=errors.NotFound(reason=u'SELinux user notfound:s0:c0 not ' +
                 u'found in ordering list (in config)'),
         ),
 
@@ -642,4 +642,14 @@ class test_selinuxusermap(Declarative):
                     u'and/or c[0-1023]-c[0-c0123]'),
         ),
 
+
+        dict(
+            desc='Create rule with invalid user via setattr',
+            command=(
+                'selinuxusermap_mod', [rule1], dict(setattr=u'ipaselinuxuser=deny')
+            ),
+            expected=errors.ValidationError(name='ipaselinuxuser',
+                error=u'Invalid MLS value, must match s[0-15](-s[0-15])'),
+        ),
+
     ]
-- 
cgit