diff options
author | Tomas Babej <tbabej@redhat.com> | 2012-09-25 08:14:57 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-10-03 13:22:46 +0200 |
commit | 682edbf2152aa2dce2f6350226bffc6ebc2526c1 (patch) | |
tree | aa5f37cdc88bd3e16242bbdf8ebc4390705a7710 /tests/test_xmlrpc | |
parent | bdf5f464d7e982759b460ac36af72bf0e3cfaf3b (diff) | |
download | freeipa-682edbf2152aa2dce2f6350226bffc6ebc2526c1.tar.gz freeipa-682edbf2152aa2dce2f6350226bffc6ebc2526c1.tar.xz freeipa-682edbf2152aa2dce2f6350226bffc6ebc2526c1.zip |
Restrict admins group modifications
Group-mod command no longer allows --rename and/or --external
changes made to the admins group. In such cases, ProtectedEntryError
is being raised.
https://fedorahosted.org/freeipa/ticket/3098
Diffstat (limited to 'tests/test_xmlrpc')
-rw-r--r-- | tests/test_xmlrpc/test_group_plugin.py | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/tests/test_xmlrpc/test_group_plugin.py b/tests/test_xmlrpc/test_group_plugin.py index 77a419b0c..a74a5e4c3 100644 --- a/tests/test_xmlrpc/test_group_plugin.py +++ b/tests/test_xmlrpc/test_group_plugin.py @@ -870,6 +870,42 @@ class test_group(Declarative): key='admins', reason='privileged group'), ), + + dict( + desc='Try to rename the admins group', + command=('group_mod', [u'admins'], dict(rename=u'loosers')), + expected=errors.ProtectedEntryError(label=u'group', + key='admins', reason='Cannot be renamed'), + ), + + dict( + desc='Try to modify the admins group to support external membership', + command=('group_mod', [u'admins'], dict(external=True)), + expected=errors.ProtectedEntryError(label=u'group', + key='admins', reason='Cannot support external non-IPA members'), + ), + + dict( + desc='Try to delete the trust admins group', + command=('group_del', [u'trust admins'], {}), + expected=errors.ProtectedEntryError(label=u'group', + key='trust admins', reason='privileged group'), + ), + + dict( + desc='Try to rename the trust admins group', + command=('group_mod', [u'trust admins'], dict(rename=u'loosers')), + expected=errors.ProtectedEntryError(label=u'group', + key='trust admins', reason='Cannot be renamed'), + ), + + dict( + desc='Try to modify the trust admins group to support external membership', + command=('group_mod', [u'trust admins'], dict(external=True)), + expected=errors.ProtectedEntryError(label=u'group', + key='trust admins', reason='Cannot support external non-IPA members'), + ), + dict( desc='Delete %r' % user1, command=('user_del', [user1], {}), |