diff options
28 files changed, 970 insertions, 87 deletions
@@ -551,7 +551,7 @@ option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: StrEnum('ipacertprofilecategory?', autofill=False, cli_name='profilecat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all']) @@ -1598,7 +1598,7 @@ option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('in_role*', cli_name='in_roles') option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('no_group*', cli_name='no_groups') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('no_user*', cli_name='no_users') option: Flag('nonposix', autofill=True, cli_name='nonposix', default=False) option: Str('not_in_group*', cli_name='not_in_groups') @@ -1763,7 +1763,7 @@ option: Str('description?', autofill=False, cli_name='desc') option: Str('externalhost*', autofill=False) option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all']) @@ -1888,7 +1888,7 @@ arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='service') option: Str('description?', autofill=False, cli_name='desc') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -1962,7 +1962,7 @@ arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -2167,7 +2167,7 @@ option: Str('l?', autofill=False, cli_name='locality') option: Str('macaddress*', autofill=False) option: Str('man_by_host*', cli_name='man_by_hosts') option: Str('man_host*', cli_name='man_hosts') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('not_enroll_by_user*', cli_name='not_enroll_by_users') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_hostgroup*', cli_name='not_in_hostgroups') @@ -2302,7 +2302,7 @@ option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('no_host*', cli_name='no_hosts') option: Str('no_hostgroup*', cli_name='no_hostgroups') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_hostgroup*', cli_name='not_in_hostgroups') option: Str('not_in_netgroup*', cli_name='not_in_netgroups') @@ -2846,7 +2846,7 @@ option: Str('nisdomainname?', autofill=False, cli_name='nisdomain') option: Str('no_group*', cli_name='no_groups') option: Str('no_host*', cli_name='no_hosts') option: Str('no_hostgroup*', cli_name='no_hostgroups') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('no_netgroup*', cli_name='no_netgroups') option: Str('no_user*', cli_name='no_users') option: Str('not_in_netgroup*', cli_name='not_in_netgroups') @@ -3017,7 +3017,7 @@ option: Int('ipatokentotpclockoffset?', autofill=False, cli_name='offset', defau option: Int('ipatokentotptimestep?', autofill=False, cli_name='interval', default=30) option: Str('ipatokenuniqueid?', autofill=False, cli_name='id') option: Str('ipatokenvendor?', autofill=False, cli_name='vendor') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -3169,7 +3169,7 @@ option: Str('ipapermtargetfilter*', autofill=False, cli_name='rawfilter') option: DNParam('ipapermtargetfrom?', autofill=False, cli_name='targetfrom') option: DNParam('ipapermtargetto?', autofill=False, cli_name='targetto') option: Str('memberof*', autofill=False) -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('permissions*', autofill=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) @@ -3303,7 +3303,7 @@ arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -3599,7 +3599,7 @@ arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -3787,7 +3787,7 @@ option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) option: Str('ipaselinuxuser?', autofill=False, cli_name='selinuxuser') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('seealso?', autofill=False, cli_name='hbacrule') @@ -3877,7 +3877,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Int('ipamaxdomainlevel?', autofill=False, cli_name='maxlevel') option: Int('ipamindomainlevel?', autofill=False, cli_name='minlevel') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('no_topologysuffix*', cli_name='no_topologysuffixes') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) @@ -4017,7 +4017,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False) option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) option: Str('krbprincipalname?', autofill=False, cli_name='principal') option: Str('man_by_host*', cli_name='man_by_hosts') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('not_man_by_host*', cli_name='not_man_by_hosts') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) @@ -4127,7 +4127,7 @@ args: 1,8,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='delegation_name') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -4351,7 +4351,7 @@ option: Str('loginshell?', autofill=False, cli_name='shell') option: Str('mail*', autofill=False, cli_name='email') option: Str('manager?', autofill=False) option: Str('mobile*', autofill=False) -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('not_in_group*', cli_name='not_in_groups') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_netgroup*', cli_name='not_in_netgroups') @@ -4479,7 +4479,7 @@ args: 1,9,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', autofill=False, cli_name='desc') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -4554,7 +4554,7 @@ arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='sudocmdgroup_name') option: Str('description?', autofill=False, cli_name='desc') -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -4741,7 +4741,7 @@ option: Str('ipasudorunasextgroup?', autofill=False, cli_name='runasexternalgrou option: Str('ipasudorunasextuser?', autofill=False, cli_name='runasexternaluser') option: StrEnum('ipasudorunasgroupcategory?', autofill=False, cli_name='runasgroupcat', values=[u'all']) option: StrEnum('ipasudorunasusercategory?', autofill=False, cli_name='runasusercat', values=[u'all']) -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -5349,7 +5349,7 @@ option: Str('loginshell?', autofill=False, cli_name='shell') option: Str('mail*', autofill=False, cli_name='email') option: Str('manager?', autofill=False) option: Str('mobile*', autofill=False) -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Str('not_in_group*', cli_name='not_in_groups') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_netgroup*', cli_name='not_in_netgroups') @@ -5622,7 +5622,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('ipavaulttype?', autofill=False, cli_name='type', default=u'symmetric', values=[u'standard', u'symmetric', u'asymmetric']) -option: Flag('no_members', autofill=True, default=False) +option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('service?') @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=169 -# Last change: vault: copy arguments of client commands from server counterparts +IPA_API_VERSION_MINOR=170 +# Last change: mbasti - *-find: do not search for members by default diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 8e692d295..9f6cfa6ca 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -945,7 +945,8 @@ def del_master_managed(realm, hostname, options): sys.exit(1) # 2. Get all masters - masters = api.Command.server_find('', sizelimit=0)['result'] + masters = api.Command.server_find( + '', sizelimit=0, no_members=False)['result'] # 3. Check topology connectivity in all suffixes topo_errors = replication.check_last_link_managed(api, hostname, masters) @@ -1149,7 +1150,8 @@ def del_master_direct(realm, hostname, options): # Check for orphans if the remote server is up. if delrepl and not winsync: try: - masters = api.Command.server_find('', sizelimit=0)['result'] + masters = api.Command.server_find( + '', sizelimit=0, no_members=False)['result'] except Exception as e: masters = [] print("Failed to read masters data from '%s': %s" % ( diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 8a696f3c8..9c77fd62e 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1117,7 +1117,7 @@ last, after all sets and adds."""), yield Flag('no_members', doc=_('Suppress processing of membership attributes.'), exclude='webui', - flags=['no_output'], + flags={'no_output'}, ) break @@ -1907,6 +1907,11 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): def get_options(self): for option in super(LDAPSearch, self).get_options(): + if option.name == 'no_members': + # no_members are always true for find commands, do not + # show option in CLI but keep API compatibility + option = option.clone( + default=True, flags=option.flags | {"no_cli"}) yield option if self.obj.primary_key and \ 'no_output' not in self.obj.primary_key.flags: diff --git a/ipalib/plugins/caacl.py b/ipalib/plugins/caacl.py index d3190211b..60eeb5a33 100644 --- a/ipalib/plugins/caacl.py +++ b/ipalib/plugins/caacl.py @@ -122,7 +122,7 @@ def _acl_make_rule(principal_type, obj): def acl_evaluate(principal_type, principal, ca_ref, profile_id): req = _acl_make_request(principal_type, principal, ca_ref, profile_id) - acls = api.Command.caacl_find()['result'] + acls = api.Command.caacl_find(no_members=False)['result'] rules = [_acl_make_rule(principal_type, obj) for obj in acls] return req.evaluate(rules) == pyhbac.HBAC_EVAL_ALLOW diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py index a10e8a56f..1522b9b31 100644 --- a/ipalib/plugins/hbactest.py +++ b/ipalib/plugins/hbactest.py @@ -337,7 +337,8 @@ class hbactest(Command): hbacset = [] if len(testrules) == 0: - hbacset = self.api.Command.hbacrule_find(sizelimit=sizelimit)['result'] + hbacset = self.api.Command.hbacrule_find( + sizelimit=sizelimit, no_members=False)['result'] else: for rule in testrules: try: diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py index 0c96086fe..ae61ab355 100644 --- a/ipalib/plugins/otptoken.py +++ b/ipalib/plugins/otptoken.py @@ -318,7 +318,8 @@ class otptoken_add(LDAPCreate): # If owner was not specified, default to the person adding this token. # If managedby was not specified, attempt a sensible default. if 'ipatokenowner' not in entry_attrs or 'managedby' not in entry_attrs: - result = self.api.Command.user_find(whoami=True)['result'] + result = self.api.Command.user_find( + whoami=True, no_members=False)['result'] if result: cur_uid = result[0]['uid'][0] prev_uid = entry_attrs.setdefault('ipatokenowner', cur_uid) diff --git a/ipalib/plugins/topology.py b/ipalib/plugins/topology.py index 69b936eba..76cf29082 100644 --- a/ipalib/plugins/topology.py +++ b/ipalib/plugins/topology.py @@ -210,7 +210,8 @@ class topologysegment(LDAPObject): return # nothing to check # check if nodes are IPA servers - masters = self.api.Command.server_find('', sizelimit=0)['result'] + masters = self.api.Command.server_find( + '', sizelimit=0, no_members=False)['result'] m_hostnames = [master['cn'][0].lower() for master in masters] if leftnode and leftnode not in m_hostnames: @@ -472,7 +473,8 @@ Checks done: validate_domain_level(self.api) - masters = self.api.Command.server_find('', sizelimit=0)['result'] + masters = self.api.Command.server_find( + '', sizelimit=0, no_members=False)['result'] segments = self.api.Command.topologysegment_find( keys[0], sizelimit=0)['result'] graph = create_topology_graph(masters, segments) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index d71305d08..5b00b426b 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -710,7 +710,8 @@ class user_del(baseuser_del): # Delete all tokens owned and managed by this user. # Orphan all tokens owned but not managed by this user. owner = self.api.Object.user.get_primary_key_from_dn(dn) - results = self.api.Command.otptoken_find(ipatokenowner=owner)['result'] + results = self.api.Command.otptoken_find( + ipatokenowner=owner, no_members=False)['result'] for token in results: orphan = not [x for x in token.get('managedby_user', []) if x == owner] token = self.api.Object.otptoken.get_primary_key_from_dn(token['dn']) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index dd9453ce4..c58cce228 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -1781,7 +1781,8 @@ def get_orphaned_suffixes(masters): :return a set consisting of suffix names which are not managed by any master """ - all_suffixes = api.Command.topologysuffix_find(sizelimit=0)['result'] + all_suffixes = api.Command.topologysuffix_find( + sizelimit=0, no_members=False)['result'] all_suffix_names = set(s['cn'][0] for s in all_suffixes) managed_suffixes = set(map_masters_to_suffixes(masters)) diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 2d71b3837..e4d4ab163 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -1148,7 +1148,8 @@ def uninstall_check(installer): print("Aborting uninstall operation.") sys.exit(1) else: - masters = api.Command.server_find(sizelimit=0)['result'] + masters = api.Command.server_find( + sizelimit=0, no_members=False)['result'] if not check_master_deleted(api, masters, not options.unattended): diff --git a/ipatests/test_xmlrpc/test_group_plugin.py b/ipatests/test_xmlrpc/test_group_plugin.py index 41d28f1cf..02467daed 100644 --- a/ipatests/test_xmlrpc/test_group_plugin.py +++ b/ipatests/test_xmlrpc/test_group_plugin.py @@ -177,11 +177,11 @@ class TestFindGroup(XMLRPC_test): group.ensure_exists() group.find() - def test_search_for_all_groups(self, group, group2): + def test_search_for_all_groups_with_members(self, group, group2): """ Search for all groups """ group.ensure_exists() group2.create() - command = group.make_command('group_find') + command = group.make_command('group_find', no_members=False) result = command() assert_deepequal(dict( summary=u'6 groups matched', @@ -227,6 +227,56 @@ class TestFindGroup(XMLRPC_test): }, ]), result) + + def test_search_for_all_groups(self, group, group2): + """ Search for all groups """ + group.ensure_exists() + group2.create() + command = group.make_command('group_find') + result = command() + assert_deepequal(dict( + summary=u'6 groups matched', + count=6, + truncated=False, + result=[ + { + 'dn': get_group_dn('admins'), + 'gidnumber': [fuzzy_digits], + 'cn': [u'admins'], + 'description': [u'Account administrators group'], + }, + { + 'dn': get_group_dn('editors'), + 'gidnumber': [fuzzy_digits], + 'cn': [u'editors'], + 'description': + [u'Limited admins who can edit other users'], + }, + { + 'dn': get_group_dn('ipausers'), + 'cn': [u'ipausers'], + 'description': [u'Default group for all users'], + }, + { + 'dn': get_group_dn(group.cn), + 'cn': [group.cn], + 'description': [u'Test desc1'], + 'gidnumber': [fuzzy_digits], + }, + { + 'dn': get_group_dn(group2.cn), + 'cn': [group2.cn], + 'description': [u'Test desc2'], + 'gidnumber': [fuzzy_digits], + }, + { + 'dn': get_group_dn('trust admins'), + 'cn': [u'trust admins'], + 'description': [u'Trusts administrators group'], + }, + ]), result) + + def test_search_for_all_posix(self, group, group2): """ Search for all posix groups """ command = group.make_command( diff --git a/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py b/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py index 182a76bf9..9618edba3 100644 --- a/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py @@ -162,6 +162,26 @@ class test_hbacsvcgroup(Declarative): dict( + desc='Search for %r with members' % hbacsvcgroup1, + command=('hbacsvcgroup_find', [], dict( + cn=hbacsvcgroup1, no_members=False)), + expected=dict( + count=1, + truncated=False, + summary=u'1 HBAC service group matched', + result=[ + { + 'dn': dn1, + 'member_hbacsvc': [hbacsvc1], + 'cn': [hbacsvcgroup1], + 'description': [u'Test hbacsvcgroup 1'], + }, + ], + ), + ), + + + dict( desc='Search for %r' % hbacsvcgroup1, command=('hbacsvcgroup_find', [], dict(cn=hbacsvcgroup1)), expected=dict( @@ -171,7 +191,6 @@ class test_hbacsvcgroup(Declarative): result=[ { 'dn': dn1, - 'member_hbacsvc': [hbacsvc1], 'cn': [hbacsvcgroup1], 'description': [u'Test hbacsvcgroup 1'], }, diff --git a/ipatests/test_xmlrpc/test_hostgroup_plugin.py b/ipatests/test_xmlrpc/test_hostgroup_plugin.py index 61fda819b..2e93e1013 100644 --- a/ipatests/test_xmlrpc/test_hostgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_hostgroup_plugin.py @@ -116,6 +116,11 @@ class TestHostGroup(XMLRPC_test): hostgroup.ensure_exists() hostgroup.find() + def test_search_for_hostgroup_with_all(self, hostgroup): + """ Search for hostgroup """ + hostgroup.ensure_exists() + hostgroup.find(all=True) + def test_update_hostgroup(self, hostgroup): """ Update description of hostgroup and verify """ hostgroup.ensure_exists() diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py index c03566b12..2d2df7c49 100644 --- a/ipatests/test_xmlrpc/test_netgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py @@ -406,8 +406,9 @@ class test_netgroup(Declarative): dict( - desc='Search for netgroups using no_user', - command=('netgroup_find', [], dict(no_user=user1)), + desc='Search for netgroups using no_user with members', + command=('netgroup_find', [], dict( + no_user=user1, no_members=False)), expected=dict( count=2, truncated=False, @@ -431,6 +432,32 @@ class test_netgroup(Declarative): ), ), + + dict( + desc='Search for netgroups using no_user', + command=('netgroup_find', [], dict(no_user=user1)), + expected=dict( + count=2, + truncated=False, + summary=u'2 netgroups matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup2], + 'description': [u'Test netgroup 2'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + ], + ), + ), + + dict( desc="Check %r doesn't match when searching for %s" % (netgroup1, user1), command=('netgroup_find', [], dict(user=user1)), @@ -852,8 +879,9 @@ class test_netgroup(Declarative): ), dict( - desc='Search for %r' % netgroup1, - command=('netgroup_find', [], dict(cn=netgroup1)), + desc='Search for %r with members' % netgroup1, + command=('netgroup_find', [], dict( + cn=netgroup1, no_members=False)), expected=dict( count=1, truncated=False, @@ -875,9 +903,31 @@ class test_netgroup(Declarative): ), ), + dict( - desc='Search for %r using user' % netgroup1, - command=('netgroup_find', [], dict(user=user1)), + desc='Search for %r' % netgroup1, + command=('netgroup_find', [], dict(cn=netgroup1)), + expected=dict( + count=1, + truncated=False, + summary=u'1 netgroup matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [unknown_host], + }, + ], + ), + ), + + + dict( + desc='Search for %r using user with members' % netgroup1, + command=('netgroup_find', [], dict( + user=user1, no_members=False)), expected=dict( count=1, truncated=False, @@ -899,9 +949,31 @@ class test_netgroup(Declarative): ), ), + dict( - desc='Search for all netgroups using empty member user', - command=('netgroup_find', [], dict(user=None)), + desc='Search for %r using user' % netgroup1, + command=('netgroup_find', [], dict(user=user1)), + expected=dict( + count=1, + truncated=False, + summary=u'1 netgroup matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [unknown_host], + }, + ], + ), + ), + + + dict( + desc=('Search for all netgroups using empty member user with ' + 'members'), + command=('netgroup_find', [], dict(user=None, no_members=False)), expected=dict( count=2, truncated=False, @@ -930,6 +1002,33 @@ class test_netgroup(Declarative): ), ), + + dict( + desc='Search for all netgroups using empty member user', + command=('netgroup_find', [], dict(user=None)), + expected=dict( + count=2, + truncated=False, + summary=u'2 netgroups matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [unknown_host], + }, + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup2], + 'description': [u'Test netgroup 2'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + ], + ), + ), + + dict( desc='Update %r' % netgroup1, command=('netgroup_mod', [netgroup1], diff --git a/ipatests/test_xmlrpc/test_old_permission_plugin.py b/ipatests/test_xmlrpc/test_old_permission_plugin.py index 3e086b541..38662c21f 100644 --- a/ipatests/test_xmlrpc/test_old_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_old_permission_plugin.py @@ -269,6 +269,30 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % permission1, + command=('permission_find', [permission1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -280,6 +304,30 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( + desc='Search for %r using --name with members' % permission1, + command=('permission_find', [], { + 'cn': permission1, 'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], @@ -304,7 +352,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -329,6 +376,30 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('permission_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('permission_find', [privilege1], {}), expected=dict( @@ -340,7 +411,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -353,8 +423,9 @@ class test_old_permission(Declarative): dict( - desc='Search for %r with --raw' % permission1, - command=('permission_find', [permission1], {'raw' : True}), + desc='Search for %r with --raw with members' % permission1, + command=('permission_find', [permission1], { + 'raw': True, 'no_members': False}), expected=dict( count=1, truncated=False, @@ -379,6 +450,38 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with --raw' % permission1, + command=('permission_find', [permission1], {'raw': True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'aci': [ + u'(targetfilter = "(objectclass=posixaccount)")' + u'(version 3.0;acl "permission:testperm";' + u'allow (write) groupdn = "ldap:///%s";)' % + DN( + ('cn', 'testperm'), ('cn', 'permissions'), + ('cn', 'pbac'), api.env.basedn + ) + ], + 'ipapermright': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'ipapermtargetfilter': [u'(objectclass=posixaccount)'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( desc='Create %r' % permission2, command=( 'permission_add', [permission2], dict( @@ -407,6 +510,40 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % permission1, + command=('permission_find', [permission1], {'no_members': False}), + expected=dict( + count=2, + truncated=False, + summary=u'2 permissions matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + { + 'dn': permission2_dn, + 'cn': [permission2], + 'objectclass': objectclasses.permission, + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -418,7 +555,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -486,6 +622,25 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], + 'memberof_permission': [permission1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('privilege_find', [privilege1], {}), expected=dict( @@ -497,7 +652,6 @@ class test_old_permission(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], - 'memberof_permission': [permission1], }, ], ), @@ -505,6 +659,42 @@ class test_old_permission(Declarative): dict( + desc=('Search for %r with a limit of 1 (truncated) with members' % + permission1), + command=('permission_find', [permission1], dict( + sizelimit=1, no_members=False)), + expected=dict( + count=1, + truncated=True, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + messages=({ + 'message': (u'Search result has been truncated: ' + u'Configured size limit exceeded'), + 'code': 13017, + 'type': u'warning', + 'name': u'SearchResultTruncated', + 'data': { + 'reason': u"Configured size limit exceeded" + } + },), + ), + ), + + + dict( desc='Search for %r with a limit of 1 (truncated)' % permission1, command=('permission_find', [permission1], dict(sizelimit=1)), expected=dict( @@ -516,7 +706,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -550,7 +739,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -776,9 +964,11 @@ class test_old_permission(Declarative): dict( - desc='Search for %r using --subtree' % permission1, - command=('permission_find', [], - {'subtree': u'ldap:///%s' % DN(('cn', 'accounts'), api.env.basedn)}), + desc='Search for %r using --subtree with members' % permission1, + command=('permission_find', [], { + 'subtree': u'ldap:///%s' % DN( + ('cn', 'accounts'), api.env.basedn), + 'no_members': False}), expected=dict( count=1, truncated=False, @@ -801,6 +991,32 @@ class test_old_permission(Declarative): dict( + desc='Search for %r using --subtree' % permission1, + command=('permission_find', [], { + 'subtree': u'ldap:///%s' % DN( + ('cn', 'accounts'), api.env.basedn)}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn':permission1_renamed_ucase_dn, + 'cn':[permission1_renamed_ucase], + 'objectclass': objectclasses.permission, + 'subtree':u'ldap:///%s' % DN( + ('cn', 'accounts'), api.env.basedn), + 'permissions':[u'write'], + 'memberof':u'ipausers', + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + }, + ], + ), + ), + + + dict( desc='Search using nonexistent --subtree', command=('permission_find', [], {'subtree': u'ldap:///foo=bar'}), expected=dict( @@ -813,8 +1029,9 @@ class test_old_permission(Declarative): dict( - desc='Search using --targetgroup', - command=('permission_find', [], {'targetgroup': u'ipausers'}), + desc='Search using --targetgroup with members', + command=('permission_find', [], { + 'targetgroup': u'ipausers', 'no_members': False}), expected=dict( count=1, truncated=False, @@ -842,6 +1059,33 @@ class test_old_permission(Declarative): dict( + desc='Search using --targetgroup', + command=('permission_find', [], {'targetgroup': u'ipausers'}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': DN(('cn', 'System: Add User to default group'), + api.env.container_permission, api.env.basedn), + 'cn': [u'System: Add User to default group'], + 'objectclass': objectclasses.permission, + 'attrs': [u'member'], + 'targetgroup': u'ipausers', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermtarget': [DN('cn=ipausers', groups_dn)], + 'subtree': u'ldap:///%s' % groups_dn, + 'ipapermdefaultattr': [u'member'], + 'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'], + } + ], + ), + ), + + + dict( desc='Delete %r' % permission1_renamed_ucase, command=('permission_del', [permission1_renamed_ucase], {}), expected=dict( diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index cefa93f55..938ab4bb6 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -541,6 +541,31 @@ class test_permission(Declarative): dict( + desc='Search for %r with members' % permission1, + command=('permission_find', [permission1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -552,6 +577,31 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( + desc='Search for %r using --name with members' % permission1, + command=('permission_find', [], { + 'cn': permission1, 'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, 'member_privilege': [privilege1], 'type': [u'user'], 'ipapermright': [u'write'], @@ -577,7 +627,6 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': [u'user'], 'ipapermright': [u'write'], 'attrs': [u'sn'], @@ -603,6 +652,31 @@ class test_permission(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('permission_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('permission_find', [privilege1], {}), expected=dict( @@ -614,7 +688,6 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': [u'user'], 'ipapermright': [u'write'], 'attrs': [u'sn'], @@ -628,6 +701,38 @@ class test_permission(Declarative): dict( + desc='Search for %r with --raw with members' % permission1, + command=('permission_find', [permission1], { + 'raw': True, 'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member': [privilege1_dn], + 'ipapermincludedattr': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermright': [u'write'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + 'ipapermtargetfilter': [u'(objectclass=posixaccount)'], + 'aci': ['(targetattr = "sn")' + '(targetfilter = "(objectclass=posixaccount)")' + + '(version 3.0;acl "permission:%(name)s";' + 'allow (write) groupdn = "ldap:///%(pdn)s";)' % + {'name': permission1, + 'pdn': permission1_dn}], + }, + ], + ), + ), + + + dict( desc='Search for %r with --raw' % permission1, command=('permission_find', [permission1], {'raw': True}), expected=dict( @@ -639,7 +744,6 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member': [privilege1_dn], 'ipapermincludedattr': [u'sn'], 'ipapermbindruletype': [u'permission'], 'ipapermright': [u'write'], @@ -696,6 +800,43 @@ class test_permission(Declarative): ), dict( + desc='Search for %r with members' % permission1, + command=('permission_find', [permission1], { + 'no_members': False}), + expected=dict( + count=2, + truncated=False, + summary=u'2 permissions matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + { + 'dn': permission2_dn, + 'cn': [permission2], + 'objectclass': objectclasses.permission, + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'cn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -707,7 +848,6 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': [u'user'], 'ipapermright': [u'write'], 'attrs': [u'sn'], @@ -777,6 +917,25 @@ class test_permission(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], + 'memberof_permission': [permission1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('privilege_find', [privilege1], {}), expected=dict( @@ -788,7 +947,6 @@ class test_permission(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], - 'memberof_permission': [permission1], }, ], ), @@ -796,6 +954,45 @@ class test_permission(Declarative): dict( + desc=('Search for %r with a limit of 1 (truncated) with members' % + permission1), + command=('permission_find', [permission1], + dict(sizelimit=1, no_members=False)), + expected=dict( + count=1, + truncated=True, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + ], + messages=( + { + 'message': (u'Search result has been truncated: ' + u'Configured size limit exceeded'), + 'code': 13017, + 'type': u'warning', + 'name': u'SearchResultTruncated', + 'data': { + 'reason': u"Configured size limit exceeded" + } + }, + ), + ), + ), + + + dict( desc='Search for %r with a limit of 1 (truncated)' % permission1, command=('permission_find', [permission1], dict(sizelimit=1)), expected=dict( @@ -807,7 +1004,6 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': [u'user'], 'ipapermright': [u'write'], 'attrs': [u'sn'], @@ -850,7 +1046,6 @@ class test_permission(Declarative): 'ipapermbindruletype': [u'permission'], 'ipapermissiontype': [u'SYSTEM', u'V2'], 'ipapermlocation': [users_dn], - 'member_privilege': [privilege1], }, { 'dn': permission2_dn, @@ -1179,6 +1374,34 @@ class test_permission(Declarative): ), dict( + desc=('Search for %r using --subtree with membes' % + permission1_renamed_ucase), + command=('permission_find', [], + {'ipapermlocation': u'ldap:///%s' % admin_dn, + 'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn':permission1_renamed_ucase_dn, + 'cn':[permission1_renamed_ucase], + 'objectclass': objectclasses.permission, + 'member_privilege':[privilege1], + 'ipapermlocation': [admin_dn], + 'ipapermright':[u'write'], + 'memberof':[u'ipausers'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + }, + ], + ), + ), + + + dict( desc='Search for %r using --subtree' % permission1_renamed_ucase, command=('permission_find', [], {'ipapermlocation': u'ldap:///%s' % admin_dn}), @@ -1191,7 +1414,6 @@ class test_permission(Declarative): 'dn':permission1_renamed_ucase_dn, 'cn':[permission1_renamed_ucase], 'objectclass': objectclasses.permission, - 'member_privilege':[privilege1], 'ipapermlocation': [admin_dn], 'ipapermright':[u'write'], 'memberof':[u'ipausers'], @@ -1213,8 +1435,9 @@ class test_permission(Declarative): dict( - desc='Search using --targetgroup', - command=('permission_find', [], {'targetgroup': u'ipausers'}), + desc='Search using --targetgroup with members', + command=('permission_find', [], { + 'targetgroup': u'ipausers', 'no_members': False}), expected=dict( count=1, truncated=False, @@ -1244,6 +1467,34 @@ class test_permission(Declarative): dict( + desc='Search using --targetgroup', + command=('permission_find', [], {'targetgroup': u'ipausers'}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': DN(('cn', 'System: Add User to default group'), + api.env.container_permission, api.env.basedn), + 'cn': [u'System: Add User to default group'], + 'objectclass': objectclasses.permission, + 'attrs': [u'member'], + 'targetgroup': [u'ipausers'], + 'ipapermright': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermtarget': [DN( + 'cn=ipausers', api.env.container_group, + api.env.basedn)], + 'ipapermlocation': [groups_dn], + 'ipapermdefaultattr': [u'member'], + 'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'], + } + ], + ), + ), + + dict( desc='Delete %r' % permission1_renamed_ucase, command=('permission_del', [permission1_renamed_ucase], {}), expected=dict( diff --git a/ipatests/test_xmlrpc/test_privilege_plugin.py b/ipatests/test_xmlrpc/test_privilege_plugin.py index ce9afe2fd..c80cfef7d 100644 --- a/ipatests/test_xmlrpc/test_privilege_plugin.py +++ b/ipatests/test_xmlrpc/test_privilege_plugin.py @@ -172,6 +172,25 @@ class test_privilege(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], + 'memberof_permission': [permission1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('privilege_find', [privilege1], {}), expected=dict( @@ -183,6 +202,24 @@ class test_privilege(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], + }, + ], + ), + ), + + + dict( + desc='Search for %r with members' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], 'memberof_permission': [permission1], }, ], @@ -202,7 +239,6 @@ class test_privilege(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], - 'memberof_permission': [permission1], }, ], ), @@ -281,6 +317,25 @@ class test_privilege(Declarative): dict( + desc='Search for %r with memebers' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], + 'memberof_permission': [permission1, permission2], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('privilege_find', [privilege1], {}), expected=dict( @@ -292,7 +347,6 @@ class test_privilege(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], - 'memberof_permission': [permission1, permission2], }, ], ), diff --git a/ipatests/test_xmlrpc/test_role_plugin.py b/ipatests/test_xmlrpc/test_role_plugin.py index d06daac69..2c368b351 100644 --- a/ipatests/test_xmlrpc/test_role_plugin.py +++ b/ipatests/test_xmlrpc/test_role_plugin.py @@ -292,6 +292,26 @@ class test_role(Declarative): dict( + desc='Search for %r with members' % role1, + command=('role_find', [role1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 role matched', + result=[ + { + 'dn': role1_dn, + 'cn': [role1], + 'description': [u'role desc 1'], + 'member_group': [group1], + 'memberof_privilege': [privilege1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % role1, command=('role_find', [role1], {}), expected=dict( @@ -303,6 +323,24 @@ class test_role(Declarative): 'dn': role1_dn, 'cn': [role1], 'description': [u'role desc 1'], + }, + ], + ), + ), + + + dict( + desc='Search for %r with members' % search, + command=('role_find', [search], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 role matched', + result=[ + { + 'dn': role1_dn, + 'cn': [role1], + 'description': [u'role desc 1'], 'member_group': [group1], 'memberof_privilege': [privilege1], }, @@ -323,8 +361,6 @@ class test_role(Declarative): 'dn': role1_dn, 'cn': [role1], 'description': [u'role desc 1'], - 'member_group': [group1], - 'memberof_privilege': [privilege1], }, ], ), @@ -350,6 +386,26 @@ class test_role(Declarative): dict( + desc='Search for %r with members' % role1, + command=('role_find', [role1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 role matched', + result=[ + { + 'dn': role1_dn, + 'cn': [role1], + 'description': [u'role desc 1'], + 'member_group': [group1], + 'memberof_privilege': [privilege1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % role1, command=('role_find', [role1], {}), expected=dict( @@ -361,9 +417,32 @@ class test_role(Declarative): 'dn': role1_dn, 'cn': [role1], 'description': [u'role desc 1'], + }, + ], + ), + ), + + + dict( + desc='Search for %r with members' % search, + command=('role_find', [search], {'no_members': False}), + expected=dict( + count=2, + truncated=False, + summary=u'2 roles matched', + result=[ + { + 'dn': role1_dn, + 'cn': [role1], + 'description': [u'role desc 1'], 'member_group': [group1], 'memberof_privilege': [privilege1], }, + { + 'dn': role2_dn, + 'cn': [role2], + 'description': [u'role desc 2'], + }, ], ), ), @@ -381,8 +460,6 @@ class test_role(Declarative): 'dn': role1_dn, 'cn': [role1], 'description': [u'role desc 1'], - 'member_group': [group1], - 'memberof_privilege': [privilege1], }, { 'dn': role2_dn, diff --git a/ipatests/test_xmlrpc/test_service_plugin.py b/ipatests/test_xmlrpc/test_service_plugin.py index 9bd082916..663e1f36d 100644 --- a/ipatests/test_xmlrpc/test_service_plugin.py +++ b/ipatests/test_xmlrpc/test_service_plugin.py @@ -251,6 +251,25 @@ class test_service(Declarative): dict( + desc='Search for %r with members' % service1, + command=('service_find', [service1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 service matched', + result=[ + dict( + dn=service1dn, + krbprincipalname=[service1], + managedby_host=[fqdn1], + has_keytab=False, + ), + ], + ), + ), + + + dict( desc='Search for %r' % service1, command=('service_find', [service1], {}), expected=dict( @@ -261,7 +280,6 @@ class test_service(Declarative): dict( dn=service1dn, krbprincipalname=[service1], - managedby_host=[fqdn1], has_keytab=False, ), ], diff --git a/ipatests/test_xmlrpc/test_servicedelegation_plugin.py b/ipatests/test_xmlrpc/test_servicedelegation_plugin.py index 02dc0800f..bf7897581 100644 --- a/ipatests/test_xmlrpc/test_servicedelegation_plugin.py +++ b/ipatests/test_xmlrpc/test_servicedelegation_plugin.py @@ -134,8 +134,8 @@ class test_servicedelegation(Declarative): dict( - desc='Search for all rules', - command=('servicedelegationrule_find', [], {}), + desc='Search for all rules with members', + command=('servicedelegationrule_find', [], {'no_members': False}), expected=dict( summary=u'3 service delegation rules matched', count=3, @@ -163,6 +163,32 @@ class test_servicedelegation(Declarative): dict( + desc='Search for all rules', + command=('servicedelegationrule_find', [], {}), + expected=dict( + summary=u'3 service delegation rules matched', + count=3, + truncated=False, + result=[ + { + 'dn': get_servicedelegation_dn(u'ipa-http-delegation'), + 'cn': [u'ipa-http-delegation'], + 'memberprincipal': [princ1], + }, + dict( + dn=get_servicedelegation_dn(rule2), + cn=[rule2], + ), + dict( + dn=get_servicedelegation_dn(rule1), + cn=[rule1], + ), + ], + ), + ), + + + dict( desc='Create target %r' % target1, command=( 'servicedelegationtarget_add', [target1], {} diff --git a/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py b/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py index 3f5879c4d..be47de980 100644 --- a/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py @@ -152,6 +152,11 @@ class TestSudoCmdGroupSCRUD(XMLRPC_test): sudocmdgroup1.ensure_exists() sudocmdgroup1.find() + def test_search_all(self, sudocmdgroup1): + """ Search for sudocmdgroup """ + sudocmdgroup1.ensure_exists() + sudocmdgroup1.find(all=True) + def test_create_another(self, sudocmdgroup2): """ Create a second sudocmdgroup """ sudocmdgroup2.create() diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py index c576394dd..975b2b876 100644 --- a/ipatests/test_xmlrpc/test_user_plugin.py +++ b/ipatests/test_xmlrpc/test_user_plugin.py @@ -691,7 +691,7 @@ class TestManagers(XMLRPC_test): """ Find user by his manager's UID """ command = user.make_find_command(manager=user2.uid) result = command() - user.check_find(result, expected_override=dict(manager=[user2.uid])) + user.check_find(result) def test_delete_both_user_and_manager(self, user, user2): """ Delete both user and its manager at once """ diff --git a/ipatests/test_xmlrpc/tracker/host_plugin.py b/ipatests/test_xmlrpc/tracker/host_plugin.py index d8b59b989..d54901fa5 100644 --- a/ipatests/test_xmlrpc/tracker/host_plugin.py +++ b/ipatests/test_xmlrpc/tracker/host_plugin.py @@ -43,7 +43,10 @@ class HostTracker(Tracker): update_keys = retrieve_keys - {'dn'} managedby_keys = retrieve_keys - {'has_keytab', 'has_password'} allowedto_keys = retrieve_keys - {'has_keytab', 'has_password'} - find_keys = retrieve_keys - {'has_keytab', 'has_password'} + find_keys = retrieve_keys - { + 'has_keytab', 'has_password', 'memberof_hostgroup', + 'memberofindirect_hostgroup', 'managedby_host', + } find_all_keys = retrieve_all_keys - {'has_keytab', 'has_password'} def __init__(self, name, fqdn=None, default_version=None): diff --git a/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py b/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py index 77b43b9d3..8b63c90b0 100644 --- a/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py +++ b/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py @@ -24,6 +24,15 @@ class HostGroupTracker(Tracker): add_member_keys = retrieve_keys | {u'member_host'} + find_keys = { + u'dn', u'cn', u'description', + } + find_all_keys = { + u'dn', u'cn', u'member_host', u'description', u'member_hostgroup', + u'memberindirect_host', u'ipauniqueid', u'objectclass', + u'mepmanagedentry', + } + def __init__(self, name, description=u'HostGroup desc'): super(HostGroupTracker, self).__init__(default_version=None) self.cn = name @@ -182,9 +191,9 @@ class HostGroupTracker(Tracker): def check_find(self, result, all=False, raw=False): """ Checks 'hostgroup_find' command result """ if all: - expected = self.filter_attrs(self.retrieve_all_keys) + expected = self.filter_attrs(self.find_all_keys) else: - expected = self.filter_attrs(self.retrieve_keys) + expected = self.filter_attrs(self.find_keys) assert_deepequal(dict( count=1, diff --git a/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py b/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py index eb72e4ba2..003d39ac0 100644 --- a/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py +++ b/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py @@ -18,6 +18,9 @@ class SudoCmdTracker(Tracker): create_keys = retrieve_all_keys update_keys = retrieve_keys - {u'dn'} + find_keys = {u'dn', u'sudocmd', u'description'} + find_all_keys = retrieve_all_keys + def __init__(self, command, description="Test sudo command"): super(SudoCmdTracker, self).__init__(default_version=None) self.cmd = command @@ -93,9 +96,9 @@ class SudoCmdTracker(Tracker): def check_find(self, result, all=False, raw=False): """ Checks 'sudocmd_find' command result """ if all: - expected = self.filter_attrs(self.retrieve_all_keys) + expected = self.filter_attrs(self.find_all_keys) else: - expected = self.filter_attrs(self.retrieve_keys) + expected = self.filter_attrs(self.find_keys) assert_deepequal(dict( count=1, diff --git a/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py b/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py index 2de9bca78..2b354ef51 100644 --- a/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py +++ b/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py @@ -24,6 +24,11 @@ class SudoCmdGroupTracker(Tracker): add_member_keys = retrieve_keys | {u'member_sudocmd'} + find_keys = { + u'dn', u'cn', u'description', u'member_sudocmdgroup'} + find_all_keys = find_keys | { + u'ipauniqueid', u'objectclass', u'mepmanagedentry'} + def __init__(self, name, description=u'SudoCmdGroup desc'): super(SudoCmdGroupTracker, self).__init__(default_version=None) self.cn = name @@ -168,9 +173,9 @@ class SudoCmdGroupTracker(Tracker): def check_find(self, result, all=False, raw=False): """ Checks 'sudocmdgroup_find' command result """ if all: - expected = self.filter_attrs(self.retrieve_all_keys) + expected = self.filter_attrs(self.find_all_keys) else: - expected = self.filter_attrs(self.retrieve_keys) + expected = self.filter_attrs(self.find_keys) assert_deepequal(dict( count=1, diff --git a/ipatests/test_xmlrpc/tracker/user_plugin.py b/ipatests/test_xmlrpc/tracker/user_plugin.py index 5acfc63cd..261ea69e1 100644 --- a/ipatests/test_xmlrpc/tracker/user_plugin.py +++ b/ipatests/test_xmlrpc/tracker/user_plugin.py @@ -52,7 +52,8 @@ class UserTracker(Tracker): activate_keys = retrieve_keys find_keys = retrieve_keys - { - u'mepmanagedentry', u'memberof_group', u'has_keytab', u'has_password' + u'mepmanagedentry', u'memberof_group', u'has_keytab', u'has_password', + u'manager', } find_all_keys = retrieve_all_keys - { u'has_keytab', u'has_password' |