diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-02-21 12:29:39 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 14:18:12 +0100 |
commit | d0e83dbccfdb35b1cdd4963ce4ffb2ff0627b066 (patch) | |
tree | e8a66da1fd78297cf10702903f0755171fb4cab7 | |
parent | 427317efa67c0f4b0dc27f7e605c30c944e64536 (diff) | |
download | freeipa-d0e83dbccfdb35b1cdd4963ce4ffb2ff0627b066.tar.gz freeipa-d0e83dbccfdb35b1cdd4963ce4ffb2ff0627b066.tar.xz freeipa-d0e83dbccfdb35b1cdd4963ce4ffb2ff0627b066.zip |
test_permission_plugin: Fix tests that make too broad assumptions
The test that searches with a limit of 1 assumes a specific order
LDAP returns entries in. Future patches will change this order.
Do not check the specific entry returned.
The test that searched for --bindtype assumed that no anonymous
permissions exist in a clean install. Again, this will be changed
in future patches.
Add a name to the bindtype test, and add a negatitive test to
verify the filtering works.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
-rw-r--r-- | ipatests/test_xmlrpc/test_old_permission_plugin.py | 26 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_permission_plugin.py | 46 |
2 files changed, 28 insertions, 44 deletions
diff --git a/ipatests/test_xmlrpc/test_old_permission_plugin.py b/ipatests/test_xmlrpc/test_old_permission_plugin.py index 67c0a1c3f..56dd4435c 100644 --- a/ipatests/test_xmlrpc/test_old_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_old_permission_plugin.py @@ -554,31 +554,19 @@ class test_old_permission(Declarative): # This tests setting truncated to True in the post_callback of # permission_find(). The return order in LDAP is not guaranteed - # but in practice this is the first entry it finds. This is subject - # to change. + # so do not check the actual entry. dict( desc='Search for permissions by attr with a limit of 1 (truncated)', - command=('permission_find', [], dict(attrs=u'ipaenabledflag', - sizelimit=1)), + command=('permission_find', [u'Modify'], + dict(attrs=u'ipaenabledflag', sizelimit=1)), expected=dict( count=1, truncated=True, summary=u'1 permission matched', - result=[ - { - 'dn': DN(('cn', 'Modify HBAC rule'), - api.env.container_permission, api.env.basedn), - 'cn': [u'Modify HBAC rule'], - 'objectclass': objectclasses.permission, - 'member_privilege': [u'HBAC Administrator'], - 'memberindirect_role': [u'IT Security Specialist'], - 'permissions' : [u'write'], - 'attrs': [u'servicecategory', u'sourcehostcategory', u'cn', u'description', u'ipaenabledflag', u'accesstime', u'usercategory', u'hostcategory', u'accessruletype', u'sourcehost'], - 'ipapermbindruletype': [u'permission'], - 'ipapermtarget': [DN('ipauniqueid=*', hbac_dn)], - 'subtree': u'ldap:///%s' % api.env.basedn, - }, - ], + result=[lambda res: + DN(res['dn']).endswith(DN(api.env.container_permission, + api.env.basedn)) and + 'ipapermission' in res['objectclass']], ), ), diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 251305e80..5f305aa54 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -836,36 +836,19 @@ class test_permission(Declarative): # This tests setting truncated to True in the post_callback of # permission_find(). The return order in LDAP is not guaranteed - # but in practice this is the first entry it finds. This is subject - # to change. + # so do not check the actual entry. dict( desc='Search for permissions by attr with a limit of 1 (truncated)', - command=('permission_find', [], dict(attrs=u'ipaenabledflag', - sizelimit=1)), + command=('permission_find', [u'Modify'], + dict(attrs=u'ipaenabledflag', sizelimit=1)), expected=dict( count=1, truncated=True, summary=u'1 permission matched', - result=[ - { - 'dn': DN(('cn', 'Modify HBAC rule'), - api.env.container_permission, api.env.basedn), - 'cn': [u'Modify HBAC rule'], - 'objectclass': objectclasses.permission, - 'member_privilege': [u'HBAC Administrator'], - 'memberindirect_role': [u'IT Security Specialist'], - 'ipapermright' : [u'write'], - 'attrs': [u'servicecategory', u'sourcehostcategory', - u'cn', u'description', u'ipaenabledflag', - u'accesstime', u'usercategory', - u'hostcategory', u'accessruletype', - u'sourcehost'], - 'ipapermtarget': [DN(('ipauniqueid', '*'), - ('cn', 'hbac'), api.env.basedn)], - 'ipapermbindruletype': [u'permission'], - 'ipapermlocation': [api.env.basedn], - }, - ], + result=[lambda res: + DN(res['dn']).endswith(DN(api.env.container_permission, + api.env.basedn)) and + 'ipapermission' in res['objectclass']], ), ), @@ -2830,7 +2813,8 @@ class test_permission_bindtype(Declarative): dict( desc='Search for %r using --bindtype' % permission1, - command=('permission_find', [], {'ipapermbindruletype': u'all'}), + command=('permission_find', [permission1], + {'ipapermbindruletype': u'all'}), expected=dict( count=1, truncated=False, @@ -2851,6 +2835,18 @@ class test_permission_bindtype(Declarative): ), dict( + desc='Search for %r using bad --bindtype' % permission1, + command=('permission_find', [permission1], + {'ipapermbindruletype': u'anonymous'}), + expected=dict( + count=0, + truncated=False, + summary=u'0 permissions matched', + result=[], + ), + ), + + dict( desc='Add zero permissions to %r' % (privilege1), command=('privilege_add_permission', [privilege1], {}), expected=dict( |