diff options
author | Martin Basti <mbasti@redhat.com> | 2016-05-19 13:50:38 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-05-31 14:08:54 +0200 |
commit | 5f42b42bd4557a669ab5cfcf1af6596f1a2535f1 (patch) | |
tree | 1e79933fb82d3166dd6a76be453b29728302a795 /ipatests/test_xmlrpc | |
parent | 91572afc60f590f0d81ad18234189a0b48144bf5 (diff) | |
download | freeipa-5f42b42bd4557a669ab5cfcf1af6596f1a2535f1.tar.gz freeipa-5f42b42bd4557a669ab5cfcf1af6596f1a2535f1.tar.xz freeipa-5f42b42bd4557a669ab5cfcf1af6596f1a2535f1.zip |
Performance: Find commands: do not process members by default
In all *-find commands, member attributes shouldn't be processed due
high amount fo ldpaserches cause serious performance issues. For this
reason --no-members option is set by default in CLI and API.
To get members in *-find command option --all in CLI is rquired or
'no_members=False' or 'all=True' must be set in API call.
For other commands processing of members stays unchanged. WebUI is not
affected by this change.
https://fedorahosted.org/freeipa/ticket/4995
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipatests/test_xmlrpc')
-rw-r--r-- | ipatests/test_xmlrpc/test_group_plugin.py | 54 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py | 21 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_hostgroup_plugin.py | 5 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_netgroup_plugin.py | 115 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_old_permission_plugin.py | 270 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_permission_plugin.py | 271 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_privilege_plugin.py | 58 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_role_plugin.py | 85 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_service_plugin.py | 20 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_servicedelegation_plugin.py | 30 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py | 5 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_user_plugin.py | 2 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/tracker/host_plugin.py | 5 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/tracker/hostgroup_plugin.py | 13 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/tracker/sudocmd_plugin.py | 7 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py | 9 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/tracker/user_plugin.py | 3 |
17 files changed, 921 insertions, 52 deletions
diff --git a/ipatests/test_xmlrpc/test_group_plugin.py b/ipatests/test_xmlrpc/test_group_plugin.py index 41d28f1cf..02467daed 100644 --- a/ipatests/test_xmlrpc/test_group_plugin.py +++ b/ipatests/test_xmlrpc/test_group_plugin.py @@ -177,11 +177,11 @@ class TestFindGroup(XMLRPC_test): group.ensure_exists() group.find() - def test_search_for_all_groups(self, group, group2): + def test_search_for_all_groups_with_members(self, group, group2): """ Search for all groups """ group.ensure_exists() group2.create() - command = group.make_command('group_find') + command = group.make_command('group_find', no_members=False) result = command() assert_deepequal(dict( summary=u'6 groups matched', @@ -227,6 +227,56 @@ class TestFindGroup(XMLRPC_test): }, ]), result) + + def test_search_for_all_groups(self, group, group2): + """ Search for all groups """ + group.ensure_exists() + group2.create() + command = group.make_command('group_find') + result = command() + assert_deepequal(dict( + summary=u'6 groups matched', + count=6, + truncated=False, + result=[ + { + 'dn': get_group_dn('admins'), + 'gidnumber': [fuzzy_digits], + 'cn': [u'admins'], + 'description': [u'Account administrators group'], + }, + { + 'dn': get_group_dn('editors'), + 'gidnumber': [fuzzy_digits], + 'cn': [u'editors'], + 'description': + [u'Limited admins who can edit other users'], + }, + { + 'dn': get_group_dn('ipausers'), + 'cn': [u'ipausers'], + 'description': [u'Default group for all users'], + }, + { + 'dn': get_group_dn(group.cn), + 'cn': [group.cn], + 'description': [u'Test desc1'], + 'gidnumber': [fuzzy_digits], + }, + { + 'dn': get_group_dn(group2.cn), + 'cn': [group2.cn], + 'description': [u'Test desc2'], + 'gidnumber': [fuzzy_digits], + }, + { + 'dn': get_group_dn('trust admins'), + 'cn': [u'trust admins'], + 'description': [u'Trusts administrators group'], + }, + ]), result) + + def test_search_for_all_posix(self, group, group2): """ Search for all posix groups """ command = group.make_command( diff --git a/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py b/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py index 182a76bf9..9618edba3 100644 --- a/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py @@ -162,6 +162,26 @@ class test_hbacsvcgroup(Declarative): dict( + desc='Search for %r with members' % hbacsvcgroup1, + command=('hbacsvcgroup_find', [], dict( + cn=hbacsvcgroup1, no_members=False)), + expected=dict( + count=1, + truncated=False, + summary=u'1 HBAC service group matched', + result=[ + { + 'dn': dn1, + 'member_hbacsvc': [hbacsvc1], + 'cn': [hbacsvcgroup1], + 'description': [u'Test hbacsvcgroup 1'], + }, + ], + ), + ), + + + dict( desc='Search for %r' % hbacsvcgroup1, command=('hbacsvcgroup_find', [], dict(cn=hbacsvcgroup1)), expected=dict( @@ -171,7 +191,6 @@ class test_hbacsvcgroup(Declarative): result=[ { 'dn': dn1, - 'member_hbacsvc': [hbacsvc1], 'cn': [hbacsvcgroup1], 'description': [u'Test hbacsvcgroup 1'], }, diff --git a/ipatests/test_xmlrpc/test_hostgroup_plugin.py b/ipatests/test_xmlrpc/test_hostgroup_plugin.py index 61fda819b..2e93e1013 100644 --- a/ipatests/test_xmlrpc/test_hostgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_hostgroup_plugin.py @@ -116,6 +116,11 @@ class TestHostGroup(XMLRPC_test): hostgroup.ensure_exists() hostgroup.find() + def test_search_for_hostgroup_with_all(self, hostgroup): + """ Search for hostgroup """ + hostgroup.ensure_exists() + hostgroup.find(all=True) + def test_update_hostgroup(self, hostgroup): """ Update description of hostgroup and verify """ hostgroup.ensure_exists() diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py index c03566b12..2d2df7c49 100644 --- a/ipatests/test_xmlrpc/test_netgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py @@ -406,8 +406,9 @@ class test_netgroup(Declarative): dict( - desc='Search for netgroups using no_user', - command=('netgroup_find', [], dict(no_user=user1)), + desc='Search for netgroups using no_user with members', + command=('netgroup_find', [], dict( + no_user=user1, no_members=False)), expected=dict( count=2, truncated=False, @@ -431,6 +432,32 @@ class test_netgroup(Declarative): ), ), + + dict( + desc='Search for netgroups using no_user', + command=('netgroup_find', [], dict(no_user=user1)), + expected=dict( + count=2, + truncated=False, + summary=u'2 netgroups matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup2], + 'description': [u'Test netgroup 2'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + ], + ), + ), + + dict( desc="Check %r doesn't match when searching for %s" % (netgroup1, user1), command=('netgroup_find', [], dict(user=user1)), @@ -852,8 +879,9 @@ class test_netgroup(Declarative): ), dict( - desc='Search for %r' % netgroup1, - command=('netgroup_find', [], dict(cn=netgroup1)), + desc='Search for %r with members' % netgroup1, + command=('netgroup_find', [], dict( + cn=netgroup1, no_members=False)), expected=dict( count=1, truncated=False, @@ -875,9 +903,31 @@ class test_netgroup(Declarative): ), ), + dict( - desc='Search for %r using user' % netgroup1, - command=('netgroup_find', [], dict(user=user1)), + desc='Search for %r' % netgroup1, + command=('netgroup_find', [], dict(cn=netgroup1)), + expected=dict( + count=1, + truncated=False, + summary=u'1 netgroup matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [unknown_host], + }, + ], + ), + ), + + + dict( + desc='Search for %r using user with members' % netgroup1, + command=('netgroup_find', [], dict( + user=user1, no_members=False)), expected=dict( count=1, truncated=False, @@ -899,9 +949,31 @@ class test_netgroup(Declarative): ), ), + dict( - desc='Search for all netgroups using empty member user', - command=('netgroup_find', [], dict(user=None)), + desc='Search for %r using user' % netgroup1, + command=('netgroup_find', [], dict(user=user1)), + expected=dict( + count=1, + truncated=False, + summary=u'1 netgroup matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [unknown_host], + }, + ], + ), + ), + + + dict( + desc=('Search for all netgroups using empty member user with ' + 'members'), + command=('netgroup_find', [], dict(user=None, no_members=False)), expected=dict( count=2, truncated=False, @@ -930,6 +1002,33 @@ class test_netgroup(Declarative): ), ), + + dict( + desc='Search for all netgroups using empty member user', + command=('netgroup_find', [], dict(user=None)), + expected=dict( + count=2, + truncated=False, + summary=u'2 netgroups matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [unknown_host], + }, + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup2], + 'description': [u'Test netgroup 2'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + ], + ), + ), + + dict( desc='Update %r' % netgroup1, command=('netgroup_mod', [netgroup1], diff --git a/ipatests/test_xmlrpc/test_old_permission_plugin.py b/ipatests/test_xmlrpc/test_old_permission_plugin.py index 3e086b541..38662c21f 100644 --- a/ipatests/test_xmlrpc/test_old_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_old_permission_plugin.py @@ -269,6 +269,30 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % permission1, + command=('permission_find', [permission1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -280,6 +304,30 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( + desc='Search for %r using --name with members' % permission1, + command=('permission_find', [], { + 'cn': permission1, 'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], @@ -304,7 +352,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -329,6 +376,30 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('permission_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('permission_find', [privilege1], {}), expected=dict( @@ -340,7 +411,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -353,8 +423,9 @@ class test_old_permission(Declarative): dict( - desc='Search for %r with --raw' % permission1, - command=('permission_find', [permission1], {'raw' : True}), + desc='Search for %r with --raw with members' % permission1, + command=('permission_find', [permission1], { + 'raw': True, 'no_members': False}), expected=dict( count=1, truncated=False, @@ -379,6 +450,38 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with --raw' % permission1, + command=('permission_find', [permission1], {'raw': True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'aci': [ + u'(targetfilter = "(objectclass=posixaccount)")' + u'(version 3.0;acl "permission:testperm";' + u'allow (write) groupdn = "ldap:///%s";)' % + DN( + ('cn', 'testperm'), ('cn', 'permissions'), + ('cn', 'pbac'), api.env.basedn + ) + ], + 'ipapermright': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'ipapermtargetfilter': [u'(objectclass=posixaccount)'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( desc='Create %r' % permission2, command=( 'permission_add', [permission2], dict( @@ -407,6 +510,40 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % permission1, + command=('permission_find', [permission1], {'no_members': False}), + expected=dict( + count=2, + truncated=False, + summary=u'2 permissions matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + { + 'dn': permission2_dn, + 'cn': [permission2], + 'objectclass': objectclasses.permission, + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -418,7 +555,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -486,6 +622,25 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], + 'memberof_permission': [permission1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('privilege_find', [privilege1], {}), expected=dict( @@ -497,7 +652,6 @@ class test_old_permission(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], - 'memberof_permission': [permission1], }, ], ), @@ -505,6 +659,42 @@ class test_old_permission(Declarative): dict( + desc=('Search for %r with a limit of 1 (truncated) with members' % + permission1), + command=('permission_find', [permission1], dict( + sizelimit=1, no_members=False)), + expected=dict( + count=1, + truncated=True, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + messages=({ + 'message': (u'Search result has been truncated: ' + u'Configured size limit exceeded'), + 'code': 13017, + 'type': u'warning', + 'name': u'SearchResultTruncated', + 'data': { + 'reason': u"Configured size limit exceeded" + } + },), + ), + ), + + + dict( desc='Search for %r with a limit of 1 (truncated)' % permission1, command=('permission_find', [permission1], dict(sizelimit=1)), expected=dict( @@ -516,7 +706,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -550,7 +739,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -776,9 +964,11 @@ class test_old_permission(Declarative): dict( - desc='Search for %r using --subtree' % permission1, - command=('permission_find', [], - {'subtree': u'ldap:///%s' % DN(('cn', 'accounts'), api.env.basedn)}), + desc='Search for %r using --subtree with members' % permission1, + command=('permission_find', [], { + 'subtree': u'ldap:///%s' % DN( + ('cn', 'accounts'), api.env.basedn), + 'no_members': False}), expected=dict( count=1, truncated=False, @@ -801,6 +991,32 @@ class test_old_permission(Declarative): dict( + desc='Search for %r using --subtree' % permission1, + command=('permission_find', [], { + 'subtree': u'ldap:///%s' % DN( + ('cn', 'accounts'), api.env.basedn)}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn':permission1_renamed_ucase_dn, + 'cn':[permission1_renamed_ucase], + 'objectclass': objectclasses.permission, + 'subtree':u'ldap:///%s' % DN( + ('cn', 'accounts'), api.env.basedn), + 'permissions':[u'write'], + 'memberof':u'ipausers', + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + }, + ], + ), + ), + + + dict( desc='Search using nonexistent --subtree', command=('permission_find', [], {'subtree': u'ldap:///foo=bar'}), expected=dict( @@ -813,8 +1029,9 @@ class test_old_permission(Declarative): dict( - desc='Search using --targetgroup', - command=('permission_find', [], {'targetgroup': u'ipausers'}), + desc='Search using --targetgroup with members', + command=('permission_find', [], { + 'targetgroup': u'ipausers', 'no_members': False}), expected=dict( count=1, truncated=False, @@ -842,6 +1059,33 @@ class test_old_permission(Declarative): dict( + desc='Search using --targetgroup', + command=('permission_find', [], {'targetgroup': u'ipausers'}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': DN(('cn', 'System: Add User to default group'), + api.env.container_permission, api.env.basedn), + 'cn': [u'System: Add User to default group'], + 'objectclass': objectclasses.permission, + 'attrs': [u'member'], + 'targetgroup': u'ipausers', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermtarget': [DN('cn=ipausers', groups_dn)], + 'subtree': u'ldap:///%s' % groups_dn, + 'ipapermdefaultattr': [u'member'], + 'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'], + } + ], + ), + ), + + + dict( desc='Delete %r' % permission1_renamed_ucase, command=('permission_del', [permission1_renamed_ucase], {}), expected=dict( diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index cefa93f55..938ab4bb6 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -541,6 +541,31 @@ class test_permission(Declarative): dict( + desc='Search for %r with members' % permission1, + command=('permission_find', [permission1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -552,6 +577,31 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( + desc='Search for %r using --name with members' % permission1, + command=('permission_find', [], { + 'cn': permission1, 'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, 'member_privilege': [privilege1], 'type': [u'user'], 'ipapermright': [u'write'], @@ -577,7 +627,6 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': [u'user'], 'ipapermright': [u'write'], 'attrs': [u'sn'], @@ -603,6 +652,31 @@ class test_permission(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('permission_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('permission_find', [privilege1], {}), expected=dict( @@ -614,7 +688,6 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': [u'user'], 'ipapermright': [u'write'], 'attrs': [u'sn'], @@ -628,6 +701,38 @@ class test_permission(Declarative): dict( + desc='Search for %r with --raw with members' % permission1, + command=('permission_find', [permission1], { + 'raw': True, 'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member': [privilege1_dn], + 'ipapermincludedattr': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermright': [u'write'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + 'ipapermtargetfilter': [u'(objectclass=posixaccount)'], + 'aci': ['(targetattr = "sn")' + '(targetfilter = "(objectclass=posixaccount)")' + + '(version 3.0;acl "permission:%(name)s";' + 'allow (write) groupdn = "ldap:///%(pdn)s";)' % + {'name': permission1, + 'pdn': permission1_dn}], + }, + ], + ), + ), + + + dict( desc='Search for %r with --raw' % permission1, command=('permission_find', [permission1], {'raw': True}), expected=dict( @@ -639,7 +744,6 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member': [privilege1_dn], 'ipapermincludedattr': [u'sn'], 'ipapermbindruletype': [u'permission'], 'ipapermright': [u'write'], @@ -696,6 +800,43 @@ class test_permission(Declarative): ), dict( + desc='Search for %r with members' % permission1, + command=('permission_find', [permission1], { + 'no_members': False}), + expected=dict( + count=2, + truncated=False, + summary=u'2 permissions matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + { + 'dn': permission2_dn, + 'cn': [permission2], + 'objectclass': objectclasses.permission, + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'cn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -707,7 +848,6 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': [u'user'], 'ipapermright': [u'write'], 'attrs': [u'sn'], @@ -777,6 +917,25 @@ class test_permission(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], + 'memberof_permission': [permission1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('privilege_find', [privilege1], {}), expected=dict( @@ -788,7 +947,6 @@ class test_permission(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], - 'memberof_permission': [permission1], }, ], ), @@ -796,6 +954,45 @@ class test_permission(Declarative): dict( + desc=('Search for %r with a limit of 1 (truncated) with members' % + permission1), + command=('permission_find', [permission1], + dict(sizelimit=1, no_members=False)), + expected=dict( + count=1, + truncated=True, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': [u'user'], + 'ipapermright': [u'write'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + 'ipapermlocation': [users_dn], + }, + ], + messages=( + { + 'message': (u'Search result has been truncated: ' + u'Configured size limit exceeded'), + 'code': 13017, + 'type': u'warning', + 'name': u'SearchResultTruncated', + 'data': { + 'reason': u"Configured size limit exceeded" + } + }, + ), + ), + ), + + + dict( desc='Search for %r with a limit of 1 (truncated)' % permission1, command=('permission_find', [permission1], dict(sizelimit=1)), expected=dict( @@ -807,7 +1004,6 @@ class test_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': [u'user'], 'ipapermright': [u'write'], 'attrs': [u'sn'], @@ -850,7 +1046,6 @@ class test_permission(Declarative): 'ipapermbindruletype': [u'permission'], 'ipapermissiontype': [u'SYSTEM', u'V2'], 'ipapermlocation': [users_dn], - 'member_privilege': [privilege1], }, { 'dn': permission2_dn, @@ -1179,6 +1374,34 @@ class test_permission(Declarative): ), dict( + desc=('Search for %r using --subtree with membes' % + permission1_renamed_ucase), + command=('permission_find', [], + {'ipapermlocation': u'ldap:///%s' % admin_dn, + 'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn':permission1_renamed_ucase_dn, + 'cn':[permission1_renamed_ucase], + 'objectclass': objectclasses.permission, + 'member_privilege':[privilege1], + 'ipapermlocation': [admin_dn], + 'ipapermright':[u'write'], + 'memberof':[u'ipausers'], + 'attrs': [u'sn'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'SYSTEM', u'V2'], + }, + ], + ), + ), + + + dict( desc='Search for %r using --subtree' % permission1_renamed_ucase, command=('permission_find', [], {'ipapermlocation': u'ldap:///%s' % admin_dn}), @@ -1191,7 +1414,6 @@ class test_permission(Declarative): 'dn':permission1_renamed_ucase_dn, 'cn':[permission1_renamed_ucase], 'objectclass': objectclasses.permission, - 'member_privilege':[privilege1], 'ipapermlocation': [admin_dn], 'ipapermright':[u'write'], 'memberof':[u'ipausers'], @@ -1213,8 +1435,9 @@ class test_permission(Declarative): dict( - desc='Search using --targetgroup', - command=('permission_find', [], {'targetgroup': u'ipausers'}), + desc='Search using --targetgroup with members', + command=('permission_find', [], { + 'targetgroup': u'ipausers', 'no_members': False}), expected=dict( count=1, truncated=False, @@ -1244,6 +1467,34 @@ class test_permission(Declarative): dict( + desc='Search using --targetgroup', + command=('permission_find', [], {'targetgroup': u'ipausers'}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': DN(('cn', 'System: Add User to default group'), + api.env.container_permission, api.env.basedn), + 'cn': [u'System: Add User to default group'], + 'objectclass': objectclasses.permission, + 'attrs': [u'member'], + 'targetgroup': [u'ipausers'], + 'ipapermright': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermtarget': [DN( + 'cn=ipausers', api.env.container_group, + api.env.basedn)], + 'ipapermlocation': [groups_dn], + 'ipapermdefaultattr': [u'member'], + 'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'], + } + ], + ), + ), + + dict( desc='Delete %r' % permission1_renamed_ucase, command=('permission_del', [permission1_renamed_ucase], {}), expected=dict( diff --git a/ipatests/test_xmlrpc/test_privilege_plugin.py b/ipatests/test_xmlrpc/test_privilege_plugin.py index ce9afe2fd..c80cfef7d 100644 --- a/ipatests/test_xmlrpc/test_privilege_plugin.py +++ b/ipatests/test_xmlrpc/test_privilege_plugin.py @@ -172,6 +172,25 @@ class test_privilege(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], + 'memberof_permission': [permission1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('privilege_find', [privilege1], {}), expected=dict( @@ -183,6 +202,24 @@ class test_privilege(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], + }, + ], + ), + ), + + + dict( + desc='Search for %r with members' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], 'memberof_permission': [permission1], }, ], @@ -202,7 +239,6 @@ class test_privilege(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], - 'memberof_permission': [permission1], }, ], ), @@ -281,6 +317,25 @@ class test_privilege(Declarative): dict( + desc='Search for %r with memebers' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], + 'memberof_permission': [permission1, permission2], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('privilege_find', [privilege1], {}), expected=dict( @@ -292,7 +347,6 @@ class test_privilege(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], - 'memberof_permission': [permission1, permission2], }, ], ), diff --git a/ipatests/test_xmlrpc/test_role_plugin.py b/ipatests/test_xmlrpc/test_role_plugin.py index d06daac69..2c368b351 100644 --- a/ipatests/test_xmlrpc/test_role_plugin.py +++ b/ipatests/test_xmlrpc/test_role_plugin.py @@ -292,6 +292,26 @@ class test_role(Declarative): dict( + desc='Search for %r with members' % role1, + command=('role_find', [role1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 role matched', + result=[ + { + 'dn': role1_dn, + 'cn': [role1], + 'description': [u'role desc 1'], + 'member_group': [group1], + 'memberof_privilege': [privilege1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % role1, command=('role_find', [role1], {}), expected=dict( @@ -303,6 +323,24 @@ class test_role(Declarative): 'dn': role1_dn, 'cn': [role1], 'description': [u'role desc 1'], + }, + ], + ), + ), + + + dict( + desc='Search for %r with members' % search, + command=('role_find', [search], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 role matched', + result=[ + { + 'dn': role1_dn, + 'cn': [role1], + 'description': [u'role desc 1'], 'member_group': [group1], 'memberof_privilege': [privilege1], }, @@ -323,8 +361,6 @@ class test_role(Declarative): 'dn': role1_dn, 'cn': [role1], 'description': [u'role desc 1'], - 'member_group': [group1], - 'memberof_privilege': [privilege1], }, ], ), @@ -350,6 +386,26 @@ class test_role(Declarative): dict( + desc='Search for %r with members' % role1, + command=('role_find', [role1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 role matched', + result=[ + { + 'dn': role1_dn, + 'cn': [role1], + 'description': [u'role desc 1'], + 'member_group': [group1], + 'memberof_privilege': [privilege1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % role1, command=('role_find', [role1], {}), expected=dict( @@ -361,9 +417,32 @@ class test_role(Declarative): 'dn': role1_dn, 'cn': [role1], 'description': [u'role desc 1'], + }, + ], + ), + ), + + + dict( + desc='Search for %r with members' % search, + command=('role_find', [search], {'no_members': False}), + expected=dict( + count=2, + truncated=False, + summary=u'2 roles matched', + result=[ + { + 'dn': role1_dn, + 'cn': [role1], + 'description': [u'role desc 1'], 'member_group': [group1], 'memberof_privilege': [privilege1], }, + { + 'dn': role2_dn, + 'cn': [role2], + 'description': [u'role desc 2'], + }, ], ), ), @@ -381,8 +460,6 @@ class test_role(Declarative): 'dn': role1_dn, 'cn': [role1], 'description': [u'role desc 1'], - 'member_group': [group1], - 'memberof_privilege': [privilege1], }, { 'dn': role2_dn, diff --git a/ipatests/test_xmlrpc/test_service_plugin.py b/ipatests/test_xmlrpc/test_service_plugin.py index 9bd082916..663e1f36d 100644 --- a/ipatests/test_xmlrpc/test_service_plugin.py +++ b/ipatests/test_xmlrpc/test_service_plugin.py @@ -251,6 +251,25 @@ class test_service(Declarative): dict( + desc='Search for %r with members' % service1, + command=('service_find', [service1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 service matched', + result=[ + dict( + dn=service1dn, + krbprincipalname=[service1], + managedby_host=[fqdn1], + has_keytab=False, + ), + ], + ), + ), + + + dict( desc='Search for %r' % service1, command=('service_find', [service1], {}), expected=dict( @@ -261,7 +280,6 @@ class test_service(Declarative): dict( dn=service1dn, krbprincipalname=[service1], - managedby_host=[fqdn1], has_keytab=False, ), ], diff --git a/ipatests/test_xmlrpc/test_servicedelegation_plugin.py b/ipatests/test_xmlrpc/test_servicedelegation_plugin.py index 02dc0800f..bf7897581 100644 --- a/ipatests/test_xmlrpc/test_servicedelegation_plugin.py +++ b/ipatests/test_xmlrpc/test_servicedelegation_plugin.py @@ -134,8 +134,8 @@ class test_servicedelegation(Declarative): dict( - desc='Search for all rules', - command=('servicedelegationrule_find', [], {}), + desc='Search for all rules with members', + command=('servicedelegationrule_find', [], {'no_members': False}), expected=dict( summary=u'3 service delegation rules matched', count=3, @@ -163,6 +163,32 @@ class test_servicedelegation(Declarative): dict( + desc='Search for all rules', + command=('servicedelegationrule_find', [], {}), + expected=dict( + summary=u'3 service delegation rules matched', + count=3, + truncated=False, + result=[ + { + 'dn': get_servicedelegation_dn(u'ipa-http-delegation'), + 'cn': [u'ipa-http-delegation'], + 'memberprincipal': [princ1], + }, + dict( + dn=get_servicedelegation_dn(rule2), + cn=[rule2], + ), + dict( + dn=get_servicedelegation_dn(rule1), + cn=[rule1], + ), + ], + ), + ), + + + dict( desc='Create target %r' % target1, command=( 'servicedelegationtarget_add', [target1], {} diff --git a/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py b/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py index 3f5879c4d..be47de980 100644 --- a/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py @@ -152,6 +152,11 @@ class TestSudoCmdGroupSCRUD(XMLRPC_test): sudocmdgroup1.ensure_exists() sudocmdgroup1.find() + def test_search_all(self, sudocmdgroup1): + """ Search for sudocmdgroup """ + sudocmdgroup1.ensure_exists() + sudocmdgroup1.find(all=True) + def test_create_another(self, sudocmdgroup2): """ Create a second sudocmdgroup """ sudocmdgroup2.create() diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py index c576394dd..975b2b876 100644 --- a/ipatests/test_xmlrpc/test_user_plugin.py +++ b/ipatests/test_xmlrpc/test_user_plugin.py @@ -691,7 +691,7 @@ class TestManagers(XMLRPC_test): """ Find user by his manager's UID """ command = user.make_find_command(manager=user2.uid) result = command() - user.check_find(result, expected_override=dict(manager=[user2.uid])) + user.check_find(result) def test_delete_both_user_and_manager(self, user, user2): """ Delete both user and its manager at once """ diff --git a/ipatests/test_xmlrpc/tracker/host_plugin.py b/ipatests/test_xmlrpc/tracker/host_plugin.py index d8b59b989..d54901fa5 100644 --- a/ipatests/test_xmlrpc/tracker/host_plugin.py +++ b/ipatests/test_xmlrpc/tracker/host_plugin.py @@ -43,7 +43,10 @@ class HostTracker(Tracker): update_keys = retrieve_keys - {'dn'} managedby_keys = retrieve_keys - {'has_keytab', 'has_password'} allowedto_keys = retrieve_keys - {'has_keytab', 'has_password'} - find_keys = retrieve_keys - {'has_keytab', 'has_password'} + find_keys = retrieve_keys - { + 'has_keytab', 'has_password', 'memberof_hostgroup', + 'memberofindirect_hostgroup', 'managedby_host', + } find_all_keys = retrieve_all_keys - {'has_keytab', 'has_password'} def __init__(self, name, fqdn=None, default_version=None): diff --git a/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py b/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py index 77b43b9d3..8b63c90b0 100644 --- a/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py +++ b/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py @@ -24,6 +24,15 @@ class HostGroupTracker(Tracker): add_member_keys = retrieve_keys | {u'member_host'} + find_keys = { + u'dn', u'cn', u'description', + } + find_all_keys = { + u'dn', u'cn', u'member_host', u'description', u'member_hostgroup', + u'memberindirect_host', u'ipauniqueid', u'objectclass', + u'mepmanagedentry', + } + def __init__(self, name, description=u'HostGroup desc'): super(HostGroupTracker, self).__init__(default_version=None) self.cn = name @@ -182,9 +191,9 @@ class HostGroupTracker(Tracker): def check_find(self, result, all=False, raw=False): """ Checks 'hostgroup_find' command result """ if all: - expected = self.filter_attrs(self.retrieve_all_keys) + expected = self.filter_attrs(self.find_all_keys) else: - expected = self.filter_attrs(self.retrieve_keys) + expected = self.filter_attrs(self.find_keys) assert_deepequal(dict( count=1, diff --git a/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py b/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py index eb72e4ba2..003d39ac0 100644 --- a/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py +++ b/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py @@ -18,6 +18,9 @@ class SudoCmdTracker(Tracker): create_keys = retrieve_all_keys update_keys = retrieve_keys - {u'dn'} + find_keys = {u'dn', u'sudocmd', u'description'} + find_all_keys = retrieve_all_keys + def __init__(self, command, description="Test sudo command"): super(SudoCmdTracker, self).__init__(default_version=None) self.cmd = command @@ -93,9 +96,9 @@ class SudoCmdTracker(Tracker): def check_find(self, result, all=False, raw=False): """ Checks 'sudocmd_find' command result """ if all: - expected = self.filter_attrs(self.retrieve_all_keys) + expected = self.filter_attrs(self.find_all_keys) else: - expected = self.filter_attrs(self.retrieve_keys) + expected = self.filter_attrs(self.find_keys) assert_deepequal(dict( count=1, diff --git a/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py b/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py index 2de9bca78..2b354ef51 100644 --- a/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py +++ b/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py @@ -24,6 +24,11 @@ class SudoCmdGroupTracker(Tracker): add_member_keys = retrieve_keys | {u'member_sudocmd'} + find_keys = { + u'dn', u'cn', u'description', u'member_sudocmdgroup'} + find_all_keys = find_keys | { + u'ipauniqueid', u'objectclass', u'mepmanagedentry'} + def __init__(self, name, description=u'SudoCmdGroup desc'): super(SudoCmdGroupTracker, self).__init__(default_version=None) self.cn = name @@ -168,9 +173,9 @@ class SudoCmdGroupTracker(Tracker): def check_find(self, result, all=False, raw=False): """ Checks 'sudocmdgroup_find' command result """ if all: - expected = self.filter_attrs(self.retrieve_all_keys) + expected = self.filter_attrs(self.find_all_keys) else: - expected = self.filter_attrs(self.retrieve_keys) + expected = self.filter_attrs(self.find_keys) assert_deepequal(dict( count=1, diff --git a/ipatests/test_xmlrpc/tracker/user_plugin.py b/ipatests/test_xmlrpc/tracker/user_plugin.py index 5acfc63cd..261ea69e1 100644 --- a/ipatests/test_xmlrpc/tracker/user_plugin.py +++ b/ipatests/test_xmlrpc/tracker/user_plugin.py @@ -52,7 +52,8 @@ class UserTracker(Tracker): activate_keys = retrieve_keys find_keys = retrieve_keys - { - u'mepmanagedentry', u'memberof_group', u'has_keytab', u'has_password' + u'mepmanagedentry', u'memberof_group', u'has_keytab', u'has_password', + u'manager', } find_all_keys = retrieve_all_keys - { u'has_keytab', u'has_password' |