summaryrefslogtreecommitdiffstats
path: root/ipatests/test_xmlrpc
diff options
context:
space:
mode:
authorMartin Basti <mbasti@redhat.com>2016-05-19 13:50:38 +0200
committerMartin Basti <mbasti@redhat.com>2016-05-31 14:08:54 +0200
commit5f42b42bd4557a669ab5cfcf1af6596f1a2535f1 (patch)
tree1e79933fb82d3166dd6a76be453b29728302a795 /ipatests/test_xmlrpc
parent91572afc60f590f0d81ad18234189a0b48144bf5 (diff)
downloadfreeipa-5f42b42bd4557a669ab5cfcf1af6596f1a2535f1.tar.gz
freeipa-5f42b42bd4557a669ab5cfcf1af6596f1a2535f1.tar.xz
freeipa-5f42b42bd4557a669ab5cfcf1af6596f1a2535f1.zip
Performance: Find commands: do not process members by default
In all *-find commands, member attributes shouldn't be processed due high amount fo ldpaserches cause serious performance issues. For this reason --no-members option is set by default in CLI and API. To get members in *-find command option --all in CLI is rquired or 'no_members=False' or 'all=True' must be set in API call. For other commands processing of members stays unchanged. WebUI is not affected by this change. https://fedorahosted.org/freeipa/ticket/4995 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipatests/test_xmlrpc')
-rw-r--r--ipatests/test_xmlrpc/test_group_plugin.py54
-rw-r--r--ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py21
-rw-r--r--ipatests/test_xmlrpc/test_hostgroup_plugin.py5
-rw-r--r--ipatests/test_xmlrpc/test_netgroup_plugin.py115
-rw-r--r--ipatests/test_xmlrpc/test_old_permission_plugin.py270
-rw-r--r--ipatests/test_xmlrpc/test_permission_plugin.py271
-rw-r--r--ipatests/test_xmlrpc/test_privilege_plugin.py58
-rw-r--r--ipatests/test_xmlrpc/test_role_plugin.py85
-rw-r--r--ipatests/test_xmlrpc/test_service_plugin.py20
-rw-r--r--ipatests/test_xmlrpc/test_servicedelegation_plugin.py30
-rw-r--r--ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py5
-rw-r--r--ipatests/test_xmlrpc/test_user_plugin.py2
-rw-r--r--ipatests/test_xmlrpc/tracker/host_plugin.py5
-rw-r--r--ipatests/test_xmlrpc/tracker/hostgroup_plugin.py13
-rw-r--r--ipatests/test_xmlrpc/tracker/sudocmd_plugin.py7
-rw-r--r--ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py9
-rw-r--r--ipatests/test_xmlrpc/tracker/user_plugin.py3
17 files changed, 921 insertions, 52 deletions
diff --git a/ipatests/test_xmlrpc/test_group_plugin.py b/ipatests/test_xmlrpc/test_group_plugin.py
index 41d28f1cf..02467daed 100644
--- a/ipatests/test_xmlrpc/test_group_plugin.py
+++ b/ipatests/test_xmlrpc/test_group_plugin.py
@@ -177,11 +177,11 @@ class TestFindGroup(XMLRPC_test):
group.ensure_exists()
group.find()
- def test_search_for_all_groups(self, group, group2):
+ def test_search_for_all_groups_with_members(self, group, group2):
""" Search for all groups """
group.ensure_exists()
group2.create()
- command = group.make_command('group_find')
+ command = group.make_command('group_find', no_members=False)
result = command()
assert_deepequal(dict(
summary=u'6 groups matched',
@@ -227,6 +227,56 @@ class TestFindGroup(XMLRPC_test):
},
]), result)
+
+ def test_search_for_all_groups(self, group, group2):
+ """ Search for all groups """
+ group.ensure_exists()
+ group2.create()
+ command = group.make_command('group_find')
+ result = command()
+ assert_deepequal(dict(
+ summary=u'6 groups matched',
+ count=6,
+ truncated=False,
+ result=[
+ {
+ 'dn': get_group_dn('admins'),
+ 'gidnumber': [fuzzy_digits],
+ 'cn': [u'admins'],
+ 'description': [u'Account administrators group'],
+ },
+ {
+ 'dn': get_group_dn('editors'),
+ 'gidnumber': [fuzzy_digits],
+ 'cn': [u'editors'],
+ 'description':
+ [u'Limited admins who can edit other users'],
+ },
+ {
+ 'dn': get_group_dn('ipausers'),
+ 'cn': [u'ipausers'],
+ 'description': [u'Default group for all users'],
+ },
+ {
+ 'dn': get_group_dn(group.cn),
+ 'cn': [group.cn],
+ 'description': [u'Test desc1'],
+ 'gidnumber': [fuzzy_digits],
+ },
+ {
+ 'dn': get_group_dn(group2.cn),
+ 'cn': [group2.cn],
+ 'description': [u'Test desc2'],
+ 'gidnumber': [fuzzy_digits],
+ },
+ {
+ 'dn': get_group_dn('trust admins'),
+ 'cn': [u'trust admins'],
+ 'description': [u'Trusts administrators group'],
+ },
+ ]), result)
+
+
def test_search_for_all_posix(self, group, group2):
""" Search for all posix groups """
command = group.make_command(
diff --git a/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py b/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py
index 182a76bf9..9618edba3 100644
--- a/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py
+++ b/ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py
@@ -162,6 +162,26 @@ class test_hbacsvcgroup(Declarative):
dict(
+ desc='Search for %r with members' % hbacsvcgroup1,
+ command=('hbacsvcgroup_find', [], dict(
+ cn=hbacsvcgroup1, no_members=False)),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 HBAC service group matched',
+ result=[
+ {
+ 'dn': dn1,
+ 'member_hbacsvc': [hbacsvc1],
+ 'cn': [hbacsvcgroup1],
+ 'description': [u'Test hbacsvcgroup 1'],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % hbacsvcgroup1,
command=('hbacsvcgroup_find', [], dict(cn=hbacsvcgroup1)),
expected=dict(
@@ -171,7 +191,6 @@ class test_hbacsvcgroup(Declarative):
result=[
{
'dn': dn1,
- 'member_hbacsvc': [hbacsvc1],
'cn': [hbacsvcgroup1],
'description': [u'Test hbacsvcgroup 1'],
},
diff --git a/ipatests/test_xmlrpc/test_hostgroup_plugin.py b/ipatests/test_xmlrpc/test_hostgroup_plugin.py
index 61fda819b..2e93e1013 100644
--- a/ipatests/test_xmlrpc/test_hostgroup_plugin.py
+++ b/ipatests/test_xmlrpc/test_hostgroup_plugin.py
@@ -116,6 +116,11 @@ class TestHostGroup(XMLRPC_test):
hostgroup.ensure_exists()
hostgroup.find()
+ def test_search_for_hostgroup_with_all(self, hostgroup):
+ """ Search for hostgroup """
+ hostgroup.ensure_exists()
+ hostgroup.find(all=True)
+
def test_update_hostgroup(self, hostgroup):
""" Update description of hostgroup and verify """
hostgroup.ensure_exists()
diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py
index c03566b12..2d2df7c49 100644
--- a/ipatests/test_xmlrpc/test_netgroup_plugin.py
+++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py
@@ -406,8 +406,9 @@ class test_netgroup(Declarative):
dict(
- desc='Search for netgroups using no_user',
- command=('netgroup_find', [], dict(no_user=user1)),
+ desc='Search for netgroups using no_user with members',
+ command=('netgroup_find', [], dict(
+ no_user=user1, no_members=False)),
expected=dict(
count=2,
truncated=False,
@@ -431,6 +432,32 @@ class test_netgroup(Declarative):
),
),
+
+ dict(
+ desc='Search for netgroups using no_user',
+ command=('netgroup_find', [], dict(no_user=user1)),
+ expected=dict(
+ count=2,
+ truncated=False,
+ summary=u'2 netgroups matched',
+ result=[
+ {
+ 'dn': fuzzy_netgroupdn,
+ 'cn': [netgroup1],
+ 'description': [u'Test netgroup 1'],
+ 'nisdomainname': [u'%s' % api.env.domain],
+ },
+ {
+ 'dn': fuzzy_netgroupdn,
+ 'cn': [netgroup2],
+ 'description': [u'Test netgroup 2'],
+ 'nisdomainname': [u'%s' % api.env.domain],
+ },
+ ],
+ ),
+ ),
+
+
dict(
desc="Check %r doesn't match when searching for %s" % (netgroup1, user1),
command=('netgroup_find', [], dict(user=user1)),
@@ -852,8 +879,9 @@ class test_netgroup(Declarative):
),
dict(
- desc='Search for %r' % netgroup1,
- command=('netgroup_find', [], dict(cn=netgroup1)),
+ desc='Search for %r with members' % netgroup1,
+ command=('netgroup_find', [], dict(
+ cn=netgroup1, no_members=False)),
expected=dict(
count=1,
truncated=False,
@@ -875,9 +903,31 @@ class test_netgroup(Declarative):
),
),
+
dict(
- desc='Search for %r using user' % netgroup1,
- command=('netgroup_find', [], dict(user=user1)),
+ desc='Search for %r' % netgroup1,
+ command=('netgroup_find', [], dict(cn=netgroup1)),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 netgroup matched',
+ result=[
+ {
+ 'dn': fuzzy_netgroupdn,
+ 'cn': [netgroup1],
+ 'description': [u'Test netgroup 1'],
+ 'nisdomainname': [u'%s' % api.env.domain],
+ 'externalhost': [unknown_host],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
+ desc='Search for %r using user with members' % netgroup1,
+ command=('netgroup_find', [], dict(
+ user=user1, no_members=False)),
expected=dict(
count=1,
truncated=False,
@@ -899,9 +949,31 @@ class test_netgroup(Declarative):
),
),
+
dict(
- desc='Search for all netgroups using empty member user',
- command=('netgroup_find', [], dict(user=None)),
+ desc='Search for %r using user' % netgroup1,
+ command=('netgroup_find', [], dict(user=user1)),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 netgroup matched',
+ result=[
+ {
+ 'dn': fuzzy_netgroupdn,
+ 'cn': [netgroup1],
+ 'description': [u'Test netgroup 1'],
+ 'nisdomainname': [u'%s' % api.env.domain],
+ 'externalhost': [unknown_host],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
+ desc=('Search for all netgroups using empty member user with '
+ 'members'),
+ command=('netgroup_find', [], dict(user=None, no_members=False)),
expected=dict(
count=2,
truncated=False,
@@ -930,6 +1002,33 @@ class test_netgroup(Declarative):
),
),
+
+ dict(
+ desc='Search for all netgroups using empty member user',
+ command=('netgroup_find', [], dict(user=None)),
+ expected=dict(
+ count=2,
+ truncated=False,
+ summary=u'2 netgroups matched',
+ result=[
+ {
+ 'dn': fuzzy_netgroupdn,
+ 'cn': [netgroup1],
+ 'description': [u'Test netgroup 1'],
+ 'nisdomainname': [u'%s' % api.env.domain],
+ 'externalhost': [unknown_host],
+ },
+ {
+ 'dn': fuzzy_netgroupdn,
+ 'cn': [netgroup2],
+ 'description': [u'Test netgroup 2'],
+ 'nisdomainname': [u'%s' % api.env.domain],
+ },
+ ],
+ ),
+ ),
+
+
dict(
desc='Update %r' % netgroup1,
command=('netgroup_mod', [netgroup1],
diff --git a/ipatests/test_xmlrpc/test_old_permission_plugin.py b/ipatests/test_xmlrpc/test_old_permission_plugin.py
index 3e086b541..38662c21f 100644
--- a/ipatests/test_xmlrpc/test_old_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_old_permission_plugin.py
@@ -269,6 +269,30 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r with members' % permission1,
+ command=('permission_find', [permission1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}),
expected=dict(
@@ -280,6 +304,30 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
+ desc='Search for %r using --name with members' % permission1,
+ command=('permission_find', [], {
+ 'cn': permission1, 'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
@@ -304,7 +352,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -329,6 +376,30 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r with members' % privilege1,
+ command=('permission_find', [privilege1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % privilege1,
command=('permission_find', [privilege1], {}),
expected=dict(
@@ -340,7 +411,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -353,8 +423,9 @@ class test_old_permission(Declarative):
dict(
- desc='Search for %r with --raw' % permission1,
- command=('permission_find', [permission1], {'raw' : True}),
+ desc='Search for %r with --raw with members' % permission1,
+ command=('permission_find', [permission1], {
+ 'raw': True, 'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -379,6 +450,38 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r with --raw' % permission1,
+ command=('permission_find', [permission1], {'raw': True}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'aci': [
+ u'(targetfilter = "(objectclass=posixaccount)")'
+ u'(version 3.0;acl "permission:testperm";'
+ u'allow (write) groupdn = "ldap:///%s";)' %
+ DN(
+ ('cn', 'testperm'), ('cn', 'permissions'),
+ ('cn', 'pbac'), api.env.basedn
+ )
+ ],
+ 'ipapermright': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
+ 'ipapermlocation': [users_dn],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Create %r' % permission2,
command=(
'permission_add', [permission2], dict(
@@ -407,6 +510,40 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r with members' % permission1,
+ command=('permission_find', [permission1], {'no_members': False}),
+ expected=dict(
+ count=2,
+ truncated=False,
+ summary=u'2 permissions matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ {
+ 'dn': permission2_dn,
+ 'cn': [permission2],
+ 'objectclass': objectclasses.permission,
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}),
expected=dict(
@@ -418,7 +555,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -486,6 +622,25 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r with members' % privilege1,
+ command=('privilege_find', [privilege1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 privilege matched',
+ result=[
+ {
+ 'dn': privilege1_dn,
+ 'cn': [privilege1],
+ 'description': [u'privilege desc. 1'],
+ 'memberof_permission': [permission1],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}),
expected=dict(
@@ -497,7 +652,6 @@ class test_old_permission(Declarative):
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
- 'memberof_permission': [permission1],
},
],
),
@@ -505,6 +659,42 @@ class test_old_permission(Declarative):
dict(
+ desc=('Search for %r with a limit of 1 (truncated) with members' %
+ permission1),
+ command=('permission_find', [permission1], dict(
+ sizelimit=1, no_members=False)),
+ expected=dict(
+ count=1,
+ truncated=True,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ ],
+ messages=({
+ 'message': (u'Search result has been truncated: '
+ u'Configured size limit exceeded'),
+ 'code': 13017,
+ 'type': u'warning',
+ 'name': u'SearchResultTruncated',
+ 'data': {
+ 'reason': u"Configured size limit exceeded"
+ }
+ },),
+ ),
+ ),
+
+
+ dict(
desc='Search for %r with a limit of 1 (truncated)' % permission1,
command=('permission_find', [permission1], dict(sizelimit=1)),
expected=dict(
@@ -516,7 +706,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -550,7 +739,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -776,9 +964,11 @@ class test_old_permission(Declarative):
dict(
- desc='Search for %r using --subtree' % permission1,
- command=('permission_find', [],
- {'subtree': u'ldap:///%s' % DN(('cn', 'accounts'), api.env.basedn)}),
+ desc='Search for %r using --subtree with members' % permission1,
+ command=('permission_find', [], {
+ 'subtree': u'ldap:///%s' % DN(
+ ('cn', 'accounts'), api.env.basedn),
+ 'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -801,6 +991,32 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r using --subtree' % permission1,
+ command=('permission_find', [], {
+ 'subtree': u'ldap:///%s' % DN(
+ ('cn', 'accounts'), api.env.basedn)}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn':permission1_renamed_ucase_dn,
+ 'cn':[permission1_renamed_ucase],
+ 'objectclass': objectclasses.permission,
+ 'subtree':u'ldap:///%s' % DN(
+ ('cn', 'accounts'), api.env.basedn),
+ 'permissions':[u'write'],
+ 'memberof':u'ipausers',
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search using nonexistent --subtree',
command=('permission_find', [], {'subtree': u'ldap:///foo=bar'}),
expected=dict(
@@ -813,8 +1029,9 @@ class test_old_permission(Declarative):
dict(
- desc='Search using --targetgroup',
- command=('permission_find', [], {'targetgroup': u'ipausers'}),
+ desc='Search using --targetgroup with members',
+ command=('permission_find', [], {
+ 'targetgroup': u'ipausers', 'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -842,6 +1059,33 @@ class test_old_permission(Declarative):
dict(
+ desc='Search using --targetgroup',
+ command=('permission_find', [], {'targetgroup': u'ipausers'}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': DN(('cn', 'System: Add User to default group'),
+ api.env.container_permission, api.env.basedn),
+ 'cn': [u'System: Add User to default group'],
+ 'objectclass': objectclasses.permission,
+ 'attrs': [u'member'],
+ 'targetgroup': u'ipausers',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermtarget': [DN('cn=ipausers', groups_dn)],
+ 'subtree': u'ldap:///%s' % groups_dn,
+ 'ipapermdefaultattr': [u'member'],
+ 'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'],
+ }
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Delete %r' % permission1_renamed_ucase,
command=('permission_del', [permission1_renamed_ucase], {}),
expected=dict(
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py
index cefa93f55..938ab4bb6 100644
--- a/ipatests/test_xmlrpc/test_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_permission_plugin.py
@@ -541,6 +541,31 @@ class test_permission(Declarative):
dict(
+ desc='Search for %r with members' % permission1,
+ command=('permission_find', [permission1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': [u'user'],
+ 'ipapermright': [u'write'],
+ 'attrs': [u'sn'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'SYSTEM', u'V2'],
+ 'ipapermlocation': [users_dn],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}),
expected=dict(
@@ -552,6 +577,31 @@ class test_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
+ 'type': [u'user'],
+ 'ipapermright': [u'write'],
+ 'attrs': [u'sn'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'SYSTEM', u'V2'],
+ 'ipapermlocation': [users_dn],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
+ desc='Search for %r using --name with members' % permission1,
+ command=('permission_find', [], {
+ 'cn': permission1, 'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': [u'user'],
'ipapermright': [u'write'],
@@ -577,7 +627,6 @@ class test_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': [u'user'],
'ipapermright': [u'write'],
'attrs': [u'sn'],
@@ -603,6 +652,31 @@ class test_permission(Declarative):
dict(
+ desc='Search for %r with members' % privilege1,
+ command=('permission_find', [privilege1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': [u'user'],
+ 'ipapermright': [u'write'],
+ 'attrs': [u'sn'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'SYSTEM', u'V2'],
+ 'ipapermlocation': [users_dn],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % privilege1,
command=('permission_find', [privilege1], {}),
expected=dict(
@@ -614,7 +688,6 @@ class test_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': [u'user'],
'ipapermright': [u'write'],
'attrs': [u'sn'],
@@ -628,6 +701,38 @@ class test_permission(Declarative):
dict(
+ desc='Search for %r with --raw with members' % permission1,
+ command=('permission_find', [permission1], {
+ 'raw': True, 'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member': [privilege1_dn],
+ 'ipapermincludedattr': [u'sn'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermright': [u'write'],
+ 'ipapermissiontype': [u'SYSTEM', u'V2'],
+ 'ipapermlocation': [users_dn],
+ 'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
+ 'aci': ['(targetattr = "sn")'
+ '(targetfilter = "(objectclass=posixaccount)")' +
+ '(version 3.0;acl "permission:%(name)s";'
+ 'allow (write) groupdn = "ldap:///%(pdn)s";)' %
+ {'name': permission1,
+ 'pdn': permission1_dn}],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r with --raw' % permission1,
command=('permission_find', [permission1], {'raw': True}),
expected=dict(
@@ -639,7 +744,6 @@ class test_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member': [privilege1_dn],
'ipapermincludedattr': [u'sn'],
'ipapermbindruletype': [u'permission'],
'ipapermright': [u'write'],
@@ -696,6 +800,43 @@ class test_permission(Declarative):
),
dict(
+ desc='Search for %r with members' % permission1,
+ command=('permission_find', [permission1], {
+ 'no_members': False}),
+ expected=dict(
+ count=2,
+ truncated=False,
+ summary=u'2 permissions matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': [u'user'],
+ 'ipapermright': [u'write'],
+ 'attrs': [u'sn'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'SYSTEM', u'V2'],
+ 'ipapermlocation': [users_dn],
+ },
+ {
+ 'dn': permission2_dn,
+ 'cn': [permission2],
+ 'objectclass': objectclasses.permission,
+ 'type': [u'user'],
+ 'ipapermright': [u'write'],
+ 'attrs': [u'cn'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'SYSTEM', u'V2'],
+ 'ipapermlocation': [users_dn],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}),
expected=dict(
@@ -707,7 +848,6 @@ class test_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': [u'user'],
'ipapermright': [u'write'],
'attrs': [u'sn'],
@@ -777,6 +917,25 @@ class test_permission(Declarative):
dict(
+ desc='Search for %r with members' % privilege1,
+ command=('privilege_find', [privilege1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 privilege matched',
+ result=[
+ {
+ 'dn': privilege1_dn,
+ 'cn': [privilege1],
+ 'description': [u'privilege desc. 1'],
+ 'memberof_permission': [permission1],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}),
expected=dict(
@@ -788,7 +947,6 @@ class test_permission(Declarative):
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
- 'memberof_permission': [permission1],
},
],
),
@@ -796,6 +954,45 @@ class test_permission(Declarative):
dict(
+ desc=('Search for %r with a limit of 1 (truncated) with members' %
+ permission1),
+ command=('permission_find', [permission1],
+ dict(sizelimit=1, no_members=False)),
+ expected=dict(
+ count=1,
+ truncated=True,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': [u'user'],
+ 'ipapermright': [u'write'],
+ 'attrs': [u'sn'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'SYSTEM', u'V2'],
+ 'ipapermlocation': [users_dn],
+ },
+ ],
+ messages=(
+ {
+ 'message': (u'Search result has been truncated: '
+ u'Configured size limit exceeded'),
+ 'code': 13017,
+ 'type': u'warning',
+ 'name': u'SearchResultTruncated',
+ 'data': {
+ 'reason': u"Configured size limit exceeded"
+ }
+ },
+ ),
+ ),
+ ),
+
+
+ dict(
desc='Search for %r with a limit of 1 (truncated)' % permission1,
command=('permission_find', [permission1], dict(sizelimit=1)),
expected=dict(
@@ -807,7 +1004,6 @@ class test_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': [u'user'],
'ipapermright': [u'write'],
'attrs': [u'sn'],
@@ -850,7 +1046,6 @@ class test_permission(Declarative):
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'SYSTEM', u'V2'],
'ipapermlocation': [users_dn],
- 'member_privilege': [privilege1],
},
{
'dn': permission2_dn,
@@ -1179,6 +1374,34 @@ class test_permission(Declarative):
),
dict(
+ desc=('Search for %r using --subtree with membes' %
+ permission1_renamed_ucase),
+ command=('permission_find', [],
+ {'ipapermlocation': u'ldap:///%s' % admin_dn,
+ 'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn':permission1_renamed_ucase_dn,
+ 'cn':[permission1_renamed_ucase],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege':[privilege1],
+ 'ipapermlocation': [admin_dn],
+ 'ipapermright':[u'write'],
+ 'memberof':[u'ipausers'],
+ 'attrs': [u'sn'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'SYSTEM', u'V2'],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r using --subtree' % permission1_renamed_ucase,
command=('permission_find', [],
{'ipapermlocation': u'ldap:///%s' % admin_dn}),
@@ -1191,7 +1414,6 @@ class test_permission(Declarative):
'dn':permission1_renamed_ucase_dn,
'cn':[permission1_renamed_ucase],
'objectclass': objectclasses.permission,
- 'member_privilege':[privilege1],
'ipapermlocation': [admin_dn],
'ipapermright':[u'write'],
'memberof':[u'ipausers'],
@@ -1213,8 +1435,9 @@ class test_permission(Declarative):
dict(
- desc='Search using --targetgroup',
- command=('permission_find', [], {'targetgroup': u'ipausers'}),
+ desc='Search using --targetgroup with members',
+ command=('permission_find', [], {
+ 'targetgroup': u'ipausers', 'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -1244,6 +1467,34 @@ class test_permission(Declarative):
dict(
+ desc='Search using --targetgroup',
+ command=('permission_find', [], {'targetgroup': u'ipausers'}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': DN(('cn', 'System: Add User to default group'),
+ api.env.container_permission, api.env.basedn),
+ 'cn': [u'System: Add User to default group'],
+ 'objectclass': objectclasses.permission,
+ 'attrs': [u'member'],
+ 'targetgroup': [u'ipausers'],
+ 'ipapermright': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermtarget': [DN(
+ 'cn=ipausers', api.env.container_group,
+ api.env.basedn)],
+ 'ipapermlocation': [groups_dn],
+ 'ipapermdefaultattr': [u'member'],
+ 'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'],
+ }
+ ],
+ ),
+ ),
+
+ dict(
desc='Delete %r' % permission1_renamed_ucase,
command=('permission_del', [permission1_renamed_ucase], {}),
expected=dict(
diff --git a/ipatests/test_xmlrpc/test_privilege_plugin.py b/ipatests/test_xmlrpc/test_privilege_plugin.py
index ce9afe2fd..c80cfef7d 100644
--- a/ipatests/test_xmlrpc/test_privilege_plugin.py
+++ b/ipatests/test_xmlrpc/test_privilege_plugin.py
@@ -172,6 +172,25 @@ class test_privilege(Declarative):
dict(
+ desc='Search for %r with members' % privilege1,
+ command=('privilege_find', [privilege1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 privilege matched',
+ result=[
+ {
+ 'dn': privilege1_dn,
+ 'cn': [privilege1],
+ 'description': [u'privilege desc. 1'],
+ 'memberof_permission': [permission1],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}),
expected=dict(
@@ -183,6 +202,24 @@ class test_privilege(Declarative):
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
+ desc='Search for %r with members' % privilege1,
+ command=('privilege_find', [privilege1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 privilege matched',
+ result=[
+ {
+ 'dn': privilege1_dn,
+ 'cn': [privilege1],
+ 'description': [u'privilege desc. 1'],
'memberof_permission': [permission1],
},
],
@@ -202,7 +239,6 @@ class test_privilege(Declarative):
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
- 'memberof_permission': [permission1],
},
],
),
@@ -281,6 +317,25 @@ class test_privilege(Declarative):
dict(
+ desc='Search for %r with memebers' % privilege1,
+ command=('privilege_find', [privilege1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 privilege matched',
+ result=[
+ {
+ 'dn': privilege1_dn,
+ 'cn': [privilege1],
+ 'description': [u'privilege desc. 1'],
+ 'memberof_permission': [permission1, permission2],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}),
expected=dict(
@@ -292,7 +347,6 @@ class test_privilege(Declarative):
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
- 'memberof_permission': [permission1, permission2],
},
],
),
diff --git a/ipatests/test_xmlrpc/test_role_plugin.py b/ipatests/test_xmlrpc/test_role_plugin.py
index d06daac69..2c368b351 100644
--- a/ipatests/test_xmlrpc/test_role_plugin.py
+++ b/ipatests/test_xmlrpc/test_role_plugin.py
@@ -292,6 +292,26 @@ class test_role(Declarative):
dict(
+ desc='Search for %r with members' % role1,
+ command=('role_find', [role1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 role matched',
+ result=[
+ {
+ 'dn': role1_dn,
+ 'cn': [role1],
+ 'description': [u'role desc 1'],
+ 'member_group': [group1],
+ 'memberof_privilege': [privilege1],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % role1,
command=('role_find', [role1], {}),
expected=dict(
@@ -303,6 +323,24 @@ class test_role(Declarative):
'dn': role1_dn,
'cn': [role1],
'description': [u'role desc 1'],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
+ desc='Search for %r with members' % search,
+ command=('role_find', [search], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 role matched',
+ result=[
+ {
+ 'dn': role1_dn,
+ 'cn': [role1],
+ 'description': [u'role desc 1'],
'member_group': [group1],
'memberof_privilege': [privilege1],
},
@@ -323,8 +361,6 @@ class test_role(Declarative):
'dn': role1_dn,
'cn': [role1],
'description': [u'role desc 1'],
- 'member_group': [group1],
- 'memberof_privilege': [privilege1],
},
],
),
@@ -350,6 +386,26 @@ class test_role(Declarative):
dict(
+ desc='Search for %r with members' % role1,
+ command=('role_find', [role1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 role matched',
+ result=[
+ {
+ 'dn': role1_dn,
+ 'cn': [role1],
+ 'description': [u'role desc 1'],
+ 'member_group': [group1],
+ 'memberof_privilege': [privilege1],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % role1,
command=('role_find', [role1], {}),
expected=dict(
@@ -361,9 +417,32 @@ class test_role(Declarative):
'dn': role1_dn,
'cn': [role1],
'description': [u'role desc 1'],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
+ desc='Search for %r with members' % search,
+ command=('role_find', [search], {'no_members': False}),
+ expected=dict(
+ count=2,
+ truncated=False,
+ summary=u'2 roles matched',
+ result=[
+ {
+ 'dn': role1_dn,
+ 'cn': [role1],
+ 'description': [u'role desc 1'],
'member_group': [group1],
'memberof_privilege': [privilege1],
},
+ {
+ 'dn': role2_dn,
+ 'cn': [role2],
+ 'description': [u'role desc 2'],
+ },
],
),
),
@@ -381,8 +460,6 @@ class test_role(Declarative):
'dn': role1_dn,
'cn': [role1],
'description': [u'role desc 1'],
- 'member_group': [group1],
- 'memberof_privilege': [privilege1],
},
{
'dn': role2_dn,
diff --git a/ipatests/test_xmlrpc/test_service_plugin.py b/ipatests/test_xmlrpc/test_service_plugin.py
index 9bd082916..663e1f36d 100644
--- a/ipatests/test_xmlrpc/test_service_plugin.py
+++ b/ipatests/test_xmlrpc/test_service_plugin.py
@@ -251,6 +251,25 @@ class test_service(Declarative):
dict(
+ desc='Search for %r with members' % service1,
+ command=('service_find', [service1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 service matched',
+ result=[
+ dict(
+ dn=service1dn,
+ krbprincipalname=[service1],
+ managedby_host=[fqdn1],
+ has_keytab=False,
+ ),
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % service1,
command=('service_find', [service1], {}),
expected=dict(
@@ -261,7 +280,6 @@ class test_service(Declarative):
dict(
dn=service1dn,
krbprincipalname=[service1],
- managedby_host=[fqdn1],
has_keytab=False,
),
],
diff --git a/ipatests/test_xmlrpc/test_servicedelegation_plugin.py b/ipatests/test_xmlrpc/test_servicedelegation_plugin.py
index 02dc0800f..bf7897581 100644
--- a/ipatests/test_xmlrpc/test_servicedelegation_plugin.py
+++ b/ipatests/test_xmlrpc/test_servicedelegation_plugin.py
@@ -134,8 +134,8 @@ class test_servicedelegation(Declarative):
dict(
- desc='Search for all rules',
- command=('servicedelegationrule_find', [], {}),
+ desc='Search for all rules with members',
+ command=('servicedelegationrule_find', [], {'no_members': False}),
expected=dict(
summary=u'3 service delegation rules matched',
count=3,
@@ -163,6 +163,32 @@ class test_servicedelegation(Declarative):
dict(
+ desc='Search for all rules',
+ command=('servicedelegationrule_find', [], {}),
+ expected=dict(
+ summary=u'3 service delegation rules matched',
+ count=3,
+ truncated=False,
+ result=[
+ {
+ 'dn': get_servicedelegation_dn(u'ipa-http-delegation'),
+ 'cn': [u'ipa-http-delegation'],
+ 'memberprincipal': [princ1],
+ },
+ dict(
+ dn=get_servicedelegation_dn(rule2),
+ cn=[rule2],
+ ),
+ dict(
+ dn=get_servicedelegation_dn(rule1),
+ cn=[rule1],
+ ),
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Create target %r' % target1,
command=(
'servicedelegationtarget_add', [target1], {}
diff --git a/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py b/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py
index 3f5879c4d..be47de980 100644
--- a/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py
+++ b/ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py
@@ -152,6 +152,11 @@ class TestSudoCmdGroupSCRUD(XMLRPC_test):
sudocmdgroup1.ensure_exists()
sudocmdgroup1.find()
+ def test_search_all(self, sudocmdgroup1):
+ """ Search for sudocmdgroup """
+ sudocmdgroup1.ensure_exists()
+ sudocmdgroup1.find(all=True)
+
def test_create_another(self, sudocmdgroup2):
""" Create a second sudocmdgroup """
sudocmdgroup2.create()
diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py
index c576394dd..975b2b876 100644
--- a/ipatests/test_xmlrpc/test_user_plugin.py
+++ b/ipatests/test_xmlrpc/test_user_plugin.py
@@ -691,7 +691,7 @@ class TestManagers(XMLRPC_test):
""" Find user by his manager's UID """
command = user.make_find_command(manager=user2.uid)
result = command()
- user.check_find(result, expected_override=dict(manager=[user2.uid]))
+ user.check_find(result)
def test_delete_both_user_and_manager(self, user, user2):
""" Delete both user and its manager at once """
diff --git a/ipatests/test_xmlrpc/tracker/host_plugin.py b/ipatests/test_xmlrpc/tracker/host_plugin.py
index d8b59b989..d54901fa5 100644
--- a/ipatests/test_xmlrpc/tracker/host_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/host_plugin.py
@@ -43,7 +43,10 @@ class HostTracker(Tracker):
update_keys = retrieve_keys - {'dn'}
managedby_keys = retrieve_keys - {'has_keytab', 'has_password'}
allowedto_keys = retrieve_keys - {'has_keytab', 'has_password'}
- find_keys = retrieve_keys - {'has_keytab', 'has_password'}
+ find_keys = retrieve_keys - {
+ 'has_keytab', 'has_password', 'memberof_hostgroup',
+ 'memberofindirect_hostgroup', 'managedby_host',
+ }
find_all_keys = retrieve_all_keys - {'has_keytab', 'has_password'}
def __init__(self, name, fqdn=None, default_version=None):
diff --git a/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py b/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py
index 77b43b9d3..8b63c90b0 100644
--- a/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/hostgroup_plugin.py
@@ -24,6 +24,15 @@ class HostGroupTracker(Tracker):
add_member_keys = retrieve_keys | {u'member_host'}
+ find_keys = {
+ u'dn', u'cn', u'description',
+ }
+ find_all_keys = {
+ u'dn', u'cn', u'member_host', u'description', u'member_hostgroup',
+ u'memberindirect_host', u'ipauniqueid', u'objectclass',
+ u'mepmanagedentry',
+ }
+
def __init__(self, name, description=u'HostGroup desc'):
super(HostGroupTracker, self).__init__(default_version=None)
self.cn = name
@@ -182,9 +191,9 @@ class HostGroupTracker(Tracker):
def check_find(self, result, all=False, raw=False):
""" Checks 'hostgroup_find' command result """
if all:
- expected = self.filter_attrs(self.retrieve_all_keys)
+ expected = self.filter_attrs(self.find_all_keys)
else:
- expected = self.filter_attrs(self.retrieve_keys)
+ expected = self.filter_attrs(self.find_keys)
assert_deepequal(dict(
count=1,
diff --git a/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py b/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py
index eb72e4ba2..003d39ac0 100644
--- a/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/sudocmd_plugin.py
@@ -18,6 +18,9 @@ class SudoCmdTracker(Tracker):
create_keys = retrieve_all_keys
update_keys = retrieve_keys - {u'dn'}
+ find_keys = {u'dn', u'sudocmd', u'description'}
+ find_all_keys = retrieve_all_keys
+
def __init__(self, command, description="Test sudo command"):
super(SudoCmdTracker, self).__init__(default_version=None)
self.cmd = command
@@ -93,9 +96,9 @@ class SudoCmdTracker(Tracker):
def check_find(self, result, all=False, raw=False):
""" Checks 'sudocmd_find' command result """
if all:
- expected = self.filter_attrs(self.retrieve_all_keys)
+ expected = self.filter_attrs(self.find_all_keys)
else:
- expected = self.filter_attrs(self.retrieve_keys)
+ expected = self.filter_attrs(self.find_keys)
assert_deepequal(dict(
count=1,
diff --git a/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py b/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py
index 2de9bca78..2b354ef51 100644
--- a/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py
@@ -24,6 +24,11 @@ class SudoCmdGroupTracker(Tracker):
add_member_keys = retrieve_keys | {u'member_sudocmd'}
+ find_keys = {
+ u'dn', u'cn', u'description', u'member_sudocmdgroup'}
+ find_all_keys = find_keys | {
+ u'ipauniqueid', u'objectclass', u'mepmanagedentry'}
+
def __init__(self, name, description=u'SudoCmdGroup desc'):
super(SudoCmdGroupTracker, self).__init__(default_version=None)
self.cn = name
@@ -168,9 +173,9 @@ class SudoCmdGroupTracker(Tracker):
def check_find(self, result, all=False, raw=False):
""" Checks 'sudocmdgroup_find' command result """
if all:
- expected = self.filter_attrs(self.retrieve_all_keys)
+ expected = self.filter_attrs(self.find_all_keys)
else:
- expected = self.filter_attrs(self.retrieve_keys)
+ expected = self.filter_attrs(self.find_keys)
assert_deepequal(dict(
count=1,
diff --git a/ipatests/test_xmlrpc/tracker/user_plugin.py b/ipatests/test_xmlrpc/tracker/user_plugin.py
index 5acfc63cd..261ea69e1 100644
--- a/ipatests/test_xmlrpc/tracker/user_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/user_plugin.py
@@ -52,7 +52,8 @@ class UserTracker(Tracker):
activate_keys = retrieve_keys
find_keys = retrieve_keys - {
- u'mepmanagedentry', u'memberof_group', u'has_keytab', u'has_password'
+ u'mepmanagedentry', u'memberof_group', u'has_keytab', u'has_password',
+ u'manager',
}
find_all_keys = retrieve_all_keys - {
u'has_keytab', u'has_password'
generated by cgit (git 2.34.1) at 2024-07-04 22:50:27 +0000