summaryrefslogtreecommitdiffstats
path: root/ipatests/test_xmlrpc/test_old_permission_plugin.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipatests/test_xmlrpc/test_old_permission_plugin.py')
-rw-r--r--ipatests/test_xmlrpc/test_old_permission_plugin.py270
1 files changed, 257 insertions, 13 deletions
diff --git a/ipatests/test_xmlrpc/test_old_permission_plugin.py b/ipatests/test_xmlrpc/test_old_permission_plugin.py
index 3e086b541..38662c21f 100644
--- a/ipatests/test_xmlrpc/test_old_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_old_permission_plugin.py
@@ -269,6 +269,30 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r with members' % permission1,
+ command=('permission_find', [permission1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}),
expected=dict(
@@ -280,6 +304,30 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
+ desc='Search for %r using --name with members' % permission1,
+ command=('permission_find', [], {
+ 'cn': permission1, 'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
@@ -304,7 +352,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -329,6 +376,30 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r with members' % privilege1,
+ command=('permission_find', [privilege1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % privilege1,
command=('permission_find', [privilege1], {}),
expected=dict(
@@ -340,7 +411,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -353,8 +423,9 @@ class test_old_permission(Declarative):
dict(
- desc='Search for %r with --raw' % permission1,
- command=('permission_find', [permission1], {'raw' : True}),
+ desc='Search for %r with --raw with members' % permission1,
+ command=('permission_find', [permission1], {
+ 'raw': True, 'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -379,6 +450,38 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r with --raw' % permission1,
+ command=('permission_find', [permission1], {'raw': True}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'aci': [
+ u'(targetfilter = "(objectclass=posixaccount)")'
+ u'(version 3.0;acl "permission:testperm";'
+ u'allow (write) groupdn = "ldap:///%s";)' %
+ DN(
+ ('cn', 'testperm'), ('cn', 'permissions'),
+ ('cn', 'pbac'), api.env.basedn
+ )
+ ],
+ 'ipapermright': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
+ 'ipapermlocation': [users_dn],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Create %r' % permission2,
command=(
'permission_add', [permission2], dict(
@@ -407,6 +510,40 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r with members' % permission1,
+ command=('permission_find', [permission1], {'no_members': False}),
+ expected=dict(
+ count=2,
+ truncated=False,
+ summary=u'2 permissions matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ {
+ 'dn': permission2_dn,
+ 'cn': [permission2],
+ 'objectclass': objectclasses.permission,
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}),
expected=dict(
@@ -418,7 +555,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -486,6 +622,25 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r with members' % privilege1,
+ command=('privilege_find', [privilege1], {'no_members': False}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 privilege matched',
+ result=[
+ {
+ 'dn': privilege1_dn,
+ 'cn': [privilege1],
+ 'description': [u'privilege desc. 1'],
+ 'memberof_permission': [permission1],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}),
expected=dict(
@@ -497,7 +652,6 @@ class test_old_permission(Declarative):
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
- 'memberof_permission': [permission1],
},
],
),
@@ -505,6 +659,42 @@ class test_old_permission(Declarative):
dict(
+ desc=('Search for %r with a limit of 1 (truncated) with members' %
+ permission1),
+ command=('permission_find', [permission1], dict(
+ sizelimit=1, no_members=False)),
+ expected=dict(
+ count=1,
+ truncated=True,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': permission1_dn,
+ 'cn': [permission1],
+ 'objectclass': objectclasses.permission,
+ 'member_privilege': [privilege1],
+ 'type': u'user',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ 'subtree': u'ldap:///%s' % users_dn,
+ },
+ ],
+ messages=({
+ 'message': (u'Search result has been truncated: '
+ u'Configured size limit exceeded'),
+ 'code': 13017,
+ 'type': u'warning',
+ 'name': u'SearchResultTruncated',
+ 'data': {
+ 'reason': u"Configured size limit exceeded"
+ }
+ },),
+ ),
+ ),
+
+
+ dict(
desc='Search for %r with a limit of 1 (truncated)' % permission1,
command=('permission_find', [permission1], dict(sizelimit=1)),
expected=dict(
@@ -516,7 +706,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -550,7 +739,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
- 'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -776,9 +964,11 @@ class test_old_permission(Declarative):
dict(
- desc='Search for %r using --subtree' % permission1,
- command=('permission_find', [],
- {'subtree': u'ldap:///%s' % DN(('cn', 'accounts'), api.env.basedn)}),
+ desc='Search for %r using --subtree with members' % permission1,
+ command=('permission_find', [], {
+ 'subtree': u'ldap:///%s' % DN(
+ ('cn', 'accounts'), api.env.basedn),
+ 'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -801,6 +991,32 @@ class test_old_permission(Declarative):
dict(
+ desc='Search for %r using --subtree' % permission1,
+ command=('permission_find', [], {
+ 'subtree': u'ldap:///%s' % DN(
+ ('cn', 'accounts'), api.env.basedn)}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn':permission1_renamed_ucase_dn,
+ 'cn':[permission1_renamed_ucase],
+ 'objectclass': objectclasses.permission,
+ 'subtree':u'ldap:///%s' % DN(
+ ('cn', 'accounts'), api.env.basedn),
+ 'permissions':[u'write'],
+ 'memberof':u'ipausers',
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermissiontype': [u'V2', u'SYSTEM'],
+ },
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Search using nonexistent --subtree',
command=('permission_find', [], {'subtree': u'ldap:///foo=bar'}),
expected=dict(
@@ -813,8 +1029,9 @@ class test_old_permission(Declarative):
dict(
- desc='Search using --targetgroup',
- command=('permission_find', [], {'targetgroup': u'ipausers'}),
+ desc='Search using --targetgroup with members',
+ command=('permission_find', [], {
+ 'targetgroup': u'ipausers', 'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -842,6 +1059,33 @@ class test_old_permission(Declarative):
dict(
+ desc='Search using --targetgroup',
+ command=('permission_find', [], {'targetgroup': u'ipausers'}),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary=u'1 permission matched',
+ result=[
+ {
+ 'dn': DN(('cn', 'System: Add User to default group'),
+ api.env.container_permission, api.env.basedn),
+ 'cn': [u'System: Add User to default group'],
+ 'objectclass': objectclasses.permission,
+ 'attrs': [u'member'],
+ 'targetgroup': u'ipausers',
+ 'permissions': [u'write'],
+ 'ipapermbindruletype': [u'permission'],
+ 'ipapermtarget': [DN('cn=ipausers', groups_dn)],
+ 'subtree': u'ldap:///%s' % groups_dn,
+ 'ipapermdefaultattr': [u'member'],
+ 'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'],
+ }
+ ],
+ ),
+ ),
+
+
+ dict(
desc='Delete %r' % permission1_renamed_ucase,
command=('permission_del', [permission1_renamed_ucase], {}),
expected=dict(
generated by cgit (git 2.34.1) at 2024-07-07 16:02:24 +0000