diff options
Diffstat (limited to 'ipatests/test_xmlrpc/test_old_permission_plugin.py')
-rw-r--r-- | ipatests/test_xmlrpc/test_old_permission_plugin.py | 270 |
1 files changed, 257 insertions, 13 deletions
diff --git a/ipatests/test_xmlrpc/test_old_permission_plugin.py b/ipatests/test_xmlrpc/test_old_permission_plugin.py index 3e086b541..38662c21f 100644 --- a/ipatests/test_xmlrpc/test_old_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_old_permission_plugin.py @@ -269,6 +269,30 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % permission1, + command=('permission_find', [permission1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -280,6 +304,30 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( + desc='Search for %r using --name with members' % permission1, + command=('permission_find', [], { + 'cn': permission1, 'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], @@ -304,7 +352,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -329,6 +376,30 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('permission_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('permission_find', [privilege1], {}), expected=dict( @@ -340,7 +411,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -353,8 +423,9 @@ class test_old_permission(Declarative): dict( - desc='Search for %r with --raw' % permission1, - command=('permission_find', [permission1], {'raw' : True}), + desc='Search for %r with --raw with members' % permission1, + command=('permission_find', [permission1], { + 'raw': True, 'no_members': False}), expected=dict( count=1, truncated=False, @@ -379,6 +450,38 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with --raw' % permission1, + command=('permission_find', [permission1], {'raw': True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'aci': [ + u'(targetfilter = "(objectclass=posixaccount)")' + u'(version 3.0;acl "permission:testperm";' + u'allow (write) groupdn = "ldap:///%s";)' % + DN( + ('cn', 'testperm'), ('cn', 'permissions'), + ('cn', 'pbac'), api.env.basedn + ) + ], + 'ipapermright': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'ipapermtargetfilter': [u'(objectclass=posixaccount)'], + 'ipapermlocation': [users_dn], + }, + ], + ), + ), + + + dict( desc='Create %r' % permission2, command=( 'permission_add', [permission2], dict( @@ -407,6 +510,40 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % permission1, + command=('permission_find', [permission1], {'no_members': False}), + expected=dict( + count=2, + truncated=False, + summary=u'2 permissions matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + { + 'dn': permission2_dn, + 'cn': [permission2], + 'objectclass': objectclasses.permission, + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -418,7 +555,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -486,6 +622,25 @@ class test_old_permission(Declarative): dict( + desc='Search for %r with members' % privilege1, + command=('privilege_find', [privilege1], {'no_members': False}), + expected=dict( + count=1, + truncated=False, + summary=u'1 privilege matched', + result=[ + { + 'dn': privilege1_dn, + 'cn': [privilege1], + 'description': [u'privilege desc. 1'], + 'memberof_permission': [permission1], + }, + ], + ), + ), + + + dict( desc='Search for %r' % privilege1, command=('privilege_find', [privilege1], {}), expected=dict( @@ -497,7 +652,6 @@ class test_old_permission(Declarative): 'dn': privilege1_dn, 'cn': [privilege1], 'description': [u'privilege desc. 1'], - 'memberof_permission': [permission1], }, ], ), @@ -505,6 +659,42 @@ class test_old_permission(Declarative): dict( + desc=('Search for %r with a limit of 1 (truncated) with members' % + permission1), + command=('permission_find', [permission1], dict( + sizelimit=1, no_members=False)), + expected=dict( + count=1, + truncated=True, + summary=u'1 permission matched', + result=[ + { + 'dn': permission1_dn, + 'cn': [permission1], + 'objectclass': objectclasses.permission, + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + 'subtree': u'ldap:///%s' % users_dn, + }, + ], + messages=({ + 'message': (u'Search result has been truncated: ' + u'Configured size limit exceeded'), + 'code': 13017, + 'type': u'warning', + 'name': u'SearchResultTruncated', + 'data': { + 'reason': u"Configured size limit exceeded" + } + },), + ), + ), + + + dict( desc='Search for %r with a limit of 1 (truncated)' % permission1, command=('permission_find', [permission1], dict(sizelimit=1)), expected=dict( @@ -516,7 +706,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -550,7 +739,6 @@ class test_old_permission(Declarative): 'dn': permission1_dn, 'cn': [permission1], 'objectclass': objectclasses.permission, - 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'write'], 'ipapermbindruletype': [u'permission'], @@ -776,9 +964,11 @@ class test_old_permission(Declarative): dict( - desc='Search for %r using --subtree' % permission1, - command=('permission_find', [], - {'subtree': u'ldap:///%s' % DN(('cn', 'accounts'), api.env.basedn)}), + desc='Search for %r using --subtree with members' % permission1, + command=('permission_find', [], { + 'subtree': u'ldap:///%s' % DN( + ('cn', 'accounts'), api.env.basedn), + 'no_members': False}), expected=dict( count=1, truncated=False, @@ -801,6 +991,32 @@ class test_old_permission(Declarative): dict( + desc='Search for %r using --subtree' % permission1, + command=('permission_find', [], { + 'subtree': u'ldap:///%s' % DN( + ('cn', 'accounts'), api.env.basedn)}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn':permission1_renamed_ucase_dn, + 'cn':[permission1_renamed_ucase], + 'objectclass': objectclasses.permission, + 'subtree':u'ldap:///%s' % DN( + ('cn', 'accounts'), api.env.basedn), + 'permissions':[u'write'], + 'memberof':u'ipausers', + 'ipapermbindruletype': [u'permission'], + 'ipapermissiontype': [u'V2', u'SYSTEM'], + }, + ], + ), + ), + + + dict( desc='Search using nonexistent --subtree', command=('permission_find', [], {'subtree': u'ldap:///foo=bar'}), expected=dict( @@ -813,8 +1029,9 @@ class test_old_permission(Declarative): dict( - desc='Search using --targetgroup', - command=('permission_find', [], {'targetgroup': u'ipausers'}), + desc='Search using --targetgroup with members', + command=('permission_find', [], { + 'targetgroup': u'ipausers', 'no_members': False}), expected=dict( count=1, truncated=False, @@ -842,6 +1059,33 @@ class test_old_permission(Declarative): dict( + desc='Search using --targetgroup', + command=('permission_find', [], {'targetgroup': u'ipausers'}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': DN(('cn', 'System: Add User to default group'), + api.env.container_permission, api.env.basedn), + 'cn': [u'System: Add User to default group'], + 'objectclass': objectclasses.permission, + 'attrs': [u'member'], + 'targetgroup': u'ipausers', + 'permissions': [u'write'], + 'ipapermbindruletype': [u'permission'], + 'ipapermtarget': [DN('cn=ipausers', groups_dn)], + 'subtree': u'ldap:///%s' % groups_dn, + 'ipapermdefaultattr': [u'member'], + 'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'], + } + ], + ), + ), + + + dict( desc='Delete %r' % permission1_renamed_ucase, command=('permission_del', [permission1_renamed_ucase], {}), expected=dict( |