summaryrefslogtreecommitdiffstats
path: root/ipatests/test_xmlrpc
Commit message (Collapse)AuthorAgeFilesLines
* test_permission_plugin: limit results in targetfilter find testPetr Viktorin2014-06-041-1/+1
| | | | | | | The test was finding recently added default permissions. Limit it to the test permission only. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
* Test DNS: dnsrecord-* zone.test. zone.test. should workMartin Basti2014-06-031-0/+34
| | | | | | | | | | Old ipa versions allows only "dnsrecord-* zone.test. @" This issue was fixed in ticket: https://fedorahosted.org/freeipa/ticket/3169 Ticket: https://fedorahosted.org/freeipa/ticket/4232 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Test DNS: wildcard in RR ownerMartin Basti2014-06-031-0/+46
| | | | | | | | Only test, issue was fixed in https://fedorahosted.org/freeipa/ticket/3169 Ticket: https://fedorahosted.org/freeipa/ticket/3148 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* DNS new testsMartin Basti2014-06-031-41/+741
| | | | | | | | | | Added new internationalized DNS tests Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* DNS modified testsMartin Basti2014-06-032-241/+283
| | | | | | | | | | | * working with absolute zone names * working with DNSName as returned value Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* pwpolicy-mod: Fix crash when priority is changedPetr Viktorin2014-05-282-2/+76
| | | | | | | | | | | | | The exc_callback was expecting the old update_entry signature, (dn, attrs). This was changed to just (entry) for ticket #2660, see http://www.freeipa.org/page/HowTo/Migrate_your_code_to_the_new_LDAP_API. Update the exc_callback to expect the entry as first argument, and add some tests. https://fedorahosted.org/freeipa/ticket/4309 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipatests: Add test for denying expired principalsTomas Babej2014-05-051-4/+45
| | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3305 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Simo Sorce <simo@redhat.com>
* ipatests: Add coverage for setting krbPrincipalExpirationTomas Babej2014-05-051-0/+30
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3306 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipatests: Fix formatting errors in test_user_plugin.pyTomas Babej2014-05-051-131/+120
| | | | Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipatests: Cover DateTime in test_parameters.pyTomas Babej2014-05-051-1/+2
| | | | | | | | | Adds tests for newly added DateTime parameter, focusing on conversion of accepted datetime formats. Part of: https://fedorahosted.org/freeipa/ticket/3306 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipatests: Extend test suite for ID rangesTomas Babej2014-04-231-81/+383
| | | | | | | | | Add tests coverage for recently added ID range checks dependant on the ID range types. Part of: https://fedorahosted.org/freeipa/ticket/4137 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Use raw attribute values in command result when --raw is specified.Jan Cholasta2014-04-181-4/+4
| | | | | | | For backward compatibility, the values are converted to unicode, unless the attribute is binary or the conversion fails. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Allow primary keys to use different type than unicode.Jan Cholasta2014-04-1823-181/+183
| | | | | | | | | | Also return list of primary keys instead of a single unicode CSV value from LDAPDelete-based commands. This introduces a new capability 'primary_key_types' for backward compatibility with old clients. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add managed read permissions to krbtpolicyPetr Viktorin2014-04-161-3/+36
| | | | | | | | | | | | Unlike other objects, the ticket policy is stored in different subtrees: global policy in cn=kerberos and per-user policy in cn=users,cn=accounts. Add two permissions, one for each location. Also, modify tests so that adding new permissions in cn=users doesn't cause failures. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
* Fix expected output in permission testsPetr Viktorin2014-04-152-4/+14
| | | | | | | There is now a second permission affecting krbMinPwdLife. Add it to expected output. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* test_realmdomains_plugin: Add default ACI to expected outputPetr Viktorin2014-04-111-0/+9
| | | | | | | Since realmdomains is only one entry, _show with --all will return the ACI on it. Add it to expected output. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* automember rebuild nowait feature addedAdam Misnyovszki2014-04-092-9/+68
| | | | | | | | | | | | | | | automember-rebuild uses asynchronous 389 task, and returned success even if the task didn't run. this patch fixes this issue adding a --nowait parameter to 'ipa automember-rebuild', defaulting to False, thus when the script runs without it, it waits for the 'nstaskexitcode' attribute, which means the task has finished. Old usage can be enabled using --nowait, and returns the DN of the task for further polling. New tests added also. https://fedorahosted.org/freeipa/ticket/4239 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Extending user plugin with inetOrgPerson fieldsAdam Misnyovszki2014-03-281-0/+92
| | | | | | | | | | | | | | | According to http://tools.ietf.org/html/rfc2798 ipa client and web ui extended with inetOrgPerson fields: - employeenumber - employeetype - preferredlanguage - departmentnumber carlicenseplate is now multivalued https://fedorahosted.org/freeipa/ticket/4165 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow modifying permissions with ":" in the namePetr Viktorin2014-03-251-0/+25
| | | | | | | | | | | | | | The ":" character will be reserved for default permissions, so that users cannot create a permission with a name that will later be added as a default. Allow the ":" character modifying/deleting permissions*, but not when creating them. Also do not allow the new name to contain ":" when renaming. (* modify/delete have unrelated restrictions on managed permissions) Reviewed-By: Martin Kosek <mkosek@redhat.com>
* test_permission_plugin: Fix tests that make too broad assumptionsPetr Viktorin2014-03-252-44/+28
| | | | | | | | | | | | | | The test that searches with a limit of 1 assumes a specific order LDAP returns entries in. Future patches will change this order. Do not check the specific entry returned. The test that searched for --bindtype assumed that no anonymous permissions exist in a clean install. Again, this will be changed in future patches. Add a name to the bindtype test, and add a negatitive test to verify the filtering works. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Do not add the ipapermissionv2 for outputPetr Viktorin2014-03-242-2/+2
| | | | | | | | | As with the flags, the objectclass should be returned as it is on the entry. https://fedorahosted.org/freeipa/ticket/4257 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Do not change extra target filters by "views"Petr Viktorin2014-03-141-0/+165
| | | | | | | | | | | | | Previously, setting/deleting the "--type" virtual attribute removed all (objectclass=...) target filters. Change so that only the filter associated with --type is removed. The same change applies to --memberof: only filters associated with the option are removed when --memberof is (un-)set. Follow-up to https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Support searching by extratargetfilterPetr Viktorin2014-03-141-0/+42
| | | | | | | | | | The extratargetfilter behaves exactly like targetfilter, so that e.g. ipa permission-find --filter=(objectclass=ipausergroup) finds all permissions with that filter in the ACI. Part of the work for https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Add tests for extratargetfilterPetr Viktorin2014-03-141-0/+317
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission CLI: Rename filter to rawfilter, extratargetfilter to filterPetr Viktorin2014-03-141-1/+1
| | | | | | | Since extratargetfilter is shown by default, change it to also have the "default" (i.e. shorter) option name. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Output the extratargetfilter virtual attributePetr Viktorin2014-03-143-129/+11
| | | | | | | | | | | | | | | | | | The --filter, --type, and --memberof options interact in a way that's difficult to recreate in the UI: type and memberof are "views" on the filter, they affect it and are affected by it Add a "extratagretfilter" view that only contains the filters not linked to type or memberof. Show extra target filter, and not the full target filter, by default; show both with --all, and full filter only with --raw. Write support will be added in a subsequent patch. Part of the work for: https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix idrange unit test failureMartin Kosek2014-03-141-1/+1
| | | | | | | This is a follow up to patch for ticket 4247 - the raised errors.DependentEntry changed, test needs to be change as well. https://fedorahosted.org/freeipa/ticket/4247
* permission_add: Remove permission entry if adding the ACI failsPetr Viktorin2014-03-121-0/+25
| | | | | | https://fedorahosted.org/freeipa/ticket/4187 Reviewed-By: Jan Pazdziora <jpazdziora@redhat.com>
* permissions plugin: Don't crash with empty targetfilterPetr Viktorin2014-03-071-0/+47
| | | | | | https://fedorahosted.org/freeipa/ticket/4206 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Allow multiple values for memberofPetr Viktorin2014-03-071-0/+40
| | | | | | | Design: http://www.freeipa.org/page/V3/Multivalued_target_filters_in_permissions Additional fix for: https://fedorahosted.org/freeipa/ticket/4074 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission-mod: Remove attributelevelrights before reverting entryPetr Viktorin2014-03-071-1/+26
| | | | | | | | | LDAPUpdate adds the display-only 'attributelevelrights' attribute, which doesn't exist in LDAP. Remove it before reverting entry. https://fedorahosted.org/freeipa/ticket/4212 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* tests: Create the testing service certificate on demandPetr Viktorin2014-03-063-28/+121
| | | | | | | | | Replace the make-testcert command with a module that creates the certificate when it is first needed. As a result the tests are more self-contained, and can be run from a read-only location (such as installed from a system package). Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Test fixed modlist generation codePetr Viktorin2014-03-032-1/+17
| | | | | https://fedorahosted.org/freeipa/ticket/4138 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add tests for multivalued filtersPetr Viktorin2014-02-201-0/+216
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permissions: Use multivalued targetfilterPetr Viktorin2014-02-203-177/+196
| | | | | | | | | | | | | | | | Change the target filter to be multivalued. Make the `type` option on permissions set location and an (objectclass=...) targetfilter, instead of location and target. Make changing or unsetting `type` remove existing (objectclass=...) targetfilters only, and similarly, changing/unsetting `memberof` to remove (memberof=...) only. Update tests Part of the work for: https://fedorahosted.org/freeipa/ticket/4074 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Modify DNS tests with LOC records to workaround bug in python-dns.Petr Spacek2014-02-181-5/+5
| | | | | | | | | | | Older versions of dnspython have problems with implicit values for size and h/v precision so our tests use explicit value. See https://github.com/rthalley/dnspython/issues/47 This change is necessary because we want to test if data visible over DNS protocol matches data visible over LDAP. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* tests: Move zone enable/disable tests to end of test_dns_plugin.pyPetr Spacek2014-02-141-72/+74
| | | | | | | | This prevents the test suite from hitting limitations in bind-dyndb-ldap 4.0. For details see https://fedorahosted.org/bind-dyndb-ldap/ticket/127 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add support for managed permissionsPetr Viktorin2014-02-122-66/+635
| | | | | | | | | | | | | | | | This adds support for managed permissions. The attribute list of these is computed from the "default" (modifiable only internally), "allowed", and "excluded" lists. This makes it possible to cleanly merge updated IPA defaults and user changes on upgrades. The default managed permissions are to be added in a future patch. For now they can only be created manually (see test_managed_permissions). Tests included. Part of the work for: https://fedorahosted.org/freeipa/ticket/4033 Design: http://www.freeipa.org/page/V3/Managed_Read_permissions Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Make it possible to call custom functions in Declarative testsPetr Viktorin2014-02-121-5/+12
| | | | | | | | | Sometimes, we will want to do more than just call IPA commands and check the output. This patch makes it possible to add arbitrary functions to Declarative tests. They will be called as part of the sequence of tests. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix test_host_plugin for DNS Classless Reverse zonesMartin Basti2014-02-121-2/+2
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4143 Reviewed-by: Martin Kosek <mkosek@redhat.com>
* DNS tests for classless reverse domainsMartin Basti2014-02-114-21/+246
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4143 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use reserved domain names for testsPetr Spacek2014-01-301-31/+38
| | | | https://fedorahosted.org/freeipa/ticket/4139
* Rename variables in test xmlrpc/dns_pluginPetr Spacek2014-01-301-479/+486
| | | | https://fedorahosted.org/freeipa/ticket/4139
* Use private IPv4 addresses for testsPetr Spacek2014-01-301-48/+63
| | | | https://fedorahosted.org/freeipa/ticket/4139
* Convert remaining test code to LDAPEntry API.Jan Cholasta2014-01-241-1/+1
|
* Stop adding a default password policy referenceSimo Sorce2014-01-161-4/+0
| | | | | | | | | | | | | | | Both the password plugin and the kdb driver code automatically fall back to the default password policy. so stop adding an explicit reference to user objects and instead rely on the fallback. This way users created via the framework and users created via winsync plugin behave the same way wrt password policies and no surprises will happen. Also in case we need to change the default password policy DN this will allow just code changes instead of having to change each user entry created, and distinguish between the default policy and explicit admin changes. Related: https://fedorahosted.org/freeipa/ticket/4085
* Change the way we determine if the host has a password set.Rob Crittenden2014-01-151-0/+27
| | | | | | | | | | When creating a host with a password we don't set a Kerberos principal or add the Kerberos objectclasses. Those get added when the host is enrolled. If one passed in --password= (so no password) then we incorrectly thought the user was in fact setting a password, so the principal and objectclasses weren't updated. https://fedorahosted.org/freeipa/ticket/4102
* Allow anonymous and all permissionsPetr Viktorin2014-01-071-0/+282
| | | | | | | Disallow adding permissions with non-default bindtype to privileges Ticket: https://fedorahosted.org/freeipa/ticket/4032 Design: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions
* Test adding noaci/system permissions to privilegesPetr Viktorin2013-12-131-1/+41
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
* Make sure SYSTEM permissions can be retreived with --all --rawPetr Viktorin2013-12-131-2/+16
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
generated by cgit (git 2.34.1) at 2025-09-01 12:36:53 +0000