summaryrefslogtreecommitdiffstats
path: root/ipatests
Commit message (Collapse)AuthorAgeFilesLines
...
* Keep original name when setting attribute in LDAPEntry.Jan Cholasta2014-04-181-2/+2
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Use raw attribute values in command result when --raw is specified.Jan Cholasta2014-04-181-4/+4
| | | | | | | For backward compatibility, the values are converted to unicode, unless the attribute is binary or the conversion fails. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Support API version-specific RPC marshalling.Jan Cholasta2014-04-181-14/+15
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Allow primary keys to use different type than unicode.Jan Cholasta2014-04-1824-183/+188
| | | | | | | | | | Also return list of primary keys instead of a single unicode CSV value from LDAPDelete-based commands. This introduces a new capability 'primary_key_types' for backward compatibility with old clients. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipatests: Fix incorrect UID/GID reference for subdomain users and groupsTomas Babej2014-04-171-4/+8
| | | | | | | | | In legacy client integration test, the test cases that query information from subdomain about subdomain users and group expected subdomain users and groups to have the UIDs/GIDs as users and groups in the root domain. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Allow using FQDN with trailing dot as final hostnameTomas Babej2014-04-171-1/+5
| | | | | | | | | | | | | | | When creating a BaseHost instance, the machine's hostname was reconfigured to have the same shortname prepended the domain name of the domain where it was defined. However, it makes sense in certain use cases to define hosts that have hostnames other than belonging directly in the domain they were defined in. Treat input hostnames with trailing dots as static FQDNs that will not be changed by the name of the domain they were defined in. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: tasks: Accept extra arguments when installing clientTomas Babej2014-04-171-2/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Fix apache semaphores prior to installing IPA serverTomas Babej2014-04-171-0/+14
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* CI - test_forced_client_reenrollment stability fixAdam Misnyovszki2014-04-171-0/+4
| | | | | | | | fixes FreeIPA Jenkins CI test freeipa-integration-forced_client_reenrollment-f19 https://fedorahosted.org/freeipa/ticket/4298 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add managed read permissions to krbtpolicyPetr Viktorin2014-04-161-3/+36
| | | | | | | | | | | | Unlike other objects, the ticket policy is stored in different subtrees: global policy in cn=kerberos and per-user policy in cn=users,cn=accounts. Add two permissions, one for each location. Also, modify tests so that adding new permissions in cn=users doesn't cause failures. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
* webui-ci: adapt to new login screenPetr Vobornik2014-04-151-15/+17
| | | | | | https://fedorahosted.org/freeipa/ticket/3903 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* Fix expected output in permission testsPetr Viktorin2014-04-152-4/+14
| | | | | | | There is now a second permission affecting krbMinPwdLife. Add it to expected output. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* test_realmdomains_plugin: Add default ACI to expected outputPetr Viktorin2014-04-111-0/+9
| | | | | | | Since realmdomains is only one entry, _show with --all will return the ACI on it. Add it to expected output. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* CA-less tests: Use sequential certificate serial numbersPetr Viktorin2014-04-101-1/+4
| | | | | | | | When serial numbers were generated with $RANDOM, there could be collisions. Use sequential numbers instead. Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* automember rebuild nowait feature addedAdam Misnyovszki2014-04-092-9/+68
| | | | | | | | | | | | | | | automember-rebuild uses asynchronous 389 task, and returned success even if the task didn't run. this patch fixes this issue adding a --nowait parameter to 'ipa automember-rebuild', defaulting to False, thus when the script runs without it, it waits for the 'nstaskexitcode' attribute, which means the task has finished. Old usage can be enabled using --nowait, and returns the DN of the task for further polling. New tests added also. https://fedorahosted.org/freeipa/ticket/4239 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* CA-less tests generate failureAdam Misnyovszki2014-04-081-0/+37
| | | | | | | | | | | CA-less test suite always generate failures when installing revoked certificates. This is a known issue, described in https://fedorahosted.org/freeipa/ticket/4270 , this fix skips these tests, outputting a warning for the later ticket. https://fedorahosted.org/freeipa/ticket/4271 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipatests: tasks: Wait 2 seconds after restart of SSSD when clearing the cacheTomas Babej2014-04-041-0/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: legacy_clients: Relax regex checksTomas Babej2014-04-041-3/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: legacy_clients: Use hostname instead of external hostname for AD ↵Tomas Babej2014-04-041-1/+1
| | | | | | subdomain Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Make sure that remnants of PKI are removedTomas Babej2014-04-041-0/+9
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Extending user plugin with inetOrgPerson fieldsAdam Misnyovszki2014-03-281-0/+92
| | | | | | | | | | | | | | | According to http://tools.ietf.org/html/rfc2798 ipa client and web ui extended with inetOrgPerson fields: - employeenumber - employeetype - preferredlanguage - departmentnumber carlicenseplate is now multivalued https://fedorahosted.org/freeipa/ticket/4165 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* webui: replace IPA.command usage with rpc.commandPetr Vobornik2014-03-271-2/+2
| | | | | | | Replace all IPA.command, IPA.batch_command and IPA.concurrent_command usages by equivalents from rpc module. Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* ipatests: Do not depend on the case of the attributes when testing ID rangesTomas Babej2014-03-261-4/+11
| | | | | | | | | In test_trust.py, several tests did case sensitive search on the output of the ipa idrange-show command. This could cause false negatives. Part of: https://fedorahosted.org/freeipa/ticket/4267 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Update pkcs10 module functions to always load CSRs and allow selecting format.Jan Cholasta2014-03-251-4/+3
| | | | | | This change makes the pkcs10 module more consistent with the x509 module. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Allow modifying permissions with ":" in the namePetr Viktorin2014-03-251-0/+25
| | | | | | | | | | | | | | The ":" character will be reserved for default permissions, so that users cannot create a permission with a name that will later be added as a default. Allow the ":" character modifying/deleting permissions*, but not when creating them. Also do not allow the new name to contain ":" when renaming. (* modify/delete have unrelated restrictions on managed permissions) Reviewed-By: Martin Kosek <mkosek@redhat.com>
* test_permission_plugin: Fix tests that make too broad assumptionsPetr Viktorin2014-03-252-44/+28
| | | | | | | | | | | | | | The test that searches with a limit of 1 assumes a specific order LDAP returns entries in. Future patches will change this order. Do not check the specific entry returned. The test that searched for --bindtype assumed that no anonymous permissions exist in a clean install. Again, this will be changed in future patches. Add a name to the bindtype test, and add a negatitive test to verify the filtering works. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Allow indexing API object types by classPetr Viktorin2014-03-251-2/+10
| | | | | | | | | | | | | | This allows code like: from ipalib.plugins.dns import dnszone_mod api.Command[dnszone_mod] This form should be preferred when getting specific objects because it ensures that the appropriate plugin is imported. https://fedorahosted.org/freeipa/ticket/4185 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Do not add the ipapermissionv2 for outputPetr Viktorin2014-03-242-2/+2
| | | | | | | | | As with the flags, the objectclass should be returned as it is on the entry. https://fedorahosted.org/freeipa/ticket/4257 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui-ci: fix test_rebuild_membership_hosts on server without DNSPetr Vobornik2014-03-241-19/+5
| | | | | | | Host adder dialog differs on installations with and without DNS. Previous test used values for adding hosts which were suitable only for IPA servers installed with DNS. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipatests: test_trust: Change expected home directories for posix usersTomas Babej2014-03-242-4/+5
| | | | | | | | | | | | | | Information from the AD about the home directories is not leveraged at all, but is generated from the username and domain. Fix the assumptions in the tests. Also changes 'Subdomain Test User' to 'Subdomaintest User' to be more consistent. https://fedorahosted.org/freeipa/ticket/4184 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* test_integration.tasks: Do not fail cleanup if backup directory does not existPetr Viktorin2014-03-201-1/+2
| | | | | | | | | If the test backup directory was never created (for example if there was an early failure, or install was never run), we don't want the test to fail. Do not restore if the backup dir is not there. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: change permissions UI to v2Petr Vobornik2014-03-201-3/+6
| | | | | | | | | | | | | | reflect ipalib permission changes in Web UI. - http://www.freeipa.org/page/V4/Permissions_V2 - http://www.freeipa.org/page/V4/Anonymous_and_All_permissions - http://www.freeipa.org/page/V4/Managed_Read_permissions - http://www.freeipa.org/page/V4/Multivalued_target_filters_in_permissions https://fedorahosted.org/freeipa/ticket/4079 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com> Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui-css: improve radio,checkbox keyboard support and colorPetr Vobornik2014-03-204-10/+10
| | | | | | | | | | | | | checkboxes and radio buttons: - do not change color on hover when disabled - are focusable and checkable be keyboard again. This uses a little trick where the real checkbox is hidden under the artificial checkbox. That way it has the same position and therefore it works even in containers with overflow set. https://fedorahosted.org/freeipa/ticket/4217 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* permission plugin: Do not change extra target filters by "views"Petr Viktorin2014-03-141-0/+165
| | | | | | | | | | | | | Previously, setting/deleting the "--type" virtual attribute removed all (objectclass=...) target filters. Change so that only the filter associated with --type is removed. The same change applies to --memberof: only filters associated with the option are removed when --memberof is (un-)set. Follow-up to https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Support searching by extratargetfilterPetr Viktorin2014-03-141-0/+42
| | | | | | | | | | The extratargetfilter behaves exactly like targetfilter, so that e.g. ipa permission-find --filter=(objectclass=ipausergroup) finds all permissions with that filter in the ACI. Part of the work for https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Add tests for extratargetfilterPetr Viktorin2014-03-141-0/+317
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission CLI: Rename filter to rawfilter, extratargetfilter to filterPetr Viktorin2014-03-141-1/+1
| | | | | | | Since extratargetfilter is shown by default, change it to also have the "default" (i.e. shorter) option name. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Output the extratargetfilter virtual attributePetr Viktorin2014-03-143-129/+11
| | | | | | | | | | | | | | | | | | The --filter, --type, and --memberof options interact in a way that's difficult to recreate in the UI: type and memberof are "views" on the filter, they affect it and are affected by it Add a "extratagretfilter" view that only contains the filters not linked to type or memberof. Show extra target filter, and not the full target filter, by default; show both with --all, and full filter only with --raw. Write support will be added in a subsequent patch. Part of the work for: https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix idrange unit test failureMartin Kosek2014-03-141-1/+1
| | | | | | | This is a follow up to patch for ticket 4247 - the raised errors.DependentEntry changed, test needs to be change as well. https://fedorahosted.org/freeipa/ticket/4247
* ipaserver.install.service: Fix estimated time displayPetr Viktorin2014-03-131-0/+36
| | | | | | | | | | Use basic math rather than timezone conversion to get minutes and seconds. Break out the message generation into a small tested function. https://fedorahosted.org/freeipa/ticket/4242 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* webui: Datetime parsing and formattingPetr Vobornik2014-03-131-1/+1
| | | | | | | | | | | | | | | this patch implements: - output_formatter in field. It should be used in par with formatter. Formatter serves for datasource->widget conversion, output_formatter for widget->datasource format conversion. - datetime module which parses/format strings in subset of ISO 8601 and LDAP generalized time format to Date. - utc formatter replaced with new datetime formatter - datetime_validator introduced - new datetime field, extension of text field, which by default uses datetime formatter and validator Dojo was regenerated to include dojo/string module https://fedorahosted.org/freeipa/ticket/4194 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* Do not hardcode path to ipa-getkeytab in testsPetr Viktorin2014-03-132-4/+11
| | | | | | | | | | | Using the in-tree binary makes testing outside the source tree impossible. Use ipa-getkeytab from $PATH, and add the directory to $PATH when running the in-tree tests. Part of the work for https://fedorahosted.org/freeipa/ticket/3654 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission_add: Remove permission entry if adding the ACI failsPetr Viktorin2014-03-121-0/+25
| | | | | | https://fedorahosted.org/freeipa/ticket/4187 Reviewed-By: Jan Pazdziora <jpazdziora@redhat.com>
* permissions plugin: Don't crash with empty targetfilterPetr Viktorin2014-03-071-0/+47
| | | | | | https://fedorahosted.org/freeipa/ticket/4206 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Allow multiple values for memberofPetr Viktorin2014-03-071-0/+40
| | | | | | | Design: http://www.freeipa.org/page/V3/Multivalued_target_filters_in_permissions Additional fix for: https://fedorahosted.org/freeipa/ticket/4074 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission-mod: Remove attributelevelrights before reverting entryPetr Viktorin2014-03-071-1/+26
| | | | | | | | | LDAPUpdate adds the display-only 'attributelevelrights' attribute, which doesn't exist in LDAP. Remove it before reverting entry. https://fedorahosted.org/freeipa/ticket/4212 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* tests: Create the testing service certificate on demandPetr Viktorin2014-03-063-28/+121
| | | | | | | | | Replace the make-testcert command with a module that creates the certificate when it is first needed. As a result the tests are more self-contained, and can be run from a read-only location (such as installed from a system package). Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add tests for integration test configurationPetr Viktorin2014-03-051-0/+437
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_integration.config: Convert some text values to strPetr Viktorin2014-03-052-8/+8
| | | | | | | When loading from file, some strings are loaded as unicode, which would throw off assert_deepequal. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipa-test-config: Add --json and --yaml output optionsPetr Viktorin2014-03-052-2/+40
| | | | | | | | Also update the man page. Part of the work for: https://fedorahosted.org/freeipa/ticket/3938 Reviewed-By: Tomas Babej <tbabej@redhat.com>