summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Fix failing tests due to object name changesRob Crittenden2011-07-172-8/+8
| | | | | Some object names had spaces in them which was bad, update the tests to reflect the new names.
* Add new dnszone-find testMartin Kosek2011-07-181-0/+82
| | | | | | | | Implement a test for new dnszone-find option --forward-only. Fix example for reverse zone (zone was not fully qualified and DNS plugin would forbid adding PTR records). https://fedorahosted.org/freeipa/ticket/1473
* Add ability to specify DNS reverse zone name by IP network address.Jan Cholasta2011-07-151-0/+27
| | | | | | | In order for this to work, chaining of parameters through default_from is made possible. ticket 1474
* Remove the ability to create new HBAC deny rules.Rob Crittenden2011-07-141-0/+25
| | | | | | | | | | New rules will all be allow type. Existing rules cannot be changed to deny. The type attribute now defaults to allow with autofill so it won't be prompted in interactive mode in the cli. https://fedorahosted.org/freeipa/ticket/1432
* Convert nsaccountlock to always work as bool towards Python codeAlexander Bokovoy2011-07-133-24/+24
| | | | | | | | https://fedorahosted.org/freeipa/ticket/1259 Python code will see nsaccountlock as bool. JavaScript code will also see it as bool. This allows native boolean operations with the lock field. Passes both CLI and WebUI tests.
* Add DNS record modification commandMartin Kosek2011-07-121-2/+46
| | | | | | | | | | | | | | | | | The DNS record plugin does not support modification of a record. One can only add A type addresses to a DNS record or remove the current ones. To actually change a DNS record value it has to be removed and then added with a desired value. This patch adds a new DNS plugin command "dnsrecord-mod" which enables user to: - modify a DNS record value (note than DNS record can hold multiple values and those will be overwritten) - remove a DNS record when an empty value is passed New tests for this new command have been added to the CLI test suite. https://fedorahosted.org/freeipa/ticket/1137
* Fix test failure in updater when adding values to a single-value attrRob Crittenden2011-07-112-1/+2
| | | | | | | The ipaldap.py code was updated to consider the schema when making changes and does a REPLACE on single-value attributes. So when you do an add in an update it will effectively replace the value instead of ignoring it.
* find_entry_by_attr() should fail if multiple entries are foundRob Crittenden2011-07-111-0/+35
| | | | | | | | | | It will only ever return one entry so if more than one are found then we raise an exception. This is most easily seen in the host plugin where we search on the server shortname which can be the same across sub-domains (e.g. foo.example.com & foo.lab.example.com). https://fedorahosted.org/freeipa/ticket/1388
* Let the framework be able to override the hostname.Rob Crittenden2011-06-231-1/+0
| | | | | | | | | | | | | | | | | | The hostname is passed in during the server installation. We should use this hostname for the resulting server as well. It was being discarded and we always used the system hostname value. Important changes: - configure ipa_hostname in sssd on masters - set PKI_HOSTNAME so the hostname is passed to dogtag installer - set the hostname when doing ldapi binds This also reorders some things in the dogtag installer to eliminate an unnecessary restart. We were restarting the service twice in a row with very little time in between and this could result in a slew of reported errors, though the server installed ok. ticket 1052
* Update test_role_plugin test to include a comma in a privilegeJohn Dennis2011-06-221-6/+10
| | | | | | | | | | | | | | | | | | | | | | Introduce a comma into a privilege name to assure we can handle commas. Commas must be escaped for some parameters, add escape_comma() utility and invoke it for the necessary parameters. Utilize a DN object to properly construct a DN and most importantly to allow equality testing beween the DN we expect and the one returned. This is necessary because a DN can be encoded according to different encoding syntaxes all of which are valid. DN objects always decode from their input. DN objects can test for equality between DN's without being affected by DN encoding. Add a equality callback for the dn in the expected dict. When the test framework tests for equality between the expected value and the returned value it will call back into a function we provide which will convert the returned dn into a DN object. An equality test is then performed between two DN objects. This is the only way to properly compare two dn's.
* assert_deepequal supports callback for equality testingJohn Dennis2011-06-221-1/+10
|
* Module for DN objects plus unit testJohn Dennis2011-06-221-0/+919
|
* Require an imported certificate's issuer to match our issuer.Rob Crittenden2011-06-163-35/+60
| | | | | | | | | | The goal is to not import foreign certificates. This caused a bunch of tests to fail because we had a hardcoded server certificate. Instead a developer will need to run make-testcert to create a server certificate generated by the local CA to test against. ticket 1134
* Raise DuplicateEntry Error when adding a duplicate sudo optionJr Aquino2011-06-161-3/+2
| | | | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1276 https://fedorahosted.org/freeipa/ticket/1277 https://fedorahosted.org/freeipa/ticket/1308 Added new Exception: AttrValueNotFound Fixed XML Test for Sudorule remove_option 1276 (Raise AttrValueNotFound when trying to remove a non-existent option from Sudo rule) 1277 (Raise DuplicateEntry Error when adding a duplicate sudo option) 1308 (Make sudooption a required option for sudorule_remove_option)
* Add a list of managed hostsMartin Kosek2011-06-151-0/+2
| | | | | | | | Enhance Host plugin to provide not only "Managed By" list but also a list of managed hosts. The new list is generated only when --all option is passed. https://fedorahosted.org/freeipa/ticket/993
* Fix indirect member calculationRob Crittenden2011-06-141-38/+255
| | | | | | | | | | | | | | | | | Indirect membership is calculated by looking at each member and pulling all the memberof out of it. What was missing was doing nested searches on any members in that member group. So if group2 was a member of group1 and group3 was a member of group2 we would miss group3 as being an indirect member of group1. I updated the nesting test to do deeper nested testing. I confirmed that this test failed with the old code and works with the new. This also prevents duplicate indirect users and looping on circular membership. ticket https://fedorahosted.org/freeipa/ticket/1273
* Add UID, GID and e-mail to the user default attributes.Rob Crittenden2011-06-087-2/+58
| | | | ticket https://fedorahosted.org/freeipa/ticket/1265
* Add sudorule and hbacrule to memberof and indirectmemberof attributesJr Aquino2011-06-062-2/+72
| | | | | | | | Add Add tests for users, groups, hosts and hostgroups to verify membership Update API to version 2.3 https://fedorahosted.org/freeipa/ticket/1170
* Do stricter checking of IP addressed passed to server install.Jan Cholasta2011-05-301-0/+9
| | | | ticket 1213
* Parse netmasks in IP addresses passed to server install.Jan Cholasta2011-05-302-0/+78
| | | | ticket 1212
* Add option to limit the attributes allowed in an entry.Rob Crittenden2011-05-272-0/+158
| | | | | | | | | | | | | | | | Kerberos ticket policy can update policy in a user entry. This allowed set/addattr to be used to modify attributes outside of the ticket policy perview, also bypassing all validation/normalization. Likewise the ticket policy was updatable by the user plugin bypassing all validation. Add two new LDAPObject values to control this behavior: limit_object_classes: only attributes in these are allowed disallow_object_classes: attributes in these are disallowed By default both of these lists are empty so are skipped. ticket 744
* A new flag to disable creation of UPGMartin Kosek2011-05-251-0/+44
| | | | | | | | Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131
* Modify the default attributes shown in user-find to match the UI design.Rob Crittenden2011-04-221-5/+9
| | | | | | | | | | | | | | | This change means the UI can stop using the --all option and have to retrieve significantly less information from the server. It also speeds up user-find as it doesn't have to calculate membership. This adds a new baseclass parameter, search_display_attributes, which can provide a separate list from default_attributes just for find commands. The UI will need to be changed to switch from using cn to using givenname and sn. ticket 1136
* Convert manager from userid to dn for storage and back for displaying.Rob Crittenden2011-04-221-0/+27
| | | | ticket 1151
* Sort entries returned by *-find by the primary key (if any).Rob Crittenden2011-04-132-8/+8
| | | | | | | | Do a server-side sort if there is a primary key. Fix a couple of tests that were failing due to the new sorting. ticket 794
* postalCode should be a string not an integer.Rob Crittenden2011-04-051-1/+2
| | | | | | | | | | | | postalCode is defined as an Int. This means you can't define one that has a leading zero nor can you have dashes, letters, etc. This changes the data type on the server. It will still accept an int value if provided and convert it into a string. Bump the API version to 2.1. ticket 1150
* Change default gecos from uid to first and last name.Rob Crittenden2011-04-056-12/+12
| | | | ticket 1146
* Replace only if old and new have nothing in commonRob Crittenden2011-03-031-0/+204
| | | | | | | Jakub did the initial diagnosis of this, I added a fix for removing the last entry when removing members and a test case. ticket 1000
* Final i18n unit test fixes.Pavel Zuna2011-03-011-6/+6
|
* Fix i18n related failures in unit tests.Pavel Zuna2011-03-015-57/+29
|
* Remove deprecated i18n code from ipalib/request and all references to it.Pavel Zuna2011-03-011-161/+0
| | | | Ticket #903
* Sudo command groups are not supposed to allow nesting.Rob Crittenden2011-02-231-4/+0
| | | | | | | It was a design decision to not allow nesting sudo command groups, remove it. ticket 1004
* Collect memberof information for sudo commands.Rob Crittenden2011-02-231-2/+19
| | | | | | | | | | | | We weren't searching the cn=sudo container so all members of a sudocmdgroup looked indirect. Add a label for sudo command groups. Update the tests to include verifying that membership is done properly. ticket 1003
* Add handling for indirect memberof other entries.Rob Crittenden2011-02-212-3/+163
| | | | | | | | | | | | | | | This creates a new custom attribute, memberofindirect_[plugin]. Using this you can tell the difference between being an actual memberof another entry and being a memberof as the result if inheritence. This is particularly useful when trying to remove members of an entry, you can only remove direct members. I had to add a couple of short sleep calls to make things work a little better. The memberof plugin runs as a postop and we have no way of knowing when it has done its work. If we don't pause we may show some stale data that memberof hasn't updated yet. .3 seconds is an arbitrary choice. ticket 966
* Fixed parameter for user city.Endi S. Dewata2011-02-181-2/+2
| | | | | | | Previously the user's city parameter is defined to use the 'locality' attribute. This was a problem because the attribute would be returned as 'l' by the directory server causing a mismatch. Now the parameter has been changed to use the 'l' attribute.
* HBAC plugin inconsistent outputMartin Kosek2011-02-161-6/+6
| | | | | | | | This patch adds a proper summary text to HBAC command which is then printed out in CLI. Now, HBAC plugin output is consistent with other plugins. https://fedorahosted.org/freeipa/ticket/596
* A mod command should not be able to remove a required attribute.Rob Crittenden2011-02-141-1/+63
| | | | | | | | | | | | Some attribute enforcement is done by schema, others should be done by the required option in a Parameter. description, for example, is required by many plugins but not the schema. We need to enforce in the framework that required options are provided. After all the setattr/addattr work is done run through the modifications and ensure that no required values will be removed. ticket 852
* Ignore case when removing group members.Rob Crittenden2011-02-141-0/+119
| | | | ticket 944
* Convert json strings to unicode when they are unmarshalled.Rob Crittenden2011-02-112-3/+3
| | | | | | | | | This patch removes some individual work-arounds of converting strings to unicode, they only masked the problem. String values are not passed to the validator or normalizers so things like adding the realm automatically to services weren't happening. ticket 941
* Fix test failures caused by the performance patch.Rob Crittenden2011-02-101-0/+2
| | | | | | It isn't safe to assume there is an environment or mode in any given object. Only skip the extra work if the object explicitly has production in it.
* Use correct LDAP attributes for city and state.Rob Crittenden2011-02-021-0/+45
| | | | | | Also add a unit test for address. Ticket 889
* Add new schema to store information about permissions.Rob Crittenden2011-02-011-0/+1
| | | | | | | | | There are some permissions we can't display because they are stored outside of the basedn (such as the replication permissions). We are adding a new attribute to store extra information to make this clear, in this case SYSTEM. ticket 853
* Permission rename test failingMartin Kosek2011-02-011-9/+5
| | | | | | | | This patch fixes test for Permission plugin - mainly permission-mod part. Description field that the tests expected and which was removed in ticket 792 was removed from the tests. https://fedorahosted.org/freeipa/ticket/892
* Fix changing membergroup in a delegation.Rob Crittenden2011-02-011-5/+5
| | | | | | | | This is mostly due to inconsistent option name usage but also due to the aci plugin not always treating memberof as a special kind of filter. ticket 869
* Rename permissions and privileges to be more readable.Rob Crittenden2011-01-312-20/+4
| | | | | | | This also drops description from permissions since it seems redundant and fixes up the help text a little. ticket 792
* ipa permission-mod --rename does not workMartin Kosek2011-01-281-4/+64
| | | | | | | | | | | This patch fixes nonfunctional rename operation in permission plugin. Also makes sure, that no change is made to the underlying ACI in pre_callback() when the target permission already exists. Several tests for the rename operation have been created to ensure that the it won't break again unnoticed. https://fedorahosted.org/freeipa/ticket/814
* Enforce that all NS records are resolvableJakub Hrozek2011-01-281-1/+60
| | | | | | | Bind cannot load a zone if any of its name server records is not resolvable. https://fedorahosted.org/freeipa/ticket/838
* Delete the whole DNS record with no parametersJakub Hrozek2011-01-281-17/+21
| | | | | | | | | Error out when deleting a nonexistent DNS record Also fixes the DNS unit tests. https://fedorahosted.org/freeipa/ticket/816 https://fedorahosted.org/freeipa/ticket/829
* Enforce uniqueness on (key,info) pairs in automount keysJakub Hrozek2011-01-251-17/+66
| | | | https://fedorahosted.org/freeipa/ticket/293
* Fix failed tests. API for utcoffset changed and strings are more robust.Rob Crittenden2011-01-241-3/+4
| | | | | | | In Python 2.7 the API for time.utcoffset() changed. We do more automatic conversions of strings so need to loosen the tests a bit.
generated by cgit (git 2.34.1) at 2025-04-04 19:33:38 +0000