From d0e83dbccfdb35b1cdd4963ce4ffb2ff0627b066 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 21 Feb 2014 12:29:39 +0100 Subject: test_permission_plugin: Fix tests that make too broad assumptions The test that searches with a limit of 1 assumes a specific order LDAP returns entries in. Future patches will change this order. Do not check the specific entry returned. The test that searched for --bindtype assumed that no anonymous permissions exist in a clean install. Again, this will be changed in future patches. Add a name to the bindtype test, and add a negatitive test to verify the filtering works. Reviewed-By: Martin Kosek --- ipatests/test_xmlrpc/test_old_permission_plugin.py | 26 ++++-------- ipatests/test_xmlrpc/test_permission_plugin.py | 46 ++++++++++------------ 2 files changed, 28 insertions(+), 44 deletions(-) diff --git a/ipatests/test_xmlrpc/test_old_permission_plugin.py b/ipatests/test_xmlrpc/test_old_permission_plugin.py index 67c0a1c3f..56dd4435c 100644 --- a/ipatests/test_xmlrpc/test_old_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_old_permission_plugin.py @@ -554,31 +554,19 @@ class test_old_permission(Declarative): # This tests setting truncated to True in the post_callback of # permission_find(). The return order in LDAP is not guaranteed - # but in practice this is the first entry it finds. This is subject - # to change. + # so do not check the actual entry. dict( desc='Search for permissions by attr with a limit of 1 (truncated)', - command=('permission_find', [], dict(attrs=u'ipaenabledflag', - sizelimit=1)), + command=('permission_find', [u'Modify'], + dict(attrs=u'ipaenabledflag', sizelimit=1)), expected=dict( count=1, truncated=True, summary=u'1 permission matched', - result=[ - { - 'dn': DN(('cn', 'Modify HBAC rule'), - api.env.container_permission, api.env.basedn), - 'cn': [u'Modify HBAC rule'], - 'objectclass': objectclasses.permission, - 'member_privilege': [u'HBAC Administrator'], - 'memberindirect_role': [u'IT Security Specialist'], - 'permissions' : [u'write'], - 'attrs': [u'servicecategory', u'sourcehostcategory', u'cn', u'description', u'ipaenabledflag', u'accesstime', u'usercategory', u'hostcategory', u'accessruletype', u'sourcehost'], - 'ipapermbindruletype': [u'permission'], - 'ipapermtarget': [DN('ipauniqueid=*', hbac_dn)], - 'subtree': u'ldap:///%s' % api.env.basedn, - }, - ], + result=[lambda res: + DN(res['dn']).endswith(DN(api.env.container_permission, + api.env.basedn)) and + 'ipapermission' in res['objectclass']], ), ), diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 251305e80..5f305aa54 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -836,36 +836,19 @@ class test_permission(Declarative): # This tests setting truncated to True in the post_callback of # permission_find(). The return order in LDAP is not guaranteed - # but in practice this is the first entry it finds. This is subject - # to change. + # so do not check the actual entry. dict( desc='Search for permissions by attr with a limit of 1 (truncated)', - command=('permission_find', [], dict(attrs=u'ipaenabledflag', - sizelimit=1)), + command=('permission_find', [u'Modify'], + dict(attrs=u'ipaenabledflag', sizelimit=1)), expected=dict( count=1, truncated=True, summary=u'1 permission matched', - result=[ - { - 'dn': DN(('cn', 'Modify HBAC rule'), - api.env.container_permission, api.env.basedn), - 'cn': [u'Modify HBAC rule'], - 'objectclass': objectclasses.permission, - 'member_privilege': [u'HBAC Administrator'], - 'memberindirect_role': [u'IT Security Specialist'], - 'ipapermright' : [u'write'], - 'attrs': [u'servicecategory', u'sourcehostcategory', - u'cn', u'description', u'ipaenabledflag', - u'accesstime', u'usercategory', - u'hostcategory', u'accessruletype', - u'sourcehost'], - 'ipapermtarget': [DN(('ipauniqueid', '*'), - ('cn', 'hbac'), api.env.basedn)], - 'ipapermbindruletype': [u'permission'], - 'ipapermlocation': [api.env.basedn], - }, - ], + result=[lambda res: + DN(res['dn']).endswith(DN(api.env.container_permission, + api.env.basedn)) and + 'ipapermission' in res['objectclass']], ), ), @@ -2830,7 +2813,8 @@ class test_permission_bindtype(Declarative): dict( desc='Search for %r using --bindtype' % permission1, - command=('permission_find', [], {'ipapermbindruletype': u'all'}), + command=('permission_find', [permission1], + {'ipapermbindruletype': u'all'}), expected=dict( count=1, truncated=False, @@ -2850,6 +2834,18 @@ class test_permission_bindtype(Declarative): ), ), + dict( + desc='Search for %r using bad --bindtype' % permission1, + command=('permission_find', [permission1], + {'ipapermbindruletype': u'anonymous'}), + expected=dict( + count=0, + truncated=False, + summary=u'0 permissions matched', + result=[], + ), + ), + dict( desc='Add zero permissions to %r' % (privilege1), command=('privilege_add_permission', [privilege1], {}), -- cgit