IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity
f77c0a573c
freeipa/ipatests/test_xmlrpc/test_attr.py

375 lines
15 KiB
Python
Raw Normal View History

Properly handle multi-valued attributes when using setattr/addattr. The problem was that the normalizer was returning each value as a tuple which we were then appending to a list, so it looked like [(u'value1',), (u'value2',),...]. If there was a single value we could end up adding a tuple to a list which would fail. Additionally python-ldap doesn't like lists of lists so it was failing later in the process as well. I've added some simple tests for setattr and addattr. ticket 565
2010-12-08 12:26:27 -06:00
# Authors:
# Rob Crittenden <rcritten@redhat.com>
Refactor test_attr Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-11-27 08:41:47 -06:00
# Filip Skola <fskola@redhat.com>
Properly handle multi-valued attributes when using setattr/addattr. The problem was that the normalizer was returning each value as a tuple which we were then appending to a list, so it looked like [(u'value1',), (u'value2',),...]. If there was a single value we could end up adding a tuple to a list which would fail. Additionally python-ldap doesn't like lists of lists so it was failing later in the process as well. I've added some simple tests for setattr and addattr. ticket 565
2010-12-08 12:26:27 -06:00
#
# Copyright (C) 2010 Red Hat
# see file 'COPYING' for use and warranty information
#
Change FreeIPA license to GPLv3+ The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
2010-12-09 06:59:11 -06:00
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
Properly handle multi-valued attributes when using setattr/addattr. The problem was that the normalizer was returning each value as a tuple which we were then appending to a list, so it looked like [(u'value1',), (u'value2',),...]. If there was a single value we could end up adding a tuple to a list which would fail. Additionally python-ldap doesn't like lists of lists so it was failing later in the process as well. I've added some simple tests for setattr and addattr. ticket 565
2010-12-08 12:26:27 -06:00
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
Change FreeIPA license to GPLv3+ The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
2010-12-09 06:59:11 -06:00
# along with this program. If not, see <http://www.gnu.org/licenses/>.
Properly handle multi-valued attributes when using setattr/addattr. The problem was that the normalizer was returning each value as a tuple which we were then appending to a list, so it looked like [(u'value1',), (u'value2',),...]. If there was a single value we could end up adding a tuple to a list which would fail. Additionally python-ldap doesn't like lists of lists so it was failing later in the process as well. I've added some simple tests for setattr and addattr. ticket 565
2010-12-08 12:26:27 -06:00
"""
A mod command should not be able to remove a required attribute. Some attribute enforcement is done by schema, others should be done by the required option in a Parameter. description, for example, is required by many plugins but not the schema. We need to enforce in the framework that required options are provided. After all the setattr/addattr work is done run through the modifications and ensure that no required values will be removed. ticket 852
2011-02-14 09:18:31 -06:00
Test --setattr and --addattr and other attribute-specific issues
Properly handle multi-valued attributes when using setattr/addattr. The problem was that the normalizer was returning each value as a tuple which we were then appending to a list, so it looked like [(u'value1',), (u'value2',),...]. If there was a single value we could end up adding a tuple to a list which would fail. Additionally python-ldap doesn't like lists of lists so it was failing later in the process as well. I've added some simple tests for setattr and addattr. ticket 565
2010-12-08 12:26:27 -06:00
"""
Convert values using _SYNTAX_MAPPING with --delattr When an entry is loaded the incoming values are converted into python datatypes automatically based on the _SYNTAX_MAPPING value in ipaldap. When using delattr to remove a mapped value it will fail because the datatypes do not match up. For example date types are datetime.datetime structions and won't match a generalized time string. So try to map the value to delete using _SYNTAX_MAPPING before trying to remove the value. Fall back to trying to remove the raw value if the mapping fails. This won't work for some mapping types, DNs for example. Providing only the RDN value for a DN-type, manager for example, lacks the context to know how to construct the DN (RDN and contaner). Fixes: https://pagure.io/freeipa/issue/9004 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-02-11 10:19:30 -06:00
from ipalib.constants import LDAP_GENERALIZED_TIME_FORMAT
Use a user result template in tests This makes the tests shorter, more descriptive, and easier to change e.g. when new attributes are added.
2013-09-30 03:50:59 -05:00
from ipalib import errors
Refactor test_attr Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-11-27 08:41:47 -06:00
from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test, raises_exact
from ipatests.test_xmlrpc.tracker.user_plugin import UserTracker
Applied tier0 and tier1 marks on unit tests and xmlrpc tests Web UI tests were marked as tier1 tests. The tier system is intended to be used together with CI system to make sure the more complicated tests are being run only when all of the basic functionality is working. The system is using pytest's marker system. E.g. an invocation of all tier1 tests with listing will look like: $ py.test -v -m tier1 ipatests or in case of out of tree tests: $ ipa-run-tests -m tier1 Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
2015-04-24 07:39:48 -05:00
import pytest
Use DN objects instead of strings * Convert every string specifying a DN into a DN object * Every place a dn was manipulated in some fashion it was replaced by the use of DN operators * Add new DNParam parameter type for parameters which are DN's * DN objects are used 100% of the time throughout the entire data pipeline whenever something is logically a dn. * Many classes now enforce DN usage for their attributes which are dn's. This is implmented via ipautil.dn_attribute_property(). The only permitted types for a class attribute specified to be a DN are either None or a DN object. * Require that every place a dn is used it must be a DN object. This translates into lot of:: assert isinstance(dn, DN) sprinkled through out the code. Maintaining these asserts is valuable to preserve DN type enforcement. The asserts can be disabled in production. The goal of 100% DN usage 100% of the time has been realized, these asserts are meant to preserve that. The asserts also proved valuable in detecting functions which did not obey their function signatures, such as the baseldap pre and post callbacks. * Moved ipalib.dn to ipapython.dn because DN class is shared with all components, not just the server which uses ipalib. * All API's now accept DN's natively, no need to convert to str (or unicode). * Removed ipalib.encoder and encode/decode decorators. Type conversion is now explicitly performed in each IPASimpleLDAPObject method which emulates a ldap.SimpleLDAPObject method. * Entity & Entry classes now utilize DN's * Removed __getattr__ in Entity & Entity clases. There were two problems with it. It presented synthetic Python object attributes based on the current LDAP data it contained. There is no way to validate synthetic attributes using code checkers, you can't search the code to find LDAP attribute accesses (because synthetic attriutes look like Python attributes instead of LDAP data) and error handling is circumscribed. Secondly __getattr__ was hiding Python internal methods which broke class semantics. * Replace use of methods inherited from ldap.SimpleLDAPObject via IPAdmin class with IPAdmin methods. Directly using inherited methods was causing us to bypass IPA logic. Mostly this meant replacing the use of search_s() with getEntry() or getList(). Similarly direct access of the LDAP data in classes using IPAdmin were replaced with calls to getValue() or getValues(). * Objects returned by ldap2.find_entries() are now compatible with either the python-ldap access methodology or the Entity/Entry access methodology. * All ldap operations now funnel through the common IPASimpleLDAPObject giving us a single location where we interface to python-ldap and perform conversions. * The above 4 modifications means we've greatly reduced the proliferation of multiple inconsistent ways to perform LDAP operations. We are well on the way to having a single API in IPA for doing LDAP (a long range goal). * All certificate subject bases are now DN's * DN objects were enhanced thusly: - find, rfind, index, rindex, replace and insert methods were added - AVA, RDN and DN classes were refactored in immutable and mutable variants, the mutable variants are EditableAVA, EditableRDN and EditableDN. By default we use the immutable variants preserving important semantics. To edit a DN cast it to an EditableDN and cast it back to DN when done editing. These issues are fully described in other documentation. - first_key_match was removed - DN equalty comparison permits comparison to a basestring * Fixed ldapupdate to work with DN's. This work included: - Enhance test_updates.py to do more checking after applying update. Add test for update_from_dict(). Convert code to use unittest classes. - Consolidated duplicate code. - Moved code which should have been in the class into the class. - Fix the handling of the 'deleteentry' update action. It's no longer necessary to supply fake attributes to make it work. Detect case where subsequent update applies a change to entry previously marked for deletetion. General clean-up and simplification of the 'deleteentry' logic. - Rewrote a couple of functions to be clearer and more Pythonic. - Added documentation on the data structure being used. - Simplfy the use of update_from_dict() * Removed all usage of get_schema() which was being called prior to accessing the .schema attribute of an object. If a class is using internal lazy loading as an optimization it's not right to require users of the interface to be aware of internal optimization's. schema is now a property and when the schema property is accessed it calls a private internal method to perform the lazy loading. * Added SchemaCache class to cache the schema's from individual servers. This was done because of the observation we talk to different LDAP servers, each of which may have it's own schema. Previously we globally cached the schema from the first server we connected to and returned that schema in all contexts. The cache includes controls to invalidate it thus forcing a schema refresh. * Schema caching is now senstive to the run time context. During install and upgrade the schema can change leading to errors due to out-of-date cached schema. The schema cache is refreshed in these contexts. * We are aware of the LDAP syntax of all LDAP attributes. Every attribute returned from an LDAP operation is passed through a central table look-up based on it's LDAP syntax. The table key is the LDAP syntax it's value is a Python callable that returns a Python object matching the LDAP syntax. There are a handful of LDAP attributes whose syntax is historically incorrect (e.g. DistguishedNames that are defined as DirectoryStrings). The table driven conversion mechanism is augmented with a table of hard coded exceptions. Currently only the following conversions occur via the table: - dn's are converted to DN objects - binary objects are converted to Python str objects (IPA convention). - everything else is converted to unicode using UTF-8 decoding (IPA convention). However, now that the table driven conversion mechanism is in place it would be trivial to do things such as converting attributes which have LDAP integer syntax into a Python integer, etc. * Expected values in the unit tests which are a DN no longer need to use lambda expressions to promote the returned value to a DN for equality comparison. The return value is automatically promoted to a DN. The lambda expressions have been removed making the code much simpler and easier to read. * Add class level logging to a number of classes which did not support logging, less need for use of root_logger. * Remove ipaserver/conn.py, it was unused. * Consolidated duplicate code wherever it was found. * Fixed many places that used string concatenation to form a new string rather than string formatting operators. This is necessary because string formatting converts it's arguments to a string prior to building the result string. You can't concatenate a string and a non-string. * Simplify logic in rename_managed plugin. Use DN operators to edit dn's. * The live version of ipa-ldap-updater did not generate a log file. The offline version did, now both do. https://fedorahosted.org/freeipa/ticket/1670 https://fedorahosted.org/freeipa/ticket/1671 https://fedorahosted.org/freeipa/ticket/1672 https://fedorahosted.org/freeipa/ticket/1673 https://fedorahosted.org/freeipa/ticket/1674 https://fedorahosted.org/freeipa/ticket/1392 https://fedorahosted.org/freeipa/ticket/2872
2012-05-13 06:36:35 -05:00
Convert values using _SYNTAX_MAPPING with --delattr When an entry is loaded the incoming values are converted into python datatypes automatically based on the _SYNTAX_MAPPING value in ipaldap. When using delattr to remove a mapped value it will fail because the datatypes do not match up. For example date types are datetime.datetime structions and won't match a generalized time string. So try to map the value to delete using _SYNTAX_MAPPING before trying to remove the value. Fall back to trying to remove the raw value if the mapping fails. This won't work for some mapping types, DNs for example. Providing only the RDN value for a DN-type, manager for example, lacks the context to know how to construct the DN (RDN and contaner). Fixes: https://pagure.io/freeipa/issue/9004 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-02-11 10:19:30 -06:00
from datetime import datetime
Refactor test_attr Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-11-27 08:41:47 -06:00
@pytest.fixture(scope='class')
pytest: Migrate xunit-style setups to Pytest fixtures Even though Pytest supports xunit style setups, unittest and nose tests, this support is limited and may be dropped in the future releases. Worst of all is that the mixing of various test frameworks results in weird conflicts and of course, is not widely tested. This is a part of work to remove the mixing of test idioms in the IPA's test suite: 1) replace xunit style 2) employ the fixtures' interdependencies Related: https://pagure.io/freeipa/issue/7989 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Christian Heimes <cheimes@redhat.com>
2019-06-20 09:14:02 -05:00
def user(request, xmlrpc_setup):
Refactor test_attr Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-11-27 08:41:47 -06:00
tracker = UserTracker(name=u'user1', givenname=u'Test', sn=u'User1')
return tracker.make_fixture(request)
Convert values using _SYNTAX_MAPPING with --delattr When an entry is loaded the incoming values are converted into python datatypes automatically based on the _SYNTAX_MAPPING value in ipaldap. When using delattr to remove a mapped value it will fail because the datatypes do not match up. For example date types are datetime.datetime structions and won't match a generalized time string. So try to map the value to delete using _SYNTAX_MAPPING before trying to remove the value. Fall back to trying to remove the raw value if the mapping fails. This won't work for some mapping types, DNs for example. Providing only the RDN value for a DN-type, manager for example, lacks the context to know how to construct the DN (RDN and contaner). Fixes: https://pagure.io/freeipa/issue/9004 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-02-11 10:19:30 -06:00
@pytest.fixture(scope='class')
def manager(request, xmlrpc_setup):
tracker = UserTracker(name=u'manager', givenname=u'Test', sn=u'Manager')
return tracker.make_fixture(request)
Refactor test_attr Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-11-27 08:41:47 -06:00
@pytest.mark.tier1
class TestAttrOnUser(XMLRPC_test):
def test_add_user_with_singlevalue_addattr(self):
""" Try to add a user with single-value attribute
set via option and --addattr """
user = UserTracker(name=u'user', givenname=u'Test', sn=u'User1',
addattr=u'sn=User2')
command = user.make_create_command()
with raises_exact(errors.OnlyOneValueAllowed(attr='sn')):
command()
def test_create_user(self, user):
""" Create a test user """
user.ensure_exists()
def test_change_givenname_add_mail_user(self, user):
""" Change givenname, add mail to user """
user.ensure_exists()
user.update(
dict(setattr=(u'givenname=Finkle', u'mail=test@example.com')),
dict(givenname=[u'Finkle'], mail=[u'test@example.com'], setattr='')
)
def test_add_another_mail_user(self, user):
""" Add another mail to user """
user.ensure_exists()
update = u'test2@example.com'
user.attrs['mail'].append(update)
user.update(dict(addattr='mail='+update),
dict(addattr=''))
def test_add_two_phone_numbers_at_once_user(self, user):
""" Add two phone numbers at once to user """
user.ensure_exists()
update1 = u'410-555-1212'
update2 = u'301-555-1212'
user.update(
dict(setattr=u'telephoneNumber='+update1,
addattr=u'telephoneNumber='+update2),
dict(addattr='', setattr='',
telephonenumber=[update1, update2]))
def test_go_from_two_phone_numbers_to_one(self, user):
""" Go from two phone numbers to one for user """
update = u'301-555-1212'
user.ensure_exists()
user.update(dict(setattr=u'telephoneNumber='+update),
dict(setattr='', telephonenumber=[update]))
def test_add_two_more_phone_numbers(self, user):
""" Add two more phone numbers to user """
user.ensure_exists()
update1 = u'703-555-1212'
update2 = u'202-888-9833'
user.attrs['telephonenumber'].extend([update1, update2])
user.update(dict(addattr=(u'telephoneNumber='+update1,
u'telephoneNumber='+update2)),
dict(addattr=''))
def test_delete_one_phone_number(self, user):
""" Delete one phone number for user """
user.ensure_exists()
update = u'301-555-1212'
user.attrs['telephonenumber'].remove(update)
user.update(dict(delattr=u'telephoneNumber='+update), dict(delattr=''))
def test_delete_the_number_again(self, user):
""" Try deleting the number again for user """
user.ensure_exists()
update = u'301-555-1212'
command = user.make_update_command(
dict(delattr=u'telephoneNumber='+update))
with raises_exact(errors.AttrValueNotFound(
attr=u'telephonenumber', value=update)):
command()
def test_add_and_delete_one_phone_number(self, user):
""" Add and delete one phone number for user """
user.ensure_exists()
update1 = u'202-888-9833'
update2 = u'301-555-1212'
user.attrs['telephonenumber'].remove(update1)
user.attrs['telephonenumber'].append(update2)
user.update(dict(addattr=u'telephoneNumber='+update2,
delattr=u'telephoneNumber='+update1),
dict(addattr='', delattr=''))
def test_add_and_delete_the_same_phone_number(self, user):
""" Add and delete the same phone number for user """
user.ensure_exists()
update1 = u'301-555-1212'
update2 = u'202-888-9833'
user.attrs['telephonenumber'].append(update2)
user.update(dict(addattr=(u'telephoneNumber='+update1,
u'telephoneNumber='+update2),
delattr=u'telephoneNumber='+update1),
dict(addattr='', delattr=''))
def test_set_and_delete_a_phone_number(self, user):
""" Set and delete a phone number for user """
user.ensure_exists()
update1 = u'301-555-1212'
update2 = u'202-888-9833'
user.attrs.update(telephonenumber=[update2])
user.update(dict(setattr=(u'telephoneNumber='+update1,
u'telephoneNumber='+update2),
delattr=u'telephoneNumber='+update1),
dict(setattr='', delattr=''))
def test_set_givenname_to_none_with_setattr(self, user):
""" Try setting givenname to None with setattr in user """
user.ensure_exists()
command = user.make_update_command(dict(setattr=(u'givenname=')))
frontend: re-raise remote RequirementError using CLI name in CLI https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
2016-05-18 03:03:39 -05:00
with raises_exact(errors.RequirementError(name='first')):
Refactor test_attr Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-11-27 08:41:47 -06:00
command()
def test_set_givenname_to_none_with_option(self, user):
""" Try setting givenname to None with option in user """
user.ensure_exists()
command = user.make_update_command(dict(givenname=None))
with raises_exact(errors.RequirementError(name='first')):
command()
def test_set_givenname_with_option_in_user(self, user):
""" Make sure setting givenname works with option in user """
user.ensure_exists()
user.update(dict(givenname=u'Fred'))
def test_set_givenname_with_setattr_in_user(self, user):
""" Make sure setting givenname works with setattr in user """
user.ensure_exists()
user.update(dict(setattr=u'givenname=Finkle'),
dict(givenname=[u'Finkle'], setattr=''))
def test_remove_empty_location_from_user(self, user):
""" Try to "remove" empty location from user """
user.ensure_exists()
command = user.make_update_command(dict(l=None))
with raises_exact(errors.EmptyModlist()):
command()
def test_lock_user_using_setattr(self, user):
""" Lock user using setattr """
user.ensure_exists()
user.update(dict(setattr=u'nsaccountlock=TrUe'),
dict(nsaccountlock=True, setattr=''))
def test_unlock_user_using_addattr_delattr(self, user):
""" Unlock user using addattr&delattr """
user.ensure_exists()
user.update(dict(addattr=u'nsaccountlock=FaLsE',
delattr=u'nsaccountlock=TRUE'),
dict(addattr='', delattr='', nsaccountlock=False))
Properly handle multi-valued attributes when using setattr/addattr. The problem was that the normalizer was returning each value as a tuple which we were then appending to a list, so it looked like [(u'value1',), (u'value2',),...]. If there was a single value we could end up adding a tuple to a list which would fail. Additionally python-ldap doesn't like lists of lists so it was failing later in the process as well. I've added some simple tests for setattr and addattr. ticket 565
2010-12-08 12:26:27 -06:00
Convert values using _SYNTAX_MAPPING with --delattr When an entry is loaded the incoming values are converted into python datatypes automatically based on the _SYNTAX_MAPPING value in ipaldap. When using delattr to remove a mapped value it will fail because the datatypes do not match up. For example date types are datetime.datetime structions and won't match a generalized time string. So try to map the value to delete using _SYNTAX_MAPPING before trying to remove the value. Fall back to trying to remove the raw value if the mapping fails. This won't work for some mapping types, DNs for example. Providing only the RDN value for a DN-type, manager for example, lacks the context to know how to construct the DN (RDN and contaner). Fixes: https://pagure.io/freeipa/issue/9004 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-02-11 10:19:30 -06:00
def test_add_and_delete_datetime(self, user):
""" Delete a datetime data type """
user.ensure_exists()
# Set to a known value, then delete that value
expdate = u'20220210144006Z'
user.update(
dict(setattr=u'krbpasswordexpiration=' + expdate),
dict(krbpasswordexpiration=[
datetime.strptime(expdate, LDAP_GENERALIZED_TIME_FORMAT)
], setattr='')
)
user.update(
dict(delattr=u'krbpasswordexpiration=' + expdate),
dict(delattr='')
)
def test_delete_nonexistent_datetime(self, user):
""" Delete a datetime data type that isn't in the entry """
user.ensure_exists()
expdate = u'20220210144006Z'
bad_expdate = u'20280210144006Z'
user.update(
dict(setattr=u'krbpasswordexpiration=' + expdate),
dict(krbpasswordexpiration=[
datetime.strptime(expdate, LDAP_GENERALIZED_TIME_FORMAT)
], setattr='')
)
command = user.make_update_command(
dict(delattr=u'krbpasswordexpiration=' + bad_expdate),
)
with raises_exact(errors.AttrValueNotFound(
attr='krbpasswordexpiration', value=bad_expdate)):
command()
def test_add_and_delete_DN(self, user, manager):
""" Delete a DN data type """
user.ensure_exists()
manager.ensure_exists()
user.update(
dict(setattr=u'manager=manager'),
dict(manager=['manager'], setattr='')
)
command = user.make_update_command(
dict(delattr=u'manager=manager'),
)
# Setting works because the user plugin knows the container
# to convert a string to a DN. Passing in just the uid we
# don't have the context in ldap.decode() to know the entry
# type so `ipa user-mod someuser --delattr manager=foo` will
# fail.
with raises_exact(errors.AttrValueNotFound(
attr='manager', value='manager')):
command()
Applied tier0 and tier1 marks on unit tests and xmlrpc tests Web UI tests were marked as tier1 tests. The tier system is intended to be used together with CI system to make sure the more complicated tests are being run only when all of the basic functionality is working. The system is using pytest's marker system. E.g. an invocation of all tier1 tests with listing will look like: $ py.test -v -m tier1 ipatests or in case of out of tree tests: $ ipa-run-tests -m tier1 Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
2015-04-24 07:39:48 -05:00
@pytest.mark.tier1
Refactor test_attr Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-11-27 08:41:47 -06:00
class TestAttrOnConfigs(XMLRPC_test):
def test_add_new_group_search_fields_config_entry(self, user):
""" Try adding a new group search fields config entry """
command = user.make_command(
'config_mod', **dict(addattr=u'ipagroupsearchfields=newattr')
)
with raises_exact(errors.OnlyOneValueAllowed(
attr='ipagroupsearchfields')):
command()
def test_add_a_new_cert_subject_base_config_entry(self, user):
""" Try adding a new cert subject base config entry """
command = user.make_command(
'config_mod',
**dict(
addattr=u'ipacertificatesubjectbase=0=DOMAIN.COM')
)
with raises_exact(errors.ValidationError(
name='ipacertificatesubjectbase',
error='attribute is not configurable')):
command()
def test_delete_required_config_entry(self, user):
""" Try deleting a required config entry """
command = user.make_command(
'config_mod',
**dict(delattr=u'ipasearchrecordslimit=100')
)
with raises_exact(errors.RequirementError(
frontend: re-raise remote RequirementError using CLI name in CLI https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
2016-05-18 03:03:39 -05:00
name='searchrecordslimit')):
Refactor test_attr Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-11-27 08:41:47 -06:00
command()
def test_set_nonexistent_attribute(self, user):
""" Try setting a nonexistent attribute """
command = user.make_command(
'config_mod', **dict(setattr=u'invalid_attr=false')
)
with raises_exact(errors.ObjectclassViolation(
info='attribute "invalid_attr" not allowed')):
command()
def test_set_outofrange_krbpwdmaxfailure(self, user):
""" Try setting out-of-range krbpwdmaxfailure """
command = user.make_command(
'pwpolicy_mod', **dict(setattr=u'krbpwdmaxfailure=-1')
)
with raises_exact(errors.ValidationError(
name='krbpwdmaxfailure', error='must be at least 0')):
command()
def test_set_outofrange_maxfail(self, user):
""" Try setting out-of-range maxfail """
command = user.make_command(
'pwpolicy_mod', **dict(krbpwdmaxfailure=u'-1')
)
with raises_exact(errors.ValidationError(
name='maxfail', error='must be at least 0')):
command()
def test_set_nonnumeric_krbpwdmaxfailure(self, user):
""" Try setting non-numeric krbpwdmaxfailure """
command = user.make_command(
'pwpolicy_mod', **dict(setattr=u'krbpwdmaxfailure=abc')
)
with raises_exact(errors.ConversionError(
name='krbpwdmaxfailure', error='must be an integer')):
command()
def test_set_nonnumeric_maxfail(self, user):
""" Try setting non-numeric maxfail """
command = user.make_command(
'pwpolicy_mod', **dict(krbpwdmaxfailure=u'abc')
)
with raises_exact(errors.ConversionError(
name='maxfail', error='must be an integer')):
command()
def test_delete_bogus_attribute(self, user):
""" Try deleting bogus attribute """
command = user.make_command(
'config_mod', **dict(delattr=u'bogusattribute=xyz')
)
with raises_exact(errors.ValidationError(
name='bogusattribute',
error='No such attribute on this entry')):
command()
def test_delete_empty_attribute(self, user):
""" Try deleting empty attribute """
command = user.make_command(
'config_mod',
**dict(delattr=u'ipaCustomFields=See Also,seealso,false')
)
with raises_exact(errors.ValidationError(
name='ipacustomfields',
error='No such attribute on this entry')):
command()
def test_set_and_del_value_and_del_missing_one(self, user):
""" Set and delete one value, plus try deleting a missing one """
command = user.make_command(
'config_mod', **dict(
Provide a better error message when deleting nonexistent attributes If --delattr is used on an attribute that's not present on an entry, and --{set,add}attr isn't being used on that same attribute, say that there's "no such attribute" instead of "<attribute> does not contain <value>". https://fedorahosted.org/freeipa/ticket/2699
2012-05-11 03:00:30 -05:00
delattr=[u'ipaCustomFields=See Also,seealso,false',
Refactor test_attr Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-11-27 08:41:47 -06:00
u'ipaCustomFields=Country,c,false'],
addattr=u'ipaCustomFields=See Also,seealso,false')
)
with raises_exact(errors.AttrValueNotFound(
attr='ipacustomfields', value='Country,c,false')):
command()
def test_delete_an_operational_attribute_with_delattr(self, user):
""" Try to delete an operational attribute with --delattr """
command = user.make_command(
'config_mod', **dict(
delattr=u'creatorsName=cn=directory manager')
)
with raises_exact(errors.DatabaseError(
desc='Server is unwilling to perform', info='')):
command()
Reference in New Issue Copy Permalink