IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Only apply validation rules when adding and updating.

Browse Source 
There may be cases, for whatever reason, that an otherwise illegal
entry gets created that doesn't match the criteria for a valid
user/host/group name. If this happens (i.e. migration) there is no way
to remove this using the IPA tools because we always applied the name
pattern. So you can't, for example, delete a user with an illegal name.

Primary keys are cloned with query=True in PKQuery which causes no
rules to be applied on mod/show/find. This reverts a change from commit
3a5e26a0 which applies class rules when query=True (for enforcing no
white space).

Replace rdnattr with rdn_is_primary_key. This was meant to tell us when
an RDN change was necessary to do a rename. There could be a disconnect
where the rdnattr wasn't the primary key and in that case we don't
need to do an RDN change, so use a boolean instead so that it is
clear that RDN == primary key.

Add a test to ensure that nowhitespace is actually enforced.

https://fedorahosted.org/freeipa/ticket/2115

Related: https://fedorahosted.org/freeipa/ticket/2089

Whitespace tickets:
https://fedorahosted.org/freeipa/ticket/1285
https://fedorahosted.org/freeipa/ticket/1286
https://fedorahosted.org/freeipa/ticket/1287
This commit is contained in:
Rob Crittenden
2012-02-29 13:31:20 -05:00
parent 87901ed709
commit 0099ccbea8
14 changed files with 145 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tests/test_xmlrpc/test_group_plugin.py
View File

@@ -602,6 +602,28 @@ class test_group(Declarative):
expected=errors.ValidationError(name='cn', error='may only include letters, numbers, _, -, . and $'),
),
# The assumption on these next 4 tests is that if we don't get a
# validation error then the request was processed normally.
dict(
desc='Test that validation is disabled on mods',
command=('group_mod', [invalidgroup1], {}),
expected=errors.NotFound(reason='no such entry'),
),
dict(
desc='Test that validation is disabled on deletes',
command=('group_del', [invalidgroup1], {}),
expected=errors.NotFound(reason='no such entry'),
),
dict(
desc='Test that validation is disabled on show',
command=('group_show', [invalidgroup1], {}),
expected=errors.NotFound(reason='no such entry'),
),
##### managed entry tests
dict(

42
tests/test_xmlrpc/test_host_plugin.py
View File

@@ -47,6 +47,7 @@ dn3 = DN(('fqdn',fqdn3),('cn','computers'),('cn','accounts'),
fqdn4 = u'testhost2.lab.%s' % api.env.domain
dn4 = DN(('fqdn',fqdn4),('cn','computers'),('cn','accounts'),
api.env.basedn)
invalidfqdn1 = u'foo_bar.lab.%s' % api.env.domain
# We can use the same cert we generated for the service tests
fd = open('tests/test_xmlrpc/service.crt', 'r')
@@ -670,4 +671,45 @@ class test_host(Declarative):
expected=errors.ValidationError(name='fqdn', error='An IPA master host cannot be deleted'),
),
dict(
desc='Test that validation is enabled on adds',
command=('host_add', [invalidfqdn1], {}),
expected=errors.ValidationError(name='fqdn', error='may only include letters, numbers, and -'),
),
# The assumption on these next 4 tests is that if we don't get a
# validation error then the request was processed normally.
dict(
desc='Test that validation is disabled on mods',
command=('host_mod', [invalidfqdn1], {}),
expected=errors.NotFound(reason='no such entry'),
),
dict(
desc='Test that validation is disabled on deletes',
command=('host_del', [invalidfqdn1], {}),
expected=errors.NotFound(reason='no such entry'),
),
dict(
desc='Test that validation is disabled on show',
command=('host_show', [invalidfqdn1], {}),
expected=errors.NotFound(reason='no such entry'),
),
dict(
desc='Test that validation is disabled on find',
command=('host_find', [invalidfqdn1], {}),
expected=dict(
count=0,
truncated=False,
summary=u'0 hosts matched',
result=[],
),
),
]

10
tests/test_xmlrpc/test_role_plugin.py
View File

@@ -33,6 +33,7 @@ role1 = u'test-role-1'
role1_dn = DN(('cn',role1),api.env.container_rolegroup,
api.env.basedn)
renamedrole1 = u'test-role'
invalidrole1 = u' whitespace '
role2 = u'test-role-2'
role2_dn = DN(('cn',role2),api.env.container_rolegroup,
@@ -100,6 +101,15 @@ class test_role(Declarative):
),
dict(
desc='Create invalid %r' % invalidrole1,
command=('role_add', [invalidrole1],
dict(description=u'role desc 1')
),
expected=errors.ValidationError(name='cn', error='Leading and trailing spaces are not allowed'),
),
dict(
desc='Create %r' % role1,
command=('role_add', [role1],

36
tests/test_xmlrpc/test_user_plugin.py
View File

@@ -643,6 +643,42 @@ class test_user(Declarative):
expected=errors.ValidationError(name='uid', error='can be at most 33 characters'),
),
# The assumption on these next 4 tests is that if we don't get a
# validation error then the request was processed normally.
dict(
desc='Test that validation is disabled on deletes',
command=('user_del', [invaliduser1], {}),
expected=errors.NotFound(reason='no such entry'),
),
dict(
desc='Test that validation is disabled on show',
command=('user_show', [invaliduser1], {}),
expected=errors.NotFound(reason='no such entry'),
),
dict(
desc='Test that validation is disabled on find',
command=('user_find', [invaliduser1], {}),
expected=dict(
count=0,
truncated=False,
summary=u'0 users matched',
result=[],
),
),
dict(
desc='Try to rename to invalid username %r' % user1,
command=('user_mod', [user1], dict(rename=invaliduser1)),
expected=errors.ValidationError(name='uid', error='may only include letters, numbers, _, -, . and $'),
),
dict(
desc='Create %r' % group1,
command=(