mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
tests: account for ID overrides as members of groups and roles
Fixes: https://pagure.io/freeipa/issue/7255 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Alexander Bokovoy
committed by
Rob Crittenden
Rob Crittenden
parent
8cce2bb31a
commit
5e8df37e4c
@@ -321,6 +321,7 @@ class test_netgroup(Declarative):
|
||||
group=tuple(),
|
||||
user=tuple(),
|
||||
service=tuple(),
|
||||
idoverrideuser=tuple(),
|
||||
),
|
||||
),
|
||||
result={
|
||||
|
||||
@@ -258,6 +258,7 @@ class test_role(Declarative):
|
||||
host=[],
|
||||
hostgroup=[],
|
||||
service=[],
|
||||
idoverrideuser=[],
|
||||
),
|
||||
),
|
||||
result={
|
||||
@@ -515,6 +516,7 @@ class test_role(Declarative):
|
||||
host=[],
|
||||
hostgroup=[],
|
||||
service=[],
|
||||
idoverrideuser=[],
|
||||
),
|
||||
),
|
||||
result={
|
||||
|
||||
@@ -251,6 +251,7 @@ class test_selinuxusermap(Declarative):
|
||||
group=tuple(),
|
||||
user=tuple(),
|
||||
service=tuple(),
|
||||
idoverrideuser=tuple(),
|
||||
),
|
||||
),
|
||||
result={
|
||||
|
||||
@@ -1018,6 +1018,7 @@ class test_service_in_role(Declarative):
|
||||
hostgroup=[],
|
||||
service=[],
|
||||
user=[],
|
||||
idoverrideuser=[],
|
||||
),
|
||||
),
|
||||
completed=1,
|
||||
@@ -1143,7 +1144,8 @@ class test_service_allowed_to(Declarative):
|
||||
completed=1,
|
||||
failed=dict(member=dict(group=[],
|
||||
service=[],
|
||||
user=[])),
|
||||
user=[],
|
||||
idoverrideuser=[])),
|
||||
result=dict(
|
||||
cn=[group1],
|
||||
gidnumber=[fuzzy_digits],
|
||||
|
||||
@@ -16,7 +16,9 @@ class GroupTracker(Tracker):
|
||||
'member_service', 'description', 'memberof_group',
|
||||
'memberofindirect_group', 'memberindirect_group',
|
||||
'memberindirect_user', 'memberindirect_service',
|
||||
'membermanager_group', 'membermanager_user'
|
||||
'membermanager_group', 'membermanager_user',
|
||||
'member_idoverrideuser', 'memberindirect_idoverrideuser',
|
||||
'idoverrideuser'
|
||||
}
|
||||
|
||||
retrieve_all_keys = retrieve_keys | {u'ipauniqueid', u'objectclass'}
|
||||
@@ -125,7 +127,9 @@ class GroupTracker(Tracker):
|
||||
)
|
||||
|
||||
def add_member(self, options):
|
||||
""" Add a member (group OR user OR service) and performs check """
|
||||
""" Add a member (group OR user OR service OR idoverrideuser)
|
||||
and performs check
|
||||
"""
|
||||
if u'user' in options:
|
||||
try:
|
||||
self.attrs[u'member_user'] =\
|
||||
@@ -144,6 +148,14 @@ class GroupTracker(Tracker):
|
||||
self.attrs[u'member_service'] + [options[u'service']]
|
||||
except KeyError:
|
||||
self.attrs[u'member_service'] = [options[u'service']]
|
||||
elif u'idoverrideuser' in options:
|
||||
try:
|
||||
self.attrs[u'member_idoverrideuser'] =\
|
||||
self.attrs[u'member_idoverrideuser'] + \
|
||||
[options[u'idoverrideuser']]
|
||||
except KeyError:
|
||||
self.attrs[u'member_idoverrideuser'] =\
|
||||
[options[u'idoverrideuser']]
|
||||
|
||||
command = self.make_add_member_command(options)
|
||||
result = command()
|
||||
@@ -173,6 +185,11 @@ class GroupTracker(Tracker):
|
||||
del self.attrs[u'member_service']
|
||||
except KeyError:
|
||||
pass
|
||||
try:
|
||||
if not self.attrs[u'member_idoverrideuser']:
|
||||
del self.attrs[u'member_idoverrideuser']
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
command = self.make_remove_member_command(options)
|
||||
result = command()
|
||||
@@ -267,7 +284,8 @@ class GroupTracker(Tracker):
|
||||
""" Checks 'group_add_member' command result """
|
||||
assert_deepequal(dict(
|
||||
completed=1,
|
||||
failed={u'member': {u'group': (), u'user': (), u'service': ()}},
|
||||
failed={u'member': {u'group': (), u'user': (),
|
||||
u'service': (), u'idoverrideuser': ()}},
|
||||
result=self.filter_attrs(self.add_member_keys)
|
||||
), result)
|
||||
|
||||
@@ -276,7 +294,8 @@ class GroupTracker(Tracker):
|
||||
when expected result is failure of the operation"""
|
||||
expected = dict(
|
||||
completed=0,
|
||||
failed={u'member': {u'group': (), u'user': (), u'service': ()}},
|
||||
failed={u'member': {u'group': (), u'user': (),
|
||||
u'service': (), u'idoverrideuser': ()}},
|
||||
result=self.filter_attrs(self.add_member_keys)
|
||||
)
|
||||
if not options:
|
||||
@@ -293,6 +312,9 @@ class GroupTracker(Tracker):
|
||||
elif u'service' in options:
|
||||
expected[u'failed'][u'member'][u'service'] = [(
|
||||
options[u'service'], u'no such entry')]
|
||||
elif u'idoverrideuser' in options:
|
||||
expected[u'failed'][u'member'][u'idoverrideuser'] = [(
|
||||
options[u'idoverrideuser'], u'no such entry')]
|
||||
|
||||
assert_deepequal(expected, result)
|
||||
|
||||
@@ -301,7 +323,8 @@ class GroupTracker(Tracker):
|
||||
when expected result is failure of the operation"""
|
||||
expected = dict(
|
||||
completed=0,
|
||||
failed={u'member': {u'group': (), u'user': (), u'service': ()}},
|
||||
failed={u'member': {u'group': (), u'user': (),
|
||||
u'service': (), u'idoverrideuser': ()}},
|
||||
result=self.filter_attrs(self.add_member_keys)
|
||||
)
|
||||
if u'user' in options:
|
||||
@@ -313,6 +336,9 @@ class GroupTracker(Tracker):
|
||||
elif u'service' in options:
|
||||
expected[u'failed'][u'member'][u'service'] = [(
|
||||
options[u'service'], u'This entry is not a member')]
|
||||
elif u'idoverrideuser' in options:
|
||||
expected[u'failed'][u'member'][u'idoverrideuser'] = [(
|
||||
options[u'service'], u'This entry is not a member')]
|
||||
|
||||
assert_deepequal(expected, result)
|
||||
|
||||
|
||||
@@ -515,7 +515,8 @@ class UserTracker(CertmapdataMixin, KerberosAliasMixin, Tracker):
|
||||
assert_deepequal(dict(
|
||||
completed=1,
|
||||
failed=dict(
|
||||
member=dict(group=tuple(), user=tuple(), service=tuple())
|
||||
member=dict(group=tuple(), user=tuple(),
|
||||
service=tuple(), idoverrideuser=tuple())
|
||||
),
|
||||
result={
|
||||
'dn': get_group_dn(admin_group),
|
||||
|
||||
Reference in New Issue
Block a user