IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Performance: Find commands: do not process members by default

Browse Source 
In all *-find commands, member attributes shouldn't be processed due
high amount fo ldpaserches cause serious performance issues. For this
reason --no-members option is set by default in CLI and API.

To get members in *-find command option --all in CLI is rquired or
'no_members=False' or 'all=True' must be set in API call.

For other commands processing of members stays unchanged. WebUI is not
affected by this change.

https://fedorahosted.org/freeipa/ticket/4995

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Martin Basti
2016-05-19 13:50:38 +02:00
parent 91572afc60
commit 5f42b42bd4
28 changed files with 981 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
API.txt
View File

@@ -551,7 +551,7 @@ option: Str('description?', autofill=False, cli_name='desc')
option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all'])
option: StrEnum('ipacertprofilecategory?', autofill=False, cli_name='profilecat', values=[u'all']) option: StrEnum('ipacertprofilecategory?', autofill=False, cli_name='profilecat', values=[u'all'])
option: Bool('ipaenabledflag?', autofill=False) option: Bool('ipaenabledflag?', autofill=False)
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all']) option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all'])
@@ -1598,7 +1598,7 @@ option: Str('in_netgroup*', cli_name='in_netgroups')
option: Str('in_role*', cli_name='in_roles') option: Str('in_role*', cli_name='in_roles')
option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('in_sudorule*', cli_name='in_sudorules')
option: Str('no_group*', cli_name='no_groups') option: Str('no_group*', cli_name='no_groups')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Str('no_user*', cli_name='no_users') option: Str('no_user*', cli_name='no_users')
option: Flag('nonposix', autofill=True, cli_name='nonposix', default=False) option: Flag('nonposix', autofill=True, cli_name='nonposix', default=False)
option: Str('not_in_group*', cli_name='not_in_groups') option: Str('not_in_group*', cli_name='not_in_groups')
@@ -1763,7 +1763,7 @@ option: Str('description?', autofill=False, cli_name='desc')
option: Str('externalhost*', autofill=False) option: Str('externalhost*', autofill=False)
option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all'])
option: Bool('ipaenabledflag?', autofill=False) option: Bool('ipaenabledflag?', autofill=False)
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all']) option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all'])
@@ -1888,7 +1888,7 @@ arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='service') option: Str('cn?', autofill=False, cli_name='service')
option: Str('description?', autofill=False, cli_name='desc') option: Str('description?', autofill=False, cli_name='desc')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False) option: Int('sizelimit?', autofill=False)
@@ -1962,7 +1962,7 @@ arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='name') option: Str('cn?', autofill=False, cli_name='name')
option: Str('description?', autofill=False, cli_name='desc') option: Str('description?', autofill=False, cli_name='desc')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False) option: Int('sizelimit?', autofill=False)
@@ -2167,7 +2167,7 @@ option: Str('l?', autofill=False, cli_name='locality')
option: Str('macaddress*', autofill=False) option: Str('macaddress*', autofill=False)
option: Str('man_by_host*', cli_name='man_by_hosts') option: Str('man_by_host*', cli_name='man_by_hosts')
option: Str('man_host*', cli_name='man_hosts') option: Str('man_host*', cli_name='man_hosts')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Str('not_enroll_by_user*', cli_name='not_enroll_by_users') option: Str('not_enroll_by_user*', cli_name='not_enroll_by_users')
option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules')
option: Str('not_in_hostgroup*', cli_name='not_in_hostgroups') option: Str('not_in_hostgroup*', cli_name='not_in_hostgroups')
@@ -2302,7 +2302,7 @@ option: Str('in_netgroup*', cli_name='in_netgroups')
option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('in_sudorule*', cli_name='in_sudorules')
option: Str('no_host*', cli_name='no_hosts') option: Str('no_host*', cli_name='no_hosts')
option: Str('no_hostgroup*', cli_name='no_hostgroups') option: Str('no_hostgroup*', cli_name='no_hostgroups')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules')
option: Str('not_in_hostgroup*', cli_name='not_in_hostgroups') option: Str('not_in_hostgroup*', cli_name='not_in_hostgroups')
option: Str('not_in_netgroup*', cli_name='not_in_netgroups') option: Str('not_in_netgroup*', cli_name='not_in_netgroups')
@@ -2846,7 +2846,7 @@ option: Str('nisdomainname?', autofill=False, cli_name='nisdomain')
option: Str('no_group*', cli_name='no_groups') option: Str('no_group*', cli_name='no_groups')
option: Str('no_host*', cli_name='no_hosts') option: Str('no_host*', cli_name='no_hosts')
option: Str('no_hostgroup*', cli_name='no_hostgroups') option: Str('no_hostgroup*', cli_name='no_hostgroups')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Str('no_netgroup*', cli_name='no_netgroups') option: Str('no_netgroup*', cli_name='no_netgroups')
option: Str('no_user*', cli_name='no_users') option: Str('no_user*', cli_name='no_users')
option: Str('not_in_netgroup*', cli_name='not_in_netgroups') option: Str('not_in_netgroup*', cli_name='not_in_netgroups')
@@ -3017,7 +3017,7 @@ option: Int('ipatokentotpclockoffset?', autofill=False, cli_name='offset', defau
option: Int('ipatokentotptimestep?', autofill=False, cli_name='interval', default=30) option: Int('ipatokentotptimestep?', autofill=False, cli_name='interval', default=30)
option: Str('ipatokenuniqueid?', autofill=False, cli_name='id') option: Str('ipatokenuniqueid?', autofill=False, cli_name='id')
option: Str('ipatokenvendor?', autofill=False, cli_name='vendor') option: Str('ipatokenvendor?', autofill=False, cli_name='vendor')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False) option: Int('sizelimit?', autofill=False)
@@ -3169,7 +3169,7 @@ option: Str('ipapermtargetfilter*', autofill=False, cli_name='rawfilter')
option: DNParam('ipapermtargetfrom?', autofill=False, cli_name='targetfrom') option: DNParam('ipapermtargetfrom?', autofill=False, cli_name='targetfrom')
option: DNParam('ipapermtargetto?', autofill=False, cli_name='targetto') option: DNParam('ipapermtargetto?', autofill=False, cli_name='targetto')
option: Str('memberof*', autofill=False) option: Str('memberof*', autofill=False)
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Str('permissions*', autofill=False) option: Str('permissions*', autofill=False)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
@@ -3303,7 +3303,7 @@ arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='name') option: Str('cn?', autofill=False, cli_name='name')
option: Str('description?', autofill=False, cli_name='desc') option: Str('description?', autofill=False, cli_name='desc')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False) option: Int('sizelimit?', autofill=False)
@@ -3599,7 +3599,7 @@ arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='name') option: Str('cn?', autofill=False, cli_name='name')
option: Str('description?', autofill=False, cli_name='desc') option: Str('description?', autofill=False, cli_name='desc')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False) option: Int('sizelimit?', autofill=False)
@@ -3787,7 +3787,7 @@ option: Str('description?', autofill=False, cli_name='desc')
option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all'])
option: Bool('ipaenabledflag?', autofill=False) option: Bool('ipaenabledflag?', autofill=False)
option: Str('ipaselinuxuser?', autofill=False, cli_name='selinuxuser') option: Str('ipaselinuxuser?', autofill=False, cli_name='selinuxuser')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('seealso?', autofill=False, cli_name='hbacrule') option: Str('seealso?', autofill=False, cli_name='hbacrule')
@@ -3877,7 +3877,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='name') option: Str('cn?', autofill=False, cli_name='name')
option: Int('ipamaxdomainlevel?', autofill=False, cli_name='maxlevel') option: Int('ipamaxdomainlevel?', autofill=False, cli_name='maxlevel')
option: Int('ipamindomainlevel?', autofill=False, cli_name='minlevel') option: Int('ipamindomainlevel?', autofill=False, cli_name='minlevel')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Str('no_topologysuffix*', cli_name='no_topologysuffixes') option: Str('no_topologysuffix*', cli_name='no_topologysuffixes')
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
@@ -4017,7 +4017,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False)
option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE'])
option: Str('krbprincipalname?', autofill=False, cli_name='principal') option: Str('krbprincipalname?', autofill=False, cli_name='principal')
option: Str('man_by_host*', cli_name='man_by_hosts') option: Str('man_by_host*', cli_name='man_by_hosts')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Str('not_man_by_host*', cli_name='not_man_by_hosts') option: Str('not_man_by_host*', cli_name='not_man_by_hosts')
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
@@ -4127,7 +4127,7 @@ args: 1,8,4
arg: Str('criteria?') arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='delegation_name') option: Str('cn?', autofill=False, cli_name='delegation_name')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False) option: Int('sizelimit?', autofill=False)
@@ -4351,7 +4351,7 @@ option: Str('loginshell?', autofill=False, cli_name='shell')
option: Str('mail*', autofill=False, cli_name='email') option: Str('mail*', autofill=False, cli_name='email')
option: Str('manager?', autofill=False) option: Str('manager?', autofill=False)
option: Str('mobile*', autofill=False) option: Str('mobile*', autofill=False)
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Str('not_in_group*', cli_name='not_in_groups') option: Str('not_in_group*', cli_name='not_in_groups')
option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules')
option: Str('not_in_netgroup*', cli_name='not_in_netgroups') option: Str('not_in_netgroup*', cli_name='not_in_netgroups')
@@ -4479,7 +4479,7 @@ args: 1,9,4
arg: Str('criteria?') arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('description?', autofill=False, cli_name='desc') option: Str('description?', autofill=False, cli_name='desc')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False) option: Int('sizelimit?', autofill=False)
@@ -4554,7 +4554,7 @@ arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='sudocmdgroup_name') option: Str('cn?', autofill=False, cli_name='sudocmdgroup_name')
option: Str('description?', autofill=False, cli_name='desc') option: Str('description?', autofill=False, cli_name='desc')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False) option: Int('sizelimit?', autofill=False)
@@ -4741,7 +4741,7 @@ option: Str('ipasudorunasextgroup?', autofill=False, cli_name='runasexternalgrou
option: Str('ipasudorunasextuser?', autofill=False, cli_name='runasexternaluser') option: Str('ipasudorunasextuser?', autofill=False, cli_name='runasexternaluser')
option: StrEnum('ipasudorunasgroupcategory?', autofill=False, cli_name='runasgroupcat', values=[u'all']) option: StrEnum('ipasudorunasgroupcategory?', autofill=False, cli_name='runasgroupcat', values=[u'all'])
option: StrEnum('ipasudorunasusercategory?', autofill=False, cli_name='runasusercat', values=[u'all']) option: StrEnum('ipasudorunasusercategory?', autofill=False, cli_name='runasusercat', values=[u'all'])
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False) option: Int('sizelimit?', autofill=False)
@@ -5349,7 +5349,7 @@ option: Str('loginshell?', autofill=False, cli_name='shell')
option: Str('mail*', autofill=False, cli_name='email') option: Str('mail*', autofill=False, cli_name='email')
option: Str('manager?', autofill=False) option: Str('manager?', autofill=False)
option: Str('mobile*', autofill=False) option: Str('mobile*', autofill=False)
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Str('not_in_group*', cli_name='not_in_groups') option: Str('not_in_group*', cli_name='not_in_groups')
option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules')
option: Str('not_in_netgroup*', cli_name='not_in_netgroups') option: Str('not_in_netgroup*', cli_name='not_in_netgroups')
@@ -5622,7 +5622,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='name') option: Str('cn?', autofill=False, cli_name='name')
option: Str('description?', autofill=False, cli_name='desc') option: Str('description?', autofill=False, cli_name='desc')
option: StrEnum('ipavaulttype?', autofill=False, cli_name='type', default=u'symmetric', values=[u'standard', u'symmetric', u'asymmetric']) option: StrEnum('ipavaulttype?', autofill=False, cli_name='type', default=u'symmetric', values=[u'standard', u'symmetric', u'asymmetric'])
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=True)
option: Flag('pkey_only?', autofill=True, default=False) option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('service?') option: Str('service?')

4
VERSION
View File

@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# # # #
######################################################## ########################################################
IPA_API_VERSION_MAJOR=2 IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=169 IPA_API_VERSION_MINOR=170
# Last change: vault: copy arguments of client commands from server counterparts # Last change: mbasti - *-find: do not search for members by default

6
install/tools/ipa-replica-manage
View File

@@ -945,7 +945,8 @@ def del_master_managed(realm, hostname, options):
sys.exit(1) sys.exit(1)
# 2. Get all masters # 2. Get all masters
masters = api.Command.server_find('', sizelimit=0)['result'] masters = api.Command.server_find(
'', sizelimit=0, no_members=False)['result']
# 3. Check topology connectivity in all suffixes # 3. Check topology connectivity in all suffixes
topo_errors = replication.check_last_link_managed(api, hostname, masters) topo_errors = replication.check_last_link_managed(api, hostname, masters)
@@ -1149,7 +1150,8 @@ def del_master_direct(realm, hostname, options):
# Check for orphans if the remote server is up. # Check for orphans if the remote server is up.
if delrepl and not winsync: if delrepl and not winsync:
try: try:
masters = api.Command.server_find('', sizelimit=0)['result'] masters = api.Command.server_find(
'', sizelimit=0, no_members=False)['result']
except Exception as e: except Exception as e:
masters = [] masters = []
print("Failed to read masters data from '%s': %s" % ( print("Failed to read masters data from '%s': %s" % (

7
ipalib/plugins/baseldap.py
View File

@@ -1117,7 +1117,7 @@ last, after all sets and adds."""),
yield Flag('no_members', yield Flag('no_members',
doc=_('Suppress processing of membership attributes.'), doc=_('Suppress processing of membership attributes.'),
exclude='webui', exclude='webui',
flags=['no_output'], flags={'no_output'},
) )
break break
@@ -1907,6 +1907,11 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
def get_options(self): def get_options(self):
for option in super(LDAPSearch, self).get_options(): for option in super(LDAPSearch, self).get_options():
if option.name == 'no_members':
# no_members are always true for find commands, do not
# show option in CLI but keep API compatibility
option = option.clone(
default=True, flags=option.flags | {"no_cli"})
yield option yield option
if self.obj.primary_key and \ if self.obj.primary_key and \
'no_output' not in self.obj.primary_key.flags: 'no_output' not in self.obj.primary_key.flags:

2
ipalib/plugins/caacl.py
View File

@@ -122,7 +122,7 @@ def _acl_make_rule(principal_type, obj):
def acl_evaluate(principal_type, principal, ca_ref, profile_id): def acl_evaluate(principal_type, principal, ca_ref, profile_id):
req = _acl_make_request(principal_type, principal, ca_ref, profile_id) req = _acl_make_request(principal_type, principal, ca_ref, profile_id)
acls = api.Command.caacl_find()['result'] acls = api.Command.caacl_find(no_members=False)['result']
rules = [_acl_make_rule(principal_type, obj) for obj in acls] rules = [_acl_make_rule(principal_type, obj) for obj in acls]
return req.evaluate(rules) == pyhbac.HBAC_EVAL_ALLOW return req.evaluate(rules) == pyhbac.HBAC_EVAL_ALLOW

3
ipalib/plugins/hbactest.py
View File

@@ -337,7 +337,8 @@ class hbactest(Command):
hbacset = [] hbacset = []
if len(testrules) == 0: if len(testrules) == 0:
hbacset = self.api.Command.hbacrule_find(sizelimit=sizelimit)['result'] hbacset = self.api.Command.hbacrule_find(
sizelimit=sizelimit, no_members=False)['result']
else: else:
for rule in testrules: for rule in testrules:
try: try:

3
ipalib/plugins/otptoken.py
View File

@@ -318,7 +318,8 @@ class otptoken_add(LDAPCreate):
# If owner was not specified, default to the person adding this token. # If owner was not specified, default to the person adding this token.
# If managedby was not specified, attempt a sensible default. # If managedby was not specified, attempt a sensible default.
if 'ipatokenowner' not in entry_attrs or 'managedby' not in entry_attrs: if 'ipatokenowner' not in entry_attrs or 'managedby' not in entry_attrs:
result = self.api.Command.user_find(whoami=True)['result'] result = self.api.Command.user_find(
whoami=True, no_members=False)['result']
if result: if result:
cur_uid = result[0]['uid'][0] cur_uid = result[0]['uid'][0]
prev_uid = entry_attrs.setdefault('ipatokenowner', cur_uid) prev_uid = entry_attrs.setdefault('ipatokenowner', cur_uid)

6
ipalib/plugins/topology.py
View File

@@ -210,7 +210,8 @@ class topologysegment(LDAPObject):
return # nothing to check return # nothing to check
# check if nodes are IPA servers # check if nodes are IPA servers
masters = self.api.Command.server_find('', sizelimit=0)['result'] masters = self.api.Command.server_find(
'', sizelimit=0, no_members=False)['result']
m_hostnames = [master['cn'][0].lower() for master in masters] m_hostnames = [master['cn'][0].lower() for master in masters]
if leftnode and leftnode not in m_hostnames: if leftnode and leftnode not in m_hostnames:
@@ -472,7 +473,8 @@ Checks done:
validate_domain_level(self.api) validate_domain_level(self.api)
masters = self.api.Command.server_find('', sizelimit=0)['result'] masters = self.api.Command.server_find(
'', sizelimit=0, no_members=False)['result']
segments = self.api.Command.topologysegment_find( segments = self.api.Command.topologysegment_find(
keys[0], sizelimit=0)['result'] keys[0], sizelimit=0)['result']
graph = create_topology_graph(masters, segments) graph = create_topology_graph(masters, segments)

3
ipalib/plugins/user.py
View File

@@ -710,7 +710,8 @@ class user_del(baseuser_del):
# Delete all tokens owned and managed by this user. # Delete all tokens owned and managed by this user.
# Orphan all tokens owned but not managed by this user. # Orphan all tokens owned but not managed by this user.
owner = self.api.Object.user.get_primary_key_from_dn(dn) owner = self.api.Object.user.get_primary_key_from_dn(dn)
results = self.api.Command.otptoken_find(ipatokenowner=owner)['result'] results = self.api.Command.otptoken_find(
ipatokenowner=owner, no_members=False)['result']
for token in results: for token in results:
orphan = not [x for x in token.get('managedby_user', []) if x == owner] orphan = not [x for x in token.get('managedby_user', []) if x == owner]
token = self.api.Object.otptoken.get_primary_key_from_dn(token['dn']) token = self.api.Object.otptoken.get_primary_key_from_dn(token['dn'])

3
ipaserver/install/replication.py
View File

@@ -1781,7 +1781,8 @@ def get_orphaned_suffixes(masters):
:return a set consisting of suffix names which are not managed by any :return a set consisting of suffix names which are not managed by any
master master
""" """
all_suffixes = api.Command.topologysuffix_find(sizelimit=0)['result'] all_suffixes = api.Command.topologysuffix_find(
sizelimit=0, no_members=False)['result']
all_suffix_names = set(s['cn'][0] for s in all_suffixes) all_suffix_names = set(s['cn'][0] for s in all_suffixes)
managed_suffixes = set(map_masters_to_suffixes(masters)) managed_suffixes = set(map_masters_to_suffixes(masters))

3
ipaserver/install/server/install.py
View File

@@ -1148,7 +1148,8 @@ def uninstall_check(installer):
print("Aborting uninstall operation.") print("Aborting uninstall operation.")
sys.exit(1) sys.exit(1)
else: else:
masters = api.Command.server_find(sizelimit=0)['result'] masters = api.Command.server_find(
sizelimit=0, no_members=False)['result']
if not check_master_deleted(api, masters, if not check_master_deleted(api, masters,
not options.unattended): not options.unattended):

54
ipatests/test_xmlrpc/test_group_plugin.py
View File

@@ -177,11 +177,11 @@ class TestFindGroup(XMLRPC_test):
group.ensure_exists() group.ensure_exists()
group.find() group.find()
def test_search_for_all_groups(self, group, group2): def test_search_for_all_groups_with_members(self, group, group2):
""" Search for all groups """ """ Search for all groups """
group.ensure_exists() group.ensure_exists()
group2.create() group2.create()
command = group.make_command('group_find') command = group.make_command('group_find', no_members=False)
result = command() result = command()
assert_deepequal(dict( assert_deepequal(dict(
summary=u'6 groups matched', summary=u'6 groups matched',
@@ -227,6 +227,56 @@ class TestFindGroup(XMLRPC_test):
}, },
]), result) ]), result)
def test_search_for_all_groups(self, group, group2):
""" Search for all groups """
group.ensure_exists()
group2.create()
command = group.make_command('group_find')
result = command()
assert_deepequal(dict(
summary=u'6 groups matched',
count=6,
truncated=False,
result=[
{
'dn': get_group_dn('admins'),
'gidnumber': [fuzzy_digits],
'cn': [u'admins'],
'description': [u'Account administrators group'],
},
{
'dn': get_group_dn('editors'),
'gidnumber': [fuzzy_digits],
'cn': [u'editors'],
'description':
[u'Limited admins who can edit other users'],
},
{
'dn': get_group_dn('ipausers'),
'cn': [u'ipausers'],
'description': [u'Default group for all users'],
},
{
'dn': get_group_dn(group.cn),
'cn': [group.cn],
'description': [u'Test desc1'],
'gidnumber': [fuzzy_digits],
},
{
'dn': get_group_dn(group2.cn),
'cn': [group2.cn],
'description': [u'Test desc2'],
'gidnumber': [fuzzy_digits],
},
{
'dn': get_group_dn('trust admins'),
'cn': [u'trust admins'],
'description': [u'Trusts administrators group'],
},
]), result)
def test_search_for_all_posix(self, group, group2): def test_search_for_all_posix(self, group, group2):
""" Search for all posix groups """ """ Search for all posix groups """
command = group.make_command( command = group.make_command(

21
ipatests/test_xmlrpc/test_hbacsvcgroup_plugin.py
View File

@@ -161,6 +161,26 @@ class test_hbacsvcgroup(Declarative):
), ),
dict(
desc='Search for %r with members' % hbacsvcgroup1,
command=('hbacsvcgroup_find', [], dict(
cn=hbacsvcgroup1, no_members=False)),
expected=dict(
count=1,
truncated=False,
summary=u'1 HBAC service group matched',
result=[
{
'dn': dn1,
'member_hbacsvc': [hbacsvc1],
'cn': [hbacsvcgroup1],
'description': [u'Test hbacsvcgroup 1'],
},
],
),
),
dict( dict(
desc='Search for %r' % hbacsvcgroup1, desc='Search for %r' % hbacsvcgroup1,
command=('hbacsvcgroup_find', [], dict(cn=hbacsvcgroup1)), command=('hbacsvcgroup_find', [], dict(cn=hbacsvcgroup1)),
@@ -171,7 +191,6 @@ class test_hbacsvcgroup(Declarative):
result=[ result=[
{ {
'dn': dn1, 'dn': dn1,
'member_hbacsvc': [hbacsvc1],
'cn': [hbacsvcgroup1], 'cn': [hbacsvcgroup1],
'description': [u'Test hbacsvcgroup 1'], 'description': [u'Test hbacsvcgroup 1'],
}, },

5
ipatests/test_xmlrpc/test_hostgroup_plugin.py
View File

@@ -116,6 +116,11 @@ class TestHostGroup(XMLRPC_test):
hostgroup.ensure_exists() hostgroup.ensure_exists()
hostgroup.find() hostgroup.find()
def test_search_for_hostgroup_with_all(self, hostgroup):
""" Search for hostgroup """
hostgroup.ensure_exists()
hostgroup.find(all=True)
def test_update_hostgroup(self, hostgroup): def test_update_hostgroup(self, hostgroup):
""" Update description of hostgroup and verify """ """ Update description of hostgroup and verify """
hostgroup.ensure_exists() hostgroup.ensure_exists()

121
ipatests/test_xmlrpc/test_netgroup_plugin.py
View File

@@ -406,8 +406,9 @@ class test_netgroup(Declarative):
dict( dict(
desc='Search for netgroups using no_user', desc='Search for netgroups using no_user with members',
command=('netgroup_find', [], dict(no_user=user1)), command=('netgroup_find', [], dict(
no_user=user1, no_members=False)),
expected=dict( expected=dict(
count=2, count=2,
truncated=False, truncated=False,
@@ -431,6 +432,32 @@ class test_netgroup(Declarative):
), ),
), ),
dict(
desc='Search for netgroups using no_user',
command=('netgroup_find', [], dict(no_user=user1)),
expected=dict(
count=2,
truncated=False,
summary=u'2 netgroups matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict( dict(
desc="Check %r doesn't match when searching for %s" % (netgroup1, user1), desc="Check %r doesn't match when searching for %s" % (netgroup1, user1),
command=('netgroup_find', [], dict(user=user1)), command=('netgroup_find', [], dict(user=user1)),
@@ -852,8 +879,9 @@ class test_netgroup(Declarative):
), ),
dict( dict(
desc='Search for %r' % netgroup1, desc='Search for %r with members' % netgroup1,
command=('netgroup_find', [], dict(cn=netgroup1)), command=('netgroup_find', [], dict(
cn=netgroup1, no_members=False)),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -875,6 +903,53 @@ class test_netgroup(Declarative):
), ),
), ),
dict(
desc='Search for %r' % netgroup1,
command=('netgroup_find', [], dict(cn=netgroup1)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
],
),
),
dict(
desc='Search for %r using user with members' % netgroup1,
command=('netgroup_find', [], dict(
user=user1, no_members=False)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1,),
'memberhost_hostgroup': (hostgroup1,),
'memberuser_user': (user1,),
'memberuser_group': (group1,),
'member_netgroup': (netgroup2,),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
],
),
),
dict( dict(
desc='Search for %r using user' % netgroup1, desc='Search for %r using user' % netgroup1,
command=('netgroup_find', [], dict(user=user1)), command=('netgroup_find', [], dict(user=user1)),
@@ -885,11 +960,6 @@ class test_netgroup(Declarative):
result=[ result=[
{ {
'dn': fuzzy_netgroupdn, 'dn': fuzzy_netgroupdn,
'memberhost_host': (host1,),
'memberhost_hostgroup': (hostgroup1,),
'memberuser_user': (user1,),
'memberuser_group': (group1,),
'member_netgroup': (netgroup2,),
'cn': [netgroup1], 'cn': [netgroup1],
'description': [u'Test netgroup 1'], 'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain], 'nisdomainname': [u'%s' % api.env.domain],
@@ -899,9 +969,11 @@ class test_netgroup(Declarative):
), ),
), ),
dict( dict(
desc='Search for all netgroups using empty member user', desc=('Search for all netgroups using empty member user with '
command=('netgroup_find', [], dict(user=None)), 'members'),
command=('netgroup_find', [], dict(user=None, no_members=False)),
expected=dict( expected=dict(
count=2, count=2,
truncated=False, truncated=False,
@@ -930,6 +1002,33 @@ class test_netgroup(Declarative):
), ),
), ),
dict(
desc='Search for all netgroups using empty member user',
command=('netgroup_find', [], dict(user=None)),
expected=dict(
count=2,
truncated=False,
summary=u'2 netgroups matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict( dict(
desc='Update %r' % netgroup1, desc='Update %r' % netgroup1,
command=('netgroup_mod', [netgroup1], command=('netgroup_mod', [netgroup1],

274
ipatests/test_xmlrpc/test_old_permission_plugin.py
View File

@@ -268,9 +268,57 @@ class test_old_permission(Declarative):
), ),
dict(
desc='Search for %r with members' % permission1,
command=('permission_find', [permission1], {'no_members': False}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
],
),
),
dict( dict(
desc='Search for %r' % permission1, desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}), command=('permission_find', [permission1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
],
),
),
dict(
desc='Search for %r using --name with members' % permission1,
command=('permission_find', [], {
'cn': permission1, 'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -304,7 +352,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn, 'dn': permission1_dn,
'cn': [permission1], 'cn': [permission1],
'objectclass': objectclasses.permission, 'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user', 'type': u'user',
'permissions': [u'write'], 'permissions': [u'write'],
'ipapermbindruletype': [u'permission'], 'ipapermbindruletype': [u'permission'],
@@ -329,8 +376,8 @@ class test_old_permission(Declarative):
dict( dict(
desc='Search for %r' % privilege1, desc='Search for %r with members' % privilege1,
command=('permission_find', [privilege1], {}), command=('permission_find', [privilege1], {'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -353,8 +400,32 @@ class test_old_permission(Declarative):
dict( dict(
desc='Search for %r with --raw' % permission1, desc='Search for %r' % privilege1,
command=('permission_find', [permission1], {'raw' : True}), command=('permission_find', [privilege1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
],
),
),
dict(
desc='Search for %r with --raw with members' % permission1,
command=('permission_find', [permission1], {
'raw': True, 'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -378,6 +449,38 @@ class test_old_permission(Declarative):
), ),
dict(
desc='Search for %r with --raw' % permission1,
command=('permission_find', [permission1], {'raw': True}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'aci': [
u'(targetfilter = "(objectclass=posixaccount)")'
u'(version 3.0;acl "permission:testperm";'
u'allow (write) groupdn = "ldap:///%s";)' %
DN(
('cn', 'testperm'), ('cn', 'permissions'),
('cn', 'pbac'), api.env.basedn
)
],
'ipapermright': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
'ipapermlocation': [users_dn],
},
],
),
),
dict( dict(
desc='Create %r' % permission2, desc='Create %r' % permission2,
command=( command=(
@@ -406,6 +509,40 @@ class test_old_permission(Declarative):
), ),
dict(
desc='Search for %r with members' % permission1,
command=('permission_find', [permission1], {'no_members': False}),
expected=dict(
count=2,
truncated=False,
summary=u'2 permissions matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
{
'dn': permission2_dn,
'cn': [permission2],
'objectclass': objectclasses.permission,
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
],
),
),
dict( dict(
desc='Search for %r' % permission1, desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}), command=('permission_find', [permission1], {}),
@@ -418,7 +555,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn, 'dn': permission1_dn,
'cn': [permission1], 'cn': [permission1],
'objectclass': objectclasses.permission, 'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user', 'type': u'user',
'permissions': [u'write'], 'permissions': [u'write'],
'ipapermbindruletype': [u'permission'], 'ipapermbindruletype': [u'permission'],
@@ -486,8 +622,8 @@ class test_old_permission(Declarative):
dict( dict(
desc='Search for %r' % privilege1, desc='Search for %r with members' % privilege1,
command=('privilege_find', [privilege1], {}), command=('privilege_find', [privilege1], {'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -504,6 +640,60 @@ class test_old_permission(Declarative):
), ),
dict(
desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 privilege matched',
result=[
{
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
},
],
),
),
dict(
desc=('Search for %r with a limit of 1 (truncated) with members' %
permission1),
command=('permission_find', [permission1], dict(
sizelimit=1, no_members=False)),
expected=dict(
count=1,
truncated=True,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
],
messages=({
'message': (u'Search result has been truncated: '
u'Configured size limit exceeded'),
'code': 13017,
'type': u'warning',
'name': u'SearchResultTruncated',
'data': {
'reason': u"Configured size limit exceeded"
}
},),
),
),
dict( dict(
desc='Search for %r with a limit of 1 (truncated)' % permission1, desc='Search for %r with a limit of 1 (truncated)' % permission1,
command=('permission_find', [permission1], dict(sizelimit=1)), command=('permission_find', [permission1], dict(sizelimit=1)),
@@ -516,7 +706,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn, 'dn': permission1_dn,
'cn': [permission1], 'cn': [permission1],
'objectclass': objectclasses.permission, 'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user', 'type': u'user',
'permissions': [u'write'], 'permissions': [u'write'],
'ipapermbindruletype': [u'permission'], 'ipapermbindruletype': [u'permission'],
@@ -550,7 +739,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn, 'dn': permission1_dn,
'cn': [permission1], 'cn': [permission1],
'objectclass': objectclasses.permission, 'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user', 'type': u'user',
'permissions': [u'write'], 'permissions': [u'write'],
'ipapermbindruletype': [u'permission'], 'ipapermbindruletype': [u'permission'],
@@ -776,9 +964,11 @@ class test_old_permission(Declarative):
dict( dict(
desc='Search for %r using --subtree' % permission1, desc='Search for %r using --subtree with members' % permission1,
command=('permission_find', [], command=('permission_find', [], {
{'subtree': u'ldap:///%s' % DN(('cn', 'accounts'), api.env.basedn)}), 'subtree': u'ldap:///%s' % DN(
('cn', 'accounts'), api.env.basedn),
'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -800,6 +990,32 @@ class test_old_permission(Declarative):
), ),
dict(
desc='Search for %r using --subtree' % permission1,
command=('permission_find', [], {
'subtree': u'ldap:///%s' % DN(
('cn', 'accounts'), api.env.basedn)}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn':permission1_renamed_ucase_dn,
'cn':[permission1_renamed_ucase],
'objectclass': objectclasses.permission,
'subtree':u'ldap:///%s' % DN(
('cn', 'accounts'), api.env.basedn),
'permissions':[u'write'],
'memberof':u'ipausers',
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
},
],
),
),
dict( dict(
desc='Search using nonexistent --subtree', desc='Search using nonexistent --subtree',
command=('permission_find', [], {'subtree': u'ldap:///foo=bar'}), command=('permission_find', [], {'subtree': u'ldap:///foo=bar'}),
@@ -813,8 +1029,9 @@ class test_old_permission(Declarative):
dict( dict(
desc='Search using --targetgroup', desc='Search using --targetgroup with members',
command=('permission_find', [], {'targetgroup': u'ipausers'}), command=('permission_find', [], {
'targetgroup': u'ipausers', 'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -841,6 +1058,33 @@ class test_old_permission(Declarative):
), ),
dict(
desc='Search using --targetgroup',
command=('permission_find', [], {'targetgroup': u'ipausers'}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': DN(('cn', 'System: Add User to default group'),
api.env.container_permission, api.env.basedn),
'cn': [u'System: Add User to default group'],
'objectclass': objectclasses.permission,
'attrs': [u'member'],
'targetgroup': u'ipausers',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermtarget': [DN('cn=ipausers', groups_dn)],
'subtree': u'ldap:///%s' % groups_dn,
'ipapermdefaultattr': [u'member'],
'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'],
}
],
),
),
dict( dict(
desc='Delete %r' % permission1_renamed_ucase, desc='Delete %r' % permission1_renamed_ucase,
command=('permission_del', [permission1_renamed_ucase], {}), command=('permission_del', [permission1_renamed_ucase], {}),

277
ipatests/test_xmlrpc/test_permission_plugin.py
View File

@@ -540,9 +540,59 @@ class test_permission(Declarative):
), ),
dict(
desc='Search for %r with members' % permission1,
command=('permission_find', [permission1], {'no_members': False}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': [u'user'],
'ipapermright': [u'write'],
'attrs': [u'sn'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'SYSTEM', u'V2'],
'ipapermlocation': [users_dn],
},
],
),
),
dict( dict(
desc='Search for %r' % permission1, desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}), command=('permission_find', [permission1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'type': [u'user'],
'ipapermright': [u'write'],
'attrs': [u'sn'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'SYSTEM', u'V2'],
'ipapermlocation': [users_dn],
},
],
),
),
dict(
desc='Search for %r using --name with members' % permission1,
command=('permission_find', [], {
'cn': permission1, 'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -577,7 +627,6 @@ class test_permission(Declarative):
'dn': permission1_dn, 'dn': permission1_dn,
'cn': [permission1], 'cn': [permission1],
'objectclass': objectclasses.permission, 'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': [u'user'], 'type': [u'user'],
'ipapermright': [u'write'], 'ipapermright': [u'write'],
'attrs': [u'sn'], 'attrs': [u'sn'],
@@ -603,8 +652,8 @@ class test_permission(Declarative):
dict( dict(
desc='Search for %r' % privilege1, desc='Search for %r with members' % privilege1,
command=('permission_find', [privilege1], {}), command=('permission_find', [privilege1], {'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -627,6 +676,62 @@ class test_permission(Declarative):
), ),
dict(
desc='Search for %r' % privilege1,
command=('permission_find', [privilege1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'type': [u'user'],
'ipapermright': [u'write'],
'attrs': [u'sn'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'SYSTEM', u'V2'],
'ipapermlocation': [users_dn],
},
],
),
),
dict(
desc='Search for %r with --raw with members' % permission1,
command=('permission_find', [permission1], {
'raw': True, 'no_members': False}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member': [privilege1_dn],
'ipapermincludedattr': [u'sn'],
'ipapermbindruletype': [u'permission'],
'ipapermright': [u'write'],
'ipapermissiontype': [u'SYSTEM', u'V2'],
'ipapermlocation': [users_dn],
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
'aci': ['(targetattr = "sn")'
'(targetfilter = "(objectclass=posixaccount)")' +
'(version 3.0;acl "permission:%(name)s";'
'allow (write) groupdn = "ldap:///%(pdn)s";)' %
{'name': permission1,
'pdn': permission1_dn}],
},
],
),
),
dict( dict(
desc='Search for %r with --raw' % permission1, desc='Search for %r with --raw' % permission1,
command=('permission_find', [permission1], {'raw': True}), command=('permission_find', [permission1], {'raw': True}),
@@ -639,7 +744,6 @@ class test_permission(Declarative):
'dn': permission1_dn, 'dn': permission1_dn,
'cn': [permission1], 'cn': [permission1],
'objectclass': objectclasses.permission, 'objectclass': objectclasses.permission,
'member': [privilege1_dn],
'ipapermincludedattr': [u'sn'], 'ipapermincludedattr': [u'sn'],
'ipapermbindruletype': [u'permission'], 'ipapermbindruletype': [u'permission'],
'ipapermright': [u'write'], 'ipapermright': [u'write'],
@@ -695,6 +799,43 @@ class test_permission(Declarative):
'allow (write) groupdn = "ldap:///%s";)' % permission2_dn, 'allow (write) groupdn = "ldap:///%s";)' % permission2_dn,
), ),
dict(
desc='Search for %r with members' % permission1,
command=('permission_find', [permission1], {
'no_members': False}),
expected=dict(
count=2,
truncated=False,
summary=u'2 permissions matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': [u'user'],
'ipapermright': [u'write'],
'attrs': [u'sn'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'SYSTEM', u'V2'],
'ipapermlocation': [users_dn],
},
{
'dn': permission2_dn,
'cn': [permission2],
'objectclass': objectclasses.permission,
'type': [u'user'],
'ipapermright': [u'write'],
'attrs': [u'cn'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'SYSTEM', u'V2'],
'ipapermlocation': [users_dn],
},
],
),
),
dict( dict(
desc='Search for %r' % permission1, desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}), command=('permission_find', [permission1], {}),
@@ -707,7 +848,6 @@ class test_permission(Declarative):
'dn': permission1_dn, 'dn': permission1_dn,
'cn': [permission1], 'cn': [permission1],
'objectclass': objectclasses.permission, 'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': [u'user'], 'type': [u'user'],
'ipapermright': [u'write'], 'ipapermright': [u'write'],
'attrs': [u'sn'], 'attrs': [u'sn'],
@@ -777,8 +917,8 @@ class test_permission(Declarative):
dict( dict(
desc='Search for %r' % privilege1, desc='Search for %r with members' % privilege1,
command=('privilege_find', [privilege1], {}), command=('privilege_find', [privilege1], {'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -795,6 +935,63 @@ class test_permission(Declarative):
), ),
dict(
desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 privilege matched',
result=[
{
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
},
],
),
),
dict(
desc=('Search for %r with a limit of 1 (truncated) with members' %
permission1),
command=('permission_find', [permission1],
dict(sizelimit=1, no_members=False)),
expected=dict(
count=1,
truncated=True,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': [u'user'],
'ipapermright': [u'write'],
'attrs': [u'sn'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'SYSTEM', u'V2'],
'ipapermlocation': [users_dn],
},
],
messages=(
{
'message': (u'Search result has been truncated: '
u'Configured size limit exceeded'),
'code': 13017,
'type': u'warning',
'name': u'SearchResultTruncated',
'data': {
'reason': u"Configured size limit exceeded"
}
},
),
),
),
dict( dict(
desc='Search for %r with a limit of 1 (truncated)' % permission1, desc='Search for %r with a limit of 1 (truncated)' % permission1,
command=('permission_find', [permission1], dict(sizelimit=1)), command=('permission_find', [permission1], dict(sizelimit=1)),
@@ -807,7 +1004,6 @@ class test_permission(Declarative):
'dn': permission1_dn, 'dn': permission1_dn,
'cn': [permission1], 'cn': [permission1],
'objectclass': objectclasses.permission, 'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': [u'user'], 'type': [u'user'],
'ipapermright': [u'write'], 'ipapermright': [u'write'],
'attrs': [u'sn'], 'attrs': [u'sn'],
@@ -850,7 +1046,6 @@ class test_permission(Declarative):
'ipapermbindruletype': [u'permission'], 'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'SYSTEM', u'V2'], 'ipapermissiontype': [u'SYSTEM', u'V2'],
'ipapermlocation': [users_dn], 'ipapermlocation': [users_dn],
'member_privilege': [privilege1],
}, },
{ {
'dn': permission2_dn, 'dn': permission2_dn,
@@ -1179,9 +1374,11 @@ class test_permission(Declarative):
), ),
dict( dict(
desc='Search for %r using --subtree' % permission1_renamed_ucase, desc=('Search for %r using --subtree with membes' %
permission1_renamed_ucase),
command=('permission_find', [], command=('permission_find', [],
{'ipapermlocation': u'ldap:///%s' % admin_dn}), {'ipapermlocation': u'ldap:///%s' % admin_dn,
'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -1204,6 +1401,31 @@ class test_permission(Declarative):
), ),
dict(
desc='Search for %r using --subtree' % permission1_renamed_ucase,
command=('permission_find', [],
{'ipapermlocation': u'ldap:///%s' % admin_dn}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn':permission1_renamed_ucase_dn,
'cn':[permission1_renamed_ucase],
'objectclass': objectclasses.permission,
'ipapermlocation': [admin_dn],
'ipapermright':[u'write'],
'memberof':[u'ipausers'],
'attrs': [u'sn'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'SYSTEM', u'V2'],
},
],
),
),
dict( dict(
desc='Search using nonexistent --subtree', desc='Search using nonexistent --subtree',
command=('permission_find', [], {'ipapermlocation': u'foo'}), command=('permission_find', [], {'ipapermlocation': u'foo'}),
@@ -1213,8 +1435,9 @@ class test_permission(Declarative):
dict( dict(
desc='Search using --targetgroup', desc='Search using --targetgroup with members',
command=('permission_find', [], {'targetgroup': u'ipausers'}), command=('permission_find', [], {
'targetgroup': u'ipausers', 'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -1243,6 +1466,34 @@ class test_permission(Declarative):
), ),
dict(
desc='Search using --targetgroup',
command=('permission_find', [], {'targetgroup': u'ipausers'}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': DN(('cn', 'System: Add User to default group'),
api.env.container_permission, api.env.basedn),
'cn': [u'System: Add User to default group'],
'objectclass': objectclasses.permission,
'attrs': [u'member'],
'targetgroup': [u'ipausers'],
'ipapermright': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermtarget': [DN(
'cn=ipausers', api.env.container_group,
api.env.basedn)],
'ipapermlocation': [groups_dn],
'ipapermdefaultattr': [u'member'],
'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'],
}
],
),
),
dict( dict(
desc='Delete %r' % permission1_renamed_ucase, desc='Delete %r' % permission1_renamed_ucase,
command=('permission_del', [permission1_renamed_ucase], {}), command=('permission_del', [permission1_renamed_ucase], {}),

60
ipatests/test_xmlrpc/test_privilege_plugin.py
View File

@@ -172,8 +172,8 @@ class test_privilege(Declarative):
dict( dict(
desc='Search for %r' % privilege1, desc='Search for %r with members' % privilege1,
command=('privilege_find', [privilege1], {}), command=('privilege_find', [privilege1], {'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -193,6 +193,24 @@ class test_privilege(Declarative):
dict( dict(
desc='Search for %r' % privilege1, desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}), command=('privilege_find', [privilege1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 privilege matched',
result=[
{
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
},
],
),
),
dict(
desc='Search for %r with members' % privilege1,
command=('privilege_find', [privilege1], {'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -209,6 +227,24 @@ class test_privilege(Declarative):
), ),
dict(
desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 privilege matched',
result=[
{
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
},
],
),
),
dict( dict(
desc='Create %r' % permission2, desc='Create %r' % permission2,
command=( command=(
@@ -280,6 +316,25 @@ class test_privilege(Declarative):
), ),
dict(
desc='Search for %r with memebers' % privilege1,
command=('privilege_find', [privilege1], {'no_members': False}),
expected=dict(
count=1,
truncated=False,
summary=u'1 privilege matched',
result=[
{
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
'memberof_permission': [permission1, permission2],
},
],
),
),
dict( dict(
desc='Search for %r' % privilege1, desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}), command=('privilege_find', [privilege1], {}),
@@ -292,7 +347,6 @@ class test_privilege(Declarative):
'dn': privilege1_dn, 'dn': privilege1_dn,
'cn': [privilege1], 'cn': [privilege1],
'description': [u'privilege desc. 1'], 'description': [u'privilege desc. 1'],
'memberof_permission': [permission1, permission2],
}, },
], ],
), ),

89
ipatests/test_xmlrpc/test_role_plugin.py
View File

@@ -291,9 +291,47 @@ class test_role(Declarative):
), ),
dict(
desc='Search for %r with members' % role1,
command=('role_find', [role1], {'no_members': False}),
expected=dict(
count=1,
truncated=False,
summary=u'1 role matched',
result=[
{
'dn': role1_dn,
'cn': [role1],
'description': [u'role desc 1'],
'member_group': [group1],
'memberof_privilege': [privilege1],
},
],
),
),
dict( dict(
desc='Search for %r' % role1, desc='Search for %r' % role1,
command=('role_find', [role1], {}), command=('role_find', [role1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 role matched',
result=[
{
'dn': role1_dn,
'cn': [role1],
'description': [u'role desc 1'],
},
],
),
),
dict(
desc='Search for %r with members' % search,
command=('role_find', [search], {'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -323,8 +361,6 @@ class test_role(Declarative):
'dn': role1_dn, 'dn': role1_dn,
'cn': [role1], 'cn': [role1],
'description': [u'role desc 1'], 'description': [u'role desc 1'],
'member_group': [group1],
'memberof_privilege': [privilege1],
}, },
], ],
), ),
@@ -350,8 +386,8 @@ class test_role(Declarative):
dict( dict(
desc='Search for %r' % role1, desc='Search for %r with members' % role1,
command=('role_find', [role1], {}), command=('role_find', [role1], {'no_members': False}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@@ -370,8 +406,26 @@ class test_role(Declarative):
dict( dict(
desc='Search for %r' % search, desc='Search for %r' % role1,
command=('role_find', [search], {}), command=('role_find', [role1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 role matched',
result=[
{
'dn': role1_dn,
'cn': [role1],
'description': [u'role desc 1'],
},
],
),
),
dict(
desc='Search for %r with members' % search,
command=('role_find', [search], {'no_members': False}),
expected=dict( expected=dict(
count=2, count=2,
truncated=False, truncated=False,
@@ -394,6 +448,29 @@ class test_role(Declarative):
), ),
dict(
desc='Search for %r' % search,
command=('role_find', [search], {}),
expected=dict(
count=2,
truncated=False,
summary=u'2 roles matched',
result=[
{
'dn': role1_dn,
'cn': [role1],
'description': [u'role desc 1'],
},
{
'dn': role2_dn,
'cn': [role2],
'description': [u'role desc 2'],
},
],
),
),
dict( dict(
desc='Update %r' % role1, desc='Update %r' % role1,
command=( command=(

20
ipatests/test_xmlrpc/test_service_plugin.py
View File

@@ -250,6 +250,25 @@ class test_service(Declarative):
), ),
dict(
desc='Search for %r with members' % service1,
command=('service_find', [service1], {'no_members': False}),
expected=dict(
count=1,
truncated=False,
summary=u'1 service matched',
result=[
dict(
dn=service1dn,
krbprincipalname=[service1],
managedby_host=[fqdn1],
has_keytab=False,
),
],
),
),
dict( dict(
desc='Search for %r' % service1, desc='Search for %r' % service1,
command=('service_find', [service1], {}), command=('service_find', [service1], {}),
@@ -261,7 +280,6 @@ class test_service(Declarative):
dict( dict(
dn=service1dn, dn=service1dn,
krbprincipalname=[service1], krbprincipalname=[service1],
managedby_host=[fqdn1],
has_keytab=False, has_keytab=False,
), ),
], ],

30
ipatests/test_xmlrpc/test_servicedelegation_plugin.py
View File

@@ -134,8 +134,8 @@ class test_servicedelegation(Declarative):
dict( dict(
desc='Search for all rules', desc='Search for all rules with members',
command=('servicedelegationrule_find', [], {}), command=('servicedelegationrule_find', [], {'no_members': False}),
expected=dict( expected=dict(
summary=u'3 service delegation rules matched', summary=u'3 service delegation rules matched',
count=3, count=3,
@@ -162,6 +162,32 @@ class test_servicedelegation(Declarative):
), ),
dict(
desc='Search for all rules',
command=('servicedelegationrule_find', [], {}),
expected=dict(
summary=u'3 service delegation rules matched',
count=3,
truncated=False,
result=[
{
'dn': get_servicedelegation_dn(u'ipa-http-delegation'),
'cn': [u'ipa-http-delegation'],
'memberprincipal': [princ1],
},
dict(
dn=get_servicedelegation_dn(rule2),
cn=[rule2],
),
dict(
dn=get_servicedelegation_dn(rule1),
cn=[rule1],
),
],
),
),
dict( dict(
desc='Create target %r' % target1, desc='Create target %r' % target1,
command=( command=(

5
ipatests/test_xmlrpc/test_sudocmdgroup_plugin.py
View File

@@ -152,6 +152,11 @@ class TestSudoCmdGroupSCRUD(XMLRPC_test):
sudocmdgroup1.ensure_exists() sudocmdgroup1.ensure_exists()
sudocmdgroup1.find() sudocmdgroup1.find()
def test_search_all(self, sudocmdgroup1):
""" Search for sudocmdgroup """
sudocmdgroup1.ensure_exists()
sudocmdgroup1.find(all=True)
def test_create_another(self, sudocmdgroup2): def test_create_another(self, sudocmdgroup2):
""" Create a second sudocmdgroup """ """ Create a second sudocmdgroup """
sudocmdgroup2.create() sudocmdgroup2.create()

2
ipatests/test_xmlrpc/test_user_plugin.py
View File

@@ -691,7 +691,7 @@ class TestManagers(XMLRPC_test):
""" Find user by his manager's UID """ """ Find user by his manager's UID """
command = user.make_find_command(manager=user2.uid) command = user.make_find_command(manager=user2.uid)
result = command() result = command()
user.check_find(result, expected_override=dict(manager=[user2.uid])) user.check_find(result)
def test_delete_both_user_and_manager(self, user, user2): def test_delete_both_user_and_manager(self, user, user2):
""" Delete both user and its manager at once """ """ Delete both user and its manager at once """

5
ipatests/test_xmlrpc/tracker/host_plugin.py
View File

@@ -43,7 +43,10 @@ class HostTracker(Tracker):
update_keys = retrieve_keys - {'dn'} update_keys = retrieve_keys - {'dn'}
managedby_keys = retrieve_keys - {'has_keytab', 'has_password'} managedby_keys = retrieve_keys - {'has_keytab', 'has_password'}
allowedto_keys = retrieve_keys - {'has_keytab', 'has_password'} allowedto_keys = retrieve_keys - {'has_keytab', 'has_password'}
find_keys = retrieve_keys - {'has_keytab', 'has_password'} find_keys = retrieve_keys - {
'has_keytab', 'has_password', 'memberof_hostgroup',
'memberofindirect_hostgroup', 'managedby_host',
}
find_all_keys = retrieve_all_keys - {'has_keytab', 'has_password'} find_all_keys = retrieve_all_keys - {'has_keytab', 'has_password'}
def __init__(self, name, fqdn=None, default_version=None): def __init__(self, name, fqdn=None, default_version=None):

13
ipatests/test_xmlrpc/tracker/hostgroup_plugin.py
View File

@@ -24,6 +24,15 @@ class HostGroupTracker(Tracker):
add_member_keys = retrieve_keys | {u'member_host'} add_member_keys = retrieve_keys | {u'member_host'}
find_keys = {
u'dn', u'cn', u'description',
}
find_all_keys = {
u'dn', u'cn', u'member_host', u'description', u'member_hostgroup',
u'memberindirect_host', u'ipauniqueid', u'objectclass',
u'mepmanagedentry',
}
def __init__(self, name, description=u'HostGroup desc'): def __init__(self, name, description=u'HostGroup desc'):
super(HostGroupTracker, self).__init__(default_version=None) super(HostGroupTracker, self).__init__(default_version=None)
self.cn = name self.cn = name
@@ -182,9 +191,9 @@ class HostGroupTracker(Tracker):
def check_find(self, result, all=False, raw=False): def check_find(self, result, all=False, raw=False):
""" Checks 'hostgroup_find' command result """ """ Checks 'hostgroup_find' command result """
if all: if all:
expected = self.filter_attrs(self.retrieve_all_keys) expected = self.filter_attrs(self.find_all_keys)
else: else:
expected = self.filter_attrs(self.retrieve_keys) expected = self.filter_attrs(self.find_keys)
assert_deepequal(dict( assert_deepequal(dict(
count=1, count=1,

7
ipatests/test_xmlrpc/tracker/sudocmd_plugin.py
View File

@@ -18,6 +18,9 @@ class SudoCmdTracker(Tracker):
create_keys = retrieve_all_keys create_keys = retrieve_all_keys
update_keys = retrieve_keys - {u'dn'} update_keys = retrieve_keys - {u'dn'}
find_keys = {u'dn', u'sudocmd', u'description'}
find_all_keys = retrieve_all_keys
def __init__(self, command, description="Test sudo command"): def __init__(self, command, description="Test sudo command"):
super(SudoCmdTracker, self).__init__(default_version=None) super(SudoCmdTracker, self).__init__(default_version=None)
self.cmd = command self.cmd = command
@@ -93,9 +96,9 @@ class SudoCmdTracker(Tracker):
def check_find(self, result, all=False, raw=False): def check_find(self, result, all=False, raw=False):
""" Checks 'sudocmd_find' command result """ """ Checks 'sudocmd_find' command result """
if all: if all:
expected = self.filter_attrs(self.retrieve_all_keys) expected = self.filter_attrs(self.find_all_keys)
else: else:
expected = self.filter_attrs(self.retrieve_keys) expected = self.filter_attrs(self.find_keys)
assert_deepequal(dict( assert_deepequal(dict(
count=1, count=1,

9
ipatests/test_xmlrpc/tracker/sudocmdgroup_plugin.py
View File

@@ -24,6 +24,11 @@ class SudoCmdGroupTracker(Tracker):
add_member_keys = retrieve_keys | {u'member_sudocmd'} add_member_keys = retrieve_keys | {u'member_sudocmd'}
find_keys = {
u'dn', u'cn', u'description', u'member_sudocmdgroup'}
find_all_keys = find_keys | {
u'ipauniqueid', u'objectclass', u'mepmanagedentry'}
def __init__(self, name, description=u'SudoCmdGroup desc'): def __init__(self, name, description=u'SudoCmdGroup desc'):
super(SudoCmdGroupTracker, self).__init__(default_version=None) super(SudoCmdGroupTracker, self).__init__(default_version=None)
self.cn = name self.cn = name
@@ -168,9 +173,9 @@ class SudoCmdGroupTracker(Tracker):
def check_find(self, result, all=False, raw=False): def check_find(self, result, all=False, raw=False):
""" Checks 'sudocmdgroup_find' command result """ """ Checks 'sudocmdgroup_find' command result """
if all: if all:
expected = self.filter_attrs(self.retrieve_all_keys) expected = self.filter_attrs(self.find_all_keys)
else: else:
expected = self.filter_attrs(self.retrieve_keys) expected = self.filter_attrs(self.find_keys)
assert_deepequal(dict( assert_deepequal(dict(
count=1, count=1,

3
ipatests/test_xmlrpc/tracker/user_plugin.py
View File

@@ -52,7 +52,8 @@ class UserTracker(Tracker):
activate_keys = retrieve_keys activate_keys = retrieve_keys
find_keys = retrieve_keys - { find_keys = retrieve_keys - {
u'mepmanagedentry', u'memberof_group', u'has_keytab', u'has_password' u'mepmanagedentry', u'memberof_group', u'has_keytab', u'has_password',
u'manager',
} }
find_all_keys = retrieve_all_keys - { find_all_keys = retrieve_all_keys - {
u'has_keytab', u'has_password' u'has_keytab', u'has_password'