mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
certmaprule: add negative test for altSecurityIdentities
Try to create a certmap rule that mentiones altSecurityIdentities in its mapping rule but uses IPA domain to apply to. It should fail with ValidationError. Related: https://pagure.io/freeipa/issue/7932 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
parent
41ca4d484e
commit
95c2b34c4b
@ -27,6 +27,17 @@ certmaprule_create_params = {
|
||||
u'ipacertmappriority': u'1',
|
||||
}
|
||||
|
||||
certmaprule_create_trusted_params = {
|
||||
u'cn': u'test_trusted_rule',
|
||||
u'description': u'Certificate mapping and matching rule for test '
|
||||
u'purposes for trusted domain',
|
||||
u'ipacertmapmaprule': u'altsecurityidentities=X509:<some map>',
|
||||
u'ipacertmapmatchrule': u'arbitrary free-form matching rule defined '
|
||||
u'and consumed by SSSD',
|
||||
u'associateddomain': api.env.domain,
|
||||
u'ipacertmappriority': u'1',
|
||||
}
|
||||
|
||||
certmaprule_update_params = {
|
||||
u'description': u'Changed description',
|
||||
u'ipacertmapmaprule': u'changed arbitrary mapping rule',
|
||||
@ -76,6 +87,12 @@ def certmap_rule(request):
|
||||
return tracker.make_fixture(request)
|
||||
|
||||
|
||||
@pytest.fixture(scope='class')
|
||||
def certmap_rule_trusted_domain(request):
|
||||
tracker = CertmapruleTracker(**certmaprule_create_trusted_params)
|
||||
return tracker.make_fixture(request)
|
||||
|
||||
|
||||
@pytest.fixture(scope='class')
|
||||
def certmap_config(request):
|
||||
tracker = CertmapconfigTracker()
|
||||
@ -122,6 +139,18 @@ class TestCRUD(XMLRPC_test):
|
||||
certmap_rule.ensure_exists()
|
||||
certmap_rule.delete()
|
||||
|
||||
def test_failed_create(self, certmap_rule_trusted_domain):
|
||||
certmap_rule_trusted_domain.ensure_missing()
|
||||
try:
|
||||
certmap_rule_trusted_domain.create([])
|
||||
except errors.ValidationError:
|
||||
certmap_rule_trusted_domain.exists = False
|
||||
else:
|
||||
certmap_rule_trusted_domain.exists = True
|
||||
certmap_rule_trusted_domain.ensure_missing()
|
||||
raise AssertionError("Expected validation error for "
|
||||
"altSecurityIdentities used for IPA domain")
|
||||
|
||||
|
||||
class TestEnableDisable(XMLRPC_test):
|
||||
def test_disable(self, certmap_rule):
|
||||
|
Loading…
Reference in New Issue
Block a user