certmaprule: add negative test for altSecurityIdentities

Try to create a certmap rule that mentiones altSecurityIdentities in its
mapping rule but uses IPA domain to apply to. It should fail with
ValidationError.

Related: https://pagure.io/freeipa/issue/7932
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
Alexander Bokovoy 2019-05-07 06:56:34 +03:00
parent 41ca4d484e
commit 95c2b34c4b

View File

@ -27,6 +27,17 @@ certmaprule_create_params = {
u'ipacertmappriority': u'1',
}
certmaprule_create_trusted_params = {
u'cn': u'test_trusted_rule',
u'description': u'Certificate mapping and matching rule for test '
u'purposes for trusted domain',
u'ipacertmapmaprule': u'altsecurityidentities=X509:<some map>',
u'ipacertmapmatchrule': u'arbitrary free-form matching rule defined '
u'and consumed by SSSD',
u'associateddomain': api.env.domain,
u'ipacertmappriority': u'1',
}
certmaprule_update_params = {
u'description': u'Changed description',
u'ipacertmapmaprule': u'changed arbitrary mapping rule',
@ -76,6 +87,12 @@ def certmap_rule(request):
return tracker.make_fixture(request)
@pytest.fixture(scope='class')
def certmap_rule_trusted_domain(request):
tracker = CertmapruleTracker(**certmaprule_create_trusted_params)
return tracker.make_fixture(request)
@pytest.fixture(scope='class')
def certmap_config(request):
tracker = CertmapconfigTracker()
@ -122,6 +139,18 @@ class TestCRUD(XMLRPC_test):
certmap_rule.ensure_exists()
certmap_rule.delete()
def test_failed_create(self, certmap_rule_trusted_domain):
certmap_rule_trusted_domain.ensure_missing()
try:
certmap_rule_trusted_domain.create([])
except errors.ValidationError:
certmap_rule_trusted_domain.exists = False
else:
certmap_rule_trusted_domain.exists = True
certmap_rule_trusted_domain.ensure_missing()
raise AssertionError("Expected validation error for "
"altSecurityIdentities used for IPA domain")
class TestEnableDisable(XMLRPC_test):
def test_disable(self, certmap_rule):