Add test case for allow-create-keytab

A ref counting bug in python-ldap caused create and retrieve keytab feature to fail. Additional tests verify, that ipaallowedtoperform;write_keys attribute is handled correctly. See: https://pagure.io/freeipa/issue/7324 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-05-26 11:44:40 +02:00 · 2018-05-26 11:44:40 +02:00 · 9b8bb85eca
commit 9b8bb85eca
parent 1d70ce850e
1 changed files with 82 additions and 1 deletions
--- a/ipatests/test_xmlrpc/test_service_plugin.py
+++ b/ipatests/test_xmlrpc/test_service_plugin.py
@ -286,6 +286,60 @@ class test_service(Declarative):
            ),
        ),

+        dict(
+            desc='Allow admin to create keytab for %r' % service1,
+            command=('service_allow_create_keytab', [service1],
+                     dict(user=u'admin'),
+                     ),
+            expected=dict(
+                completed=1,
+                failed=dict(
+                    ipaallowedtoperform_write_keys=dict(
+                        group=[],
+                        host=[],
+                        hostgroup=[],
+                        user=[]
+                    )
+                ),
+                result=dict(
+                    dn=service1dn,
+                    ipaallowedtoperform_write_keys_user=[u'admin'],
+                    krbprincipalname=[service1],
+                    krbcanonicalname=[service1],
+                    managedby_host=[fqdn1],
+                ),
+            ),
+        ),
+
+        dict(
+            desc='Retrieve %r with all=True and keytab allowed' % service1,
+            command=('service_show', [service1], dict(all=True)),
+            expected=dict(
+                value=service1,
+                summary=None,
+                result=dict(
+                    dn=service1dn,
+                    ipaallowedtoperform_write_keys_user=[u'admin'],
+                    krbprincipalname=[service1],
+                    ipakrbprincipalalias=[service1],
+                    krbcanonicalname=[service1],
+                    objectclass=objectclasses.service + [
+                        u'ipaallowedoperations'
+                    ],
+                    ipauniqueid=[fuzzy_uuid],
+                    managedby_host=[fqdn1],
+                    has_keytab=False,
+                    ipakrbrequirespreauth=True,
+                    ipakrbokasdelegate=False,
+                    ipakrboktoauthasdelegate=False,
+                    krbpwdpolicyreference=[DN(
+                        u'cn=Default Service Password Policy',
+                        api.env.container_service,
+                        api.env.basedn,
+                    )],
+                ),
+            ),
+        ),

        dict(
            desc='Search for %r with members' % service1,
@ -297,6 +351,7 @@ class test_service(Declarative):
                result=[
                    dict(
                        dn=service1dn,
+                        ipaallowedtoperform_write_keys_user=[u'admin'],
                        krbprincipalname=[service1],
                        krbcanonicalname=[service1],
                        managedby_host=[fqdn1],
@ -306,6 +361,30 @@ class test_service(Declarative):
            ),
        ),

+        dict(
+            desc='Disallow admin to create keytab for %r' % service1,
+            command=(
+                'service_disallow_create_keytab', [service1],
+                dict(user=u'admin'),
+            ),
+            expected=dict(
+                completed=1,
+                failed=dict(
+                    ipaallowedtoperform_write_keys=dict(
+                        group=[],
+                        host=[],
+                        hostgroup=[],
+                        user=[]
+                    )
+                ),
+                result=dict(
+                    dn=service1dn,
+                    krbprincipalname=[service1],
+                    krbcanonicalname=[service1],
+                    managedby_host=[fqdn1],
+                ),
+            ),
+        ),

        dict(
            desc='Search for %r' % service1,
@ -339,7 +418,9 @@ class test_service(Declarative):
                        krbprincipalname=[service1],
                        ipakrbprincipalalias=[service1],
                        krbcanonicalname=[service1],
-                        objectclass=objectclasses.service,
+                        objectclass=objectclasses.service + [
+                            u'ipaallowedoperations'
+                        ],
                        ipauniqueid=[fuzzy_uuid],
                        has_keytab=False,
                        managedby_host=[fqdn1],