IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add test case for allow-create-keytab

Browse Source 
A ref counting bug in python-ldap caused create and retrieve keytab
feature to fail. Additional tests verify, that
ipaallowedtoperform;write_keys attribute is handled correctly.

See: https://pagure.io/freeipa/issue/7324
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Christian Heimes 2018-05-26 11:44:40 +02:00
parent 1d70ce850e
commit 9b8bb85eca
1 changed files with 82 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
ipatests/test_xmlrpc/test_service_plugin.py
View File

@ -286,6 +286,60 @@ class test_service(Declarative):
), ),
), ),
dict(
desc='Allow admin to create keytab for %r' % service1,
command=('service_allow_create_keytab', [service1],
dict(user=u'admin'),
),
expected=dict(
completed=1,
failed=dict(
ipaallowedtoperform_write_keys=dict(
group=[],
host=[],
hostgroup=[],
user=[]
)
),
result=dict(
dn=service1dn,
ipaallowedtoperform_write_keys_user=[u'admin'],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
),
dict(
desc='Retrieve %r with all=True and keytab allowed' % service1,
command=('service_show', [service1], dict(all=True)),
expected=dict(
value=service1,
summary=None,
result=dict(
dn=service1dn,
ipaallowedtoperform_write_keys_user=[u'admin'],
krbprincipalname=[service1],
ipakrbprincipalalias=[service1],
krbcanonicalname=[service1],
objectclass=objectclasses.service + [
u'ipaallowedoperations'
],
ipauniqueid=[fuzzy_uuid],
managedby_host=[fqdn1],
has_keytab=False,
ipakrbrequirespreauth=True,
ipakrbokasdelegate=False,
ipakrboktoauthasdelegate=False,
krbpwdpolicyreference=[DN(
u'cn=Default Service Password Policy',
api.env.container_service,
api.env.basedn,
)],
),
),
),
dict( dict(
desc='Search for %r with members' % service1, desc='Search for %r with members' % service1,
@ -297,6 +351,7 @@ class test_service(Declarative):
result=[ result=[
dict( dict(
dn=service1dn, dn=service1dn,
ipaallowedtoperform_write_keys_user=[u'admin'],
krbprincipalname=[service1], krbprincipalname=[service1],
krbcanonicalname=[service1], krbcanonicalname=[service1],
managedby_host=[fqdn1], managedby_host=[fqdn1],
@ -306,6 +361,30 @@ class test_service(Declarative):
), ),
), ),
dict(
desc='Disallow admin to create keytab for %r' % service1,
command=(
'service_disallow_create_keytab', [service1],
dict(user=u'admin'),
),
expected=dict(
completed=1,
failed=dict(
ipaallowedtoperform_write_keys=dict(
group=[],
host=[],
hostgroup=[],
user=[]
)
),
result=dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
),
dict( dict(
desc='Search for %r' % service1, desc='Search for %r' % service1,
@ -339,7 +418,9 @@ class test_service(Declarative):
krbprincipalname=[service1], krbprincipalname=[service1],
ipakrbprincipalalias=[service1], ipakrbprincipalalias=[service1],
krbcanonicalname=[service1], krbcanonicalname=[service1],
objectclass=objectclasses.service, objectclass=objectclasses.service + [
u'ipaallowedoperations'
],
ipauniqueid=[fuzzy_uuid], ipauniqueid=[fuzzy_uuid],
has_keytab=False, has_keytab=False,
managedby_host=[fqdn1], managedby_host=[fqdn1],