test_permission_plugin: Fix tests that make too broad assumptions

The test that searches with a limit of 1 assumes a specific order
LDAP returns entries in. Future patches will change this order.
Do not check the specific entry returned.

The test that searched for --bindtype assumed that no anonymous
permissions exist in a clean install. Again, this will be changed
in future patches.
Add a name to the bindtype test, and add a negatitive test to
verify the filtering works.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
This commit is contained in:
Petr Viktorin 2014-02-21 12:29:39 +01:00
parent 427317efa6
commit d0e83dbccf
2 changed files with 28 additions and 44 deletions

View File

@ -554,31 +554,19 @@ class test_old_permission(Declarative):
# This tests setting truncated to True in the post_callback of # This tests setting truncated to True in the post_callback of
# permission_find(). The return order in LDAP is not guaranteed # permission_find(). The return order in LDAP is not guaranteed
# but in practice this is the first entry it finds. This is subject # so do not check the actual entry.
# to change.
dict( dict(
desc='Search for permissions by attr with a limit of 1 (truncated)', desc='Search for permissions by attr with a limit of 1 (truncated)',
command=('permission_find', [], dict(attrs=u'ipaenabledflag', command=('permission_find', [u'Modify'],
sizelimit=1)), dict(attrs=u'ipaenabledflag', sizelimit=1)),
expected=dict( expected=dict(
count=1, count=1,
truncated=True, truncated=True,
summary=u'1 permission matched', summary=u'1 permission matched',
result=[ result=[lambda res:
{ DN(res['dn']).endswith(DN(api.env.container_permission,
'dn': DN(('cn', 'Modify HBAC rule'), api.env.basedn)) and
api.env.container_permission, api.env.basedn), 'ipapermission' in res['objectclass']],
'cn': [u'Modify HBAC rule'],
'objectclass': objectclasses.permission,
'member_privilege': [u'HBAC Administrator'],
'memberindirect_role': [u'IT Security Specialist'],
'permissions' : [u'write'],
'attrs': [u'servicecategory', u'sourcehostcategory', u'cn', u'description', u'ipaenabledflag', u'accesstime', u'usercategory', u'hostcategory', u'accessruletype', u'sourcehost'],
'ipapermbindruletype': [u'permission'],
'ipapermtarget': [DN('ipauniqueid=*', hbac_dn)],
'subtree': u'ldap:///%s' % api.env.basedn,
},
],
), ),
), ),

View File

@ -836,36 +836,19 @@ class test_permission(Declarative):
# This tests setting truncated to True in the post_callback of # This tests setting truncated to True in the post_callback of
# permission_find(). The return order in LDAP is not guaranteed # permission_find(). The return order in LDAP is not guaranteed
# but in practice this is the first entry it finds. This is subject # so do not check the actual entry.
# to change.
dict( dict(
desc='Search for permissions by attr with a limit of 1 (truncated)', desc='Search for permissions by attr with a limit of 1 (truncated)',
command=('permission_find', [], dict(attrs=u'ipaenabledflag', command=('permission_find', [u'Modify'],
sizelimit=1)), dict(attrs=u'ipaenabledflag', sizelimit=1)),
expected=dict( expected=dict(
count=1, count=1,
truncated=True, truncated=True,
summary=u'1 permission matched', summary=u'1 permission matched',
result=[ result=[lambda res:
{ DN(res['dn']).endswith(DN(api.env.container_permission,
'dn': DN(('cn', 'Modify HBAC rule'), api.env.basedn)) and
api.env.container_permission, api.env.basedn), 'ipapermission' in res['objectclass']],
'cn': [u'Modify HBAC rule'],
'objectclass': objectclasses.permission,
'member_privilege': [u'HBAC Administrator'],
'memberindirect_role': [u'IT Security Specialist'],
'ipapermright' : [u'write'],
'attrs': [u'servicecategory', u'sourcehostcategory',
u'cn', u'description', u'ipaenabledflag',
u'accesstime', u'usercategory',
u'hostcategory', u'accessruletype',
u'sourcehost'],
'ipapermtarget': [DN(('ipauniqueid', '*'),
('cn', 'hbac'), api.env.basedn)],
'ipapermbindruletype': [u'permission'],
'ipapermlocation': [api.env.basedn],
},
],
), ),
), ),
@ -2830,7 +2813,8 @@ class test_permission_bindtype(Declarative):
dict( dict(
desc='Search for %r using --bindtype' % permission1, desc='Search for %r using --bindtype' % permission1,
command=('permission_find', [], {'ipapermbindruletype': u'all'}), command=('permission_find', [permission1],
{'ipapermbindruletype': u'all'}),
expected=dict( expected=dict(
count=1, count=1,
truncated=False, truncated=False,
@ -2850,6 +2834,18 @@ class test_permission_bindtype(Declarative):
), ),
), ),
dict(
desc='Search for %r using bad --bindtype' % permission1,
command=('permission_find', [permission1],
{'ipapermbindruletype': u'anonymous'}),
expected=dict(
count=0,
truncated=False,
summary=u'0 permissions matched',
result=[],
),
),
dict( dict(
desc='Add zero permissions to %r' % (privilege1), desc='Add zero permissions to %r' % (privilege1),
command=('privilege_add_permission', [privilege1], {}), command=('privilege_add_permission', [privilege1], {}),