mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
test_permission_plugin: Fix tests that make too broad assumptions
The test that searches with a limit of 1 assumes a specific order LDAP returns entries in. Future patches will change this order. Do not check the specific entry returned. The test that searched for --bindtype assumed that no anonymous permissions exist in a clean install. Again, this will be changed in future patches. Add a name to the bindtype test, and add a negatitive test to verify the filtering works. Reviewed-By: Martin Kosek <mkosek@redhat.com>
This commit is contained in:
parent
427317efa6
commit
d0e83dbccf
@ -554,31 +554,19 @@ class test_old_permission(Declarative):
|
|||||||
|
|
||||||
# This tests setting truncated to True in the post_callback of
|
# This tests setting truncated to True in the post_callback of
|
||||||
# permission_find(). The return order in LDAP is not guaranteed
|
# permission_find(). The return order in LDAP is not guaranteed
|
||||||
# but in practice this is the first entry it finds. This is subject
|
# so do not check the actual entry.
|
||||||
# to change.
|
|
||||||
dict(
|
dict(
|
||||||
desc='Search for permissions by attr with a limit of 1 (truncated)',
|
desc='Search for permissions by attr with a limit of 1 (truncated)',
|
||||||
command=('permission_find', [], dict(attrs=u'ipaenabledflag',
|
command=('permission_find', [u'Modify'],
|
||||||
sizelimit=1)),
|
dict(attrs=u'ipaenabledflag', sizelimit=1)),
|
||||||
expected=dict(
|
expected=dict(
|
||||||
count=1,
|
count=1,
|
||||||
truncated=True,
|
truncated=True,
|
||||||
summary=u'1 permission matched',
|
summary=u'1 permission matched',
|
||||||
result=[
|
result=[lambda res:
|
||||||
{
|
DN(res['dn']).endswith(DN(api.env.container_permission,
|
||||||
'dn': DN(('cn', 'Modify HBAC rule'),
|
api.env.basedn)) and
|
||||||
api.env.container_permission, api.env.basedn),
|
'ipapermission' in res['objectclass']],
|
||||||
'cn': [u'Modify HBAC rule'],
|
|
||||||
'objectclass': objectclasses.permission,
|
|
||||||
'member_privilege': [u'HBAC Administrator'],
|
|
||||||
'memberindirect_role': [u'IT Security Specialist'],
|
|
||||||
'permissions' : [u'write'],
|
|
||||||
'attrs': [u'servicecategory', u'sourcehostcategory', u'cn', u'description', u'ipaenabledflag', u'accesstime', u'usercategory', u'hostcategory', u'accessruletype', u'sourcehost'],
|
|
||||||
'ipapermbindruletype': [u'permission'],
|
|
||||||
'ipapermtarget': [DN('ipauniqueid=*', hbac_dn)],
|
|
||||||
'subtree': u'ldap:///%s' % api.env.basedn,
|
|
||||||
},
|
|
||||||
],
|
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
|
||||||
|
@ -836,36 +836,19 @@ class test_permission(Declarative):
|
|||||||
|
|
||||||
# This tests setting truncated to True in the post_callback of
|
# This tests setting truncated to True in the post_callback of
|
||||||
# permission_find(). The return order in LDAP is not guaranteed
|
# permission_find(). The return order in LDAP is not guaranteed
|
||||||
# but in practice this is the first entry it finds. This is subject
|
# so do not check the actual entry.
|
||||||
# to change.
|
|
||||||
dict(
|
dict(
|
||||||
desc='Search for permissions by attr with a limit of 1 (truncated)',
|
desc='Search for permissions by attr with a limit of 1 (truncated)',
|
||||||
command=('permission_find', [], dict(attrs=u'ipaenabledflag',
|
command=('permission_find', [u'Modify'],
|
||||||
sizelimit=1)),
|
dict(attrs=u'ipaenabledflag', sizelimit=1)),
|
||||||
expected=dict(
|
expected=dict(
|
||||||
count=1,
|
count=1,
|
||||||
truncated=True,
|
truncated=True,
|
||||||
summary=u'1 permission matched',
|
summary=u'1 permission matched',
|
||||||
result=[
|
result=[lambda res:
|
||||||
{
|
DN(res['dn']).endswith(DN(api.env.container_permission,
|
||||||
'dn': DN(('cn', 'Modify HBAC rule'),
|
api.env.basedn)) and
|
||||||
api.env.container_permission, api.env.basedn),
|
'ipapermission' in res['objectclass']],
|
||||||
'cn': [u'Modify HBAC rule'],
|
|
||||||
'objectclass': objectclasses.permission,
|
|
||||||
'member_privilege': [u'HBAC Administrator'],
|
|
||||||
'memberindirect_role': [u'IT Security Specialist'],
|
|
||||||
'ipapermright' : [u'write'],
|
|
||||||
'attrs': [u'servicecategory', u'sourcehostcategory',
|
|
||||||
u'cn', u'description', u'ipaenabledflag',
|
|
||||||
u'accesstime', u'usercategory',
|
|
||||||
u'hostcategory', u'accessruletype',
|
|
||||||
u'sourcehost'],
|
|
||||||
'ipapermtarget': [DN(('ipauniqueid', '*'),
|
|
||||||
('cn', 'hbac'), api.env.basedn)],
|
|
||||||
'ipapermbindruletype': [u'permission'],
|
|
||||||
'ipapermlocation': [api.env.basedn],
|
|
||||||
},
|
|
||||||
],
|
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
|
||||||
@ -2830,7 +2813,8 @@ class test_permission_bindtype(Declarative):
|
|||||||
|
|
||||||
dict(
|
dict(
|
||||||
desc='Search for %r using --bindtype' % permission1,
|
desc='Search for %r using --bindtype' % permission1,
|
||||||
command=('permission_find', [], {'ipapermbindruletype': u'all'}),
|
command=('permission_find', [permission1],
|
||||||
|
{'ipapermbindruletype': u'all'}),
|
||||||
expected=dict(
|
expected=dict(
|
||||||
count=1,
|
count=1,
|
||||||
truncated=False,
|
truncated=False,
|
||||||
@ -2850,6 +2834,18 @@ class test_permission_bindtype(Declarative):
|
|||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
|
||||||
|
dict(
|
||||||
|
desc='Search for %r using bad --bindtype' % permission1,
|
||||||
|
command=('permission_find', [permission1],
|
||||||
|
{'ipapermbindruletype': u'anonymous'}),
|
||||||
|
expected=dict(
|
||||||
|
count=0,
|
||||||
|
truncated=False,
|
||||||
|
summary=u'0 permissions matched',
|
||||||
|
result=[],
|
||||||
|
),
|
||||||
|
),
|
||||||
|
|
||||||
dict(
|
dict(
|
||||||
desc='Add zero permissions to %r' % (privilege1),
|
desc='Add zero permissions to %r' % (privilege1),
|
||||||
command=('privilege_add_permission', [privilege1], {}),
|
command=('privilege_add_permission', [privilege1], {}),
|
||||||
|
Loading…
Reference in New Issue
Block a user