mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
test_permission_plugin: Fix tests that make too broad assumptions
The test that searches with a limit of 1 assumes a specific order LDAP returns entries in. Future patches will change this order. Do not check the specific entry returned. The test that searched for --bindtype assumed that no anonymous permissions exist in a clean install. Again, this will be changed in future patches. Add a name to the bindtype test, and add a negatitive test to verify the filtering works. Reviewed-By: Martin Kosek <mkosek@redhat.com>
This commit is contained in:
parent
427317efa6
commit
d0e83dbccf
@ -554,31 +554,19 @@ class test_old_permission(Declarative):
|
||||
|
||||
# This tests setting truncated to True in the post_callback of
|
||||
# permission_find(). The return order in LDAP is not guaranteed
|
||||
# but in practice this is the first entry it finds. This is subject
|
||||
# to change.
|
||||
# so do not check the actual entry.
|
||||
dict(
|
||||
desc='Search for permissions by attr with a limit of 1 (truncated)',
|
||||
command=('permission_find', [], dict(attrs=u'ipaenabledflag',
|
||||
sizelimit=1)),
|
||||
command=('permission_find', [u'Modify'],
|
||||
dict(attrs=u'ipaenabledflag', sizelimit=1)),
|
||||
expected=dict(
|
||||
count=1,
|
||||
truncated=True,
|
||||
summary=u'1 permission matched',
|
||||
result=[
|
||||
{
|
||||
'dn': DN(('cn', 'Modify HBAC rule'),
|
||||
api.env.container_permission, api.env.basedn),
|
||||
'cn': [u'Modify HBAC rule'],
|
||||
'objectclass': objectclasses.permission,
|
||||
'member_privilege': [u'HBAC Administrator'],
|
||||
'memberindirect_role': [u'IT Security Specialist'],
|
||||
'permissions' : [u'write'],
|
||||
'attrs': [u'servicecategory', u'sourcehostcategory', u'cn', u'description', u'ipaenabledflag', u'accesstime', u'usercategory', u'hostcategory', u'accessruletype', u'sourcehost'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermtarget': [DN('ipauniqueid=*', hbac_dn)],
|
||||
'subtree': u'ldap:///%s' % api.env.basedn,
|
||||
},
|
||||
],
|
||||
result=[lambda res:
|
||||
DN(res['dn']).endswith(DN(api.env.container_permission,
|
||||
api.env.basedn)) and
|
||||
'ipapermission' in res['objectclass']],
|
||||
),
|
||||
),
|
||||
|
||||
|
@ -836,36 +836,19 @@ class test_permission(Declarative):
|
||||
|
||||
# This tests setting truncated to True in the post_callback of
|
||||
# permission_find(). The return order in LDAP is not guaranteed
|
||||
# but in practice this is the first entry it finds. This is subject
|
||||
# to change.
|
||||
# so do not check the actual entry.
|
||||
dict(
|
||||
desc='Search for permissions by attr with a limit of 1 (truncated)',
|
||||
command=('permission_find', [], dict(attrs=u'ipaenabledflag',
|
||||
sizelimit=1)),
|
||||
command=('permission_find', [u'Modify'],
|
||||
dict(attrs=u'ipaenabledflag', sizelimit=1)),
|
||||
expected=dict(
|
||||
count=1,
|
||||
truncated=True,
|
||||
summary=u'1 permission matched',
|
||||
result=[
|
||||
{
|
||||
'dn': DN(('cn', 'Modify HBAC rule'),
|
||||
api.env.container_permission, api.env.basedn),
|
||||
'cn': [u'Modify HBAC rule'],
|
||||
'objectclass': objectclasses.permission,
|
||||
'member_privilege': [u'HBAC Administrator'],
|
||||
'memberindirect_role': [u'IT Security Specialist'],
|
||||
'ipapermright' : [u'write'],
|
||||
'attrs': [u'servicecategory', u'sourcehostcategory',
|
||||
u'cn', u'description', u'ipaenabledflag',
|
||||
u'accesstime', u'usercategory',
|
||||
u'hostcategory', u'accessruletype',
|
||||
u'sourcehost'],
|
||||
'ipapermtarget': [DN(('ipauniqueid', '*'),
|
||||
('cn', 'hbac'), api.env.basedn)],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermlocation': [api.env.basedn],
|
||||
},
|
||||
],
|
||||
result=[lambda res:
|
||||
DN(res['dn']).endswith(DN(api.env.container_permission,
|
||||
api.env.basedn)) and
|
||||
'ipapermission' in res['objectclass']],
|
||||
),
|
||||
),
|
||||
|
||||
@ -2830,7 +2813,8 @@ class test_permission_bindtype(Declarative):
|
||||
|
||||
dict(
|
||||
desc='Search for %r using --bindtype' % permission1,
|
||||
command=('permission_find', [], {'ipapermbindruletype': u'all'}),
|
||||
command=('permission_find', [permission1],
|
||||
{'ipapermbindruletype': u'all'}),
|
||||
expected=dict(
|
||||
count=1,
|
||||
truncated=False,
|
||||
@ -2850,6 +2834,18 @@ class test_permission_bindtype(Declarative):
|
||||
),
|
||||
),
|
||||
|
||||
dict(
|
||||
desc='Search for %r using bad --bindtype' % permission1,
|
||||
command=('permission_find', [permission1],
|
||||
{'ipapermbindruletype': u'anonymous'}),
|
||||
expected=dict(
|
||||
count=0,
|
||||
truncated=False,
|
||||
summary=u'0 permissions matched',
|
||||
result=[],
|
||||
),
|
||||
),
|
||||
|
||||
dict(
|
||||
desc='Add zero permissions to %r' % (privilege1),
|
||||
command=('privilege_add_permission', [privilege1], {}),
|
||||
|
Loading…
Reference in New Issue
Block a user