Commit Graph

11 Commits

Author SHA1 Message Date
Jan Cholasta
bd440d515e Fix uses of O=REALM instead of the configured certificate subject base.
ticket 2521
2012-03-26 20:29:26 -04:00
Petr Viktorin
c14a2d8245 Use nose tools to check for exceptions
Some of our tests checked for exceptions using an error-prone
try block: they allowed the expected exception to pass, but sometimes
forgot an else block, so the test passed when an exception wasn't
thrown.

This changes the tests to use the appropriate nose tools (raises,
assert_raises).
For consistency, tests that had a correct else block are also changed.

Also fix some test problems that were hidden by the above:
- in some sudorule and HBAC tests, change the *_add_user argument name
  from `users` to `user`
- don't remove HBAC testing data while it was still used
2012-03-19 16:33:35 +01:00
John Dennis
2673782aec ticket 1600 - convert unittests to use DN objects
We have a larger goal of replacing all DN creation via string
formatting/concatenation with DN object operations because string
operations are not a safe way to form a DN nor to compare a DN. This
work needs to be broken into smaller chunks for easier review and
testing.

Addressing the unit tests first makes sense because we don't want to
be modifying both the core code and the tests used to verify the core
code simultaneously. If we modify the unittests first with existing
core code and no regressions are found then we can move on to
modifying parts of the core code with the belief the unittests can
validate the changes in the core code. Also by doing the unittests
first we also help to validate the DN objects are working correctly
(although they do have an extensive unittest).

The fundamental changes are:

* replace string substitution & concatenation with DN object
  constructor

* when comparing dn's the comparision is done after promotion
  to a DN object, then two DN objects are compared

* when a list of string dn's are to be compared a new list is
  formed where each string dn is replaced by a DN object

* because the unittest framework accepts a complex data structure of
  expected values where dn's are represeted as strings the unittest
  needs to express the expected value of a dn as a callable object
  (e.g. a lambda expression) which promotes the dn string to a DN
  object in order to do the comparision.
2011-08-16 23:52:26 -04:00
Jakub Hrozek
7493d781df Change FreeIPA license to GPLv3+
The changes include:
 * Change license blobs in source files to mention GPLv3+ not GPLv2 only
 * Add GPLv3+ license text
 * Package COPYING not LICENSE as the license blobs (even the old ones)
   mention COPYING specifically, it is also more common, I think

 https://fedorahosted.org/freeipa/ticket/239
2010-12-20 17:19:53 -05:00
Rob Crittenden
ffc967b47a Fix a slew of tests.
- Skip the DNS tests if DNS isn't configured
- Add new attributes to user entries (displayname, cn and initials)
- Make the nsaccountlock value consistent
- Fix the cert subject for cert tests
2010-12-17 17:01:57 -05:00
Rob Crittenden
d885339f1c Require that hosts be resolvable in DNS. Use --force to ignore warnings.
This also requires a resolvable hostname on services as well. I want
people to think long and hard about adding things that aren't resolvable.

The cert plugin can automatically create services on the user's behalf when
issuing a cert. It will always set the force flag to True.

We use a lot of made-up host names in the test system, all of which require
the force flag now.

ticket #25
2010-08-06 15:31:57 -04:00
Rob Crittenden
efa11d3746 Fix replacing a certificate in a service.
When a service has a certificate and the CA backend doesn't support
revocation (like selfsign) then we simply drop the old certificate in
preparation for adding a new one. We weren't setting the usercertificate
attribute to None so there was nothing to do in ldap_update().

Added a test case for this situation to ensure that re-issuing a certificate
works.

ticket #88
2010-08-06 13:12:21 -04:00
Rob Crittenden
c9e0b43d53 Add test to ensure that a certificate we issue is actually stored properly. 2010-07-13 09:28:03 -04:00
Rob Crittenden
b7f557e3cf Fix the cert plugin tests
These tests rely on the existence of a backend CA. It is easiest to
test with a self-signed CA in ~/.ipa so that is what I documented.

These tests are skipped if no CA is available.

Improved robustness a bit by putting the cleanup as a separate test.
2010-02-09 02:13:06 -07:00
Jason Gerard DeRose
b6e4972e7f Take 2: Extensible return values and validation; steps toward a single output_for_cli(); enable more webUI stuff 2009-12-10 08:29:15 -07:00
Rob Crittenden
8115b28c99 Add minimal test for the cert plugin
This assumes that the developer has the equivalent of a selfsign CA
installed. To do this, install IPA without a CA and copy
/etc/httpd/alias/*.db to ~/.ipa/alias and
/etc/httpd/alias/pwdfile.txt to ~/.ipa/alias/.pwd
2009-12-03 09:58:56 -07:00