Imported Upstream version 4.7.2

ipatests/test_ipalib/test_aci.py

@@ -21,13 +21,18 @@
 """
 Test the `ipalib.aci` module.
 """
+from __future__ import print_function
 
 from ipalib.aci import ACI
 
+import pytest
+
+pytestmark = pytest.mark.tier0
+
 def check_aci_parsing(source, expected):
     a = ACI(source)
-    print 'ACI was: ', a
-    print 'Expected:', expected
+    print('ACI was: ', a)
+    print('Expected:', expected)
     assert str(ACI(source)) == expected
 
 def test_aci_parsing_1():
@@ -40,7 +45,7 @@ def test_aci_parsing_1_with_aci_keyword():
 
 def test_aci_parsing_2():
     check_aci_parsing('(target="ldap:///uid=bjensen,dc=example,dc=com")(targetattr=*) (version 3.0;acl "aci1";allow (write) userdn="ldap:///self";)',
-        '(targetattr = "*")(target = "ldap:///uid=bjensen,dc=example,dc=com")(version 3.0;acl "aci1";allow (write) userdn = "ldap:///self";)')
+        '(target = "ldap:///uid=bjensen,dc=example,dc=com")(targetattr = "*")(version 3.0;acl "aci1";allow (write) userdn = "ldap:///self";)')
 
 def test_aci_parsing_3():
     check_aci_parsing(' (targetattr = "givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType  || businessCategory || ou")(version 3.0;acl "Self service";allow (write) userdn = "ldap:///self";)',
@@ -52,11 +57,11 @@ def test_aci_parsing_4():
 
 def test_aci_parsing_5():
     check_aci_parsing('(targetattr=member)(target="ldap:///cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com")(version 3.0;acl "add_user_to_default_group";allow (write) groupdn="ldap:///cn=add_user_to_default_group,cn=taskgroups,dc=example,dc=com";)',
-        '(targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com")(version 3.0;acl "add_user_to_default_group";allow (write) groupdn = "ldap:///cn=add_user_to_default_group,cn=taskgroups,dc=example,dc=com";)')
+        '(target = "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com")(targetattr = "member")(version 3.0;acl "add_user_to_default_group";allow (write) groupdn = "ldap:///cn=add_user_to_default_group,cn=taskgroups,dc=example,dc=com";)')
 
 def test_aci_parsing_6():
     check_aci_parsing('(targetattr!=member)(targe="ldap:///cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com")(version 3.0;acl "add_user_to_default_group";allow (write) groupdn="ldap:///cn=add_user_to_default_group,cn=taskgroups,dc=example,dc=com";)',
-        '(targetattr != "member")(targe = "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com")(version 3.0;acl "add_user_to_default_group";allow (write) groupdn = "ldap:///cn=add_user_to_default_group,cn=taskgroups,dc=example,dc=com";)')
+        '(targe = "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com")(targetattr != "member")(version 3.0;acl "add_user_to_default_group";allow (write) groupdn = "ldap:///cn=add_user_to_default_group,cn=taskgroups,dc=example,dc=com";)')
 
 def test_aci_parsing_7():
     check_aci_parsing('(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "change_password"; allow (write) groupdn = "ldap:///cn=change_password,cn=taskgroups,dc=example,dc=com";)',
@@ -76,7 +81,7 @@ def make_test_aci():
 
 def test_aci_equality():
     a = make_test_aci()
-    print a
+    print(a)
 
     b = ACI()
     b.name ="foo"
@@ -85,17 +90,17 @@ def test_aci_equality():
     b.set_bindrule_operator("=")
     b.set_bindrule_expression("\"ldap:///cn=foo,cn=groups,cn=accounts,dc=example,dc=com\"")
     b.permissions = ['add','read','write']
-    print b
+    print(b)
 
     assert a.isequal(b)
     assert a == b
-    assert not a != b
+    assert not a != b  # pylint: disable=unneeded-not
 
 
 def check_aci_inequality(b):
     a = make_test_aci()
-    print a
-    print b
+    print(a)
+    print(b)
 
     assert not a.isequal(b)
     assert not a == b
@@ -157,3 +162,15 @@ def test_aci_parsing_8():
 def test_aci_parsing_9():
     check_aci_parsing('(targetfilter = "(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))")(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add, delete, read, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=greyoak,dc=com";)',
         '(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(targetfilter = "(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))")(version 3.0;acl "Account Admins can manage Users and Groups";allow (add,delete,read,write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=greyoak,dc=com";)')
+
+
+def test_aci_parsing_10():
+    """test subtypes"""
+    check_aci_parsing('(targetattr="ipaProtectedOperation;read_keys")'
+                      '(version 3.0; acl "Allow trust agents to retrieve '
+                      'keytab keys for cross realm principals"; allow(read) '
+                      'userattr="ipaAllowedToPerform;read_keys#GROUPDN";)',
+                      '(targetattr = "ipaProtectedOperation;read || keys")'
+                      '(version 3.0;acl "Allow trust agents to retrieve '
+                      'keytab keys for cross realm principals";allow (read) '
+                      'userattr = "ipaAllowedToPerform;read_keys#GROUPDN";)')