websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.7.2

Browse Source
This commit is contained in:
Mario Fetka
2021-08-09 20:54:00 +02:00
parent 3bfaa6e020
commit a791de49a2
2175 changed files with 1764288 additions and 331861 deletions
Download Patch File Download Diff File Expand all files Collapse all files

316
ipatests/test_xmlrpc/test_old_permission_plugin.py
View File

@@ -19,7 +19,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Test the `ipalib/plugins/permission.py` module with old API.
Test the `ipaserver/plugins/permission.py` module with old API.
This ensures basic backwards compatibility for code before
http://www.freeipa.org/page/V3/Permissions_V2
@@ -27,8 +27,9 @@ http://www.freeipa.org/page/V3/Permissions_V2
from ipalib import api, errors
from ipatests.test_xmlrpc import objectclasses
from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid
from ipatests.test_xmlrpc.xmlrpc_test import Declarative
from ipapython.dn import DN
import pytest
permission1 = u'testperm'
permission1_dn = DN(('cn',permission1),
@@ -72,10 +73,12 @@ permission3_attributelevelrights = {
'ipapermbindruletype': u'rscwo',
'ipapermdefaultattr': u'rscwo',
'ipapermexcludedattr': u'rscwo',
'ipapermlocation': u'rscwo',
'ipapermright': u'rscwo',
'subtree': u'rscwo', # old
'permissions': u'rscwo', # old
'ipapermtarget': u'rscwo',
'ipapermtargetfilter': u'rscwo',
'ipapermtargetto': u'rscwo',
'ipapermtargetfrom': u'rscwo',
}
privilege1 = u'testpriv1'
@@ -88,6 +91,8 @@ users_dn = DN(api.env.container_user, api.env.basedn)
groups_dn = DN(api.env.container_group, api.env.basedn)
hbac_dn = DN(api.env.container_hbac, api.env.basedn)
@pytest.mark.tier1
class test_old_permission(Declarative):
default_version = u'2.65'
@@ -209,7 +214,6 @@ class test_old_permission(Declarative):
'cn': [privilege1],
'description': [u'privilege desc. 1'],
'memberof_permission': [permission1],
'objectclass': objectclasses.privilege,
}
),
),
@@ -263,9 +267,57 @@ class test_old_permission(Declarative):
),
dict(
desc='Search for %r with members' % permission1,
command=('permission_find', [permission1], {'no_members': False}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
],
),
),
dict(
desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
],
),
),
dict(
desc='Search for %r using --name with members' % permission1,
command=('permission_find', [], {
'cn': permission1, 'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -299,7 +351,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -324,8 +375,8 @@ class test_old_permission(Declarative):
dict(
desc='Search for %r' % privilege1,
command=('permission_find', [privilege1], {}),
desc='Search for %r with members' % privilege1,
command=('permission_find', [privilege1], {'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -348,8 +399,32 @@ class test_old_permission(Declarative):
dict(
desc='Search for %r with --raw' % permission1,
command=('permission_find', [permission1], {'raw' : True}),
desc='Search for %r' % privilege1,
command=('permission_find', [privilege1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
],
),
),
dict(
desc='Search for %r with --raw with members' % permission1,
command=('permission_find', [permission1], {
'raw': True, 'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -373,6 +448,38 @@ class test_old_permission(Declarative):
),
dict(
desc='Search for %r with --raw' % permission1,
command=('permission_find', [permission1], {'raw': True}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'aci': [
u'(targetfilter = "(objectclass=posixaccount)")'
u'(version 3.0;acl "permission:testperm";'
u'allow (write) groupdn = "ldap:///%s";)' %
DN(
('cn', 'testperm'), ('cn', 'permissions'),
('cn', 'pbac'), api.env.basedn
)
],
'ipapermright': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
'ipapermlocation': [users_dn],
},
],
),
),
dict(
desc='Create %r' % permission2,
command=(
@@ -401,6 +508,40 @@ class test_old_permission(Declarative):
),
dict(
desc='Search for %r with members' % permission1,
command=('permission_find', [permission1], {'no_members': False}),
expected=dict(
count=2,
truncated=False,
summary=u'2 permissions matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
{
'dn': permission2_dn,
'cn': [permission2],
'objectclass': objectclasses.permission,
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
],
),
),
dict(
desc='Search for %r' % permission1,
command=('permission_find', [permission1], {}),
@@ -413,7 +554,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -481,8 +621,8 @@ class test_old_permission(Declarative):
dict(
desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}),
desc='Search for %r with members' % privilege1,
command=('privilege_find', [privilege1], {'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -500,8 +640,28 @@ class test_old_permission(Declarative):
dict(
desc='Search for %r with a limit of 1 (truncated)' % permission1,
command=('permission_find', [permission1], dict(sizelimit=1)),
desc='Search for %r' % privilege1,
command=('privilege_find', [privilege1], {}),
expected=dict(
count=1,
truncated=False,
summary=u'1 privilege matched',
result=[
{
'dn': privilege1_dn,
'cn': [privilege1],
'description': [u'privilege desc. 1'],
},
],
),
),
dict(
desc=('Search for %r with a limit of 1 (truncated) with members' %
permission1),
command=('permission_find', [permission1], dict(
sizelimit=1, no_members=False)),
expected=dict(
count=1,
truncated=True,
@@ -519,6 +679,49 @@ class test_old_permission(Declarative):
'subtree': u'ldap:///%s' % users_dn,
},
],
messages=({
'message': (u'Search result has been truncated: '
u'Configured size limit exceeded'),
'code': 13017,
'type': u'warning',
'name': u'SearchResultTruncated',
'data': {
'reason': u"Configured size limit exceeded"
}
},),
),
),
dict(
desc='Search for %r with a limit of 1 (truncated)' % permission1,
command=('permission_find', [permission1], dict(sizelimit=1)),
expected=dict(
count=1,
truncated=True,
summary=u'1 permission matched',
result=[
{
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
'subtree': u'ldap:///%s' % users_dn,
},
],
messages=({
'message': (u'Search result has been truncated: '
u'Configured size limit exceeded'),
'code': 13017,
'type': u'warning',
'name': u'SearchResultTruncated',
'data': {
'reason': u"Configured size limit exceeded"
}
},),
),
),
@@ -535,7 +738,6 @@ class test_old_permission(Declarative):
'dn': permission1_dn,
'cn': [permission1],
'objectclass': objectclasses.permission,
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
@@ -572,6 +774,16 @@ class test_old_permission(Declarative):
DN(res['dn']).endswith(DN(api.env.container_permission,
api.env.basedn)) and
'ipapermission' in res['objectclass']],
messages=({
'message': (u'Search result has been truncated: '
u'Configured size limit exceeded'),
'code': 13017,
'type': u'warning',
'name': u'SearchResultTruncated',
'data': {
'reason': u"Configured size limit exceeded"
}
},),
),
),
@@ -751,9 +963,11 @@ class test_old_permission(Declarative):
dict(
desc='Search for %r using --subtree' % permission1,
command=('permission_find', [],
{'subtree': u'ldap:///%s' % DN(('cn', 'accounts'), api.env.basedn)}),
desc='Search for %r using --subtree with members' % permission1,
command=('permission_find', [], {
'subtree': u'ldap:///%s' % DN(
('cn', 'accounts'), api.env.basedn),
'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -775,6 +989,32 @@ class test_old_permission(Declarative):
),
dict(
desc='Search for %r using --subtree' % permission1,
command=('permission_find', [], {
'subtree': u'ldap:///%s' % DN(
('cn', 'accounts'), api.env.basedn)}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn':permission1_renamed_ucase_dn,
'cn':[permission1_renamed_ucase],
'objectclass': objectclasses.permission,
'subtree':u'ldap:///%s' % DN(
('cn', 'accounts'), api.env.basedn),
'permissions':[u'write'],
'memberof':u'ipausers',
'ipapermbindruletype': [u'permission'],
'ipapermissiontype': [u'V2', u'SYSTEM'],
},
],
),
),
dict(
desc='Search using nonexistent --subtree',
command=('permission_find', [], {'subtree': u'ldap:///foo=bar'}),
@@ -788,8 +1028,9 @@ class test_old_permission(Declarative):
dict(
desc='Search using --targetgroup',
command=('permission_find', [], {'targetgroup': u'ipausers'}),
desc='Search using --targetgroup with members',
command=('permission_find', [], {
'targetgroup': u'ipausers', 'no_members': False}),
expected=dict(
count=1,
truncated=False,
@@ -816,6 +1057,33 @@ class test_old_permission(Declarative):
),
dict(
desc='Search using --targetgroup',
command=('permission_find', [], {'targetgroup': u'ipausers'}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': DN(('cn', 'System: Add User to default group'),
api.env.container_permission, api.env.basedn),
'cn': [u'System: Add User to default group'],
'objectclass': objectclasses.permission,
'attrs': [u'member'],
'targetgroup': u'ipausers',
'permissions': [u'write'],
'ipapermbindruletype': [u'permission'],
'ipapermtarget': [DN('cn=ipausers', groups_dn)],
'subtree': u'ldap:///%s' % groups_dn,
'ipapermdefaultattr': [u'member'],
'ipapermissiontype': [u'V2', u'MANAGED', u'SYSTEM'],
}
],
),
),
dict(
desc='Delete %r' % permission1_renamed_ucase,
command=('permission_del', [permission1_renamed_ucase], {}),
@@ -1028,7 +1296,7 @@ class test_old_permission(Declarative):
'permission_add', [permission3], dict(
type=u'user',
permissions=u'write',
attrs=[u'cn']
attrs=[u'cn']
)
),
expected=dict(
@@ -1055,7 +1323,7 @@ class test_old_permission(Declarative):
value=permission3,
summary=None,
result=dict(
dn=permission3_dn,
dn=permission3_dn,
cn=[permission3],
objectclass=objectclasses.permission,
type=u'user',
@@ -1078,7 +1346,7 @@ class test_old_permission(Declarative):
value=permission3,
summary=u'Modified permission "%s"' % permission3,
result=dict(
dn=permission3_dn,
dn=permission3_dn,
cn=[permission3],
objectclass=objectclasses.permission,
type=u'user',