Since sudo commands are case-sensitive, we can't use the CN as the RDN.
With this patch, the UUID is used instead.
It seems like a too easy fix. What am I missing?

As far as I understand, the fact that the DN has a different structure now shouldn't cause problems, even if there still are commands created by old IPA versions.
For testing, use an unpatched version to create a few of these.

The sudo commands are no longer sorted in sudocmd-find output. Doing that would require the ability to use an arbitrary attribute as sort key. Should I file an issue for that?

Tests for the case sensitivity are included.

https://fedorahosted.org/freeipa/ticket/2482

--
PetrĀ³


From e07451ae2c152feb3ce87c5241793025f12f8b2e Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Thu, 8 Mar 2012 07:55:00 -0500
Subject: [PATCH] Use ipauniqueid for the RDN of sudo commands

Since sudo commands are case-sensitive, we can't use the CN
as the RDN.

Tests for case-sensitive behavior included

https://fedorahosted.org/freeipa/ticket/2482
---
 ipalib/plugins/sudocmd.py                     |    1 +
 tests/test_xmlrpc/test_sudocmd_plugin.py      |   82 +++++++++++++++++++++----
 tests/test_xmlrpc/test_sudocmdgroup_plugin.py |   82 +++++++++++++++++++++---
 tests/test_xmlrpc/xmlrpc_test.py              |   13 +++-
 4 files changed, 150 insertions(+), 28 deletions(-)

diff --git a/ipalib/plugins/sudocmd.py b/ipalib/plugins/sudocmd.py
index 42068edea3c51804be9ee5919934462afbee578f..f27a58cadd6e6abc16611621387f26125737bf78 100644
--- a/ipalib/plugins/sudocmd.py
+++ b/ipalib/plugins/sudocmd.py
@@ -62,6 +62,7 @@ class sudocmd(LDAPObject):
         'memberof': ['sudocmdgroup'],
     }
     uuid_attribute = 'ipauniqueid'
+    rdn_attribute = 'ipauniqueid'
     label = _('Sudo Commands')
     label_singular = _('Sudo Command')
 
diff --git a/tests/test_xmlrpc/test_sudocmd_plugin.py b/tests/test_xmlrpc/test_sudocmd_plugin.py
index cbbd26cd7061ee73c44f691692072daaf6f84f50..a9f118460432e9c33f665db05df0340d73da885d 100644
--- a/tests/test_xmlrpc/test_sudocmd_plugin.py
+++ b/tests/test_xmlrpc/test_sudocmd_plugin.py
@@ -22,17 +22,20 @@ Test the `ipalib/plugins/sudocmd.py` module.
 """
 
 from ipalib import api, errors
-from tests.test_xmlrpc.xmlrpc_test import Declarative, fuzzy_uuid
+from tests.test_xmlrpc.xmlrpc_test import (Declarative, fuzzy_sudocmddn,
+    fuzzy_uuid)
 from tests.test_xmlrpc import objectclasses
 from ipalib.dn import *
 
 sudocmd1 = u'/usr/bin/sudotestcmd1'
+sudocmd1_camelcase = u'/usr/bin/sudoTestCmd1'
 
 
 class test_sudocmd(Declarative):
 
     cleanup_commands = [
         ('sudocmd_del', [sudocmd1], {}),
+        ('sudocmd_del', [sudocmd1_camelcase], {}),
     ]
 
     tests = [
@@ -69,9 +72,7 @@ class test_sudocmd(Declarative):
                 value=sudocmd1,
                 summary=u'Added Sudo Command "%s"' % sudocmd1,
                 result=dict(
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                     sudocmd=[sudocmd1],
                     description=[u'Test sudo command 1'],
                     objectclass=objectclasses.sudocmd,
@@ -80,6 +81,26 @@ class test_sudocmd(Declarative):
             ),
         ),
 
+        dict(
+            desc='Create %r' % sudocmd1_camelcase,
+            command=('sudocmd_add', [sudocmd1_camelcase],
+                dict(
+                    description=u'Test sudo command 2',
+                ),
+            ),
+            expected=dict(
+                value=sudocmd1_camelcase,
+                summary=u'Added Sudo Command "%s"' % sudocmd1_camelcase,
+                result=dict(
+                    dn=fuzzy_sudocmddn,
+                    sudocmd=[sudocmd1_camelcase],
+                    description=[u'Test sudo command 2'],
+                    objectclass=objectclasses.sudocmd,
+                    ipauniqueid=[fuzzy_uuid],
+                ),
+            ),
+        ),
+
 
         dict(
             desc='Try to create duplicate %r' % sudocmd1,
@@ -91,6 +112,16 @@ class test_sudocmd(Declarative):
             expected=errors.DuplicateEntry(),
         ),
 
+        dict(
+            desc='Try to create duplicate %r' % sudocmd1_camelcase,
+            command=('sudocmd_add', [sudocmd1_camelcase],
+                dict(
+                    description=u'Test sudo command 2',
+                ),
+            ),
+            expected=errors.DuplicateEntry(),
+        ),
+
 
         dict(
             desc='Retrieve %r' % sudocmd1,
@@ -99,9 +130,7 @@ class test_sudocmd(Declarative):
                 value=sudocmd1,
                 summary=None,
                 result=dict(
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                     sudocmd=[sudocmd1],
                     description=[u'Test sudo command 1'],
                 ),
@@ -118,9 +147,7 @@ class test_sudocmd(Declarative):
                 summary=u'1 Sudo Command matched',
                 result=[
                     dict(
-                        dn=lambda x: DN(x) == \
-                            DN(('sudocmd',sudocmd1),('cn','sudocmds'),
-                               ('cn','sudo'),api.env.basedn),
+                        dn=fuzzy_sudocmddn,
                         sudocmd=[sudocmd1],
                         description=[u'Test sudo command 1'],
                     ),
@@ -128,6 +155,23 @@ class test_sudocmd(Declarative):
             ),
         ),
 
+        dict(
+            desc='Search for %r' % sudocmd1_camelcase,
+            command=('sudocmd_find', [sudocmd1_camelcase], {}),
+            expected=dict(
+                count=1,
+                truncated=False,
+                summary=u'1 Sudo Command matched',
+                result=[
+                    dict(
+                        dn=fuzzy_sudocmddn,
+                        sudocmd=[sudocmd1_camelcase],
+                        description=[u'Test sudo command 2'],
+                    ),
+                ],
+            ),
+        ),
+
 
         dict(
             desc='Update %r' % sudocmd1,
@@ -151,9 +195,7 @@ class test_sudocmd(Declarative):
                 value=sudocmd1,
                 summary=None,
                 result=dict(
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                     sudocmd=[sudocmd1],
                     description=[u'Updated sudo command 1'],
                 ),
@@ -191,4 +233,18 @@ class test_sudocmd(Declarative):
             command=('sudocmd_del', [sudocmd1], {}),
             expected=errors.NotFound(reason='no such entry'),
         ),
+
+        dict(
+            desc='Retrieve %r' % sudocmd1_camelcase,
+            command=('sudocmd_show', [sudocmd1_camelcase], {}),
+            expected=dict(
+                value=sudocmd1_camelcase,
+                summary=None,
+                result=dict(
+                    dn=fuzzy_sudocmddn,
+                    sudocmd=[sudocmd1_camelcase],
+                    description=[u'Test sudo command 2'],
+                ),
+            ),
+        ),
     ]
diff --git a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
index 8a534b2bf9f8f73c6304555a2bef3c52a367e626..f709a876d420a2bab98598ae94defc1c21272b34 100644
--- a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
+++ b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
@@ -22,18 +22,20 @@ Test the `ipalib/plugins/sudocmdgroup.py` module.
 
 from ipalib import api, errors
 from tests.test_xmlrpc import objectclasses
-from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid
+from xmlrpc_test import Declarative, fuzzy_sudocmddn, fuzzy_digits, fuzzy_uuid
 from ipalib.dn import *
 
 sudocmdgroup1 = u'testsudocmdgroup1'
 sudocmdgroup2 = u'testsudocmdgroup2'
 sudocmd1 = u'/usr/bin/sudotestcmd1'
+sudocmd1_camelcase = u'/usr/bin/sudoTestCmd1'
 
 class test_sudocmdgroup(Declarative):
     cleanup_commands = [
         ('sudocmdgroup_del', [sudocmdgroup1], {}),
         ('sudocmdgroup_del', [sudocmdgroup2], {}),
         ('sudocmd_del', [sudocmd1], {}),
+        ('sudocmd_del', [sudocmd1_camelcase], {}),
     ]
 
     tests = [
@@ -53,13 +55,28 @@ class test_sudocmdgroup(Declarative):
                     sudocmd=[u'/usr/bin/sudotestcmd1'],
                     ipauniqueid=[fuzzy_uuid],
                     description=[u'Test sudo command 1'],
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                 ),
             ),
         ),
 
+        dict(
+            desc='Create %r' % sudocmd1_camelcase,
+            command=(
+                'sudocmd_add', [], dict(sudocmd=sudocmd1_camelcase, description=u'Test sudo command 2')
+            ),
+            expected=dict(
+                value=sudocmd1_camelcase,
+                summary=u'Added Sudo Command "%s"' % sudocmd1_camelcase,
+                result=dict(
+                    objectclass=objectclasses.sudocmd,
+                    sudocmd=[u'/usr/bin/sudoTestCmd1'],
+                    ipauniqueid=[fuzzy_uuid],
+                    description=[u'Test sudo command 2'],
+                    dn=fuzzy_sudocmddn,
+                ),
+            ),
+        ),
 
         dict(
             desc='Verify the managed sudo command %r was created' % sudocmd1,
@@ -70,9 +87,7 @@ class test_sudocmdgroup(Declarative):
                 result=dict(
                     sudocmd=[sudocmd1],
                     description=[u'Test sudo command 1'],
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                 ),
             ),
         ),
@@ -394,12 +409,10 @@ class test_sudocmdgroup(Declarative):
                 value=sudocmd1,
                 summary=None,
                 result=dict(
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                     sudocmd=[sudocmd1],
                     description=[u'Test sudo command 1'],
-                    memberof_sudocmdgroup = [u'testsudocmdgroup1'],
+                    memberof_sudocmdgroup=[u'testsudocmdgroup1'],
                 ),
             ),
         ),
@@ -429,6 +442,30 @@ class test_sudocmdgroup(Declarative):
         ),
 
         dict(
+            desc='Add member %r to %r' % (sudocmd1_camelcase, sudocmdgroup1),
+            command=(
+                'sudocmdgroup_add_member', [sudocmdgroup1],
+                dict(sudocmd=sudocmd1_camelcase)
+            ),
+            expected=dict(
+                completed=1,
+                failed=dict(
+                    member=dict(
+                        sudocmd=tuple(),
+                    ),
+                ),
+                result={
+                        'dn': lambda x: DN(x) == \
+                            DN(('cn',sudocmdgroup1),('cn','sudocmdgroups'),
+                               ('cn','sudo'),api.env.basedn),
+                        'member_sudocmd': (sudocmd1, sudocmd1_camelcase),
+                        'cn': [sudocmdgroup1],
+                        'description': [u'New desc 1'],
+                },
+            ),
+        ),
+
+        dict(
             desc='Remove member %r from %r' % (sudocmd1, sudocmdgroup1),
             command=('sudocmdgroup_remove_member',
                 [sudocmdgroup1], dict(sudocmd=sudocmd1)
@@ -444,6 +481,29 @@ class test_sudocmdgroup(Declarative):
                     'dn': lambda x: DN(x) == \
                         DN(('cn',sudocmdgroup1),('cn','sudocmdgroups'),
                            ('cn','sudo'),api.env.basedn),
+                    'member_sudocmd': (sudocmd1_camelcase,),
+                    'cn': [sudocmdgroup1],
+                    'description': [u'New desc 1'],
+                },
+            ),
+        ),
+
+        dict(
+            desc='Remove member %r from %r' % (sudocmd1_camelcase, sudocmdgroup1),
+            command=('sudocmdgroup_remove_member',
+                [sudocmdgroup1], dict(sudocmd=sudocmd1_camelcase)
+            ),
+            expected=dict(
+                completed=1,
+                failed=dict(
+                    member=dict(
+                        sudocmd=tuple(),
+                    ),
+                ),
+                result={
+                    'dn': lambda x: DN(x) == \
+                        DN(('cn',sudocmdgroup1),('cn','sudocmdgroups'),
+                           ('cn','sudo'),api.env.basedn),
                     'cn': [sudocmdgroup1],
                     'description': [u'New desc 1'],
                 },
diff --git a/tests/test_xmlrpc/xmlrpc_test.py b/tests/test_xmlrpc/xmlrpc_test.py
index fd30cc63b6ef16f9b12a2fa7ed5197f476fd4521..8b8fb1a68facda6050b725d31df3d72315cc42cb 100644
--- a/tests/test_xmlrpc/xmlrpc_test.py
+++ b/tests/test_xmlrpc/xmlrpc_test.py
@@ -35,14 +35,19 @@ from ipalib.x509 import valid_issuer
 # or `long`?  If not, we still need to return them as `unicode` instead of `str`.
 fuzzy_digits = Fuzzy('^\d+$', type=basestring)
 
+uuid_re = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
+
 # Matches an ipauniqueid like u'784d85fd-eae7-11de-9d01-54520012478b'
-fuzzy_uuid = Fuzzy(
-    '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'
-)
+fuzzy_uuid = Fuzzy('^%s$' % uuid_re)
 
 # Matches netgroup dn
 fuzzy_netgroupdn = Fuzzy(
-    'ipauniqueid=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},cn=ng,cn=alt,%s' % api.env.basedn
+    'ipauniqueid=%s,cn=ng,cn=alt,%s' % (uuid_re, api.env.basedn)
+)
+
+# Matches sudocmd dn
+fuzzy_sudocmddn = Fuzzy(
+    'ipauniqueid=%s,cn=sudocmds,cn=sudo,%s' % (uuid_re, api.env.basedn)
 )
 
 # Matches a hash signature, not enforcing length
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to