On 03/12/2012 01:26 PM, Martin Kosek wrote:
On Thu, 2012-03-08 at 16:57 +0100, Petr Viktorin wrote:
Since sudo commands are case-sensitive, we can't use the CN as the RDN.
With this patch, the UUID is used instead.
It seems like a too easy fix. What am I missing?

As far as I understand, the fact that the DN has a different structure
now shouldn't cause problems, even if there still are commands created
by old IPA versions.
For testing, use an unpatched version to create a few of these.

The sudo commands are no longer sorted in sudocmd-find output. Doing
that would require the ability to use an arbitrary attribute as sort
key. Should I file an issue for that?

I don't think that's necessary. We sort by LDAP object's primary key and
since new SUDO commands still have sudocmd as its primary key, the
sorting should just work (at least it does for me).

Right, sorry for the noise.


Tests for the case sensitivity are included.

https://fedorahosted.org/freeipa/ticket/2482

This works pretty fine. Both my old client tests and sudoers compat tree
tests looks good. So, cautious ACK from me.

Martin


The attached version is rebased against my patch 20.

--
PetrĀ³
From bad3dc3722720369ec95f3c6b7029db72c223c3f Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Thu, 8 Mar 2012 07:55:00 -0500
Subject: [PATCH] Use ipauniqueid for the RDN of sudo commands

Since sudo commands are case-sensitive, we can't use the CN
as the RDN.

Tests for case-sensitive behavior included

https://fedorahosted.org/freeipa/ticket/2482
---
 ipalib/plugins/sudocmd.py                     |    1 +
 tests/test_xmlrpc/test_sudocmd_plugin.py      |   82 ++++++++++++++++++++----
 tests/test_xmlrpc/test_sudocmdgroup_plugin.py |   86 +++++++++++++++++++++----
 tests/test_xmlrpc/xmlrpc_test.py              |   13 +++-
 4 files changed, 151 insertions(+), 31 deletions(-)

diff --git a/ipalib/plugins/sudocmd.py b/ipalib/plugins/sudocmd.py
index 42068edea3c51804be9ee5919934462afbee578f..f27a58cadd6e6abc16611621387f26125737bf78 100644
--- a/ipalib/plugins/sudocmd.py
+++ b/ipalib/plugins/sudocmd.py
@@ -62,6 +62,7 @@ class sudocmd(LDAPObject):
         'memberof': ['sudocmdgroup'],
     }
     uuid_attribute = 'ipauniqueid'
+    rdn_attribute = 'ipauniqueid'
     label = _('Sudo Commands')
     label_singular = _('Sudo Command')
 
diff --git a/tests/test_xmlrpc/test_sudocmd_plugin.py b/tests/test_xmlrpc/test_sudocmd_plugin.py
index cbbd26cd7061ee73c44f691692072daaf6f84f50..a9f118460432e9c33f665db05df0340d73da885d 100644
--- a/tests/test_xmlrpc/test_sudocmd_plugin.py
+++ b/tests/test_xmlrpc/test_sudocmd_plugin.py
@@ -22,17 +22,20 @@ Test the `ipalib/plugins/sudocmd.py` module.
 """
 
 from ipalib import api, errors
-from tests.test_xmlrpc.xmlrpc_test import Declarative, fuzzy_uuid
+from tests.test_xmlrpc.xmlrpc_test import (Declarative, fuzzy_sudocmddn,
+    fuzzy_uuid)
 from tests.test_xmlrpc import objectclasses
 from ipalib.dn import *
 
 sudocmd1 = u'/usr/bin/sudotestcmd1'
+sudocmd1_camelcase = u'/usr/bin/sudoTestCmd1'
 
 
 class test_sudocmd(Declarative):
 
     cleanup_commands = [
         ('sudocmd_del', [sudocmd1], {}),
+        ('sudocmd_del', [sudocmd1_camelcase], {}),
     ]
 
     tests = [
@@ -69,9 +72,7 @@ class test_sudocmd(Declarative):
                 value=sudocmd1,
                 summary=u'Added Sudo Command "%s"' % sudocmd1,
                 result=dict(
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                     sudocmd=[sudocmd1],
                     description=[u'Test sudo command 1'],
                     objectclass=objectclasses.sudocmd,
@@ -80,6 +81,26 @@ class test_sudocmd(Declarative):
             ),
         ),
 
+        dict(
+            desc='Create %r' % sudocmd1_camelcase,
+            command=('sudocmd_add', [sudocmd1_camelcase],
+                dict(
+                    description=u'Test sudo command 2',
+                ),
+            ),
+            expected=dict(
+                value=sudocmd1_camelcase,
+                summary=u'Added Sudo Command "%s"' % sudocmd1_camelcase,
+                result=dict(
+                    dn=fuzzy_sudocmddn,
+                    sudocmd=[sudocmd1_camelcase],
+                    description=[u'Test sudo command 2'],
+                    objectclass=objectclasses.sudocmd,
+                    ipauniqueid=[fuzzy_uuid],
+                ),
+            ),
+        ),
+
 
         dict(
             desc='Try to create duplicate %r' % sudocmd1,
@@ -91,6 +112,16 @@ class test_sudocmd(Declarative):
             expected=errors.DuplicateEntry(),
         ),
 
+        dict(
+            desc='Try to create duplicate %r' % sudocmd1_camelcase,
+            command=('sudocmd_add', [sudocmd1_camelcase],
+                dict(
+                    description=u'Test sudo command 2',
+                ),
+            ),
+            expected=errors.DuplicateEntry(),
+        ),
+
 
         dict(
             desc='Retrieve %r' % sudocmd1,
@@ -99,9 +130,7 @@ class test_sudocmd(Declarative):
                 value=sudocmd1,
                 summary=None,
                 result=dict(
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                     sudocmd=[sudocmd1],
                     description=[u'Test sudo command 1'],
                 ),
@@ -118,9 +147,7 @@ class test_sudocmd(Declarative):
                 summary=u'1 Sudo Command matched',
                 result=[
                     dict(
-                        dn=lambda x: DN(x) == \
-                            DN(('sudocmd',sudocmd1),('cn','sudocmds'),
-                               ('cn','sudo'),api.env.basedn),
+                        dn=fuzzy_sudocmddn,
                         sudocmd=[sudocmd1],
                         description=[u'Test sudo command 1'],
                     ),
@@ -128,6 +155,23 @@ class test_sudocmd(Declarative):
             ),
         ),
 
+        dict(
+            desc='Search for %r' % sudocmd1_camelcase,
+            command=('sudocmd_find', [sudocmd1_camelcase], {}),
+            expected=dict(
+                count=1,
+                truncated=False,
+                summary=u'1 Sudo Command matched',
+                result=[
+                    dict(
+                        dn=fuzzy_sudocmddn,
+                        sudocmd=[sudocmd1_camelcase],
+                        description=[u'Test sudo command 2'],
+                    ),
+                ],
+            ),
+        ),
+
 
         dict(
             desc='Update %r' % sudocmd1,
@@ -151,9 +195,7 @@ class test_sudocmd(Declarative):
                 value=sudocmd1,
                 summary=None,
                 result=dict(
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                     sudocmd=[sudocmd1],
                     description=[u'Updated sudo command 1'],
                 ),
@@ -191,4 +233,18 @@ class test_sudocmd(Declarative):
             command=('sudocmd_del', [sudocmd1], {}),
             expected=errors.NotFound(reason='no such entry'),
         ),
+
+        dict(
+            desc='Retrieve %r' % sudocmd1_camelcase,
+            command=('sudocmd_show', [sudocmd1_camelcase], {}),
+            expected=dict(
+                value=sudocmd1_camelcase,
+                summary=None,
+                result=dict(
+                    dn=fuzzy_sudocmddn,
+                    sudocmd=[sudocmd1_camelcase],
+                    description=[u'Test sudo command 2'],
+                ),
+            ),
+        ),
     ]
diff --git a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
index 9f2bf3336be542d74d016976f98086b92310c37f..26913b8ad68d052efdaf7c3b40856d55e81f7317 100644
--- a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
+++ b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
@@ -22,12 +22,13 @@ Test the `ipalib/plugins/sudocmdgroup.py` module.
 
 from ipalib import api, errors
 from tests.test_xmlrpc import objectclasses
-from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid
+from xmlrpc_test import Declarative, fuzzy_sudocmddn, fuzzy_digits, fuzzy_uuid
 from ipalib.dn import *
 
 sudocmdgroup1 = u'testsudocmdgroup1'
 sudocmdgroup2 = u'testsudocmdgroup2'
 sudocmd1 = u'/usr/bin/sudotestcmd1'
+sudocmd1_camelcase = u'/usr/bin/sudoTestCmd1'
 sudocmd_plus = u'/bin/ls -l /lost+found/*'
 
 def create_command(sudocmd):
@@ -45,9 +46,7 @@ def create_command(sudocmd):
                 sudocmd=[sudocmd],
                 ipauniqueid=[fuzzy_uuid],
                 description=[u'Test sudo command'],
-                dn=lambda x: DN(x) == \
-                    DN(('sudocmd',sudocmd),('cn','sudocmds'),('cn','sudo'),
-                    api.env.basedn),
+                dn=fuzzy_sudocmddn,
             ),
         ),
     )
@@ -57,6 +56,7 @@ class test_sudocmdgroup(Declarative):
         ('sudocmdgroup_del', [sudocmdgroup1], {}),
         ('sudocmdgroup_del', [sudocmdgroup2], {}),
         ('sudocmd_del', [sudocmd1], {}),
+        ('sudocmd_del', [sudocmd1_camelcase], {}),
         ('sudocmd_del', [sudocmd_plus], {}),
     ]
 
@@ -77,13 +77,28 @@ class test_sudocmdgroup(Declarative):
                     sudocmd=[u'/usr/bin/sudotestcmd1'],
                     ipauniqueid=[fuzzy_uuid],
                     description=[u'Test sudo command 1'],
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                 ),
             ),
         ),
 
+        dict(
+            desc='Create %r' % sudocmd1_camelcase,
+            command=(
+                'sudocmd_add', [], dict(sudocmd=sudocmd1_camelcase, description=u'Test sudo command 2')
+            ),
+            expected=dict(
+                value=sudocmd1_camelcase,
+                summary=u'Added Sudo Command "%s"' % sudocmd1_camelcase,
+                result=dict(
+                    objectclass=objectclasses.sudocmd,
+                    sudocmd=[u'/usr/bin/sudoTestCmd1'],
+                    ipauniqueid=[fuzzy_uuid],
+                    description=[u'Test sudo command 2'],
+                    dn=fuzzy_sudocmddn,
+                ),
+            ),
+        ),
 
         dict(
             desc='Verify the managed sudo command %r was created' % sudocmd1,
@@ -94,9 +109,7 @@ class test_sudocmdgroup(Declarative):
                 result=dict(
                     sudocmd=[sudocmd1],
                     description=[u'Test sudo command 1'],
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                 ),
             ),
         ),
@@ -418,12 +431,10 @@ class test_sudocmdgroup(Declarative):
                 value=sudocmd1,
                 summary=None,
                 result=dict(
-                    dn=lambda x: DN(x) == \
-                        DN(('sudocmd',sudocmd1),('cn','sudocmds'),('cn','sudo'),
-                           api.env.basedn),
+                    dn=fuzzy_sudocmddn,
                     sudocmd=[sudocmd1],
                     description=[u'Test sudo command 1'],
-                    memberof_sudocmdgroup = [u'testsudocmdgroup1'],
+                    memberof_sudocmdgroup=[u'testsudocmdgroup1'],
                 ),
             ),
         ),
@@ -453,6 +464,30 @@ class test_sudocmdgroup(Declarative):
         ),
 
         dict(
+            desc='Add member %r to %r' % (sudocmd1_camelcase, sudocmdgroup1),
+            command=(
+                'sudocmdgroup_add_member', [sudocmdgroup1],
+                dict(sudocmd=sudocmd1_camelcase)
+            ),
+            expected=dict(
+                completed=1,
+                failed=dict(
+                    member=dict(
+                        sudocmd=tuple(),
+                    ),
+                ),
+                result={
+                        'dn': lambda x: DN(x) == \
+                            DN(('cn',sudocmdgroup1),('cn','sudocmdgroups'),
+                               ('cn','sudo'),api.env.basedn),
+                        'member_sudocmd': (sudocmd1, sudocmd1_camelcase),
+                        'cn': [sudocmdgroup1],
+                        'description': [u'New desc 1'],
+                },
+            ),
+        ),
+
+        dict(
             desc='Remove member %r from %r' % (sudocmd1, sudocmdgroup1),
             command=('sudocmdgroup_remove_member',
                 [sudocmdgroup1], dict(sudocmd=sudocmd1)
@@ -468,6 +503,29 @@ class test_sudocmdgroup(Declarative):
                     'dn': lambda x: DN(x) == \
                         DN(('cn',sudocmdgroup1),('cn','sudocmdgroups'),
                            ('cn','sudo'),api.env.basedn),
+                    'member_sudocmd': (sudocmd1_camelcase,),
+                    'cn': [sudocmdgroup1],
+                    'description': [u'New desc 1'],
+                },
+            ),
+        ),
+
+        dict(
+            desc='Remove member %r from %r' % (sudocmd1_camelcase, sudocmdgroup1),
+            command=('sudocmdgroup_remove_member',
+                [sudocmdgroup1], dict(sudocmd=sudocmd1_camelcase)
+            ),
+            expected=dict(
+                completed=1,
+                failed=dict(
+                    member=dict(
+                        sudocmd=tuple(),
+                    ),
+                ),
+                result={
+                    'dn': lambda x: DN(x) == \
+                        DN(('cn',sudocmdgroup1),('cn','sudocmdgroups'),
+                           ('cn','sudo'),api.env.basedn),
                     'cn': [sudocmdgroup1],
                     'description': [u'New desc 1'],
                 },
diff --git a/tests/test_xmlrpc/xmlrpc_test.py b/tests/test_xmlrpc/xmlrpc_test.py
index fd30cc63b6ef16f9b12a2fa7ed5197f476fd4521..8b8fb1a68facda6050b725d31df3d72315cc42cb 100644
--- a/tests/test_xmlrpc/xmlrpc_test.py
+++ b/tests/test_xmlrpc/xmlrpc_test.py
@@ -35,14 +35,19 @@ from ipalib.x509 import valid_issuer
 # or `long`?  If not, we still need to return them as `unicode` instead of `str`.
 fuzzy_digits = Fuzzy('^\d+$', type=basestring)
 
+uuid_re = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
+
 # Matches an ipauniqueid like u'784d85fd-eae7-11de-9d01-54520012478b'
-fuzzy_uuid = Fuzzy(
-    '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'
-)
+fuzzy_uuid = Fuzzy('^%s$' % uuid_re)
 
 # Matches netgroup dn
 fuzzy_netgroupdn = Fuzzy(
-    'ipauniqueid=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},cn=ng,cn=alt,%s' % api.env.basedn
+    'ipauniqueid=%s,cn=ng,cn=alt,%s' % (uuid_re, api.env.basedn)
+)
+
+# Matches sudocmd dn
+fuzzy_sudocmddn = Fuzzy(
+    'ipauniqueid=%s,cn=sudocmds,cn=sudo,%s' % (uuid_re, api.env.basedn)
 )
 
 # Matches a hash signature, not enforcing length
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to