On 04/10/2014 03:55 PM, Petr Viktorin wrote:
Subject: [PATCH] 0516 Add managed read permissions to realmdomains
Read access is given to all authenticated users.
Jenkins tells me this breaks tests. Since realmdomains ACIs are set on a
single entry, not a container, realmdomains_show --all will include the
ACI in the output. As it should, since we're asking for all LDAP attributes.
Test fix attached.
--
PetrĀ³
From cb3ef663fe02995b732b24dada901c7d3ed8cb13 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Fri, 11 Apr 2014 12:32:08 +0200
Subject: [PATCH] test_realmdomains_plugin: Add default ACI to expected output
Since realmdomains is only one entry, _show with --all will return
the ACI on it. Add it to expected output.
---
ipatests/test_xmlrpc/test_realmdomains_plugin.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/ipatests/test_xmlrpc/test_realmdomains_plugin.py b/ipatests/test_xmlrpc/test_realmdomains_plugin.py
index 8abb53e482f206249e029821468b35a47b9ce59a..1d4dda3d2ef80f2bed0bb159486a4f2cdcac8d3d 100644
--- a/ipatests/test_xmlrpc/test_realmdomains_plugin.py
+++ b/ipatests/test_xmlrpc/test_realmdomains_plugin.py
@@ -64,6 +64,15 @@ class test_realmdomains(Declarative):
associateddomain=[our_domain],
cn=[cn],
objectclass=objectclasses.realmdomains,
+ aci=[
+ u'(targetattr = "associateddomain || cn || '
+ u'objectclass")'
+ u'(targetfilter = "(objectclass=domainrelatedobject)")'
+ u'(version 3.0;acl '
+ u'"permission:System: Read Realm Domains";'
+ u'allow (read,compare,search) '
+ u'userdn = "ldap:///all";)'
+ ],
),
),
),
--
1.9.0
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel