subject:"\[Freeipa\-devel\] \[PATCH\] 54 Fix attempted write to attribute of read\-only object"

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2012-01-02 Thread Alexander Bokovoy

On Mon, 02 Jan 2012, Jan Cholasta wrote:
> >def ca_host(self):
> >
> >where ca_host() is _select_ca().
> >
> >Decorators are supported by Python 2.4.
> >
> 
> Here you go.
ACK. Pushed to master.


-- 
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2012-01-02 Thread Jan Cholasta


Dne 21.12.2011 21:49, Alexander Bokovoy napsal(a):

On Wed, 21 Dec 2011, Jan Cholasta wrote:


Fixed cachedproperty so that the return value is cached per-instance
instead of per-class.

Updated patch attached.

Works for me, thanks.

Could you please do a favor and use the decorator syntax as suggested
by the documentation of cachedproperty class?


@@ -1218,7 +1219,6 @@ class ra(rabase.rabase):
  self.ipa_key_size = "2048"
  self.ipa_certificate_nickname = "ipaCert"
  self.ca_certificate_nickname = "caCert"
-self.ca_host = None
  try:
  f = open(self.pwd_file, "r")
  self.password = f.readline().strip()
@@ -1283,6 +1283,7 @@ class ra(rabase.rabase):
  return host
  else:
  return api.env.ca_host


Instead of

+ca_host = cachedproperty(_select_ca)

rather have
@cachedproperty
def ca_host(self):

where ca_host() is _select_ca().

Decorators are supported by Python 2.4.



Here you go.

Honza

--
Jan Cholasta
>From c2f835ac8ce3be7b2f308910acb92c6749769e87 Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Tue, 1 Nov 2011 08:58:05 -0400
Subject: [PATCH] Fix attempted write to attribute of read-only object.

Add new class "cachedproperty" for creating property-like attributes
that cache the return value of a method call.

Also fix few issues in the unit tests to enable them to succeed.

ticket 1959
---
 ipalib/dn.py   |2 +-
 ipalib/errors.py   |6 +++---
 ipalib/util.py |   34 ++
 ipaserver/install/ldapupdate.py|4 ++--
 ipaserver/ipaldap.py   |2 +-
 ipaserver/plugins/dogtag.py|   10 +++---
 ipaserver/plugins/ldap2.py |2 +-
 tests/test_ipalib/test_plugable.py |2 +-
 tests/test_ipaserver/test_ldap.py  |   10 +-
 9 files changed, 55 insertions(+), 17 deletions(-)

diff --git a/ipalib/dn.py b/ipalib/dn.py
index dc3119d..6f2f7de 100644
--- a/ipalib/dn.py
+++ b/ipalib/dn.py
@@ -1092,7 +1092,7 @@ class DN(object):
 return rdns
 elif isinstance(value, (tuple, list)):
 if len(value) != 2:
-raise ValueError("tuple or list must be 2-valued, not \"%s\"" % (rdn))
+raise ValueError("tuple or list must be 2-valued, not \"%s\"" % (value))
 rdn = RDN(value, first_key_match=self.first_key_match)
 return rdn
 else:
diff --git a/ipalib/errors.py b/ipalib/errors.py
index 5b63488..f115f0c 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -448,10 +448,10 @@ class RefererError(PublicError):
 
 For example:
 
->>> raise RefererError()
+>>> raise RefererError(referer='referer')
 Traceback (most recent call last):
   ...
-RefererError: Missing or invalid HTTP Referer
+RefererError: Missing or invalid HTTP Referer, referer
 """
 
 errno = 911
@@ -1537,7 +1537,7 @@ class DependentEntry(ExecutionError):
 >>> raise DependentEntry(label=u'SELinux User Map', key=u'test', dependent=u'test1')
 Traceback (most recent call last):
   ...
-DependentEntry: Not registered yet
+DependentEntry: test cannot be deleted because SELinux User Map test1 requires it
 
 """
 
diff --git a/ipalib/util.py b/ipalib/util.py
index ffa2759..d575329 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -27,6 +27,7 @@ import time
 import socket
 import re
 from types import NoneType
+from weakref import WeakKeyDictionary
 
 from ipalib import errors
 from ipalib.text import _
@@ -272,3 +273,36 @@ def validate_hostname(hostname):
 if not all(regex_name.match(part) for part in hostname.split(".")):
 raise ValueError(_('hostname parts may only include letters, numbers, and - ' \
'(which is not allowed as the last character)'))
+
+class cachedproperty(object):
+"""
+A property-like attribute that caches the return value of a method call.
+
+When the attribute is first read, the method is called and its return
+value is saved and returned. On subsequent reads, the saved value is
+returned.
+
+Typical usage:
+class C(object):
+@cachedproperty
+def attr(self):
+return 'value'
+"""
+__slots__ = ('getter', 'store')
+
+def __init__(self, getter):
+self.getter = getter
+self.store = WeakKeyDictionary()
+
+def __get__(self, obj, cls):
+if obj is None:
+return None
+if obj not in self.store:
+self.store[obj] = self.getter(obj)
+return self.store[obj]
+
+def __set__(self, obj, value):
+raise AttributeError("can't set attribute")
+
+def __delete__(self, obj):
+raise AttributeError("can't delete attribute")
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 91d3d83..8fbfeaf 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/i

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2011-12-21 Thread Alexander Bokovoy

On Wed, 21 Dec 2011, Jan Cholasta wrote:
> 
> Fixed cachedproperty so that the return value is cached per-instance
> instead of per-class.
> 
> Updated patch attached.
Works for me, thanks.

Could you please do a favor and use the decorator syntax as suggested 
by the documentation of cachedproperty class?

> @@ -1218,7 +1219,6 @@ class ra(rabase.rabase):
>  self.ipa_key_size = "2048"
>  self.ipa_certificate_nickname = "ipaCert"
>  self.ca_certificate_nickname = "caCert"
> -self.ca_host = None
>  try:
>  f = open(self.pwd_file, "r")
>  self.password = f.readline().strip()
> @@ -1283,6 +1283,7 @@ class ra(rabase.rabase):
>  return host
>  else:
>  return api.env.ca_host

Instead of
> +ca_host = cachedproperty(_select_ca)
rather have
   @cachedproperty
   def ca_host(self):

where ca_host() is _select_ca().

Decorators are supported by Python 2.4.

-- 
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2011-12-21 Thread Jan Cholasta

Dne 21.12.2011 14:32, Jan Cholasta napsal(a):

Dne 2.12.2011 21:26, Alexander Bokovoy napsal(a):

On Fri, 02 Dec 2011, Jan Cholasta wrote:

I don't like the idea of introducing a new class every time we need a
ReadOnly attribute to be writable. There's quite a few places in the
code where we do object.__setattr__ on ReadOnly objects. IMO the right
thing to do would be to add means of whitelisting ReadOnly attributes
that need to stay writable after locking.

You can move those _select_ca(), _select_any_master(),
_host_has_service() to CaCache as they seem to not depend on anything
in class ca but rather use global api.env.

This way you will get is a fairly simple CaCache class reusable both
in ca and ra classes.

Honza

What is the status of this patch?

rob

It fixes the issue and I wouldn't mind leaving it as it is.

Alexander?

I still don't like it. There is nothing in CA that really requires
enabling writting to ReadOnly after locking. ReadOnly is a fundamental
promise of our API and breaking it should be possible only for cases
where any other approach will be ineffective. This particular case is
rather poor implementation of CA/RA classes that could be solved in a
simpler way.

Sometimes you need to hold promises. ;)

Updated and rebased the patch.

Added a class for creating property-like attributes that cache the
return value of a function call.

Fixed some more unit test issues that popped up since I first made the
patch.

Note that some tests are still failing, most of the failures seem to be
related to user private groups (see attached log).

Honza

Fixed cachedproperty so that the return value is cached per-instance 
instead of per-class.

Updated patch attached.

Honza

--
Jan Cholasta
>From f2711cf5b85be3cf285936365a80b6f8cdfaaf9e Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Tue, 1 Nov 2011 08:58:05 -0400
Subject: [PATCH] Fix attempted write to attribute of read-only object.

Add new class "cachedproperty" for creating property-like attributes
that cache the return value of a method call.

Also fix few issues in the unit tests to enable them to succeed.

ticket 1959
---
 ipalib/dn.py   |2 +-
 ipalib/errors.py   |6 +++---
 ipalib/util.py |   34 ++
 ipaserver/install/ldapupdate.py|4 ++--
 ipaserver/ipaldap.py   |2 +-
 ipaserver/plugins/dogtag.py|8 ++--
 ipaserver/plugins/ldap2.py |2 +-
 tests/test_ipalib/test_plugable.py |2 +-
 tests/test_ipaserver/test_ldap.py  |   10 +-
 9 files changed, 54 insertions(+), 16 deletions(-)

diff --git a/ipalib/dn.py b/ipalib/dn.py
index dc3119d..6f2f7de 100644
--- a/ipalib/dn.py
+++ b/ipalib/dn.py
@@ -1092,7 +1092,7 @@ class DN(object):
 return rdns
 elif isinstance(value, (tuple, list)):
 if len(value) != 2:
-raise ValueError("tuple or list must be 2-valued, not \"%s\"" % (rdn))
+raise ValueError("tuple or list must be 2-valued, not \"%s\"" % (value))
 rdn = RDN(value, first_key_match=self.first_key_match)
 return rdn
 else:
diff --git a/ipalib/errors.py b/ipalib/errors.py
index 5b63488..f115f0c 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -448,10 +448,10 @@ class RefererError(PublicError):

 For example:

->>> raise RefererError()
+>>> raise RefererError(referer='referer')
 Traceback (most recent call last):
   ...
-RefererError: Missing or invalid HTTP Referer
+RefererError: Missing or invalid HTTP Referer, referer
 """

 errno = 911
@@ -1537,7 +1537,7 @@ class DependentEntry(ExecutionError):
 >>> raise DependentEntry(label=u'SELinux User Map', key=u'test', dependent=u'test1')
 Traceback (most recent call last):
   ...
-DependentEntry: Not registered yet
+DependentEntry: test cannot be deleted because SELinux User Map test1 requires it

 """

diff --git a/ipalib/util.py b/ipalib/util.py
index ffa2759..d575329 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -27,6 +27,7 @@ import time
 import socket
 import re
 from types import NoneType
+from weakref import WeakKeyDictionary

 from ipalib import errors
 from ipalib.text import _
@@ -272,3 +273,36 @@ def validate_hostname(hostname):
 if not all(regex_name.match(part) for part in hostname.split(".")):
 raise ValueError(_('hostname parts may only include letters, numbers, and - ' \
'(which is not allowed as the last character)'))
+
+class cachedproperty(object):
+"""
+A property-like attribute that caches the return value of a method call.
+
+When the attribute is first read, the method is called and its return
+value is saved and returned. On subsequent reads, the saved value is
+returned.
+
+Typical usage:
+class C(object):
+@cachedproperty
+def attr(self):
+re

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2011-12-02 Thread Alexander Bokovoy

On Fri, 02 Dec 2011, Jan Cholasta wrote:
> >>I don't like the idea of introducing a new class every time we need a
> >>ReadOnly attribute to be writable. There's quite a few places in the
> >>code where we do object.__setattr__ on ReadOnly objects. IMO the right
> >>thing to do would be to add means of whitelisting ReadOnly attributes
> >>that need to stay writable after locking.
> >>
> >>>
> >>>You can move those _select_ca(), _select_any_master(),
> >>>_host_has_service() to CaCache as they seem to not depend on anything
> >>>in class ca but rather use global api.env.
> >>>
> >>>This way you will get is a fairly simple CaCache class reusable both
> >>>in ca and ra classes.
> >>
> >>Honza
> >>
> >
> >What is the status of this patch?
> >
> >rob
> 
> It fixes the issue and I wouldn't mind leaving it as it is.
> 
> Alexander?

I still don't like it. There is nothing in CA that really requires 
enabling writting to ReadOnly after locking. ReadOnly is a fundamental 
promise of our API and breaking it should be possible only for cases 
where any other approach will be ineffective. This particular case is 
rather poor implementation of CA/RA classes that could be solved in a 
simpler way.

Sometimes you need to hold promises. ;)

-- 
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2011-12-02 Thread Jan Cholasta


Dne 2.12.2011 15:56, Rob Crittenden napsal(a):

Jan Cholasta wrote:

Dne 14.10.2011 10:19, Alexander Bokovoy napsal(a):

On Fri, 14 Oct 2011, Jan Cholasta wrote:

Perform an HTTP request.
"""
- if self.ca_host == None:
- self.ca_host = self._select_ca()
+ if self.ca_host is None:
+ object.__setattr__(self, 'ca_host', self._select_ca())
return dogtag.http_request(self.ca_host, port, url, **kw)

I don't like this approach as well. A better way would be to have a
class CaCache that is mutable and allow changing its properties. Then
you would create an instance of CaCache in ca.__init__() and ask for
its properties later.


I don't like the idea of introducing a new class every time we need a
ReadOnly attribute to be writable. There's quite a few places in the
code where we do object.__setattr__ on ReadOnly objects. IMO the right
thing to do would be to add means of whitelisting ReadOnly attributes
that need to stay writable after locking.



You can move those _select_ca(), _select_any_master(),
_host_has_service() to CaCache as they seem to not depend on anything
in class ca but rather use global api.env.

This way you will get is a fairly simple CaCache class reusable both
in ca and ra classes.


Honza



What is the status of this patch?

rob


It fixes the issue and I wouldn't mind leaving it as it is.

Alexander?

Honza

--
Jan Cholasta

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2011-12-02 Thread Rob Crittenden


Jan Cholasta wrote:

Dne 14.10.2011 10:19, Alexander Bokovoy napsal(a):

On Fri, 14 Oct 2011, Jan Cholasta wrote:

Perform an HTTP request.
"""
- if self.ca_host == None:
- self.ca_host = self._select_ca()
+ if self.ca_host is None:
+ object.__setattr__(self, 'ca_host', self._select_ca())
return dogtag.http_request(self.ca_host, port, url, **kw)

I don't like this approach as well. A better way would be to have a
class CaCache that is mutable and allow changing its properties. Then
you would create an instance of CaCache in ca.__init__() and ask for
its properties later.


I don't like the idea of introducing a new class every time we need a
ReadOnly attribute to be writable. There's quite a few places in the
code where we do object.__setattr__ on ReadOnly objects. IMO the right
thing to do would be to add means of whitelisting ReadOnly attributes
that need to stay writable after locking.



You can move those _select_ca(), _select_any_master(),
_host_has_service() to CaCache as they seem to not depend on anything
in class ca but rather use global api.env.

This way you will get is a fairly simple CaCache class reusable both
in ca and ra classes.


Honza



What is the status of this patch?

rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2011-11-01 Thread Jan Cholasta


Dne 14.10.2011 10:19, Alexander Bokovoy napsal(a):

On Fri, 14 Oct 2011, Jan Cholasta wrote:

  Perform an HTTP request.
  """
-if self.ca_host == None:
-self.ca_host = self._select_ca()
+if self.ca_host is None:
+object.__setattr__(self, 'ca_host', self._select_ca())
  return dogtag.http_request(self.ca_host, port, url, **kw)

I don't like this approach as well. A better way would be to have a
class CaCache that is mutable and allow changing its properties. Then
you would create an instance of CaCache in ca.__init__() and ask for
its properties later.


I don't like the idea of introducing a new class every time we need a 
ReadOnly attribute to be writable. There's quite a few places in the 
code where we do object.__setattr__ on ReadOnly objects. IMO the right 
thing to do would be to add means of whitelisting ReadOnly attributes 
that need to stay writable after locking.




You can move those _select_ca(), _select_any_master(),
_host_has_service() to CaCache as they seem to not depend on anything
in class ca but rather use global api.env.

This way you will get is a fairly simple CaCache class reusable both
in ca and ra classes.


Honza

--
Jan Cholasta

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2011-10-14 Thread Alexander Bokovoy

On Fri, 14 Oct 2011, Jan Cholasta wrote:
>  Perform an HTTP request.
>  """
> -if self.ca_host == None:
> -self.ca_host = self._select_ca()
> +if self.ca_host is None:
> +object.__setattr__(self, 'ca_host', self._select_ca())
>  return dogtag.http_request(self.ca_host, port, url, **kw)
I don't like this approach as well. A better way would be to have a 
class CaCache that is mutable and allow changing its properties. Then 
you would create an instance of CaCache in ca.__init__() and ask for 
its properties later.

You can move those _select_ca(), _select_any_master(), 
_host_has_service() to CaCache as they seem to not depend on anything 
in class ca but rather use global api.env.

This way you will get is a fairly simple CaCache class reusable both 
in ca and ra classes.
-- 
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2011-10-14 Thread Jan Cholasta


Dne 13.10.2011 17:36, Rob Crittenden napsal(a):

Jan Cholasta wrote:

Also fixes a few issues in the unit tests. All of them now run
successfully.

https://fedorahosted.org/freeipa/ticket/1959

Honza


I think it would be better to use:

object.__setattr__(self, 'ca_host', self._select_ca())

This will cache the value of a known CA host.

rob


That's ugly!

Here you are anyway.

Honza

--
Jan Cholasta
>From 5b05071f82f2fac4ad1f6996cfba8622fc5ba873 Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Thu, 13 Oct 2011 04:47:43 -0400
Subject: [PATCH] Fix attempted write to attribute of read-only object.

Also fix few issues in the unit tests to enable them all to succeed.

ticket 1959
---
 ipalib/dn.py   |2 +-
 ipaserver/plugins/dogtag.py|8 
 tests/test_ipaserver/test_ldap.py  |   10 +-
 tests/test_xmlrpc/test_group_plugin.py |4 
 4 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/ipalib/dn.py b/ipalib/dn.py
index dc3119d..6f2f7de 100644
--- a/ipalib/dn.py
+++ b/ipalib/dn.py
@@ -1092,7 +1092,7 @@ class DN(object):
 return rdns
 elif isinstance(value, (tuple, list)):
 if len(value) != 2:
-raise ValueError("tuple or list must be 2-valued, not \"%s\"" % (rdn))
+raise ValueError("tuple or list must be 2-valued, not \"%s\"" % (value))
 rdn = RDN(value, first_key_match=self.first_key_match)
 return rdn
 else:
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 23d06ab..5b1a210 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1293,8 +1293,8 @@ class ra(rabase.rabase):
 
 Perform an HTTP request.
 """
-if self.ca_host == None:
-self.ca_host = self._select_ca()
+if self.ca_host is None:
+object.__setattr__(self, 'ca_host', self._select_ca())
 return dogtag.http_request(self.ca_host, port, url, **kw)
 
 def _sslget(self, url, port, **kw):
@@ -1307,8 +1307,8 @@ class ra(rabase.rabase):
 Perform an HTTPS request
 """
 
-if self.ca_host == None:
-self.ca_host = self._select_ca()
+if self.ca_host is None:
+object.__setattr__(self, 'ca_host', self._select_ca())
 return dogtag.https_request(self.ca_host, port, url, self.sec_dir, self.password, self.ipa_certificate_nickname, **kw)
 
 def get_parse_result_xml(self, xml_text, parse_func):
diff --git a/tests/test_ipaserver/test_ldap.py b/tests/test_ipaserver/test_ldap.py
index b3f8009..7f63b94 100644
--- a/tests/test_ipaserver/test_ldap.py
+++ b/tests/test_ipaserver/test_ldap.py
@@ -112,7 +112,15 @@ class test_ldap(object):
 myapi.register(service)
 myapi.register(service_show)
 myapi.finalize()
-myapi.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw='password')
+
+pwfile = api.env.dot_ipa + os.sep + ".dmpw"
+if ipautil.file_exists(pwfile):
+fp = open(pwfile, "r")
+dm_password = fp.read().rstrip()
+fp.close()
+else:
+raise nose.SkipTest("No directory manager password in %s" % pwfile)
+myapi.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
 
 result = myapi.Command['service_show']('ldap/%s@%s' %  (api.env.host, api.env.realm,))
 entry_attrs = result['result']
diff --git a/tests/test_xmlrpc/test_group_plugin.py b/tests/test_xmlrpc/test_group_plugin.py
index 6403251..86c0d90 100644
--- a/tests/test_xmlrpc/test_group_plugin.py
+++ b/tests/test_xmlrpc/test_group_plugin.py
@@ -755,6 +755,10 @@ class test_group(Declarative):
 dn=lambda x: DN(x) == \
 DN(('uid','tuser1'),('cn','users'),('cn','accounts'),
api.env.basedn),
+krbpwdpolicyreference=lambda x: [DN(i) for i in x] == \
+[DN(('cn','global_policy'),('cn',api.env.realm),
+('cn','kerberos'),api.env.basedn)],
+memberof_group=[u'ipausers'],
 has_keytab=False,
 has_password=False,
 ),
-- 
1.7.7

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2011-10-13 Thread Rob Crittenden


Jan Cholasta wrote:

Also fixes a few issues in the unit tests. All of them now run
successfully.

https://fedorahosted.org/freeipa/ticket/1959

Honza


I think it would be better to use:

object.__setattr__(self, 'ca_host', self._select_ca())

This will cache the value of a known CA host.

rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

2011-10-13 Thread Jan Cholasta


Also fixes a few issues in the unit tests. All of them now run successfully.

https://fedorahosted.org/freeipa/ticket/1959

Honza

--
Jan Cholasta
>From 00b9d0c2ecf1246a4021112e8b2451c3bd1ce595 Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Thu, 13 Oct 2011 04:47:43 -0400
Subject: [PATCH] Fix attempted write to attribute of read-only object.

Also fix few issues in the unit tests to enable them all to succeed.

ticket 1959
---
 ipalib/dn.py   |2 +-
 ipaserver/plugins/dogtag.py|   11 +++
 tests/test_ipaserver/test_ldap.py  |   10 +-
 tests/test_xmlrpc/test_group_plugin.py |4 
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/ipalib/dn.py b/ipalib/dn.py
index dc3119d..6f2f7de 100644
--- a/ipalib/dn.py
+++ b/ipalib/dn.py
@@ -1092,7 +1092,7 @@ class DN(object):
 return rdns
 elif isinstance(value, (tuple, list)):
 if len(value) != 2:
-raise ValueError("tuple or list must be 2-valued, not \"%s\"" % (rdn))
+raise ValueError("tuple or list must be 2-valued, not \"%s\"" % (value))
 rdn = RDN(value, first_key_match=self.first_key_match)
 return rdn
 else:
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 23d06ab..8702955 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1218,7 +1218,7 @@ class ra(rabase.rabase):
 self.ipa_key_size = "2048"
 self.ipa_certificate_nickname = "ipaCert"
 self.ca_certificate_nickname = "caCert"
-self.ca_host = None
+self.ca_host = self._select_ca()
 try:
 f = open(self.pwd_file, "r")
 self.password = f.readline().strip()
@@ -1293,9 +1293,7 @@ class ra(rabase.rabase):
 
 Perform an HTTP request.
 """
-if self.ca_host == None:
-self.ca_host = self._select_ca()
-return dogtag.http_request(self.ca_host, port, url, **kw)
+return dogtag.http_request(self.ca_host or self._select_ca(), port, url, **kw)
 
 def _sslget(self, url, port, **kw):
 """
@@ -1306,10 +1304,7 @@ class ra(rabase.rabase):
 
 Perform an HTTPS request
 """
-
-if self.ca_host == None:
-self.ca_host = self._select_ca()
-return dogtag.https_request(self.ca_host, port, url, self.sec_dir, self.password, self.ipa_certificate_nickname, **kw)
+return dogtag.https_request(self.ca_host or self._select_ca(), port, url, self.sec_dir, self.password, self.ipa_certificate_nickname, **kw)
 
 def get_parse_result_xml(self, xml_text, parse_func):
 '''
diff --git a/tests/test_ipaserver/test_ldap.py b/tests/test_ipaserver/test_ldap.py
index b3f8009..7f63b94 100644
--- a/tests/test_ipaserver/test_ldap.py
+++ b/tests/test_ipaserver/test_ldap.py
@@ -112,7 +112,15 @@ class test_ldap(object):
 myapi.register(service)
 myapi.register(service_show)
 myapi.finalize()
-myapi.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw='password')
+
+pwfile = api.env.dot_ipa + os.sep + ".dmpw"
+if ipautil.file_exists(pwfile):
+fp = open(pwfile, "r")
+dm_password = fp.read().rstrip()
+fp.close()
+else:
+raise nose.SkipTest("No directory manager password in %s" % pwfile)
+myapi.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
 
 result = myapi.Command['service_show']('ldap/%s@%s' %  (api.env.host, api.env.realm,))
 entry_attrs = result['result']
diff --git a/tests/test_xmlrpc/test_group_plugin.py b/tests/test_xmlrpc/test_group_plugin.py
index 6403251..86c0d90 100644
--- a/tests/test_xmlrpc/test_group_plugin.py
+++ b/tests/test_xmlrpc/test_group_plugin.py
@@ -755,6 +755,10 @@ class test_group(Declarative):
 dn=lambda x: DN(x) == \
 DN(('uid','tuser1'),('cn','users'),('cn','accounts'),
api.env.basedn),
+krbpwdpolicyreference=lambda x: [DN(i) for i in x] == \
+[DN(('cn','global_policy'),('cn',api.env.realm),
+('cn','kerberos'),api.env.basedn)],
+memberof_group=[u'ipausers'],
 has_keytab=False,
 has_password=False,
 ),
-- 
1.7.6.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

[Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

12 matches

Site Navigation

Mail list logo

Footer information