URL: https://github.com/freeipa/freeipa/pull/299
Title: #299: Remove "Request Certificate with SubjectAltName" permission
martbab commented:
"""
I have put on my Travis moustache and found these two failing tests, you will
have to fix them:
```
=== FAILURES ===
test_permission_legacy.test_command[: permission_find: Check that some
legacy permission is found in $SUFFIX]
self =
index = 0
declarative_test_definition = {'command': ('permission_find', [],
{'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=test'), 'version': '2.216'}),
'desc...6e430230>, 'truncated': False}, 'nice': ': permission_find: Check
that some legacy permission is found in $SUFFIX'}
def test_command(self, index, declarative_test_definition):
"""Run an individual test
The arguments are provided by the pytest plugin.
"""
if callable(declarative_test_definition):
declarative_test_definition(self)
else:
> self.check(**declarative_test_definition)
/usr/lib/python2.7/site-packages/ipatests/test_xmlrpc/xmlrpc_test.py:318:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib/python2.7/site-packages/ipatests/test_xmlrpc/xmlrpc_test.py:330: in
check
self.check_output(nice, cmd, args, options, expected, extra_check)
/usr/lib/python2.7/site-packages/ipatests/test_xmlrpc/xmlrpc_test.py:379: in
check_output
assert_deepequal(expected, got, nice)
/usr/lib/python2.7/site-packages/ipatests/util.py:388: in assert_deepequal
assert_deepequal(e_sub, g_sub, doc, stack + (key,))
/usr/lib/python2.7/site-packages/ipatests/util.py:390: in assert_deepequal
if not expected(got):
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
results = [{'attrs': ('objectclass',), 'cn': ('Certificate Remove Hold',),
'dn': 'cn=Certificate Remove Hold,cn=permissions,cn=p...eve Certificates from
the CA,cn=permissions,cn=pbac,dc=ipa,dc=test', 'ipapermbindruletype':
('permission',), ...}, ...]
def check_legacy_results(results):
"""Check that the expected number of legacy permissions are in
$SUFFIX"""
legacy_permissions = [p for p in results
if not p.get('ipapermissiontype')]
print(legacy_permissions)
> assert len(legacy_permissions) == 9, len(legacy_permissions)
E AssertionError: 8
E assert 8 == 9
E+ where 8 = len([{'attrs': ('objectclass',), 'cn': ('Certificate
Remove Hold',), 'dn': 'cn=Certificate Remove Hold,cn=permissions,cn=p...eve
Certificates from the CA,cn=permissions,cn=pbac,dc=ipa,dc=test',
'ipapermbindruletype': ('permission',), ...}, ...])
/usr/lib/python2.7/site-packages/ipatests/test_xmlrpc/test_permission_plugin.py:3128:
AssertionError
```
I also wonder if there is a possibility for this removal to break replica
install against older (IPA v3) masters.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/299#issuecomment-266423674
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code