| |
@@ -167,10 +167,10 @@
|
| |
def test_delete_an_attribute_value_we_are_not_allowed_to_delete(
|
| |
topo, _add_user, aci_of_user
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value
|
| |
of the attributes being added (or deleted))
|
| |
Test that we can MODIFY:add an attribute value we are allowed to add
|
| |
+
|
| |
:id: 7c41baa6-7aa9-11e8-9bdc-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -192,12 +192,12 @@
|
| |
|
| |
|
| |
def test_donot_allow_write_access_to_title_if_value_is_not_architect(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
Test that we cannot MODIFY:add an attribute value we are not allowed to add
|
| |
+
|
| |
:id: 822c607e-7aa9-11e8-b2e7-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -210,7 +210,7 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(title=architect), del=title:(title=architect)")' \
|
| |
- '(version 3.0; acl "$tet_thistest"; allow (write) (userdn = "ldap:///{}") ;)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(version 3.0; acl "{}"; allow (write) (userdn = "ldap:///{}") ;)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
# aci will allow to add title architect
|
| |
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
|
| |
@@ -221,12 +221,12 @@
|
| |
|
| |
|
| |
def test_delete_an_attribute_value_we_are_allowed_to_delete(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of
|
| |
the attributes being added (or deleted))
|
| |
- Test that we can MODIFY:delete an attribute value we are allowed to delete,
|
| |
+ Test that we can MODIFY:delete an attribute value we are allowed to delete
|
| |
+
|
| |
:id: 86f36b34-7aa9-11e8-ab16-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -239,7 +239,7 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(title=architect), del=title:(title=architect)")' \
|
| |
- '(version 3.0; acl "$tet_thistest"; allow (write) (userdn = "ldap:///{}") ;)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(version 3.0; acl "{}"; allow (write) (userdn = "ldap:///{}") ;)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "architect").add()
|
| |
# aci will allow to delete title architect
|
| |
@@ -249,12 +249,12 @@
|
| |
|
| |
|
| |
def test_delete_an_attribute_value_we_are_not_allowed_to_deleted(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
- Test that we cannot MODIFY:delete an attribute value we are allowed to delete,
|
| |
+ Test that we cannot MODIFY:delete an attribute value we are allowed to delete
|
| |
+
|
| |
:id: 8c9f3a90-7aa9-11e8-bf2e-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -267,7 +267,7 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(title=architect), del=title:(title=architect)")' \
|
| |
- '(version 3.0; acl "$tet_thistest"; allow (write) (userdn = "ldap:///{}") ;)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(version 3.0; acl "{}"; allow (write) (userdn = "ldap:///{}") ;)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "engineer").add()
|
| |
# acl will not allow to delete title engineer
|
| |
@@ -276,11 +276,11 @@
|
| |
_ModTitleArchitectJeffVedder(topo, "engineer", conn).delete()
|
| |
|
| |
|
| |
- def test_allow_modify_replace(topo, _add_user, aci_of_user):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ def test_allow_modify_replace(topo, _add_user, aci_of_user, request):
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
Test that we can MODIFY:replace an attribute if we have correct add/delete rights.
|
| |
+
|
| |
:id: 9148a234-7aa9-11e8-a1f1-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -293,8 +293,8 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(title=engineer), del=title:(|(title=architect)' \
|
| |
- '(title=idiot))")(version 3.0; acl "$tet_thistest"; ' \
|
| |
- 'allow (write) (userdn = "ldap:///{}") ;)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(title=idiot))")(version 3.0; acl "{}"; ' \
|
| |
+ 'allow (write) (userdn = "ldap:///{}") ;)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "architect").add()
|
| |
_AddTitleWithRoot(topo, "idiot").add()
|
| |
@@ -305,11 +305,11 @@
|
| |
_ModTitleArchitectJeffVedder(topo, "engineer", conn).delete()
|
| |
|
| |
|
| |
- def test_allow_modify_delete(topo, _add_user, aci_of_user):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ def test_allow_modify_delete(topo, _add_user, aci_of_user, request):
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
- "Valueacl Test $tet_thistest Don't Allow modify:replace because of lack of delete rights"
|
| |
+ Don't Allow modify:replace because of lack of delete rights
|
| |
+
|
| |
:id: 962842d2-7aa9-11e8-b39e-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -322,8 +322,8 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(title=engineer), del=title:(|(title=architect))")' \
|
| |
- '(version 3.0; acl "$tet_thistest"; allow (write) ' \
|
| |
- '(userdn = "ldap:///{}") ;)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(version 3.0; acl "{}"; allow (write) ' \
|
| |
+ '(userdn = "ldap:///{}") ;)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "architect").add()
|
| |
_AddTitleWithRoot(topo, "idiot").add()
|
| |
@@ -335,11 +335,11 @@
|
| |
_ModTitleArchitectJeffVedder(topo, "idiot", conn).delete()
|
| |
|
| |
|
| |
- def test_replace_an_attribute_if_we_lack(topo, _add_user, aci_of_user):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ def test_replace_an_attribute_if_we_lack(topo, _add_user, aci_of_user, request):
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
Test that we cannot MODIFY:replace an attribute if we lack
|
| |
+
|
| |
:id: 9b1e6afa-7aa9-11e8-ac5b-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -352,8 +352,8 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(title=engineer), del=title:(|(title=architect))")' \
|
| |
- '(version 3.0; acl "$tet_thistest"; allow (write) ' \
|
| |
- '(userdn = "ldap:///{}") ;)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(version 3.0; acl "{}"; allow (write) ' \
|
| |
+ '(userdn = "ldap:///{}") ;)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "architect").add()
|
| |
_AddTitleWithRoot(topo, "idiot").add()
|
| |
@@ -365,13 +365,13 @@
|
| |
|
| |
|
| |
def test_remove_an_attribute_if_we_have_del_rights_to_all_attr_value(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
- attributes being added (or deleted))
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ attributes being added (or deleted))
|
| |
Test that we can use MODIFY:delete to entirely remove an attribute if we have del rights
|
| |
to all attr values negative case tested next.
|
| |
+
|
| |
:id: a0c9e0c4-7aa9-11e8-8880-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -384,8 +384,8 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(title=engineer), del=title:(|(title=architect)' \
|
| |
- '(title=idiot))")(version 3.0; acl "$tet_thistest"; allow (write)' \
|
| |
- ' (userdn = "ldap:///{}") ;)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(title=idiot))")(version 3.0; acl "{}"; allow (write)' \
|
| |
+ ' (userdn = "ldap:///{}") ;)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "architect").add()
|
| |
_AddTitleWithRoot(topo, "idiot").add()
|
| |
@@ -395,13 +395,13 @@
|
| |
|
| |
|
| |
def test_remove_an_attribute_if_we_donot_have_del_rights_to_all_attr_value(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
Test that we can use MODIFY:delete to entirely remove an attribute if we have not del
|
| |
rights to all attr values
|
| |
+
|
| |
:id: a6862eaa-7aa9-11e8-8bf9-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -414,8 +414,8 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(title=engineer), del=title:(|(title=architect)' \
|
| |
- '(title=idiot))")(version 3.0; acl "$tet_thistest"; allow (write) ' \
|
| |
- '(userdn = "ldap:///{}") ;)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(title=idiot))")(version 3.0; acl "{}"; allow (write) ' \
|
| |
+ '(userdn = "ldap:///{}") ;)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "architect").add()
|
| |
_AddTitleWithRoot(topo, "sailor").add()
|
| |
@@ -426,12 +426,12 @@
|
| |
|
| |
|
| |
def test_remove_an_attribute_if_we_have_del_rights_to_all_attr_values(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
Test that we can use MODIFY:replace to entirely remove an attribute if we have del rights to all attr values
|
| |
+
|
| |
:id: ab04c7e8-7aa9-11e8-84db-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -444,8 +444,8 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(title=engineer), del=title:(|(title=architect)' \
|
| |
- '(title=idiot))")(version 3.0; acl "$tet_thistest"; allow (write) ' \
|
| |
- '(userdn = "ldap:///{}") ;)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(title=idiot))")(version 3.0; acl "{}"; allow (write) ' \
|
| |
+ '(userdn = "ldap:///{}") ;)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "architect").add()
|
| |
_AddTitleWithRoot(topo, "idiot").add()
|
| |
@@ -455,12 +455,12 @@
|
| |
|
| |
|
| |
def test_cantnot_delete_an_entry_with_attribute_values_we_are_not_allowed_delete(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of
|
| |
the attributes being added (or deleted))
|
| |
- Test we cannot DELETE an entry with attribute values we are not allowed delete,
|
| |
+ Test we cannot DELETE an entry with attribute values we are not allowed delete
|
| |
+
|
| |
:id: b525d94c-7aa9-11e8-8539-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -474,7 +474,7 @@
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(|(title=engineer)(title=cool dude)(title=scum)), ' \
|
| |
'del=title:(|(title=engineer)(title=cool dude)(title=scum))")(version 3.0; ' \
|
| |
- 'aci "$tet_thistest"; allow (delete) userdn = "ldap:///{}";)'.format(USER_WITH_ACI_DELADD)
|
| |
+ 'aci "{}"; allow (delete) userdn = "ldap:///{}";)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddFREDWithRoot(topo, "engineer", "cool dude", "ANuj").create()
|
| |
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
|
| |
@@ -484,12 +484,12 @@
|
| |
|
| |
|
| |
def test_we_can_add_and_delete_an_entry_with_attribute_values_we_are_allowed_add_and_delete(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
Test we can DELETE an entry with attribute values we are allowed delete
|
| |
+
|
| |
:id: ba138e54-7aa9-11e8-8037-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -503,7 +503,7 @@
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(|(title=engineer)(title=cool dude)(title=scum)), ' \
|
| |
'del=title:(|(title=engineer)(title=cool dude)(title=scum))")(version 3.0; ' \
|
| |
- 'aci "$tet_thistest"; allow (delete) userdn = "ldap:///{}";)'.format(USER_WITH_ACI_DELADD)
|
| |
+ 'aci "{}"; allow (delete) userdn = "ldap:///{}";)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddFREDWithRoot(topo, "engineer", "cool dude", "scum").create()
|
| |
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
|
| |
@@ -511,12 +511,12 @@
|
| |
UserAccount(conn, FRED).delete()
|
| |
|
| |
|
| |
- def test_allow_title(topo, _add_user, aci_of_user):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ def test_allow_title(topo, _add_user, aci_of_user, request):
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
Test that if attr appears in targetattr and in targattrfilters then targattrfilters
|
| |
applies--ie. targattrfilters is a refinement of targattrfilters.
|
| |
+
|
| |
:id: beadf328-7aa9-11e8-bb08-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -530,8 +530,8 @@
|
| |
"""
|
| |
ACI_BODY = '(targetattr="title")(targattrfilters = "add=title:(|(title=engineer)' \
|
| |
'(title=cool dude)(title=scum)), del=title:(|(title=engineer)(title=cool dude)' \
|
| |
- '(title=scum))")(version 3.0; aci "$tet_thistest"; allow (write) ' \
|
| |
- 'userdn = "ldap:///{}";)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(title=scum))")(version 3.0; aci "{}"; allow (write) ' \
|
| |
+ 'userdn = "ldap:///{}";)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "engineer").add()
|
| |
_AddTitleWithRoot(topo, "cool dude").add()
|
| |
@@ -541,11 +541,11 @@
|
| |
_ModTitleArchitectJeffVedder(topo, "topdog", conn).add()
|
| |
|
| |
|
| |
- def test_allow_to_modify(topo, _add_user, aci_of_user):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ def test_allow_to_modify(topo, _add_user, aci_of_user, request):
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
Test that I can have secretary in targetattr and title in targattrfilters.
|
| |
+
|
| |
:id: c32e4704-7aa9-11e8-951d-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -559,8 +559,8 @@
|
| |
"""
|
| |
ACI_BODY = '(targetattr="secretary")(targattrfilters = "add=title:(|(title=engineer)' \
|
| |
'(title=cool dude)(title=scum)), del=title:(|(title=engineer)(title=cool dude)' \
|
| |
- '(title=scum))")(version 3.0; aci "$tet_thistest"; allow (write)' \
|
| |
- ' userdn = "ldap:///{}";)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(title=scum))")(version 3.0; aci "{}"; allow (write)' \
|
| |
+ ' userdn = "ldap:///{}";)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "engineer").add()
|
| |
_AddTitleWithRoot(topo, "cool dude").add()
|
| |
@@ -571,11 +571,11 @@
|
| |
assert user.get_attr_val('secretary')
|
| |
|
| |
|
| |
- def test_selfwrite_does_not_confer_write_on_a_targattrfilters_atribute(topo, _add_user, aci_of_user):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of
|
| |
+ def test_selfwrite_does_not_confer_write_on_a_targattrfilters_atribute(topo, _add_user, aci_of_user, request):
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of
|
| |
the attributes being added (or deleted))
|
| |
Selfwrite does not confer "write" on a targattrfilters atribute.
|
| |
+
|
| |
:id: c7b9ec2e-7aa9-11e8-ba4a-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -589,7 +589,7 @@
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(|(title=engineer)(title=cool dude)(title=scum)), ' \
|
| |
'del=title:(|(title=engineer)(title=cool dude)(title=scum))")(version 3.0; ' \
|
| |
- 'aci "$tet_thistest"; allow (selfwrite) userdn = "ldap:///{}";)'.format(USER_WITH_ACI_DELADD)
|
| |
+ 'aci "{}"; allow (selfwrite) userdn = "ldap:///{}";)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
# aci will not allow to add selfwrite_does_not_confer_write_on_a_targattrfilters_atribute
|
| |
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
|
| |
@@ -598,12 +598,12 @@
|
| |
|
| |
|
| |
def test_selfwrite_continues_to_give_rights_to_attr_in_targetattr_list(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of
|
| |
the attributes being added (or deleted))
|
| |
Selfwrite continues to give rights to attr in targetattr list.
|
| |
+
|
| |
:id: cd287680-7aa9-11e8-a8e2-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -617,8 +617,8 @@
|
| |
"""
|
| |
ACI_BODY = '(targetattr="secretary")(targattrfilters = "add=title:(|(title=engineer)' \
|
| |
'(title=cool dude)(title=scum)), del=title:(|(title=engineer)(title=cool dude)' \
|
| |
- '(title=scum))")(version 3.0; aci "$tet_thistest"; allow (selfwrite) ' \
|
| |
- 'userdn = "ldap:///{}";)'.format(USER_WITH_ACI_DELADD)
|
| |
+ '(title=scum))")(version 3.0; aci "{}"; allow (selfwrite) ' \
|
| |
+ 'userdn = "ldap:///{}";)'.format(request.node.name, USER_WITH_ACI_DELADD)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
# selfwrite_continues_to_give_rights_to_attr_in_targetattr_list
|
| |
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
|
| |
@@ -627,12 +627,12 @@
|
| |
|
| |
|
| |
def test_add_an_attribute_value_we_are_allowed_to_add_with_ldapanyone(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
Test that we can MODIFY:add an attribute value we are allowed to add with ldap:///anyone
|
| |
+
|
| |
:id: d1e1d7ac-7aa9-11e8-b968-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -645,7 +645,7 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targattrfilters = "add=title:(title=architect), del=title:(title=architect)")' \
|
| |
- '(version 3.0; acl "$tet_thistest"; allow (write) userdn = "ldap:///anyone";)'
|
| |
+ '(version 3.0; acl "{}"; allow (write) userdn = "ldap:///anyone";)'.format(request.node.name)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
_AddTitleWithRoot(topo, "engineer").add()
|
| |
# aci will allow to add title architect
|
| |
@@ -653,12 +653,12 @@
|
| |
_ModTitleArchitectJeffVedder(topo, "architect", conn).add()
|
| |
|
| |
|
| |
- def test_hierarchy(topo, _add_user, aci_of_user):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of
|
| |
+ def test_hierarchy(topo, _add_user, aci_of_user, request):
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of
|
| |
the attributes being added (or deleted))
|
| |
Test that with two targattrfilters in the hierarchy that the general one applies.
|
| |
- This is the correct behaviour, even if it's a bit
|
| |
+ This is the correct behaviour, even if it's a bit confusing
|
| |
+
|
| |
:id: d7ae354a-7aa9-11e8-8b0d-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -670,10 +670,10 @@
|
| |
2. Operation should succeed
|
| |
3. Operation should succeed
|
| |
"""
|
| |
- ACI_BODY = '(targattrfilters = "add=title:(title=arch*)")(version 3.0; acl "$tet_thistest"; ' \
|
| |
- 'allow (write) (userdn = "ldap:///anyone") ;)'
|
| |
+ ACI_BODY = '(targattrfilters = "add=title:(title=arch*)")(version 3.0; acl "{}"; ' \
|
| |
+ 'allow (write) (userdn = "ldap:///anyone") ;)'.format(request.node.name)
|
| |
ACI_BODY1 = '(targattrfilters = "add=title:(title=architect)")(version 3.0; ' \
|
| |
- 'acl "$tet_thistest"; allow (write) (userdn = "ldap:///anyone") ;)'
|
| |
+ 'acl "{}"; allow (write) (userdn = "ldap:///anyone") ;)'.format(request.node.name)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY1)
|
| |
_AddTitleWithRoot(topo, "engineer").add()
|
| |
@@ -686,12 +686,12 @@
|
| |
|
| |
|
| |
def test_targattrfilters_and_search_permissions_and_that_ldapmodify_works_as_expected(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of the
|
| |
attributes being added (or deleted))
|
| |
Test that we can have targattrfilters and search permissions and that ldapmodify works as expected.
|
| |
+
|
| |
:id: ddae7a22-7aa9-11e8-ad6b-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -704,8 +704,8 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targetattr="secretary || objectclass || mail")(targattrfilters = "add=title:' \
|
| |
- '(title=arch*)")(version 3.0; acl "$tet_thistest"; ' \
|
| |
- 'allow (write,read,search,compare) (userdn = "ldap:///anyone") ;)'
|
| |
+ '(title=arch*)")(version 3.0; acl "{}"; ' \
|
| |
+ 'allow (write,read,search,compare) (userdn = "ldap:///anyone") ;)'.format(request.node.name)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
# aci will allow to add title architect
|
| |
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
|
| |
@@ -713,12 +713,12 @@
|
| |
|
| |
|
| |
def test_targattrfilters_and_search_permissions_and_that_ldapmodify_works_as_expected_two(
|
| |
- topo, _add_user, aci_of_user
|
| |
+ topo, _add_user, aci_of_user, request
|
| |
):
|
| |
- """
|
| |
- Testing the targattrfilters keyword that allows access control based on the value of
|
| |
+ """Testing the targattrfilters keyword that allows access control based on the value of
|
| |
the attributes being added (or deleted))
|
| |
Test that we can have targattrfilters and search permissions and that ldapsearch works as expected.
|
| |
+
|
| |
:id: e25d116e-7aa9-11e8-81d8-8c16451d917b
|
| |
:setup: server
|
| |
:steps:
|
| |
@@ -731,8 +731,8 @@
|
| |
3. Operation should succeed
|
| |
"""
|
| |
ACI_BODY = '(targetattr="secretary || objectclass || mail")(targattrfilters = ' \
|
| |
- '"add=title:(title=arch*)")(version 3.0; acl "$tet_thistest"; allow ' \
|
| |
- '(write,read,search,compare) (userdn = "ldap:///anyone") ;)'
|
| |
+ '"add=title:(title=arch*)")(version 3.0; acl "{}"; allow ' \
|
| |
+ '(write,read,search,compare) (userdn = "ldap:///anyone") ;)'.format(request.node.name)
|
| |
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
|
| |
conn = Anonymous(topo.standalone).bind()
|
| |
user = UserAccount(conn, USER_DELADD)
|
| |
Bug Description:
Some tests have an incorrect metadata in the docstrings. This prevents
the import of the test cases in the test case management system.
Fix Description:
Update the metadata:
aci description