rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c10
ipa/0032-ipatests-Add-selfservice-find-cli-tests-to-xmlrpc-Ad.patch
AlmaLinux RelEng Bot e793f538fa import CS ipa-4.13.1-3.el10.2
2026-05-20 09:36:04 -04:00

510 lines
16 KiB
Diff
Raw Permalink Blame History

From c294159878de52fa5762025ee4be893f280c5320 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Tue, 31 Mar 2026 15:38:36 +0200
Subject: [PATCH] ipatests: Add selfservice-find cli tests to xmlrpc Add a new
Declarative test class test_selfservice_cli_find covering CLI-level behaviour
of the selfservice-find command:
- find with --all succeeds and returns the matching rule
- non-existent or wrong attrs filter returns zero results
- bad --name filter returns zero results with valid and invalid
positional arg
- bad permissions filter with --all --raw returns zero results,
no internal error (BZ 747693)
- all valid params with --all --raw succeeds and returns the raw
ACI string (BZ 747693)
- wrong or non-existent attrs filter returns zero results with and
without name arg
- valid --attrs filter succeeds with positional name arg and with
--name option
- valid --name filter succeeds and returns the matching rule
- bad permissions filter returns zero results
- valid --permissions filter succeeds with positional name arg and
with --name option
- --raw only succeeds and returns the raw ACI string, no internal
error (BZ 747693)
Signed-off-by: Jay Gondaliya <jgondali@redhat.com>
Fixes: https://pagure.io/freeipa/issue/9945
Assisted-by: Claude <noreply@anthropic.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
Reviewed-By: David Hanina <dhanina@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
Reviewed-By: David Hanina <dhanina@redhat.com>
---
.../test_xmlrpc/test_selfservice_plugin.py | 456 ++++++++++++++++++
1 file changed, 456 insertions(+)
diff --git a/ipatests/test_xmlrpc/test_selfservice_plugin.py b/ipatests/test_xmlrpc/test_selfservice_plugin.py
index 48dfd7cc30e4519c3cbc7f3b97ea73539bf4e500..9e921156a592a2ec59ba7dfea3e38211cbb14ec8 100644
--- a/ipatests/test_xmlrpc/test_selfservice_plugin.py
+++ b/ipatests/test_xmlrpc/test_selfservice_plugin.py
@@ -944,6 +944,462 @@ class test_selfservice_cli_add_del(Declarative):
]
+# selfservice-find CLI test rule name
+SS_CLI_FIND = 'SELFSERVICE_FIND_TEST'
+
+
+@pytest.mark.tier1
+class test_selfservice_cli_find(Declarative):
+ """Tests for the selfservice-find CLI command."""
+
+ cleanup_commands = [
+ ('selfservice_del', [SS_CLI_FIND], {}),
+ ]
+
+ tests = [
+
+ # Setup: create the rule used by all find tests
+ dict(
+ desc='Setup: create %r' % SS_CLI_FIND,
+ command=(
+ 'selfservice_add',
+ [SS_CLI_FIND],
+ dict(attrs=['l'], permissions='write'),
+ ),
+ expected=dict(
+ value=SS_CLI_FIND,
+ summary='Added selfservice "%s"' % SS_CLI_FIND,
+ result=dict(
+ attrs=['l'],
+ permissions=['write'],
+ selfaci=True,
+ aciname=SS_CLI_FIND,
+ ),
+ ),
+ ),
+
+ # Find with --all returns the parsed result
+ dict(
+ desc='Search for %r with --all' % SS_CLI_FIND,
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(all=True),
+ ),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary='1 selfservice matched',
+ result=[{
+ 'attrs': ['l'],
+ 'permissions': ['write'],
+ 'selfaci': True,
+ 'aciname': SS_CLI_FIND,
+ }],
+ ),
+ ),
+
+ # Bad attrs filter -- aci_find does pure string
+ # comparison; no schema validation in find.
+ dict(
+ desc=(
+ 'Non-existent attr with all filters'
+ ' returns no match (--all --raw)'
+ ),
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(
+ all=True,
+ attrs=['badattrs'],
+ aciname=SS_CLI_FIND,
+ permissions='write',
+ raw=True,
+ ),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # Wrong attr for this rule (has 'l', not 'mobile')
+ dict(
+ desc=(
+ 'Wrong attr for rule with all filters'
+ ' returns no match (--all --raw)'
+ ),
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(
+ all=True,
+ attrs=['mobile'],
+ aciname=SS_CLI_FIND,
+ permissions='write',
+ raw=True,
+ ),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # Bad --name filter with --all --raw
+ dict(
+ desc=(
+ 'Valid name arg with bad --name filter'
+ ' returns no match (--all --raw)'
+ ),
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(
+ all=True,
+ attrs=['l'],
+ aciname='badname',
+ permissions='write',
+ raw=True,
+ ),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # Bad name arg also set to 'badname'
+ dict(
+ desc=(
+ 'Bad name arg with bad --name filter'
+ ' returns no match (--all --raw)'
+ ),
+ command=(
+ 'selfservice_find',
+ ['badname'],
+ dict(
+ all=True,
+ attrs=['l'],
+ aciname='badname',
+ permissions='write',
+ raw=True,
+ ),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # Bad permissions with --all --raw (BZ 747693)
+ # selfservice-find --raw must not return "internal error".
+ # aci_find treats permissions as a plain string filter (no
+ # validation), so 'badperm' simply matches nothing.
+ dict(
+ desc=(
+ 'Bad permissions with --all --raw'
+ ' returns no match (BZ 747693)'
+ ),
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(
+ all=True,
+ attrs=['l'],
+ aciname=SS_CLI_FIND,
+ permissions='badperm',
+ raw=True,
+ ),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # All valid params with --all --raw (BZ 747693)
+ # selfservice-find --raw must not return "internal error".
+ dict(
+ desc=(
+ 'All valid params with --all --raw'
+ ' returns raw ACI (BZ 747693)'
+ ),
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(
+ all=True,
+ attrs=['l'],
+ aciname=SS_CLI_FIND,
+ permissions='write',
+ raw=True,
+ ),
+ ),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary='1 selfservice matched',
+ result=[{
+ 'aci': (
+ '(targetattr = "l")'
+ '(version 3.0;acl "selfservice:%s";'
+ 'allow (write) '
+ 'userdn = "ldap:///self";)'
+ % SS_CLI_FIND
+ ),
+ }],
+ ),
+ ),
+
+ # Bad attrs filter without --all --raw
+ dict(
+ desc='Wrong attr filter returns no match',
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(attrs=['mobile']),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # Non-existent attr in filter
+ dict(
+ desc='Non-existent attr filter returns no match',
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(attrs=['badattrs']),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # Non-existent attr without name arg
+ dict(
+ desc='Non-existent attr without name arg returns no match',
+ command=(
+ 'selfservice_find',
+ [],
+ dict(attrs=['badattrs']),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # Valid attrs filter
+ dict(
+ desc='Valid attrs filter with name arg returns match',
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(attrs=['l']),
+ ),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary='1 selfservice matched',
+ result=[{
+ 'attrs': ['l'],
+ 'permissions': ['write'],
+ 'selfaci': True,
+ 'aciname': SS_CLI_FIND,
+ }],
+ ),
+ ),
+
+ # Without positional name arg but with --name
+ # filter to get a deterministic result.
+ dict(
+ desc='Valid attrs filter with --name option returns match',
+ command=(
+ 'selfservice_find',
+ [],
+ dict(attrs=['l'], aciname=SS_CLI_FIND),
+ ),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary='1 selfservice matched',
+ result=[{
+ 'attrs': ['l'],
+ 'permissions': ['write'],
+ 'selfaci': True,
+ 'aciname': SS_CLI_FIND,
+ }],
+ ),
+ ),
+
+ # Bad --name filter
+ dict(
+ desc='Valid name arg with bad --name filter returns no match',
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(aciname='badname'),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # Bad name arg also set to 'badname'
+ dict(
+ desc='Bad name arg with bad --name filter returns no match',
+ command=(
+ 'selfservice_find',
+ ['badname'],
+ dict(aciname='badname'),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # Valid --name filter
+ dict(
+ desc='Valid --name filter returns match',
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(aciname=SS_CLI_FIND),
+ ),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary='1 selfservice matched',
+ result=[{
+ 'attrs': ['l'],
+ 'permissions': ['write'],
+ 'selfaci': True,
+ 'aciname': SS_CLI_FIND,
+ }],
+ ),
+ ),
+
+ # Bad permissions filter -- aci_find treats permissions
+ # as a plain string filter; 'badperm' matches nothing.
+ dict(
+ desc='Bad permissions filter returns no match',
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(permissions='badperm'),
+ ),
+ expected=dict(
+ count=0,
+ truncated=False,
+ summary='0 selfservices matched',
+ result=[],
+ ),
+ ),
+
+ # Valid permissions filter
+ dict(
+ desc='Valid permissions filter with name arg returns match',
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(permissions='write'),
+ ),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary='1 selfservice matched',
+ result=[{
+ 'attrs': ['l'],
+ 'permissions': ['write'],
+ 'selfaci': True,
+ 'aciname': SS_CLI_FIND,
+ }],
+ ),
+ ),
+
+ # Without positional name arg but with --name
+ # filter to get a deterministic result.
+ dict(
+ desc=(
+ 'Valid permissions filter with --name'
+ ' option returns match'
+ ),
+ command=(
+ 'selfservice_find',
+ [],
+ dict(
+ permissions='write',
+ aciname=SS_CLI_FIND,
+ ),
+ ),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary='1 selfservice matched',
+ result=[{
+ 'attrs': ['l'],
+ 'permissions': ['write'],
+ 'selfaci': True,
+ 'aciname': SS_CLI_FIND,
+ }],
+ ),
+ ),
+
+ # Raw output only (BZ 747693)
+ # selfservice-find --raw must not return "internal error".
+ dict(
+ desc='Raw output returns ACI string without error (BZ 747693)',
+ command=(
+ 'selfservice_find',
+ [SS_CLI_FIND],
+ dict(raw=True),
+ ),
+ expected=dict(
+ count=1,
+ truncated=False,
+ summary='1 selfservice matched',
+ result=[{
+ 'aci': (
+ '(targetattr = "l")'
+ '(version 3.0;acl "selfservice:%s";'
+ 'allow (write) '
+ 'userdn = "ldap:///self";)'
+ % SS_CLI_FIND
+ ),
+ }],
+ ),
+ ),
+
+ ]
+
+
# selfservice-show & selfservice-mod CLI test rule names
SS_CLI_SHOW = 'SELFSERVICE_SHOW_TEST'
--
2.53.0
Reference in New Issue View Git Blame Copy Permalink