[Freeipa-devel] [PATCH 0012-0019] CA ACL tracker and functional test

Fri Oct 16 13:43:13 UTC 2015

On 09/30/2015 02:47 PM, Martin Basti wrote:
>
>
>
>
>
>
>
>
>
> On 09/24/2015 02:49 PM, Milan Kubík
> wrote:
>
>
>> Hi
>> all,
>>
>>
>>
>>
>> an update for CA ACL tests!
>>
>>
>>
>>
>> I, with help from M. Babinsky, managed to find a way how to change
>> the identity during acceptance cest run, which allows
>>
>>
>> to test CA ACLs (and perhaps other areas with some form of access
>> controll).
>>
>>
>>
>>
>> This allowed me to write a test for CA ACLs and certificate
>> profiles that checks if the ACL/profile is being used and
>> enforced.
>>
>>
>> The first several tests are based on Fraser's blogpost using SMIME
>> profile [1].
>>
>>
>>
>>
>> The master and ipa-4-2 branches diverged a bit, so I had to change
>> two commits when rebasing to ipa-4-2 branch.
>>
>>
>>
>>
>> Commits should be applied in the order (including rebased patches
>> I sent in an earlier email):
>>
>>
>>
>>
>> master:
>>
>>
>>     * 12 - 17
>>
>>
>>
>>
>> ipa-4-2:
>>
>>
>>     * 18, 13 - 15, 19, 17
>>
>>
>>
>>
>> For convenience:
>>
>>
>> patches on top of master:
>> https://github.com/apophys/freeipa/tree/acl-profile-functional
>>
>>
>> patches on top of ipa-4-2:
>> https://github.com/apophys/freeipa/tree/acl-42
>>
>>
>>
>>
>>
>>
>> [1]:
>> https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/
>>
>>
>>
>> Cheers,
>>
>>
>> Milan
>>
>>
>>
>>
>>
>>
>>
>
>
>
> NACK
>
>
>
> 0)
>
> rpm file does not contain test_xmlrpc/data directory, please modify
> setup.py.in.
>
>
>
> 1)
>
> Code contains to much todo for my taste.
>
>
>
> 2)
>
> Please do not use filter function, use dict comprehension.
>
>
>
>
>
>
>
>
Hi,

updated patches and the numbering mess somehow curbed. The patches are 
rebased on top of current master and ipa-4-2.

0) fixed by 0021

1) docs for tracker extended, added more test cases

2) changed

-- 
Milan Kubik

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-0012.4-ipatests-add-fuzzy-instances-for-CA-ACL-DN-and-RDN.patch
Type: text/x-patch
Size: 1139 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-0013.4-ipatests-Add-initial-CAACLTracker-implementation.patch
Type: text/x-patch
Size: 15040 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-0014.4-tests-add-test-to-check-the-default-ACL.patch
Type: text/x-patch
Size: 5896 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-0015-2-ipatests-CA-ACL-added-config-templates.patch
Type: text/x-patch
Size: 10439 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-0016-2-ipatests-added-unlock_principal_password-and-change_.patch
Type: text/x-patch
Size: 2484 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-0017-2-ipatests-CA-ACL-and-cert-profile-functional-test.patch
Type: text/x-patch
Size: 7657 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-ipa42-0012.4-ipatests-add-fuzzy-instances-for-CA-ACL-DN-and-RDN.patch
Type: text/x-patch
Size: 1133 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-ipa42-0013.4-ipatests-Add-initial-CAACLTracker-implementation.patch
Type: text/x-patch
Size: 15040 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-ipa42-0014.4-tests-add-test-to-check-the-default-ACL.patch
Type: text/x-patch
Size: 5896 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-ipa42-0015-2-ipatests-CA-ACL-added-config-templates.patch
Type: text/x-patch
Size: 10439 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-ipa42-0016-2-ipatests-added-unlock_principal_password-and-change_.patch
Type: text/x-patch
Size: 2394 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0010.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-ipa42-0017-2-ipatests-CA-ACL-and-cert-profile-functional-test.patch
Type: text/x-patch
Size: 7657 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151016/07916fb3/attachment-0011.bin>