[Freeipa-devel] [freeipa PR#299][comment] Remove "Request Certificate with SubjectAltName" permission
martbab
freeipa-github-notification at redhat.com
Mon Dec 12 12:51:13 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/299
Title: #299: Remove "Request Certificate with SubjectAltName" permission
martbab commented:
"""
I have put on my Travis moustache and found these two failing tests, you will have to fix them:
```
=================================== FAILURES ===================================
test_permission_legacy.test_command[0000: permission_find: Check that some legacy permission is found in $SUFFIX]
self = <ipatests.test_xmlrpc.test_permission_plugin.test_permission_legacy object at 0x7fbf642026d0>
index = 0
declarative_test_definition = {'command': ('permission_find', [], {'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=test'), 'version': '2.216'}), 'desc...6e430230>, 'truncated': False}, 'nice': '0000: permission_find: Check that some legacy permission is found in $SUFFIX'}
def test_command(self, index, declarative_test_definition):
"""Run an individual test
The arguments are provided by the pytest plugin.
"""
if callable(declarative_test_definition):
declarative_test_definition(self)
else:
> self.check(**declarative_test_definition)
/usr/lib/python2.7/site-packages/ipatests/test_xmlrpc/xmlrpc_test.py:318:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib/python2.7/site-packages/ipatests/test_xmlrpc/xmlrpc_test.py:330: in check
self.check_output(nice, cmd, args, options, expected, extra_check)
/usr/lib/python2.7/site-packages/ipatests/test_xmlrpc/xmlrpc_test.py:379: in check_output
assert_deepequal(expected, got, nice)
/usr/lib/python2.7/site-packages/ipatests/util.py:388: in assert_deepequal
assert_deepequal(e_sub, g_sub, doc, stack + (key,))
/usr/lib/python2.7/site-packages/ipatests/util.py:390: in assert_deepequal
if not expected(got):
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
results = [{'attrs': ('objectclass',), 'cn': ('Certificate Remove Hold',), 'dn': 'cn=Certificate Remove Hold,cn=permissions,cn=p...eve Certificates from the CA,cn=permissions,cn=pbac,dc=ipa,dc=test', 'ipapermbindruletype': ('permission',), ...}, ...]
def check_legacy_results(results):
"""Check that the expected number of legacy permissions are in $SUFFIX"""
legacy_permissions = [p for p in results
if not p.get('ipapermissiontype')]
print(legacy_permissions)
> assert len(legacy_permissions) == 9, len(legacy_permissions)
E AssertionError: 8
E assert 8 == 9
E + where 8 = len([{'attrs': ('objectclass',), 'cn': ('Certificate Remove Hold',), 'dn': 'cn=Certificate Remove Hold,cn=permissions,cn=p...eve Certificates from the CA,cn=permissions,cn=pbac,dc=ipa,dc=test', 'ipapermbindruletype': ('permission',), ...}, ...])
/usr/lib/python2.7/site-packages/ipatests/test_xmlrpc/test_permission_plugin.py:3128: AssertionError
```
I also wonder if there is a possibility for this removal to break replica install against older (IPA v3) masters.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/299#issuecomment-266423674
More information about the Freeipa-devel
mailing list