From 2aa8aee407d3ba221e1fd24e143b916b2d0be3c0 Mon Sep 17 00:00:00 2001
From: Gary Williams <gary.williams@forgerock.com>
Date: Wed, 28 Mar 2012 14:02:43 +0000
Subject: [PATCH] refactor replication functional tests to be one test per function
---
opends/tests/staf-tests/functional-tests/testcases/replication/aci/aci.xml | 1167 ++++++----------------------------------------------------
1 files changed, 126 insertions(+), 1,041 deletions(-)
diff --git a/opends/tests/staf-tests/functional-tests/testcases/replication/aci/aci.xml b/opends/tests/staf-tests/functional-tests/testcases/replication/aci/aci.xml
index d79f07e..fc6f3d2 100644
--- a/opends/tests/staf-tests/functional-tests/testcases/replication/aci/aci.xml
+++ b/opends/tests/staf-tests/functional-tests/testcases/replication/aci/aci.xml
@@ -7,1079 +7,164 @@
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
- !
+ !
! You can obtain a copy of the license at
- ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
- ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
+ ! or http://forgerock.org/license/CDDLv1.0.html.
! See the License for the specific language governing permissions
! and limitations under the License.
- !
+ !
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
- ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
- ! Copyright 2010 Sun Microsystems, Inc.
- ! Portions Copyright 2011-2012 ForgeRock AS.
+ ! Copyright 2012 ForgeRock AS.
! -->
<stax>
-
<defaultcall function="replication_aci"/>
-
- <function name="replication_aci">
-
+ <function name="replication_aci" scope="local">
<sequence>
+ <block name="'replication_aci'">
+ <try>
+ <sequence>
+ <script>
+ CurrentTestPath['group'] = 'replication'
+ CurrentTestPath['suite'] = 'aci'
+
+ _group=CurrentTestPath['group']
+ _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
+ _label = 'Replication ACI'
+ </script>
- <block name="'aci'">
+ <!--- Test Suite information
+ #@TestSuiteName Replication ACI Tests
+ #@TestSuitePurpose Verify that the ACI operations are replicated
+ correctly between two servers.
+ #@TestSuiteID ACI Tests
+ #@TestSuiteGroup ACI
+ #@TestGroup Replication
+ #@TestScript replication_aci.xml
+ #@TestHTMLLink http://www.forgerock.org/
+ -->
+
+ <call function="'testSuite_Preamble'"/>
- <sequence>
-
- <script>
- if not CurrentTestPath.has_key('group'):
- CurrentTestPath['group']='aci'
- CurrentTestPath['suite']=STAXCurrentBlock
- </script>
-
- <call function="'testSuite_Preamble'"/>
-
- <!--- Test Suite information
- #@TestSuiteName Replication ACI Tests
- #@TestSuitePurpose Verify that updates on ACIs are replicated all
- right and are applied accordingly across the
- topology.
- #@TestSuiteID ACI Tests
- #@TestSuiteGroup ACI
- #@TestGroup Replication
- #@TestScript replication_aci.xml
- #@TestHTMLLink http://opends.dev.java.net/
- -->
-
+ <try>
+ <sequence>
- <import machine="STAF_LOCAL_HOSTNAME"
- file="'%s/testcases/replication/replication_setup.xml'
- % (TESTS_DIR)"/>
- <call function="'replication_setup'">
- { 'dataFile' : 'Short_Example.ldif' ,
- 'label' : 'Replication ACI' }
- </call>
-
- <script>
- class Entry:
- def __init__(self, rdn, suffix):
- self.userDn = '%s,ou=People,%s' \
- % (rdn, suffix)
- self.suffix = suffix
- self.listAttr = []
- self.listAttr.append('objectclass:top')
- self.listAttr.append('objectclass:organizationalperson')
- self.listAttr.append('objectclass:inetorgperson')
- self.listAttr.append('objectclass:person')
- def getDn(self):
- return self.userDn
- def getSuffix(self):
- return self.suffix
- def getAttrList(self):
- return self.listAttr
- def addAttr(self, attrType, attrValue):
- self.listAttr.append('%s:%s' % (attrType, attrValue))
- </script>
+ <import machine="STAF_LOCAL_HOSTNAME"
+ file="'%s/testcases/replication/replication_setup.xml'
+ % (TESTS_DIR)"/>
+ <call function="'replication_setup'">
+ { 'dataFile' : 'Short_Example.ldif' ,
+ 'label' : _label }
+ </call>
+ <!-- List of Import of Test Functions -->
+ <script>
+ importList=[]
+ importList.append('aci/aci_tests')
+ </script>
-
- <!--- Test Case information
- #@TestMarker Replication ACI Tests
- #@TestName Replication: ACI: Add entry with ACI
- #@TestID Add entry with ACI
- #@TestPurpose Check ACI replication over an entry add
- #@TestPreamble
- #@TestSteps Add entry with ACI: deny self description write
- #@TestSteps Binding as entry, add givenname to entry
- (expect SUCCESS)
- #@TestSteps Binding as entry, add description to entry
- (expect ERROR 50)
- #@TestPostamble
- #@TestResult Success if the servers synchronised and the aci
- correctly applied after replication
- -->
- <testcase name="getTestCaseName('Add entry with ACI')">
- <sequence>
- <call function="'testCase_Preamble'"/>
- <message>
- 'Replication: ACI: Add entry with ACI. Check ACI replication \
- over an entry add.'
- </message>
-
- <script>
- myAci = "(targetattr=\"description\")(version 3.0; acl \"Deny Self Description Write\"; deny (write) userdn=\"ldap:///self\";)"
- myUserpassword = 'entryPwd'
+ <!-- Import the files for this test suite -->
+ <iterate var="_import" in="importList">
+ <import machine="STAF_LOCAL_HOSTNAME"
+ file="'%s/%s.xml' % (_groupdir,_import)"/>
+ </iterate>
- myEntry = Entry('cn=ACI entry', synchroSuffix)
- myEntry.addAttr('sn', 'ACI repl tests')
- myEntry.addAttr('aci', myAci)
- myEntry.addAttr('userpassword', myUserpassword)
- </script>
-
- <!-- Add entry to "master" server with aci:
- ! (targetattr="description")(version 3.0; acl
- ! "Deny Self Description Write"; deny (write)
- ! userdn="ldap:///self";)
- -->
- <message>
- 'Add entry %s with ACI: \n%s' % (myEntry.getDn(), myAci)
- </message>
- <call function="'addAnEntry'">
- { 'location' : masterHost,
- 'dsPath' : masterPath,
- 'dsInstanceHost' : masterHost,
- 'dsInstancePort' : master.getPort(),
- 'dsInstanceDn' : master.getRootDn(),
- 'dsInstancePswd' : master.getRootPwd(),
- 'DNToAdd' : myEntry.getDn(),
- 'listAttributes' : myEntry.getAttrList()
- }
- </call>
-
- <message>
- '+++ New ACI +++\nDeny "%s" the access to write its own \
- description attribute.' % myEntry.getDn()
- </message>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
+ <!-- Specific to replication tests -->
+ <script>
+ msg1 = 'Replication: ACI:'
+ class Entry:
+ def __init__(self, rdn, suffix):
+ self.userDn = '%s,ou=People,%s' \
+ % (rdn, suffix)
+ self.suffix = suffix
+ self.listAttr = []
+ self.listAttr.append('objectclass:top')
+ self.listAttr.append('objectclass:organizationalperson')
+ self.listAttr.append('objectclass:inetorgperson')
+ self.listAttr.append('objectclass:person')
+ def getDn(self):
+ return self.userDn
+ def getSuffix(self):
+ return self.suffix
+ def getAttrList(self):
+ return self.listAttr
+ def addAttr(self, attrType, attrValue):
+ self.listAttr.append('%s:%s' % (attrType, attrValue))
+ </script>
+
+ <!-- List of Test Cases -->
+ <script>
+ testsList=[]
+ testsList.append('replication_aci_001')
+ testsList.append('replication_aci_002')
+ testsList.append('replication_aci_003')
+ testsList.append('replication_aci_004')
+ testsList.append('replication_aci_005')
+ testsList.append('replication_aci_006')
+ testsList.append('replication_aci_007')
+ </script>
+
+ <!-- Execute the Tests -->
+ <iterate var="__test" in="testsList">
+ <sequence>
+ <call function="'%s' % (__test)" />
+ </sequence>
+ </iterate>
+
+ </sequence>
+
+ <catch exception="'STAFException.TestSuite.SetupException'">
<sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
-
- myGivenname = 'My own GIVENNAME value %s' % i
- myDescription = 'My own DESCRIPTION value %s' % i
- </script>
-
- <message>
- 'Binding as "%s", add givenname %s to entry %s on server \
- %s:%s. -- Expect: SUCCESS' % \
- (myEntry.getDn(), myGivenname, myEntry.getDn(),
- server.getHostname(), server.getPort())
+ <message log="1" level="'fatal'">
+ 'Setup of test suite failed.'
</message>
- <!-- Modify entry on one of the servers -->
- <call function="'modifyAnAttribute'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'DNToModify' : myEntry.getDn(),
- 'attributeName' : 'givenname',
- 'newAttributeValue' : myGivenname,
- 'changetype' : 'add'
- }
- </call>
-
- <message>
- 'Binding as "%s", add description %s to entry %s on \
- server %s:%s. -- Expect: ERROR 50 (Insufficient Access \
- Rights)' % \
- (myEntry.getDn(), myDescription, myEntry.getDn(),
- server.getHostname(), server.getPort())
- </message>
- <!-- Modify entry on one of the servers -->
- <call function="'modifyAnAttribute'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'DNToModify' : myEntry.getDn(),
- 'attributeName' : 'description',
- 'newAttributeValue' : myDescription,
- 'changetype' : 'add',
- 'expectedRC' : 50
- }
- </call>
+ <rethrow/>
</sequence>
- </iterate>
-
- <!-- Verify the synchronization of the trees among the servers in
- the topology -->
- <call function="'verifyTrees'">
- [ clientHost, clientPath, master, consumerList, synchroSuffix ]
- </call>
+ </catch>
+
+ <finally>
+ <message>'Test Cases Completed.'</message>
+ </finally>
- <call function="'testCase_Postamble'"/>
- </sequence>
- </testcase>
+ </try>
+
+ </sequence>
-
-
- <!--- Test Case information
- #@TestMarker Replication ACI Tests
- #@TestName Replication: ACI: Modify_add ACI
- #@TestID Modify_add ACI
- #@TestPurpose Check ACI replication over a modify_add
- #@TestPreamble Add a user entry to suffix
- #@TestSteps Binding as user, add description to child entry
- (expect ERROR 50)
- #@TestSteps Add ACI to parent entry: allow user full access
- to all description attributes
- #@TestSteps Binding as user, add description to child entry
- (expect SUCCESS)
- #@TestPostamble
- #@TestResult Success if the servers synchronised and the aci
- correctly applied after replication
- -->
- <testcase name="getTestCaseName('Modify_add ACI')">
- <sequence>
- <call function="'testCase_Preamble'"/>
- <message>
- 'Replication: ACI: Modify_add ACI. Check ACI replication \
- over a modify_add.'
- </message>
-
- <script>
- myAci = "(targetattr=\"description\")(version 3.0; acl \"Allow ACI-user access to description\"; allow (all) userdn=\"ldap:///cn=ACI user,ou=People,%s\";)" % synchroSuffix
- mySn = 'ACI repl user'
- myUserpassword = 'userPwd'
-
- myEntry = Entry('cn=ACI user', synchroSuffix)
- myEntry.addAttr('sn', mySn)
- myEntry.addAttr('userpassword', myUserpassword)
-
- myTargetEntryDn = 'uid=sholmes,ou=People,%s' % synchroSuffix
- </script>
-
- <!-- Add user entry to "master" server -->
- <message>
- 'Add user entry %s' % myEntry.getDn()
- </message>
- <call function="'addAnEntry'">
- { 'location' : masterHost,
- 'dsPath' : masterPath,
- 'dsInstanceHost' : masterHost,
- 'dsInstancePort' : master.getPort(),
- 'dsInstanceDn' : master.getRootDn(),
- 'dsInstancePswd' : master.getRootPwd(),
- 'DNToAdd' : myEntry.getDn(),
- 'listAttributes' : myEntry.getAttrList()
- }
- </call>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
+ <finally>
+ <sequence>
+ <!-- Test Suite Cleanup -->
+ <message>'Finally: Replication Cleanup.'</message>
+ <try>
<sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
-
- myDescription = 'He was a serious opium adict - %s' % i
- </script>
-
- <message>
- 'Binding as "%s", add description %s to entry %s on \
- server %s:%s. -- Expect: ERROR 50 (Insufficient Access \
- Rights)' % \
- (myEntry.getDn(), myDescription, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
- <!-- Modify entry on one of the servers -->
- <call function="'modifyAnAttribute'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'DNToModify' : myTargetEntryDn,
- 'attributeName' : 'description',
- 'newAttributeValue' : myDescription,
- 'changetype' : 'add',
- 'expectedRC' : 50
- }
+ <import machine="STAF_LOCAL_HOSTNAME"
+ file="'%s/testcases/replication/replication_cleanup.xml'
+ % (TESTS_DIR)"/>
+ <call function="'replication_cleanup'">
+ { 'label' : _label }
</call>
- </sequence>
- </iterate>
-
- <!-- Add aci to entry ou=People,o=example on "master" server:
- ! (targetattr="description")(version 3.0; acl
- ! "Allow ACI-user access to description"; allow (all)
- ! userdn="ldap:///cn=ACI user,ou=People,o=example";)
- -->
- <message>
- 'Add ACI to entry ou=People,%s: \n%s' % (synchroSuffix, myAci)
- </message>
- <call function="'modifyAnAttribute'">
- { 'location' : masterHost,
- 'dsPath' : masterPath,
- 'dsInstanceHost' : masterHost,
- 'dsInstancePort' : master.getPort(),
- 'dsInstanceDn' : master.getRootDn(),
- 'dsInstancePswd' : master.getRootPwd(),
- 'DNToModify' : 'ou=People,%s' % synchroSuffix,
- 'attributeName' : 'aci',
- 'newAttributeValue' : myAci,
- 'changetype' : 'add'
- }
- </call>
-
- <message>
- '+++ New ACI +++\nAllow "%s" full access to all description \
- attributes under ou=People,%s.' % \
- (myEntry.getDn(), synchroSuffix)
- </message>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
+ </sequence>
+ <catch exception="'STAFException'">
<sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
-
- myDescription = 'He was a serious opium adict - %s' % i
- </script>
-
- <message>
- 'Binding as "%s", add description %s to entry %s on \
- server %s:%s. -- Expect: SUCCESS' % \
- (myEntry.getDn(), myDescription, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
- <!-- Modify entry on one of the servers -->
- <call function="'modifyAnAttribute'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'DNToModify' : myTargetEntryDn,
- 'attributeName' : 'description',
- 'newAttributeValue' : myDescription,
- 'changetype' : 'add'
- }
- </call>
+ <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
</sequence>
- </iterate>
-
- <!-- Verify the synchronization of the trees among the servers in
- the topology -->
- <call function="'verifyTrees'">
- [ clientHost, clientPath, master, consumerList, synchroSuffix ]
- </call>
-
- <call function="'testCase_Postamble'"/>
+ </catch>
+ <finally>
+ <call function="'testSuite_Postamble'"/>
+ </finally>
+ </try>
</sequence>
- </testcase>
-
-
-
- <!--- Test Case information
- #@TestMarker Replication ACI Tests
- #@TestName Replication: ACI: Modify_replace ACI target
- #@TestID Modify_replace ACI target
- #@TestPurpose Check ACI replication over a modify_replace of
- the ACI target
- #@TestPreamble
- #@TestSteps Binding as user, add telephonenumber to child
- entry (expect ERROR 50)
- #@TestSteps Replace ACI on parent entry: allow user full
- access to all telephonenumber attributes
- #@TestSteps Binding as user, add telephonenumber to child
- entry (expect SUCCESS)
- #@TestPostamble
- #@TestResult Success if the servers synchronised and the aci
- correctly applied after replication
- -->
- <testcase name="getTestCaseName('Modify_replace ACI target')">
- <sequence>
- <call function="'testCase_Preamble'"/>
- <message>
- 'Replication: ACI: Modify_replace ACI target. Check ACI \
- replication over a modify_replace of the ACI target.'
- </message>
-
- <script>
- myAci = "(targetattr=\"telephonenumber\")(version 3.0; acl \"Allow ACI-user access to telephonenumber\"; allow (all) userdn=\"ldap:///cn=ACI user,ou=People,%s\";)" % synchroSuffix
- myUserpassword = 'userPwd'
-
- myEntry = Entry('cn=ACI user', synchroSuffix)
-
- myTargetEntryDn = 'uid=sholmes,ou=People,%s' % synchroSuffix
- </script>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
- <sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
-
- myTelephonenumber = '221-221-221-%s' % i
- </script>
-
- <message>
- 'Binding as "%s", add telephonenumber %s to entry %s on \
- server %s:%s. -- Expect: ERROR 50 (Insufficient Access \
- Rights)' % \
- (myEntry.getDn(), myTelephonenumber, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
- <!-- Modify entry on one of the servers -->
- <call function="'modifyAnAttribute'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'DNToModify' : myTargetEntryDn,
- 'attributeName' : 'telephonenumber',
- 'newAttributeValue' : myTelephonenumber,
- 'changetype' : 'add',
- 'expectedRC' : 50
- }
- </call>
- </sequence>
- </iterate>
-
- <!-- Replace aci on entry ou=People,o=example on "master" server:
- ! (targetattr="telephonenumber")(version 3.0; acl
- ! "Allow ACI-user access to telephonenumber"; allow (all)
- ! userdn="ldap:///cn=ACI user,ou=People,o=example";)
- -->
- <message>
- 'Replace ACI on entry ou=People,%s: \n%s' % \
- (synchroSuffix, myAci)
- </message>
- <call function="'modifyAnAttribute'">
- { 'location' : masterHost,
- 'dsPath' : masterPath,
- 'dsInstanceHost' : masterHost,
- 'dsInstancePort' : master.getPort(),
- 'dsInstanceDn' : master.getRootDn(),
- 'dsInstancePswd' : master.getRootPwd(),
- 'DNToModify' : 'ou=People,%s' % synchroSuffix,
- 'attributeName' : 'aci',
- 'newAttributeValue' : myAci,
- 'changetype' : 'replace'
- }
- </call>
-
- <message>
- '+++ New ACI +++\nAllow "%s" full access to all telephonenumber\
- attributes under ou=People,%s.' % \
- (myEntry.getDn(), synchroSuffix)
- </message>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
- <sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
-
- myTelephonenumber = '221-221-221-%s' % i
- </script>
-
- <message>
- 'Binding as "%s", add description %s to entry %s on \
- server %s:%s. -- Expect: SUCCESS' % \
- (myEntry.getDn(), myTelephonenumber, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
- <!-- Modify entry on one of the servers -->
- <call function="'modifyAnAttribute'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'DNToModify' : myTargetEntryDn,
- 'attributeName' : 'telephonenumber',
- 'newAttributeValue' : myTelephonenumber,
- 'changetype' : 'add'
- }
- </call>
- </sequence>
- </iterate>
-
- <!-- Verify the synchronization of the trees among the servers in
- the topology -->
- <call function="'verifyTrees'">
- [ clientHost, clientPath, master, consumerList, synchroSuffix ]
- </call>
-
- <call function="'testCase_Postamble'"/>
- </sequence>
- </testcase>
-
-
- <!--- Test Case information
- #@TestMarker Replication ACI Tests
- #@TestName Replication: ACI: Modify_replace ACI permission
- #@TestID Modify_replace ACI permission
- #@TestPurpose Check ACI replication over a modify_replace of
- the ACI permission
- #@TestPreamble
- #@TestSteps Binding as user, compare telephonenumber value
- to child entry (expect SUCCESS)
- #@TestSteps Replace ACI on parent entry: deny user access to
- telephonenumber attributes
- #@TestSteps Binding as user, compare telephonenumber value
- to child entry (expect ERROR 50)
- #@TestPostamble
- #@TestResult Success if the servers synchronised and the aci
- correctly applied after replication
- -->
- <testcase name="getTestCaseName('Modify_replace ACI permission')">
- <sequence>
- <call function="'testCase_Preamble'"/>
- <message>
- 'Replication: ACI: Modify_replace ACI permission. Check ACI \
- replication over a modify_replace of the ACI permission.'
- </message>
-
- <script>
- myAci = "(targetattr=\"telephonenumber\")(version 3.0; acl \"Deny ACI-user access to telephonenumber\"; deny (all) userdn=\"ldap:///cn=ACI user,ou=People,%s\";)" % synchroSuffix
- myUserpassword = 'userPwd'
-
- myEntry = Entry('cn=ACI user', synchroSuffix)
-
- myTargetEntryDn = 'uid=sholmes,ou=People,%s' % synchroSuffix
- myTelephonenumber = '+1 408 555 6789'
- </script>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
- <sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
- </script>
-
- <message>
- 'Binding as "%s", compare telephonenumber:%s value to \
- entry %s on server %s:%s. -- Expect: SUCCESS' % \
- (myEntry.getDn(), myTelephonenumber, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
-
- <!-- Compare 'telephonenumber:+1 408 555 6789' value to entry
- ! uid=sholmes,ou=People,o=example -->
- <call function="'ldapCompareWithScript'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'dsDn' : ['telephonenumber:%s' % \
- myTelephonenumber, myTargetEntryDn],
- 'expectedRC' : 0
- }
- </call>
- </sequence>
- </iterate>
-
- <!-- Replace aci on entry ou=People,o=example on "master" server:
- ! (targetattr="telephonenumber")(version 3.0; acl
- ! "Deny ACI-user access to telephonenumber"; deny (all)
- ! userdn="ldap:///cn=ACI user,ou=People,o=example";)
- -->
- <message>
- 'Replace ACI on entry ou=People,%s: \n%s' % \
- (synchroSuffix, myAci)
- </message>
- <call function="'modifyAnAttribute'">
- { 'location' : masterHost,
- 'dsPath' : masterPath,
- 'dsInstanceHost' : masterHost,
- 'dsInstancePort' : master.getPort(),
- 'dsInstanceDn' : master.getRootDn(),
- 'dsInstancePswd' : master.getRootPwd(),
- 'DNToModify' : 'ou=People,%s' % synchroSuffix,
- 'attributeName' : 'aci',
- 'newAttributeValue' : myAci,
- 'changetype' : 'replace'
- }
- </call>
-
- <message>
- '+++ New ACI +++\nDeny "%s" access to all telephonenumber \
- attributes under ou=People,%s.' % \
- (myEntry.getDn(), synchroSuffix)
- </message>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
- <sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
- </script>
-
- <message>
- 'Binding as "%s", compare telephonenumber:%s value to \
- entry %s on server %s:%s. -- Expect: ERROR 50 \
- (Insufficient Access Rights)' % \
- (myEntry.getDn(), myTelephonenumber, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
-
- <!-- Compare 'telephonenumber:+1 408 555 6789' value to entry
- ! uid=sholmes,ou=People,o=example -->
- <call function="'ldapCompareWithScript'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'dsDn' : ['telephonenumber:%s' % \
- myTelephonenumber, myTargetEntryDn],
- 'expectedRC' : 50
- }
- </call>
- </sequence>
- </iterate>
-
- <!-- Verify the synchronization of the trees among the servers in
- the topology -->
- <call function="'verifyTrees'">
- [ clientHost, clientPath, master, consumerList, synchroSuffix ]
- </call>
-
- <call function="'testCase_Postamble'"/>
- </sequence>
- </testcase>
-
-
-
- <!--- Test Case information
- #@TestMarker Replication ACI Tests
- #@TestName Replication: ACI: Modify_replace ACI bind rule
- #@TestID Modify_replace ACI bind rule
- #@TestPurpose Check ACI replication over a modify_replace of
- the ACI bind rule
- #@TestPreamble Add new user entry
- #@TestSteps Binding as new user, compare telephonenumber
- value to child entry (expect SUCCESS)
- #@TestSteps Replace ACI on parent entry: deny users with
- a given sn access to telephonenumber attributes
- #@TestSteps Binding as new user, compare telephonenumber
- value to child entry (expect ERROR 50)
- #@TestPostamble
- #@TestResult Success if the servers synchronised and the aci
- correctly applied after replication
- -->
- <testcase name="getTestCaseName('Modify_replace ACI bind rule')">
- <sequence>
- <call function="'testCase_Preamble'"/>
- <message>
- 'Replication: ACI: Modify_replace ACI bind rule. Check ACI \
- replication over a modify_replace of the ACI bind rule.'
- </message>
-
- <script>
- mySn = 'ACI repl user'
- myAci = "(targetattr=\"telephonenumber\")(version 3.0; acl \"Deny ACI repl users access to telephonenumber\"; deny (all) userdn=\"ldap:///%s??sub?(sn=%s)\";)" % (synchroSuffix, mySn)
- myUserpassword = 'secondUserPwd'
-
- myEntry = Entry('cn=Second ACI user', synchroSuffix)
- myEntry.addAttr('sn', mySn)
- myEntry.addAttr('userpassword', myUserpassword)
-
- myTargetEntryDn = 'uid=sholmes,ou=People,%s' % synchroSuffix
- myTelephonenumber = '+1 408 555 6789'
- </script>
-
- <!-- Add user entry to "master" server -->
- <message>
- 'Add user entry %s' % myEntry.getDn()
- </message>
- <call function="'addAnEntry'">
- { 'location' : masterHost,
- 'dsPath' : masterPath,
- 'dsInstanceHost' : masterHost,
- 'dsInstancePort' : master.getPort(),
- 'dsInstanceDn' : master.getRootDn(),
- 'dsInstancePswd' : master.getRootPwd(),
- 'DNToAdd' : myEntry.getDn(),
- 'listAttributes' : myEntry.getAttrList()
- }
- </call>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
- <sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
- </script>
-
- <message>
- 'Binding as "%s", compare telephonenumber:%s value to \
- entry %s on server %s:%s. -- Expect: SUCCESS' % \
- (myEntry.getDn(), myTelephonenumber, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
-
- <!-- Compare 'telephonenumber:+1 408 555 6789' value to entry
- ! uid=sholmes,ou=People,o=example -->
- <call function="'ldapCompareWithScript'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'dsDn' : ['telephonenumber:%s' % \
- myTelephonenumber, myTargetEntryDn],
- 'expectedRC' : 0
- }
- </call>
- </sequence>
- </iterate>
-
- <!-- Replace aci on entry ou=People,o=example on "master" server:
- ! (targetattr="telephonenumber")(version 3.0; acl
- ! "Deny ACI repl users access to telephonenumber"; deny (all)
- ! userdn="ldap:///o=example??sub?(sn=ACI repl user)";)
- -->
- <message>
- 'Replace ACI on entry ou=People,%s: \n%s' % \
- (synchroSuffix, myAci)
- </message>
- <call function="'modifyAnAttribute'">
- { 'location' : masterHost,
- 'dsPath' : masterPath,
- 'dsInstanceHost' : masterHost,
- 'dsInstancePort' : master.getPort(),
- 'dsInstanceDn' : master.getRootDn(),
- 'dsInstancePswd' : master.getRootPwd(),
- 'DNToModify' : 'ou=People,%s' % synchroSuffix,
- 'attributeName' : 'aci',
- 'newAttributeValue' : myAci,
- 'changetype' : 'replace'
- }
- </call>
-
- <message>
- '+++ New ACI +++\nDeny users with (sn=%s) access to all \
- telephonenumber attributes under ou=People,%s.' % \
- (mySn, synchroSuffix)
- </message>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
- <sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
- </script>
-
- <message>
- 'Binding as "%s", compare telephonenumber:%s value to \
- entry %s on server %s:%s. -- Expect: ERROR 50 \
- (Insufficient Access Rights)' % \
- (myEntry.getDn(), myTelephonenumber, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
-
- <!-- Compare 'telephonenumber:+1 408 555 6789' value to entry
- ! uid=sholmes,ou=People,o=example -->
- <call function="'ldapCompareWithScript'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'dsDn' : ['telephonenumber:%s' % \
- myTelephonenumber, myTargetEntryDn],
- 'expectedRC' : 50
- }
- </call>
- </sequence>
- </iterate>
-
- <!-- Verify the synchronization of the trees among the servers in
- the topology -->
- <call function="'verifyTrees'">
- [ clientHost, clientPath, master, consumerList, synchroSuffix ]
- </call>
-
- <call function="'testCase_Postamble'"/>
- </sequence>
- </testcase>
-
-
- <!--- Test Case information
- #@TestMarker Replication ACI Tests
- #@TestName Replication: ACI: Bypass-acl privilege
- #@TestID Bypass-acl privilege
- #@TestPurpose Check the bypass-acl privilege is replicated and
- successfully applied over the topology
- #@TestPreamble
- #@TestSteps Binding as new user, compare telephonenumber
- value to child entry (expect ERROR 50)
- #@TestSteps Add ds-privilege-name:bypass-acl to new user
- #@TestSteps Binding as new user, compare telephonenumber
- value to child entry (expect SUCCESS)
- #@TestPostamble
- #@TestResult Success if the servers synchronised and the aci
- correctly applied after replication
- -->
- <testcase name="getTestCaseName('Bypass-acl privilege')">
- <sequence>
- <call function="'testCase_Preamble'"/>
- <message>
- 'Replication: ACI: Bypass-acl privilege. Check the bypass-acl \
- privilege is replicated and successfully applied over the \
- topology'
- </message>
-
- <script>
- myAci = "(targetattr=\"telephonenumber\")(version 3.0; acl \"Deny ACI repl users access to telephonenumber\"; deny (all) userdn=\"ldap:///%s??sub?(sn=%s)\";)" % (synchroSuffix, mySn)
- myUserpassword = 'secondUserPwd'
- myPrivilege = 'bypass-acl'
-
- myEntry = Entry('cn=Second ACI user', synchroSuffix)
-
- myTargetEntryDn = 'uid=sholmes,ou=People,%s' % synchroSuffix
- myTelephonenumber = '+1 408 555 6789'
- </script>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
- <sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
- </script>
-
- <message>
- 'Binding as "%s", compare telephonenumber:%s value to \
- entry %s on server %s:%s. -- Expect: ERROR 50 \
- (Insufficient Access Rights)' % \
- (myEntry.getDn(), myTelephonenumber, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
-
- <!-- Compare 'telephonenumber:+1 408 555 6789' value to entry
- ! uid=sholmes,ou=People,o=example -->
- <call function="'ldapCompareWithScript'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'dsDn' : ['telephonenumber:%s' % \
- myTelephonenumber, myTargetEntryDn],
- 'expectedRC' : 50
- }
- </call>
- </sequence>
- </iterate>
-
- <!-- Add bypass-acl privilege to new user entry -->
- <message>
- 'Add %s privilege to entry %s: \n' % \
- (myPrivilege, myEntry.getDn())
- </message>
- <call function="'modifyAnAttribute'">
- { 'location' : masterHost,
- 'dsPath' : masterPath,
- 'dsInstanceHost' : masterHost,
- 'dsInstancePort' : master.getPort(),
- 'dsInstanceDn' : master.getRootDn(),
- 'dsInstancePswd' : master.getRootPwd(),
- 'DNToModify' : myEntry.getDn(),
- 'attributeName' : 'ds-privilege-name',
- 'newAttributeValue' : myPrivilege,
- 'changetype' : 'add'
- }
- </call>
-
- <message>
- '+++ Active ACI +++\nDeny users with (sn=%s) access to all \
- telephonenumber attributes under ou=People,%s.' % \
- (mySn, synchroSuffix)
- </message>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
- <sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
- </script>
-
- <message>
- 'Binding as "%s", compare telephonenumber:%s value to \
- entry %s on server %s:%s. -- Expect: SUCCESS' % \
- (myEntry.getDn(), myTelephonenumber, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
-
- <!-- Compare 'telephonenumber:+1 408 555 6789' value to entry
- ! uid=sholmes,ou=People,o=example -->
- <call function="'ldapCompareWithScript'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'dsDn' : ['telephonenumber:%s' % \
- myTelephonenumber, myTargetEntryDn],
- 'expectedRC' : 0
- }
- </call>
- </sequence>
- </iterate>
-
- <!-- Verify the synchronization of the trees among the servers in
- the topology -->
- <call function="'verifyTrees'">
- [ clientHost, clientPath, master, consumerList, synchroSuffix ]
- </call>
-
- <call function="'testCase_Postamble'"/>
- </sequence>
- </testcase>
-
-
- <!--- Test Case information
- #@TestMarker Replication ACI Tests
- #@TestName Replication: ACI: Modify_delete ACI
- #@TestID Modify_delete ACI
- #@TestPurpose Check ACI replication over a modify_delete
- #@TestPreamble
- #@TestSteps Binding as user, compare telephonenumber value
- to child entry (expect ERROR 50)
- #@TestSteps Delete ACI on parent entry
- #@TestSteps Binding as user, compare telephonenumber value
- to child entry (expect SUCCESS)
- #@TestPostamble
- #@TestResult Success if the servers synchronised and the aci
- correctly applied after replication
- -->
- <testcase name="getTestCaseName('Modify_delete ACI')">
- <sequence>
- <call function="'testCase_Preamble'"/>
- <message>
- 'Replication: ACI: Modify_delete ACI. Check ACI \
- replication over a modify_delete.'
- </message>
-
- <script>
- myAci = "(targetattr=\"telephonenumber\")(version 3.0; acl \"Deny ACI repl users access to telephonenumber\"; deny (all) userdn=\"ldap:///%s??sub?(sn=%s)\";)" % (synchroSuffix, mySn)
- myUserpassword = 'userPwd'
-
- myEntry = Entry('cn=ACI user', synchroSuffix)
-
- myTargetEntryDn = 'uid=sholmes,ou=People,%s' % synchroSuffix
- myTelephonenumber = '+1 408 555 6789'
- </script>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
- <sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
- </script>
-
- <message>
- 'Binding as "%s", compare telephonenumber:%s value to \
- entry %s on server %s:%s. -- Expect: ERROR 50 \
- (Insufficient Access Rights)' % \
- (myEntry.getDn(), myTelephonenumber, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
-
- <!-- Compare 'telephonenumber:+1 408 555 6789' value to entry
- ! uid=sholmes,ou=People,o=example -->
- <call function="'ldapCompareWithScript'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'dsDn' : ['telephonenumber:%s' % \
- myTelephonenumber, myTargetEntryDn],
- 'expectedRC' : 50
- }
- </call>
- </sequence>
- </iterate>
-
- <!-- Delete aci on entry ou=People,o=example on "master" server:
- ! (targetattr="telephonenumber")(version 3.0; acl
- ! "Deny ACI repl users access to telephonenumber"; deny (all)
- ! userdn="ldap:///o=example??sub?(sn=ACI repl user)";)
- -->
- <message>
- 'Delete ACI on entry ou=People,%s: \n%s' % \
- (synchroSuffix, myAci)
- </message>
- <call function="'modifyAnAttribute'">
- { 'location' : masterHost,
- 'dsPath' : masterPath,
- 'dsInstanceHost' : masterHost,
- 'dsInstancePort' : master.getPort(),
- 'dsInstanceDn' : master.getRootDn(),
- 'dsInstancePswd' : master.getRootPwd(),
- 'DNToModify' : 'ou=People,%s' % synchroSuffix,
- 'attributeName' : 'aci',
- 'newAttributeValue' : myAci,
- 'changetype' : 'delete'
- }
- </call>
-
- <message>
- '+++ New ACI +++\nNo aci in ou=People,%s.' % synchroSuffix
- </message>
-
- <iterate var="server" in="_topologyServerList" indexvar="i">
- <sequence>
- <script>
- serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
- </script>
-
- <message>
- 'Binding as "%s", compare telephonenumber:%s value to \
- entry %s on server %s:%s. -- Expect: SUCCESS' % \
- (myEntry.getDn(), myTelephonenumber, myTargetEntryDn,
- server.getHostname(), server.getPort())
- </message>
-
- <!-- Compare 'telephonenumber:+1 408 555 6789' value to entry
- ! uid=sholmes,ou=People,o=example -->
- <call function="'ldapCompareWithScript'">
- { 'location' : server.getHostname(),
- 'dsPath' : serverPath,
- 'dsInstanceHost' : server.getHostname(),
- 'dsInstancePort' : server.getPort(),
- 'dsInstanceDn' : myEntry.getDn(),
- 'dsInstancePswd' : myUserpassword,
- 'dsDn' : ['telephonenumber:%s' % \
- myTelephonenumber, myTargetEntryDn],
- 'expectedRC' : 0
- }
- </call>
- </sequence>
- </iterate>
-
- <!-- Verify the synchronization of the trees among the servers in
- the topology -->
- <call function="'verifyTrees'">
- [ clientHost, clientPath, master, consumerList, synchroSuffix ]
- </call>
-
- <call function="'testCase_Postamble'"/>
- </sequence>
- </testcase>
-
- <import machine="STAF_LOCAL_HOSTNAME"
- file="'%s/testcases/replication/replication_cleanup.xml'
- % (TESTS_DIR)"/>
- <call function="'replication_cleanup'" >
- { 'label' : 'Replication ACI' }
- </call>
-
- <call function="'testSuite_Postamble'"/>
-
- </sequence>
-
+ </finally>
+
+ </try>
</block>
-
</sequence>
-
</function>
-
</stax>
--
Gitblit v1.10.0