From 352c912675a11eb22f5f79ef4123589e46d671f2 Mon Sep 17 00:00:00 2001
From: mkeyes <mkeyes@localhost>
Date: Mon, 30 Jul 2007 16:15:55 +0000
Subject: [PATCH] Created an xml function for modifying global ACIs with dsconfig and using that function to change global ACIs in some functional tests.
---
opends/tests/functional-tests/shared/functions/dsconfig.xml | 129 ++++++++++++++++++++++++++++++++
opends/tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml | 106 +++++++++++---------------
2 files changed, 174 insertions(+), 61 deletions(-)
diff --git a/opends/tests/functional-tests/shared/functions/dsconfig.xml b/opends/tests/functional-tests/shared/functions/dsconfig.xml
index 5700eca..78be3e2 100755
--- a/opends/tests/functional-tests/shared/functions/dsconfig.xml
+++ b/opends/tests/functional-tests/shared/functions/dsconfig.xml
@@ -548,6 +548,135 @@
</function>
<!-- Modify password policy using dsconfig -->
+ <function name="modifyGlobalAci">
+ <function-prolog>
+ This function modifies a global aci using dsconfig
+ </function-prolog>
+ <function-map-args>
+ <function-arg-def name="location" type="optional" default="'%s' % STAF_REMOTE_HOSTNAME">
+ <function-arg-description>
+ Location of target host
+ </function-arg-description>
+ <function-arg-property name="type" value="hostname"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
+ <function-arg-description>
+ Pathname to installation root
+ </function-arg-description>
+ <function-arg-property name="type" value="filepath"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsInstanceHost" type="optional" default="'%s' % STAF_REMOTE_HOSTNAME">
+ <function-arg-description>
+ Directory server hostname or IP address
+ </function-arg-description>
+ <function-arg-property name="type" value="hostname"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsInstancePort" type="required">
+ <function-arg-description>
+ Directory server port number
+ </function-arg-description>
+ <function-arg-property name="type" value="Port number"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsInstanceDn" type="required">
+ <function-arg-description>
+ Bind DN
+ </function-arg-description>
+ <function-arg-property name="type" value="DN"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsInstancePswd" type="required">
+ <function-arg-description>
+ Bind password
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="aciValue" type="required">
+ <function-arg-description>
+ New property value
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="opType" type="optional" default="set">
+ <function-arg-description>
+ Operation type, one of set, add, and remove
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="expectedRC" type="optional" default="0">
+ <function-arg-description>
+ Expected return code value. Default value is 0
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ </function-map-args>
+ <sequence>
+
+ <script>
+ mylocation=location
+ STAFCmdParams=''
+ STAFCmd=''
+
+ if dsPath:
+ dsBinPath='%s/%s' % (dsPath,fileFolder)
+ STAFCmd='%s/%s%s' % (dsBinPath,DSCONFIG,fileExt)
+
+ if aciValue:
+ aciValue=aciValue.replace('"','\\"')
+
+ STAFCmdParamsList=[]
+ STAFCmdParamsList.append('set-access-control-handler-prop ')
+ STAFCmdParamsList.append('--%s "global-aci:%s"' % (opType,aciValue))
+ </script>
+
+ <call function="'_dsconfigCommonArgs'"/>
+
+ <script>
+ STAFCmdParams=' '.join(STAFCmdParamsList)
+ </script>
+
+ <message>
+ '%s %s' % (STAFCmd, STAFCmdParams)
+ </message>
+
+ <process name="'Modify dsconfig object'">
+ <location>'%s' % location</location>
+ <command>'%s' % STAFCmd</command>
+ <parms>'%s' % STAFCmdParams</parms>
+ <workdir>'%s' % dsBinPath</workdir>
+ <envs>
+ ['PATH=/bin:/usr/bin:%s' % dsBinPath, 'JAVA_HOME=%s' % JAVA_HOME]
+ </envs>
+ <console use="'same'"/>
+ <stderr mode="'stdout'"/>
+ <returnstdout/>
+ </process>
+
+ <script>
+ STAXCode=RC
+ STAXReason=STAXResult
+ </script>
+
+ <call function="'checktestRC'">
+ { 'returncode' : STAXCode ,
+ 'result' : STAXReason ,
+ 'expected' : expectedRC }
+ </call>
+ <return>
+ STAXReason
+ </return>
+
+ </sequence>
+
+ </function>
+ <!-- Modify password policy using dsconfig -->
<function name="modifySaslMech">
<function-prolog>
This function modifies a sasl mechanism using dsconfig
diff --git a/opends/tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml b/opends/tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml
index 172dcf6..7f904b5 100755
--- a/opends/tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml
+++ b/opends/tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml
@@ -983,19 +983,17 @@
<script>
global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
</script>
-
- <call function="'modifyAnAttribute'">
+
+ <call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
- 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
- 'attributeName' : 'ds-cfg-global-aci' ,
- 'newAttributeValue' : global_aci ,
- 'changetype' : 'delete' }
- </call>
-
- <message>
+ 'aciValue' : global_aci ,
+ 'opType' : 'remove' }
+ </call>
+
+ <message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal sasl, sasl authentication'
</message>
@@ -1135,17 +1133,15 @@
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, put back global search ACI'
</message>
- <call function="'modifyAnAttribute'">
+ <call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
- 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
- 'attributeName' : 'ds-cfg-global-aci' ,
- 'newAttributeValue' : global_aci ,
- 'changetype' : 'add' }
- </call>
-
+ 'aciValue' : global_aci ,
+ 'opType' : 'add' }
+ </call>
+
<call function="'testCase_Postamble'"/>
</sequence>
@@ -1236,18 +1232,16 @@
global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
</script>
- <call function="'modifyAnAttribute'">
+ <call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
- 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
- 'attributeName' : 'ds-cfg-global-aci' ,
- 'newAttributeValue' : global_aci ,
- 'changetype' : 'delete' }
- </call>
-
- <message>
+ 'aciValue' : global_aci ,
+ 'opType' : 'remove' }
+ </call>
+
+ <message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal simple, sasl authentication'
</message>
@@ -1387,17 +1381,15 @@
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, put back global search ACI'
</message>
- <call function="'modifyAnAttribute'">
+ <call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
- 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
- 'attributeName' : 'ds-cfg-global-aci' ,
- 'newAttributeValue' : global_aci ,
- 'changetype' : 'add' }
- </call>
-
+ 'aciValue' : global_aci ,
+ 'opType' : 'add' }
+ </call>
+
<call function="'testCase_Postamble'"/>
</sequence>
@@ -1488,18 +1480,16 @@
global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
</script>
- <call function="'modifyAnAttribute'">
+ <call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
- 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
- 'attributeName' : 'ds-cfg-global-aci' ,
- 'newAttributeValue' : global_aci ,
- 'changetype' : 'delete' }
- </call>
-
- <message>
+ 'aciValue' : global_aci ,
+ 'opType' : 'remove' }
+ </call>
+
+ <message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod not equals simple, sasl authentication'
</message>
@@ -1639,17 +1629,15 @@
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, put back global search ACI'
</message>
- <call function="'modifyAnAttribute'">
+ <call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
- 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
- 'attributeName' : 'ds-cfg-global-aci' ,
- 'newAttributeValue' : global_aci ,
- 'changetype' : 'add' }
- </call>
-
+ 'aciValue' : global_aci ,
+ 'opType' : 'add' }
+ </call>
+
<call function="'testCase_Postamble'"/>
</sequence>
@@ -1740,18 +1728,16 @@
global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
</script>
- <call function="'modifyAnAttribute'">
+ <call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
- 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
- 'attributeName' : 'ds-cfg-global-aci' ,
- 'newAttributeValue' : global_aci ,
- 'changetype' : 'delete' }
- </call>
-
- <message>
+ 'aciValue' : global_aci ,
+ 'opType' : 'remove' }
+ </call>
+
+ <message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
</message>
@@ -1893,17 +1879,15 @@
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, put back global search ACI'
</message>
- <call function="'modifyAnAttribute'">
+ <call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
- 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
- 'attributeName' : 'ds-cfg-global-aci' ,
- 'newAttributeValue' : global_aci ,
- 'changetype' : 'add' }
- </call>
-
+ 'aciValue' : global_aci ,
+ 'opType' : 'add' }
+ </call>
+
<call function="'testCase_Postamble'"/>
</sequence>
--
Gitblit v1.10.0