diff options
| author | Russ Allbery <rra@stanford.edu> | 2008-02-07 06:37:11 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2008-02-07 06:37:11 +0000 |
| commit | 45823559a1e64d6c8151a984fcd9c79bbdb57171 (patch) | |
| tree | ace7573730be9f9eb6aec7676c8a2d4ac2ccb998 /perl/t/server.t | |
| parent | 428c88bb0a08ba2eb06c7f5181f7cbee2f7ee398 (diff) | |
Add a new autocreate API call that tries to create an object using the
default ACLs. Remove autocreation support from create, which now
requires that one be on the ADMIN ACL, and from get and store. The
wallet client will soon know how to do the right thing.
Diffstat (limited to 'perl/t/server.t')
| -rwxr-xr-x | perl/t/server.t | 94 |
1 files changed, 38 insertions, 56 deletions
diff --git a/perl/t/server.t b/perl/t/server.t index f732af3..423127f 100755 --- a/perl/t/server.t +++ b/perl/t/server.t @@ -8,7 +8,7 @@ # # See LICENSE for licensing terms. -use Test::More tests => 338; +use Test::More tests => 341; use POSIX qw(strftime); use Wallet::Admin; @@ -742,12 +742,10 @@ is ($server->attr ('base', 'service/both', 'foo', 'foo'), undef, is ($server->error, 'unknown attribute foo', ' but calls the method'); is ($server->destroy ('base', 'service/both'), 1, ' and we can destroy it'); is ($server->get ('base', 'service/both'), undef, ' and now cannot get it'); -is ($server->error, "$user2 not authorized to create base:service/both", - ' because it is gone'); +is ($server->error, 'cannot find base:service/both', ' because it is gone'); is ($server->store ('base', 'service/both', 'stuff'), undef, ' or store it'); -is ($server->error, "$user2 not authorized to create base:service/both", - ' because it is gone'); +is ($server->error, 'cannot find base:service/both', ' because it is gone'); # Test default ACLs on object creation. # @@ -786,9 +784,14 @@ package main; # We're still user2, so we should now be able to create service/default. Make # sure we can and that the ACLs all look good. -is ($server->create ('base', 'service/default'), 1, - 'Creating an object with the default ACL works'); -is ($server->create ('base', 'service/foo'), undef, ' but not any object'); +is ($server->create ('base', 'service/default'), undef, + 'Creating an object with the default ACL fails'); +is ($server->error, "$user2 not authorized to create base:service/default", + ' due to lack of authorization'); +is ($server->autocreate ('base', 'service/default'), 1, + ' but autocreation succeeds'); +is ($server->autocreate ('base', 'service/foo'), undef, + ' but not any object'); is ($server->error, "$user2 not authorized to create base:service/foo", ' with the right error'); $show = $server->show ('base', 'service/default'); @@ -812,11 +815,11 @@ EOO } # Try the other basic cases in default_owner. -is ($server->create ('base', 'service/default-both'), undef, +is ($server->autocreate ('base', 'service/default-both'), undef, 'Creating an object with an ACL mismatch fails'); is ($server->error, "ACL both exists and doesn't match default", ' with the right error'); -is ($server->create ('base', 'service/default-2'), 1, +is ($server->autocreate ('base', 'service/default-2'), 1, 'Creating an object with an existing ACL works'); $show = $server->show ('base', 'service/default-2'); $show =~ s/(Created on:) [\d-]+ [\d:]+$/$1 0/m; @@ -833,58 +836,22 @@ Members of ACL user2 (id: 3) are: EOO is ($show, $expected, ' and the created object and ACL are correct'); -# Test auto-creation on get and store. +# Auto-creation does not work on get or store; this is done by the client. $result = eval { $server->get ('base', 'service/default-get') }; -is ($result, undef, 'Auto-creation on get...'); -is ($@, "Do not instantiate Wallet::Object::Base directly\n", ' ...works'); -$show = $server->show ('base', 'service/default-get'); -$show =~ s/(Created on:) [\d-]+ [\d:]+$/$1 0/m; -$expected = <<"EOO"; - Type: base - Name: service/default-get - Owner: user2 - Created by: $user2 - Created from: $host - Created on: 0 - -Members of ACL user2 (id: 3) are: - krb5 $user2 -EOO -is ($show, $expected, ' and the created object and ACL are correct'); -is ($server->get ('base', 'service/foo'), undef, - ' but auto-creation of something else fails'); -is ($server->error, "$user2 not authorized to create base:service/foo", - ' with the right error'); +is ($result, undef, 'Auto-creation on get fails'); +is ($@, '', ' does not die'); +is ($server->error, 'cannot find base:service/default-get', + ' and fails with the right error'); is ($server->store ('base', 'service/default-store', 'stuff'), undef, - 'Auto-creation on store...'); -is ($server->error, - "cannot store base:service/default-store: object type is immutable", - ' ...works'); -$show = $server->show ('base', 'service/default-store'); -$show =~ s/(Created on:) [\d-]+ [\d:]+$/$1 0/m; -$expected = <<"EOO"; - Type: base - Name: service/default-store - Owner: user2 - Created by: $user2 - Created from: $host - Created on: 0 - -Members of ACL user2 (id: 3) are: - krb5 $user2 -EOO -is ($show, $expected, ' and the created object and ACL are correct'); -is ($server->store ('base', 'service/foo', 'stuff'), undef, - ' but auto-creation of something else fails'); -is ($server->error, "$user2 not authorized to create base:service/foo", + 'Auto-creation on store fails'); +is ($server->error, 'cannot find base:service/default-store', ' with the right error'); # Switch back to admin to test auto-creation. $server = eval { Wallet::Server->new ($admin, $host) }; is ($@, '', 'Switching users back to admin works'); -$result = eval { $server->get ('base', 'service/default-admin') }; -is ($result, undef, 'Auto-creation on get...'); -is ($@, "Do not instantiate Wallet::Object::Base directly\n", ' ...works'); +is ($server->autocreate ('base', 'service/default-admin'), 1, + 'Autocreation works for admin'); $show = $server->show ('base', 'service/default-admin'); $show =~ s/(Created on:) [\d-]+ [\d:]+$/$1 0/m; $expected = <<"EOO"; @@ -931,13 +898,28 @@ if ($server->create ('base', 'host/default.example.edu')) { } else { is ($server->error, '', ' as does creating host/default.example.edu'); } +is ($server->destroy ('base', 'service/default-admin'), 1, + ' and destroying default-admin works'); +is ($server->destroy ('base', 'host/default.example.edu'), 1, + ' and destroying host/default.example.edu works'); is ($server->create ('base', 'host/default'), undef, ' but an unqualified host fails'); is ($server->error, 'base:host/default rejected: host default must be fully' . ' qualified (add .example.edu)', ' with the right error'); +is ($server->create ('base', 'host/default.stanford.edu'), undef, + ' and a host in the wrong domain fails'); +is ($server->error, 'base:host/default.stanford.edu rejected: host' + . ' default.stanford.edu not in .example.edu domain', + ' with the right error'); +is ($server->autocreate ('base', 'service/default-admin'), 1, + 'Creating default/admin succeeds'); +is ($server->autocreate ('base', 'host/default'), undef, + ' but an unqualified host fails'); +is ($server->error, 'base:host/default rejected: host default must be fully' + . ' qualified (add .example.edu)', ' with the right error'); is ($server->acl_show ('auto-host'), undef, ' and the ACL is not present'); is ($server->error, 'ACL auto-host not found', ' with the right error'); -is ($server->create ('base', 'host/default.stanford.edu'), undef, +is ($server->autocreate ('base', 'host/default.stanford.edu'), undef, ' and a host in the wrong domain fails'); is ($server->error, 'base:host/default.stanford.edu rejected: host' . ' default.stanford.edu not in .example.edu domain', |