From 2461d69242108fe6f4bc067cc8255e41f66c58aa Mon Sep 17 00:00:00 2001
From: Armando Neto <neto.armando@gmail.com>
Date: Mon, 18 Jun 2018 18:26:01 -0300
Subject: [PATCH] ipaserver config plugin: Increase search records minimum
limit
Check if the given search records value is greater than an arbitrary number that is not so close to zero.
https://pagure.io/freeipa/issue/6617
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
ipaserver/plugins/config.py | 14 +++++-
ipatests/test_xmlrpc/test_config_plugin.py | 76 ++++++++++++++++++++++++++++++
2 files changed, 89 insertions(+), 1 deletion(-)
diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py
index 33ed38ba016567b9df57503f2f8418cf7c7fc794..d367c3c5aa421bb22d1630c88bbac846e7d84386 100644
--- a/ipaserver/plugins/config.py
+++ b/ipaserver/plugins/config.py
@@ -85,6 +85,18 @@ EXAMPLES:
register = Registry()
+
+def validate_search_records_limit(ugettext, value):
+ """Check if value is greater than a realistic minimum.
+
+ Values 0 and -1 are valid, as they represent unlimited.
+ """
+ if value in {-1, 0}:
+ return
+ if value < 10:
+ return _('must be at least 10')
+
+
@register()
class config(LDAPObject):
"""
@@ -161,10 +173,10 @@ class config(LDAPObject):
minvalue=-1,
),
Int('ipasearchrecordslimit',
+ validate_search_records_limit,
cli_name='searchrecordslimit',
label=_('Search size limit'),
doc=_('Maximum number of records to search (-1 or 0 is unlimited)'),
- minvalue=-1,
),
IA5Str('ipausersearchfields',
cli_name='usersearch',
diff --git a/ipatests/test_xmlrpc/test_config_plugin.py b/ipatests/test_xmlrpc/test_config_plugin.py
index c037224162e2c29f6dd76eabefe7fededc6f882d..666b7c2c87b4f0a1f7bde18c78780a1ea6072b71 100644
--- a/ipatests/test_xmlrpc/test_config_plugin.py
+++ b/ipatests/test_xmlrpc/test_config_plugin.py
@@ -211,4 +211,80 @@ class test_config(Declarative):
summary=None,
),
),
+ dict(
+ desc='Set the number of search records to -1 (unlimited)',
+ command=(
+ 'config_mod', [], {
+ 'ipasearchrecordslimit': u'-1',
+ },
+ ),
+ expected={
+ 'result': lambda d: d['ipasearchrecordslimit'] == (u'-1',),
+ 'summary': None,
+ 'value': None,
+ },
+ ),
+ dict(
+ desc='Set the number of search records to greater than 10',
+ command=(
+ 'config_mod', [], {
+ 'ipasearchrecordslimit': u'100',
+ },
+ ),
+ expected={
+ 'result': lambda d: d['ipasearchrecordslimit'] == (u'100',),
+ 'summary': None,
+ 'value': None,
+ },
+ ),
+ dict(
+ desc='Set the number of search records to lower than -1',
+ command=(
+ 'config_mod', [], {
+ 'ipasearchrecordslimit': u'-10',
+ },
+ ),
+ expected=errors.ValidationError(
+ name=u'searchrecordslimit',
+ error=u'must be at least 10',
+ ),
+ ),
+ dict(
+ desc='Set the number of search records to lower than 10',
+ command=(
+ 'config_mod', [], {
+ 'ipasearchrecordslimit': u'1',
+ },
+ ),
+ expected=errors.ValidationError(
+ name=u'searchrecordslimit',
+ error=u'must be at least 10',
+ ),
+ ),
+ dict(
+ desc='Set the number of search records to zero (unlimited)',
+ command=(
+ 'config_mod', [], {
+ 'ipasearchrecordslimit': u'0',
+ },
+ ),
+ expected={
+ 'result': lambda d: d['ipasearchrecordslimit'] == (u'-1',),
+ 'summary': None,
+ 'value': None,
+ },
+ ),
+ dict(
+ desc='Set the number of search records back to 100',
+ command=(
+ 'config_mod', [], {
+ 'ipasearchrecordslimit': u'100',
+ },
+ ),
+ expected={
+ 'result': lambda d: d['ipasearchrecordslimit'] == (u'100',),
+ 'summary': None,
+ 'value': None,
+ },
+ ),
]
--
2.14.4