Use kadmin script mode in Python tests

In k5test, rename kadmin_local to kadminl and remove the run_kadminl()
K5Realm method.  Update all scripts to use realm.run([kadminl, 'cmd',
...]).  run_kadmin() still exists but takes an argument array instead
of a query string.

Where we touch test code, rename "output" to "out" (since "output" is
a function name exported by k5test.py), elide ":normal" from salt
strings, and use expressions like realm.krbtgt_princ instead of
manually composed principal names where appropriate.  In
t_kadmin_acl.py, get rid of the delprinc() helper since the equivalent
is now concise enough to be written out each time.  In t_policy.py,
remove some inoperative getprinc invocations and reorder some tests
which didn't correspond to their comment headers.

1 files changed, 3 insertions, 5 deletions

diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py
index 52123e1..e1cc514 100644
--- a/src/tests/t_pkinit.py
+++ b/src/tests/t_pkinit.py
@@ -73,10 +73,8 @@ f = open(os.path.join(realm.testdir, 'acl'), 'a')
 f.write('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS a *')
 f.close()
 realm.start_kadmind()
-out = realm.run([kadmin, '-n', '-q', 'addprinc -pw test testadd'])
-if 'created.' not in out:
-    fail('Could not create principal with anonymous kadmin')
-out = realm.run([kadmin, '-n', '-q', 'getprinc testadd'])
+realm.run([kadmin, '-n', 'addprinc', '-pw', 'test', 'testadd'])
+out = realm.run([kadmin, '-n', 'getprinc', 'testadd'], expected_code=1)
 if "Operation requires ``get'' privilege" not in out:
     fail('Anonymous kadmin has too much privilege')
 realm.stop_kadmind()
@@ -94,7 +92,7 @@ if 'KDC policy rejects request' not in out:
 # Go back to a normal KDC and disable anonymous PKINIT.
 realm.stop_kdc()
 realm.start_kdc()
-realm.run_kadminl('delprinc -force WELLKNOWN/ANONYMOUS')
+realm.run([kadminl, 'delprinc', 'WELLKNOWN/ANONYMOUS'])
 
 # Run the basic test - PKINIT with FILE: identity, with no password on the key.
 realm.run(['./responder', '-x', 'pkinit=',