IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipatests: Test for IPATrustDomainsCheck with external trust to AD

Browse Source 
This testcase checks that when external trust is configured
between IPA and AD subdomain, IPATrustDomainsCheck
doesnot display ERROR

Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Sudhir Menon 2020-11-05 22:51:10 +05:30 committed by Florence Blanc-Renaud
parent 38a86e3367
commit 27987093f8
1 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
ipatests/test_integration/test_ipahealthcheck.py
View File

@ -1330,15 +1330,22 @@ class TestIpaHealthCheckWithoutDNS(IntegrationTest):
class TestIpaHealthCheckWithADtrust(IntegrationTest): class TestIpaHealthCheckWithADtrust(IntegrationTest):
""" """
Test for ipa-healthcheck tool with IPA Master with trust setup Test for ipa-healthcheck tool with IPA Master with trust setup
with AD system with Windows AD.
""" """
topology = "line" topology = "line"
num_ad_domains = 1 num_ad_domains = 1
num_ad_treedomains = 1
num_ad_subdomains = 1
@classmethod @classmethod
def install(cls, mh): def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True) tasks.install_master(cls.master, setup_dns=True)
cls.ad = cls.ads[0] cls.ad = cls.ads[0]
cls.child_ad = cls.ad_subdomains[0]
cls.tree_ad = cls.ad_treedomains[0]
cls.ad_domain = cls.ad.domain.name
cls.ad_subdomain = cls.child_ad.domain.name
cls.ad_treedomain = cls.tree_ad.domain.name
tasks.install_adtrust(cls.master) tasks.install_adtrust(cls.master)
tasks.configure_dns_for_trust(cls.master, cls.ad) tasks.configure_dns_for_trust(cls.master, cls.ad)
tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name) tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name)
@ -1354,16 +1361,17 @@ class TestIpaHealthCheckWithADtrust(IntegrationTest):
self.master, "ipahealthcheck.ipa.trust", "IPATrustDomainsCheck" self.master, "ipahealthcheck.ipa.trust", "IPATrustDomainsCheck"
) )
assert returncode == 0 assert returncode == 0
trust_domains = ', '.join((self.ad_domain, self.ad_subdomain,))
for check in data: for check in data:
if check["kw"]["key"] == "domain-list": if check["kw"]["key"] == "domain-list":
assert check["result"] == "SUCCESS" assert check["result"] == "SUCCESS"
assert ( assert (
check["kw"]["sssd_domains"] == self.ad.domain.name check["kw"]["sssd_domains"] == trust_domains
and check["kw"]["trust_domains"] == self.ad.domain.name and check["kw"]["trust_domains"] == trust_domains
) )
elif check["kw"]["key"] == "domain-status": elif check["kw"]["key"] == "domain-status":
assert check["result"] == "SUCCESS" assert check["result"] == "SUCCESS"
assert check["kw"]["domain"] == self.ad.domain.name assert check["kw"]["domain"] in trust_domains
def test_ipahealthcheck_trust_catalogcheck(self): def test_ipahealthcheck_trust_catalogcheck(self):
""" """
@ -1375,13 +1383,14 @@ class TestIpaHealthCheckWithADtrust(IntegrationTest):
self.master, "ipahealthcheck.ipa.trust", "IPATrustCatalogCheck" self.master, "ipahealthcheck.ipa.trust", "IPATrustCatalogCheck"
) )
assert returncode == 0 assert returncode == 0
trust_domains = ', '.join((self.ad_domain, self.ad_subdomain,))
for check in data: for check in data:
if check["kw"]["key"] == "AD Global Catalog": if check["kw"]["key"] == "AD Global Catalog":
assert check["result"] == "SUCCESS" assert check["result"] == "SUCCESS"
assert check["kw"]["domain"] == self.ad.domain.name assert check["kw"]["domain"] in trust_domains
elif check["kw"]["key"] == "AD Domain Controller": elif check["kw"]["key"] == "AD Domain Controller":
assert check["result"] == "SUCCESS" assert check["result"] == "SUCCESS"
assert check["kw"]["domain"] == self.ad.domain.name assert check["kw"]["domain"] in trust_domains
def test_ipahealthcheck_trustcontoller_conf_check(self): def test_ipahealthcheck_trustcontoller_conf_check(self):
""" """
@ -1447,6 +1456,33 @@ class TestIpaHealthCheckWithADtrust(IntegrationTest):
assert check["result"] == "SUCCESS" assert check["result"] == "SUCCESS"
assert check["kw"]["key"] == self.master.hostname assert check["kw"]["key"] == self.master.hostname
def test_ipahealthcheck_with_external_ad_trust(self):
"""
This testcase checks that when external trust is configured
between IPA and AD tree domain, IPATrustDomainsCheck
doesnot display ERROR
"""
tasks.configure_dns_for_trust(self.master, self.tree_ad)
tasks.establish_trust_with_ad(
self.master, self.ad_treedomain,
extra_args=['--range-type', 'ipa-ad-trust', '--external=True'])
trust_domains = ', '.join((self.ad_domain, self.ad_subdomain,
self.ad_treedomain,))
returncode, data = run_healthcheck(
self.master,
"ipahealthcheck.ipa.trust",
"IPATrustDomainsCheck",
)
assert returncode == 0
for check in data:
assert check["kw"]["key"] in ('domain-list', 'domain-status',)
assert check["result"] == "SUCCESS"
assert check["kw"].get("msg") is None
if check["kw"]["key"] == 'domain-list':
assert check["kw"]["sssd_domains"] == trust_domains
assert check["kw"]["trust_domains"] == trust_domains
else:
assert check["kw"]["domain"] in trust_domains
@pytest.fixture @pytest.fixture
def modify_permissions(): def modify_permissions():