IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix upgrade when named.conf does not exist

Browse Source 
Commit aee0d2180c adds an upgrade step
that adds system crypto policy include to named.conf.  This step
omitted the named.conf existence check; upgrade fails when it does
not exist.  Add the existence check.

Also update the test to add the IPA-related part of the named.conf
config, because the "existence check" actually does more than just
check that the file exists - it also check that it contains the IPA
bind-dyndb-ldap configuration section.

Part of: https://pagure.io/freeipa/issue/4853

Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
Fraser Tweedale
2018-03-28 16:05:05 +11:00
committed by Christian Heimes
parent b0d8c6c211
commit 421fc376cc
3 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
ipatests/test_ipaserver/test_install/test_bindinstance.py
View File

@@ -24,7 +24,6 @@ options {
include "random/file";
"""
EXPECTED_CONFIG = """
options {
\tdnssec-enable yes;
@@ -35,6 +34,12 @@ options {
include "random/file";
"""
# bindinstance.named_conf_exists() looks for a section like this
IPA_DYNDB_CONFIG = """
dyndb "ipa" "/usr/lib/bind/ldap.so" {
};
"""
POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
@@ -53,14 +58,16 @@ def test_add_crypto_policy(m_set, m_get, namedconf):
m_get.return_value = False
with open(namedconf, 'w') as f:
f.write(TEST_CONFIG)
f.write(IPA_DYNDB_CONFIG)
named_add_crypto_policy()
result = named_add_crypto_policy()
assert result
m_get.assert_called_with('named.conf', 'add_crypto_policy')
m_set.assert_called_with('named.conf', 'add_crypto_policy', True)
with open(namedconf) as f:
content = f.read()
assert content == EXPECTED_CONFIG
assert content == ''.join([EXPECTED_CONFIG, IPA_DYNDB_CONFIG])
m_get.reset_mock()
m_set.reset_mock()
@@ -69,3 +76,19 @@ def test_add_crypto_policy(m_set, m_get, namedconf):
named_add_crypto_policy()
m_get.assert_called_with('named.conf', 'add_crypto_policy')
m_set.assert_not_called()
@patch('ipaserver.install.sysupgrade.get_upgrade_state')
@patch('ipaserver.install.sysupgrade.set_upgrade_state')
def test_add_crypto_policy_no_ipa(m_set, m_get, namedconf):
# Test if the update step is skipped when named.conf doesn't contain
# IPA related settings.
m_get.return_value = False
with open(namedconf, 'w') as f:
f.write(TEST_CONFIG)
result = named_add_crypto_policy()
assert not result
m_get.assert_not_called()
m_set.assert_not_called()