test_otp: do not use paramiko unless it is really needed

paramiko cannot be used in FIPS mode. We have few tests that import generic methods from test_otp (add_token/del_token) and those tests fail in FIPS mode due to unconditional 'import paramiko'. Instead, move 'import paramiko' to the ssh_2f() helper which is not used in FIPS mode (the whole SSH 2FA test is skipped then). Related: https://pagure.io/freeipa/issue/9119 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
2025-02-25 18:55:28 -06:00 · 2022-03-14 21:09:36 +02:00
parent a6030f5f53
commit 621af275c3
1 changed files with 2 additions and 1 deletions
--- a/ipatests/test_integration/test_otp.py
+++ b/ipatests/test_integration/test_otp.py
@@ -5,7 +5,6 @@
 """
 import base64
 import logging
-import paramiko
 import pytest
 import re
 import time
@@ -102,6 +101,8 @@ def ssh_2f(hostname, username, answers_dict, port=22):
            logger.info(
                "Answer to ssh prompt is: '%s'", answers_dict[prmpt_str])
        return resp
+
+    import paramiko
    trans = paramiko.Transport((hostname, port))
    trans.connect()
    trans.auth_interactive(username, answer_handler)