ipatests: test_otp: convert test_2fa_enable_single_prompt to run_ssh_cmd

Paramiko is not compatible with FIPS. Migrate test_2fa_enable_single_prompt to the OpenSSH CLI SSH(1). Rationale: this is exactly what clients use. Also add a warning when test_2fa_disable_single_prompt is executed in FIPS mode. Fixes: https://pagure.io/freeipa/issue/8129 Signed-off-by: François Cami <fcami@redhat.com> Reviewed-By: Mohammad Rizwan <myusuf@redhat.com> Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-07-27 12:13:25 +02:00
parent a9f055787a
commit 763d3b059b
1 changed files with 13 additions and 4 deletions
--- a/ipatests/test_integration/test_otp.py
+++ b/ipatests/test_integration/test_otp.py
@@ -6,6 +6,7 @@
 import base64
 import logging
 import paramiko
+import pytest
 import re
 import time
 import textwrap
@@ -231,6 +232,7 @@ class TestOTPToken(IntegrationTest):
        then during ssh it should be prompted with given message
        for first and second factor at once.
        """
+
        master = self.master
        USER1 = 'sshuser1'
        sssd_conf_backup = tasks.FileBackup(master, paths.SSSD_CONF)
@@ -248,10 +250,11 @@ class TestOTPToken(IntegrationTest):
            otpuid, totp = add_otptoken(master, USER1, otptype='totp')
            master.run_command(['ipa', 'otptoken-show', otpuid])
            otpvalue = totp.generate(int(time.time())).decode('ascii')
-            answers = {
-                first_prompt: '{0}{1}'.format(PASSWORD, otpvalue),
-            }
-            ssh_2f(master.hostname, USER1, answers)
+            password = '{0}{1}'.format(PASSWORD, otpvalue)
+            tasks.run_ssh_cmd(
+                to_host=self.master.external_hostname, username=USER1,
+                auth_method="password", password=password
+            )
            # check if user listed in output
            cmd = self.master.run_command(['semanage', 'login', '-l'])
            assert USER1 in cmd.stdout_text
@@ -268,7 +271,13 @@ class TestOTPToken(IntegrationTest):
        When [prompting/2fa/sshd] with single_prompt = False is set
        then during ssh it should be prompted with given message
        for first factor and then for second factor.
+
+        This requires paramiko until the 2-prompt sshpass RFE is
+        fulfilled: https://sourceforge.net/p/sshpass/feature-requests/5/
        """
+        if self.master.is_fips_mode:  # pylint: disable=no-member
+            pytest.skip("paramiko is not compatible with FIPS mode")
+
        master = self.master
        USER2 = 'sshuser2'
        sssd_conf_backup = tasks.FileBackup(master, paths.SSSD_CONF)