Rename test class for testing simple commands, add test

The concensus in the review was that the name test_commands was
more generic than test_ipa_cli.

Add a test to change the password for sysaccount users using
using ldappasswd to confirm that a segfault fix does not regress.

https://pagure.io/freeipa/issue/7561

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Rob Crittenden 2018-05-25 10:16:24 -04:00 committed by Christian Heimes
parent 45d776a7bf
commit 7c5ecb8d08
3 changed files with 55 additions and 3 deletions

View File

@ -87,14 +87,14 @@ jobs:
timeout: 3600
topology: *master_1repl_1client
fedora-28/test_ipa_cli:
fedora-28/test_commands:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_ipa_cli.py
test_suite: test_integration/test_commands.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl

View File

@ -1376,6 +1376,18 @@ def ldappasswd_user_change(user, oldpw, newpw, master):
master.run_command(args)
def ldappasswd_sysaccount_change(user, oldpw, newpw, master):
container_sysaccounts = dict(DEFAULT_CONFIG)['container_sysaccounts']
basedn = master.domain.basedn
userdn = "uid={},{},{}".format(user, container_sysaccounts, basedn)
master_ldap_uri = "ldap://{}".format(master.external_hostname)
args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
'-s', newpw, '-x', '-ZZ', '-H', master_ldap_uri]
master.run_command(args)
def add_dns_zone(master, zone, skip_overlap_check=False,
dynamic_update=False, add_a_record_hosts=None):
"""

View File

@ -7,7 +7,8 @@ from __future__ import absolute_import
import base64
import ssl
from tempfile import NamedTemporaryFile
import textwrap
from ipaplatform.paths import paths
@ -16,6 +17,11 @@ from ipatests.pytest_plugins.integration import tasks
class TestIPACommand(IntegrationTest):
"""
A lot of commands can be executed against a single IPA installation
so provide a generic class to execute one-off commands that need to be
tested without having to fire up a full server to run one command.
"""
topology = 'line'
def get_cert_base64(self, host, path):
@ -93,3 +99,37 @@ class TestIPACommand(IntegrationTest):
)
assert result.returncode == 1
assert "Number of permissions added 0" in result.stdout_text
def test_change_sysaccount_password_issue7561(self):
sysuser = 'system'
original_passwd = 'Secret123'
new_passwd = 'userPasswd123'
master = self.master
base_dn = str(master.domain.basedn) # pylint: disable=no-member
tf = NamedTemporaryFile()
ldif_file = tf.name
entry_ldif = textwrap.dedent("""
dn: uid=system,cn=sysaccounts,cn=etc,{base_dn}
changetype: add
objectclass: account
objectclass: simplesecurityobject
uid: system
userPassword: {original_passwd}
passwordExpirationTime: 20380119031407Z
nsIdleTimeout: 0
""").format(
base_dn=base_dn,
original_passwd=original_passwd)
master.put_file_contents(ldif_file, entry_ldif)
arg = ['ldapmodify',
'-h', master.hostname,
'-p', '389', '-D',
str(master.config.dirman_dn), # pylint: disable=no-member
'-w', master.config.dirman_password,
'-f', ldif_file]
master.run_command(arg)
tasks.ldappasswd_sysaccount_change(sysuser, original_passwd,
new_passwd, master)