mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
Rename test class for testing simple commands, add test
The concensus in the review was that the name test_commands was more generic than test_ipa_cli. Add a test to change the password for sysaccount users using using ldappasswd to confirm that a segfault fix does not regress. https://pagure.io/freeipa/issue/7561 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
parent
45d776a7bf
commit
7c5ecb8d08
@ -87,14 +87,14 @@ jobs:
|
||||
timeout: 3600
|
||||
topology: *master_1repl_1client
|
||||
|
||||
fedora-28/test_ipa_cli:
|
||||
fedora-28/test_commands:
|
||||
requires: [fedora-28/build]
|
||||
priority: 50
|
||||
job:
|
||||
class: RunPytest
|
||||
args:
|
||||
build_url: '{fedora-28/build_url}'
|
||||
test_suite: test_integration/test_ipa_cli.py
|
||||
test_suite: test_integration/test_commands.py
|
||||
template: *ci-master-f28
|
||||
timeout: 3600
|
||||
topology: *master_1repl
|
||||
|
@ -1376,6 +1376,18 @@ def ldappasswd_user_change(user, oldpw, newpw, master):
|
||||
master.run_command(args)
|
||||
|
||||
|
||||
def ldappasswd_sysaccount_change(user, oldpw, newpw, master):
|
||||
container_sysaccounts = dict(DEFAULT_CONFIG)['container_sysaccounts']
|
||||
basedn = master.domain.basedn
|
||||
|
||||
userdn = "uid={},{},{}".format(user, container_sysaccounts, basedn)
|
||||
master_ldap_uri = "ldap://{}".format(master.external_hostname)
|
||||
|
||||
args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
|
||||
'-s', newpw, '-x', '-ZZ', '-H', master_ldap_uri]
|
||||
master.run_command(args)
|
||||
|
||||
|
||||
def add_dns_zone(master, zone, skip_overlap_check=False,
|
||||
dynamic_update=False, add_a_record_hosts=None):
|
||||
"""
|
||||
|
@ -7,7 +7,8 @@ from __future__ import absolute_import
|
||||
|
||||
import base64
|
||||
import ssl
|
||||
|
||||
from tempfile import NamedTemporaryFile
|
||||
import textwrap
|
||||
|
||||
from ipaplatform.paths import paths
|
||||
|
||||
@ -16,6 +17,11 @@ from ipatests.pytest_plugins.integration import tasks
|
||||
|
||||
|
||||
class TestIPACommand(IntegrationTest):
|
||||
"""
|
||||
A lot of commands can be executed against a single IPA installation
|
||||
so provide a generic class to execute one-off commands that need to be
|
||||
tested without having to fire up a full server to run one command.
|
||||
"""
|
||||
topology = 'line'
|
||||
|
||||
def get_cert_base64(self, host, path):
|
||||
@ -93,3 +99,37 @@ class TestIPACommand(IntegrationTest):
|
||||
)
|
||||
assert result.returncode == 1
|
||||
assert "Number of permissions added 0" in result.stdout_text
|
||||
|
||||
def test_change_sysaccount_password_issue7561(self):
|
||||
sysuser = 'system'
|
||||
original_passwd = 'Secret123'
|
||||
new_passwd = 'userPasswd123'
|
||||
|
||||
master = self.master
|
||||
|
||||
base_dn = str(master.domain.basedn) # pylint: disable=no-member
|
||||
tf = NamedTemporaryFile()
|
||||
ldif_file = tf.name
|
||||
entry_ldif = textwrap.dedent("""
|
||||
dn: uid=system,cn=sysaccounts,cn=etc,{base_dn}
|
||||
changetype: add
|
||||
objectclass: account
|
||||
objectclass: simplesecurityobject
|
||||
uid: system
|
||||
userPassword: {original_passwd}
|
||||
passwordExpirationTime: 20380119031407Z
|
||||
nsIdleTimeout: 0
|
||||
""").format(
|
||||
base_dn=base_dn,
|
||||
original_passwd=original_passwd)
|
||||
master.put_file_contents(ldif_file, entry_ldif)
|
||||
arg = ['ldapmodify',
|
||||
'-h', master.hostname,
|
||||
'-p', '389', '-D',
|
||||
str(master.config.dirman_dn), # pylint: disable=no-member
|
||||
'-w', master.config.dirman_password,
|
||||
'-f', ldif_file]
|
||||
master.run_command(arg)
|
||||
|
||||
tasks.ldappasswd_sysaccount_change(sysuser, original_passwd,
|
||||
new_passwd, master)
|
Loading…
Reference in New Issue
Block a user