diff --git a/ipatests/prci_definitions/nightly_latest.yaml b/ipatests/prci_definitions/nightly_latest.yaml index 47d05df4a..42ade4a10 100644 --- a/ipatests/prci_definitions/nightly_latest.yaml +++ b/ipatests/prci_definitions/nightly_latest.yaml @@ -535,6 +535,18 @@ jobs: timeout: 10800 topology: *master_1repl + fedora-latest/test_installation_TestInstallWithoutSudo: + requires: [fedora-latest/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest/build_url}' + test_suite: test_integration/test_installation.py::TestInstallWithoutSudo + template: *ci-master-latest + timeout: 4800 + topology: *master_1repl_1client + fedora-latest/test_idviews: requires: [fedora-latest/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_latest_selinux.yaml b/ipatests/prci_definitions/nightly_latest_selinux.yaml index c0ef168e3..977b6500c 100644 --- a/ipatests/prci_definitions/nightly_latest_selinux.yaml +++ b/ipatests/prci_definitions/nightly_latest_selinux.yaml @@ -575,6 +575,19 @@ jobs: timeout: 10800 topology: *master_1repl + fedora-latest/test_installation_TestInstallWithoutSudo: + requires: [fedora-latest/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest/build_url}' + selinux_enforcing: True + test_suite: test_integration/test_installation.py::TestInstallWithoutSudo + template: *ci-master-latest + timeout: 4800 + topology: *master_1repl_1client + fedora-latest/test_idviews: requires: [fedora-latest/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_latest_testing.yaml b/ipatests/prci_definitions/nightly_latest_testing.yaml index 0e722c259..af1fe6040 100644 --- a/ipatests/prci_definitions/nightly_latest_testing.yaml +++ b/ipatests/prci_definitions/nightly_latest_testing.yaml @@ -575,6 +575,19 @@ jobs: timeout: 10800 topology: *master_1repl + testing-fedora/test_installation_TestInstallWithoutSudo: + requires: [testing-fedora/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{testing-fedora/build_url}' + update_packages: True + test_suite: test_integration/test_installation.py::TestInstallWithoutSudo + template: *testing-master-latest + timeout: 4800 + topology: *master_1repl_1client + testing-fedora/test_idviews: requires: [testing-fedora/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_latest_testing_selinux.yaml b/ipatests/prci_definitions/nightly_latest_testing_selinux.yaml index 447d33623..222ea689e 100644 --- a/ipatests/prci_definitions/nightly_latest_testing_selinux.yaml +++ b/ipatests/prci_definitions/nightly_latest_testing_selinux.yaml @@ -615,6 +615,20 @@ jobs: timeout: 10800 topology: *master_1repl + testing-fedora/test_installation_TestInstallWithoutSudo: + requires: [fedora-latest/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{testing-fedora/build_url}' + update_packages: True + selinux_enforcing: True + test_suite: test_integration/test_installation.py::TestInstallWithoutSudo + template: *testing-master-latest + timeout: 4800 + topology: *master_1repl_1client + testing-fedora/test_idviews: requires: [testing-fedora/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_previous.yaml b/ipatests/prci_definitions/nightly_previous.yaml index f6c972adb..29629f2db 100644 --- a/ipatests/prci_definitions/nightly_previous.yaml +++ b/ipatests/prci_definitions/nightly_previous.yaml @@ -535,6 +535,18 @@ jobs: timeout: 10800 topology: *master_1repl + fedora-previous/test_installation_TestInstallWithoutSudo: + requires: [fedora-previous/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-previous/build_url}' + test_suite: test_integration/test_installation.py::TestInstallWithoutSudo + template: *ci-master-previous + timeout: 4800 + topology: *master_1repl_1client + fedora-previous/test_idviews: requires: [fedora-previous/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_rawhide.yaml b/ipatests/prci_definitions/nightly_rawhide.yaml index d29fc9289..8f76501c3 100644 --- a/ipatests/prci_definitions/nightly_rawhide.yaml +++ b/ipatests/prci_definitions/nightly_rawhide.yaml @@ -575,6 +575,19 @@ jobs: timeout: 10800 topology: *master_1repl + fedora-rawhide/test_installation_TestInstallWithoutSudo: + requires: [fedora-rawhide/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-rawhide/build_url}' + update_packages: True + test_suite: test_integration/test_installation.py::TestInstallWithoutSudo + template: *ci-master-frawhide + timeout: 4800 + topology: *master_1repl_1client + fedora-rawhide/test_idviews: requires: [fedora-rawhide/build] priority: 50 diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index fca8860d9..1cd62c74f 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -1537,3 +1537,69 @@ class TestInstallReplicaAgainstSpecificServer(IntegrationTest): self.replicas[0].hostname], stdin_text=dirman_password) assert self.replicas[0].hostname not in cmd.stdout_text + + +class TestInstallWithoutSudo(IntegrationTest): + + num_clients = 1 + num_replicas = 1 + no_sudo_str = "The sudo binary does not seem to be present on this" + + @classmethod + def install(cls, mh): + pass + + def test_sudo_removal(self): + # ipa-client makes sudo depend on libsss_sudo. + + # --nodeps is mandatory because dogtag uses sudo at install + # time until commit 49585867207922479644a03078c29548de02cd03 + # which is scheduled to land in 10.10. + + # This also means sudo+libsss_sudo cannot be uninstalled on + # IPA servers with a CA. + assert tasks.is_package_installed(self.clients[0], 'sudo') + assert tasks.is_package_installed(self.clients[0], 'libsss_sudo') + tasks.uninstall_packages( + self.clients[0], ['sudo', 'libsss_sudo'], nodeps=True + ) + + def test_ipa_installation_without_sudo(self): + # FixMe: When Dogtag 10.10 is out, test installation without sudo + tasks.install_master(self.master, setup_dns=True) + + def test_replica_installation_without_sudo(self): + # FixMe: When Dogtag 10.10 is out, test replica installation + # without sudo and with CA + tasks.uninstall_packages( + self.replicas[0], ['sudo', 'libsss_sudo'], nodeps=True + ) + # One-step install is needed. + # With promote=True, two-step install is done and that only captures + # the ipa-replica-install stdout/stderr, not ipa-client-install's. + result = tasks.install_replica( + self.master, self.replicas[0], promote=False, + setup_dns=True, setup_ca=False + ) + assert self.no_sudo_str in result.stderr_text + + def test_client_installation_without_sudo(self): + result = tasks.install_client(self.master, self.clients[0]) + assert self.no_sudo_str in result.stderr_text + + def test_remove_sudo_on_ipa(self): + tasks.uninstall_packages( + self.master, ['sudo', 'libsss_sudo'], nodeps=True + ) + self.master.run_command( + ['ipactl', 'restart'] + ) + + def test_install_sudo_on_client(self): + """ Check that installing sudo pulls libsss_sudo in""" + for pkg in ('sudo', 'libsss_sudo'): + assert tasks.is_package_installed(self.clients[0], pkg) is False + tasks.uninstall_client(self.clients[0]) + tasks.install_packages(self.clients[0], ['sudo']) + for pkg in ('sudo', 'libsss_sudo'): + assert tasks.is_package_installed(self.clients[0], pkg)