ipatests: add TestInstallWithoutSudo

Test IPA servers and clients behavior when sudo is not installed. Fixes: https://pagure.io/freeipa/issue/8530 Signed-off-by: François Cami <fcami@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Armando Neto <abiagion@redhat.com> Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-12-11 07:35:59 +02:00 · 2020-12-11 07:35:59 +02:00 · 82216bfa3d
commit 82216bfa3d
parent ed8a9e4e6a
7 changed files with 143 additions and 0 deletions
--- a/ipatests/prci_definitions/nightly_latest.yaml
+++ b/ipatests/prci_definitions/nightly_latest.yaml
@ -535,6 +535,18 @@ jobs:
        timeout: 10800
        topology: *master_1repl

+  fedora-latest/test_installation_TestInstallWithoutSudo:
+    requires: [fedora-latest/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-latest/build_url}'
+        test_suite: test_integration/test_installation.py::TestInstallWithoutSudo
+        template: *ci-master-latest
+        timeout: 4800
+        topology: *master_1repl_1client
+
  fedora-latest/test_idviews:
    requires: [fedora-latest/build]
    priority: 50
--- a/ipatests/prci_definitions/nightly_latest_selinux.yaml
+++ b/ipatests/prci_definitions/nightly_latest_selinux.yaml
@ -575,6 +575,19 @@ jobs:
        timeout: 10800
        topology: *master_1repl

+  fedora-latest/test_installation_TestInstallWithoutSudo:
+    requires: [fedora-latest/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-latest/build_url}'
+        selinux_enforcing: True
+        test_suite: test_integration/test_installation.py::TestInstallWithoutSudo
+        template: *ci-master-latest
+        timeout: 4800
+        topology: *master_1repl_1client
+
  fedora-latest/test_idviews:
    requires: [fedora-latest/build]
    priority: 50
--- a/ipatests/prci_definitions/nightly_latest_testing.yaml
+++ b/ipatests/prci_definitions/nightly_latest_testing.yaml
@ -575,6 +575,19 @@ jobs:
        timeout: 10800
        topology: *master_1repl

+  testing-fedora/test_installation_TestInstallWithoutSudo:
+    requires: [testing-fedora/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{testing-fedora/build_url}'
+        update_packages: True
+        test_suite: test_integration/test_installation.py::TestInstallWithoutSudo
+        template: *testing-master-latest
+        timeout: 4800
+        topology: *master_1repl_1client
+
  testing-fedora/test_idviews:
    requires: [testing-fedora/build]
    priority: 50
--- a/ipatests/prci_definitions/nightly_latest_testing_selinux.yaml
+++ b/ipatests/prci_definitions/nightly_latest_testing_selinux.yaml
@ -615,6 +615,20 @@ jobs:
        timeout: 10800
        topology: *master_1repl

+  testing-fedora/test_installation_TestInstallWithoutSudo:
+    requires: [fedora-latest/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{testing-fedora/build_url}'
+        update_packages: True
+        selinux_enforcing: True
+        test_suite: test_integration/test_installation.py::TestInstallWithoutSudo
+        template: *testing-master-latest
+        timeout: 4800
+        topology: *master_1repl_1client
+
  testing-fedora/test_idviews:
    requires: [testing-fedora/build]
    priority: 50
--- a/ipatests/prci_definitions/nightly_previous.yaml
+++ b/ipatests/prci_definitions/nightly_previous.yaml
@ -535,6 +535,18 @@ jobs:
        timeout: 10800
        topology: *master_1repl

+  fedora-previous/test_installation_TestInstallWithoutSudo:
+    requires: [fedora-previous/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-previous/build_url}'
+        test_suite: test_integration/test_installation.py::TestInstallWithoutSudo
+        template: *ci-master-previous
+        timeout: 4800
+        topology: *master_1repl_1client
+
  fedora-previous/test_idviews:
    requires: [fedora-previous/build]
    priority: 50
--- a/ipatests/prci_definitions/nightly_rawhide.yaml
+++ b/ipatests/prci_definitions/nightly_rawhide.yaml
@ -575,6 +575,19 @@ jobs:
        timeout: 10800
        topology: *master_1repl

+  fedora-rawhide/test_installation_TestInstallWithoutSudo:
+    requires: [fedora-rawhide/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-rawhide/build_url}'
+        update_packages: True
+        test_suite: test_integration/test_installation.py::TestInstallWithoutSudo
+        template: *ci-master-frawhide
+        timeout: 4800
+        topology: *master_1repl_1client
+
  fedora-rawhide/test_idviews:
    requires: [fedora-rawhide/build]
    priority: 50
--- a/ipatests/test_integration/test_installation.py
+++ b/ipatests/test_integration/test_installation.py
@ -1537,3 +1537,69 @@ class TestInstallReplicaAgainstSpecificServer(IntegrationTest):
                                            self.replicas[0].hostname],
                                           stdin_text=dirman_password)
        assert self.replicas[0].hostname not in cmd.stdout_text
+
+
+class TestInstallWithoutSudo(IntegrationTest):
+
+    num_clients = 1
+    num_replicas = 1
+    no_sudo_str = "The sudo binary does not seem to be present on this"
+
+    @classmethod
+    def install(cls, mh):
+        pass
+
+    def test_sudo_removal(self):
+        # ipa-client makes sudo depend on libsss_sudo.
+
+        # --nodeps is mandatory because dogtag uses sudo at install
+        # time until commit 49585867207922479644a03078c29548de02cd03
+        # which is scheduled to land in 10.10.
+
+        # This also means sudo+libsss_sudo cannot be uninstalled on
+        # IPA servers with a CA.
+        assert tasks.is_package_installed(self.clients[0], 'sudo')
+        assert tasks.is_package_installed(self.clients[0], 'libsss_sudo')
+        tasks.uninstall_packages(
+            self.clients[0], ['sudo', 'libsss_sudo'], nodeps=True
+        )
+
+    def test_ipa_installation_without_sudo(self):
+        # FixMe: When Dogtag 10.10 is out, test installation without sudo
+        tasks.install_master(self.master, setup_dns=True)
+
+    def test_replica_installation_without_sudo(self):
+        # FixMe: When Dogtag 10.10 is out, test replica installation
+        # without sudo and with CA
+        tasks.uninstall_packages(
+            self.replicas[0], ['sudo', 'libsss_sudo'], nodeps=True
+        )
+        # One-step install is needed.
+        # With promote=True, two-step install is done and that only captures
+        # the ipa-replica-install stdout/stderr, not ipa-client-install's.
+        result = tasks.install_replica(
+            self.master, self.replicas[0], promote=False,
+            setup_dns=True, setup_ca=False
+        )
+        assert self.no_sudo_str in result.stderr_text
+
+    def test_client_installation_without_sudo(self):
+        result = tasks.install_client(self.master, self.clients[0])
+        assert self.no_sudo_str in result.stderr_text
+
+    def test_remove_sudo_on_ipa(self):
+        tasks.uninstall_packages(
+            self.master, ['sudo', 'libsss_sudo'], nodeps=True
+        )
+        self.master.run_command(
+            ['ipactl', 'restart']
+        )
+
+    def test_install_sudo_on_client(self):
+        """ Check that installing sudo pulls libsss_sudo in"""
+        for pkg in ('sudo', 'libsss_sudo'):
+            assert tasks.is_package_installed(self.clients[0], pkg) is False
+        tasks.uninstall_client(self.clients[0])
+        tasks.install_packages(self.clients[0], ['sudo'])
+        for pkg in ('sudo', 'libsss_sudo'):
+            assert tasks.is_package_installed(self.clients[0], pkg)