ipatests:Test if proper error thrown when AD user tries to run IPA commands

Before fix the error used to implies that the ipa setup is broken.
Fix is to throw the proper error. This test is to check that the
error with 'Invalid credentials' thrown when AD user tries to run
IPA commands.

related: https://pagure.io/freeipa/issue/8163

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Mohammad Rizwan Yusuf 2020-03-06 17:02:32 +05:30 committed by François Cami
parent 9b3c3202ca
commit a02df530a6

View File

@ -127,6 +127,28 @@ class TestTrust(BaseTestTrust):
assert re.search(
testuser_regex, result.stdout_text), result.stdout_text
def test_ipa_commands_run_as_aduser(self):
"""Test if proper error thrown when AD user tries to run IPA commands
Before fix the error used to implies that the ipa setup is broken.
Fix is to throw the proper error. This test is to check that the
error with 'Invalid credentials' thrown when AD user tries to run
IPA commands.
related: https://pagure.io/freeipa/issue/8163
"""
tasks.kdestroy_all(self.master)
ad_admin = 'Administrator@%s' % self.ad_domain
tasks.kinit_as_user(self.master, ad_admin,
self.master.config.ad_admin_password)
err_string = ('ipa: ERROR: Insufficient access: SASL(-14):'
' authorization failure: Invalid credentials')
result = self.master.run_command(['ipa', 'ping'], raiseonerr=False)
assert err_string in result.stderr_text
tasks.kdestroy_all(self.master)
tasks.kinit_admin(self.master)
def test_ipauser_authentication_with_nonposix_trust(self):
ipauser = u'tuser'
original_passwd = 'Secret123'