IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Test smart card advise scripts

Browse Source 
Create and execute the server and client smart card advise scripts.

See: See: https://pagure.io/freeipa/issue/7751
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Christian Heimes 2018-11-21 10:00:20 +01:00
parent a86abd37e9
commit f0e11dac2d
2 changed files with 75 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ipatests/prci_definitions/gating.yaml
View File

@ -157,7 +157,7 @@ jobs:
test_suite: test_integration/test_advise.py test_suite: test_integration/test_advise.py
template: *ci-master-f29 template: *ci-master-f29
timeout: 3600 timeout: 3600
topology: *master_1repl topology: *master_1repl_1client
fedora-29/test_testconfig: fedora-29/test_testconfig:
requires: [fedora-29/build] requires: [fedora-29/build]

99
ipatests/test_integration/test_advise.py
View File

@ -21,11 +21,17 @@
# pylint: disable=no-member # pylint: disable=no-member
import re import re
from ipalib.constants import IPAAPI_USER
from ipaplatform.paths import paths
from ipaplatform.constants import constants
from ipatests.create_external_ca import ExternalCA
from ipatests.pytest_ipa.integration import tasks from ipatests.pytest_ipa.integration import tasks
from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration.base import IntegrationTest
def run_advice(master, advice_id, advice_regex, raiseerr): def run_advice(master, advice_id, advice_regex, raiseerr=True):
# Obtain the advice from the server # Obtain the advice from the server
tasks.kinit_admin(master) tasks.kinit_admin(master)
result = master.run_command(['ipa-advise', advice_id], result = master.run_command(['ipa-advise', advice_id],
@ -43,28 +49,38 @@ class TestAdvice(IntegrationTest):
""" """
Tests ipa-advise output. Tests ipa-advise output.
""" """
advice_id = None
raiseerr = None
advice_regex = ''
topology = 'line' topology = 'line'
num_replicas = 0
num_clients = 1
def execute_advise(self, host, advice_id, *args):
# ipa-advise script is only available on a server
tasks.kinit_admin(self.master)
advice = self.master.run_command(['ipa-advise', advice_id])
# execute script on host (client or master)
if host is not self.master:
tasks.kinit_admin(host)
filename = tasks.upload_temp_contents(host, advice.stdout_text)
cmd = ['sh', filename]
cmd.extend(args)
try:
result = host.run_command(cmd)
finally:
host.run_command(['rm', '-f', filename])
return advice, result
def test_invalid_advice(self): def test_invalid_advice(self):
advice_id = r'invalid-advise-param' advice_id = r'invalid-advise-param'
advice_regex = r"invalid[\s]+\'advice\'.*" advice_regex = r"invalid[\s]+\'advice\'.*"
raiseerr = False run_advice(self.master, advice_id, advice_regex, raiseerr=False)
run_advice(self.master, advice_id, advice_regex, raiseerr)
def test_advice_FreeBSDNSSPAM(self): def test_advice_FreeBSDNSSPAM(self):
advice_id = 'config-freebsd-nss-pam-ldapd' advice_id = 'config-freebsd-nss-pam-ldapd'
advice_regex = r"\#\!\/bin\/sh.*" \ advice_regex = r"\#\!\/bin\/sh.*" \
r"pkg_add[\s]+\-r[\s]+nss\-pam\-ldapd[\s]+curl.*" \ r"pkg_add[\s]+\-r[\s]+nss\-pam\-ldapd[\s]+curl.*" \
r"\/usr\/local\/etc\/rc\.d\/nslcd[\s]+restart" r"\/usr\/local\/etc\/rc\.d\/nslcd[\s]+restart"
raiseerr = True
run_advice(self.master, advice_id, advice_regex, raiseerr)
run_advice(self.master, advice_id, advice_regex)
def test_advice_GenericNSSPAM(self): def test_advice_GenericNSSPAM(self):
advice_id = 'config-generic-linux-nss-pam-ldapd' advice_id = 'config-generic-linux-nss-pam-ldapd'
@ -75,20 +91,16 @@ class TestAdvice(IntegrationTest):
r"service[\s]+nscd[\s]+stop[\s]+\&\&[\s]+service[\s]+" r"service[\s]+nscd[\s]+stop[\s]+\&\&[\s]+service[\s]+"
r"nslcd[\s]+restart" r"nslcd[\s]+restart"
) )
raiseerr = True
run_advice(self.master, advice_id, advice_regex, raiseerr)
run_advice(self.master, advice_id, advice_regex)
def test_advice_GenericSSSDBefore19(self): def test_advice_GenericSSSDBefore19(self):
advice_id = r'config-generic-linux-sssd-before-1-9' advice_id = r'config-generic-linux-sssd-before-1-9'
advice_regex = r"\#\!\/bin\/sh.*" \ advice_regex = r"\#\!\/bin\/sh.*" \
r"apt\-get[\s]+\-y[\s]+install sssd curl openssl.*" \ r"apt\-get[\s]+\-y[\s]+install sssd curl openssl.*" \
r"service[\s]+sssd[\s]+start" r"service[\s]+sssd[\s]+start"
raiseerr = True
run_advice(self.master, advice_id, advice_regex, raiseerr)
run_advice(self.master, advice_id, advice_regex)
def test_advice_RedHatNSS(self): def test_advice_RedHatNSS(self):
advice_id = 'config-redhat-nss-ldap' advice_id = 'config-redhat-nss-ldap'
@ -100,10 +112,8 @@ class TestAdvice(IntegrationTest):
r"[\s]+\-\-enableldapauth[\s]+" r"[\s]+\-\-enableldapauth[\s]+"
r"\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*" r"\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*"
) )
raiseerr = True
run_advice(self.master, advice_id, advice_regex, raiseerr)
run_advice(self.master, advice_id, advice_regex)
def test_advice_RedHatNSSPAM(self): def test_advice_RedHatNSSPAM(self):
advice_id = 'config-redhat-nss-pam-ldapd' advice_id = 'config-redhat-nss-pam-ldapd'
@ -113,10 +123,8 @@ class TestAdvice(IntegrationTest):
r"authconfig[\s]+\-\-updateall[\s]+\-\-enableldap"\ r"authconfig[\s]+\-\-updateall[\s]+\-\-enableldap"\
r"[\s]+\-\-enableldaptls[\s]+\-\-enableldapauth[\s]+" \ r"[\s]+\-\-enableldaptls[\s]+\-\-enableldapauth[\s]+" \
r"\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*" r"\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*"
raiseerr = True
run_advice(self.master, advice_id, advice_regex, raiseerr)
run_advice(self.master, advice_id, advice_regex)
def test_advice_RedHatSSSDBefore19(self): def test_advice_RedHatSSSDBefore19(self):
advice_id = 'config-redhat-sssd-before-1-9' advice_id = 'config-redhat-sssd-before-1-9'
@ -125,6 +133,47 @@ class TestAdvice(IntegrationTest):
r"yum[\s]+install[\s]+\-y[\s]+sssd[\s]+authconfig[\s]+" r"yum[\s]+install[\s]+\-y[\s]+sssd[\s]+authconfig[\s]+"
r"curl[\s]+openssl.*service[\s]+sssd[\s]+start" r"curl[\s]+openssl.*service[\s]+sssd[\s]+start"
) )
raiseerr = True
run_advice(self.master, advice_id, advice_regex, raiseerr) run_advice(self.master, advice_id, advice_regex)
# trivial checks
def test_advice_enable_admins_sudo(self):
advice_id = 'enable_admins_sudo'
advice_regex = r"\#\!\/bin\/sh.*"
run_advice(self.master, advice_id, advice_regex)
def test_advice_config_server_for_smart_card_auth(self):
advice_id = 'config_server_for_smart_card_auth'
advice_regex = r"\#\!\/bin\/sh.*"
run_advice(self.master, advice_id, advice_regex)
ca_pem = ExternalCA().create_ca()
ca_file = tasks.upload_temp_contents(self.master, ca_pem)
try:
self.execute_advise(self.master, advice_id, ca_file)
except Exception:
# debug: sometimes ipa-certupdate times out in
# "Resubmitting certmonger request"
self.master.run_command(['getcert', 'list'])
raise
finally:
self.master.run_command(['rm', '-f', ca_file])
sssd_conf = self.master.get_file_contents(
paths.SSSD_CONF, encoding='utf-8'
)
assert constants.HTTPD_USER in sssd_conf
assert IPAAPI_USER in sssd_conf
def test_advice_config_client_for_smart_card_auth(self):
advice_id = 'config_client_for_smart_card_auth'
advice_regex = r"\#\!\/bin\/sh.*"
run_advice(self.master, advice_id, advice_regex)
client = self.clients[0]
ca_pem = ExternalCA().create_ca()
ca_file = tasks.upload_temp_contents(client, ca_pem)
try:
self.execute_advise(client, advice_id, ca_file)
finally:
client.run_command(['rm', '-f', ca_file])