Commit Graph

56 Commits

Author SHA1 Message Date
Tomas Babej
01a0249a40 ipatests: Perform a connection test before preparing the client
When the host is down, the preparation of the host fails. This
produces misleading errors, since the test framework reports that
the actual command being executed failed, when in fact (in case
of SSHTransport), the cause of failure was unability to establish
a SSH session.

https://fedorahosted.org/freeipa/ticket/4132

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
2014-02-10 10:37:26 +01:00
Tomas Babej
033c354709 ipatests: legacy_clients: Test legacy clients with non-posix trust
Adds test cases for legacy client support with IPA that has estabilish
trust with AD that does not leverage POSIX attributes defined on AD.

https://fedorahosted.org/freeipa/ticket/4134

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
2014-02-10 10:37:23 +01:00
Tomas Babej
1601860023 ipatests: Run restoring backup files and restoring their context in one session
Restoring backup files and restoring their context were two separate commands,
what means that in case we use SSHTrasport, which creates a separate SSH
session for each command, we try to restore the SELinux context of the
changed files in a new session.

This causes problems, if the access to files themselves are necessary
for the creation of the new SSH session.

https://fedorahosted.org/freeipa/ticket/4133

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-02-05 15:38:53 +01:00
Tomas Babej
baf9b4c02a ipatests: Add records for all hosts in master's domain
All the hosts in the domain have IPA master set as their only
nameserver. However, the IPA master does not create records for
these machines by default. This is not an big issue for clients
or replicas, since those records do get created in other ways,
but external hosts using their internal hostnames will not resolve.

Adds an A record for each host in master's domain.

https://fedorahosted.org/freeipa/ticket/4130

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-02-05 15:38:53 +01:00
Tomas Babej
03d093d793 ipatests: test_legacy_clients: Change "test group" to "testgroup"
The integration test for legacy clients used incorrectly "test group"
instead of "testgroup" as group used on AD for test purposes. This
is inconsistent with the usage of "testuser".

https://fedorahosted.org/freeipa/ticket/4131

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-02-05 15:38:53 +01:00
Petr Viktorin
7b5124416b integration tests OpenSSHTransport: Expand tilde to home in root_ssh_key_filename
Expand paths beginning with a tilde, such as the default ~/.ssh/id_rsa,
to the home directory.

https://fedorahosted.org/freeipa/ticket/4115
2014-02-05 08:35:07 +01:00
Tomas Babej
2adfaa3a9b ipatests: Check for legacy_client attribute presence if unapplying fixes
When legacy client tests fail during IPA installation, the legacy
client test produces an additional misleading error
(the real cause is reported as well). This happens due the fact
that we try to cleanup host that was not yet defined. We need to
check for this attribute being defined before unapplying fixes there.

https://fedorahosted.org/freeipa/ticket/4124
2014-01-20 15:35:28 +01:00
Tomas Babej
5403648afd ipatests: Remove sudo calls from tasks
Sudo calls are not necessary since we log in as a root. Additionally,
sudo requires tty in default configuration, which is not acquired
when using OpenSSH transport.

https://fedorahosted.org/freeipa/ticket/4125
2014-01-20 15:32:01 +01:00
Petr Viktorin
a9a7976ca8 test_integration: Log external hostname in Host.ldap_connect
This may make debugging easier if the address is set incorrectly.
2013-12-06 12:58:50 +01:00
Petr Viktorin
98f4c22267 test_integration: Support external names for hosts
The framework had a concept of external hostnames,
which the controller uses to contact the test machines,
but they were not loaded from configuration.

Load external names from configuration.

This makes tests pass in setups where internal and external
hostnames are different, and the internal hostnames are not
initially resolvable from the controller.
2013-12-06 12:58:50 +01:00
Jan Cholasta
df5f4ee81d Turn LDAPEntry.single_value into a dictionary-like property.
This change makes single_value consistent with the raw property.

https://fedorahosted.org/freeipa/ticket/3521
2013-11-05 13:56:55 +01:00
Petr Viktorin
1f6880c590 Fix debug output in integration test
Recent ipaldap work has made LDAPEntry incompatible with python-ldap's
LDIFWriter.
Convert entry to dict before printing debug output.
2013-11-04 11:59:34 +01:00
Tomas Babej
9cbb94cd66 ipatests: test_trust: use domain name instead of realm for user lookups 2013-11-01 16:24:30 +01:00
Tomas Babej
428aecec49 ipatests: Add integration tests for legacy clients
Part of: https://fedorahosted.org/freeipa/ticket/3833
2013-11-01 16:24:30 +01:00
Tomas Babej
b1bffb5eca ipatests: Add support for extra roles referenced by a keyword
Adds support for host definition by a environment variables of the
following form:

ROLE_<keyword>_envX, where X is the number of the environment
for which host referenced by a role <keyword> should be defined.

Adds a required_extra_roles attribute to the IntegrationTest class,
which can test developer use to specify the extra roles that this
particular test requires. If not all required extra roles are
available, the test will be skipped.

All extra (and static) roles are accessible to the IntegrationTests
via the host_by_role method, which returns a host of given role.

Part of: https://fedorahosted.org/freeipa/ticket/3833
2013-10-31 16:52:12 +01:00
Tomas Babej
44998feace ipatests: Do not use /usr/bin hardcoded paths
Part of: https://fedorahosted.org/freeipa/ticket/3833
2013-10-31 14:10:53 +01:00
Tomas Babej
4fd88140b1 ipatests: Restore SELinux context after restoring files from backup
Part of: https://fedorahosted.org/freeipa/ticket/3833
2013-10-31 13:18:00 +01:00
Tomas Babej
775f2de4ec ipatests: Extend clear_sssd_cache to support non-systemd platforms
Part of: https://fedorahosted.org/freeipa/ticket/3833
2013-10-31 13:16:02 +01:00
Petr Viktorin
e6c06b08d8 Tests: mkdir_recursive: Don't fail when top-level directory doesn't exist
When the directory directly under root (e.g. /etc) did not exist,
mkdir_recursive failed.
Fix the issue.
2013-10-30 11:55:10 +01:00
Ana Krivokapic
5854c47685 Add test for external CA installation
https://fedorahosted.org/freeipa/ticket/3819
2013-10-29 08:27:25 +01:00
Tomas Babej
81b5ac772f ipatests: Add AD integration test case
Part of: https://fedorahosted.org/freeipa/ticket/3834
2013-10-25 13:51:59 +02:00
Tomas Babej
b758be1f51 ipatests: Add AD-integration related tasks
Part of: https://fedorahosted.org/freeipa/ticket/3834
2013-10-24 14:08:40 +02:00
Tomas Babej
35d843b273 ipatests: Add WinHost class
Part of: https://fedorahosted.org/freeipa/ticket/3834
2013-10-24 14:08:40 +02:00
Tomas Babej
e8941ef6cb ipatests: Create util module for ipatests
Part of: https://fedorahosted.org/freeipa/ticket/3834
2013-10-24 14:08:40 +02:00
Tomas Babej
407db5b8a9 ipatests: Extend IntegrationTest with multiple AD domain support
Part of: https://fedorahosted.org/freeipa/ticket/3834
2013-10-24 14:08:40 +02:00
Tomas Babej
5a9b46c9c5 ipatests: Extend domain object with 'ad' role support and WinHosts
Part of: https://fedorahosted.org/freeipa/ticket/3834
2013-10-24 14:08:40 +02:00
Tomas Babej
69a7c1e2ba ipatests: Add Active Directory support to configuration
Part of: https://fedorahosted.org/freeipa/ticket/3834
2013-10-24 14:08:40 +02:00
Petr Viktorin
f34b8896f9 test_simple_replication: Fix waiting for replication
The integration tests must wait for replication to happen before checking
results. In some cases, the tests have failed because the checks that
detect completed replication were insufficient.

This fixes the code to:
- Wait for replication to be completed on both servers
- In the case of an error, continue waiting -- it might be the case that
  the DS is temporarily unreachable
2013-10-18 18:01:28 +02:00
Petr Viktorin
c97f4e8a66 Use new CLI options in certinstall tests
The --pin and --dirman-password options simplified ipa-certinstall
usage. Use them in tests.

Also add tests for the old way of calling the command.

https://fedorahosted.org/freeipa/ticket/3869
http://www.freeipa.org/page/V3/ipa-server-certinstall_CLI_cleanup
2013-10-18 12:27:40 +02:00
Petr Viktorin
7be79dfe34 test_caless.TestCertInstall: Fix 'test_no_ds_password' test case
The test installed the HTTP cert instead of the DS one.
2013-10-18 12:27:40 +02:00
Petr Viktorin
3a4a7458c7 Add tests for installing with empty PKCS#12 password 2013-10-04 10:27:23 +02:00
Petr Vobornik
5c06e27ff9 ipatests.test_integration.host: Add logging to ldap_connect() 2013-10-03 19:50:35 +02:00
Petr Viktorin
f2e8624e76 ipatests.beakerlib_plugin: Add argument of generated tests to test captions
To differentiate between individual tests in BeakerLib output,
the argument needs to be added to the test name. Since Nose
doesn't provide a way to get the argument in a plugin,
a `test_argument` attribute must be added to the test function
to support this, simlarly to how `description` is used to set
individual "docstrings".

Add test_argument to the generated tests in the CA-less suite.
2013-10-03 19:50:35 +02:00
Petr Viktorin
23921f40d9 ipatests.test_integration.test_caless: Fix mkdir_recursive call 2013-10-03 19:50:35 +02:00
Petr Viktorin
3864760c52 test_integration: Add OpenSSHTransport, used if paramiko is not available
This adds a transport that uses /usr/bin/ssh calls to communicate
with remote hosts.
This transport is a bit slower and buffers output more than paramiko,
so it is only used if paramiko is not available, or forced with an
environment variable.

https://fedorahosted.org/freeipa/ticket/3890
2013-10-03 18:57:41 +02:00
Petr Viktorin
758c73e149 test_integration.host: Move transport-related functionality to a new module
This will make it possible to use a different mechanism for cases like
- Paramiko is not available
- Hosts without SSH servers (e.g. Windows)

Add BaseHost, Transport & Command base classes that define the interface
and common functionality, and Host, ParamikoTransport & SSHCommand with
specific details.

The {get,put}_file_contents methods are left on Host for convenience;
all other Transport methods must be now accessed through the transport.

Part of the work for https://fedorahosted.org/freeipa/ticket/3890
2013-10-03 18:57:41 +02:00
Petr Vobornik
f312d72510 Fix RUV search scope in ipa-replica-manage
The search had an incorrect scope and therefore it didn't find any RUV.

This issue prevented removing of replica.

https://fedorahosted.org/freeipa/ticket/3876
2013-09-04 12:46:29 +02:00
Ana Krivokapic
f40cb4c031 Add integration tests for forced client re-enrollment
Add integration tests for the forced client re-enrollment feature:
http://www.freeipa.org/page/V3/Forced_client_re-enrollment#Test_Plan

https://fedorahosted.org/freeipa/ticket/3832
2013-09-02 12:29:36 +02:00
Petr Viktorin
9b200c7c72 Add CA-less install tests
Differences from the test plan at
http://www.freeipa.org/index.php?title=V3/CA-less_install&oldid=6669 are:
- The following tests are included in all applicable positive
  install tests, rather than being standalone test cases:
  - Verify CA certificate stored in LDAP
  - Verify CA PEM file created by IPA server install
  - Verify that IPA server install does not configure certmonger
  - Verify CA PEM file created by IPA replica install
  - Verify that IPA replica install does not configure certmonger
  - Verify CA PEM file created by IPA client install
- PKI setup is done only once for each test class
- Master installation is done once for the IPA command tests, and
  once for the certinstall tests
- Certificates are compared after base64 decoding to avoid failures
  from formatting mismatches
- Minor changes necessary for automation (e.g. adding --unattended
  and --password options, correcting error messages)
- Web UI tests are not included here

https://fedorahosted.org/freeipa/ticket/3830
2013-08-28 20:14:46 +02:00
Ana Krivokapic
1749cce3f7 Add integration tests for Kerberos Flags
Add integration tests for the Kerberos Flags feature:
http://www.freeipa.org/page/V3/Kerberos_Flags#Test_Plan
(except the web UI tests).

https://fedorahosted.org/freeipa/ticket/3831
2013-08-27 12:45:12 +02:00
Petr Viktorin
a8d2ec6677 Allow freeipa-tests to work with older paramiko versions
The integration testing framework used Paramiko SFTP files as
context managers. This feature is only available in Paramiko 1.10+.
Use an explicit context manager so that we don't rely on the feature.
2013-08-13 15:42:48 +02:00
Petr Viktorin
2f80855e15 test_simple_replication: Wait for replication to finish before checking
Add ldap_connect() method to Host to allow executing querying LDAP from tests.

Use information in the mapping tree to poll until all replication is finished
(or failing) before checking that entries replicated successfully.
2013-07-25 12:41:26 +02:00
Petr Viktorin
13f4b7e9cf Add install_topo to test tasks
This allows a cluster of replicas and clients to be installed
in a named topology.
Several named topologies are available (star, line, complete, tree,
tree2) and new ones can be defined as a simple function.
2013-07-25 12:32:35 +02:00
Petr Viktorin
ac70c2cc5c Add more test tasks
- install_client
- connect_replica
- disconnect_replica
- prepare_host
- kinit_admin
2013-07-25 12:32:34 +02:00
Petr Viktorin
db8027407a test_integration: Set up CA on replicas by default
For complex topologies the CA needs to be available on most
replicas, since only servgers with a CA can prepare replica files.
2013-07-25 12:32:33 +02:00
Petr Viktorin
4b439356b7 test_integration: Add log collection to Host
This allows collecting logs when a test context is not available.
2013-07-25 12:32:33 +02:00
Petr Viktorin
23d3fde059 Integration test config: Make it possible to specify host IP 2013-07-15 15:49:16 +02:00
Petr Viktorin
c47f3154be Make BeakerLib logging less verbose
Logs from Beaker jobs are normally very brief, with the standard
output/error containing detailed information. Make ipa-run-tests
with BeakerLib plugin follow this convention.

Only include INFO and higher level messages in the Beaker logs.
Downgrade several message levels to DEBUG.
Log to console using Python logging instead of showing the Beaker logs.

Since ipa-run-tests sets up its own logging, Nose's own log
handling just causes duplicate messages. Disable it with --nologcapture.
2013-07-15 15:49:14 +02:00
Petr Viktorin
19a0d51d89 Use dosctrings in BeakerLib phase descriptions
Phase names are now in the format:
test-module-TestClass-test_method: First line of docstring

https://fedorahosted.org/freeipa/ticket/3723
2013-07-15 15:49:13 +02:00
Petr Viktorin
a02890526e Host class improvements
- Use the external hostname when connecting to remote hosts
- Make it possible to specify working directory for remote commands
- Move kinit calls to installation code
  This allows tests where installation is done later
- Log at error level when a remote command fails unexpectedly
- Clean up test directory before testing
- Break infinite recursion in mkdir_recursive if dir can't be created
2013-07-15 15:49:12 +02:00