Commit Graph

15315 Commits

Author SHA1 Message Date
Endi S. Dewata
06183a061a Remove pki_restart_configured_instance
The pki_restart_configured_instance param is no longer used
by pkispawn so it has been removed.

https://github.com/dogtagpki/pki/blob/master/docs/changes/v11.3.0/Server-Changes.adoc

Signed-off-by: Endi S. Dewata <edewata@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-08-19 10:19:10 +02:00
Scott Poore
5a225deaa0 ipatests: Rename create_quarkus to create_keycloak
The module installs and configures a Keycloak server and
not just the Quarkus Java framework.  So, renaming to better
reflect what the module is used for.

Fixes: https://pagure.io/freeipa/issue/9225
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-08-19 09:47:41 +02:00
Rob Crittenden
0468cc6085 Set default on group pwpolicy with no grace limit in upgrade
If an existing group policy lacks a password grace limit
update it to -1 on upgrade.

Fixes: https://pagure.io/freeipa/issue/9212

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-08-18 17:51:20 -04:00
Rob Crittenden
c8955a4d0a Set default gracelimit on group password policies to -1
This will retain previous behavior of unlimited LDAP BIND
post-expiration.

Fixes: https://pagure.io/freeipa/issue/9212

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-08-18 17:51:20 -04:00
Rob Crittenden
b6587d3361 doc: Update LDAP grace period design with default values
New group password policies will get -1 (unlimited) on creation
by default.

Existing group password policies will remain untouched and
those created prior will be treated as no BIND allowed.

Fixes: https://pagure.io/freeipa/issue/9212

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-08-18 17:51:20 -04:00
Thomas Woerner
77803587d6 DNSResolver: Fix use of nameservers with ports
IPA DNS zone and forwardzone commands allow to use nameservers with ports
as "SERVER_IP port PORT_NUMBER". bind is supporting this syntax, but the
Resolver in dnspython that is used to verify the list of forwarders
(nameservers) is only allowing to have IP addresses in this list. With
dnspython version 2.20 there is a new validator in dns.resolver.BaseResolver
that ensures this.

Refs:
- https://bind9.readthedocs.io/en/v9_18_4/reference.html#zone-statement-grammar
- https://github.com/rthalley/dnspython/blob/master/dns/resolver.py#L1094

ipapython/dnsutil.DNSResolver derives from dns.resolver.Resolver. The setter
for nameservers has been overloaded in the DNSResolver class to split out
the port numbers into the nameserver_ports dict { SERVER_IP: PORT_NUMBER }.
After the setter for nameservers succeeded, nameserver_ports is set.
nameserver_ports is used in the resolve() method of dns.resolver.Resolver.

Additional tests have been added to verify that nameservers and also
nameserver_ports are properly set and also valid.

Fixes: https://pagure.io/freeipa/issue/9158

Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-08-16 13:49:40 +02:00
Florence Blanc-Renaud
21091c2bc7 gitignore: add install/oddjob/org.freeipa.server.config-enable-sid
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-08-16 13:07:03 +02:00
Florence Blanc-Renaud
54d32fcd76 ipatests: Fix expected object classes
Because the sidgen plugin is a postop plugin, it is not
always triggered before the result of an ADD is returned
and the objectclasses of the user may / may not contain
ipantuserattrs.
Fix the expected object classes.

Related: https://pagure.io/freeipa/issue/9062
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-08-16 13:07:03 +02:00
Rob Crittenden
45b351f8c5 upgrades: Don't restart the CA on ACME and profile schema change
There are currently three sets of CA schema changes applied
in ipa-server-upgrade:

* addition of ACME schema
* addition of certificate profile schema
* addition of lightweight CA schema

None of these require a restart of the CA to be supported.

There is an issue in schema parsing such that it doesn't handle
X-ORIGIN properly. A difference is detected and a change applied
but no change is recorded in LDAP so every time upgrade is
run it thinks a CA restart is needed. The CA is not quick to
restart so avoiding one is best, particularly when the update is
run as part of an rpm transaction where a user with an itchy finger
may think things have hung and break out of it.

https://github.com/389ds/389-ds-base/issues/5366 was
filed to track this.

Related: https://pagure.io/freeipa/issue/9204

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-08-16 08:51:31 +02:00
Florence Blanc-Renaud
8a415ff985 check_repl_update: in progress is a boolean
With the fix for https://pagure.io/freeipa/issue/9171,
nsds5replicaUpdateInProgress is now handled as a boolean.
One remaining occurrence was still handling it as a string
and calling lower() on its value.

Replace with direct boolean comparison.

Fixes: https://pagure.io/freeipa/issue/9218
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-08-16 08:39:06 +02:00
Florence Blanc-Renaud
4ae9c78f59 azure tests: disable TestInstallDNSSECFirst
The test TestInstallDNSSECFirst is failing because of one of its
dependencies (the most likely suspect is the update of openssl-pkcs11).
Disable the test from azure gating until the issue is solved.

Related: https://pagure.io/freeipa/issue/9216
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
2022-08-08 09:53:25 +02:00
Florence Blanc-Renaud
ccb012b402 ipatests: fix the topology for rawhide/test_subids
The test test_integration/test_subids.py::TestSubordinateId
needs a master and a client but the yaml definition for rawhide
and sssd is currently using master_1repl. Replace with
master_1repl_1client to fulfill the requirement.

Fixes: https://pagure.io/freeipa/issue/9217
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
2022-08-08 09:53:25 +02:00
Carla Martinez
42b2607a6f webui: Allow grace login limit
There was no support for setting the grace login limit on the WebUI. The
only way to so was only via CLI:

   `ipa pwpolicy-mod --gracelimit=2 global_policy`

Thus, the grace login limit must be updated from the policy section and
this will reflect also on the user settings (under the 'Password Policy'
section)

Fixes: https://pagure.io/freeipa/issue/9211

Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-08-05 16:30:18 +02:00
Sumedh Sidhaye
6033d495d1 Additional tests for RSN v3
New Tests include
TestRSNPKIConfig
TestRSNVault

The new tests are just extending existing classes to be run
with random serial numbers enabled

The tests also include a new method to check params set in CS.cfg for both CA and
KRA, and another test to check Random Serial Number version while
running `ipa ca-find`

Added nightly definitions

Related Ticket: https://pagure.io/freeipa/issue/2016

Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-08-04 13:26:00 -04:00
Sudhir Menon
bf4c51266c
ipatests: WebUI: do not allow subid range deletion
This testcase checks that subid added by user admin
cannot be deleted.

Related: https://pagure.io/freeipa/issue/9150

Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2022-08-03 09:33:42 +02:00
David Pascual
8297b74974 ipatest: fix prci checker target masked return code & add pylint
In the yamllint target of makefile, prci_checker result was being masked by echo statement.
Aditionally, prci_checker script has been added to the list of Python sources to be Pylinted.

Addressing comments of recently merged PR:
https://github.com/freeipa/freeipa/pull/6301#discussion_r923163970
https://github.com/freeipa/freeipa/pull/6301#issuecomment-1187037261

Signed-off-by: David Pascual <davherna@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
2022-08-01 09:34:42 -04:00
Sudhir Menon
e3e7c98ac5 ipatests: ipa-client-install --subid adds entry in nsswitch.conf
This testcase checks that when ipa-client-install command
is run with --subid option, /etc/nsswitch.conf file is updated
with the below entry

subid: nss
Related: https://pagure.io/freeipa/issue/9159

Since the newly added testsuite required client
system, hence modified the below yaml files to change the topology
from *master_1repl to *master_1repl_1client in the below files

gating.yaml
nightly_latest.yaml
nightly_latest_selinux.yaml
nightly_latest_testing.yaml
nightly_previous.yaml
nightly_rawhide.yaml

Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-08-01 09:28:30 -04:00
Rob Crittenden
4105fee2cf Disabling gracelimit does not prevent LDAP binds
Originally the code treated 0 as disabled. This was
changed during the review process to -1 but one remnant
was missed effetively allowing gracelimit 0 to also mean
disabled.

Add explicit tests for testing with gracelimit = 0 and
gracelimit = -1.

Also remove some extranous "str(self.master.domain.basedn)"
lines from some of the tests.

Fixes: https://pagure.io/freeipa/issue/9206

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
2022-08-01 09:24:40 -04:00
Erik
fc5de8216d
ipatests: healthcheck: test if system is FIPS enabled
Test if FIPS is enabled and the check exists.

Related: https://pagure.io/freeipa/issue/8951

Signed-off-by: Erik Belko <ebelko@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-07-27 13:34:07 +02:00
Stanislav Levin
e9b232fcf4 ap: Constrain supported docutils
New Sphinx 5.1.0 (Released: Jul 24, 2022) bumped supported docutils
to 0.19:
https://github.com/sphinx-doc/sphinx/pull/10656

But m2r2 doesn't support it yet:
https://github.com/CrossNox/m2r2/issues/52

Thereby, docutils must be constrained to < 0.19.

This should be fixed by m2r2 and after they do it the restriction
can be removed.

Fixes: https://pagure.io/freeipa/issue/9208
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-07-26 12:36:41 -04:00
Stanislav Levin
8542fd3012 ap: Rearrange overloaded jobs
With some recent changes the Azure Agent has decreased performance.
For example, `InstallDNSSECFirst_1_to_5` (5 subjobs) job took ~33min
and now it takes ~40min. In the same time there are jobs having only
1 or 2 subjobs and they should be used more.

Fixes: https://pagure.io/freeipa/issue/9207
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-07-26 12:36:41 -04:00
Stanislav Levin
dd094e3889 ap: Disable azure's security daemon
This daemon run clamav which is resource aggressive.
No point to run Windows virus scanner on Ubuntu in Linux-only
environment.

Fixes: https://pagure.io/freeipa/issue/9207
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-07-26 12:36:41 -04:00
Stanislav Levin
0e8bde3175 ap: Raise dbus timeout
With some recent changes on Azure Agent the default DBus call
timeout is not good enough. For example, in case of
`InstallDNSSECFirst_1_to_5` job hostnamectl received reply in ~20sec,
but later it increased to ~30sec (more subjobs - more time to reply).
It's good to raise this timeout to be more protected against minimum
performance times.

https://www.freedesktop.org/software/systemd/man/sd_bus_set_method_call_timeout.html#Description

Fixes: https://pagure.io/freeipa/issue/9207
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-07-26 12:36:41 -04:00
David Pascual
3237ade3d2 ipatests: Checker script for prci definitions
This script allows developers to check if prci definition jobs have the correct format,
which is defined in prci_jobs_spec.yaml
Useful when adding new jobs to the definitions.

Signed-off-by: David Pascual <davherna@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2022-07-15 17:09:17 +02:00
Rob Crittenden
dc73813b8a Warn for permissions with read/write/search/compare and no attrs
An ACI with rights of read, write, search and/or compare without
attributes to apply the rights to is effectively a no-op. Allow
the ACI to be created but include a warning. Ignore the add
and delete rights. While they make no sense in the context of
the other rights we should still warn that they are a no-op
with no attributes.

Use the existing make_aci() object method to create the
message and update the add/mod callers to capture and add the
message to the result if one is provided.

When updating an existing ACI the effective attributes will
not be included so fall back to the attributes in the resulting
permission.

Prior to checking for rights and attributes convert any deprecated
names for older clients into the newer values needed by make_aci

This is exercised by existing xmlrpc permission tests that
create such permissions without attributes.

https://pagure.io/freeipa/issue/9188

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-07-15 16:59:15 +02:00
Armando Neto
436c9d85ee
webui: Do not allow empty pagination size
Pagination size must be required, the current validators are triggered after
form is submitted, thus the only way for check if data is not empty is by making
the field required.

Fixes: https://pagure.io/freeipa/issue/9192

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-07-12 11:38:17 -03:00
Florence Blanc-Renaud
e8d34361c7 ipatests: fix SSSD nightly definition
The nightly test test_external_idp requires a topology
with 2 replicas. Fix the definition in nightly_latest_sssd.

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-07-12 10:15:21 +02:00
Fraser Tweedale
f8da5bfbea install: suggest --skip-mem-check when mem check fails
In the memory check failure message, add a hint to the administrator
that they can use the --skip-mem-check flag to skip the check.

Related: https://pagure.io/freeipa/issue/8404

Signed-off-by: Fraser Tweedale <frase@frase.id.au>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-07-05 14:29:27 +02:00
Fraser Tweedale
cb0ce1bd8b man: add --skip-mem-check to man pages
Document the --skip-mem-check flag in the ipa-server-install(1) and
ipa-replica-install(1) man pages.

Related: https://pagure.io/freeipa/issue/8404

Signed-off-by: Fraser Tweedale <frase@frase.id.au>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-07-05 14:29:27 +02:00
Fraser Tweedale
7a40948d6e BUILD.txt: remove redundant dnf-builddep option
-b and --best are the same option (see dnf(8)).  Remove -b and keep
--best, because --best is more descriptive.

Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-07-05 14:26:52 +02:00
Iker Pedrosa
03e9139504 ipatests: definitions for SSSD COPR nightly
Defined the tests that will be executed for SSSD's COPR nightly.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-07-05 09:46:17 +02:00
Sumedh Sidhaye
2e11247cde Added a check while removing 'cert_dir'. The teardown method is called even if all the tests are skipped since the required PKI version is not present. The teardown is trying to remove a non-existent directory.
Currently the cert_dir attribute is only present if IPA installation was
done. If IPA was not installed the attribute does not exist.
In order that the uninstall code finds the attribute a class attribute
is added.

Pagure Issue: https://pagure.io/freeipa/issue/9179

Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-07-02 18:34:16 +02:00
Rob Crittenden
22d1392a8a Only calculate LDAP password grace when the password is expired
The user's pwd expiration was retrieved but inadvertently was never
compared to current time. So any LDAP bind, including from the
IPA API, counted against the grace period. There is no need to go
through the graceperiod code for non-expired passwords.

https://pagure.io/freeipa/issue/1539

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-06-30 08:34:28 -04:00
Armando Neto
52782b55f5
ipatests: update rawhide template
Python packages updated to include latest `pytest-html`.

Issue: https://github.com/freeipa/freeipa-pr-ci/issues/467

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-06-29 21:24:04 -03:00
Antonio Torres
9819058d73
Bump to IPA 4.11
Signed-off-by: Antonio Torres <antorres@redhat.com>
2022-06-29 17:07:59 +02:00
Antonio Torres
494aac95e1
Update FreeIPA translations to FreeIPA master state
Signed-off-by: Antonio Torres <antorres@redhat.com>
2022-06-29 16:28:57 +02:00
Rob Crittenden
9a97f9b40c Fix test_secure_ajp_connector.py failing with Python 3.6.8
Some of the test data are not expected to cause a rewrite in
the upgrade code. Those that do will set the rewrite flag.

In that case there is a new server.xml to be read. This is
handled with mock_open(). The contents can be retrieved via
mocked_file().write.call_args but the repr() of it is:

call(b'<Server port="1234" shutdown="SHUTDOWN">\n  ...')

In at least Python 3.10 one can use write.call_args.args to get
just the raw data. This does not work with Python 3.6.8 and
returns the string 'args' instead results in a TypeError.

TypeError: a bytes-like object is required, not 'str'

Instead drop the args and use the data directly.

For the case of x = mocked_file().write.call_args:

   x[0] is a tuple with the first element being the data
   x[0][0] is the raw data

So use x[0][0] to get at the data instead of x.args[0]

Fixes: https://pagure.io/freeipa/issue/9190

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-06-23 17:46:57 -04:00
Matthew Davis
6d6b135ffb Add missing parameter to Suse modify_nsswitch_pam_stack
Add missing subid parameter for Suse.

Fixes: https://pagure.io/freeipa/issue/9185
Signed-off-by: Matthew Davis <github@virtual.drop.net>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-06-23 13:06:02 -04:00
Anuja More
ef091c99f8 ipatests: Fix install_master for test_idp.py
For install_master added --no-dnssec-validation.

Fixes: https://pagure.io/freeipa/issue/9189

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-06-23 13:04:05 -04:00
Timo Aaltonen
808ac46ba5 ipaplatform/debian: Drop the path for ldap.so
Named is able to find plugins if they are installed in the plugindir,
so drop the hardcoded path from named.conf.

Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-06-23 13:02:46 -04:00
Timo Aaltonen
92d718dbf8 ipaplatform/debian: Use multiarch path for libsofthsm2.so
The library moved there some years ago, and the compat symlink might go
away at some point. Better prepare for it.

Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-06-23 13:02:46 -04:00
Michal Polovka
d3c11f7627 ipatests: Healthcheck use subject base from IPA not REALM
Test if healthcheck uses cert subject base from IPA and not from
REALM. This prevents false-positive errors when the subject base is
customized.

Related: https://github.com/freeipa/freeipa-healthcheck/issues/253

Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-06-23 13:01:36 -04:00
Anuja More
bd57ff3566 Add end to end integration tests for external IdP
Added tests for HBAC and SUDO rule and other
test scenarios.

Related : https://pagure.io/freeipa/issue/8805
Related: https://pagure.io/freeipa/issue/8803
Related: https://pagure.io/freeipa/issue/8804

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-06-22 20:57:22 +02:00
Anuja More
a80a981948 ipatests: update prci definitions for test_idp.py
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-06-22 20:57:22 +02:00
Florence Blanc-Renaud
3732349bc2 xmlrpc tests: updated expected output for preserved user
Update the expected summary for the command
ipa user-del --preserve

The command now displays: Preserved user: user1
instead of                Deleted user: user1

Related: https://pagure.io/freeipa/issue/9187

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-06-22 20:53:29 +02:00
Florence Blanc-Renaud
cbc18ff8c7 Preserve user: fix the confusing summary
When ipa user-del --preserve is called, the command output
prints a summary with:
    Deleted user: user1
although the user was preserved.
Replace the summary with
    Preserved user: user1
to reflect what was actually done.

Fixes: https://pagure.io/freeipa/issue/9187
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-06-22 20:53:29 +02:00
Armando Neto
b3085b8302
ipatests: update prci template
New box contains the fixed mock configuration needed when
`enable_testing_repo` is True.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2022-06-20 09:09:37 -03:00
Michal Polovka
40b3c11bd0
ipatests: Increase expect timeout for interactive mode
Increase the default timeout for expect function when testing
interactive mode to mitigate an issue when the tests are failing
on the slow systems.

Fixes: https://pagure.io/freeipa/issue/9183

Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2022-06-17 12:18:42 +02:00
Michal Polovka
b2bbf81659
ipatests: Healthcheck should ignore pki errors when CA is not configured
Test if ipa-healthcheck complains about pki.server.healthcheck errors
when CA is not configured on the replica.

Related: https://github.com/freeipa/freeipa-healthcheck/issues/201

Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-06-16 10:47:37 +02:00
Antonio Torres
ca95acc7f8
Update list of contributors
Signed-off-by: Antonio Torres <antorres@redhat.com>
2022-06-15 16:26:55 +02:00