Commit Graph

2351 Commits

Author SHA1 Message Date
Stanislav Levin
3597ab9bac ipatests: healthcheck: Update IPAHostKeytab assumptions
As of 0.9 freeipa-healthcheck requires running `dirsrv` service
for `IPAHostKeytab` check. So, previous assumption about the
triggering the GSSAPI error no longer works. For example, this can
be achieved by deletion of host's keytab.

Fixes: https://pagure.io/freeipa/issue/8889
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-06-23 13:16:01 -04:00
Sudhir Menon
0c2530efe5 ipatests: Test to check that ResponseNotReady error is not displayed when user session cache is deleted
Pagure: https://pagure.io/freeipa/issue/7752

Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2021-06-22 16:42:14 +02:00
Armando Neto
c14d52f436 ipatests: Bump PR-CI rawhide template
Update system's Python to 3.10

Issue: https://github.com/freeipa/freeipa-pr-ci/issues/435

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2021-06-21 18:58:59 +02:00
Mohammad Rizwan
16057898af ipatest: Test ipa-cert-fix fails when startup directive is missing from CS.cfg
This test checks that if 'selftests.container.order.startup' directive
is missing from CS.cfg, ipa-cert-fix fails and throw proper error
message. It also checks that underlying command 'pki-server cert-fix'
should fail to renew the cert.

related: https://pagure.io/freeipa/issue/8721

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-06-18 10:49:07 -04:00
Antonio Torres
3e77d3132f ipatests: test host update using shortname
Add test to ensure that host-mod resolves the FQDN when passing the
shortname of the host being modified.

Related: https://pagure.io/freeipa/issue/8726
Related: https://pagure.io/freeipa/issue/8884
Signed-off-by: Antonio Torres <antorres@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-06-18 10:46:29 -04:00
Florence Blanc-Renaud
0faddc9180 ipatests: use non-ascii chars in CA-less install
The CA-less installation creates an external CA with the
subject CN=CA,O=Example Organization.
In order to test non-ascii subjects, use
CN=CA,O=Example Organization España
instead.

Related: https://pagure.io/freeipa/issue/8880
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2021-06-16 11:25:08 -04:00
Christian Heimes
e6f09c1b5f Also drop Custodia client and forwarder
See: https://pagure.io/freeipa/issue/8882
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-06-16 10:28:17 -04:00
Christian Heimes
470bb6ed45 Add Custodia tests
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-06-16 10:28:17 -04:00
Rob Crittenden
6434968a7c When loading certificates verify that it is X.509 v3
Simple version enforcement. A v1 certificate won't have the
extensions that are assumed available later during the validation
process.

https://pagure.io/freeipa/issue/8817

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-14 15:19:42 -04:00
Sergey Orlov
accc27e663 ipatests: disable test_nfs.py::TestNFS in nightly runs on Fedora 33
Also disable in Fedora 33 as it also has the faulty version of sssd
which produces multi-gigabyte log file

Related to https://pagure.io/freeipa/issue/8877

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2021-06-10 20:56:46 +02:00
Sergey Orlov
bcb8d4d4a6 ipatests: temporary disable execution of test_nfs.py::TestNFS in nightly runs
During test run on Fedora 34 and 35 sssd produces multi-gigabyte log file
which causes test runners to run out of disk space.

Related to https://pagure.io/freeipa/issue/8877

Reviewed-By: Francois Cami <fcami@redhat.com>
2021-06-08 15:10:08 -04:00
Florence Blanc-Renaud
6f49cc0656 ipatests: delete the replica before uninstallation
The test
test_installation.py::TestInstallWithCA1::test_install_with_bad_ldap_conf
is uninstalling a replica by calling ipa-server-install --uninstall
directly, instead of deleting the replica first.

Use tasks.uninstall_replica instead of tasks.uninstall_master
to perform a proper uninstallation.

Fixes: https://pagure.io/freeipa/issue/8876
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-06-08 08:36:09 +02:00
Florence Blanc-Renaud
5c83ec06fa ipatests: set selinux context for fips mode
In order to test FIPS mode, the test is faking a user-space
FIPS environment by creating a file /var/tmp/userspace-fips
and bind-mounting this file as /proc/sys/crypto/fips_enabled

The security context needs to be properly set otherwise
/proc/sys/crypto/fips_enabled inherits the security context
unconfined_u:object_r:user_tmp_t:s0 and cannot be read,
resulting in the test seeing fips_mode=false.

Fixes: https://pagure.io/freeipa/issue/8868
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-06-07 16:33:15 -04:00
Armando Neto
ba5b9c565d ipatests: Bump PR-CI boxes
Update Fedora 34 and 33 boxes to include new packages

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2021-06-04 08:51:01 +03:00
Serhii Tsymbaliuk
d8b8f54bce WebUI tests: Add test for 'ipaautoprivategroups' field on 'ID Ranges' page
Add test_range_auto_private_groups test case to test_trust WebUI test suite to cover the field.

Ticket: https://pagure.io/freeipa/issue/8837

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2021-06-03 14:55:56 +02:00
Stanislav Levin
c82ed2eb33 ipatests: Fetch sudo rules without time offset
As of 2.5.0 SSSD introduces a random timeout for the refresh
of the SUDO rules [0]. With that change it's no longer possible
to immediate fetch of SUDO rules unless the feature is disabled
[1].

[0]: https://github.com/SSSD/sssd/issues/5609
[1]: https://github.com/SSSD/sssd/issues/5635

Related: https://pagure.io/freeipa/issue/8844
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-03 09:21:45 +03:00
Alexander Bokovoy
b4b2c10e23 ds: Support renaming of a replication plugin in 389-ds
IPA topology plugin depends on the replication plugin but
389-ds cannot handle older alias querying in the plugin
configuration with 'nsslapd-plugin-depends-on-named: ..' attribute

See https://github.com/389ds/389-ds-base/issues/4786 for details

Fixes: https://pagure.io/freeipa/issue/8799

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2021-06-01 17:09:28 +03:00
Stanislav Levin
10461b7091 azure: Make it possible to adjust Docker resources per test env
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
6c2db326f8 azure: coredump: Wait for systemd fully booted
Otherwise, 'Check for coredumps' task fails with:
```
Verifying        : samba-debugsource-2:4.14.4-0.fc34.x86_64             20/20
[Errno 2] No such file or directory: '/var/lib/dnf/rpmdb_lock.pid'
Finishing: Check for coredumps
```

This is due to systemd-tmpfiles(not ready yet).

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
01553572d4 azure: Re-balance tests envs
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
a893852b4f azure: Warn about extra and missing gating tests compared to PR-CI
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
26ee44bcfd ipatests: dnssec: Add alternative approach for checking chain of trust
drill is currently broken on F34. Fortunately, there are another
tools for checking DNSSEC trust. One of them is `delv`:

> delv is a tool for sending DNS queries and validating the results,
using the same internal resolver and validator logic as named.

delv sends to a specified name server all queries needed to fetch and
validate the requested data; this includes the original requested query,
subsequent queries to follow CNAME or DNAME chains, queries for DNSKEY,
and DS records to establish a chain of trust for DNSSEC validation. It
does not perform iterative resolution, but simulates the behavior of a
name server configured for DNSSEC validating and forwarding.

Related: https://pagure.io/freeipa/issue/8793
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
611b49e42b azure: Collect installed packages
The list of installed packages may be useful for checking the
versions of packages for analysis. Previously, only the newly
installed packages can be observed on Build phase.

This is convenient for experienced users of PR-CI.

Note: the read-only access provided for non-master containers
to be able to execute Azure scripts. The logs are still collected
only on controller.

Only RPM-based collection is implemented for Fedora. By default
nothing is collected.

Users may want to override `installed_packages` function
in the corresponding `ipatests/azure/scripts/variables-DISTRO.sh`.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
4a4c078b80 ipatests: Suppress list trust or certificates
There are tons of useless information in test's runner log on
server uninstallation about list trust and certificates, such
as:

```
RUN ['trust', 'list']
pkcs11:id=%D2%87%B4%E3%DF%37%27%93%55%F6%56%EA%81%E5%36%CC%8C%1E%3F%BD;type=cert
    type: certificate
    label: ACCVRAIZ1
    trust: anchor
    category: authority

pkcs11:id=%F7%7D%C5%FD%C4%E8%9A%1B%77%64%A7%F5%1D%A0%CC%BF%87%60%9A%6D;type=cert
    type: certificate
    label: AC RAIZ FNMT-RCM
    trust: anchor
    category: authority

pkcs11:id=%52%D8%88%3A%C8%9F%78%66%ED%89%F3%7B%38%70%94%C9%02%02%36%D0;type=cert
    type: certificate
    label: Actalis Authentication Root CA
    trust: anchor
    category: authority

...

```

This improves the readability of test logs.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
afef09ccba ipatests: Ignore warnings on failed to read files on tarring
There are tons of useless warnings about missing files on collecting
logs, such as:

```
tar: /var/log/ipaserver-kra-install.log: Warning: Cannot stat: No such file or directory
tar: /var/log/ipaepn.log: Warning: Cannot stat: No such file or directory
tar: /etc/NetworkManager/NetworkManager.conf: Warning: Cannot stat: No such file or directory
tar: /var/log/ipabackup.log: Warning: Cannot stat: No such file or directory
tar: /var/log/iparestore.log: Warning: Cannot stat: No such file or directory
...

```

Since `--ignore-failed-read` option is passed to tar the caller
doesn't care about not readable(mostly missing) files and these warnings
may be filtered out.

This improves the readability of test logs.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
3889d8654a pytest: Show extra summary information for all except passed tests
By default pytest reports in summary section about tests failures and errors.
It will be helpful to see skipped, xfailed and xpassed tests.

Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
cc72a988d6 ipatests: Handle network-isolated mode
Since the dns plugin's tests have no access to wild resolvers
nobody answer such requests but authoritative NS.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
fc0c6b44a8 azure: Run Base and XMLRPC tests is isolated network
The tests in these envs make DNS requests to wild(internet) NSs,
though usually tests assume the opposite making requests to
`test.` zone. This makes CI unstable and dependent on wild
resolvers and logically wrong.

In future there can be tests which may want to check BIND as
resolver(cache) for external networks. In this case such tests
should be placed on not isolated mode.

By default, a test env is not isolated from internet(as it was
before), but it may be a good idea to change this default in
future.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
65700bf743 ipatests: Setup and collect BIND logs
For Base/XMLRPC tests BIND's logs are already collected.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
07c423afd5 BIND: Setup logging
- allow BIND's logging customization
- preconfig logging with ISC recommendations:
  https://kb.isc.org/docs/aa-01526

Fixes: https://pagure.io/freeipa/issue/8856
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
b5fdba7a72 azure: Warn about memory issues
The nonzero number of memory/memory+Swap usage hits limits may
indicate the possible env instability(crashes, random failures, etc.).

> memory.failcnt		 # show the number of memory usage hits limits
  memory.memsw.failcnt		 # show the number of memory+Swap hits limits

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
9148ca2e1e azure: Add workaround for PhantomJS against OpenSSL 1.1.1
WebUI unit tests fail with:
```
PhantomJS threw an error:ERROR
>> Auto configuration failed 0 [
>>   'Auto configuration failed',
>>   '140613066520384:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(libssl_conf.so): libssl_conf.so: cannot open shared object file: No such file or directory',
>>   '140613066520384:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:',
>>   '140613066520384:error:0E07506E:configuration file routines:MODULE_LOAD_DSO:error loading dso:conf_mod.c:285:module=ssl_conf, path=ssl_conf',
>>   '140613066520384:error:0E076071:configuration file routines:MODULE_RUN:unknown module name:conf_mod.c:222:module=ssl_conf'
>> ]
...

Warning: PhantomJS exited unexpectedly with exit code 1. Use --force to continue.

Aborted due to warnings.
```

See https://github.com/wch/webshot/pull/93 for details.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
1aff24e891 ipatests: Update expectations for test_detect_container
Since a4a9a6f7c6
systemd improves the detection of Docker and Podman containers based
on the presence of files-markers.

```console
[slev@test systemd]$ git describe --contains --tags a4a9a6f7c6e9cd9e219c56d08434a04bc2f395ff
v248-rc1~155^2~1
```

Note: on Azure unit tests are run as non-privileged user in non-systemd
inited container.

This worked on F32 because:
```console
[root@6d2aad38f62c /]# rpm -q systemd
systemd-245.9-1.fc32.x86_64
```
So, actual comparison in test was `assert None == None`.

But F34 has:
```console
[root@1ff1325f5a61 /]# rpm -q systemd
systemd-248-2.fc34.x86_64
```
So, the test's expectations should be updated.
Unfortunately, this is incompatible with older versions of systemd
(< v248).

See https://github.com/systemd/systemd/pull/17902 for details.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
06d7c7f1d3 azure: Mask systemd-resolved
The initial value of NS of resolv.conf is 127.0.0.11, this
is the embedded NS of docker-compose. The disabling of
this feature is not currently supported by Docker.

On startup systemd-resolved caches the /etc/resolv.conf
(docker-compose version), which is later modified by
setup_containers.py script.

This results in resolving error occurs:
```console
[root@replica1 /]# getent ahosts master1.ipa.test
... can't resolve

[root@replica1 /]# grep 'hosts:' /etc/nsswitch.conf
hosts:      files myhostname resolve [!UNAVAIL=return] dns

[root@replica1 /]# resolvectl status
Global
       LLMNR setting: resolve
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 127.0.0.11
         DNS Servers: 127.0.0.11
Fallback DNS Servers: 1.1.1.1
                      8.8.8.8
                      1.0.0.1
                      8.8.4.4
                      2606:4700:4700::1111
                      2001:4860:4860::8888
                      2606:4700:4700::1001
                      2001:4860:4860::8844
```

According to docs:
https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html#/etc/resolv.conf
our case is 4(managed by other packages).

So, restart of systemd-resolved is enough for its re-initialization,
but not for services that already received DNS results. To speed up
the overall process and to no restart each service which wants
internet connection(or wait until service retries connection)
systemd-resolved is masked.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
7ed21f158c azure: Remove no longer needed repo
libseccomp2 2.5.1 is on focal-updates(Ubuntu 20.04LTS):
https://packages.ubuntu.com/focal-updates/libseccomp2

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
1c82895c20 azure: Wait for systemd booted
The calling of systemd's utils during systemd boot may lead to
unpredictable results. For example, if DBus(dbus-broker) service
is not started then DBus request goes nowhere and eventually will
be timeouted. So, it's safer to wait fully booted system.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
09a4918f03 azure: Enforce multi-user.target as default systemd's target
This may speed up boot process.
For example, 'fedora:34' set graphical.target as default,
while multi-user one will be more appropriate.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
be2f659aa7 azure: Collect systemd boot log
If an error occured while containers setup phase then no logs will
be collected and it is hard(impossible?) to debug such issues on
remote Azure host. With this change in case of such error all the
container's journals will be collected in `systemd_boot_logs`.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Stanislav Levin
6fe8620668 azure: bump F32->F34
Fixes: https://pagure.io/freeipa/issue/8848
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00
Rob Crittenden
4f30130697 ipatests: kinit on server for test_proxycommand_invalid_shell
We've seen some intermittent failures of this test with warnings
about passwords about to expire. We suspect there may be a time
difference between the client and server so set the passwords
on the server instead to be sure that time is correct.

https://pagure.io/freeipa/issue/8785

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2021-05-21 08:52:19 +02:00
Sergey Orlov
47d0ef40c8
ipatests: increase timeout for test_commands up to 1.5 hours
Normally it takes 50 minutes for test_commands test suite
to complete. But due to fluctuations in virtualized environment
sometimes it exceeds 60 minutes which produces random failures
in nightly runs.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-05-13 10:44:36 +03:00
Armando Neto
4484762f62
ipatests: Bump PR-CI templates to Fedora 34
Move 'latest' to Fedora 34 and 'previous' Fedora 33 for nightly runs.
Keep gating on Fedora 33 for now.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2021-05-12 15:21:22 -03:00
Rob Crittenden
8d21df9352 Add a unit test for the LDAP cache layer
This mostly confirms that when an entry is added, modified or
deleted it is expunged from the cache.

https://pagure.io/freeipa/issue/8798

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
2021-05-12 10:45:57 -04:00
Michal Polovka
b8ebce7b18
ipatests: test_installation: add install test scenarios
test_hostname_parameter: Test for issue 2692 ipa-server-install ignores --hostname:
check whether hostname provided in `--hostname` parameter is being taken into account and set as new hostname without prompting for it again

test_ad_subpackage_dependency: Test for issue 4011 ipa-server-install crashes when AD subpackage is not installed:
test if ipa-server installation succeeds without `freeipa-ipa-server-trust-ad` installed

test_backup_of_cs_cfg_should_be_created: Test for issue 4166 Backup CS.cfg before modifying it:
test if ipa-server installer backs up CS.cfg before modifying it

test_installer_wizard_should_prompt_for_DNS: Test for issue 2575 [RFE] Installer wizard should prompt for DNS:
test if installer is asking for DNS setup details if not provided as parameter

Related: https://pagure.io/freeipa/issue/2692
Related: https://pagure.io/freeipa/issue/4011
Related: https://pagure.io/freeipa/issue/4166
Related: https://pagure.io/freeipa/issue/2575

Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-05-06 16:51:18 +02:00
Christian Heimes
6d0d1c7088 Constrain pylint to supported versions
Two, three times a year PR-CI starts failing because tox tests pull in a
newer version of pylint with new warnings. To reduce breakage this
change constraints pylint (and indirectly astroid) to latest tested
minor version. The constraint should be updated when FreeIPA starts to
support a new Fedora version with more recent pylint.

Related: https://pagure.io/freeipa/issue/8818
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-05-03 09:16:14 +02:00
Mohammad Rizwan
d2ca791549 ipatests: Test if ACME renews the issued cert with cerbot
This test is to check if ACME certificate renews upon
reaching expiry

related: https://pagure.io/freeipa/issue/4751

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>

ipatests: remove skipif for minimum pki dependency

Remove skipif from ACME tests as required pki version
updated in freeipa.spec file (pki 10.10.5)

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>

ipatests: move common code to separate method

Move the code from prepare_acme_client, TestACME/test_certbot_register
and TestACME/test_certbot_certonly_standalone to separate method so
that it can be re-used in TestACMERenew.

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2021-04-30 11:02:44 +02:00
Christian Heimes
a297ebbb8a Add max/min safe integer
JSON cannot safely handle integers outside range ``-(2**53) - 1`` to
``(2**53) - 1``. Add constants for safe integers and limit the Int
parameter to safe JSON values.

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/MAX_SAFE_INTEGER

See: https://pagure.io/freeipa/issue/8802
See: https://pagure.io/freeipa/issue/8361
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2021-04-27 13:10:26 -04:00
Stanislav Levin
bdb2696805 pylint: Adapt to new Pylint 2.8
- globally ignore `consider-using-with`
- fix `consider-using-max-builtin`
- explicitly enable pylint on project configuration
- unpin Pylint
- added transformation for IntegrationTest attributes(will work
  unless explicitly defined)

Fixes: https://pagure.io/freeipa/issue/8818
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2021-04-27 13:28:42 +02:00
Michal Polovka
180af784aa
WebUI: Handle assertion if multiple notifications are present
If multiple notifications of the same type are shown at the same
time, assertion works for only the first one. This change enables to
search for notification's content in all shown notifications.

Fixes: https://pagure.io/freeipa/issue/8641

Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2021-04-24 10:20:51 +02:00
Mohammad Rizwan
99e7ad0fd8 ipatests: test to renew certs on replica using ipa-cert-fix
This test checks if ipa-cert-fix renews the certs on replica
after cert renewal on master.

related: https://pagure.io/freeipa/issue/7885

ipatests: refactor expire_cert_critical fixture

Defined method to move the date and refactor
expire_cert_critical fixture using it

ipatests: PEP8 fixes

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-04-22 09:22:46 +02:00