test_ipap11helper no longer changes directory for the entire test suite.
The fix revealed a bug in another test suite. test_secrets now uses a
proper temporary directory.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Completely remove ipaserver/install/ntpinstance.py
This is no longer needed as chrony client configuration
is now handled in ipa-client-install.
Part of ipclient/install/client.py related to ntp configuration
has been refactored a bit to not lookup for srv records
and/or run chrony if not necessary.
Addresses: https://pagure.io/freeipa/issue/7024
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
These tests are all skipped if there is no YAML configuration
file passed but the teardown method is always called and since
there is a reference to the Config object this blows up if just
ipa-run-tests is executed.
Look at the config and break out if no domains are set.
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
AD related tests, which aren't require all set of AD machines
were skipped with error msg: Not enough resources configured.
Changed hard coded number of AD machines to use.
Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
Add close_all_dialogs(),change assert_last_dialog_details() method
to assert_last_error_dialog() to make it more generic and tweak
add_record() method to skip asserts so we can assert later.
We are also changing assert_record_value() to accept list of values
and adding select_multiple_records().
https://pagure.io/freeipa/issue/7463
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
test_topology_updated_on_replica_install_remove from the beginning used
invalid sequence of commands for removing a replica.
Proper order is:
master$ ipa server-del $REPLICA
replica$ ipa-server-install --uninstall
Alternatively usage of `ipa-replica-manage del $replica` instead of
`ipa server-del $replica` is possible. In essence ipa-replica-manage
calls the server-del command.
At some point there was a plan to achieve uninstalation only through
`ipa-server-install --uninstall` but that was never achieved to this
date.
This change also removes the ugly wrapper which makes test collection
fail if no environment config is provided (i.e. replicas cannot be
indexed).
$ pytest --collect-test ipatests/test_integration
https://pagure.io/freeipa/issue/6250
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
ctypes.util.find_library() is costly and slows down startup of ipa CLI.
ipaplatform.redhat.tasks now defers loading of librpm until its needed.
CFFI has been replaced with ctypes, too.
See: https://pagure.io/freeipa/issue/6851
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
test_ipauser_authentication is failing with error: "Confidentiality required"
Password operation must be performed over a secure connection
To start TLS encryption added -ZZ option, in order to be connection successful
https://pagure.io/freeipa/issue/7470
Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
The installer now checks that port 8080 is available and not in use by
any other application.
The port checker has been rewritten to use bind() rather than just
checking if a server responds on localhost. It's much more reliable and
detects more problems.
Original patch by m3gat0nn4ge.
Co-authored-by: Mega Tonnage <m3gat0nn4ge@gmail.com>
Fixes: https://pagure.io/freeipa/issue/7415
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
The pki debug log has its name in this format: debug.<date>.log. This commit
changes the code to use this format, fixing the test.
Unfortunately, it's not possible to use some kind of regex (like debug.*.log)
to get the file, because python multihost gets the path and tries to open
(using the "open" python function) the file with that.
https://pagure.io/freeipa/issue/7095
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
When installing ipa in interactive mode, it's necessary to provide the
hostname. This will make the test pass.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
test_host.py::test_host::test_crud fails in nightly tests in delete record
step.
It started to fail probably after commit 4295df17a4
which changed host-add behavior into showing a warning message about DNS resolution
instead of raising an error. This warning notification stays displayed for some
time, as all longer, notifications. By being open it takes some area on the page.
Given that webui tests proceeds quicker than a user, the notification can
cover some elements.
The test fails because web driver cannot click on an element which is covered
by the notification. In this case, it cannot open a deleter dialog.
So the fix is to close the notification(s). This is OK since a user would do
it as well if it was in a way.
This kind of issue is harder to reproduce when testing locally because
most people uses screen resolution 1920x1200 or full HD. PR-CI uses
1400x1200 for web ui testing.
/usr/bin/Xvfb $DISPLAY -ac -noreset -screen 0 1400x1200x8
So alternative fix would be to change resolution used by the PR-CI. Combination
of both could be the best.
https://pagure.io/freeipa/issue/7468
Reviewed-By: Felipe Volpone <fbarreto@redhat.com>
Commit aee0d2180c adds an upgrade step
that adds system crypto policy include to named.conf. This step
omitted the named.conf existence check; upgrade fails when it does
not exist. Add the existence check.
Also update the test to add the IPA-related part of the named.conf
config, because the "existence check" actually does more than just
check that the file exists - it also check that it contains the IPA
bind-dyndb-ldap configuration section.
Part of: https://pagure.io/freeipa/issue/4853
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Added test for negative (invalid) names
Added test for add/add another/add and edit/cancel buttons
Added test for duplicate records
https://pagure.io/freeipa/issue/7458
Signed-off-by: Pavel Picka <ppicka@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Run ipa-get/rmkeytab command on UI host in order to test whether
we have the key un/provisioned.
https://pagure.io/freeipa/issue/7441
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Move strict "search_btn" element finding to later so we
do not fail when using combobox without search button.
Also switch open_btn.click() before fill_textbox() as it
is used to close the selection.
https://pagure.io/freeipa/issue/7441
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Add "confirm_btn" to cancel dialog and if "None" return
for confirmation with "Enter" key.
https://pagure.io/freeipa/issue/7441
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Run shell command on the UI system using "admin"
user's passwd from conf.
https://pagure.io/freeipa/issue/7441
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Add assert_notification() function to check whether
we have a notification of particular type/
https://pagure.io/freeipa/issue/7441
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Add add_host() support func into test_service to
create temp hosts.
https://pagure.io/freeipa/issue/7441
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
change get_http_pkey() function to more generic one in
order to get pkey for different services
https://pagure.io/freeipa/issue/7441
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
pytest removed copy() method from its Namespace class. Use the copy
module to make a copy of early options.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Second check in test is failing, because it accepts default installer's values of domain, which is already used for lab machines.
IPA DNS domain must not exist before the installation, fix is to provide domain name derived from vm name.
Reviewed-By: Alexey Slaykovsky <alexey@slaykovsky.com>
The AdminTool class purports to "call sys.exit() with the return
value" but most of the run implementations returned no value, or
the methods they called returned nothing so there was nothing to
return, so this was a no-op.
The fix is to capture and bubble up the return values which will
return 1 if any exceptions are caught.
This potentially affects other users in that when executing the
steps of an installer or uninstaller the highest return code
will be the exit value of that installer.
Don't use the Continuous class because it doesn't add any
value and makes catching the exceptions more difficult.
https://pagure.io/freeipa/issue/7330
Signed-off-by: Rob Crittenden rcritten@redhat.com
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
On Travis CI, the DNS update in test case test_create_host_with_ip may fail
with different error messages. Relax the error message check and just
check that the test case is hitting a DNS update failure.
This fixes a flaky test case on CI.
Closes: https://pagure.io/freeipa/issue/7447
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Some fast tests depend on an api.env with realm, domain, and host. On
machines without ~/.ipa/default.conf, the settings are not available.
Provide dummy values to make tests pass.
Closes: https://pagure.io/freeipa/issue/7432
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
After commit bbe615e12c278f9cddaeb38e80b970bf14d9b32d, if the uninstall
process fails (in the test cleanup) the error is not hidden anymore.
That brought light to errors in the cleanup process on
TestReplicaInstall test, like this:
```
RUN ['ipa-server-install', '--uninstall', '-U']
ipapython.admintool: ERROR Server removal aborted:
Replication topology in suffix 'domain' is disconnected:
Topology does not allow server master.ipa.test to replicate with servers:
replica0.ipa.test.
ipapython.admintool: ERROR The ipa-server-install command failed
```
This commit changes the order of how a replica should be removed from
the topology.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
While testing on RHEL we are getting IOError instead of OSError.
Add also IOError to except clause.
This is mostly for compatibility reasons however should not cause
any issue as IOError is alias for OSError on Python3.
https://pagure.io/freeipa/issue/7439
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
test to verify that replica is able to sign a certificate with
new sub CA.
https://pagure.io/freeipa/issue/7387
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Overide trust method test_establish_trust_with_posix_attributes to test_establish_trust.
Windows Server 2016 doesn't have support for MFU/NIS, so autodetection is not working
https://pagure.io/freeipa/issue/7313
Reviewed-By: Alexander Koksharov <akokshar@redhat.com>
After commits 8960141 and 97942a7 we do not need to run
ipa-certupdate command anymore when switching to ca-full.
This patch removes the above mentioned commands in order to
properly test the scenario.
https://pagure.io/freeipa/issue/7309
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
When ipa host-add --random is unable to add a reverse record (for instance
because the server does not manage any reverse zone), the command
adds the host but exits (return code=1) with an error without actually
outputing the random password generated.
With this fix, the behavior is modified. The commands succeeds (return code=0)
but prints a warning.
This commit also adds a unit test.
https://pagure.io/freeipa/issue/7374
Reviewed-By: Christian Heimes <cheimes@redhat.com>
CertDB no longer makes any assumptions about the default db type of a NSS
DB. Instead it let's certutil decide when dbtype is set to 'auto'. This
makes it much easier to support F27 and F28 from a single code base.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
- Refactor CertDB to look up values from its NSSDatabase.
- Add run_modutil() helpers to support sql format. modutil does not
auto-detect the NSSDB format.
- Add migration helpers to CertDB.
- Add explicit DB format to NSSCertificateDatabase stanza
- Restore SELinux context when migrating NSSDB.
- Add some debugging and sanity checks to httpinstance.
The actual database format is still dbm. Certmonger on Fedora 27 does
neither auto-detect DB format nor support SQL out of the box.
https://pagure.io/freeipa/issue/7354
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
When setting a value using set_directive() look for a commented-out
version of the directive and add the new value immediately after
that to keep the proper context.
Related: https://pagure.io/freeipa/issue/3757
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Mocked tests require the mock package for Python 2.7. Python 3 has
unittest.mock in the standard library.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Realm domains commands produce big fat warnings about DNS state/checks.
Given the length of these warnings, they stay displayed for longer time.
As Web UI automated tests progresses quickly more of the warnings can
be displayed at the same time and thus taking a lot of space and thus
covering UI needed for next test step.
By closing the notifications before next action we make sure that test
won't fail because notification covered the required UI.
Reviewed-By: Petr Cech <pcech@redhat.com>
Try adding and deleting with "Check DNS" (in html 'ok' button)
DNS check expects that the added domain will have DNS record:
TXT _kerberos.$domain "$REALM"
When a new domain is added using dnszone-add it automatically adds
this TXT record and adds a realm domain. So in order to test without
external DNS we must get into state where realm domain is not added
(in order to add it) but DNS domain with the TXT record exists.
Reviewed-By: Petr Cech <pcech@redhat.com>
In case of an error, ipapython.ipautil.run() now raises an exception that
contains the error message of the failed command. Before the exception
only contained the command and error code.
The command is no longer collapsed into one string. The error message
and logging output contains the actual command and arguments with intact
quoting.
Example:
CalledProcessError(Command ['/usr/bin/python3', '-c', 'import sys; sys.exit(" ".join(("error", "XXXXXXXX")))'] returned non-zero exit status 1: 'error XXXXXXXX\n')
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
The ACI needed for staged users and deleted users were granted
only to the uid=admin user. They should rather be granted to
cn=admins group, to make sure that all members of the admins
group are able to call the command ipa user-del --preserve.
This commit also adds integration test for non-regression.
https://pagure.io/freeipa/issue/7342
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
The approach ActionChains.move_to_element no longer works as said here [1],
so, it's necessary to change it to the new one. This means, running a
javascript script to move the page to where the element is.
There are more details in the link [1], but in summary the w3c spec is
not obvious if a click should scroll the page to the element or not.
In one hand Chrome and Edge does that, but Firefox don't. As we use
Firefox to run the tests, we need the workaround.
[1] https://github.com/mozilla/geckodriver/issues/776
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
When filling the combo box (the gidnumber) in the dialog to create a new
user, the Add button was also clicked; closing the dialog. The wait
makes it to not click.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
