The following test classes were missing in all nightly definitions:
* TestADTrustInstall
* TestADTrustInstallWithDNS_KRA_ADTrust
* TestKRAinstallAfterCertRenew
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
ipa-backup should refuse to execute if the local IPA server does not
have all the roles used in the cluster.
A --disable-role-check knob should also be provided to bypass the
check.
Add an integration test for the new behavior and the knob.
Related: https://pagure.io/freeipa/issue/8217
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
test_fips takes between 45 and ~80 mins to run.
The templates' timeout was 3600s which is too short for
successful execution. 7200s should do.
Fixes: https://pagure.io/freeipa/issue/8247
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
The Hidden replica tests did not test what happened when KRA was
installed on a hidden replica and then other KRAs instantiated from
this original one. Add a test scenario that covers this.
Related: https://pagure.io/freeipa/issue/8240
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Add tests checking the behavior of ipa-adtrust-install when
adding trust agents:
- try calling the remote method trust_enable_agent with
a principal missing the required privilege.
- try adding a trust agent when the remote node is stopped.
The installer must detect that he's not able to run the remote
commands and print a WARNING.
- try adding a trust agent when the remote node is running.
The WARNING must not be printed as the remote configuration is done.
- try adding a trust agent with --enable-compat.
The WARNING must not be printed and the Schema Compatibility plugin
must be enabled (the entries
cn=users/groups,cn=Schema Compatibility,cn=plugins,cn=config
must contain a new attribute schema-compat-lookup-nsswitch
(=user/group).
Thanks to sorlov for the nightly test definitions and new test.
Related: https://pagure.io/freeipa/issue/7600
Co-authored-by: Sergey Orlov <sorlov@redhat.com>
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
Tests for ipa-restore behaviour when dns or adtrust
rpm is missing which is required during ipa-restore
https://pagure.io/freeipa/issue/7630
Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
The test suite test_trust was missing in nightly definitions
because PR-CI was not able to provision multi-AD topology.
Now that PR-CI is updated, we can start executing this test suite.
It is not reasonable to add it to gating as this suite is
time consuming like other tests requiring provisioning of AD instances.
Signed-off-by: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Added changes in topology for test_sssd.py
As in test it needs client also.
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
These new images have SELinux enabled in permissive mode. After
this all tests skipped because SELinux was disabled will be
executed again.
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Use a consistent way to label the tests. As a result, replace external_ca_1 with test_external_ca_TestExternalCA and external_ca_2 with test_external_ca_TestSelfExternalSelf to better reflect which subtest is executed.
Issue : freeipa/freeipa-pr-ci#336
Signed-off-by: Gaurav Talreja <gtalreja@redhat.com>
Reviewed-By: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
The test suite test_winsyncmigrate was missing in nightly definitions
because CI was lacking configuration needed for establishing winsync
agreement: the Certificate Authority needs to be configured on
Windows AD instance. Now that PR-CI is updated to include said changes, we
can start executing this test suite. It is not reasonable to add it to
gating as this suite is time consuming just like other tests requiring
provisioning of AD instances.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
temp_commit.yaml among others have wrong indentation:
expected 4 but found 3.
Fix indentation.
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
Add integration tests to verify HOTP, TOTP, service with OTP auth
indicator, and OTP token sync.
Related: https://pagure.io/freeipa/issue/7804
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
The ipaserver template triggers the installation of IPA server
before the tests are launched and should not be used for
test_integration tests
Switch to master_1repl template.
Related: https://pagure.io/freeipa/issue/8001
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This also exercises the Authentication Indicator Kerberos ticket
policy options by testing a specific indicator type.
Related: https://pagure.io/freeipa/issue/8001
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Commands like ipa group-add-member-manager now show permission
errors on failed operations.
Fixes: https://pagure.io/freeipa/issue/8122
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Commit cd887a48b5 did that for gating,
this commit bumps the version for the remaining definitions.
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Based on userspace FIPS mode by Ondrej Moris.
Userspace FIPS mode fakes a Kernel in FIPS enforcing mode. User space
programs behave like the Kernel was booted in FIPS enforcing mode. Kernel
space code still runs in standard mode.
Fixes: https://pagure.io/freeipa/issue/8118
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Fedora 31 is the latest release, Fedora 30 is now the previous release.
New template boxes were built for current tests definitions with
updated dependencies.
Boxes were generated after https://github.com/freeipa/freeipa-pr-ci/pull/321
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Replacing `fedora-30` with `fedora-latest` and `fedora-29` with `fedora-previous` will
reduce the changes required for new releases of Fedora.
Future changes would only require to update the name and version of the template used.
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
