Commit Graph

12506 Commits

Author SHA1 Message Date
Rob Crittenden
2064c72bfb Fix uninstallation test, use different method to stop dirsrv
The API may not be initialized so using ds.is_running() may fail.
Call systemctl directly to ensure the dirsrv instance is stopped.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Michal Reznik <mreznik@redhat.com>
2018-09-21 10:21:14 +02:00
Rob Crittenden
e3820682c7 Try to resolve the name passed into the password reader to a file
Rather than comparing the value passed in by Apache to a
hostname value just see if there is a file of that name in
/var/lib/ipa/passwds.

Use realpath to see if path information was passed in as one of
the options so that someone can't try to return random files from
the filesystem.

https://pagure.io/freeipa/issue/7528

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-19 11:42:49 -04:00
Serhii Tsymbaliuk
d020fc49a6 Change Web UI tests setup flow
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
46eb9a38f0 Fix UI_driver.has_class exception. Handle situation when element has no class attribute
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
1affddaabe Increase some timeouts in Web UI tests
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
970af640ee Remove unnecessary session clearing in some Web UI tests
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
93eafaec1a Add cookies clearing for all Web UI tests
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
b58bc75023 Generate CSR for test_host::test_certificates (Web UI test)
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
2b739701e3 Add SAN extension for CSR generation in test_cert (Web UI tests)
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
41258d81b5 Fix unpermitted user session in test_selfservice (Web UI test)
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
685cef554b Fix test_user::test_login_without_username (Web UI test)
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
1f04c481e3 Use random realmdomains in test_webui/test_realmdomains.py
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
d582484bea Fix test_realmdomains::test_add_single_labeled_domain (Web UI test)
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
1212402a61 Increase request timeout for WebUI tests
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
95928f624f Use random IPs and domains in test_webui/test_host.py
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Serhii Tsymbaliuk
2b3fd70156 Fix hardcoded CSR in test_webui/test_cert.py
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-09-19 13:32:51 +02:00
Florence Blanc-Renaud
1a7e4b0ec1 tests: add test for uninstall with incomplete sysrestore.state
Add a test that performs client uninstallation when sysrestore.state
contains the header for the [authselect] section but does not
contain a value for profile and features.

Related to https://pagure.io/freeipa/issue/7657

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-09-19 10:18:45 +02:00
Florence Blanc-Renaud
d0173c9548 authselect: harden uninstallation of ipa client
When ipa client is uninstalled, the content of sysrestore.state
is read to restore the previous authselect profile and features.
The code should properly handle the case where sysrestore.state
contains the header for the authselect section, but the key=value
for profile and features are missing.

Fixes https://pagure.io/freeipa/issue/7657

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-09-19 10:18:45 +02:00
Florence Blanc-Renaud
7729bb73b4 ipa-advise: configure pam_cert_auth=True for smart card on client
ipa-advise config-client-for-smart-card-auth is now using authselect
instead of authconfig, but authselect enable-feature with-smartcard
does not set pam_cert_auth=True in /etc/sssd/sssd.conf.
As a result, smart card auth on a client fails.
The fix adds a step in ipa-advise to configure pam_cert_auth=True.

The fix also forces the use of python3 interpreter, and handles
newer versions of SSSD which use OpenSSL instead of NSS (the trusted
CA certs must be put into /etc/sssd/pki/sssd_auth_ca_db.pem

Fixes https://pagure.io/freeipa/issue/7532

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-09-19 10:13:15 +02:00
Stanislav Levin
3e1a4a1d05 Add title to remove dialog of 'Trusts' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
291ea453b8 Add title to remove dialog of 'Topology' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
1f391b7c3c Add title to remove dialog of 'ID Ranges' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
855e138a66 Add title to remove dialog of 'RBAC' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
d5979fb24f Add title to remove dialog of 'DNS' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
a863cec392 Add title to remove dialog of 'Automount Locations' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
dcd9034332 Add title to remove dialog of 'Certificate Identity Mapping Rules' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
36bfd1f802 Add title to remove dialog of 'RADIUS Servers' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
93eebdb581 Add title to remove dialog of 'OTP Tokens' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
dfd22e7497 Add title to remove dialog of 'Certificates' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
8d13d4efca Add title to remove dialog of 'Password Policies' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
772e096de0 Add title to remove dialog of 'SELinux User Maps' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
b5073e9670 Add title to remove dialog of 'Sudo' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
460186806b Add title to remove dialog of 'HBAC' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
2d9cdd924d Add title to remove dialog of 'Automember' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
d23376f54f Add title to remove dialog of 'ID Views' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
d06f4984be Add title to remove dialog of 'Groups' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
3c26a3b850 Add title to remove dialog of 'Services' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
3921210d46 Add title to remove dialog of 'Hosts' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
5eea5354ca Add title to remove dialog of 'Users' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Stanislav Levin
09750589f5 Drop concatenated title of remove dialog
As for now the default title of remove dialogs is set to
'Remove ${entity}', where 'entity' is also translatable text.
This construction is used via method 'create_remove_dialog'
of Search facet for the all association 'Delete' actions of
entities.

The such concatenation leads to a bad quality translation and
should be changed to an entire sentence.

From now a mentioned title is taken from a spec and should be
specified explicitly.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-18 13:51:51 +02:00
Rob Crittenden
c6b3cf6dd7 Advise plugin for enabling sudo for members of the admins group
Create HBAC and a sudo rule for allowing members of the admins
group to run sudo on all enrolled hosts.

https://pagure.io/freeipa/issue/7538

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-09-12 10:43:06 -04:00
Thomas Woerner
b689ba7e10 Remove DL0 specific code from ipatests/test_integration/test_caless.py
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-12 13:11:21 +02:00
Thomas Woerner
7eb8695e84 Remove DL0 specific code from ipatests/pytest_ipa/integration/tasks.py
The functions get_replica_filename and replica_prepare are not needed anymore
with the DL0 removal. The DL0 specific code has been removed from the
functions install_replica, install_kra and install_ca.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-12 13:11:21 +02:00
Thomas Woerner
fca1167af4 Remove DL0 specific tests from ipatests/test_integration/test_replica_promotion.py
These tests have been skipped already before. Therefore they can be removed.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-12 13:11:21 +02:00
Thomas Woerner
374138d030 Remove replica_file knob from ipalib/install/service.py
The replica_file option is not needed anymore. Threfore the option can
be removed.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-12 13:11:21 +02:00
Thomas Woerner
2f50d249f8 Remove replica_file from ClientInstall class in ipaclient/install/client.py
There is no need to set replica_file to None for client installations.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-12 13:11:21 +02:00
Thomas Woerner
fbe003f57c Remove options.promote from install in ipaserver/install/server/install
There is no need to set options.promote to false anymore for a server
installation in the install function.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-12 13:11:21 +02:00
Thomas Woerner
842cb5f267 Rename CustodiaModes.STANDALONE to CustodiaModes.FIRST_MASTER
This is related to the DL0 code removal. FIRST_MASTER describes this
mode a lot better.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-12 13:11:21 +02:00
Thomas Woerner
15bf647e48 Remove DL0 specific code from custodiainstance in ipaserver/install
iWithout DL0 support the custodia mode can be used to determine if a
server or replica will be installed. Therefore the use of config.promote
can be removed.

A new check has been added to make sure the mode known in
get_custodia_instance.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-12 13:11:21 +02:00
Thomas Woerner
a42a711394 Remove create_replica_config from installutils in ipaserver/install
This function is used to load the replica file. Without DL0 support this
is not needed at all anymore.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-12 13:11:21 +02:00