Commit Graph

518 Commits

Author SHA1 Message Date
Martin Babinsky
2624cf2e4c test_backup_restore: do not fail on missing KrbLastSuccessfulAuth
Since FreeIPA 4.5.1 now sets 'Disable last successful auth' option by
default (see https://pagure.io/freeipa/issue/5313), the
'KrbLastSuccessfulAuth' may not always be present on the user entry. The
restored entry checker in backup/restore suite should consider this.

https://pagure.io/freeipa/issue/6956

Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-05-30 13:31:28 +02:00
Michal Reznik
d5e84d7065 test_caless: mark TestCertinstall intermediate CA tests as xfail
mark TestCertinstall intermediate CA tests (http, ds) as xfail
until #6959 is solved

https://pagure.io/freeipa/issue/6959

Signed-off-by: Michal Reznik <mreznik@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-05-19 12:38:54 +02:00
Michal Reznik
f7c4039e41 test_caless: add pkinit option and test it
change "caless-create-pki" so pkinit certificates can be
generated.

See https://web.mit.edu/kerberos/krb5-1.13/doc/admin/pkinit.html for details.

add pkinit option to the ipa installer and test both master and replica
install with pkinit.

https://pagure.io/freeipa/issue/6854

Signed-off-by: Michal Reznik <mreznik@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-05-19 12:38:54 +02:00
Stanislav Laznicka
3d969d7bad Provide useful messages during cert validation
When the certificate validation was replaced, some error messages
were omitted (like "Peer's certificate expired."). Bring these back.

https://pagure.io/freeipa/issue/6945

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2017-05-18 17:32:59 +02:00
Christian Heimes
dd6b72e418 pytest 3.x compatibility
pytest 3.x does no longer support plain pytest.skip() on module level.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-03-27 18:03:14 +02:00
Christian Heimes
24161a6190
Move remaining util functions to tasks module
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
8aadd55c93
Move function run_repeatedly to tasks module
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
8867412adc
Move hosts module to ipatests.pytest_plugins.integration.hosts
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
313ae46b57
Move tasks module to ipatests.pytest_plugins.integration.tasks
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
1406dbc8c2
Move env_config module to ipatests.pytest_plugins.integration.env_config
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
2895e3931d
Move config module to ipatests.pytest_plugins.integration.config
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
fd1b4f6ec9 Add options to run only ipaclient unittests
A new option for ipa-run-tests makes the test runner ignore
subdirectories or skips tests that depend on the ipaserver package or on
a running framework for RPC integration tests. The new option enables
testing of client-only builds.

$ ipatests/ipa-run-tests --ipaclient-unittests
...
platform linux2 -- Python 2.7.13, pytest-2.9.2, py-1.4.32, pluggy-0.3.1
rootdir: /home/heimes/redhat, inifile: tox.ini
plugins: sourceorder-0.5, cov-2.3.0, betamax-0.7.1, multihost-1.1
collected 451 items

test_util.py ........
util.py ..
test_ipaclient/test_csrgen.py ..............ssss...
test_ipalib/test_aci.py ...................
test_ipalib/test_backend.py ........
test_ipalib/test_base.py ...............
test_ipalib/test_capabilities.py .
test_ipalib/test_cli.py ...
test_ipalib/test_config.py ...............
test_ipalib/test_crud.py ...............
test_ipalib/test_errors.py .......
test_ipalib/test_frontend.py ........................................
test_ipalib/test_messages.py ....
test_ipalib/test_output.py ...
test_ipalib/test_parameters.py .............................................................
test_ipalib/test_plugable.py ........
test_ipalib/test_rpc.py ......ssssssss
test_ipalib/test_text.py .............................
test_ipalib/test_x509.py ...
test_ipapython/test_cookie.py ............
test_ipapython/test_dn.py ...........................
test_ipapython/test_ipautil.py ..................................................................
test_ipapython/test_ipavalidate.py ..........
test_ipapython/test_kerberos.py ..............
test_ipapython/test_keyring.py ..........
test_ipapython/test_ssh.py ...............................
test_pkcs10/test_pkcs10.py .....

https://fedorahosted.org/freeipa/ticket/6517

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2017-03-17 15:02:13 +01:00
Stanislav Laznicka
5d3a0e6758 Don't allow standalone KRA uninstalls
KRA uninstallation is very likely to break the user's setup. Don't
allow it at least till we can be safely sure we are able to remove
it in a standalone manner without breaking anything.

https://pagure.io/freeipa/issue/6538

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2017-03-13 16:27:23 +01:00
Martin Basti
25fa2bb6c9 tests: use --setup-kra in tests
This will allow to test --setup-kra option together with
ipa-server-install in install tests

Separate installation using ipa-kra-install is already covered.

https://pagure.io/freeipa/issue/6731

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2017-03-08 15:50:30 +01:00
Martin Babinsky
612ea7f66e Provide basic integration tests for built-in AD trust installer
A couple of tests were added to server/replica install integration
suite to test AD trust install w/ various combinations of other optional
components.

https://fedorahosted.org/freeipa/ticket/6630

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2017-03-01 15:55:45 +01:00
Ganna Kaihorodova
10494b1bb3 Tests: Basic coverage with tree root domain
Extend existing legacy client tests to cover test cases with tree root domain.

https://fedorahosted.org/freeipa/ticket/6489

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2017-03-01 12:29:25 +01:00
Martin Basti
5bd8217423 Test: DNS nsupdate from dns-update-system-records
Get nsupdate data from dns-update-system-records, remove system records
and run nsupdate to verify that all system records were updated

https://fedorahosted.org/freeipa/ticket/6585

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2017-02-15 12:20:55 +01:00
Simo Sorce
d2f5fc304f Configure HTTPD to work via Gss-Proxy
https://fedorahosted.org/freeipa/ticket/4189
https://fedorahosted.org/freeipa/ticket/5959

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2017-02-15 07:13:37 +01:00
Martin Basti
ad1a5551d5 Tests: fix wait_for_replication task
DS changed a format of replication status attribute. Now it is with
prefix "Error (x)" where x is the error code.

Both formats were kept to allow tests run on older and new
versions of DS.

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-02-08 14:15:53 +01:00
Petr Čech
dc99d3c04e ipatests: nested netgroups (intg)
Adds a test case for issue in SSSD that manifested in
an inability to resolve nested membership in netgroups

The test case tests for direct and indirect membership.

https://fedorahosted.org/freeipa/ticket/6439

Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-02-07 11:56:14 +01:00
Ganna Kaihorodova
822a119100 Tests: Add tree root domain role in legacy client tests
Legacy client tests inherits test cases from trust tests, that have
role for tree root domain. That role was missing in legacy client tests.

https://fedorahosted.org/freeipa/ticket/6600

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2017-01-18 16:40:28 +01:00
Petr Spacek
8bc6775122 Remove named-pkcs11 workarounds from DNSSEC tests.
As far as I can tell the tests are passing for some time in Jenkins so
maybe a bug in some underlying component was fixed. Let's remove
workarounds to make tests actually test real setups.

https://fedorahosted.org/freeipa/ticket/5348

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-12-19 13:10:48 +01:00
Oleg Fayans
fad87a9962 Test: uniqueness of certificate renewal master
https://fedorahosted.org/freeipa/ticket/6504

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-12-08 17:26:04 +01:00
Oleg Fayans
503d0929e9 Test: basic kerberos over http functionality
https://fedorahosted.org/freeipa/ticket/6446

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-11-30 16:29:18 +01:00
Oleg Fayans
c7fd46e42a Test: made kinit_admin a returning function
In some cases we need to check the result of kinit and print out the error
message. Therefore we need it to return the result.

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-11-30 16:29:18 +01:00
Christian Heimes
7fef9cbec7 Fix Python 3 bugs discovered by pylint
In Python 3 exception instances no longer have a message attribute.
For most exceptions, str(e) or string formatting give the same result.

Fix some renamed modules, module members and functions.

https://fedorahosted.org/freeipa/ticket/4985

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-25 16:18:22 +01:00
David Kupka
4225484356 tests: Mark 389-ds acceptance tests
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-22 12:54:56 +01:00
David Kupka
3e53bbcc34 tests: Mark Dogtag acceptance tests
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-22 12:54:56 +01:00
Lenka Doudova
4df1d9d1a5 Tests: Providing trust tests with tree root domain
https://fedorahosted.org/freeipa/ticket/6347

Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
2016-11-15 13:34:38 +01:00
Oleg Fayans
232a0391d3 Test for installing rules with service principals
https://fedorahosted.org/freeipa/ticket/6481

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-11-14 18:29:48 +01:00
Oleg Fayans
91c8911a9e Test: integration tests for certs in idoverrides feature
https://fedorahosted.org/freeipa/ticket/6005

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-11-14 18:29:48 +01:00
Oleg Fayans
f1c9c56f40 Added interface to certutil
Added generic method to run certutil with arbitrary set of paramenters

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-11-14 18:29:48 +01:00
Lenka Doudova
3938698e07 Tests: Provide AD cleanup for legacy client tests
Providing cleanup of trust information from AD machines for legacy client tests.

https://fedorahosted.org/freeipa/ticket/6396

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-11-14 14:32:10 +01:00
Lenka Doudova
8a177732af Tests: Provide AD cleanup for trust tests
Providing cleanup of trust information from AD machines for trusts tests.

https://fedorahosted.org/freeipa/ticket/6396

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-11-14 14:32:10 +01:00
Florence Blanc-Renaud
808b1436b4 Refactor installer code requesting certificates
- Temporary modify certmonger dogtag-ipa-ca-renew helper to request the IPA RA
agent cert, using the temp cert created during pkispawn. The cert request
is now processed through certmonger, and the helper arguments are restored
once the agent cert is obtained.

- Modify the installer code creating HTTP and LDAP certificates to use
certmonger's IPA helper with temporary parameters (calling dogtag-submit
instead of ipa-submit)

- Clean-up for the integration tests: sometimes ipa renewal.lock is not
released during ipa-server-uninstall. Make sure that the file is removed
to allow future installations.

https://fedorahosted.org/freeipa/ticket/6433

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2016-11-10 14:15:57 +01:00
Oleg Fayans
dc58f8f2a1 Automated ipa-replica-manage del tests
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-11-10 12:07:24 +01:00
Oleg Fayans
6d812a0d52 tests: Automated clean-ruv subcommand tests
https://fedorahosted.org/freeipa/ticket/6451

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-11-10 12:07:24 +01:00
Lenka Doudova
e3b7d235d5 Tests: Fix integration sudo test
Tests with sudorules using only RunAsGroups attributes with empty RunAsUsers
attribute fail due to different expected value than is really returned. This is
caused by improper behaviour of sudo in versions before 1.8.18 (see [1]), to
which the tests were originally fitted. Changing the expected value to proper
one.

[1] - https://www.sudo.ws/pipermail/sudo-workers/2016-November/001025.html

https://fedorahosted.org/freeipa/ticket/6378

Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2016-11-07 12:39:06 +01:00
Tomas Krizek
5b81dbfda1 ipaldap: merge IPAdmin to LDAPClient
* move IPAdmin methods to LDAPClient
* add extra arguments (cacert, sasl_nocanon) to LDAPClient.__init__()
* add host, port, _protocol to LDAPClient (parsed from ldap_uri)
* create get_ldap_uri() method to create ldap_uri from former
    IPAdmin.__init__() arguments
* replace IPAdmin with LDAPClient + get_ldap_uri()
* remove ununsed function argument hostname from
    enable_replication_version_checking()

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-11-07 11:34:03 +01:00
Tomas Krizek
de58a5c605 ipaldap: merge simple_bind into LDAPClient
* Use LDAPClient.simple_bind instead of extra call to IPAdmin.do_simple_bind
* Rename binddn to bind_dn
* Rename bindpw to bind_password
* Explicitly specify bind_dn in all calls

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-11-07 11:34:03 +01:00
Martin Basti
9408085c58 CI: Disable KRA install tests on DL0
When master is without KRA installed, on domain level0 we cannot install
KRA replicas, thus this tests must be skipped on DL0

https://fedorahosted.org/freeipa/ticket/6088

Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-10-26 15:06:36 +02:00
Martin Basti
11d7b774c4 CI: use --setup-kra with replica installation
Currently tests were not testing one-step installation of KRA together
with replica. Adding --setup-kra to replica installation instead of
calling ipa-kra-install after.

https://fedorahosted.org/freeipa/ticket/6088

Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-10-26 15:06:36 +02:00
Martin Basti
84ca1fc220 CI: extend replication layouts tests with KRA
KRA should be tested with warious replication topologies as well, mainly
in domain level 0

https://fedorahosted.org/freeipa/ticket/6088

Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-10-26 15:06:36 +02:00
Oleg Fayans
5710ecddca Reverted the essertion for replica uninstall returncode
As the issue with ipa installer always returning 0 returncode was addressed,
the test needs to be made aware of this change.

https://fedorahosted.org/freeipa/ticket/6401

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-10-18 17:30:37 +02:00
Martin Basti
91b51e702f CI: workaround: wait for dogtag before replica-prepare
In domain level 0 ipa-replica-prepare fails because dogtag is not ready
so soon after final restart during installation (tests are too fast).
Wait 30 seconds before ipa-replica-prepare is executed, to make sure
that dogtag is ready. Remove this workaround when ticket is fixed.

https://fedorahosted.org/freeipa/ticket/6274

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-10-13 17:40:11 +02:00
Oleg Fayans
8b0faa25d1 Test: disabled wrong client domain tests for domlevel 0
These tests are only relevant for domain level 1

https://fedorahosted.org/freeipa/ticket/6382

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-10-12 10:53:41 +02:00
Martin Basti
49b29591aa Pylint: remove unused variables in tests
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-10-11 16:50:32 +02:00
Martin Basti
45e3aee352 Pylint: enable check for unused-variables
Unused variables may:
* make code less readable
* create dead code
* potentialy hide issues/errors

Enabled check should prevent to leave unused variable in code

Check is locally disabled for modules that fix is not clear or easy or have too many occurences of
unused variables

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-09-27 13:35:58 +02:00
Martin Basti
9d83be3647 Remove unused variables in tests
This commit removes or marks unused variables as "expected to be unused"
by using '_' prefix.

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-09-27 13:35:58 +02:00
Jan Barta
36484e8672 pylint: fix simplifiable-if-statement warnings
fix inefficient if statements, enable pylint check

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2016-09-22 16:52:57 +02:00
Oleg Fayans
47c808afa3 tests: Fixed code styling in caless tests to make pep8 happy
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
9870c5804a tests: Reverted erroneous asserts in 4 tests
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
7412f0cb20 tests: fixed certinstall method
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
f1f94a7b9f tests: fixed super method invocation
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
8be0906b04 tests: added verbose assert to test_service_disable_doesnt_revoke
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
106f37c26f tests: Standardized replica_preparation in test_no_certs
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
b8968d923c tests: Implemented check for domainlevel before installation verification
We only need to verify installation of replica under domain level 1, otherwise
replica is not installed but only a gpg file is prepared

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
43994e6697 tests: Fixed Usage of improper certs in ca-less tests
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
804aae8196 tests: fixed expects of incorrect error messages
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
b8cf212e8b tests: Replaced unused setUp method with install
setUp method does not get executed in recent versions of pytest
Replaced with the install method derived from the parent IntegrationTest class

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
dbf0d141c5 tests: Replaced hardcoded certutil with imported from paths
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
bb4205b582 tests: Enabled negative testing for cleaning replication agreements
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
9217bcc871 tests: Made unapply_fixes call optional at master uninstallation
Unapply fixes removes the temporary testing folder at ~/ipatests, which
contains some artifacts like root.pem that need to be persistent between tests
in the test_caless testsuite. There has to be the way to skip the deletion of
this testfolder

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
e0b67dfa7e tests: Updated master and replica installation methods to enable negative testing
Negative testing was enabled by introducing an optional raiseonerr parameter
with True by default to both master and replica installation methods
Also the methods were updated to support intractive installation

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
24f218f4eb tests: Added necessary xfails
A number of tests fail due to known issues. Added xfails to acknowledge them

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
d17d13d77a tests: Added necessary getkeytabs calls to fixtures
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
759bbcdfcb tests: Removed outdated command options test
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
a81d847204 tests: Applied correct teardown methods
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
84db13f676 tests: Fixed incorrect assert in verify_installation
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
fad6ec8256 tests: Adapted installation methods to utilize methods from tasks
Master and replica installation methods were made to utilize corresponding
methods from tasks.py for the sake of DRY

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
725d8d0cac tests: Removed call for install method from parent class
The IntegrationTest.install method installs the full topology while in ca-less
tests we need to check server installation, thus the nodes should not have
server or replica installed

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
48ca465a12 tests: Added teardown methods for server and replica installation
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
c0e16aa3b9 tests: Create a method that cleans all ipa certs
Upon uninstallation IPA does not remove certs from the system, see
https://fedorahosted.org/freeipa/ticket/4639 for details. This causes
installation failures in several tests. The workaround is to manually remove
certs from all certificate databases used by IPA after each server
uninstallation

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
38ad864342 tests: Updated ipa server installation stdin text
The installator has changed the question sequence so the stdin used for
interactive server installation has to be changed accordingly

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
0c635686dd tests: Added generation of missing certs
test_ca_server_cert and test_unknown_ca required 2 more certs that were not
pre-generated

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
2f6ffa326a tests: Added basic constraints extension to the CA certs
The IPA installer refuses to accept certs signed with a CA-signature that does
not have basic constraints enabled (Described in RFC 5280)

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Oleg Fayans
bbac233b5e tests: Fixed method failures during second call for the method
When the same host is used for numerous server/replica
installations/uninstallations at some point the /etc/openldap/ldap.conf file
gets corruped which results in ldapsearch unaware of the default ldap_uri to
connect. The workaround would be to provide ldap hostname for each ldapsearch.

Attention: please unapply this fix once the original issue is resolved.

https://fedorahosted.org/freeipa/ticket/5880

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-09-22 15:20:42 +02:00
Lenka Doudova
936a6a38b8 Tests: Add krb5kdc.service restart to integration trust tests
krb5kdc.service restart is necessary for proper running of integration trust
related tests.

https://fedorahosted.org/freeipa/ticket/6322

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-21 18:44:42 +02:00
Lenka Doudova
361105a3d5 Tests: Remove SSSD restart from integration tests
SSSD restart has been mistakenly added to integration tests
(test_integration/tasks.py::uninstall_master). When system setup is correct,
this restart has no significance, moreover it makes tests fail, hence its
removal is necessary.

https://fedorahosted.org/freeipa/ticket/6338

Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2016-09-21 14:41:09 +02:00
Oleg Fayans
3e4740f788 Xfailed a test that fails due to 6250
Also created a decorator that removes the segment that the next test does not
expect.

https://fedorahosted.org/freeipa/ticket/6250

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-15 10:21:56 +02:00
Oleg Fayans
49fbbb0641 Fixed segment naming in topology tests
As the segment name is a stochastic valu, which can have either of the two
nodes as the left node, we need to adapt the tests to not expect some
particular segment name but rather to calculate it dynamically based on node
names and the output of topologysegment-find ipa call

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-15 10:21:56 +02:00
Lenka Doudova
7cac839203 Tests: Fix integration sudo tests setup and checks
Adding 'defaults' sudorule to prevent requesting further user authentication.
Adding checks that if a user should be rejected access, a proper error message
is displayed.

https://fedorahosted.org/freeipa/ticket/6262

Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2016-09-14 12:49:02 +02:00
Oleg Fayans
1e484d010b Xfailed the tests due to a known bug with replica preparation
https://fedorahosted.org/freeipa/ticket/6274

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-14 09:53:35 +02:00
Oleg Fayans
ac78d191de Changed addressing to the client hosts to be replicas
https://fedorahosted.org/freeipa/ticket/6287

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-14 09:51:51 +02:00
Oleg Fayans
39c15ecdcd Several fixes in replica_promotion tests
In test_one_command_installation the ipa-replica-install was missing '--server'
and '-U' options which resulted in false negative result. In
test_client_enrollment_by_unprivileged_user '--server' option was messing.
test_replica_promotion_after_adding_to_admin_group lacked '-U' option. It
leaded to 3 failed cases.

https://fedorahosted.org/freeipa/ticket/6301

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-14 09:48:15 +02:00
Oleg Fayans
22b0e8a9eb Removed incorrect check for returncode
The server installation in most cases returns response code 0 no matter what
happens except for really severe errors. In this case when we try to uninstall
the middle replica of a line topology, it fails, notifies us that we should use
'--ignore-topology-disconnect', but returns 0

https://fedorahosted.org/freeipa/ticket/6300

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-14 09:46:22 +02:00
Lenka Doudova
b824013386 Tests: Add cleanup to integration trust tests
Trust tests fail if they are executed after external trust tests. This is
caused my missing cleanup. Providing cleanup that would enable correct
execution of the tests regardless of their order.

https://fedorahosted.org/freeipa/ticket/6306

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-09-13 15:35:43 +02:00
Lenka Doudova
fc5a99274c Tests: Fix regex errors in integration trust tests
In integration trust tests some values are checked using regular expressions.
Some of these expressions from recently added coverage have minor mistakes
which causes the comparisons to fail. Providing fix for these regular
expressions.

https://fedorahosted.org/freeipa/ticket/6285

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-09-09 16:54:05 +02:00
Oleg Fayans
5812af84a4 Disabled raiseonerr in kinit call during topology level check
domainlevel method is called upon each master uninstallation. Sometimes the
master uninstallation is called from within teardown method of some tests when
the master was not in fact installed, in which case the kinit_admin would
always raise an error.

https://fedorahosted.org/freeipa/ticket/6254

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-30 13:11:46 +02:00
Oleg Fayans
9dffe55e65 Added a sleep interval after domainlevel raise in tests
Due to race conditions the test sometimes catches 2 one-way segments instead of
one bidirectional. We need to give the master time to merge the one-way
segments before we test the output.

https://fedorahosted.org/freeipa/ticket/6265

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-26 16:14:37 +02:00
Oleg Fayans
fbc9179970 Fixed incorrect sequence of method calls in tasks.py
https://fedorahosted.org/freeipa/ticket/6255

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-25 13:48:26 +02:00
Ganna Kaihorodova
64c5340329 Fix for integration tests replication layouts
Domain level 0 doesn't allow to create replica file on CA-less master, testcases were skipped with Domain level 0

[https://fedorahosted.org/freeipa/ticket/6134]

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-08-16 12:55:40 +02:00
Petr Vobornik
6217d680da ca-less tests: fix getting cert in pem format from nssdb
usage of ipautil.run in  get_pem methond of ca-less tests was not
refactored when the ipautil.run was refactored in
099cf98307

This results in failure of all CA-less test.

https://fedorahosted.org/freeipa/ticket/6177

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-10 16:53:33 +02:00
Oleg Fayans
bd5746c538 Fixed incorrect domainlevel determination in tests
https://fedorahosted.org/freeipa/ticket/6167

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-05 13:16:29 +02:00
Oleg Fayans
2df047b8c5 Fixed incorrect return code assert
The assert checked that the returncode of the replica uninstallation is zero
where in fact the uninstallation was expected to fail with the certain error
message

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-04 15:11:42 +02:00
Oleg Fayans
4e574cde72 Fixed import error
assert_error was lately transfered from test_caless.py to tasks.py, which
started to cause import errors in replica promotion tests

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-03 15:31:36 +02:00
Lenka Doudova
a20c04033a Tests: Removing manipulation with /etc/hosts file from integration tests
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2016-08-01 10:20:16 +02:00
Martin Basti
ae623864ee CI tests: fix SSSD log collecting
Wildcard '*' has not been working for log collecting. I just set
the whole SSSD log directory to be collected. tar utility is able to
archive whole directories.

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-26 15:34:07 +02:00
Martin Basti
f05615bb83 CI tests: improve log collecting
We should collect as much as possible relevant logs to be able do better
investigation from test automation

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-26 15:34:07 +02:00
Lenka Doudova
648b5afa2f Tests: IPA user can kinit using enterprise principal with IPA domain
Providing missing test case verifying authentication as IPA user, namely:
"kinit -E ipauser@IPADOMAIN".

https://fedorahosted.org/freeipa/ticket/6036

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-25 12:22:21 +02:00
Lenka Doudova
6a072f3c5c Tests: Support of UPN for trusted domains
Basic set of tests to verify support of UPN functionality.

Test cases:
- establish trust
- verify the trust recognizes UPN
- verify AD user with UPN can be resolved
- verify AD user with UPN can authenticate
- remove trust

https://fedorahosted.org/freeipa/ticket/6094

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-19 13:29:51 +02:00
Lenka Doudova
f487233df0 Tests: External trust
Provides basic coverage for external trust feature.
Test cases:
1. verify an external trust with AD subdomain can be established
   - verify only one trustdomain is listed
   - verify subdomain users are resolvable
   - verify trust can be deleted
2. verify non-external trust with AD subdomain cannot be established
3. verify an external trust with AD forest root domain can be established
   - verify that even if AD subdomain is specified, it is not associated with the trust
   - verify trust can be deleted

https://fedorahosted.org/freeipa/ticket/6093

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-19 13:25:29 +02:00
Martin Basti
72b2c8a54d CI: DNS locations
This test is testing default IPA system records in locations, if
priority and weight were properly set per service, per server, per
location.

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-07-18 13:31:18 +02:00
Lenka Doudova
aab861142d Tests: Authentication indicators integration tests
https://fedorahosted.org/freeipa/ticket/433

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-07-15 13:57:18 +02:00
Oleg Fayans
f784532d4e Test for incorrect client domain
https://fedorahosted.org/freeipa/ticket/5976

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-07-01 17:59:27 +02:00
Lenka Doudova
1d9e1521c5 Tests: Remove DNS configuration from trust tests
Since DNS configuration is no longer needed for running trust tests, this method's contents are removed. Method is left empty as reference for others, should they have issues with DNS configuration.

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2016-06-30 13:14:27 +02:00
Martin Babinsky
081941a5b9 CI test suite for server-del
these tests cover various scenarios such as:
* trying to remove master that would disconnect topology in one of the
  suffixes
* forcing master removal regardless of topology state before/after removal
* trying to remove last CA/DNS server/DNSSec key master
* forcing removal of the last DNSSec key master

https://fedorahosted.org/freeipa/ticket/5588

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-06-17 18:55:19 +02:00
Petr Spacek
ec49130b94 Use root_logger for verify_host_resolvable()
After discussion with Martin Basti we decided to standardize on root_logger
with hope that one day we will use root_logger.getLogger('module')
to make logging prettier and tunable per module.

https://fedorahosted.org/freeipa/ticket/5710

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-05-30 20:14:32 +02:00
Oleg Fayans
84e5065b39 Added necessary A record for the replica to root zone
A master can only be delegated a zone authority, if this zone contains A
records of the master and ALL replicas

https://fedorahosted.org/freeipa/ticket/5848

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-05-11 13:19:13 +02:00
Oleg Fayans
5567dff4b4 A workaround for ticket N 5348
A freshly created dnssec-enabled zone does not always display the signature
until you restart named-pkcs11. Added restarting of this service after each
dnssec-enabled zone.

https://fedorahosted.org/freeipa/ticket/5348

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-05-11 13:16:43 +02:00
Oleg Fayans
1c79c1ea2d Bugfixes in managed topology tests
Fixed a false negative related to replication taking some time: added
wait_for_replication call before checking for new object in replicas.

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-04-20 17:59:11 +02:00
Oleg Fayans
1974f20aec Improve reporting of failed tests in topology test suite
https://fedorahosted.org/freeipa/ticket/5772

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-04-20 17:59:11 +02:00
Oleg Fayans
c061172792 Add test if replica is working after domain upgrade
Corresponds to the testcase described in
http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan#Test_case:
_Replica_created_using_old_workflow_is_functional_after_domain_upgrade

https://fedorahosted.org/freeipa/ticket/5723

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-04-15 15:44:09 +02:00
Oleg Fayans
280f1ed85f Fixed a failure in legacy_client tests
https://fedorahosted.org/freeipa/ticket/5800

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-04-13 16:05:12 +02:00
Oleg Fayans
ab3b4a92a8 Added 5 more tests to Replica Promotion testsuite
The following testcases were automated:
1. Test one command replica installation
2. Test csreplica-manage-(del, connect, disconnect) are disabled in domain
level 1
3. Client enrollment and replica promotion by an unprivileged user are
prohibited
4. Replica uninstallation is prohibited if it disconnects a part of existing
topology (is possible only with --ignore-topology-disconnect option)
https://fedorahosted.org/freeipa/ticket/5723

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-04-06 16:02:55 +02:00
Oleg Fayans
f836ee7b9c Added a kdestroy call to clean ccache at master/client uninstallation
https://fedorahosted.org/freeipa/ticket/5741

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2016-04-06 15:59:22 +02:00
Oleg Fayans
2fa0952603 Fixed a bug with prepare_host failing upon existing ipatests folder
https://fedorahosted.org/freeipa/ticket/5748

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-03-23 17:19:21 +01:00
Oleg Fayans
d58cd04e8a rewrite a misprocessed teardown_method method as a custom decorator
teardown_method is a standard pytest method used to put any code to be executed
after each test method is executed. While treated correctly by our integration
tests, this method is misinterpreted by in-tree tests in the following way:
in-tree tests try to execute it even if all the test methods are skipped due to
test resources being not configured. This causes the tests, that otherwise would
have been skipped, to fail

https://fedorahosted.org/freeipa/ticket/5723

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-03-23 12:46:23 +01:00
Oleg Fayans
c204290038 Added copyright info to replica promotion tests
https://fedorahosted.org/freeipa/ticket/5723

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-03-22 13:48:45 +01:00
Christian Heimes
49be6c8d3c Move user/group constants for PKI and DS into ipaplatform
https://fedorahosted.org/freeipa/ticket/5619

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2016-03-22 10:40:44 +01:00
Martin Basti
fb3a5d5a9c Use platform path constant for SSSD log dir
The path to SSSD log directory is platform specific and should be in
ipaplatform module.

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-03-16 09:31:02 +01:00
Oleg Fayans
578cff9567 Workaround for ticket 5627
https://fedorahosted.org/freeipa/ticket/5723

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-03-11 17:27:45 +01:00
Oleg Fayans
b5807fd9b6 Made apply_common_fixes call at replica installation independent on domain_level
Besides added obligatory domain/realm-specific commandline options
 to replica installation

https://fedorahosted.org/freeipa/ticket/5723

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-03-11 17:27:45 +01:00
Oleg Fayans
ddadbf8274 Enabled setting domain level explicitly in test class
Needed for replica promotion tests

https://fedorahosted.org/freeipa/ticket/5723

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-03-11 17:27:45 +01:00
Oleg Fayans
0b1fe08f1d Integration tests for replica promotion feature
http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan

https://fedorahosted.org/freeipa/ticket/5723

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-03-11 17:27:45 +01:00
Martin Basti
a63ce1fe22 CI: allow customized DS install test to work with domain levels
Test will use tasks methods instead of custom commands to be able work
with domain levels.

https://fedorahosted.org/freeipa/ticket/5606

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-03-03 17:26:56 +01:00
Oleg Fayans
cfbb7769a7 Removed messing around with resolv.conf
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-03-02 16:41:28 +01:00
Petr Vobornik
02d3ea1062 advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap plugins
authconfig in config_redhat_nss_ldap and config_redhat_nss_pam_ldapd got
new option --enableldaptls

It should have effect primarily on el5 systems.

https://fedorahosted.org/freeipa/ticket/5654

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2016-03-01 13:05:20 +01:00
Martin Babinsky
94a836dd46 CI tests: use old schema when testing hostmask-based sudo rules
Newer versions of sssd use native IPA schema to process sudo rules.
However, this schema currently has no support for hostmask-based rules
and causes some sudo CI tests to fail. We have to temporarily set
sssd.conf to use ou=sudoers,$SUFFIX as a sudo rule search base when
executing them.

https://fedorahosted.org/freeipa/ticket/5625

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2016-02-25 13:37:16 +01:00
Martin Basti
a14d687493 Revert "test: Temporarily increase timeout in vault test."
This reverts commit 8112ac69cc.

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-02-24 17:27:14 +01:00
Jan Cholasta
11592dde1b client: stop using /etc/pki/nssdb
Don't put any IPA certificates to /etc/pki/nssdb - IPA itself uses
/etc/ipa/nssdb and IPA CA certificates are provided to the system using
p11-kit. Remove leftovers on upgrade.

https://fedorahosted.org/freeipa/ticket/5592

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-02-24 10:53:28 +01:00
David Kupka
775ee77bcc CI: Make double circle topology python3 compatible
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-02-24 10:37:04 +01:00
David Kupka
a1e582b33c CI: Add test for double-circle topology generator.
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-02-23 17:32:36 +01:00
David Kupka
a1d2ce00a6 CI: Add replication test utilizing double-circle topology.
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-02-23 17:32:36 +01:00
David Kupka
cbd9c3943a CI: Add double circle topology.
Every site consist of at least two replicas and is connected to two other
sites.

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-02-23 17:32:36 +01:00
David Kupka
acdabba6ec CI: add empty topology test for 2-connected topology generator
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-02-23 17:30:16 +01:00
David Kupka
616c78b720 CI: Fix pep8 errors in 2-connected topology generator
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-02-23 17:30:16 +01:00
Petr Viktorin
200614872e tests: Use absolute imports
https://fedorahosted.org/freeipa/ticket/5638

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-02-17 10:41:29 +01:00
David Kupka
2541b5fcbf CI: Add test for 2-connected topology generator.
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-02-12 16:57:19 +01:00
David Kupka
c2bbd5dcd8 CI: Add simple replication test in 2-connected topology.
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-02-12 16:57:19 +01:00
David Kupka
8f6e9113e9 CI: Add '2-connected' topology generator.
If number of servers (master+replicas) is equal to 4 + SUM(1, n, 2^n*5) for
any n >= 0:
 * every server has replication agreement with 2 - 4 other servers.
 * at least two agreements must fail in order to disconnect the topology.
Otherwise there can be server(s) with single agreement on the edge of the
topology.

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-02-12 16:57:19 +01:00
Oleg Fayans
42d3644276 Removed --ip-address option from replica installation
Explicitly specifying ip-address of the replica messes up with the current
bind-dyndb-ldap logic, causing reverse zone not to be created.

Enabled reverse-zone creation for the clients residing in different subnet from
master

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-02-04 15:53:30 +01:00
Oleg Fayans
aa30199e0b Updated connect/disconnect replica to work with both domainlevels
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-02-01 16:05:38 +01:00
Oleg Fayans
b23fea7660 Enabled recreation of test directory in apply_common_fixes function
Without it any test comprized of more than one cycle of installing-uninstalling
of ipa would fail due to the fact that test folder on the remote machine gets
deleted during ipa uninstallation.

Also removed duplicate call of apply_common fixes and added unapply_fixes to
uninstall_replica

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-29 14:15:29 +01:00
Martin Basti
c5076452d6 DNSSEC CI: fix zone delegations
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-01-29 11:52:09 +01:00
Milan Kubík
8f6fb7b4ea ipatests: fix the install of external ca
Fixes the install invocation in the test to use domain and
realm correctly. Also makes the test aware of domain levels.

https://fedorahosted.org/freeipa/ticket/5605

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-01-27 13:14:51 +01:00
Martin Basti
cdf08a0a86 Fix DNSSEC test: add glue record
Missing glue record causes test failure in cases when DNS zone was not
managed by IPA DNS

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-01-25 13:27:38 +01:00
Petr Viktorin
126d899321 Use explicit truncating division
In Python 3, the truncating division operator, //, is needed to
get C-style "int division".

https://fedorahosted.org/freeipa/ticket/5623

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-20 11:59:21 +01:00
Oleg Fayans
7a742391c1 fixed an issue with master installation not creating reverse zone
When resolv.conf is set to point to the master's ip before installation, the
ipa-server-install does not create a reverse zone for it's ip even despite
--auto-reverse option provided. The fix is not to mess around with resolv.conf
before master installation.

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-01-19 17:47:23 +01:00
Martin Basti
26899c91af CI test: fix regression in task.install_kra
ipa-kra-install needs directory manager password

Regression caused by c4b9b295d8

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-14 13:19:57 +01:00
Milan Kubík
c0133778ae ipatests: Make the A record for hosts in topology conditional
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-13 10:07:46 +01:00
Martin Basti
c611174987 DNSSEC test: fix adding zones with --skip-overlap-check
In DNSSEC tests the root zone has to be created, this requires to use
--skip-overlap-check to work properly.

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-01-12 10:45:00 +01:00
Oleg Fayans
3b39d8b6de Fixed install_ca and install_kra under domain level 0
Also added ipa_backup, ipa_restore and replica_uninstall functions

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-07 18:27:57 +01:00
Martin Basti
e4075b1fe2 Remove unused imports
This patch removes unused imports, alse pylint has been configured to
check unused imports.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-12-23 07:59:22 +01:00
Oleg Fayans
b12ba14e3d CI tests: Added domain realm as a parameter to master installation in integration tests
Without realm provided explicitly, installation calculates it automatically
from the current hostname which may be inconsistent with the configured domain
name. Which, in turn, causes failures in integration tests in the lab.

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-12-21 15:10:56 +01:00
Oleg Fayans
36e85b10db CI tests: Enabled automatic creation of reverse zone during master installation
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-12-21 15:01:21 +01:00
Martin Babinsky
c4b9b295d8 CI tests: remove '-p' option from ipa-dns-install calls
fix for https://fedorahosted.org/freeipa/ticket/4933 made ipa-dns-install to
use LDAPI and deprecated -p option for directory manager password. This patche
remove the option from calls to ipa-dns-install in CI tests so that
deprecation warning does not clutter the logs.

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-12-14 15:41:28 +01:00
David Kupka
8112ac69cc test: Temporarily increase timeout in vault test.
Remove this change when vault is fixed.

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-12-14 11:52:20 +01:00
Gabe
5c9b9089b7 Migrate wget references and usage to curl
https://fedorahosted.org/freeipa/ticket/5458

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-12-11 18:46:10 +01:00
Martin Basti
1e0f1f5197 CI: fix ipa-kra-install on domain level 1
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2015-12-11 15:11:20 +01:00
Tomas Babej
a02f83ff9c tests: Add hostmask detection for sudo rules validating on hostmask
IPA sudo tests worked under the assumption that the clients
that are executing the sudo commands have their IPs assigned
within 255.255.255.0 hostmask.

Removes this (invalid) assumption and adds a
dynamic detection of the hostmask of the IPA client.

https://fedorahosted.org/freeipa/ticket/5501

Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
2015-12-11 14:25:50 +01:00
Martin Babinsky
7c4ce9a098 fix error message assertion in negative forced client reenrollment tests
https://fedorahosted.org/freeipa/ticket/5511

Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2015-12-11 13:11:54 +01:00
Martin Babinsky
35fae355cc CI tests: ignore disconnected domain level 1 topology on IPA master teardown
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2015-12-09 09:39:20 +01:00
Martin Basti
e4259d5b49 CI: fix function that prepare the hosts file before CI run
Without this fix function removed 2 lines from hosts file.

Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2015-12-08 10:25:50 +01:00
Martin Basti
a11cddd75b CI: installation tests
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2015-12-08 10:07:00 +01:00
Martin Basti
bee222372a CI: test various topologies with multiple replicas
Test tests topologies listed bellow with and without CA on replicas:
star topology: 3 replicas
line topology: 3 replicas
complete topology: 3 replicas

Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2015-12-07 16:44:36 +01:00
Tomas Babej
5cb003f0b4 tests: Fix incorrect uninstall method invocation
https://fedorahosted.org/freeipa/ticket/5516

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-12-07 10:58:57 +01:00
Petr Vobornik
517aa84569 rename topology suffixes to "domain" and "ca"
https://www.redhat.com/archives/freeipa-devel/2015-November/msg00485.html

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-12-04 12:59:21 +01:00
Martin Basti
e56a1535b0 CI test: Fix installation of KRA on a replica
With domain level 1 installation of KRA has been changed on replica.

https://fedorahosted.org/freeipa/ticket/5379

Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
2015-11-18 12:58:09 +01:00
Martin Basti
79f7c71e61 Fix CI tests domain_level env config
Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
2015-11-18 12:57:09 +01:00
Oleg Fayans
511ace9a4f Fixed A record creation bug
When creating an A record we used to provide full hostname as a record name,
while we should have provided only the first part of the hostname

https://fedorahosted.org/freeipa/ticket/5419

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-11-03 16:14:49 +01:00
Oleg Fayans
f9bbfade29 The test was made to be skipped if domainlevel is 0
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-11-03 16:11:57 +01:00
Oleg Fayans
f8778f6e4f Updated the tests according to the new replica installation workflow
As of 4.3 the replica installation is performed without preparing a gpg file on
master, but rather enrolling a future replica as a client with subsequent
promotion of the client. This required the corresponding change in the
integration tests

https://fedorahosted.org/freeipa/ticket/5379

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-11-03 16:11:57 +01:00
Martin Basti
f2032ca2ca DNSSEC CI: wait until DS records is replicated
In some cases replication may take much more time than we expected. This
patch adds explicit cech if DS records has been replicated.

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2015-10-22 18:24:53 +02:00
Martin Basti
f4c8c93e70 Rename option --dirsrv-config-mods to --dirsrv-config-file
Option is renamed to be consistent with other options.

Affected tickets:
    https://fedorahosted.org/freeipa/ticket/4949
    https://fedorahosted.org/freeipa/ticket/4048
    https://fedorahosted.org/freeipa/ticket/1930

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-10-19 14:18:23 +02:00
Martin Basti
5233165ce7 CI: installation with customized DS config
Test covers:

https://fedorahosted.org/freeipa/ticket/4949
https://fedorahosted.org/freeipa/ticket/4048
https://fedorahosted.org/freeipa/ticket/1930

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-10-15 18:37:52 +02:00
Martin Basti
5f3784520b CI Test: add setup_kra options into install scripts
https://fedorahosted.org/freeipa/ticket/5302

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-10-12 17:50:22 +02:00
Martin Basti
573d3323af CI TEST: Vault
Simple CI test for vault feature, including testing with replica

Covers https://fedorahosted.org/freeipa/ticket/5302

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-10-12 15:15:23 +02:00
Oleg Fayans
2b4354f37e Fixed a timing issue with drill returning non-zero exitcode
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-10-09 14:07:45 +02:00
Petr Viktorin
65e3b9edc6 Use six.Stringio instead of StringIO.StringIO
The StringIO class was moved to the io module.
(In Python 2, io.StringIO is available, but is Unicode-only.)

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-10-07 10:27:20 +02:00
Milan Kubík
c22c60b87c ipatests: configure Network Manager not to manage resolv.conf
For the duration of the test, makes resolv.conf unmanaged.
If NetworkManager is not running, nothing is changed.

https://fedorahosted.org/freeipa/ticket/5331

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-10-02 14:01:50 +02:00
Martin Babinsky
7ab52384be re-kinit after ipa-restore in backup/restore CI tests
In FreeIPA CI-tests the install_master task automatically performs kinit after
successfull installation. This may break some backup/restore tests which
perform backup into previously installed IPA master. In this case it is
neccessary to re-kinit after restore.

https://fedorahosted.org/freeipa/ticket/5326

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-10-02 12:42:20 +02:00
Oleg Fayans
03d696f224 Added a proper workaround for dnssec test failures in Beaker environment
In beaker lab the situation when master and replica have ip addresses from
different subnets is quite frequent. When a replica has ip from different
subnet than master's, ipa-replica-prepare looks up a proper reverse zone to
add a pointer record, and if it does not find it, it asks a user for permission
to create it automatically. It breaks the tests adding the unexpected input.
The workaround is to always create a reverse zone for a new replica.

Corresponding ticket is https://fedorahosted.org/freeipa/ticket/5306

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-10-01 14:46:43 +02:00
Martin Basti
28c25241fe CI: backup and restore with KRA
Reviewed-By: Milan Kubík <mkubik@redhat.com>
2015-09-25 13:22:19 +02:00
Martin Basti
8772fb4c3d backup CI: test DNS/DNSSEC after backup and restore
Reviewed-By: Milan Kubík <mkubik@redhat.com>
2015-09-16 18:20:18 +02:00
Martin Basti
3c33b48655 DNSSEC CI: test master migration
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2015-09-16 18:03:34 +02:00
Martin Basti
f2b309ff4f DNSSEC: improve CI test
Test disabling and re-enabling zone signing.

Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2015-09-16 18:03:34 +02:00
Petr Viktorin
8de13bd7dd Use the print function
In Python 3, `print` is no longer a statement. Call it as a function
everywhere, and include the future import to remove the statement
in Python 2 code as well.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Petr Viktorin
ace63f4ea5 Replace uses of map()
In Python 2, map() returns a list; in Python 3 it returns an iterator.

Replace all uses by list comprehensions, generators, or for loops,
as required.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Petr Viktorin
5a9141dc40 Replace filter() calls with list comprehensions
In Python 3, filter() returns an iterator.
Use list comprehensions instead.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Petr Viktorin
dd16cc98b0 Use six.string_types instead of "basestring"
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Oleg Fayans
c7408f67f6 Integration tests for topology plugin
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-08-28 16:12:25 +02:00
Oleg Fayans
b202afbcc0 Temporary fix for ticket 5240
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-08-24 16:32:23 +02:00
Oleg Fayans
b93137c196 Added a user-friendly output to an import error
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-08-24 16:31:28 +02:00
Martin Babinsky
1bd099a114 do not install CA on replica during integration test if setup_ca=False
The patch fixes bug in the construction of ipa-replica-install arguments in
test_integration/tasks.install_replica. Due to this bug the replica
installation during certain integration tests involved CA setup even when
setup_ca was set to False.

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-04-15 13:09:59 +02:00
Martin Babinsky
c8fae594df proper client host setup/teardown in forced client reenrollment integration test suite
Replace setUp()/tearDown() methods with a pytest.fixture for proper client
setup/teardown during test_forced_client_reenrollment

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-04-14 19:38:04 +02:00
Martin Basti
0a1a3d7312 DNSSEC CI tests
Tests:
* install master, replica, then instal DNSSEC on master
  * test if zone is signed (added on master)
  * test if zone is signed (added on replica)

* install master with DNSSEC, then install replica
  * test if root zone is signed
  * add zone, verify signatures using our root zone

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2015-04-14 19:29:36 +02:00
Gabe
ae4ee6b533 ipatests: Add tests for valid and invalid ipa-advise
- Add test for invalid run of the ipa-advise command
- Add tests for valid runs of the ipa-advise command

https://fedorahosted.org/freeipa/ticket/4029

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-02-26 20:57:49 +01:00
Petr Viktorin
61c4ecccc1 Run pylint on tests
Drop support for pylint < 1.0

Enable ignoring unknown attributes on modules (both nose and pytest
use advanced techniques, support for which only made it to pylint
recently)

Fix some bugs revealed by pylint

Do minor refactoring or add pylint:disable directives where the
linter complains.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-01-14 11:40:28 +01:00
Petr Viktorin
bc5b13c3da ipatests: Use pytest-sourceorder
The plugin to run tests within a class in the order they're defined
in the source was split into a separate project.
Use this project instead of a FreeIPA-specific copy.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-12-17 15:37:56 +01:00
Tomas Babej
3507bcd3df ipatests: Invoke class install methods properly with respect to pytest-multihost
Multihost object was is not passed to the install method in the super construction.
This fixes setup errors in AD Trust, Forced client reenrollment, CALess and Sudo
tests.

https://fedorahosted.org/freeipa/ticket/4809

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-12-16 12:20:44 +01:00
Petr Viktorin
a97d61df04 test_integration: Parametrize test instead of using a generator
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-12-11 07:04:58 +01:00
Petr Viktorin
d9ab11a232 test_integration: Use collect_log from the host, not the testing class
The testing class no longer has this method.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-12-11 07:04:58 +01:00
Petr Viktorin
74f7d67fd5 test_integration: Use python-pytest-multihost
The core integration testing functionality was split into a separate
project. Use this project, and configure it for FreeIPA.

The "mh" (multihost) fixture is made available for integration tests.

Configuration based on environment variables is moved into a separate
module, to ease eventual deprecation.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-12-11 07:04:58 +01:00
Petr Viktorin
d42c26c542 test_integration: Adjust tests for pytest
- Customize install() instead of setup_class()
- Use pytest parametrization instead of test generators

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-11-21 12:14:44 +01:00
Petr Viktorin
29c28786e3 Integration tests: Port the BeakerLib plugin and log collection to pytest
Move the IPA-specific log collection out of the Beakerlib plugin.
Add the --logfile-dir option to tests and ipa-test-task, so that logs
can be collected even if BeakerLib is not used.

https://fedorahosted.org/freeipa/ticket/4610

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-11-21 12:14:44 +01:00
Petr Viktorin
0ad5c57f62 Switch integration testing config to a fixture
The hack of storing the config on the class is left in;
it would be too much work for too little gain at this time.

https://fedorahosted.org/freeipa/ticket/4610

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-11-21 12:14:44 +01:00
Petr Viktorin
3a9a98b285 Integration tests: Port the ordering plugin to pytest
Ordered integration tests may now be run with pytest.

https://fedorahosted.org/freeipa/ticket/4610

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-11-21 12:14:44 +01:00
Petr Viktorin
375e9f7c4b tests: Use PEP8-compliant setup/teardown method names
The setUp/dearDown names are used in the unittest module, but there is no reason
to use them in non-`unittest` test cases.
Nose supports both styles (but mixing them can cause trouble when
calling super()'s methods).
Pytest only supports the new ones.

https://fedorahosted.org/freeipa/ticket/4610

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-11-21 12:14:44 +01:00
Petr Viktorin
93422a54a3 Add additional backup & restore checks
https://fedorahosted.org/freeipa/ticket/3893

Reviewed-By: Martin Basti <mbasti@redhat.com>
2014-11-20 15:47:38 +01:00
Martin Basti
e7edac30a1 Fix CI tests: install_adtrust
IPA uses both named and named-pkcs11 service.
If named is masked use named-pkcs11, instead of raising exception

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-11-04 16:23:41 +01:00
Petr Viktorin
0cdaf2c48f sudo integration test: Remove the local user test
SSSD does not support sudo rules for local users;
these should be added in a local sudoers file.

https://fedorahosted.org/freeipa/ticket/4608

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-10-03 14:19:42 +02:00
Petr Viktorin
21276e8a3f test_forced_client_reenrollment: Don't check for host certificates
Since ticket 4449 we no longer generate host certificates by defailt.
Checdk that they are not present.

https://fedorahosted.org/freeipa/ticket/4601
2014-10-02 11:55:04 +02:00
Jan Cholasta
88083887c9 CA-less installer options usability fixes
The --*_pkcs12 options of ipa-server-install and ipa-replica-prepare have
been replaced by --*-cert-file options which accept multiple files.
ipa-server-certinstall now accepts multiple files as well. The files are
accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and
raw private key and PKCS#12 formats.

The --root-ca-file option of ipa-server-install has been replaced by
--ca-cert-file option which accepts multiple files. The files are
accepted in PEM and DER certificate and PKCS#7 certificate chain formats.

The --*_pin options of ipa-server-install and ipa-replica-prepare have been
renamed to --*-pin.

https://fedorahosted.org/freeipa/ticket/4489

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-09-30 08:50:47 +02:00
Jan Cholasta
3aa0731fc6 External CA installer options usability fixes
The --external_cert_file and --external_ca_file options of ipa-server-install
and ipa-ca-install have been replaced by --external-cert-file option which
accepts multiple files. The files are accepted in PEM and DER certificate and
PKCS#7 certificate chain formats.

https://fedorahosted.org/freeipa/ticket/4480

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-09-30 08:50:47 +02:00
Petr Viktorin
dea825fd9c ipa-restore: Set SELinux booleans when restoring
https://fedorahosted.org/freeipa/ticket/4157

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
2014-09-26 12:12:59 +02:00
Petr Viktorin
ccb91f5970 Add test for backup/delete system users/restore
Regression test for: https://fedorahosted.org/freeipa/ticket/3866

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-09-24 13:53:07 +02:00
Petr Viktorin
f1ab2f7aa4 Add basic test for backup & restore
https://fedorahosted.org/freeipa/ticket/3893

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-09-24 13:53:07 +02:00
Petr Viktorin
8fabd6dde1 Support delegating RBAC roles to service principals
https://fedorahosted.org/freeipa/ticket/3164

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-08-21 14:07:01 +02:00
Tomas Babej
6bb4eea348 ipatests: test_trust: Add test to cover lookup of trusdomains
Adds an integration tests that checks that all trustdomains are
able to be found by trustdomain-find command right after the
trust has been established.

Also moves some code to allow easier adding common test cases for
both POSIX and non-POSIX test classes.

https://fedorahosted.org/freeipa/ticket/4208

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-08-07 12:49:47 +02:00
Tomas Babej
4254423f83 ipatests: tasks: Fix dns configuration for trusts
Properly configure forwarders to the AD zone with respect to
newly created ipa dnsforwardzone commands.

https://fedorahosted.org/freeipa/ticket/4401

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2014-07-15 09:53:27 +02:00
Tomas Babej
c8511d3b3b ipaplatform: Fix misspelled path constant
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-25 21:07:07 +02:00
Tomas Babej
e7969f5af5 ipatests: test_sudo: Expect root listed out if no RunAsUser available
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-25 20:14:52 +02:00
Tomas Babej
701f1fc8ba ipatests: test_sudo: Do not expect enumeration of runasuser groups
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-25 20:14:52 +02:00
Tomas Babej
e0fd2695ca ipatests: test_sudo: Fix assertions not assuming runasgroupcat set to ALL
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-25 20:14:52 +02:00
Tomas Babej
ec2050b7df ipatests: test_sudo: Add coverage for category ALL validation
Makes sure sudorules behave correctly both when adding new entries
with corresponding category set to ALL, and when setting the
category to all when corresponding entries exist.

The only exception of deny commands with cmdcategory ALL is
covered as well.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-25 20:14:52 +02:00
Tomas Babej
c50d190549 ipatests: test_sudo: Add coverage for external entries
Covers functionality of external entries for:
* users
* runAsUsers
* groups of RunAsUsers
* runAsGroups

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-25 20:14:52 +02:00
Tomas Babej
d537da8b8a ipatests: test_sudo: Add tests for allowing hosts via hostmasks
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-25 20:14:51 +02:00
Tomas Babej
4d2ef43f28 ipaplatform: Move all filesystem paths to ipaplatform.paths module
https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-16 19:48:20 +02:00
Tomas Babej
491f431107 ipatests: Enable SSSD debugging on legacy clients with SSSD
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-05-09 13:57:04 +03:00
Tomas Babej
d98e06c314 ipatests: Setup SSSD debugging mode by default
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-05-09 13:57:04 +03:00
Tomas Babej
086d9f46dd ipatests: legacy clients: Do not use external hostnames for testing login to legacy clients from master
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-05-09 13:57:04 +03:00
Tomas Babej
5ce88a1f89 ipatests: Add Sudo integration test
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-05-09 13:57:04 +03:00
Petr Viktorin
d28d37ebdb test_integration.host: Export the hostname to dict as string
Our tests do strict type-checking, using unicode string causes failures.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-04-22 12:55:35 +02:00
Tomas Babej
f74ab3cba2 ipatests: Fix incorrect UID/GID reference for subdomain users and groups
In legacy client integration test, the test cases that query information
from subdomain about subdomain users and group expected subdomain
users and groups to have the UIDs/GIDs as users and groups in the root
domain.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-04-17 16:31:11 +02:00
Tomas Babej
49a59d1292 ipatests: Allow using FQDN with trailing dot as final hostname
When creating a BaseHost instance, the machine's hostname was
reconfigured to have the same shortname prepended the domain name
of the domain where it was defined.

However, it makes sense in certain use cases to define hosts
that have hostnames other than belonging directly in the domain
they were defined in.

Treat input hostnames with trailing dots as static FQDNs that
will not be changed by the name of the domain they were defined in.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-04-17 16:31:11 +02:00
Tomas Babej
24aa0a91e5 ipatests: tasks: Accept extra arguments when installing client
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-04-17 16:31:11 +02:00
Tomas Babej
ceca0b5591 ipatests: Fix apache semaphores prior to installing IPA server
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-04-17 16:31:11 +02:00
Adam Misnyovszki
f85fe1e851 CI - test_forced_client_reenrollment stability fix
fixes FreeIPA Jenkins CI test freeipa-integration-forced_client_reenrollment-f19

https://fedorahosted.org/freeipa/ticket/4298

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-04-17 16:31:11 +02:00
Petr Viktorin
85b8d8d5ae CA-less tests: Use sequential certificate serial numbers
When serial numbers were generated with $RANDOM, there
could be collisions.
Use sequential numbers instead.

Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
2014-04-10 12:05:26 +02:00
Adam Misnyovszki
2b171d273f CA-less tests generate failure
CA-less test suite always generate failures when installing
revoked certificates. This is a known issue, described in
https://fedorahosted.org/freeipa/ticket/4270 , this fix skips
these tests, outputting a warning for the later ticket.

https://fedorahosted.org/freeipa/ticket/4271

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-04-08 14:10:28 +02:00
Tomas Babej
50a6316d16 ipatests: tasks: Wait 2 seconds after restart of SSSD when clearing the cache
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-04-04 12:07:00 +02:00
Tomas Babej
6dcf2400be ipatests: legacy_clients: Relax regex checks
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-04-04 12:07:00 +02:00
Tomas Babej
517ac41524 ipatests: legacy_clients: Use hostname instead of external hostname for AD subdomain
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-04-04 12:07:00 +02:00
Tomas Babej
81b5adee80 ipatests: Make sure that remnants of PKI are removed
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-04-04 12:07:00 +02:00
Tomas Babej
f9ebd47f93 ipatests: Do not depend on the case of the attributes when testing ID ranges
In test_trust.py, several tests did case sensitive search on the output of
the ipa idrange-show command. This could cause false negatives.

Part of: https://fedorahosted.org/freeipa/ticket/4267

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-03-26 12:57:29 +01:00
Tomas Babej
8c8cc8b614 ipatests: test_trust: Change expected home directories for posix users
Information from the AD about the home directories is not leveraged at
all, but is generated from the username and domain. Fix the assumptions
in the tests.

Also changes 'Subdomain Test User' to 'Subdomaintest User' to be more
consistent.

https://fedorahosted.org/freeipa/ticket/4184

Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-03-24 09:51:52 +01:00
Petr Viktorin
44b065a277 test_integration.tasks: Do not fail cleanup if backup directory does not exist
If the test backup directory was never created (for example if
there was an early failure, or install was never run),
we don't want the test to fail.
Do not restore if the backup dir is not there.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-03-20 15:38:16 +01:00
Petr Viktorin
561e57d121 Add tests for integration test configuration
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-03-05 10:00:58 +01:00
Petr Viktorin
e6dbb2aa68 test_integration.config: Convert some text values to str
When loading from file, some strings are loaded as unicode,
which would throw off assert_deepequal.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-03-05 10:00:58 +01:00