Commit Graph

14225 Commits

Author SHA1 Message Date
Rob Crittenden
2c3a042c06 Update check_client_configuration to use new client fact
check_client_configuration differs from is_ipa_client_configured
in that it raises an exception if not configured so is a nice
convenience in AdminTool scripts. Port it to call to
is_ipa_client_configured() instead of determining the install
state on its own.

https://pagure.io/freeipa/issue/8384

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-06 14:11:27 +02:00
Rob Crittenden
5e02713481 Don't use the has_files() to know if client/server is configured
Use the is_ipa_configure() and is_ipa_client_configured() utilities
instead which are much more robust.

https://pagure.io/freeipa/issue/8384

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-06 14:11:27 +02:00
Rob Crittenden
d7a4756dac Create a common place to retrieve facts about an IPA installation
This is common to both client and server. Start with whether the
client or server is configured.

https://pagure.io/freeipa/issue/8384

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-06 14:11:27 +02:00
Rob Crittenden
4758db121e Simplify determining if IPA client configuration is complete
When asking the quesiton "is my IPA client configured?" right now
we look at whether the installation backed up any files and
/etc/ipa/default.conf exists.

Instead set a new state, installation, to True as soon as the
client installation finishes.

Unlike the server there is no upgrade process for clients so this
isn't going to be all that useful for quite some time unless that
changes because upgrading an existing install won't set this
to True.

https://pagure.io/freeipa/issue/8384

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-06 14:11:27 +02:00
Rob Crittenden
0fa8686918 Simplify determining if an IPA server installation is complete
When asking the quesiton "is my IPA server configured?" right now
we look at whether the installation backed up any files and set
any state. This isn't exactly precise.

Instead set a new state, installation, to True as soon as IPA
is restarted at the end of the installer.

On upgrades existing installations will automatically get this
state.

This relies on the fact that get_state returns None if no state
at all is set. This indicates that this "new" option isn't available
and when upgrading an existing installation we can assume the
install at least partly works.

The value is forced to False at the beginning of a fresh install
so if it fails, or is in a transient state like with an external
CA, we know that the installation is not complete.

https://pagure.io/freeipa/issue/8384

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-06 14:11:27 +02:00
Rob Crittenden
7e37b45e02 ipatests: Check permissions of /etc/ipa/ca.crt new installations
It should be 0644 root:root for both CA-ful and CA-less installs.

https://pagure.io/freeipa/issue/8441

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-06 12:49:51 +02:00
Rob Crittenden
ec367aa479 Set mode of /etc/ipa/ca.crt to 0644 in CA-less installations
It was previously being set to 0444 which triggered a warning
in freeipa-healthcheck.

Even root needs DAC_OVERRIDE capability to write to a 0o444 file
which may not be available in some environments.

https://pagure.io/freeipa/issue/8441

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-06 12:49:51 +02:00
Sergey Orlov
07341990d9 Fix password file permission
Invalid permission makes file unreadable by owner if he is not root.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-05 18:33:22 -04:00
Rob Crittenden
61db3527e3 ipatests: Test healthcheck revocation checker
Revoke the Apache certificate and ensure that healthcheck properly
reports the problem.

Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-05 14:04:57 -04:00
Florence Blanc-Renaud
606f1abd05 ipatests: collect IPA_RENEWAL_LOCK file
In order to troubleshoot certmonger timeouts, collect the
file /run/ipa/renewal.lock that is used as cross-process lock
by ipa-server-guard.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-05 14:02:37 -04:00
Stanislav Levin
c81cac70ac pylint: Fix warning and error
- fixed W0612(unused-variable)
- added missing dependency on python-yaml

Fixes: https://pagure.io/freeipa/issue/8442
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-08-04 13:47:28 -04:00
Florence Blanc-Renaud
d55e339df3 ipatests: fix test_ipahealthcheck.py::TestIpaHealthCheck
test_ipa_healthcheck_expiring is assuming that it's executed
on a KRA-less installation, but the test is executed after
test_ipa_healthcheck_no_errors that configures the KRA.

With a KRA install, 12 certs are monitored instead of 9.

Fixes: https://pagure.io/freeipa/issue/8439
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-08-04 13:34:56 -04:00
Alexander Bokovoy
3a42bc0960 extdom-extop: refactor tests to use unshare+chroot to override nss_files configuration
Unit tests for ipa-extdom-extop plugin use nss_files.so.2 module to test the
functionality instead of relying on SSSD API or nss_sss.so.2 module. The latter
two cannot be used in build environment.

nss_files.so.2 always tries to open /etc/passwd and /etc/group. In past, we
overloaded 'fopen()' to change the path to opened file but this stops working
after glibc consolidate file opening in nss_files with the code starting at
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=299210c1fa67e2dfb564475986fce11cd33db9ad,
this method is not usable anymore and builds against glibc 2.31.9000+ fail in
cmocka unit test execution in Rawhide.

Apply an alternative approach that uses a new user namespace to unshare the
test from its parent and chroot to the test data where expected /etc/passwd and
/etc/group are provided. This method works only on Linux, thus only run the
unit test on Linux.

In case unshare() or chroot() fail, we have to skip tests that use
nss_files.so.2.

Fixes: https://pagure.io/freeipa/issue/8437
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-08-04 18:43:22 +03:00
Mark Reynolds
44259e8e68 Issue 8407 - Support changelog integration into main database
Description: Add support for both the old and new replication changelogs.
             First try to get and update the new entry, if it's not found
             then we know we need to update the old global changelog entry.

Fixes: https://pagure.io/freeipa/issue/8407

Signed-off-by: Mark Reynolds <mreynolds@redhat.com>

Fix missing self, and missing arg

Fix copy/paste error

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-04 10:54:57 +03:00
Florence Blanc-Renaud
a26e0ba558 ipatests: check KDC cert permissions in CA less install
The KDC certificate file must be stored with 644 permissions.
Add a test checking the file permissions on server + replica.

Related: https://pagure.io/freeipa/issue/8440
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-08-03 18:00:08 -04:00
Florence Blanc-Renaud
9335bd9299 CAless installation: set the perms on KDC cert file
In CA less installation, the KDC certificate file does not have
the expected 644 permissions. As a consequence, WebUI login
fails.

The fix makes sure that the KDC cert file is saved with 644 perms.

Fixes: https://pagure.io/freeipa/issue/8440
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-08-03 18:00:08 -04:00
Florence Blanc-Renaud
0a3c98d236 ipatests: increase test_trust timeout
The integration test test_trust is often failing on timeout.
Add 30 minutes to increase the chances of completion.

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-03 19:16:32 +02:00
Peter Keresztes Schmidt
cf8ef6fd2d ipa-backup/restore: remove remaining chdir calls
Closes: https://pagure.io/freeipa/issue/7416
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-07-31 17:38:39 -04:00
Rob Crittenden
61c71e4a62 ipatests: Use healthcheck namespacing in stopped server test
The test_run_with_stopped_master() test runs ipactl stop
and then verifies that all the errors relate to the services
not being available. The newly integrated PKI tests also
report errors in this case.

Use the namespacing introduced in freeipa-healthcheck-0.6
to limit the execution to the ipahealthcheck.meta checks
to avoid the spurious PKI errors.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-31 12:47:00 -04:00
Rob Crittenden
d238fb4f2b ipatests: lib389 is now providing healthchecks, update naming
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-31 12:47:00 -04:00
Rob Crittenden
e1027cc8b1 ipatests: verify that all services can be detected by healthcheck
Add fixture to handle restarting services so that if something
goes wrong in the test the service(s) will all be restarted
so that subsequent tests can pass. Services are restarted in
reverse order.

Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-07-30 23:04:03 +02:00
Rob Crittenden
07bc5e2598 ipatests: Add healthcheck test for FileSystemSpaceCheck
Create a large file in one of the checked filesystems beyond
the allowed threshold and ensure that both the minimum space
and minimum percent errors are reported.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-07-30 23:02:24 +02:00
Rob Crittenden
c84b1db809 ipatests: Test that healthcheck detects and reports expiration
Set the date forward to while the certificates are still valid and
run healthcheck to confirm that an appropriate warning is made.

This validates two separate checks, one that relies on certmonger
to report expiration and one that relies on the data on disk to
determine expiration in case certmonger is out-of-date for some
reason (belt and suspenders).

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-07-30 18:15:05 +02:00
Serhii Tsymbaliuk
bcae209404 WebUI tests: Add test case to cover user ID override feature
The test case includes adding an user ID override to Default Trust View
and adding the ID override to some IPA group.

Ticket: https://pagure.io/freeipa/issue/8416

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-07-30 14:24:26 +03:00
Serhii Tsymbaliuk
5d9d6348c1 WebUI: Fix error "unknown command 'idoverrideuser_add_member'"
There was wrong IPA.associator class used for 'Groups' -> 'User ID overrides' association,
as a result a wrong command was sent to the server.

Ticket: https://pagure.io/freeipa/issue/8416

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-07-30 14:24:26 +03:00
Florence Blanc-Renaud
143b23cb75 ipatests: fix test_authselect
Before the code fix, install/uninstall on a config without
any authselect profile was not able to restore the exact
state but configured sssd profile instead.

Now that the code is doing a pre-install backup, uninstall
restores the exact state and the test needs to be updated
accordingly.

Related: https://pagure.io/freeipa/issue/8189
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-30 13:10:39 +02:00
Florence Blanc-Renaud
aac570bb45 ipatests: remove the xfail for test_nfs.py
Related: https://pagure.io/freeipa/issue/8189
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-30 13:10:39 +02:00
Florence Blanc-Renaud
f12d37724f ipa-client-install: use the authselect backup during uninstall
When ipa-client-install is run on a system with no existing
authselect configuration (for instance a fedora 31 new install),
uninstallation is picking sssd profile but this may lead to
a configuration with differences compared to the pre-ipa-client
state.

Now that authselect provides an option to backup the existing
configuration prior to setting a profile, the client install
can save the backup name and uninstall is able to apply the
backup in order to go back to the pre-ipa-client state.

Fixes: https://pagure.io/freeipa/issue/8189
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-30 13:10:39 +02:00
Rob Crittenden
550fbc0b9f ipatests: Test cases for healthcheck File checker(s)
These check for modified file ownership (user and group) and
too permissive and restrictive permissions across the three
types of files checked by the healthcheck FileCheck.

This replaces an existing test for TomcatFileCheck which adds
more functionality and consolidates all file checks together.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
2020-07-30 13:08:18 +02:00
sumenon
bb2dfbbf0b ipatests: Test IPACertNSSTrust check when trust attributes is modified for specific cert
This test modifies the trust attribute of Server-Cert
and checks that healthcheck tool reports correct status

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-07-30 13:03:46 +02:00
Christian Heimes
8f6502db03 Convert ipa-httpd-pwdreader into Python script
and use paths from ipaplatform.

Fixes: https://pagure.io/freeipa/issue/8401
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-30 11:38:25 +02:00
Christian Heimes
664007e031 Explicitly pass keytab to ipa-join
ipa-join defaults to /etc/krb5.keytab. Use ``-k paths.KRB5_KEYTAB`` to
write the keytab to /data share in containers.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-30 11:38:25 +02:00
Christian Heimes
64b20aad28 Write state dir to smb.conf
smb.conf now sets state and cache directory, then includes the registry.
This also allows us to write the final smb.conf before importing
remaining settings into the Samba registry.

Fixes: https://pagure.io/freeipa/issue/8401
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-30 11:38:25 +02:00
Christian Heimes
02986ff42b Add ipaplatform for Fedora and RHEL container
Container platforms for Fedora and RHEL simplify FreeIPA container
effort. Paths are based on patches from
https://github.com/freeipa/freeipa-container

Fixes: https://pagure.io/freeipa/issue/8401
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-30 11:38:25 +02:00
Christian Heimes
eec5c9d820 Allow to override ipaplatform with env var
The ipaplatform provider module can now be overriden by setting
IPAPLATFORM_OVERRIDE environment variable.

Fixes: https://pagure.io/freeipa/issue/8401
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-30 11:38:25 +02:00
Rob Crittenden
5dd5669511 Replace SSLCertVerificationError with CertificateError for py36
This exception was added in python 3.7. Use CertificateError
instead which is an alias and will work with older python releases.

https://bugzilla.redhat.com/show_bug.cgi?id=1858318

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-07-30 10:57:35 +02:00
Stanislav Levin
55b7787ef5 ipatests: Don't turn Pytest IPA deprecation warnings into errors
With new Pytest 6.0 [0]:

> PytestDeprecationWarning are now errors by default.
Following our plan to remove deprecated features with as little disruption as
possible, all warnings of type PytestDeprecationWarning now generate errors
instead of warning messages.

PytestWarnings are no longer marked as the part of public API, but as
internal warnings. It's unsafe to use bare PytestDeprecationWarning,
which is turned into the error on major releases.

[0]: https://github.com/pytest-dev/pytest/releases/tag/6.0.0

Fixes: https://pagure.io/freeipa/issue/8435
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-07-29 15:10:00 -04:00
Serhii Tsymbaliuk
d452e45ff0
WebUI tests: Change navigation tests to find menu items using data-name instead of href
Since menu pseudo-links was replaced with real one, navigation tests must be changed to not use href
for searching items.

Ticket: https://pagure.io/freeipa/issue/7137

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2020-07-29 14:06:55 +02:00
Serhii Tsymbaliuk
b25bccc59a
WebUI: Fix issue with opening links in new tab/window
- fix table item links reference
- fix global menu links reference
- fix API browser side panel links
- fix tab links reference

Ticket: https://pagure.io/freeipa/issue/7137

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2020-07-29 14:06:55 +02:00
François Cami
763d3b059b ipatests: test_otp: convert test_2fa_enable_single_prompt to run_ssh_cmd
Paramiko is not compatible with FIPS.
Migrate test_2fa_enable_single_prompt to the OpenSSH CLI SSH(1).
Rationale: this is exactly what clients use.
Also add a warning when test_2fa_disable_single_prompt is executed in FIPS mode.

Fixes: https://pagure.io/freeipa/issue/8129
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2020-07-29 13:53:52 +02:00
François Cami
a9f055787a ipatests: ui_driver: convert run_cmd_on_ui_host to tasks.py::run_ssh_cmd
Paramiko is not compatible with FIPS.
Migrate run_cmd_on_ui_host to the OpenSSH CLI SSH(1) using
tasks.py's run_ssh_cmd.
Rationale: this is exactly what clients use.

Fixes: https://pagure.io/freeipa/issue/8129
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2020-07-29 13:53:52 +02:00
François Cami
326e13347c ipatests: test_commands: test_login_wrong_password: Paramiko=>OpenSSH
Paramiko is not compatible with FIPS.
Migrate test_login_wrong_password to the OpenSSH CLI SSH(1).
Rationale: this is exactly what clients use.

Fixes: https://pagure.io/freeipa/issue/8129
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2020-07-29 13:53:52 +02:00
François Cami
112386f76a ipatests: test_commands: test_ssh_from_controller: Paramiko=>OpenSSH
Paramiko is not compatible with FIPS.
Migrate test_ssh_from_controller to the OpenSSH CLI SSH(1).
Rationale: this is exactly what clients use.

Fixes: https://pagure.io/freeipa/issue/8129
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2020-07-29 13:53:52 +02:00
François Cami
27ed8260ba ipatests: test_commands: test_ssh_from_controller: refactor
test_ssh_from_controller does not use methods provided by tasks.py.
Refactor using those methods.

Related: https://pagure.io/freeipa/issue/8129
Signed-off-by: François Cami <fcami@redhat.com>

Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2020-07-29 13:53:52 +02:00
François Cami
5cc7a2b703 ipatests: test_user_permissions: test_selinux_user_optimized Paramiko=>OpenSSH
Paramiko is not compatible with FIPS.
Migrate test_selinux_user_optimized to the OpenSSH CLI SSH(1).
Rationale: this is exactly what clients use.

Fixes: https://pagure.io/freeipa/issue/8129
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2020-07-29 13:53:52 +02:00
François Cami
73ae4c77f3 ipatests: test_commands: test_ssh_key_connection: Paramiko=>OpenSSH
Paramiko is not compatible with FIPS.
Migrate test_ssh_key_connection to the OpenSSH CLI SSH(1).
Rationale: this is exactly what clients use.

Fixes: https://pagure.io/freeipa/issue/8129
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2020-07-29 13:53:52 +02:00
François Cami
d5148c6541 tasks: add run_ssh_cmd
Paramiko is not compatible with FIPS.
A replacement is needed, and since what clients use is "ssh",
create a shim over it so that tests can leverage it.

Fixes: https://pagure.io/freeipa/issue/8129
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2020-07-29 13:53:52 +02:00
François Cami
178d80969c ipatests: test_sss_ssh_authorizedkeys
Add debug information to the ssh invocation.

Related: https://pagure.io/freeipa/issue/8151
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2020-07-29 09:00:26 +02:00
François Cami
f7ed159769 ipatests: re-enable test_sss_ssh_authorizedkeys
Re-enable test_sss_ssh_authorizedkeys.

Related: https://pagure.io/freeipa/issue/8151
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2020-07-29 09:00:26 +02:00
François Cami
3546fef0bb ipatests: test_commands: test_login_wrong_password: look farther in time
Sometimes test_login_wrong_password fails because the log window the
string message is searched in is too narrow.
Broaden the window by looking at the past 10 seconds.

Fixes: https://pagure.io/freeipa/issue/8432
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-07-28 19:33:11 +02:00