Commit Graph

1420 Commits

Author SHA1 Message Date
Florence Blanc-Renaud
55c0a93271 ipatests: fix test_replica_uninstall_deletes_ruvs
test_topology.py is failing because of a wrong scenario.
Currently, test_replica_uninstall_deletes_ruvs does:
- install master + replica with CA
- ipa-replica-manage list-ruv to check that the repl is
propery setup
- ipa-replica-manage del $replica
- (on replica) ipa-server-install --uninstall -U
- ipa-replica-manage list-ruv to check that replica
does not appear any more in the RUV list

When ipa-replica-manage del is run, the topology plugin
creates 2 tasks cleanallruvs (one for the domain, one for the ca)
and they are run asynchronously. This means that the ruvs may
still be present when the test moves forward and calls list-ruv.

The test should wait for the cleanallruvs tasks to finish before
checking that list-ruv does not display replica anymore.

Fixes https://pagure.io/freeipa/issue/7545

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-11-20 13:34:07 +01:00
Christian Heimes
7434a3299d PR-CI: Restart rpcbind when it blocks kadmin port
Every now and then, a PR-CI job fails because rpcbind blocks the kadmin
port 749/UDP and kadmin.service fails to start. When NFS secure port is
configured, rpcbind reserves a random low port.

A new workaround detects the blocked port and restarts rpcbind.service.

See: https://pagure.io/freeipa/issue/7769
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
2018-11-20 09:31:32 +01:00
Serhii Tsymbaliuk
6dc8b0c6a7
Fix nightly PR CI configuration for Web UI tests
Add strip operator for test_suite definitions (in nightly_*.yaml) to prevent inserting line breaks.

https://pagure.io/freeipa/issue/7756

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-16 10:55:56 +01:00
Christian Heimes
1e2c4d5bd1 Fix pytest deprecation warning
conftest uses the Function attribute of a pytest.Function object. Latest
pytest has deprecated the attribute:

  _pytest.warning_types.RemovedInPytest4Warning: usage of Function.Function
   is deprecated, please use pytest.Function instead

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-11-15 15:02:13 +01:00
Florence Blanc-Renaud
14ad844bb1 ipatests: add missing tests in test_backup_and_restore.py
3 tests were missing from this test file in the nightly tests:
- TestBackupAndRestoreWithReplica
- TestBackupAndRestoreDMPassword
- TestReplicaInstallAfterRestore

one test was having the wrong name in nightly_rawhide:
TestUserRootFilesOwnershipPermission

Related to https://pagure.io/freeipa/issue/7743

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-13 15:16:35 +01:00
Christian Heimes
ec61f5de3c Silence comparison-with-itself in tests
Test code performs comparison to itself in order to verify __eq__ and
__ne__ implementations.

See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 13:37:58 +01:00
Christian Heimes
c00dd21106 Fix various dict related pylint warnings
* dict-keys-not-iterating
* dict-values-not-iterating
* dict-items-not-iterating
* dict-iter-method

See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 13:37:58 +01:00
Christian Heimes
1e569c4f46 Fix Module 'pytest' has no 'config' member
pytest.config is created dynamically.

See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 13:37:58 +01:00
Christian Heimes
713607769e Fix useless-import-alias
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 13:37:58 +01:00
Christian Heimes
83cdd27f97 Fix comparison-with-callable
Pylint warns about comparing callable. Replace equality with identity
test.

See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 13:37:58 +01:00
Christian Heimes
496d1756c9 Address consider-using-in
Replace multiple comparisons with 'in' operation.

See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 13:37:58 +01:00
Christian Heimes
85286beb5b Address inconsistent-return-statements
Pylint warns about inconsistent return statements when some paths of a
function return None implicitly. Make all implicit returns either
explicit or raise a proper exception.

See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 13:37:58 +01:00
Florence Blanc-Renaud
1dd98d2517 Revert "temp commit: run test_integration/test_caless.py::TestCertInstall"
This reverts commit 5483f9f6bb.
2018-11-13 13:22:54 +01:00
Florence Blanc-Renaud
5483f9f6bb temp commit: run test_integration/test_caless.py::TestCertInstall
Please remove before pushing

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 13:04:19 +01:00
Florence Blanc-Renaud
8b7e17aa16 ipatests: update tests for ipa-server-certinstall
The test test_http_intermediate_ca was expecting success when
it should expect a failure. Scenario:
- install IPA ca-less with certs signed by rootCA
- call ipa-server-certinstall with a cert signed by a subCA
to replace http cert.
In this case, the command should refust changing the cert
(otherwise the clients won't be able any more to use
ipa * commands as the subca is not installed in /etc/ipa/nssdb
or in /etc/ipa/ca.crt).

The commit fixes the test expectation and marks the test as
xfail (see ticket 7759).

The test test_ds_intermediate_ca was expecting success when
it should expect a failure. Same scenario as above, but for
the ldap server cert.

The commit fixes the test expectation and removes the xfail
(ticket 6959 was closed as invalid).

Note:
The behavior differs for ldap and http cert because LDAP server
is using a NSSDB and http server is using openssl, hence
ipa-server-certinstall follows 2 different code paths when
changing the server cert.

Related to https://pagure.io/freeipa/issue/7759
Related to https://pagure.io/freeipa/issue/6959

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 13:04:19 +01:00
Florence Blanc-Renaud
1be415cd04 ipatests: add missing tests for test_caless
Two tests were missing from nightly definition:
- test_caless.py::TestReplicaCALessToCAFull
- test_caless.py::TestServerCALessToExternalCA

Related to https://pagure.io/freeipa/issue/7743

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-13 12:42:38 +01:00
Florence Blanc-Renaud
da4c12c3e6 ipatests: add integration test for "Read radius servers" perm
Add a new integration test for the following scenario:
- create a user with the "User Administrator" role
- as this user, create a user with a --radius=<radius_proxy_server>

This scenario was previously failing because ipa user-add --radius
requires read access to the radius server entries, and there was no
permission granting this access.

Related to https://pagure.io/freeipa/issue/7570

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-13 12:40:44 +01:00
Florence Blanc-Renaud
1c2c2ee6f8 tests: add xmlrpc test for ipa user-add --radius-username
Add a xmlrpc test for ipa user-add/user-mod --radius-username
The command were previously failing because the objectclass
ipatokenradiusproxyuser was not automatically added when the
attribute ipatokenRadiusUserName was added to the entry.

The test ensures that the command is now succeeding.

Related to https://pagure.io/freeipa/issue/7569

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-13 12:40:44 +01:00
Christian Heimes
a606b44f3a Drop dependency on 389-ds-base-legacy-tools
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 12:07:27 +01:00
Stanislav Laznicka
8fb63966cd Use the newer way of removing the DS instance
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 12:07:27 +01:00
Florence Blanc-Renaud
1e6a77a6da ipatests: fix CA less expectations
The test TestServerInstall::test_ca_2_certs has a
wrong expectation. Scenario:
install a CA-less master with
ipa-server-install --ca-cert-file root.pem
where root.pem contains the CA that signed the http and ldap
certificates + an additional (unneeded) CA cert.

The test was expecting a failure, but this scenario is not
problematic as long as the unneeded CA cert is not added.

Related to https://pagure.io/freeipa/issue/6289 which has been
closed as won't fix

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-11-13 10:51:07 +01:00
Rob Crittenden
3e8f550c29 Add tests for ipa-cacert-manage install
Some basic tests like re-loading a certificate, loading a
PKCS#7 cert and bad cert handling.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

https://pagure.io/freeipa/issue/7579

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-11-13 10:44:14 +01:00
Serhii Tsymbaliuk
87474cc1a3
Split Web UI test suite in nightly PR CI configuration
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-12 12:04:27 +01:00
François Cami
044ffe0dd0 Add sysadm_r to default SELinux user map order
It is a standard SELinux user role included in RHEL (like
user_r, staff_r, guest_r) and used quite often.

Fixes: https://pagure.io/freeipa/issue/7658
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-11-09 17:16:19 -05:00
Florence Blanc-Renaud
60a31d3f0e Nightly tests: add test_user_permissions.py
Run the above test in the nightly test suites

Related to https://pagure.io/freeipa/issue/7743

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-09 15:58:10 +01:00
Christian Heimes
4cede86673 Speed up test_customized_ds_config_install
Reuse master instance when installing replica with custom DS config.
This avoids one extra ipa-server-install and also tests replica
installation from a master with custom DS config.

See: https://pagure.io/freeipa/issue/7743
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-11-08 17:46:38 +01:00
Christian Heimes
e64ae1d043 Add missing tests to nighly runs
Run test_customized_ds_config_install and test_dns_locations in nightly
runs.

See: https://pagure.io/freeipa/issue/7743
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-11-08 17:46:38 +01:00
Christian Heimes
e569afb04e Fix test_cli_fsencoding on Python 3.7, take 2
0a5a7bdef7 introduced another problem. The
test is now failing on systems without a full IPA client or server
installation. Use IPA_CONFDIR env var to override location of
default.conf, so that the command always fails.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-11-08 16:03:21 +01:00
Christian Heimes
816783a1b9 Copy-paste error in permssions plugin, CID 323649
Address a bug in the code block for attributeLevelRights for old clients.
The backward compatibility code for deprecated options was not triggered,
because the new name was checked against wrong dict.

Coverity Scan issue 323649, Copy-paste error

   The copied code will not have its intended effect.
   In postprocess_result: A copied piece of code is inconsistent with the
   original (CWE-398)

See: Fixes: https://pagure.io/freeipa/issue/7753
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-08 13:16:26 +01:00
Serhii Tsymbaliuk
da70f397cb Increase memory size for ipaserver topology (nightly-master.yaml)
Fix "Cannot allocate memory" error for Web UI tests

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-08 08:34:13 +01:00
Alexander Bokovoy
82af034023 ipaserver.install.adtrust: fix CID 323644
Fix Coverity finding CID 323644: logically dead code path

The code to determine whether NetBIOS name was already set or need to be
set after deriving it from a domain or asking a user for an interactive
input, was refactored at some point to avoid retrieving the whole LDAP
entry. Instead, it was provided with the actual NetBIOS name retrieved.

As result, a part of the code got neglected and was never executed.

Fix this code and provide a test that tries to test predefined,
interactively provided and automatically derived NetBIOS name depending
on how the installer is being run.

We mock up the actual execution so that no access to LDAP or Samba is
needed.

Fixes: https://pagure.io/freeipa/issue/7753
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-07 16:37:18 +01:00
Christian Heimes
8b0f3595fd Allow ipaapi user to access SSSD's info pipe
For smart card authentication, ipaapi must be able to access to sss-ifp.
During installation and upgrade, the ipaapi user is now added to
[ifp]allowed_uids.

The commit also fixes two related issues:

* The server upgrade code now enables ifp service in sssd.conf. The
  existing code modified sssd.conf but never wrote the changes to disk.
* sssd_enable_service() no longer fails after it has detected an
  unrecognized service.

Fixes: https://pagure.io/freeipa/issue/7751
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-11-07 16:28:35 +01:00
Sergey Orlov
324da5c379 ipatests: add test for ipa-advise for enabling sudo for admins group
Test that
1) sudo is not enabled for members of admins group by default
2) sudo is enabled for them after execution of script provided
by ipa-advise enable_admins_sudo

Related to https://pagure.io/freeipa/issue/7538

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-07 13:48:54 +01:00
Christian Heimes
0a5a7bdef7 Fix test_cli_fsencoding on Python 3.7
Starting with Python 3.7, PEP 538 addresses the locale issue. Python now
supports UTF-8 file system encoding with non-UTF-8 C locale.

See: https://docs.python.org/3/whatsnew/3.7.html#whatsnew37-pep538
See: https://pagure.io/freeipa/issue/5887
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-07 13:11:48 +01:00
Serhii Tsymbaliuk
8954521007
WebUI tests: Make possible to use kwargs with @screenshot decorator
Reviewed-By: Petr Cech <pcech@redhat.com>
2018-10-31 11:55:35 +01:00
Serhii Tsymbaliuk
8f2a75cb00
UI tests for "Automount": check dialog confirmation using ENTER
https://pagure.io/freeipa/issue/7735

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-10-31 11:55:35 +01:00
Serhii Tsymbaliuk
6444808fd2
UI tests for "Automount": check some negative cases
https://pagure.io/freeipa/issue/7735

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-10-31 11:55:35 +01:00
Serhii Tsymbaliuk
ba40590e9d
UI tests for "Automount": check indirect map duplication
https://pagure.io/freeipa/issue/7735

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-10-31 11:55:35 +01:00
Serhii Tsymbaliuk
b7a149feb2
UI tests for "Automount": check creating automount key without some fields
https://pagure.io/freeipa/issue/7735

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-10-31 11:55:35 +01:00
Serhii Tsymbaliuk
de06bf2778
UI tests for "Automount": check creating indirect automount map without some fields
https://pagure.io/freeipa/issue/7735

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-10-31 11:55:35 +01:00
Serhii Tsymbaliuk
97f158aeec
UI tests for "Automount": Fix item deleting
https://pagure.io/freeipa/issue/7735

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-10-31 11:55:35 +01:00
Serhii Tsymbaliuk
e957e0aef0
UI tests for "Automount": check modifying map and key settings
https://pagure.io/freeipa/issue/7735

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-10-31 11:55:35 +01:00
Serhii Tsymbaliuk
1d4b43efa4
UI tests for "Automount": check "Add Automount..." dialogs
https://pagure.io/freeipa/issue/7735

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-10-31 11:55:35 +01:00
Serhii Tsymbaliuk
8949aa64d9
UI tests for "Automember": Extend search cases
https://pagure.io/freeipa/issue/7721

Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Petr Cech <pcech@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-10-30 16:26:29 +01:00
Serhii Tsymbaliuk
cd795257cc
UI tests for "Automember": Negative cases
https://pagure.io/freeipa/issue/7721

Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Petr Cech <pcech@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-10-30 16:26:29 +01:00
Serhii Tsymbaliuk
33a74fb2c4
UI tests for "Automember": check setting default user/host group
https://pagure.io/freeipa/issue/7721

Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Petr Cech <pcech@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-10-30 16:26:29 +01:00
Serhii Tsymbaliuk
a68035dcae
UI tests for "Automember": check creating and deleting of automember rule conditions
https://pagure.io/freeipa/issue/7721

Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Petr Cech <pcech@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-10-30 16:26:29 +01:00
Serhii Tsymbaliuk
63cbf6294e
UI tests for "Automember": check creating and deleting of multiple rules
https://pagure.io/freeipa/issue/7721

Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Petr Cech <pcech@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-10-30 16:26:29 +01:00
Serhii Tsymbaliuk
49df1ab1c8
UI tests for "Automember": check search filter
https://pagure.io/freeipa/issue/7721

Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Petr Cech <pcech@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-10-30 16:26:29 +01:00
Fraser Tweedale
4b920df483 Restore KRA clone installation integration test
This Dogtag issue that caused KRA clone installation failure in some
scenarios has been fixed (https://pagure.io/dogtagpki/issue/3055).
This reverts commit 2488813260 and
bumps the pki-core dependency.

Fixes: https://pagure.io/freeipa/issue/7654
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-10-26 21:37:39 +02:00