Domain level 0 doesn't allow to create replica file on CA-less master, testcases were skipped with Domain level 0
[https://fedorahosted.org/freeipa/ticket/6134]
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Tests test_ipalib/test_messages.py are failing because messages now contain
also 'data' attribute, which is not yet reflected in tests.
https://fedorahosted.org/freeipa/ticket/6185
Reviewed-By: Martin Basti <mbasti@redhat.com>
Test that CRL URI and OCSP URI are present and correct in generated certificate.
https://fedorahosted.org/freeipa/ticket/5881
Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
usage of ipautil.run in get_pem methond of ca-less tests was not
refactored when the ipautil.run was refactored in
099cf98307
This results in failure of all CA-less test.
https://fedorahosted.org/freeipa/ticket/6177
Reviewed-By: Martin Basti <mbasti@redhat.com>
Some tests were broken because of the recent changes in baseldap (#5892)
as they were wrongly expecting an objectclass attribute.
https://fedorahosted.org/freeipa/ticket/6198
Reviewed-By: Martin Basti <mbasti@redhat.com>
The assert checked that the returncode of the replica uninstallation is zero
where in fact the uninstallation was expected to fail with the certain error
message
Reviewed-By: Martin Basti <mbasti@redhat.com>
assert_error was lately transfered from test_caless.py to tasks.py, which
started to cause import errors in replica promotion tests
Reviewed-By: Martin Basti <mbasti@redhat.com>
The context manager has been extended to optionally request principal
canonicalization and indicate that the enterprise principal is being
used.
This allows to change the user during the test to an user using the alias
and to test behavior related to enterprise principals.
https://fedorahosted.org/freeipa/ticket/6142
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Moves helper functions used in range plugin test to a separate
module to allow code reuse.
https://fedorahosted.org/freeipa/ticket/6142
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
The new module contains utility functions and a context manager to
make the mocking of an existing AD trust relation in the XMLRPC tests.
The module provides with two functions that create and delete the
containers for trusts and cifs domains. A context manager using these
is provided as well.
The user of the context manager is responsible for deleting all the
LDAP entries created during the test within the context. If there are
some entries left at the time of exiting the context manager, making
the container entries non-leaf entries, the tests will fail.
The context manager will not work when used on a server that already
has trust established.
https://fedorahosted.org/freeipa/ticket/6142
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Added mod_entry method to allow modifying existing entries via the
ldap connection.
The commit also implements the context manager protocol for the class.
https://fedorahosted.org/freeipa/ticket/6142
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
The commit implements a mixin class providing capability
to track and modify kerberos principal aliases on supported
types of entries.
The class using the mixin must inherit from the Tracker class
and must provide the implementation of two methods:
* _make_add_alias_cmd
* _make_remove_alias_cmd
These are used to get the type specific command for the particular
entry class. The methods provided will not work on entries that
do not have 'krbprincipalname' attribute.
The service, host and user trackers are being extended to use this
new mixin class.
https://fedorahosted.org/freeipa/ticket/6142
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
The name of delete action is now 'delete_active_user' not just 'delete' therefore
tests needs to be fixed.
https://fedorahosted.org/freeipa/ticket/6052
Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
Wildcard '*' has not been working for log collecting. I just set
the whole SSSD log directory to be collected. tar utility is able to
archive whole directories.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
We should collect as much as possible relevant logs to be able do better
investigation from test automation
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Providing missing test case verifying authentication as IPA user, namely:
"kinit -E ipauser@IPADOMAIN".
https://fedorahosted.org/freeipa/ticket/6036
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
The CLI was not using session cookies for communication with IPA API.
The kernel_keyring code was expecting the keyname to be a string, but
in python 2 a unicode was supplied (the key is built using
ipa_session_cookie:%principal and principal is a unicode).
The patch fixes the assertions, allowing to store and retrieve the cookie.
It also adds a test with unicode key name.
https://fedorahosted.org/freeipa/ticket/5984
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Fix conflict between "got" and "expected" values when testing "dnsconfig_mod:
Update global DNS settings"
Reviewed-By: Martin Basti <mbasti@redhat.com>
Improving handling of rename operation by user tracker, together with
fixes for user tests, that failed as consequence.
Failures were caused by RFE Kerberos principal alias.
Some tests were rewritten, since they used "--setattr" option instead of
"--rename", and hence didn't reflect proper behaviour of the principal
aliases feature.
https://fedorahosted.org/freeipa/ticket/6024
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Basic set of tests to verify support of UPN functionality.
Test cases:
- establish trust
- verify the trust recognizes UPN
- verify AD user with UPN can be resolved
- verify AD user with UPN can authenticate
- remove trust
https://fedorahosted.org/freeipa/ticket/6094
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Provides basic coverage for external trust feature.
Test cases:
1. verify an external trust with AD subdomain can be established
- verify only one trustdomain is listed
- verify subdomain users are resolvable
- verify trust can be deleted
2. verify non-external trust with AD subdomain cannot be established
3. verify an external trust with AD forest root domain can be established
- verify that even if AD subdomain is specified, it is not associated with the trust
- verify trust can be deleted
https://fedorahosted.org/freeipa/ticket/6093
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This test is testing default IPA system records in locations, if
priority and weight were properly set per service, per server, per
location.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Provides basic service tracker, so far for purposes of [1].
Tracker is not complete, some methods will need to be added in case of service test refactoring.
[1] https://fedorahosted.org/freeipa/ticket/433
Reviewed-By: Milan Kubik <mkubik@redhat.com>
The issue was found during test review. If the cert base contains
spaces, openssl req fails.
https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Test the Sub CA feature by signing a CSR with custom
certificate profile.
The test also covers 'cert-request' fallback behaviour
for missing 'cacn' and 'profile-id' options by reusing
the fixtures from the module.
https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
The patch implements Tracker subclass for CA plugin
and the basic CRUD tests for the plugin entries.
https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Since now users, hosts, and service all support assigning multiple principal
aliases to them, the display of kerberos principal names should be consistent
across all these objects. Principal aliases and canonical names will now be
displayed in all add, mod, show, and find operations.
https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
All plugins will now use this parameter and common code for all operations on
Kerberos principals. Additional semantic validators and normalizers were
added to determine or append a correct realm so that the previous behavior is
kept intact.
https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Low-level unittests checking the correctness principal parsing.
https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Test ipatests/test_ipalib/test_frontend.py::test_Command::test_validate fails due to attributes that are no longer present, therefore assertion for these values was removed.
https://fedorahosted.org/freeipa/ticket/5987
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
Test fails were caused mainly by assertion between unicode and nonunicode string, or due to changes in code related to thin client.
Fixes:
test_Command::test_default_from_chaining
test_Command::test_args_options_2_params
test_Command::test_params_2_args_options
test_Command::test_validate_output_per_type
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>