Commit Graph

736 Commits

Author SHA1 Message Date
Ganna Kaihorodova
64c5340329 Fix for integration tests replication layouts
Domain level 0 doesn't allow to create replica file on CA-less master, testcases were skipped with Domain level 0

[https://fedorahosted.org/freeipa/ticket/6134]

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-08-16 12:55:40 +02:00
Milan Kubík
b92b1d7d7f ipatests: Fix wrong fixture in kerberos principal alias test
https://fedorahosted.org/freeipa/ticket/6197

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-16 12:13:30 +02:00
Lenka Doudova
f75735b16a Tests: test_ipalib/test_output fails due to change of Output behaviour
https://fedorahosted.org/freeipa/ticket/6189

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-16 11:56:49 +02:00
Lenka Doudova
71d0bc7c10 Tests: Add data attribute to messages
Tests test_ipalib/test_messages.py are failing because messages now contain
also 'data' attribute, which is not yet reflected in tests.

https://fedorahosted.org/freeipa/ticket/6185

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-16 11:56:49 +02:00
Peter Lacko
019f3611c2 Test URIs in certificate.
Test that CRL URI and OCSP URI are present and correct in generated certificate.

https://fedorahosted.org/freeipa/ticket/5881

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-11 15:07:46 +02:00
Petr Vobornik
6217d680da ca-less tests: fix getting cert in pem format from nssdb
usage of ipautil.run in  get_pem methond of ca-less tests was not
refactored when the ipautil.run was refactored in
099cf98307

This results in failure of all CA-less test.

https://fedorahosted.org/freeipa/ticket/6177

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-10 16:53:33 +02:00
Stanislav Laznicka
9f26e395e5 Removed objectclass from LDAP*ReverseMember based tests
Some tests were broken because of the recent changes in baseldap (#5892)
as they were wrongly expecting an objectclass attribute.

https://fedorahosted.org/freeipa/ticket/6198

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-10 13:53:55 +02:00
Oleg Fayans
bd5746c538 Fixed incorrect domainlevel determination in tests
https://fedorahosted.org/freeipa/ticket/6167

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-05 13:16:29 +02:00
Oleg Fayans
2df047b8c5 Fixed incorrect return code assert
The assert checked that the returncode of the replica uninstallation is zero
where in fact the uninstallation was expected to fail with the certain error
message

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-04 15:11:42 +02:00
Oleg Fayans
4e574cde72 Fixed import error
assert_error was lately transfered from test_caless.py to tasks.py, which
started to cause import errors in replica promotion tests

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-03 15:31:36 +02:00
Lenka Doudova
63a91ca49a Tests: Remove has_keytab from list of expected keys of update command
As part of https://fedorahosted.org/freeipa/ticket/5281, the has_keytab
attribute was removed from results of service-mod command. Removing this
attribute from list of expected keys to prevent failing tests.

Ticket: https://fedorahosted.org/freeipa/ticket/6149
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
2016-08-01 17:16:40 +02:00
tester
5f5203eb62 TEST: managing service certificates
Part of: https://fedorahosted.org/freeipa/ticket/6064

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-08-01 17:07:49 +02:00
tester
20e8cef394 TEST: managing host certificates
Parf of: https://fedorahosted.org/freeipa/ticket/6064

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-08-01 17:07:49 +02:00
tester
37c0bd1dd6 TEST: managing user certificates
Part of: https://fedorahosted.org/freeipa/ticket/6064

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-08-01 17:07:49 +02:00
Pavel Vomacka
45825b84b0 Add function which check whether the field is empty
Part of: https://fedorahosted.org/freeipa/ticket/6064

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-08-01 17:07:49 +02:00
tester
26803a0d17 Add possibility to choose parent element by css
Part of: https://fedorahosted.org/freeipa/ticket/6064

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-08-01 17:07:49 +02:00
Lenka Doudova
a20c04033a Tests: Removing manipulation with /etc/hosts file from integration tests
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2016-08-01 10:20:16 +02:00
Milan Kubík
dd2e3a5547 ipatests: Add kerberos principal alias tests
Add tests for alias manipulation, tests authentication and several
error scenarios.

https://fedorahosted.org/freeipa/ticket/6142
https://fedorahosted.org/freeipa/ticket/6099

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-29 09:04:42 +02:00
Milan Kubík
e17ec08dae ipatests: Allow change_principal context manager to use canonicalization
The context manager has been extended to optionally request principal
canonicalization and indicate that the enterprise principal is being
used.

This allows to change the user during the test to an user using the alias
and to test behavior related to enterprise principals.

https://fedorahosted.org/freeipa/ticket/6142

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-29 09:04:42 +02:00
Milan Kubík
ddb7a08084 ipatests: Move trust mock helper functions to a separate module
Moves helper functions used in range plugin test to a separate
module to allow code reuse.

https://fedorahosted.org/freeipa/ticket/6142

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-29 09:04:42 +02:00
Milan Kubík
7c03708734 ipatests: Provide a context manager for mocking a trust in RPC tests
The new module contains utility functions and a context manager to
make the mocking of an existing AD trust relation in the XMLRPC tests.

The module provides with two functions that create and delete the
containers for trusts and cifs domains. A context manager using these
is provided as well.

The user of the context manager is responsible for deleting all the
LDAP entries created during the test within the context. If there are
some entries left at the time of exiting the context manager, making
the container entries non-leaf entries, the tests will fail.

The context manager will not work when used on a server that already
has trust established.

https://fedorahosted.org/freeipa/ticket/6142

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-29 09:04:42 +02:00
Milan Kubík
dde1240f5d ipatests: Extend the MockLDAP utility class
Added mod_entry method to allow modifying existing entries via the
ldap connection.

The commit also implements the context manager protocol for the class.

https://fedorahosted.org/freeipa/ticket/6142

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-29 09:04:42 +02:00
Milan Kubík
5582d1df32 ipatests: Add tracker class for kerberos principal aliases
The commit implements a mixin class providing capability
to track and modify kerberos principal aliases on supported
types of entries.

The class using the mixin must inherit from the Tracker class
and must provide the implementation of two methods:

* _make_add_alias_cmd
* _make_remove_alias_cmd

These are used to get the type specific command for the particular
entry class. The methods provided will not work on entries that
do not have 'krbprincipalname' attribute.

The service, host and user trackers are being extended to use this
new mixin class.

https://fedorahosted.org/freeipa/ticket/6142

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-29 09:04:42 +02:00
Pavel Vomacka
41ace68e04 Set default delete action name to 'delete'
Only specific delete actions will be explicitely set.

Part of: https://fedorahosted.org/freeipa/ticket/6052

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-07-27 19:23:28 +02:00
Pavel Vomacka
73ef15ccb4 Fix test which checks removing of user
The name of delete action is now 'delete_active_user' not just 'delete' therefore
tests needs to be fixed.

https://fedorahosted.org/freeipa/ticket/6052

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-07-27 19:22:30 +02:00
Pavel Vomacka
9f94a5f7ba Fix test_navigation tests
Some menu item names has changed. This commit sets the correct names.

https://fedorahosted.org/freeipa/ticket/6053

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-07-27 19:21:11 +02:00
Pavel Vomacka
8c07568c0b Remove navigation using breadcrumb menus
https://fedorahosted.org/freeipa/ticket/6054

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-07-27 19:18:40 +02:00
Martin Basti
ae623864ee CI tests: fix SSSD log collecting
Wildcard '*' has not been working for log collecting. I just set
the whole SSSD log directory to be collected. tar utility is able to
archive whole directories.

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-26 15:34:07 +02:00
Martin Basti
f05615bb83 CI tests: improve log collecting
We should collect as much as possible relevant logs to be able do better
investigation from test automation

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-26 15:34:07 +02:00
Ben Lipton
99a702568d Fix several small typos
Fixes: https://fedorahosted.org/freeipa/ticket/6085
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-07-26 12:03:44 +02:00
Lenka Doudova
648b5afa2f Tests: IPA user can kinit using enterprise principal with IPA domain
Providing missing test case verifying authentication as IPA user, namely:
"kinit -E ipauser@IPADOMAIN".

https://fedorahosted.org/freeipa/ticket/6036

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-25 12:22:21 +02:00
Florence Blanc-Renaud
bc7eb99a29 Fix session cookies
The CLI was not using session cookies for communication with IPA API.
The kernel_keyring code was expecting the keyname to be a string, but
in python 2 a unicode was supplied (the key is built using
ipa_session_cookie:%principal and principal is a unicode).

The patch fixes the assertions, allowing to store and retrieve the cookie.
It also adds a test with unicode key name.

https://fedorahosted.org/freeipa/ticket/5984

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-07-22 16:30:32 +02:00
Ganna Kaihorodova
359cfeb7c6 Fix conflict between "got" and "expected" values
Fix conflict between "got" and "expected" values when testing "dnsconfig_mod:
Update global DNS settings"

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-07-21 20:01:51 +02:00
Lenka Doudova
9093647f86 Tests: Improve handling of rename operation by user tracker
Improving handling of rename operation by user tracker, together with
fixes for user tests, that failed as consequence.
Failures were caused by RFE Kerberos principal alias.

Some tests were rewritten, since they used "--setattr" option instead of
"--rename", and hence didn't reflect proper behaviour of the principal
aliases feature.

https://fedorahosted.org/freeipa/ticket/6024

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-20 18:08:34 +02:00
Lenka Doudova
6a072f3c5c Tests: Support of UPN for trusted domains
Basic set of tests to verify support of UPN functionality.

Test cases:
- establish trust
- verify the trust recognizes UPN
- verify AD user with UPN can be resolved
- verify AD user with UPN can authenticate
- remove trust

https://fedorahosted.org/freeipa/ticket/6094

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-19 13:29:51 +02:00
Lenka Doudova
f487233df0 Tests: External trust
Provides basic coverage for external trust feature.
Test cases:
1. verify an external trust with AD subdomain can be established
   - verify only one trustdomain is listed
   - verify subdomain users are resolvable
   - verify trust can be deleted
2. verify non-external trust with AD subdomain cannot be established
3. verify an external trust with AD forest root domain can be established
   - verify that even if AD subdomain is specified, it is not associated with the trust
   - verify trust can be deleted

https://fedorahosted.org/freeipa/ticket/6093

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-19 13:25:29 +02:00
Martin Basti
72b2c8a54d CI: DNS locations
This test is testing default IPA system records in locations, if
priority and weight were properly set per service, per server, per
location.

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-07-18 13:31:18 +02:00
Lenka Doudova
aab861142d Tests: Authentication indicators integration tests
https://fedorahosted.org/freeipa/ticket/433

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-07-15 13:57:18 +02:00
Lenka Doudova
dcdbbb9759 Tests: Authentication indicators xmlrpc tests
https://fedorahosted.org/freeipa/ticket/433

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-07-15 13:57:18 +02:00
Lenka Doudova
0f9a5ce6b4 Tests: Tracker class for services
Provides basic service tracker, so far for purposes of [1].
Tracker is not complete, some methods will need to be added in case of service test refactoring.

[1] https://fedorahosted.org/freeipa/ticket/433

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-07-15 13:57:18 +02:00
Milan Kubík
0277a89825 ipatests: remove ipacertbase option from test CSR configuration
The issue was found during test review. If the cert base contains
spaces, openssl req fails.

https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2016-07-12 10:55:50 +02:00
Milan Kubík
d88a12f1f5 ipatests: Test Sub CA with CAACL and certificate profile
Test the Sub CA feature by signing a CSR with custom
certificate profile.

The test also covers 'cert-request' fallback behaviour
for missing 'cacn' and 'profile-id' options by reusing
the fixtures from the module.

https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2016-07-12 10:55:50 +02:00
Milan Kubík
5b37aaad77 ipatests: Extend CAACL suite to cover Sub CA members
https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2016-07-12 10:55:50 +02:00
Milan Kubík
ea9b15f435 ipatests: Tracker implementation for Sub CA feature
The patch implements Tracker subclass for CA plugin
and the basic CRUD tests for the plugin entries.

https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2016-07-12 10:55:50 +02:00
Oleg Fayans
f784532d4e Test for incorrect client domain
https://fedorahosted.org/freeipa/ticket/5976

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-07-01 17:59:27 +02:00
Martin Babinsky
acf2234ebc Unify display of principal names/aliases across entities
Since now users, hosts, and service all support assigning multiple principal
aliases to them, the display of kerberos principal names should be consistent
across all these objects. Principal aliases and canonical names will now be
displayed in all add, mod, show, and find operations.

https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-07-01 09:37:25 +02:00
Martin Babinsky
c2af032c03 Migrate management framework plugins to use Principal parameter
All plugins will now use this parameter and common code for all operations on
Kerberos principals.  Additional semantic validators and normalizers were
added to determine or append a correct realm so that the previous behavior is
kept intact.

https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-07-01 09:37:25 +02:00
Martin Babinsky
e6fc8f84d3 Test suite for ipapython/kerberos.py
Low-level unittests checking the correctness principal parsing.

https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-07-01 09:37:25 +02:00
Lenka Doudova
0399110240 Tests: Fix frontend tests
Test ipatests/test_ipalib/test_frontend.py::test_Command::test_validate fails due to attributes that are no longer present, therefore assertion for these values was removed.

https://fedorahosted.org/freeipa/ticket/5987

Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
2016-06-30 13:17:32 +02:00
Lenka Doudova
35d3a58421 Tests: Fix failing tests in ipatests/test_ipalib/test_frontend.py
Test fails were caused mainly by assertion between unicode and nonunicode string, or due to changes in code related to thin client.

Fixes:
test_Command::test_default_from_chaining
test_Command::test_args_options_2_params
test_Command::test_params_2_args_options
test_Command::test_validate_output_per_type

Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
2016-06-30 13:16:31 +02:00