The IntegrationTest.install method installs the full topology while in ca-less
tests we need to check server installation, thus the nodes should not have
server or replica installed
Reviewed-By: David Kupka <dkupka@redhat.com>
Upon uninstallation IPA does not remove certs from the system, see
https://fedorahosted.org/freeipa/ticket/4639 for details. This causes
installation failures in several tests. The workaround is to manually remove
certs from all certificate databases used by IPA after each server
uninstallation
Reviewed-By: David Kupka <dkupka@redhat.com>
The installator has changed the question sequence so the stdin used for
interactive server installation has to be changed accordingly
Reviewed-By: David Kupka <dkupka@redhat.com>
The IPA installer refuses to accept certs signed with a CA-signature that does
not have basic constraints enabled (Described in RFC 5280)
Reviewed-By: David Kupka <dkupka@redhat.com>
When the same host is used for numerous server/replica
installations/uninstallations at some point the /etc/openldap/ldap.conf file
gets corruped which results in ldapsearch unaware of the default ldap_uri to
connect. The workaround would be to provide ldap hostname for each ldapsearch.
Attention: please unapply this fix once the original issue is resolved.
https://fedorahosted.org/freeipa/ticket/5880
Reviewed-By: David Kupka <dkupka@redhat.com>
update_from_dict() method is not used anywhere in the project,
it only makes the tests fail. Removed it and its tests.
https://fedorahosted.org/freeipa/ticket/6311
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
In test_ipaserver/test_ldap::test_ldap::test_GSSAPI a krb5 ccache is used to
connect to ldap. The test tries to locate this cache in /tmp/krb5cc_$UID file,
which is not there due to default settings in krb5.conf, and hence the whole
test is skipped. Fix the test to use keyring to connect instead of ccache in
/tmp.
https://fedorahosted.org/freeipa/ticket/6323
Reviewed-By: Martin Basti <mbasti@redhat.com>
Fixing discrepancies between returned and checked attributes in ipa-join host
test, that arose after recent changes in behavior.
https://fedorahosted.org/freeipa/ticket/6326
Reviewed-By: Martin Basti <mbasti@redhat.com>
Updating path to ipa-join command to allow execution of
test_xmlrpc/test_host::TestHostFalsePwdChange::test_join_host.
https://fedorahosted.org/freeipa/ticket/6326
Reviewed-By: Martin Basti <mbasti@redhat.com>
krb5kdc.service restart is necessary for proper running of integration trust
related tests.
https://fedorahosted.org/freeipa/ticket/6322
Reviewed-By: Martin Basti <mbasti@redhat.com>
In commit ed4c2d9252, changes to the Plugin
class were made, but the test was updated only partially.
Update the rest to fix the failing test.
https://fedorahosted.org/freeipa/ticket/6313
Reviewed-By: Martin Basti <mbasti@redhat.com>
Removing --force option from tracker base class so it would not be required to
be implemented in every specific tracker, even though it's not necessary.
Modifying existing trackers to reflect this change.
https://fedorahosted.org/freeipa/ticket/6124
Reviewed-By: Martin Basti <mbasti@redhat.com>
SSSD restart has been mistakenly added to integration tests
(test_integration/tasks.py::uninstall_master). When system setup is correct,
this restart has no significance, moreover it makes tests fail, hence its
removal is necessary.
https://fedorahosted.org/freeipa/ticket/6338
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
Also created a decorator that removes the segment that the next test does not
expect.
https://fedorahosted.org/freeipa/ticket/6250
Reviewed-By: Martin Basti <mbasti@redhat.com>
As the segment name is a stochastic valu, which can have either of the two
nodes as the left node, we need to adapt the tests to not expect some
particular segment name but rather to calculate it dynamically based on node
names and the output of topologysegment-find ipa call
Reviewed-By: Martin Basti <mbasti@redhat.com>
Adding 'defaults' sudorule to prevent requesting further user authentication.
Adding checks that if a user should be rejected access, a proper error message
is displayed.
https://fedorahosted.org/freeipa/ticket/6262
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
In test_one_command_installation the ipa-replica-install was missing '--server'
and '-U' options which resulted in false negative result. In
test_client_enrollment_by_unprivileged_user '--server' option was messing.
test_replica_promotion_after_adding_to_admin_group lacked '-U' option. It
leaded to 3 failed cases.
https://fedorahosted.org/freeipa/ticket/6301
Reviewed-By: Martin Basti <mbasti@redhat.com>
The server installation in most cases returns response code 0 no matter what
happens except for really severe errors. In this case when we try to uninstall
the middle replica of a line topology, it fails, notifies us that we should use
'--ignore-topology-disconnect', but returns 0
https://fedorahosted.org/freeipa/ticket/6300
Reviewed-By: Martin Basti <mbasti@redhat.com>
Test ipatests/test_ipaserver/test_ldap::test_Backend fails claiming service
cannot be found. Fixing this by not using api with in_tree parameter.
https://fedorahosted.org/freeipa/ticket/6312
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Trust tests fail if they are executed after external trust tests. This is
caused my missing cleanup. Providing cleanup that would enable correct
execution of the tests regardless of their order.
https://fedorahosted.org/freeipa/ticket/6306
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
In integration trust tests some values are checked using regular expressions.
Some of these expressions from recently added coverage have minor mistakes
which causes the comparisons to fail. Providing fix for these regular
expressions.
https://fedorahosted.org/freeipa/ticket/6285
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Currently environments may use prefix /31 on point-to-point connections what
makes IPA validators to fail. IPA should not care if IP address is broadcast
or not. In some cases (when prefix is not specified) IPA cannot decide
properly if broadcast address is really broadcast.
This commit allows usage of broadcast addresses in:
* host plugin
* dns plugin
* server-installer
* client-installer
https://fedorahosted.org/freeipa/ticket/5814
Reviewed-By: David Kupka <dkupka@redhat.com>
Currently cloud environments uses heavily prefix /32 (/128) what makes
IPA validators to fail. IPA should not care if IP address is network or not.
This commit allows usage of network addresses in:
* host plugin
* dns plugin
* server-installer
* client-installer
https://fedorahosted.org/freeipa/ticket/5814
Reviewed-By: David Kupka <dkupka@redhat.com>
When running test_install/test_updates and test_pkcs10/test_pkcs10 as
outoftree, these are skipped with reason 'Unable to find test update files'.
For outoftree tests wrong paths are checked for these files.
Changing file localization to provide proper test setup.
https://fedorahosted.org/freeipa/ticket/6284
Reviewed-By: Martin Basti <mbasti@redhat.com>
Several tests in test_xmlrpc/test_trust_plugin.py fail because some attributes
are not expected. Fixing the tests so that the extra attributes are recognized.
https://fedorahosted.org/freeipa/ticket/6276
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
Changing negative test case that verified that a certificate with different
than expected issuer cannot be added to a service to a positive one that
verifies that this operation now proceeds successfully. Corresponds to changes
made in scope of https://fedorahosted.org/freeipa/ticket/4559 implementation.
https://fedorahosted.org/freeipa/ticket/6258
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
domainlevel method is called upon each master uninstallation. Sometimes the
master uninstallation is called from within teardown method of some tests when
the master was not in fact installed, in which case the kinit_admin would
always raise an error.
https://fedorahosted.org/freeipa/ticket/6254
Reviewed-By: Martin Basti <mbasti@redhat.com>
Class test_forward_zones in ipatests/test_xmlrpc/test_dns_plugin
was using DNS zone 'fwzone2.test.' and expected to get warning
'Forwarding policy conflicts with some automatic empty zones.'
(aka 'DNSForwardPolicyConflictWithEmptyZone').
This does not make sense because 'test.' zone is not listed in IANA registry
'Locally-Served DNS Zones':
http://www.iana.org/assignments/locally-served-dns-zones/locally-served-dns-zones.xhtml
To fix this I simply removed the warning from set of expected results.
https://fedorahosted.org/freeipa/ticket/6213
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Class test_forward_zones in ipatests/test_xmlrpc/test_dns_plugin
had server IP and zone name interchanged in "expected" dictionart.
I do not understand how this happened.
https://fedorahosted.org/freeipa/ticket/6213
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Plugins are being imported in the test_ldap/test_Backend test, which is no
longer valid due to changes made during thin client implementation. Plugins are
imported automatically and explicit imports make tests fail because of the
duplicity.
https://fedorahosted.org/freeipa/ticket/6194
Reviewed-By: Martin Basti <mbasti@redhat.com>
Due to thin client implementation a part of the original test is no longer
valid and causes test to fail.
https://fedorahosted.org/freeipa/ticket/6192
Reviewed-By: Martin Basti <mbasti@redhat.com>
Due to race conditions the test sometimes catches 2 one-way segments instead of
one bidirectional. We need to give the master time to merge the one-way
segments before we test the output.
https://fedorahosted.org/freeipa/ticket/6265
Reviewed-By: Martin Basti <mbasti@redhat.com>
In ipatests/test_xmlrpc/test_idviews_plugin several variables are declared
twice, while never using the first declaration. The duplicate declaration is
hereby removed.
https://fedorahosted.org/freeipa/ticket/6246
Reviewed-By: Martin Basti <mbasti@redhat.com>
Update the fake API object to match the real API object interface including
the changes introduced with the API compatibility feature.
https://fedorahosted.org/freeipa/ticket/6188
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Some tests in ipatests/test_ipalib/test_frontend.py are failing due to changes
related to thin client implementation. Providing fix for:
ipa.test_ipalib.test_frontend.test_Attribute.test_init
ipa.test_ipalib.test_frontend.test_LocalOrRemote.test_run
https://fedorahosted.org/freeipa/ticket/6188
Reviewed-By: Milan Kubik <mkubik@redhat.com>
