Commit Graph

12 Commits

Author SHA1 Message Date
Stanislav Laznicka
b5bdd07bc5
Add absolute_import future imports
Add absolute_import from __future__ so that pylint
does not fail and to achieve python3 behavior in
python2.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-04-20 09:43:37 +02:00
Christian Heimes
2391c75e3d Replace hard-coded paths with path constants
Several run() calls used hard-coded paths rather than pre-defined paths
from ipaplatform.paths. The patch fixes all places that I was able to
find with a simple search.

The fix simplifies Darix's port of freeIPA on openSuSE.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-02-08 09:32:12 +01:00
Martin Basti
5de70e3199 py3: tests_xmlrpc: do not call str() on bytes
Calling str() on bytes causes undesired side effect: it adds prefix "b"
to the result of conversion. The method decode() should be used instead.

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-02-02 13:43:16 +01:00
Fraser Tweedale
dfbdb53238 cert-request: match names against principal aliases
Currently we do not check Kerberos principal aliases when validating
a CSR.  Enhance cert-request to accept the following scenarios:

- for hosts and services: CN and SAN dnsNames match a principal
  alias (realm and service name must be same as nominated principal)

- for all principal types: UPN or KRB5PrincipalName othername match
  any principal alias.

Fixes: https://fedorahosted.org/freeipa/ticket/6295
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2016-12-06 16:13:45 +01:00
Milan Kubík
10b4b155b6 ipatests: Implement tests with CSRs requesting SAN
The patch implements several test cases testing the enforcement
of CA ACLs on certificate requests with subject alternative names.

https://fedorahosted.org/freeipa/ticket/6366

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-10-04 18:03:03 +02:00
Milan Kubík
0277a89825 ipatests: remove ipacertbase option from test CSR configuration
The issue was found during test review. If the cert base contains
spaces, openssl req fails.

https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2016-07-12 10:55:50 +02:00
Milan Kubík
d88a12f1f5 ipatests: Test Sub CA with CAACL and certificate profile
Test the Sub CA feature by signing a CSR with custom
certificate profile.

The test also covers 'cert-request' fallback behaviour
for missing 'cacn' and 'profile-id' options by reusing
the fixtures from the module.

https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2016-07-12 10:55:50 +02:00
Milan Kubík
0472300dff ipatests: Add test case for requesting a certificate with full principal.
https://fedorahosted.org/freeipa/ticket/5733

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-04-21 17:06:54 +02:00
Petr Viktorin
b2436560df Alias "unicode" to "str" under Python 3
Follow-up to commit 23507e6124

The six way of doing this is to replace all occurences of "unicode"
with "six.text_type". However, "unicode" is non-ambiguous and
(arguably) easier to read. Also, using it makes the patches smaller,
which should help with backporting.

https://fedorahosted.org/freeipa/ticket/5623

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-20 11:59:21 +01:00
Milan Kubík
17f9ca154b Separated Tracker implementations into standalone package
The previous way of implementing trackers in the module with
the test caused circular imports. The separate package resolves
this issue.

https://fedorahosted.org/freeipa/ticket/5467

Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
2015-12-02 17:12:24 +01:00
Milan Kubik
0a64e9bd70 Applied tier0 and tier1 marks on unit tests and xmlrpc tests
Web UI tests were marked as tier1 tests.

The tier system is intended to be used together with CI system
to make sure the more complicated tests are being run only
when all of the basic functionality is working.

The system is using pytest's marker system. E.g. an invocation of
all tier1 tests with listing will look like:

    $ py.test -v -m tier1 ipatests

or in case of out of tree tests:

    $ ipa-run-tests -m tier1

Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
2015-11-09 11:49:17 +01:00
Milan Kubík
5ab0fcabf3 ipatests: CA ACL and cert profile functional test
https://fedorahosted.org/freeipa/ticket/57

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-10-27 09:57:48 +01:00