Commit Graph

132 Commits

Author SHA1 Message Date
Christian Heimes
68caeb8b19 Add mocked test for named crypto policy update
Mocked tests require the mock package for Python 2.7. Python 3 has
unittest.mock in the standard library.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-02-20 17:01:52 +01:00
Christian Heimes
1b0c55a3b3 Unified ldap_initialize() function
Replace all ldap.initialize() calls with a helper function
ldap_initialize(). It handles cacert and cert validation correctly. It
also provides a unique place to handle python-ldap 3.0 bytes warnings in
the future.

Fixes: https://pagure.io/freeipa/issue/7411
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-02-15 18:32:17 +01:00
Christian Heimes
d7426ccbe7 Replace nose with unittest and pytest
* Replace raise nose.SkipTest with raise unittest.SkipTest
* Replace nose.tools.assert_equal(a, b) with assert a == b
* Replace nose.tools.raises with pytest.raises
* Convert @raises decorator to pytest.raises() but just for relevant
  lines.
* Remove nose dependency

I left the nose_compat pytest plugin in place. It can be removed in
another request in case it is no longer used.

https://pagure.io/freeipa/issue/7301

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-12-12 16:16:58 +01:00
Christian Heimes
f4001e1c53 Add safe DirectiveSetter context manager
installutils.set_directive() is both inefficient and potentially
dangerous. It does not ensure that the whole file is written and
properly synced to disk. In worst case it could lead to partially
written or destroyed config files.

The new DirectiveSetter context manager wraps everything under an easy
to use interface.

https://pagure.io/freeipa/issue/7312

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2017-12-12 14:13:54 +01:00
Fraser Tweedale
f688b5d8a7 Add tests for installutils.set_directive
Part of: https://pagure.io/freeipa/issue/7288

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2017-12-12 14:13:54 +01:00
Christian Heimes
b98f9b46de Add marker needs_ipaapi and option to skip tests
The new marker needs_ipaapi is used to mark tests that needs an
initialized API (ipalib.api) or some sort of other API services (running
LDAP server) to work. Some packages use api.Command or api.Backend on
module level. They are not marked but rather skipped entirely.

A new option ``skip-ipaapi`` is added to skip all API based tests. With
the option, only simple unit tests are executed. As of now, freeIPA
contains more than 500 unit tests that can be executed in about 5
seconds.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-12-11 20:40:06 +01:00
Christian Heimes
b29db07c3b Use os.path.isfile() and isdir()
Replace custom file_exists() and dir_exists() functions with proper
functions from Python's stdlib.

The change also gets rid of pylint's invalid bad-python3-import error,
https://github.com/PyCQA/pylint/issues/1565

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-10-20 12:27:19 +02:00
Fraser Tweedale
d43cf35cca Add tests for external CA profile specifiers
Part of: https://pagure.io/freeipa/issue/6858

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2017-10-04 10:09:18 +02:00
Alexander Bokovoy
8661611d3e OTP import: support hash names with HMAC- prefix
Refactor convertHashName() method to accept hash names prefixed with
HMAC- or any other prefix. Extending the method should be easier in
future.

Add tests proposed by Rob Crittenden to make sure we don't regress
with expected behavior of convertHashName().

Fixes https://pagure.io/freeipa/issue/7146

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-09-18 11:37:31 +02:00
Florence Blanc-Renaud
a077c705fe
Fix ipa config-mod --ca-renewal-master
commit bddb90f38a added the support for
multivalued server attributes (for pkinit_server_server), but this
introduced an API change where the setter and getter of ServerAttribute
are expecting list of values.

When a SingleValuedServerAttribute is used, we need to convert one elem
into a list containing this elem and vice-versa, so that the ipa config-mod
and ipa config_show APIs are not modified.

https://pagure.io/freeipa/issue/7120

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2017-09-05 14:13:46 +02:00
Nathaniel McCallum
bc05ab9922
ipa-otptoken-import: Make PBKDF2 refer to the pkcs5 namespace
For some unknown reason, when I wrote the ipa-otptoken-import script
I used bad input data which had the PBKDF2 parameters in the wrong
XML namespace. I have corrected this input data to match RFC 6030.

https://pagure.io/freeipa/issue/7035

Signed-off-by: Nathaniel McCallum <npmccallum@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-09-01 10:50:34 +02:00
Stanislav Laznicka
5a44ca6383 Create a Certificate parameter
Up until now, Bytes parameter was used for certificate parameters
throughout the framework. However, the Bytes parameter does nothing
special for certificates, like validation, so this had to be done
for each of the parameters which were supposed to represent a
certificate.

This commit introduces a special Certificate parameter which takes
care of certificate validation so this does not have to be done
separately. It also makes sure that the certificates represented by
this parameter are always converted to DER format so that we can work
with them in a unified manner throughout the framework.

This commit also makes it possible to pass bytes directly during
instantiation of the Certificate parameter and they are still
represented correctly after their conversion in the _convert_scalar()
method.

https://pagure.io/freeipa/issue/4985

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-07-27 10:28:58 +02:00
Stanislav Laznicka
bf4dae70e0 tests: fix failing HTTPS connection
Recent certificate refactoring probably unclogged some failure
in handling certificates which causes test_changepw to correctly
fail since it is trying to connect using an HTTPS connection
without the CA certificate. This patch adds the CA cert to the
connection.

https://pagure.io/freeipa/issue/4985

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-07-27 10:28:58 +02:00
Stanislav Laznicka
b5732efda6 x509: Make certificates represented as objects
https://pagure.io/freeipa/issue/4985

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-07-27 10:28:58 +02:00
Jan Cholasta
8f849a77f5 test_ldap: drop redundant URI argument
Use the default LDAP URI from api.env.ldap_uri instead of specifying a
custom URI in the argument. The default URI might be ldapi://, so make sure
autobind is not attempted where the custom URI was ldap://.

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-07-04 12:06:33 +02:00
Martin Basti
902f736a2b py3: test_otptoken_import: fix bytes usage
https://pagure.io/freeipa/issue/4985

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-06-28 16:26:50 +02:00
Martin Basti
637d259361 py3: ipa_otptoken_import: fix hex decoding
codecs.decode() must be used instead of .decode() method

https://pagure.io/freeipa/issue/4985

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-06-28 16:26:50 +02:00
Christian Heimes
af140b0bc1 Silence pytest.yield_fixture deprecation warning
pytest >= 2.10 supports yield based fixtures with pytest.fixture. In
pytest < 2.10 pytest.yield_fixture is required. But that function
also raises a deprecation warning in pytest >= 3.0. FreeIPA has to stay
compatible with pytest < 2.10 for RHEL 7 testing.

https://docs.pytest.org/en/latest/fixture.html#fixture-finalization-executing-teardown-code

https://pagure.io/freeipa/issue/6591

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-05-30 12:28:51 +02:00
Martin Babinsky
58fd229a1d test_serverroles: Get rid of MockLDAP and use ldap2 instead
The test fixture haphazardly intermixed MockLDAP and ldap2 calls in
setup and teardown code, greatly hampering extension of the code and
also porting efforts to Python 3. Get rid of MockLDAP and use ldap2 for
all LDAP operations.

https://pagure.io/freeipa/issue/6937

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-05-26 16:11:40 +02:00
Martin Babinsky
d8bb23ac38 Add an attribute reporting client PKINIT-capable servers
A new multi-valued server attribute `pkinit_server` was added which
reports IPA masters that have PKINIT configuration usable by clients.

The existing tests were modified to allow for testing the new attribute.

https://pagure.io/freeipa/issue/6937

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-05-26 16:11:40 +02:00
Martin Babinsky
bddb90f38a Allow for multivalued server attributes
In order to achieve the task, the following changes were required:

* vectorize the base class for server attributes
* add a child class that enforces single-value attributes. It still
  accepts/returns single-value lists in order to not break Liskov
  substitution principle
* Existing attributes inherit from the child class

https://pagure.io/freeipa/issue/6937

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-05-26 16:11:40 +02:00
Martin Basti
e8f2a415b3 Fix PKCS11 helper
Slots in HSM are not assigned statically, we have to chose proper
slot from token label.

Softhsm i2.2.0 changed this behavior and now slots can change over
time (it is allowed by pkcs11 standard).

Changelog:
* created method get_slot() that returns slot number from
  used label
* replaces usage of slot in __init__ method of P11_Helper
  with label
* slot is dynamically detected from token label before
  session is opened
* pkcs11-util --init-token now uses '--free' instead '--slot'
  which uses first free slot (we don't care about slot numbers
  anymore)

https://pagure.io/freeipa/issue/6692

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-04-12 09:54:10 +02:00
Abhijeet Kasurde
6d4c917440 Use with statement for opening file
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-03-30 13:08:08 +02:00
Christian Heimes
dd6b72e418 pytest 3.x compatibility
pytest 3.x does no longer support plain pytest.skip() on module level.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-03-27 18:03:14 +02:00
Christian Heimes
fd1b4f6ec9 Add options to run only ipaclient unittests
A new option for ipa-run-tests makes the test runner ignore
subdirectories or skips tests that depend on the ipaserver package or on
a running framework for RPC integration tests. The new option enables
testing of client-only builds.

$ ipatests/ipa-run-tests --ipaclient-unittests
...
platform linux2 -- Python 2.7.13, pytest-2.9.2, py-1.4.32, pluggy-0.3.1
rootdir: /home/heimes/redhat, inifile: tox.ini
plugins: sourceorder-0.5, cov-2.3.0, betamax-0.7.1, multihost-1.1
collected 451 items

test_util.py ........
util.py ..
test_ipaclient/test_csrgen.py ..............ssss...
test_ipalib/test_aci.py ...................
test_ipalib/test_backend.py ........
test_ipalib/test_base.py ...............
test_ipalib/test_capabilities.py .
test_ipalib/test_cli.py ...
test_ipalib/test_config.py ...............
test_ipalib/test_crud.py ...............
test_ipalib/test_errors.py .......
test_ipalib/test_frontend.py ........................................
test_ipalib/test_messages.py ....
test_ipalib/test_output.py ...
test_ipalib/test_parameters.py .............................................................
test_ipalib/test_plugable.py ........
test_ipalib/test_rpc.py ......ssssssss
test_ipalib/test_text.py .............................
test_ipalib/test_x509.py ...
test_ipapython/test_cookie.py ............
test_ipapython/test_dn.py ...........................
test_ipapython/test_ipautil.py ..................................................................
test_ipapython/test_ipavalidate.py ..........
test_ipapython/test_kerberos.py ..............
test_ipapython/test_keyring.py ..........
test_ipapython/test_ssh.py ...............................
test_pkcs10/test_pkcs10.py .....

https://fedorahosted.org/freeipa/ticket/6517

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2017-03-17 15:02:13 +01:00
Christian Heimes
79c0e6d355 Remove import nss from test_ldap
test_ldap just imported nss.nss to call nss_init_nodb(). It should be
safe to remove the call. Let's see what CI has to say.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2017-03-01 13:55:22 +01:00
Nathaniel McCallum
d00ae870dd Migrate OTP import script to python-cryptography
https://fedorahosted.org/freeipa/ticket/5192

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-03-01 12:51:50 +01:00
Jan Cholasta
fe6f2b6f6e scripts, tests: explicitly set confdir in the rest of server code
Commit 1e6a204b43 added explicit confdir
setting to api.bootstrap() calls of a randomly selected portion of
server-side scripts and tests. This commit adds it to the rest of
server-side code for consistency.

https://fedorahosted.org/freeipa/ticket/6389

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-02-22 08:07:48 +00:00
Christian Heimes
2ff07b9580 Fix test, nested lists are no longer converted to nested tuples
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2017-02-15 17:27:56 +01:00
Christian Heimes
3d9bec2e87 cryptography has deprecated serial in favor of serial_number
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-02-10 16:16:44 +01:00
Martin Basti
a5ccdc16cb py3: test_ipaserver: fix BytesWarnings
https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-02-08 15:41:39 +01:00
Martin Babinsky
d95bdbbfd5 Add a basic test suite for kadmin.local interface
This small integration suite tests some basic operations using
kadmin.local interface on services in both kerberos and services
subtree.

https://fedorahosted.org/freeipa/ticket/6561

Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-12-16 10:37:49 +01:00
Jan Cholasta
a1f260d021 ipapython: move dnssec, p11helper and secrets to ipaserver
The dnssec and secrets subpackages and the p11helper module depend on
ipaplatform.

Move them to ipaserver as they are used only on the server.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Fraser Tweedale
db116f73fe x509: use python-cryptography to process certs
Update x509.load_certificate and related functions to return
python-cryptography ``Certificate`` objects.  Update the call sites
accordingly, including removal of NSS initialisation code.

Also update GeneralName parsing code to return python-cryptography
GeneralName values, for consistency with other code that processes
GeneralNames.  The new function, `get_san_general_names`, and
associated helper functions, can be removed when python-cryptography
provides a way to deal with unrecognised critical extensions.

Part of: https://fedorahosted.org/freeipa/ticket/6398

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2016-11-10 10:21:47 +01:00
Jan Cholasta
0d370a959b pylint: enable the import-error check
Check for import errors with pylint to make sure new python package
dependencies are not overlooked.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-10-24 14:11:08 +02:00
Martin Basti
49b29591aa Pylint: remove unused variables in tests
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-10-11 16:50:32 +02:00
Martin Basti
45e3aee352 Pylint: enable check for unused-variables
Unused variables may:
* make code less readable
* create dead code
* potentialy hide issues/errors

Enabled check should prevent to leave unused variable in code

Check is locally disabled for modules that fix is not clear or easy or have too many occurences of
unused variables

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-09-27 13:35:58 +02:00
Martin Basti
9d83be3647 Remove unused variables in tests
This commit removes or marks unused variables as "expected to be unused"
by using '_' prefix.

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-09-27 13:35:58 +02:00
Lenka Doudova
a7c49e455e Tests: Remove usage of krb5 ccache from test_ipaserver/test_ldap
In test_ipaserver/test_ldap::test_ldap::test_GSSAPI a krb5 ccache is used to
connect to ldap. The test tries to locate this cache in /tmp/krb5cc_$UID file,
which is not there due to default settings in krb5.conf, and hence the whole
test is skipped. Fix the test to use keyring to connect instead of ccache in
/tmp.

https://fedorahosted.org/freeipa/ticket/6323

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-21 18:48:22 +02:00
Lenka Doudova
8c6f677a16 Tests: Fix failing ldap.backend test
Test ipatests/test_ipaserver/test_ldap::test_Backend fails claiming service
cannot be found. Fixing this by not using api with in_tree parameter.

https://fedorahosted.org/freeipa/ticket/6312

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-09-13 15:37:52 +02:00
Lenka Doudova
774e4e479d Tests: Failing test_ipaserver/test_ldap test
Plugins are being imported in the test_ldap/test_Backend test, which is no
longer valid due to changes made during thin client implementation. Plugins are
imported automatically and explicit imports make tests fail because of the
duplicity.

https://fedorahosted.org/freeipa/ticket/6194

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-29 12:46:58 +02:00
Martin Babinsky
a79d45ad79 test_serverroles: ensure that test API is initialized with correct ldap_uri
This ensures that the serverroles test works also when run together with other
iaserver test suites.

https://fedorahosted.org/freeipa/ticket/6000

Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-06-28 09:14:28 +02:00
Lenka Doudova
d64513f1ff Tests: Fix ipatests/test_ipaserver/test_rpcserver.py
Removed no longer valid assert.

Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2016-06-24 14:22:40 +02:00
Martin Babinsky
40d8dded7f Test suite for serverroles backend
Tests retrieving roles/attributes and setting server attributes in various
scenarios.

https://fedorahosted.org/freeipa/ticket/5181

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-06-13 17:50:54 +02:00
Jan Cholasta
6e44557b60 ipalib: move server-side plugins to ipaserver
Move the remaining plugin code from ipalib.plugins to ipaserver.plugins.

Remove the now unused ipalib.plugins package.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Petr Viktorin
037eae26d0 test_ipaserver.test_ldap: Adjust tests to Python 3's KeyView
In Python 3, the keys() method of mappings returns a KeyView object
that reflects the mapping's state. In LDAPEntry, this means that
the collection returned by keys() is case-insensitive and supports
aliases.

Part of the fix for: https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-05-30 16:44:08 +02:00
Petr Viktorin
25560f0e1d test_ipaserver.test_ldap: Use bytestrings for raw LDAP values
Part of the work for: https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-05-30 16:44:08 +02:00
Petr Viktorin
9ca450ac43 test_rpcserver: Expect updated error message under Python 3
Python 3's JSON module provides line number information in
its parsing error. Update the test to expect this.

Part of the work for: https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-05-30 16:44:08 +02:00
Petr Viktorin
9477cddfeb test_topology_plugin: Don't rely on order of an attribute's values
Order of Python dicts/sets was always unreliable, but in Python 3
it's usually different every time. This affects the order in which
values of a LDAP attribute appear.
LDAP values are also specified to be unordered.

Part of the work for: https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-05-30 16:44:08 +02:00
Martin Babinsky
ac76644ff6 tests for package version comparison
These tests will ensure that our package version handling code can correctly
decide when to upgrade IPA master.

https://fedorahosted.org/freeipa/ticket/5572

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-01-12 15:33:22 +01:00
Martin Basti
78254a9fdd Enable pylint expression-not-assigned check
Enables check and fixes:
************* Module ipa-replica-conncheck
install/tools/ipa-replica-conncheck:150:
[W0106(expression-not-assigned), parse_options] Expression
"(replica_group.add_option('-w', '--password', dest='password',
sensitive=True, help='Password for the principal'), )" is assigned to
nothing)
************* Module ipatests.test_xmlrpc.test_automount_plugin
ipatests/test_xmlrpc/test_automount_plugin.py:437:
[W0106(expression-not-assigned),
test_automount_indirect.test_1a_automountmap_add_indirect] Expression
"api.Command['automountmap_add_indirect'](self.locname, self.mapname,
**self.map_kw)['result']" is assigned to nothing)
************* Module ipatests.test_ipaserver.test_otptoken_import
ipatests/test_ipaserver/test_otptoken_import.py:128:
[W0106(expression-not-assigned), test_otptoken_import.test_mini]
Expression "[(t.id, t.options) for t in doc.getKeyPackages()]" is
assigned to nothing)
************* Module ipatests.test_ipaserver.test_ldap
ipatests/test_ipaserver/test_ldap.py:221:
[W0106(expression-not-assigned), test_LDAPEntry.test_popitem] Expression
"list(e) == []" is assigned to nothing)
************* Module ipa-client-install
ipa-client/ipa-install/ipa-client-install:114:
[W0106(expression-not-assigned), parse_options] Expression
"(basic_group.add_option('-p', '--principal', dest='principal',
help='principal to use to join the IPA realm'), )" is assigned to
nothing)
ipa-client/ipa-install/ipa-client-install:116:
[W0106(expression-not-assigned), parse_options] Expression
"(basic_group.add_option('-w', '--password', dest='password',
sensitive=True, help='password to join the IPA realm (assumes bulk
password unless principal is also set)'), )" is assigned to nothing)
ipa-client/ipa-install/ipa-client-install:118:
[W0106(expression-not-assigned), parse_options] Expression
"(basic_group.add_option('-k', '--keytab', dest='keytab', help='path to
backed up keytab from previous enrollment'), )" is assigned to nothing)
ipa-client/ipa-install/ipa-client-install:120:
[W0106(expression-not-assigned), parse_options] Expression
"(basic_group.add_option('-W', dest='prompt_password',
action='store_true', default=False, help='Prompt for a password to join
the IPA realm'), )" is assigned to nothing)

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-12-23 07:59:22 +01:00
Martin Basti
e4075b1fe2 Remove unused imports
This patch removes unused imports, alse pylint has been configured to
check unused imports.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-12-23 07:59:22 +01:00
Milan Kubik
0a64e9bd70 Applied tier0 and tier1 marks on unit tests and xmlrpc tests
Web UI tests were marked as tier1 tests.

The tier system is intended to be used together with CI system
to make sure the more complicated tests are being run only
when all of the basic functionality is working.

The system is using pytest's marker system. E.g. an invocation of
all tier1 tests with listing will look like:

    $ py.test -v -m tier1 ipatests

or in case of out of tree tests:

    $ ipa-run-tests -m tier1

Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
2015-11-09 11:49:17 +01:00
Petr Viktorin
026b1b5307 Use six.moves.http_client instead of httplib
The module was renamed in Python 3.

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-10-07 10:27:20 +02:00
Petr Viktorin
70b37a956c Use six.moves.urllib instead of urllib/urllib2/urlparse
In Python 3, these modules are reorganized.

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-10-07 10:27:20 +02:00
Robert Kuska
01da4a8de3 Replace StandardError with Exception
StandardError was removed in Python3 and instead
Exception should be used.

Signed-off-by: Robert Kuska <rkuska@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-30 10:51:36 +02:00
Jan Cholasta
33aba6f35e Use byte literals where appropriate
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2015-09-17 11:08:43 +02:00
Jan Cholasta
23507e6124 Alias "unicode" to "str" under Python 3
The six way of doing this is to replace all occurences of "unicode"
with "six.text_type". However, "unicode" is non-ambiguous and
(arguably) easier to read. Also, using it makes the patches smaller,
which should help with backporting.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2015-09-17 11:08:43 +02:00
Petr Viktorin
3bf91eab25 Use Python3-compatible dict method names
Python 2 has keys()/values()/items(), which return lists,
iterkeys()/itervalues()/iteritems(), which return iterators,
and viewkeys()/viewvalues()/viewitems() which return views.

Python 3 has only keys()/values()/items(), which return views.
To get iterators, one can use iter() or a for loop/comprehension;
for lists there's the list() constructor.

When iterating through the entire dict, without modifying the dict,
 the difference between Python 2's items() and iteritems() is
negligible, especially on small dicts (the main overhead is
extra memory, not CPU time). In the interest of simpler code,
this patch changes many instances of iteritems() to items(),
iterkeys() to keys() etc.

In other cases, helpers like six.itervalues are used.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Oleg Fayans
c7408f67f6 Integration tests for topology plugin
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-08-28 16:12:25 +02:00
Milan Kubík
d8b9125895 ipatests: Take otptoken import test out of execution
The issue reported in ticket [1] hasn't been solved yet.

This patch prevents the test cases for OTP import being run.
The change is intended as a *temporary* workaround until
proper fix for the issue is introduced.

[1] https://fedorahosted.org/freeipa/ticket/5192

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-08-20 16:55:26 +02:00
Petr Viktorin
5435a8a32a Use absolute imports
In Python 3, implicit relative imports will not be supported.
Use fully-qualified imports everywhere.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-08-12 18:17:23 +02:00
Petr Viktorin
6a741b51da Replace dict.has_key with the 'in' operator
The deprecated has_key method will be removed from dicts in Python 3.

For custom dict-like classes, has_key() is kept on Python 2,
but disabled for Python 3.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-08-12 18:17:23 +02:00
Petr Viktorin
27dabb4528 Modernize 'except' clauses
The 'as' syntax works from Python 2 on, and Python 3 will
drop the "comma" syntax.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-08-12 18:17:23 +02:00
Petr Viktorin
b8c46f2a32 Modernize number literals
Use Python-3 compatible syntax, without breaking compatibility with py 2.7

- Octals literals start with 0o to prevent confusion
- The "L" at the end of large int literals is not required as they use
  long on Python 2 automatically.
- Using 'int' instead of 'long' for small numbers is OK in all cases except
  strict type checking checking, e.g. type(0).

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-07-31 15:22:19 +02:00
Oleg Fayans
e5acd01ed2 Added test - topology plugin is listed among DS plugins
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-07-27 17:17:33 +02:00
Jan Cholasta
e39fe4ed31 plugable: Pass API to plugins on initialization rather than using set_api
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
2d1515323a plugable: Load plugins only from modules imported by API
Previously all plugin modules imported from anywhere were added to the API.

https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Tomas Babej
792ff0c0c4 Re-initialize NSS database after otptoken plugin tests
OTP token tests do not properly reinitialize the NSS db, thus
making subsequent xmlrpc tests fail on SSL cert validation.

Make sure NSS db is re-initalized in the teardown method.

https://fedorahosted.org/freeipa/ticket/4748

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-11-26 13:06:35 +01:00
Petr Viktorin
93c69b5127 Use setup_class/teardown_class in Declarative tests
Pytest will consider each Declarative test individually, running
setup/teardown for each one.
Move the setup and teardown to the class level.

https://fedorahosted.org/freeipa/ticket/4610

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-11-21 12:14:44 +01:00
Petr Viktorin
375e9f7c4b tests: Use PEP8-compliant setup/teardown method names
The setUp/dearDown names are used in the unittest module, but there is no reason
to use them in non-`unittest` test cases.
Nose supports both styles (but mixing them can cause trouble when
calling super()'s methods).
Pytest only supports the new ones.

https://fedorahosted.org/freeipa/ticket/4610

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-11-21 12:14:44 +01:00
Nathaniel McCallum
5baa941317 Implement OTP token importing
This patch adds support for importing tokens using RFC 6030 key container
files. This includes decryption support. For sysadmin sanity, any tokens
which fail to add will be written to the output file for examination. The
main use case here is where a small subset of a large set of tokens fails
to validate or add. Using the output file, the sysadmin can attempt to
recover these specific tokens.

This code is implemented as a server-side script. However, it doesn't
actually need to run on the server. This was done because importing is an
odd fit for the IPA command framework:
1. We need to write an output file.
2. The operation may be long-running (thousands of tokens).
3. Only admins need to perform this task and it only happens infrequently.

https://fedorahosted.org/freeipa/ticket/4261

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-06-25 12:55:02 +02:00
Tomas Babej
4d2ef43f28 ipaplatform: Move all filesystem paths to ipaplatform.paths module
https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-06-16 19:48:20 +02:00
Petr Viktorin
edee79a32f test_ldap: Read a publicly accessible attribute when testing anonymous bind
The usercertificate attribute is slated to not be readable for
anonymous users. Use associateddomain in $SUFFIX instead.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-04-25 14:06:08 +02:00
Jan Cholasta
9814b272af Keep original name when setting attribute in LDAPEntry.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-04-18 14:59:21 +02:00
Petr Viktorin
7c9fa8fad9 ipaserver.install.service: Fix estimated time display
Use basic math rather than timezone conversion to get
minutes and seconds.
Break out the message generation into a small tested function.

https://fedorahosted.org/freeipa/ticket/4242

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2014-03-13 18:15:43 +01:00
Jan Cholasta
9d863e9a96 Convert remaining test code to LDAPEntry API. 2014-01-24 20:29:31 +01:00
Petr Viktorin
1e836d2d0c Switch client to JSON-RPC
Modify ipalib.rpc to support JSON-RPC in addition to XML-RPC.
This is done by subclassing and extending xmlrpclib, because
our existing code relies on xmlrpclib internals.

The URI to use is given in the new jsonrpc_uri env variable. When
it is not given, it is generated from xmlrpc_uri by replacing
/xml with /json.

The rpc_json_uri env variable existed before, but was unused,
undocumented and not set the install scripts.
This patch removes it in favor of jsonrpc_uri (for consistency
with xmlrpc_uri).

Add the rpc_protocol env variable to control the protocol
IPA uses. rpc_protocol defaults to 'jsonrpc', but may be changed
to 'xmlrpc'.
Make backend.Executioner and tests use the backend specified by
rpc_protocol.

For compatibility with unwrap_xml, decoding JSON now gives tuples
instead of lists.

Design: http://freeipa.org/page/V3/JSON-RPC
Ticket: https://fedorahosted.org/freeipa/ticket/3299
2013-11-26 16:59:59 +01:00
Jan Cholasta
df5f4ee81d Turn LDAPEntry.single_value into a dictionary-like property.
This change makes single_value consistent with the raw property.

https://fedorahosted.org/freeipa/ticket/3521
2013-11-05 13:56:55 +01:00
Jan Cholasta
9ecf4b7aac Decode and encode attribute values in LDAPEntry on demand.
This is achieved by storing both decoded and encoded attribute values in
LDAPEntry and synchronizing changes between them whenever an attribute is
accessed.

Added a new property "raw" to LDAPEntry. It provides a dictionary-like
object which can be used to directly access encoded attribute values.

https://fedorahosted.org/freeipa/ticket/3521
2013-10-31 18:09:51 +01:00
Petr Viktorin
3e505fe532 Move tests to test directories
Nose doesn't pick up directories that don't begin with 'test'.
Rename ipatests/test_ipaserver/install to test_install so that it's run.

Also, merge test_ipautil.py from ipapython/test into tests/test_ipapython,
so the whole test suite is in one place.
2013-09-25 10:13:56 +02:00
Petr Viktorin
c60142efda Make an ipa-tests package
Rename the 'tests' directory to 'ipa-tests', and create an ipa-tests RPM
containing the test suite

Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
2013-06-17 19:22:50 +02:00