Commit Graph

1214 Commits

Author SHA1 Message Date
Petr Vobornik
60e992ca56 Fix test_server_del::TestLastServices
The reason why the test started to fail is probably commit be3ad1e where the checks
were reordered. TestLastServices relies on execution of tests in a specific order.
So it fails given that checks were changed but tests weren't.

Given that master is installed with DNS and CA and replica with anything and given
that checks in server-del command are in order: DNS, DNSSec, CA, KRA then the test
should be something like:
* install master (with DNS, CA)
* install replica
* test test_removal_of_master_raises_error_about_last_dns
* test_install_dns_on_replica1_and_dnssec_on_master (installing DNS and
  DNSSec will allow DNSSec check)
* test_removal_of_master_raises_error_about_dnssec
* test_disable_dnssec_on_master (will allow CA check)
* test_removal_of_master_raises_error_about_last_ca
* test_forced_removal_of_master

https://pagure.io/freeipa/issue/7517

Signed-off-by: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-05-15 14:15:34 -04:00
Michal Reznik
897f1cda93 ui_tests: improve "field_validation" method
Often when trying to check e.g. required field we pass the
method another element as parent in order to narrow down a scope
for validation. This way we can just pass "field" name to make the
process easier.

https://pagure.io/freeipa/issue/7546

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-05-15 12:57:26 +02:00
Michal Reznik
ef3f0851f4 ui_tests: checkbox click fix
We check a box with clicking on label by default however sometimes
when a label is too short (1-2 letters) we are hitting an issue
that the checkbox obscures the label.

https://pagure.io/freeipa/issue/7547

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-05-15 12:56:03 +02:00
Felipe Barreto
23c23a3cc1 Fixing tests on TestReplicaManageDel
This commit fixes the tests on class TestReplicaManageDel:
- test_replica_managed_del_domlevel1
- test_clean_dangling_ruv_multi_ca
- test_replica_managed_del_domlevel0

Given that domain level 0 doest not have autodiscovery, we need to
configure /etc/resolv.conf with the master data (search <domain> and
nameserver <master_ip>) in order to ipa-replica-install succeed.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-05-10 16:52:42 -03:00
Felipe Barreto
8a8b641c72 Fixing TestCASpecificRUVs::test_replica_uninstall_deletes_ruvs
This test will setup a master and a replica, uninstall replica and check
for the replica RUVs on the master. It was missing the step of running
ipa-replica-manage del <replica hostname> to properly remove the RUVs.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-05-10 16:52:42 -03:00
Stanislav Laznicka
392f44a38a
mod_ssl: add SSLVerifyDepth for external CA installs
mod_ssl's limiting of client cert verification depth was causing
the replica installs to fail when master had been installed with
external CA since the SSLCACertificateFile was pointing to a file
with more than one certificate. This is caused by the default
SSLVerifyDepth value of 1. We set it to 5 as that should be
just about enough even for possible sub-CAs.

https://pagure.io/freeipa/issue/7530

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-05-10 10:03:02 +02:00
Alexander Bokovoy
e642865717 group: allow services as members of groups
Allow services to be members of the groups, like users and other groups
can already be.

This is required for use cases where such services aren't associated
with a particular host (and thus, the host object cannot be used to
retrieve the keytabs) but represent purely client Kerberos principals to
use in a dynamically generated environment such as Kubernetes.

Fixes: https://pagure.io/freeipa/issue/7513
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-05-08 16:39:22 -04:00
Alexander Bokovoy
9e8fb94e87 service: allow creating services without a host to manage them
Add --skip-host-check option to ipa service-add command to allow
creating services without corresponding host object. This is needed to
cover use cases where Kerberos services created to handle client
authentication in a dynamically generated environment like Kubernetes.

Fixes: https://pagure.io/freeipa/issue/7514
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-05-08 16:39:22 -04:00
Florence Blanc-Renaud
63a5feb19f authselect test: skip test if authselect is not available
Currently, the test is skipped if the platform is fedora-like. The
decision to skip should rather be based on authselect command
availability (i.e. when ipaplatform.paths.paths.AUTHSELECT is None).

Related to
https://pagure.io/freeipa/issue/7377

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-05-03 16:39:58 +02:00
Christian Heimes
606af69bbd Make ipatests' create_external_ca a script
The test helper create_external_ca is useful to create an external root
CA and sign ipa.csr for external CA testing. I also moved the file into
ipatests top package to make the import shorter and to avoid an import
warning.

Usage:

   ipa-server-install --external-ca ...
   python3 -m ipatests.create_external_ca
   ipa-server-install --external-cert-file=/tmp/rootca.pem \
       --external-cert-file=/tmp/ipaca.pem

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-05-03 08:36:51 +02:00
Tibor Dudlák
5929d5d872 Use temporary pid file for chronyd -q task
chrony is causing an SELinux denial because of chronyd
was not spawned using systemd and the command creates
a pidfile for unconfined proccess in /var/run with SELinux label:
unconfined_u:object_r:var_run_t:s0
Following chronyd daemon enablement with systemd will fail
due to mismatched SELinux labels on chronyd pidfile.
chronyd pidfile should be labeled with the following label:
system_u:object_r:chronyd_var_run_t:s0
This also changes bindcmdaddress to not touch /var/run/chrony.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-05-02 16:44:54 -04:00
Rob Crittenden
e16e5cd0a6 Use a regex in installutils.get_directive instead of line splitting
This will allow for whitespace around the separator and changes the
default space separator into white space (space + tabs) to be more
generic and work better on Ubuntu which uses tabs in its Apache
configuration.

https://pagure.io/freeipa/issue/7490

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-05-02 14:12:11 +02:00
Rob Crittenden
ae6c8d2c7a Handle whitespace, add separator to regex in set_directive_lines
We added the separator to the regex in set_directive_lines to avoid
grabbing just a prefix. This doesn't allow for whitespace around
the separator.

For the Apache case we expected that the separator would be just
spaces but it can also use tabs (like Ubuntu 18). Add a special
case so that passing in a space separator is treated as whitespace
(tab or space).

https://pagure.io/freeipa/issue/7490

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-05-02 14:12:11 +02:00
Christian Heimes
c925b44f43 Load certificate files as binary data
In Python 3, cryptography requires certificate data to be binary. Even
PEM encoded files are treated as binary content.

certmap-match and cert-find were loading certificates as text files. A
new BinaryFile type loads files as binary content.

Fixes: https://pagure.io/freeipa/issue/7520
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-04-30 20:42:00 +02:00
Christian Heimes
3c66e388de Compatibility with pytest 3.4
The nose_compat plugin uses internal pytest APIs to suspend and resume
the capture manager. In pytest 3.4, the internal APIs have changed and a
public API was added.

The fix is required to run integration tests under Fedora 28.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-04-30 14:13:40 +02:00
Stanislav Laznicka
d5e5bd501c Add absolute_import to test_authselect
This is to keep backward compatibility with Python 2

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-04-30 11:04:35 +02:00
Anuja More
51b9a82f7c Adding test-cases for ipa-cacert-manage
Scenario1:	Setup external CA1 and install ipa-server with CA1.
     		Setup exteranal CA2 and renew ipa-server with CA2.
		Get information to compare CA change for ca1 and CA2
     		it should show different Issuer between install
		and renewal.

Scenario2:	Renew CA Cert on Replica using ipa-cacert-manage
		verify that replica is caRenewalMaster

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Michal Reznik <mreznik@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-04-27 18:06:36 +02:00
Michal Reznik
61dc15e5ef ui_tests: introduce new test_misc cases file
By this commit we introduce new test_misc cases file to
test various miscellaneous cases that do not fit to other suites.

In this cases that "version" is present in profile`s "about".

https://pagure.io/freeipa/issue/7507

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Varun Mylaraiah <mvarun@redhat.com>
2018-04-27 14:19:59 +02:00
Michal Reznik
e43cfaeb52 ui_driver: extension and modifications related to test_user
In this patch we tune login() in order to test login without
username.

Then we add edit_multivalued and undo_multivalued to test "undo"
and "reset" buttons.

Also there is a new boolean "negative" in mod_record() to switch
button assertion.

Later ssh_key methods were fine-tuned a little to add more keys,
delete all of them and to extend their usage to hosts and id views.

Lastly new method assert_value_checked() was introduced to assert
whether a particular record is checked.

https://pagure.io/freeipa/issue/7507

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Varun Mylaraiah <mvarun@redhat.com>
2018-04-27 14:19:59 +02:00
Michal Reznik
e16a76ad97 ui_tests: extend test_user suite
Extend WebUI test_user suite with the following test cases:

test_add_user_special
test_user_misc
test_ssh_keys
test_add_delete_undo_reset
test_disable_delete_admin
test_login_without_username

https://pagure.io/freeipa/issue/7507

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Varun Mylaraiah <mvarun@redhat.com>
2018-04-27 14:19:59 +02:00
Varun Mylaraiah
00a8d00ea9 WebUI tests: Extend netgroup tests with more scenarios
Extended webui group automation test with below scenarios
Scenarios
 *add netgroup with invalid names
 *add and delete records in various scenarios
 *verify button's action in various scenarios.

https://pagure.io/freeipa/issue/7505

Signed-off-by: Varun Mylaraiah <mvarun@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Michal Reznik <mreznik@redhat.com>
2018-04-27 14:08:04 +02:00
Florence Blanc-Renaud
c36bd38360 New tests for authselect migration
Add new test for client and server installation when authselect tool
is used instead of authconfig

Related to
https://pagure.io/freeipa/issue/7377

Reviewed-By: Alexander Koksharov <akokshar@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-04-27 14:01:33 +02:00
Felipe Barreto
415578a199 Fixing TestBackupAndRestore::test_full_backup_and_restore_with_removed_users
The test as it was, was testing the backup and restore based on previous
backups and restore, not with an actual installation.

Now, with a clear setup for each test, the test mentioned above will not
fail to do a lookup (using the host command, in check_dns method) for
the master domain.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-04-25 15:53:58 -03:00
Fraser Tweedale
852618fd65 csrgen: fix when attribute shortname is lower case
OpenSSL requires attribute short names ("CN", "O", etc) to be in
upper case, otherwise it fails to add the attribute.  This can be
triggered when FreeIPA has been installed with --subject-base
containing a lower-case attribute shortname (e.g.
--subject-base="o=Red Hat").

Explicitly convert the attribute type string to an OID
(ASN1_OBJECT *).  If that fails, upper-case the type string and try
again.

Add some tests for the required behaviour.

Fixes: https://pagure.io/freeipa/issue/7496
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-04-25 14:41:12 +02:00
Ganna Kaihorodova
5165afd501 Fix trust tests for Posix Support
Test ecxpects auto-detection of trust type, Windows Server 2016 doesn't have
support for MFU/NIS (SFU - Services for Unix), so auto detection doesn't work
Fix is to pass extra arguments to the trust-add command,
such as --range-type="ipa-ad-trust-posix" to enforce a particular range type

https://pagure.io/freeipa/issue/7508

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-04-25 11:52:32 +02:00
Rob Crittenden
9d73e4a0f1 Allow dot as a valid character in an selinux identity name
Both of these are legal: unconfined_u and unconfined.u

https://pagure.io/freeipa/issue/7510

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-04-25 08:23:47 +02:00
Anuja More
6c4635e779 Adding test-cases for ipa-cacert-manage
File     :  ipatests/test_integration/test_external_ca.py

    Scenario1:  Manual renew external CA cert with invalid file
                when ipa-server is installed with external-ca
                and renew with invalid cert file the renewal
                should fail.

    Scenario2:  install CA cert manually
                Install ipa-server. Create rootCA, using
                ipa-cacert-manage install option install
                new cert from RootCA

Signed-off-by: Anuja More <amore@redhat.com>

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-04-24 11:20:08 +02:00
Rob Crittenden
4919bd9dae Remove xfail from CALes test test_http_intermediate_ca
The full chain is not required by mod_ssl.

https://pagure.io/freeipa/issue/7489

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexey Slaykovsky <alexey@slaykovsky.com>
2018-04-20 08:51:37 -04:00
Rob Crittenden
3384147ca1 Some PKCS#12 errors are reported with full path names
This is related to change in certutil which does a cwd
to the location of the NSS database. certutil is used as part
of loading a PKCS#12 file to do validation.

https://pagure.io/freeipa/issue/7489

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexey Slaykovsky <alexey@slaykovsky.com>
2018-04-20 08:51:37 -04:00
Stanislav Laznicka
b5bdd07bc5
Add absolute_import future imports
Add absolute_import from __future__ so that pylint
does not fail and to achieve python3 behavior in
python2.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-04-20 09:43:37 +02:00
Alexander Bokovoy
2de1aa27f9 ACL: Allow hosts to remove services they manage
Allow hosts to delete services they own. This is an ACL that complements
existing one that allows to create services on the same host.

Add a test that creates a host and then attempts to create and delete a
service using its own host keytab.

Fixes: https://pagure.io/freeipa/issue/7486
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-04-19 08:59:45 -04:00
Fraser Tweedale
0f8593354d certprofile: add tests for config profileId scenarios
Update the certprofile tests to cover the various scenarios
concerning the profileId property in the profile configuration.
The scenarios now explicitly tested are:

- profileId not specified (should succeed)
- mismatched profileId property (should fail)
- multiple profileId properties (should fail)
- one profileId property, matching given ID (should succeed)

https://pagure.io/freeipa/issue/7503

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-04-19 08:57:53 -04:00
Varun Mylaraiah
1a6e360119 Fixed improper clean-up in test_host::test_kerberos_flags added closing the notification in kerberos flags
Signed-off-by: Varun Mylaraiah <mvarun@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Michal Reznik <mreznik@redhat.com>
2018-04-19 12:59:09 +02:00
Varun Mylaraiah
105d7d7f2e WebUI tests: Extend user group tests with more scenarios
1) Extended webui group automation test with below scenarios
	Scenarios
	 *Add user group with invalid names
	 *Add multiple groups records at one shot
	 *Select and delete multiple records
	 *Find and delete records etc...
2) Improved add_record method to support additional use cases:
	 *confirm by additional buttons: 'Add', 'Add and add another', 'Add and Edit,' 'Cancel'
	 *add multiple records in one call (uses 'Add and add another' behavior)

https://pagure.io/freeipa/issue/7485

Signed-off-by: Varun Mylaraiah <mvarun@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Michal Reznik <mreznik@redhat.com>
2018-04-19 12:59:09 +02:00
Ganna Kaihorodova
d4dd2b1ccb
Fix for integration tests dns_locations
Delete code related to NTP checks.
As we migrated to chronyd and IPA server is not NTP server anymore

https://pagure.io/freeipa/issue/7499

Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-04-18 09:31:02 +02:00
Tibor Dudlák
692a9931da Fix format string passed to pytest-multihost
Integration trust test suit failed with error trying to
start chronyd because of bad formating of passed string

See: https://pagure.io/python-pytest-multihost/issue/15
Resolves: https://pagure.io/freeipa/issue/7487
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-04-17 16:25:12 +02:00
Christian Heimes
1b320ac3e7 Remove os.chdir() from test_ipap11helper
test_ipap11helper no longer changes directory for the entire test suite.
The fix revealed a bug in another test suite. test_secrets now uses a
proper temporary directory.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-04-10 17:35:17 +02:00
Tibor Dudlák
ca9c4d70a0 Replace ntpd with chronyd in installation
Completely remove ipaserver/install/ntpinstance.py

This is no longer needed as chrony client configuration
is now handled in ipa-client-install.

Part of ipclient/install/client.py related to ntp configuration
has been refactored a bit to not lookup for srv records
and/or run chrony if not necessary.

Addresses: https://pagure.io/freeipa/issue/7024
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-04-09 11:00:02 -04:00
Rob Crittenden
7b546ffedb
Break out of teardown in test_replica_promotion.py if no config
These tests are all skipped if there is no YAML configuration
file passed but the teardown method is always called and since
there is a reference to the Config object this blows up if just
ipa-run-tests is executed.

Look at the config and break out if no domains are set.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-04-09 15:23:41 +02:00
Ganna Kaihorodova
28acbc6c11
Fix in IPA's multihost fixture
AD related tests, which aren't require all set of AD machines
were skipped with error msg: Not enough resources configured.

Changed hard coded number of AD machines to use.

Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
2018-04-09 15:15:47 +02:00
Michal Reznik
2a6ba687d0 test_web_ui: extend ui_driver methods
Add close_all_dialogs(),change assert_last_dialog_details() method
to assert_last_error_dialog() to make it more generic and tweak
add_record() method to skip asserts so we can assert later.

We are also changing assert_record_value() to accept list of values
and adding select_multiple_records().

https://pagure.io/freeipa/issue/7463

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-04-09 09:06:48 +02:00
Michal Reznik
dc4f28de52 test_webui: add user life-cycles tests
Add user life-cycles test cases.

https://pagure.io/freeipa/issue/7463

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-04-09 09:06:48 +02:00
Petr Vobornik
7b1b0b35ea Fix order of commands in test for removing topology segments
test_topology_updated_on_replica_install_remove from the beginning used
invalid sequence of commands for removing a replica.

Proper order is:
  master$ ipa server-del $REPLICA
  replica$ ipa-server-install --uninstall

Alternatively usage of `ipa-replica-manage del $replica` instead of
`ipa server-del $replica` is possible. In essence ipa-replica-manage
calls the server-del command.

At some point there  was a plan to achieve uninstalation only through
`ipa-server-install --uninstall` but that was never achieved to this
date.

This change also removes the ugly wrapper which makes test collection
fail if no environment config is provided (i.e. replicas cannot be
indexed).
  $ pytest --collect-test ipatests/test_integration

https://pagure.io/freeipa/issue/6250

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-04-09 09:02:40 +02:00
Christian Heimes
b82a2295b8 Load librpm on demand for IPAVersion
ctypes.util.find_library() is costly and slows down startup of ipa CLI.
ipaplatform.redhat.tasks now defers loading of librpm until its needed.
CFFI has been replaced with ctypes, too.

See: https://pagure.io/freeipa/issue/6851
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-04-09 09:01:29 +02:00
Ganna Kaihorodova
b7293a9184
TestBasicADTrust.test_ipauser_authentication
test_ipauser_authentication is failing with error: "Confidentiality required"
Password operation must be performed over a secure connection

To start TLS encryption added -ZZ option, in order to be connection successful

https://pagure.io/freeipa/issue/7470

Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
2018-04-06 16:00:48 +02:00
Christian Heimes
6aca027ecc Fix installer CA port check for port 8080
The installer now checks that port 8080 is available and not in use by
any other application.

The port checker has been rewritten to use bind() rather than just
checking if a server responds on localhost. It's much more reliable and
detects more problems.

Original patch by m3gat0nn4ge.

Co-authored-by: Mega Tonnage <m3gat0nn4ge@gmail.com>
Fixes: https://pagure.io/freeipa/issue/7415
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-04-04 08:58:48 +02:00
Felipe Barreto
a947695ab0 Fix TestSubCAkeyReplication providing the right path to pki log
The pki debug log has its name in this format: debug.<date>.log. This commit
changes the code to use this format, fixing the test.

Unfortunately, it's not possible to use some kind of regex (like debug.*.log)
to get the file, because python multihost gets the path and tries to open
(using the "open" python function) the file with that.

https://pagure.io/freeipa/issue/7095

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-04-03 14:20:18 +02:00
Felipe Barreto
e7c4f77d0d Adding right parameters to install IPA in TestInstallMasterReservedIPasForwarder
When installing ipa in interactive mode, it's necessary to provide the
hostname. This will make the test pass.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-04-03 08:10:01 +02:00
Petr Vobornik
70c6da9c54 webui tests: fix test_host:test_crud failure
test_host.py::test_host::test_crud fails in nightly tests in delete record
step.

It started to fail probably after commit 4295df17a4
which changed host-add behavior into showing a warning message about DNS resolution
instead of raising an error. This warning notification stays displayed for some
time, as all longer, notifications. By being open it takes some area on the page.
Given that webui tests proceeds quicker than a user, the notification can
cover some elements.

The test fails because web driver cannot click on an element which is covered
by the notification. In this case, it cannot open a deleter dialog.

So the fix is to close the notification(s). This is OK since a user would do
it as well if it was in a way.

This kind of issue is harder to reproduce when testing locally because
most people uses screen resolution 1920x1200 or full HD. PR-CI uses
1400x1200 for web ui testing.
  /usr/bin/Xvfb $DISPLAY -ac -noreset -screen 0 1400x1200x8

So alternative fix would be to change resolution used by the PR-CI. Combination
of both could be the best.

https://pagure.io/freeipa/issue/7468

Reviewed-By: Felipe Volpone <fbarreto@redhat.com>
2018-03-28 15:31:27 +02:00
Fraser Tweedale
421fc376cc Fix upgrade when named.conf does not exist
Commit aee0d2180c adds an upgrade step
that adds system crypto policy include to named.conf.  This step
omitted the named.conf existence check; upgrade fails when it does
not exist.  Add the existence check.

Also update the test to add the IPA-related part of the named.conf
config, because the "existence check" actually does more than just
check that the file exists - it also check that it contains the IPA
bind-dyndb-ldap configuration section.

Part of: https://pagure.io/freeipa/issue/4853

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-03-28 12:30:31 +02:00