Commit Graph

1214 Commits

Author SHA1 Message Date
Pavel Picka
1fe795b75b WebUI Hostgroups tests cases added
Added test for negative (invalid) names
Added test for add/add another/add and edit/cancel buttons
Added test for duplicate records

https://pagure.io/freeipa/issue/7458

Signed-off-by: Pavel Picka <ppicka@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-26 13:00:39 +02:00
Michal Reznik
5f87b9c3e5 ui_tests: run ipa-get/rmkeytab command on UI host
Run ipa-get/rmkeytab command on UI host in order to test whether
we have the key un/provisioned.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
bf1f2d1c3f ui_tests: select_combobox() fixes
Move strict "search_btn" element finding to later so we
do not fail when using combobox without search button.
Also switch open_btn.click() before fill_textbox() as it
is used to close the selection.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
16083eb9b5 ui_tests: test cancel and delete without button
Add "confirm_btn" to cancel dialog and if "None" return
for confirmation with "Enter" key.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
553183944a ui_tests: make associations cancelable
Adjust associations functions to simulate "cancel"
action.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
18e8c964f5 ui_tests: add function to run cmd on UI host
Run shell command on the UI system using "admin"
user's passwd from conf.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
95de6f061c ui_tests: add funcs to add/remove users public SSH key
Add funcs to add/remove users public SSH key.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
7fb4f755e9 ui_tests: add assert_field_required()
Add assert_field_required() to check whether we
got 'Required field' error message.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
01fa54117d ui_tests: add assert_notification()
Add assert_notification() function to check whether
we have a notification of particular type/

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
cd86fd21c5 ui_tests: add more test cases
Add more test cases to test_services. Details in the ticket.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
735d48d820 ui_tests: add more test cases to test_certification
Add cases for:
"cancel_cert_request", "cancel_hold_cert", "cancel_remove_hold",
"cancel_revoke_cert" and "revoke_cert"

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
0f5084b9c4 ui_tests: add_service() support func in test_service
Add add_service() support func into test_service.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
62a131aba0 ui_tests: add_host() support func in test_service
Add add_host() support func into test_service to
create temp hosts.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Michal Reznik
d8cbd5d3ac ui_tests: change get_http_pkey() function
change get_http_pkey() function to more generic one in
order to get pkey for different services

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-03-24 14:23:47 +01:00
Christian Heimes
48fb6d2c87 Fix compatibility with latest pytest
pytest removed copy() method from its Namespace class. Use the copy
module to make a copy of early options.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-03-23 13:08:39 +01:00
Ganna Kaihorodova
518e3578d1 Fix for test TestInstallMasterReservedIPasForwarder
Second check in test is failing, because it accepts default installer's values of domain, which is already used for lab machines.
IPA DNS domain must not exist before the installation, fix is to provide domain name derived from vm name.

Reviewed-By: Alexey Slaykovsky <alexey@slaykovsky.com>
2018-03-20 10:44:22 +01:00
Rob Crittenden
68c7b03689 Return a value if exceptions are raised in server uninstall
The AdminTool class purports to "call sys.exit() with the return
value" but most of the run implementations returned no value, or
the methods they called returned nothing so there was nothing to
return, so this was a no-op.

The fix is to capture and bubble up the return values which will
return 1 if any exceptions are caught.

This potentially affects other users in that when executing the
steps of an installer or uninstaller the highest return code
will be the exit value of that installer.

Don't use the Continuous class because it doesn't add any
value and makes catching the exceptions more difficult.

https://pagure.io/freeipa/issue/7330

Signed-off-by: Rob Crittenden rcritten@redhat.com
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-03-19 17:38:41 +01:00
Christian Heimes
69599560c1 Relax message check in test_create_host_with_ip
On Travis CI, the DNS update in test case test_create_host_with_ip may fail
with different error messages. Relax the error message check and just
check that the test case is hitting a DNS update failure.

This fixes a flaky test case on CI.

Closes: https://pagure.io/freeipa/issue/7447
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-03-16 14:25:37 +01:00
Christian Heimes
75f7b7b5e6 Make fasttest pass without ~/.ipa/default.conf
Some fast tests depend on an api.env with realm, domain, and host. On
machines without ~/.ipa/default.conf, the settings are not available.
Provide dummy values to make tests pass.

Closes: https://pagure.io/freeipa/issue/7432
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
2018-03-16 11:50:41 +01:00
Felipe Barreto
2c05e42af6 Fixing cleanup process in test_caless
After commit bbe615e12c278f9cddaeb38e80b970bf14d9b32d, if the uninstall
process fails (in the test cleanup) the error is not hidden anymore.

That brought light to errors in the cleanup process on
TestReplicaInstall test, like this:
```
RUN ['ipa-server-install', '--uninstall', '-U']
ipapython.admintool: ERROR    Server removal aborted:
Replication topology in suffix 'domain' is disconnected:
Topology does not allow server master.ipa.test to replicate with servers:
    replica0.ipa.test.
ipapython.admintool: ERROR    The ipa-server-install command failed
```

This commit changes the order of how a replica should be removed from
the topology.

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-03-14 12:28:16 +01:00
Michal Reznik
5a04936f47 test_caless: adjust try/except to capture also IOError
While testing on RHEL we are getting IOError instead of OSError.
Add also IOError to except clause.

This is mostly for compatibility reasons however should not cause
any issue as IOError is alias for OSError on Python3.

https://pagure.io/freeipa/issue/7439

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-03-14 12:26:42 +01:00
Michal Reznik
317c20e9dc
ipa_tests: test signing request with subca on replica
test to verify that replica is able to sign a certificate with
new sub CA.

https://pagure.io/freeipa/issue/7387

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-03-13 10:37:30 +01:00
Ganna Kaihorodova
9797309ef9
Overide trust methods for integration tests
Overide trust method test_establish_trust_with_posix_attributes to test_establish_trust.
Windows Server 2016 doesn't have support for MFU/NIS, so autodetection is not working

https://pagure.io/freeipa/issue/7313

Reviewed-By: Alexander Koksharov <akokshar@redhat.com>
2018-03-08 09:05:01 +01:00
Michal Reznik
2a50a7daf0 tests: ca-less to ca-full - remove certupdate
After commits 8960141 and 97942a7 we do not need to run
ipa-certupdate command anymore when switching to ca-full.

This patch removes the above mentioned commands in order to
properly test the scenario.

https://pagure.io/freeipa/issue/7309

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-02-26 10:11:33 +01:00
Florence Blanc-Renaud
4295df17a4 ipa host-add: do not raise exception when reverse record not added
When ipa host-add --random is unable to add a reverse record (for instance
because the server does not manage any reverse zone), the command
adds the host but exits (return code=1) with an error without actually
outputing the random password generated.
With this fix, the behavior is modified. The commands succeeds (return code=0)
but prints a warning.

This commit also adds a unit test.

https://pagure.io/freeipa/issue/7374

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-02-23 14:39:34 +01:00
Christian Heimes
492e3c9b1e NSSDB: Let certutil decide its default db type
CertDB no longer makes any assumptions about the default db type of a NSS
DB. Instead it let's certutil decide when dbtype is set to 'auto'. This
makes it much easier to support F27 and F28 from a single code base.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-02-23 11:04:10 +01:00
Christian Heimes
c5fb6c8502 Prepare migration of mod_nss NSSDB to sql format
- Refactor CertDB to look up values from its NSSDatabase.
- Add run_modutil() helpers to support sql format. modutil does not
  auto-detect the NSSDB format.
- Add migration helpers to CertDB.
- Add explicit DB format to NSSCertificateDatabase stanza
- Restore SELinux context when migrating NSSDB.
- Add some debugging and sanity checks to httpinstance.

The actual database format is still dbm. Certmonger on Fedora 27 does
neither auto-detect DB format nor support SQL out of the box.

https://pagure.io/freeipa/issue/7354

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-02-23 11:04:10 +01:00
Rob Crittenden
4d2c7a4a75
Add value in set_directive after a commented-out version
When setting a value using set_directive() look for a commented-out
version of the directive and add the new value immediately after
that to keep the proper context.

Related: https://pagure.io/freeipa/issue/3757
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-02-21 07:57:40 +01:00
Christian Heimes
68caeb8b19 Add mocked test for named crypto policy update
Mocked tests require the mock package for Python 2.7. Python 3 has
unittest.mock in the standard library.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-02-20 17:01:52 +01:00
Petr Vobornik
6b214512b3 webui:tests: close big notifications in realm domains tests
Realm domains commands produce big fat warnings about DNS state/checks.
Given the length of these warnings, they stay displayed for longer time.
As Web UI automated tests progresses quickly more of the warnings can
be displayed at the same time and thus taking a lot of space and thus
covering UI needed for next test step.

By closing the notifications before next action we make sure that test
won't fail because notification covered the required UI.

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-02-20 15:17:13 +01:00
Petr Vobornik
d73d49f3f6 webui:tests: realm domain add with DNS check
Try adding and deleting with "Check DNS" (in html 'ok' button)

DNS check expects that the added domain will have DNS record:
    TXT _kerberos.$domain "$REALM"

When a new domain is added using dnszone-add it automatically adds
this TXT record and adds a realm domain. So in order to test without
external DNS we must get into state where realm domain is not added
(in order to add it) but DNS domain with the TXT record exists.

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-02-20 15:17:13 +01:00
Petr Vobornik
d7d13bc950 webui:tests: move DNS test data to separate file
So that the data can be used in other test without running
the DNS tests.

Reviewed-By: Petr Cech <pcech@redhat.com>
2018-02-20 15:17:13 +01:00
Christian Heimes
9c2c3df0ab Add better CalledProcessError and run() logging
In case of an error, ipapython.ipautil.run() now raises an exception that
contains the error message of the failed command. Before the exception
only contained the command and error code.

The command is no longer collapsed into one string. The error message
and logging output contains the actual command and arguments with intact
quoting.

Example:
CalledProcessError(Command ['/usr/bin/python3', '-c', 'import sys; sys.exit(" ".join(("error", "XXXXXXXX")))'] returned non-zero exit status 1: 'error XXXXXXXX\n')

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-02-20 13:03:01 +01:00
Florence Blanc-Renaud
d647072642
ACI: grant access to admins group instead of admin user
The ACI needed for staged users and deleted users were granted
only to the uid=admin user. They should rather be granted to
cn=admins group, to make sure that all members of the admins
group are able to call the command ipa user-del --preserve.

This commit also adds integration test for non-regression.

https://pagure.io/freeipa/issue/7342

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-02-19 15:51:44 +01:00
Felipe Barreto
a5bd7bf766 WebUI Tests: changing the ActionsChains.move_to_element to a new approach
The approach ActionChains.move_to_element no longer works as said here [1],
so, it's necessary to change it to the new one. This means, running a
javascript script to move the page to where the element is.

There are more details in the link [1], but in summary the w3c spec is
not obvious if a click should scroll the page to the element or not.
In one hand Chrome and Edge does that, but Firefox don't. As we use
Firefox to run the tests, we need the workaround.

[1] https://github.com/mozilla/geckodriver/issues/776

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-02-16 09:57:07 +01:00
Felipe Barreto
81fb7e5a32 WebUI Tests: fixing test_user.py::test_test_noprivate_posix
When filling the combo box (the gidnumber) in the dialog to create a new
user, the Add button was also clicked; closing the dialog. The wait
makes it to not click.

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-02-16 09:57:07 +01:00
Felipe Barreto
a072fe9718 WebUI Tests: Changing how the initial load process is done
Instead of always entering the address on the address bar and reloading the
application, now the code checks if that is necessary.

With the change, the logout process is done correctly and we do not keep any
AJAX call left behind. Which could cause the user not being logout properly and
breaking the tests.

More about the logout problem described in:
https://github.com/freeipa/freeipa/pull/1479

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-02-16 09:57:07 +01:00
Felipe Barreto
12da43c54f WebUI Tests: fixing test_range test case
As described in the commit [1] and ticket [2], it should not be possible to
change the range of a local IPA domain.

The basic_crud was changed to make it flexible to do not run the mod operation
if needed.

[1] 55feea500b
[2] https://pagure.io/freeipa/issue/4826

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-02-16 09:57:07 +01:00
Felipe Barreto
49a17e98b0 WebUI Tests: changing how the login screen is detected
The "rcue-login-screen" element does not exist anymore. Changing the
code to use the ".login-pf" instead.

With the change, it's also necessary to check if the login screen is still
visible when trying to fill the fields of new password, otherwise a
StaleElementReferenceException exception will be raised.

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-02-16 09:57:07 +01:00
Felipe Barreto
7c3f9b79eb WebUI Tests: refactoring login method to be more readable
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-02-16 09:57:07 +01:00
Felipe Barreto
3fa4378bc4 WebUI Tests: fixing test_navigation
Removing old menu options, including idview and navigation on the
side bar

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-02-16 09:57:07 +01:00
Felipe Barreto
dae5bac39b WebUI Tests: fixing test_group
Removing old data that is not needed anymore.

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-02-16 09:57:07 +01:00
Felipe Barreto
83ed8d2792 WebUI Tests: fixing test_hbac
Adding more wait_for_request between navigation and small
code refactor.

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-02-16 09:57:07 +01:00
Stanislav Laznicka
f31797c70a Have all the scripts run in python 3 by default
The Python 3 refactoring effort is finishing, it should be safe
to turn all scripts to run in Python 3 by default.

https://pagure.io/freeipa/issue/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-02-15 18:43:12 +01:00
Christian Heimes
1b0c55a3b3 Unified ldap_initialize() function
Replace all ldap.initialize() calls with a helper function
ldap_initialize(). It handles cacert and cert validation correctly. It
also provides a unique place to handle python-ldap 3.0 bytes warnings in
the future.

Fixes: https://pagure.io/freeipa/issue/7411
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-02-15 18:32:17 +01:00
Florence Blanc-Renaud
c701cd21d3 389-ds OTP lasttoken plugin: Add unit test
Add a xmlrpc test checking that a user cannot delete his last
OTP token.

Related to
https://pagure.io/freeipa/issue/7012

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Reviewed-By: Alexey Slaykovsky <alexey@slaykovsky.com>
2018-02-15 14:10:48 +01:00
Christian Heimes
0ee3a26711 Fix i18n test for Chinese translation
Python 3's regular expression default to full range of unicode
characters. Restrict \w matches to ASCII and drop \b suffix check to fix
a problem with validation the Chinese translation zh_CN.

Co-Authored-By: Stanislav Laznicka <slaznick@redhat.com>
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-02-15 11:45:31 +01:00
Christian Heimes
8ffa33c24e Generate same API.txt under Python 2 and 3
Use Python 3's reprlib with customizations to create same API.txt under
Python 2 and 3. Some plugins have been slightly altered to use stable
sorting for dynamically created parameter lists.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-02-15 09:41:30 +01:00
Aleksei Slaikovskii
86a6fdcc43 test_backup_and_restore.py Fix logging
Use strings to log in restore_checker and backup functions.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-02-14 14:26:27 +01:00
Mohammad Rizwan Yusuf
80585f5c56 Before the fix, when ipa-backup was called for the first time, the LDAP database exported to /var/lib/dirsrv/slapd-<instance>/ldif/<instance>-userRoot.ldif. db2ldif is called for this and it runs under root, hence files were owned by root.
When ipa-backup called the next time, the db2ldif fails,
because the tool does not have permissions to write to the ldif
file which was owned by root (instead of dirsrv)

This test check if files are owned by dirsrv and db2ldif doesn't
fails

related ticket: https://pagure.io/freeipa/issue/7010

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-02-14 10:17:17 +01:00
Florence Blanc-Renaud
7364c268eb ipa host-add --ip-address: properly handle NoNameservers
When ipa host-add --ip-address is called but no DNS server is able to answer
for the reverse zone, get_reverse_zone raises a NoNameservers exception.
The exception is not managed by add_records_for_host_validation, and this
leads to the command exiting on failure with an InternalError:
    $ ipa host-add testhost.ipadomain.com --ip-address 172.16.30.22
    ipa: ERROR: an internal error has occurred
A traceback is also logged in httpd error_log.

This commit properly handles the exception, and adds a test.

https://pagure.io/freeipa/issue/7397

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-02-12 17:30:52 +01:00
Aleksei Slaikovskii
93b7c40158 Enable and start oddjobd after ipa-restore if it's not running.
If after ipa-restore the service oddjobd is not running,
domain-level1 replica installation will fail during
ipa-replica-conncheck because this step is using oddjob
to start the process ipa-replica-conncheck on the master.

This patch fixes it. Also added regression test.

https://pagure.io/freeipa/issue/7234

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2018-02-09 09:44:11 +01:00
Rob Crittenden
8821f7ae8e Fix detection of KRA installation so upgrades can succeed
Use is_installed() instead of is_configured() because
is_installed() does a config file check to see if the service
is in use.

https://pagure.io/freeipa/issue/7389

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2018-02-08 09:39:18 +01:00
Christian Heimes
2391c75e3d Replace hard-coded paths with path constants
Several run() calls used hard-coded paths rather than pre-defined paths
from ipaplatform.paths. The patch fixes all places that I was able to
find with a simple search.

The fix simplifies Darix's port of freeIPA on openSuSE.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-02-08 09:32:12 +01:00
Michal Reznik
e5a508a749 ipa_tests: test subca key replication
Test if key replication is not failing.

https://pagure.io/freeipa/issue/7387

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-02-07 20:02:53 +01:00
Felipe Barreto
d945583cc7 Make IntegrationTest fail if an error happened during uninstall
Before this change, if the uninstall process fails, the test would not fail, due
to the raiseonerr=False.

It's necessary to remove the uninstall call in CALessBase because in
TestIntegration there is another uninstall call. So, without the
raiseonerr=False, it would make the uninstall process fail, since the master is
already uninstalled.

https://pagure.io/freeipa/issue/7357

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-02-07 13:24:46 +01:00
Felipe Barreto
7b7edd57cd IntegrationTests now collects logs from all test methods
logs_dict should not be cleared. It's filled once per class and it
should not be cleared after running the first test.

https://pagure.io/freeipa/issue/7310
https://pagure.io/freeipa/issue/7335

Reviewed-By: Michal Reznik <mreznik@redhat.com>
2018-02-06 15:53:08 +01:00
Mohammad Rizwan Yusuf
1ad27076a5 Updated the TestExternalCA with the functions introduced for the steps of external CA installation.
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-02-06 12:16:14 +01:00
Mohammad Rizwan Yusuf
f1f180985f When the dirsrv service, which gets started during the first ipa-server-install --external-ca phase, is not running when the second phase is run with --external-cert-file options, the ipa-server-install command fail.
This test checks if second phase installs successfully when dirsrv
is stoped.

related ticket: https://pagure.io/freeipa/issue/6611

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-02-06 12:16:14 +01:00
Mohammad Rizwan Yusuf
9c208ea14d
IANA reserved IP address can not be used as a forwarder. This test checks if ipa server installation throws an error when 0.0.0.0 is specified as forwarder IP address.
related ticket: https://pagure.io/freeipa/issue/6894

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-01-31 16:13:50 +01:00
Florence Blanc-Renaud
86a78ca244 test_integration: backup custodia conf and keys
Add an integration test for issue 7247 (ipa-backup does not backup
Custodia keys and files)
The test performs backup / uninstall / check custodia files were removed /
restore and check that the custodia conf and keys files are restored.

related ticket https://pagure.io/freeipa/issue/7247

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-01-29 11:19:56 +01:00
Felipe Barreto
cd660d1922
Fixing test_backup_and_restore assert to do not rely on the order
Since we cannot assume that LDAP will return data in any ordered way,
the test should be changed to do not rely on that.

Instead of just comparing the output of the show-user command, this change
first order the groups returned in the 'Member of Group' field before
compare them.

https://pagure.io/freeipa/issue/7339

Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-01-17 16:01:13 +01:00
Michal Reznik
e55969f7e0 test_caless: add SAN extension to other certs
Currently when testing we are using SAN extension only in
KDC, wildcard certs and not in the other certs.
During replica installation we then see a warning about certs
having no `subjectAltName`.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-01-17 12:52:16 +01:00
Christian Heimes
0cab090f4d
ipa-run-tests: make --ignore absolute, too
ipa-run-tests now applies the same logic to --ignore then to included
paths.

https://pagure.io/freeipa/issue/7355

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Michal Reznik <mreznik@redhat.com>
2018-01-12 13:47:06 +01:00
Michal Reznik
3bdac1a84d tests: move CA related modules to pytest_plugins
Till now both create_caless_pki.py and create_external_ca.py were
stored in test_integration folder. However when trying to import
e.g. "from create_external_ca import ExternalCA" from tasks.py
where all other integration test`s support functions lives we get
"AttributeError: module 'pytest' has no attribute 'config' as pytest
was not completely initialized at the moment of the import.

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-01-09 10:17:01 +01:00
Michal Reznik
ad996d79c6 test_external_ca: selfsigned->ext_ca->selfsigned
Add selfsigned > external_ca > selfsigned test case.

Covers Pagure issue #7106

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-01-09 10:17:01 +01:00
Michal Reznik
efe21a1bda test_tasks: add sign_ca_and_transport() function
Add sign_ca_and_transport() function which will sign provided csr
and transport root CA and signed IPA CA to the host.

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-01-09 10:17:01 +01:00
Michal Reznik
434d7d423c test_caless: test PKINIT install and anchor update
Add test case for installing PKINIT and anchor update when using
3rd party CA after caless installation. Related to #6831 issue.

https://pagure.io/freeipa/issue/7233

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-01-09 09:37:24 +01:00
Michal Reznik
dbb7784b90 test_renewal_master: add ipa csreplica-manage test
Add test case for setting renewal master using command
ipa-csreplica-manage.

Automation related to upstream ticket #7120. Testing using
config-mod already covered.

https://pagure.io/freeipa/issue/7321

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-01-09 09:36:33 +01:00
Felipe Barreto
f5c01c5e86 Fixing test_testconfig with proper asserts
When the cls in env_config.py is a WinHost, the __init__ receives different
parameters. Now, it's adapted to all different kinds of hosts.

Also, it's necessary to add the host_type field to most of domains created
in the test classes, because the field is returned by pytest_multihost.Config
in pytest_plugins/integration/config.py::Config::to_dict

https://pagure.io/freeipa/issue/7346

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-01-09 08:03:49 +01:00
Aleksei Slaikovskii
a70dcb1e18 test_backup_and_restore.py AssertionError fix
prefix in the backup function expects output to have
'ipa.ipaserver.install.ipa_backup.Backup:' and it's wrong. The right
one is 'ipaserver.install.ipa_backup:'.

https://pagure.io/freeipa/issue/7339

Reviewed-By: Felipe Volpone <fbarreto@redhat.com>
2018-01-09 08:02:29 +01:00
Florence Blanc-Renaud
830866d68a Idviews: fix objectclass violation on idview-add
When the option --domain-resolution-order is used with the command
ipa idview-add, the resulting LDAP object stores the value in
ipadomainresolutionorder attribute.
The issue is that the add command does not add the needed object
class (ipaNameResolutionData) because it is part of
possible_objectclasses but not of object_class.

The fix makes sure to add the objectclass when the option
--domain-resolution-order is used, and adds a non-regression test.

Note that idview-mod does not have any issue as it correctly handles
the addition of missing possible objectclasses.

Fixes:
https://pagure.io/freeipa/issue/7350

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-01-09 07:58:52 +01:00
Christian Heimes
beb6d74b81 LGTM: unnecessary else in for loop
for/else makes only sense when the for loop uses break, too. If the for
loop simply returns on success, then else is not necessary.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-01-09 07:53:28 +01:00
Christian Heimes
73ee9ff40e LGTM: Fix multiple use before assignment
- Move assignment before try/finally block
- Add raise to indicate control flow change
- Add default value

https://pagure.io/freeipa/issue/7344

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-01-09 07:53:28 +01:00
Christian Heimes
1ed4461f33 LGTM: Use of exit() or quit()
Replace exit() with sys.exit(). exit() or quit() may fail if the interpreter
is run with the -S option.

https://pagure.io/freeipa/issue/7344

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-01-09 07:53:28 +01:00
Christian Heimes
93c158b058 ipa-run-tests: replace chdir with plugin
The ipa-run-tests command used os.chdir() to change into the ipatests/
directory. The approach works for simple cases but breaks some pytest
features. For example it makes it impossible to selects tests by their
fully qualified test name.

Further more, coverage statistics break because path and module names
get messed up by chdir.

A name plugin takes care of adjusting paths relative to ipatests and to
add ipatests as base. It's now possible to run tests with qualified test
names, e.g.

  ipa-run-tests ipatests/test_ipalib/test_base.py::test_ReadOnly::test_lock

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Felipe Volpone <fbarreto@redhat.com>
2018-01-04 19:36:27 +01:00
Michal Reznik
65c592334a test_cert_plugin: check if SAN is added with default profile
https://pagure.io/freeipa/issue/7334

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-01-04 16:28:14 +01:00
Michal Reznik
23d729e0de test_help: test "help" command without cache
This test case addresses upsteam ticket #6999, where "ipa help"
does not work if called when no schema is cached.

https://pagure.io/freeipa/issue/7325

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-12-19 14:03:24 +01:00
Christian Heimes
d7426ccbe7 Replace nose with unittest and pytest
* Replace raise nose.SkipTest with raise unittest.SkipTest
* Replace nose.tools.assert_equal(a, b) with assert a == b
* Replace nose.tools.raises with pytest.raises
* Convert @raises decorator to pytest.raises() but just for relevant
  lines.
* Remove nose dependency

I left the nose_compat pytest plugin in place. It can be removed in
another request in case it is no longer used.

https://pagure.io/freeipa/issue/7301

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-12-12 16:16:58 +01:00
Pavel Vomacka
4d9d953663 Extend ui_driver to support geckodriver log_path
Geckodriver automatically logs into geckodriver.log file which
is placed in the same directory from which tests are run. In case
of running tests using ipa-run-tests the current working directory is
/usr/lib/python*/site-packages/ipatests where most of users cannot
write because of priviledges.

By adding "geckodriver_log_path" into test configuration we allow to
set path where user who run tests have priviledges to write.

Config file might be seen here:
https://www.freeipa.org/page/Web_UI_Integration_Tests#Running_tests

Fixes: https://pagure.io/freeipa/issue/7311
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-12-12 14:19:44 +01:00
Christian Heimes
f4001e1c53 Add safe DirectiveSetter context manager
installutils.set_directive() is both inefficient and potentially
dangerous. It does not ensure that the whole file is written and
properly synced to disk. In worst case it could lead to partially
written or destroyed config files.

The new DirectiveSetter context manager wraps everything under an easy
to use interface.

https://pagure.io/freeipa/issue/7312

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2017-12-12 14:13:54 +01:00
Fraser Tweedale
f688b5d8a7 Add tests for installutils.set_directive
Part of: https://pagure.io/freeipa/issue/7288

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2017-12-12 14:13:54 +01:00
Christian Heimes
b98f9b46de Add marker needs_ipaapi and option to skip tests
The new marker needs_ipaapi is used to mark tests that needs an
initialized API (ipalib.api) or some sort of other API services (running
LDAP server) to work. Some packages use api.Command or api.Backend on
module level. They are not marked but rather skipped entirely.

A new option ``skip-ipaapi`` is added to skip all API based tests. With
the option, only simple unit tests are executed. As of now, freeIPA
contains more than 500 unit tests that can be executed in about 5
seconds.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-12-11 20:40:06 +01:00
Michal Reznik
29d0f8673c test_x509: test very long OID
Active Directory creates OIDs long enough to trigger a failure.
This can cause e.g. ipa-server-install failure when installing
with an externally-signed CA.

https://pagure.io/freeipa/issue/7300

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-12-11 12:05:16 +01:00
Mohammad Rizwan Yusuf
feee70d7bb ipatest: replica install with existing entry on master
replica install might fail because of existing entry for replica like
    `cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX` etc. The situation
    may arise due to incorrect uninstall of replica or ipa server-del is
    not executed on master.

    related bug : https://pagure.io/freeipa/issue/7174

Fixes: https://pagure.io/freeipa/issue/7276

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-12-11 08:32:39 +01:00
Fraser Tweedale
ba411b0f6d Re-enable some KRA installation tests
Some KRA installation tests were disabled due to failures caused by
security domain session replication lag.  This problem has been
addressed in Dogtag by introducing a default 5 second sleep after
security domain login, to give more time for session data to be
replicated to other hosts.  There is still a possibility for this
kind of failure, but the delay minimises it.

FreeIPA depends on the version of Dogtag that contains this change,
so remove the failing-test annotations.

Fixes: https://pagure.io/freeipa/issue/7220
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-12-07 13:03:30 +01:00
Christian Heimes
be09823fd5 Skip test_rpcclient_context in client tests
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-12-06 16:54:04 +01:00
Christian Heimes
c1f275f9eb Update to python-ldap 3.0.0
Replace python3-pyldap with python3-ldap.

Remove some old code for compatibility with very old python-ldap.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-12-06 16:54:04 +01:00
Rob Crittenden
e8a26afb94 Add test to ensure that properties are being set in rpcclient
Upon a connection several values should be available within
the connextion context. Test that they are being set properly.

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-12-04 10:29:19 -05:00
Michal Reznik
1ec3d54d55 test_batch_plugin: fix py2/3 failing assertion
When running "test_batch_plugin" with Py2 against Py3 server we
got assertion error due to a command trying to run as bytes.

E.g.: unknown command 'b'ping''

https://pagure.io/freeipa/issue/7131

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-11-30 15:51:24 +01:00
Alexander Bokovoy
64f4c71dd6 test_dns_plugin: cope with missing IPv6 in Travis
If IPv6 is not enabled, cope with the possibility to get incomplete
output back from the IPA CLI.

To do so, use lambda to analyze the result rather than explicit
comparison with the expected output.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-11-29 15:55:00 +02:00
Christian Heimes
4069c129ea Add workaround for pytest 3.3.0 bug
pytest is setting an env var PYTEST_CURRENT_TEST to the test name + test
parameters. If parameters happen to contain NULL bytes, the putenv()
call fails with "ValueError: embedded null byte". The workaround uses
repr() of test parameters as parameter id.

See https://github.com/pytest-dev/pytest/issues/2957
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-11-28 19:43:15 +01:00
Petr Čech
cd80036b6b
tests: Mark failing tests as failing
Some tests from installation suite fail.
The issues are:

* ipa-replica-install --setup-kra if first KRA in topology fails
  https://pagure.io/freeipa/issue/7008

* Third KRA installation in topology fails
  https://pagure.io/freeipa/issue/7220

This patch marks those tests as failing.

Signed-off-by: Petr Čech <pcech@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2017-11-28 09:45:32 +01:00
Christian Heimes
191605efd6 Reproducer for bug in structured dnsrecord_show
"RuntimeError: dictionary changed size during iteration" in
ipaserver/plugins/dns.py", line 3209, in postprocess_record

https://pagure.io/freeipa/issue/7275

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2017-11-27 11:46:54 +01:00
Michal Reznik
d3a2a9be24 test_vault: increase WAIT_AFTER_ARCHIVE
Fixes failing "ipa vault-retrieve" on replica due to a vault
not yet replicated. Increase from 30 to 45 seems to be enough.

https://pagure.io/freeipa/issue/7265

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-11-22 15:19:52 +01:00
Christian Heimes
e1bd827bbf Require UTF-8 fs encoding
http://blog.dscpl.com.au/2014/09/setting-lang-and-lcall-when-using.html

https://pagure.io/freeipa/issue/5887

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-11-21 16:13:28 +01:00
Christian Heimes
0071744929 Support sqlite NSSDB
Prepare CertDB and NSSDatabase to support sqlite DB format. NSSDatabase
will automatically detect and use either old DBM or new SQL format. Old
databases are not migrated yet.

https://pagure.io/freeipa/issue/7049

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-11-16 12:17:01 +01:00
Christian Heimes
64a88d597c Py3: Fix vault tests
* Bump PKI to 10.5.1-2, which fixes an issue with KRA under Python 3
* Correct encoding of secret

https://pagure.io/freeipa/issue/7033

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-11-16 08:50:58 +01:00
Michal Reznik
cedd52d7f9 test_caless: fix http.p12 is not valid
In "test_invalid_ds_cn" test case an old invalid http.p12 cert
is used as a leftover after previous "test_invalid_http_cn" test.
Get new valid http.p12 cert using create_pkcs12().

Also use server-badname cert instead of cert for replica.
This explicitly ensures a non-matching hostname/SAN rather than
implicitly by using a certificate for the replica.

https://pagure.io/freeipa/issue/7254

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-11-15 16:23:15 +01:00
Michal Reznik
495b85793c test_caless: fix TypeError on domain_level compare
Fixes an error where we were getting domain_level None and after
switching to Py3 we hit TypeError because of comparing None and int.

https://pagure.io/freeipa/issue/7254

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-11-15 16:23:15 +01:00