Commit Graph

86 Commits

Author SHA1 Message Date
Fraser Tweedale
ab7226dcef acme: add integration test to nightly CI
Part of: https://pagure.io/freeipa/issue/4751

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-07-10 08:33:22 -04:00
Armando Neto
cc624fb178 ipatests: bump prci templates
Remove all freeipa-* packages from template:
bdd98c3b9d

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-06-26 16:47:54 -03:00
sumenon
f1b2d7b6fc Modified YAML to include healthcheck AD tests
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-06-24 10:23:26 +02:00
François Cami
c5e6fe057c ipatests: increase test_caless_TestReplicaInstall timeout
test_caless_TestReplicaInstall timeout seems too short.
Extend it.

Fixes: https://pagure.io/freeipa/issue/8377
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2020-06-23 10:38:24 +02:00
Armando Neto
04ce1a415b ipatests: bump prci templates
New images were necessary to include updated `selinux-policy` package.

Rawhide image based on `Fedora-Rawhide-20200607.n.0` compose.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-06-17 08:03:17 +02:00
François Cami
3805eff417 IPA-EPN: Test suite.
Initial test suite for EPN.

Fixes: https://pagure.io/freeipa/issue/3687
Signed-off-by: François Cami <fcami@redhat.com>
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-06-09 08:43:45 +02:00
Armando Neto
40b8174c34 prci: update templates for new Fedora release
"previous" updated to Fedora 31
"latest" updated to Fedora 32
"rawhide" based on Fedora 33

389ds, testing and pki definitions updated to Fedora 32

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-04-30 12:05:35 +02:00
François Cami
306adf6b51 ipatests: increase test_webui_server timeout
test_webui_server tends to take more than 3600s to run.
Increase timeout to 7200s.

Fixes: https://pagure.io/freeipa/issue/8266
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2020-04-14 14:11:11 +02:00
François Cami
8a793b7da5 ipatests: increase test_ipahealthcheck timeout
test_ipahealthcheck tends to take more than 3600s to run.
Increate timeout to 4800s.

Fixes: https://pagure.io/freeipa/issue/8262
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2020-04-09 09:08:57 +03:00
Sergey Orlov
b238812b96
update prci definitions for test_sssd.py
The test now requires AD domain + subdomain

Related to: https://pagure.io/SSSD/sssd/issue/4078

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-04-03 11:15:57 +02:00
Sergey Orlov
1c4aa66b3c
ipatests: add missing classes from test_installation in nightly runs
The following test classes were missing in all nightly definitions:
* TestADTrustInstall
* TestADTrustInstallWithDNS_KRA_ADTrust
* TestKRAinstallAfterCertRenew

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-04-01 14:34:40 +02:00
Sergey Orlov
99a322a4ae
ipatests: run test_integration/test_cert.py in PR-CI
Execute test_integration/test_cert.py test in gating and generic
nightly test runs

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-04-01 14:34:40 +02:00
Sergey Orlov
b8e1a7d5ae
ipatests: run all cases from test_integration/test_idviews.py in nightlies
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-04-01 14:34:40 +02:00
François Cami
3a9b66b530 ipatests: test ipa-backup with different role configurations.
ipa-backup should refuse to execute if the local IPA server does not
have all the roles used in the cluster.
A --disable-role-check knob should also be provided to bypass the
check.

Add an integration test for the new behavior and the knob.

Related: https://pagure.io/freeipa/issue/8217
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2020-04-01 12:09:16 +02:00
François Cami
ee80d0dbfb pr-ci templates: update test_fips timeouts
test_fips takes between 45 and ~80 mins to run.
The templates' timeout was 3600s which is too short for
successful execution. 7200s should do.

Fixes: https://pagure.io/freeipa/issue/8247
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2020-03-28 19:55:10 +01:00
François Cami
f9804558bb ipatests: test_replica_promotion.py: test KRA on Hidden Replica
The Hidden replica tests did not test what happened when KRA was
installed on a hidden replica and then other KRAs instantiated from
this original one. Add a test scenario that covers this.

Related: https://pagure.io/freeipa/issue/8240
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2020-03-26 13:18:14 +01:00
Florence Blanc-Renaud
fc4c3ac795 ipatests: add test for ipa-adtrust-install --add-agents
Add tests checking the behavior of ipa-adtrust-install when
adding trust agents:
- try calling the remote method trust_enable_agent with
a principal missing the required privilege.
- try adding a trust agent when the remote node is stopped.
The installer must detect that he's not able to run the remote
commands and print a WARNING.
- try adding a trust agent when the remote node is running.
The WARNING must not be printed as the remote configuration is done.
- try adding a trust agent with --enable-compat.
The WARNING must not be printed and the Schema Compatibility plugin
must be enabled (the entries
cn=users/groups,cn=Schema Compatibility,cn=plugins,cn=config
must contain a new attribute schema-compat-lookup-nsswitch
(=user/group).

Thanks to sorlov for the nightly test definitions and new test.

Related: https://pagure.io/freeipa/issue/7600
Co-authored-by: Sergey Orlov <sorlov@redhat.com>
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
2020-03-05 14:40:58 +01:00
Kaleemullah Siddiqui
10e8e7af03 Tests for backup-restore when pkg required is missing
Tests for ipa-restore behaviour when dns or adtrust
rpm is missing which is required during ipa-restore

https://pagure.io/freeipa/issue/7630

Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-17 17:02:32 +01:00
Sergey Orlov
001de6eed7
ipatests: add test_trust suite to nightly runs
The test suite test_trust was missing in nightly definitions
because PR-CI was not able to provision multi-AD topology.
Now that PR-CI is updated, we can start executing this test suite.
It is not reasonable to add it to gating as this suite is
time consuming like other tests requiring provisioning of AD instances.

Signed-off-by: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-02-14 12:48:34 +01:00
Anuja More
0a4bec2a1f Update topology for test_integration/test_sssd.py
Added changes in topology for test_sssd.py
As in test it needs client also.

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2020-02-12 17:34:32 +01:00
Florence Blanc-Renaud
60f746d998 ipatests: update packages for rawhide and updates-testing nightlies
The nightly tests for rawhide and updates_testing are expected
to set
        update_packages: True
in all the job definitions to make sure that dnf/yum update is called
before starting the tests.

This tag was missing for some jobs, this commit fixes the issue.

Reviewed-By: Armando Neto <abiagion@redhat.com>
2020-02-10 15:22:54 +01:00
Armando Neto
19f0142e79 prci: Bump version of all templates
These new images have SELinux enabled in permissive mode. After
this all tests skipped because SELinux was disabled will be
executed again.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-02-05 14:48:34 -03:00
sumenon
000703c89f Nightly definition for ipa-healthcheck tool
Signed-off-by: sumenon <sumenon@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2020-02-04 09:20:23 -05:00
Gaurav Talreja
7862e9bec5 Normalize title of test external_ca in prci-definition
Use a consistent way to label the tests. As a result, replace external_ca_1 with test_external_ca_TestExternalCA and external_ca_2 with test_external_ca_TestSelfExternalSelf to better reflect which subtest is executed.
Issue : freeipa/freeipa-pr-ci#336

Signed-off-by: Gaurav Talreja <gtalreja@redhat.com>
Reviewed-By: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-01-30 11:53:20 +01:00
Sergey Orlov
0ad4f4c86a
ipatests: add test_winsyncmigrate suite to nightly runs
The test suite test_winsyncmigrate was missing in nightly definitions
because CI was lacking configuration needed for establishing winsync
agreement: the Certificate Authority needs to be configured on
Windows AD instance. Now that PR-CI is updated to include said changes, we
can start executing this test suite. It is not reasonable to add it to
gating as this suite is time consuming just like other tests requiring
provisioning of AD instances.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-01-23 16:38:56 +01:00
Armando Neto
a22e873480 prci: update packages for rawhide nightly runs
This forces PR-CI to update the packages instead of using the versions
already included in the vagrant image.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-01-03 09:43:40 -03:00
Jayesh Garg
fb3c2c1402 Nightly definations commit
Signed-off-by: Jayesh Garg <jgarg@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2019-12-23 12:56:30 +01:00
Gaurav Talreja
775bbb919a prci: bump template version for nightly_rawhide
New template is based on Fedora-Cloud-Base-Vagrant-Rawhide-20191201.n.0.x86_64.vagrant-libvirt.box

Template used : https://app.vagrantup.com/freeipa/boxes/ci-master-frawhide/versions/0.0.10

Tested at : https://github.com/freeipa-pr-ci2/freeipa/pull/94

Signed-off-by: Gaurav Talreja <gtalreja@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2019-12-17 15:53:31 -03:00
Thomas Woerner
a2820bbbc3 Enable TestInstallMasterDNSRepeatedly in prci_definitions
For fedora-latest, pki-fedora, fedora-previous and fedora-rawhide

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2019-12-12 18:24:44 +01:00
François Cami
6462cc0f3a ipatests: fix pr-ci templates' indentation
temp_commit.yaml among others have wrong indentation:
expected 4 but found 3.
Fix indentation.

Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2019-12-12 10:01:25 +01:00
Christian Heimes
095d3f9bc9 Add test case for OTP login
Add integration tests to verify HOTP, TOTP, service with OTP auth
indicator, and OTP token sync.

Related: https://pagure.io/freeipa/issue/7804
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-11-28 16:09:07 +01:00
Florence Blanc-Renaud
094cf629b3 Nightly definition: use right template for krbtpolicy
The ipaserver template triggers the installation of IPA server
before the tests are launched and should not be used for
test_integration tests

Switch to master_1repl template.

Related: https://pagure.io/freeipa/issue/8001
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2019-11-25 12:38:32 +01:00
Rob Crittenden
c02cc93c14 Add integration test for Kerberos ticket policy
This also exercises the Authentication Indicator Kerberos ticket
policy options by testing a specific indicator type.

Related: https://pagure.io/freeipa/issue/8001

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2019-11-21 11:13:12 -05:00
Christian Heimes
b216701d9a Show group-add/remove-member-manager failures
Commands like ipa group-add-member-manager now show permission
errors on failed operations.

Fixes: https://pagure.io/freeipa/issue/8122
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-11-20 17:08:40 +01:00
Christian Heimes
8124b1bd4c Test installation with (fake) userspace FIPS
Based on userspace FIPS mode by Ondrej Moris.

Userspace FIPS mode fakes a Kernel in FIPS enforcing mode. User space
programs behave like the Kernel was booted in FIPS enforcing mode. Kernel
space code still runs in standard mode.

Fixes: https://pagure.io/freeipa/issue/8118
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-11-14 16:01:15 +01:00
Armando Neto
c62bd1608e prci: rename definitions files and jobs to change how fedora releases are referenced
Replacing `fedora-30` with `fedora-latest` and `fedora-29` with `fedora-previous` will
reduce the changes required for new releases of Fedora.

Future changes would only require to update the name and version of the template used.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2019-11-12 09:16:11 -03:00
Christian Heimes
0f4c41ab26 Add tests for member management
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-11-11 09:31:14 +01:00
Armando Neto
3d8a444f62 prci: increase timeout argument for test_sssd.py
Follow-up for commit a4ca34261a.

Vagrant retries to provision hosts if something happens, it was introduced
in PR-CI after freeipa/freeipa-pr-ci@380c8b8.

This takes time, some jobs are killed during test execution, so this
adds 20 minutes more to `test_sssd.py` test suite.

This also adds a missing but available topology to `temp_commit.yaml`.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
2019-10-18 11:27:09 -03:00
Fraser Tweedale
e767386e71 test_integration: add tests for custom CA subject DN
Define integration test for custom CA subject DN and subject base
scenarios.  Add to nightly CI runs.

Part of: https://pagure.io/freeipa/issue/8084

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2019-10-17 08:17:46 +02:00
Mohammad Rizwan Yusuf
c77bbe7899 Add test to nightly yamls
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-10-07 08:08:35 +02:00
Armando Neto
a4ca34261a prci: increase timeout for jobs that required AD
Vagrant retries to provision hosts if something happens, it was introduced
in PR-CI after 380c8b8c78.

This takes time, some jobs are killed during test execution, so this
increases the time-out parameter from 1 hour and 20 minutes to 2 hours.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2019-10-03 09:01:16 -03:00
Sergey Orlov
4ab2842b76
ipatests: add tests for cached_auth_timeout in sssd.conf
The tests check that auth cache
* is disabled by default
* is working when enabled
* expires after specified time
* is inherited by trusted domain

Related to: https://bugzilla.redhat.com/1685581

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2019-09-19 10:26:58 +02:00
Armando Neto
2e0850e70e prci: fix typo on nightly test definitions
PR-CI breaks if the class to execute the tests doesn't exist.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2019-09-11 18:16:11 +02:00
Sergey Orlov
1d033b040d
ipatests: refactor and extend tests for IPA-Samba integration
Add tests for following scenarios:
* running `ipa-client-samba --uninstall` without prior installation
* mount and access Samba share by IPA user
* mount and access Samba share by AD user
* mount samba share by one IPA user and access it by another one
* try mount samba share without kerberos authentication
* uninstall and reinstall ipa-client-samba

Relates: https://pagure.io/freeipa/issue/3999
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2019-09-06 12:11:04 +02:00
Michal Polovka
253779afc4
ipatests: fix topology for TestIpaNotConfigured in PR-CI nightly definitions
Topology for TestIpaNotConfigured is changed from ipaserver to
master_1repl in order to prevent aforementioned test suite runner from
configuring ipa-server, which is required by the test itself.

Resolves: https://pagure.io/freeipa/issue/8055
Related: https://pagure.io/freeipa/issue/6843
2019-08-30 12:20:21 +02:00
François Cami
405dcc6bec ipatests: check that ipa-client-automount restores nsswitch.conf at uninstall time
Check that using ipa-client-install, ipa-client-automount --no-ssd, then uninstalling
both properly restores nsswitch.conf sequentially.

Related-to:: https://pagure.io/freeipa/issue/8038
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-08-28 22:15:50 -04:00
Michal Polovka
a71c59c7c8 ipatests: Test for ipa-backup with ipa not configured
Added test class for executing tests without ipa server being
configured. This is achieved by not providing topology attribute in the
test class. Subsequently implemented test for PG6843 - ipa-backup does not create
log file at /var/log/ - by invoking ipa-backup command with ipa server
not configured and checking for expected error code presence of /var/log
in the error message.

https://pagure.io/freeipa/issue/6843

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Tibor Dudlák <tdudlak@redhat.com>
Reviewed-By: François Cami <fcami@redhat.com>
2019-08-27 12:04:45 +02:00
Florence Blanc-Renaud
41e5d4653a Nightly test definition: add missing tests
The following test was missing from all nightlies:
- test_integration/test_crlgen_manage.py

The following tests was missing from nightly_f29:
- test_integration/test_smb.py

The following test was missing from nightly_rawhide:
- test_integration/test_smb.py

Note: nightly_f28 not updated as we stopped testing on f28.
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-08-14 14:21:31 +03:00
Christian Heimes
69138c848d Test external CA with DNS name constraints
Verify that FreeIPA can be installed with an external CA that has a name
constraints extension.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-08-06 12:39:46 +02:00
Tibor Dudlák
8b7fae30b1
Increase ntp_options test timeout
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-07-31 14:21:37 +02:00