The --with-xunit option ihas the same behavior as in nosetests:
it's an alias for pytest's --junitxml=nosetests.py
The --logging-level option enables direct IPA logging to stdout.
https://fedorahosted.org/freeipa/ticket/4610
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Provide a local pytest plugin to generate tests.
The Declarative tests can now only be run with pytest
https://fedorahosted.org/freeipa/ticket/4610
Reviewed-By: Tomas Babej <tbabej@redhat.com>
The pytest.ini file needs to be in or above the directory py.test is called in.
When in IPA project root, this invocation will find ./ipatests/pytest.ini:
py.test ipatests/
but these will not (they're equivalent):
py.test .
py.test
So pytest.ini must be in the project root.
However, setupttols can't include files outside package directories,
so we also need this file to be under ipatests/
Solve the problem by symlinking ./pytest.ini to ipatests/pytest.ini.
https://fedorahosted.org/freeipa/ticket/4610
Reviewed-By: Tomas Babej <tbabej@redhat.com>
pytest's support for Nose-style test generators is not bulletproof;
use a real function to please it.
https://fedorahosted.org/freeipa/ticket/4610
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Pytest will consider each Declarative test individually, running
setup/teardown for each one.
Move the setup and teardown to the class level.
https://fedorahosted.org/freeipa/ticket/4610
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Nose ran the `test_a_*` and `test_a2_*` tests in opposite order
than the source suggested. Fix this.
https://fedorahosted.org/freeipa/ticket/4610
Reviewed-By: Tomas Babej <tbabej@redhat.com>
By default, pytest considers test classes only if they're named
'Test*'; Nose also allows 'test_*'.
Configure pytest to allow the non-pep8 names as well.
https://fedorahosted.org/freeipa/ticket/4610
Reviewed-By: Tomas Babej <tbabej@redhat.com>
The setUp/dearDown names are used in the unittest module, but there is no reason
to use them in non-`unittest` test cases.
Nose supports both styles (but mixing them can cause trouble when
calling super()'s methods).
Pytest only supports the new ones.
https://fedorahosted.org/freeipa/ticket/4610
Reviewed-By: Tomas Babej <tbabej@redhat.com>
iparangetype output is a localized human-readable value which is not suitable for machine-based API consumers
Solved by new iparangetyperaw output attribute which contains iparangetype's raw value
Reviewed-By: Tomas Babej <tbabej@redhat.com>
IPA uses both named and named-pkcs11 service.
If named is masked use named-pkcs11, instead of raising exception
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
SSSD does not support sudo rules for local users;
these should be added in a local sudoers file.
https://fedorahosted.org/freeipa/ticket/4608
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Add coverage for the ID views and ID overrides.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
The --*_pkcs12 options of ipa-server-install and ipa-replica-prepare have
been replaced by --*-cert-file options which accept multiple files.
ipa-server-certinstall now accepts multiple files as well. The files are
accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and
raw private key and PKCS#12 formats.
The --root-ca-file option of ipa-server-install has been replaced by
--ca-cert-file option which accepts multiple files. The files are
accepted in PEM and DER certificate and PKCS#7 certificate chain formats.
The --*_pin options of ipa-server-install and ipa-replica-prepare have been
renamed to --*-pin.
https://fedorahosted.org/freeipa/ticket/4489
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
The --external_cert_file and --external_ca_file options of ipa-server-install
and ipa-ca-install have been replaced by --external-cert-file option which
accepts multiple files. The files are accepted in PEM and DER certificate and
PKCS#7 certificate chain formats.
https://fedorahosted.org/freeipa/ticket/4480
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
When renaming a object to the same name, errors.EmptyModList is raised.
This is not properly handled, and can cause other modifications in the
LDAPUpdate command to be ignored.
https://fedorahosted.org/freeipa/ticket/4548
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Description attribute is not required in LDAP schema so there is no reason to
require it in UI. Modified tests to reflect this change.
https://fedorahosted.org/freeipa/ticket/4387
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Currently a number of v2 permissions are in $SUFFIX, which the original
test did not anticipate.
Properly check that legacy permissions are found.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
The host-del command did not accept --continue option, since the
takes_options was overriden and did not take the options from LDAPDelete.
Fix the behaviour.
https://fedorahosted.org/freeipa/ticket/4473
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
The attributes entryusn, createtimestamp, and modifytimestamp
should be readable whenever thir entry is, i.e. when we allow reading
the objectclass.
Automatically add them to every read permission that includes objectclass.
https://fedorahosted.org/freeipa/ticket/4534
Reviewed-By: Martin Kosek <mkosek@redhat.com>
bind-dyndb-ldap's bug caused test failure
https://fedorahosted.org/bind-dyndb-ldap/ticket/123
Owners with NS record works with the bug
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
add_table_record call used old selector for add button which
caused 3 fails in CI:
- ERROR: Test automember rebuild membership feature for hosts
- ERROR: Test automember rebuild membership feature for users
- ERROR: Basic CRUD: dns
related to:
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Adds an integration tests that checks that all trustdomains are
able to be found by trustdomain-find command right after the
trust has been established.
Also moves some code to allow easier adding common test cases for
both POSIX and non-POSIX test classes.
https://fedorahosted.org/freeipa/ticket/4208
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
After login, CI checks if password needs a reset by checking if
reset password fields are displayed. This check failed since
login facet was removed from DOM after successful auth. Weakening
the selector fixes it.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
The ipagetkeytab command recently changed its failure output
to accomodate pre-4.0 servers.
Update the test to reflect this.
Related: https://fedorahosted.org/freeipa/ticket/4446
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Simplify code base by reuse of 'disable' feature of button_widget. All
occurrences of action-button which were disabled/enabled were replaced
by button-widget.
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Attributes widget layour was changed from tiny table which allowed
to display only few options to a checkbox list with multiple
columns (depends on container).
Check all attributes option was removed to force the user
to read through the attributes which he selects.
Initial version authored by: Adam Misnyovszki
https://fedorahosted.org/freeipa/ticket/4253
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Properly configure forwarders to the AD zone with respect to
newly created ipa dnsforwardzone commands.
https://fedorahosted.org/freeipa/ticket/4401
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Backward compability with older IPA versions which allow to use uppper
case. Only IDNA domains will be checked.
https://fedorahosted.org/freeipa/ticket/4382
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
When manipulating a permission for an entry that has an ACI
that the parser cannot process, skip this ACI instead of
failing.
Add a test that manipulates permission in cn=accounts,
where there are complex ipaAllowedOperation-based ACIs.
Workaround for: https://fedorahosted.org/freeipa/ticket/4376
Reviewed-By: Martin Kosek <mkosek@redhat.com>
The code has been moved to its own, separate repository at
git://git.fedorahosted.org/git/freeipa-foreman-smartproxy.git
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Call user-unlock command from Web UI.
It will unlock displayed user on current master.
https://fedorahosted.org/freeipa/ticket/4407
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Makes sure sudorules behave correctly both when adding new entries
with corresponding category set to ALL, and when setting the
category to all when corresponding entries exist.
The only exception of deny commands with cmdcategory ALL is
covered as well.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Covers functionality of external entries for:
* users
* runAsUsers
* groups of RunAsUsers
* runAsGroups
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This patch adds support for importing tokens using RFC 6030 key container
files. This includes decryption support. For sysadmin sanity, any tokens
which fail to add will be written to the output file for examination. The
main use case here is where a small subset of a large set of tokens fails
to validate or add. Using the output file, the sysadmin can attempt to
recover these specific tokens.
This code is implemented as a server-side script. However, it doesn't
actually need to run on the server. This was done because importing is an
odd fit for the IPA command framework:
1. We need to write an output file.
2. The operation may be long-running (thousands of tokens).
3. Only admins need to perform this task and it only happens infrequently.
https://fedorahosted.org/freeipa/ticket/4261
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Private groups don't have the 'ipausergroup' objectclass.
Add posixgroup to the objectclass filters to make
"--type group" permissions apply to all groups.
https://fedorahosted.org/freeipa/ticket/4372
Reviewed-By: Martin Kosek <mkosek@redhat.com>
The recent conversions to managed permissions left behind a few
failing tests. Fix them.
Also fix a now incorrect docstring in ipalib.config.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
After setting sudoorder, you are unable to unset it, since the
check for uniqueness of order of sudorules is applied incorrectly.
Fix the behaviour and cover it in the test suite.
https://fedorahosted.org/freeipa/ticket/4360
Reviewed-By: Martin Kosek <mkosek@redhat.com>
When api.env is loaded, strings that "look like" floats got
auto-converted to floats.
This is wrong, as the conversion to float can lose precision.
Case in point: the api_version (e.g. '2.88') should never be
interpreted as float.
Do not automatically convert to float.
We have two numeric options: startup_timeout and wait_for_dns.
wait_for_dns is already converted to int when used in the code.
Convert startup_timeout to float explicitly when used, so
configuration that specified it with a decimal point continues
to work.
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This results in the proper message being shown if the client sends
an option the server doesn't have yet.
It also adds the check to commands that override run() but not __call__,
such as `ipa ping`, and to commands run on the server. Adjust tests
for these changes.
https://fedorahosted.org/freeipa/ticket/3963
Reviewed-By: Martin Kosek <mkosek@redhat.com>
`memberdenycmd_sudocmd` and `memberdenycmd_sudocmdgroup` tables are now
enabled/disabled based on `cmdcategory` as well.
https://fedorahosted.org/freeipa/ticket/4361
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
GID field should be enabled by default since the default group is posix.
Was caused by option_widget_base not properly reporting value change while
selecting the default value. It has to be notified with delay otherwise the
event is consumed by FieldBinder.
https://fedorahosted.org/freeipa/ticket/4325
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
