Commit Graph

13506 Commits

Author SHA1 Message Date
Stanislav Levin
b82515562a Azure: Make it possible to configure distro-specific stuff
This allows to run IPA tests on Azure using any distro.

To achieve this, one has to do:
1) place a platform specific template on 'ipatests/azure/templates/'
and make a soft link from 'ipatests/azure/templates/variables.yml' to
the new template.
2) place a configuration templates on these paths
3) templates have to answer the questions such as:
  a) which Docker image to use to build IPA packages (rpm, deb, etc.)
  b) how to prepare Build environment
  c) how to build IPA packages
  d) how to prepare environment to run Tox tests
  e) how to prepare environment to run WebUI unittests
  f) which base Docker image to use to build the new image to run
     IPA tests within it

Fixes: https://pagure.io/freeipa/issue/8202
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-25 18:02:12 +02:00
Stanislav Levin
879855ce70 Azure: Allow to run integration tests
Azure provides Microsoft-hosted agents having tasty resources [0].
For now (Feb 2020),
- (Linux only) Run steps in a cgroup that offers 6 GB of physical memory and
13 GB of total memory
- Provide at least 10 GB of storage for your source and build outputs.

This is enough to set up IPA environments consisted of not only master but also
replicas and clients and thus, run IPA integration tests.

New Azure IPA tests workflow:

+ 1) Azure generate jobs using Matrix strategy
  2) each job is run in parallel (up to 10) within its own VM (Ubuntu-18.04):
    a) downloads prepared Docker container image (artifact) from Azure cloud
       (built on Build Job) and loads the received image into local pool
  + b) docker-compose creates the Docker environment having a required number
       of replicas and/or clients
  + c) setup_containers.py script does the needed container's changes (DNS,
       SSH, etc.)
  + d) launch IPA tests on tests' controller
    e) publish tests results in JUnit format to provide a comprehensive test
       reporting and analytics experience via Azure WebUI [1]
    f) publish regular system logs as artifacts

[0] https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops
[1] https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/test/publish-test-results?view=azure-devops&tabs=yaml

Fixes: https://pagure.io/freeipa/issue/8202
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-25 18:02:12 +02:00
Stanislav Levin
157fa59e7c Azure: Allow SSH for Docker environments
IPA integration tests utilize SSH as a transport to communicate
with IPA hosts. To run such tests Docker environments should
have configured SSH.

Fixes: https://pagure.io/freeipa/issue/8202
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-25 18:02:12 +02:00
Stanislav Levin
ecc398c409 Azure: Allow to not provide tests to be ignored
As for now, a list of tests which will be ignored by Pytest is
mandatory. But actually, a list of tests to run is explicitly set
in yaml config. And thus, 'ignore' list should be an optional field.

This simplifies tests definitions to drop extra stuff.

Fixes: https://pagure.io/freeipa/issue/8202

Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-25 18:02:12 +02:00
Florence Blanc-Renaud
9eb1be8752 Part2: Don't fully quality the FQDN in ssbrowser.html for Chrome
The web page ssbrowser.html is displayed when the browser doesn't
enable javascript. When js is enabled, the content is taken from
ipaserver/plugins/internal.py.

The commit e4966f9 fixed a string in ssbrowser.html but did not
fix the corresponding string in ipaserver/plugins/internal.py,
resulting in a different page depending on javascript enabled/not
enabled.
This commit makes both contents consistent.

Fixes: https://pagure.io/freeipa/issue/8201
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
2020-02-24 15:06:04 +01:00
Thomas Woerner
51fcca5352 ipaserver/plugins/hbacrule: Add HBAC to memberservice_hbacsvc* labels
The labels for memberservice_hbacsvc and memberservice_hbacsvcgroup are
only "Services" and "Service Groups" but they should be "HBAC Services"
and "HBAC Service Groups".

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-02-24 15:02:24 +01:00
Mohammad Rizwan Yusuf
8067954229 Add certmonger wait_for_request that uses run_command
Add a little utility function to get the certmonger status
of a request id on a particular host and wait until it is either
failed on the CA or issued (or times out).

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-02-24 08:45:06 -05:00
Mohammad Rizwan Yusuf
fe21094c8e Test if certmonger reads the token in HSM
This is to ensure added HSM support for FreeIPA. This test adds
certificate with sofhsm token and checks if certmonger is tracking
it.

related : https://pagure.io/certmonger/issue/125

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-02-24 08:45:06 -05:00
Mohammad Rizwan Yusuf
b0d57d99e5 Test AES SHA 256 and 384 Kerberos enctypes enabled
AES SHA 256 and 384-bit enctypes supported by MIT kerberos but
was not enabled in IPA. This test is to check if these types are
enabled.

related: https://pagure.io/freeipa/issue/8110

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-02-20 08:40:54 -05:00
Kaleemullah Siddiqui
939ee59c27 Fix for regression from PR#3962
There was a regression caused in nightly run of test
TestBackupReinstallRestoreWithDNS of test_backup_and_restore
test suite because of PR#3962.

Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-02-19 10:42:01 +01:00
Rob Crittenden
e4966f9c3f Don't fully quality the FQDN in ssbrowser.html for Chrome
The trailing dot causes it to not function as expected, remove
it from the example.

https://pagure.io/freeipa/issue/8201

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-18 09:15:57 -05:00
Kaleemullah Siddiqui
10e8e7af03 Tests for backup-restore when pkg required is missing
Tests for ipa-restore behaviour when dns or adtrust
rpm is missing which is required during ipa-restore

https://pagure.io/freeipa/issue/7630

Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-17 17:02:32 +01:00
Alexander Bokovoy
ba904672a2 Azure Pipelines: re-enable nodejs:12 stream for Fedora 31+
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-17 16:03:11 +02:00
Alexander Bokovoy
e5291963a1 kdb: make sure audit_as_req callback signature change is preserved
audit_as_req() callback has changed its signature with MIT krb5 commit
20991d55efbe1f987c1dbc1065f2d58c8f34031b in 2017, we should preserve the
change for any newer DAL versions. Otherwise audit_as_req() callback
would reference wrong data and we might crash.

Fixes: https://pagure.io/freeipa/issue/8200
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-17 16:03:11 +02:00
Sergey Orlov
001de6eed7
ipatests: add test_trust suite to nightly runs
The test suite test_trust was missing in nightly definitions
because PR-CI was not able to provision multi-AD topology.
Now that PR-CI is updated, we can start executing this test suite.
It is not reasonable to add it to gating as this suite is
time consuming like other tests requiring provisioning of AD instances.

Signed-off-by: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-02-14 12:48:34 +01:00
Julian Gethmann
273ff2708c Fix typo in idrange.py docstring
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-14 09:48:50 +02:00
Christian Heimes
856fdbc183 dnsrecord: Treat empty list arguments correctly
dnsrecord_del fails when one of the record arguments is an empty list:

    AttrValueNotFound("AAAA record does not contain 'None'",)

The problem is caused by the fact that LDAPEntry.__getitem__ returns None
for empty lists. The code in the plugin considers None as a single entry
and maps it to vals = [None].

The patch maps None to empty list.

Fixes: https://pagure.io/freeipa/issue/8196
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-14 09:42:52 +02:00
Christian Heimes
209e0ac8a6 Remove dependency on custodia package
ipa-server no longer use any files and features from the custodia
package. The python3-custodia package provides all Custodia features for
ipa-custodia.service.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-14 09:40:40 +02:00
Anuja More
87a1d34c3b ipatests: SSSD should fetch external groups without any limit.
When there are more external groups than default limit, then
SSSD should fetch all groups.

Related : https://pagure.io/SSSD/sssd/issue/4058

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-02-14 09:37:38 +02:00
François Cami
5f9d528184 ipatests: make sure ipa-client-automount reverts sssd.conf
Due to https://pagure.io/SSSD/sssd/issue/4149 ipa-client-automount
fails to remove the ipa_automount_location entry from sssd.conf.
Test that autofs_provider and ipa_automount_location are removed.

Fixes: https://pagure.io/freeipa/issue/8190
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-14 09:33:43 +02:00
François Cami
e1b6e3ba9b ipa-client-automount: call save_domain() for each change
Call sssdconfig.save_domain(domain) after each configuration
change during ipa-client-automount --uninstall.

Previously, sssdconfig.save_domain(domain) was called only
outside of the domain detection loop which changed the domain
configuration. This introduced issues as this method's behavior
is only consistent when configuration items are removed in a
certain order: https://pagure.io/SSSD/sssd/issue/4149
Plus, it is more correct to save the configuration from within
the loop if ever we support multiple domains.

Fixes: https://pagure.io/freeipa/issue/8190
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-14 09:33:43 +02:00
Stanislav Levin
902821e8aa ipatests: Allow zero-length arguments
Currently, such arguments are eaten by 'ipa-run-tests' script as they
are not quoted.

For example, running ipa-run-tests -k ''
results in the actual invocation would be like as:
['/bin/sh',
 '--norc',
 '--noprofile',
 '-c',
 '--',
 "/usr/bin/python3 -c 'import sys,pytest;sys.exit(pytest.main())' -o "
 'cache_dir=/tmp/pytest-of-root/pytest-12/test_ipa_run_tests_empty_expression0/.pytest_cache '
 '--confcutdir=/usr/lib64/python3/site-packages/ipatests -k ']

Note: expressions or marks could be empty as a result of the building
of command line args by more high-level tools, scripts, etc.

So, a short-termed solution is the quotting of zero-length arguments.

Fixes: https://pagure.io/freeipa/issue/8173
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-14 09:29:20 +02:00
Alexander Bokovoy
b3dbb36867 adtrust: print DNS records for external DNS case after role is enabled
We cannot gather information about required DNS records before "ADTrust
Controller" role is enabled on this server. As result, we need to call
the step to add DNS records after the role was enabled.

Fixes: https://pagure.io/freeipa/issue/8192
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-02-13 21:20:13 +02:00
Anuja More
0a4bec2a1f Update topology for test_integration/test_sssd.py
Added changes in topology for test_sssd.py
As in test it needs client also.

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2020-02-12 17:34:32 +01:00
Anuja More
4f09416f2f ipatests: Add test for ipa-extdom-extop plugin should allow @ in group name
If group contains @ in group name on AD,
then it should fetch successfully on ipa-client.

Related to: https://bugzilla.redhat.com/1746951

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2020-02-12 17:34:32 +01:00
Stanislav Levin
ba12165eaf lint: Make Pylint-2.4 happy again
This is the first time running Pylint-2.4 over the whole IPA codebase.
```
Pylint on /usr/bin/python is running, please wait ...
internal error with sending report for module ['ipaserver/plugins/serverroles.py']
maximum recursion depth exceeded while calling a Python object
************* Module ipatests.test_integration.base
ipatests/test_integration/base.py:84: [W0125(using-constant-test), IntegrationTest.install] Using a conditional statement with a constant value)
************* Module ipaserver.install.ipa_cacert_manage
ipaserver/install/ipa_cacert_manage.py:522: [R1724(no-else-continue), CACertManage.delete] Unnecessary "elif" after "continue")
```

The latest Pylint (via the Tox task) checks only:
```
{envsitepackagesdir}/ipaclient \
{envsitepackagesdir}/ipalib \
{envsitepackagesdir}/ipapython
```

, while the distro-Pylint runs over all project but it is not fresh.
That's why these warnings/errors weren't exposed before now.

Concerning `internal error`: a fix was accepted by upstream:
https://github.com/PyCQA/pylint/issues/3245, but wasn't released yet.
Until that is done, Pylint just warns.

Related: https://pagure.io/freeipa/issue/8116
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Stanislav Levin
a309de6c08 pylint: Clean up comment
I added a comment in @d0b420f6d, later, on refactoring in
@c6769ad12 I forgot to remove it. So, it is just a clean up.

Related: https://pagure.io/freeipa/issue/8116
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Stanislav Levin
e128e7d691 pylint: Synchronize pylint plugin to ipatests code
Pylint is a static analysis tool and therefore, couldn't always
analyze dynamic stuff properly. Transformation plugins is a way
to teach Pylint how to handle such cases.

Particularly, with the help of FreeIPA own plugin, it is possible
to tell Pylint about instance fields having a duck-typing nature.

A drawback exposed here is that a static view (Pylint's) of code
should be consistent with an actual one, otherwise, codebase will
be polluted with various skips of pylint checks.

* added missing fields to ipatests.test_integration.base.IntegrationTest
* an attempt is made to clear `no-member` skips for ipatests
* removed no longer needed `pytest` module transformation

Related: https://pagure.io/freeipa/issue/8116
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Stanislav Levin
92b440a0ba pylint: Teach Pylint how to handle request.context
With Astroid change [0] a inference for builtin containers
was improved. This means that all the elements of such containers
will be inferred if they are not Python constants (previously
ignored).

This change introduces several issues, one of them is a volatile
error exposed at multi-job Pylinting, but could be guaranteed
produced at single-job mode as:

```
PYTHONPATH=. /usr/bin/python3 -m pylint --rcfile=./pylintrc \
    --load-plugins pylint_plugins ipaserver/plugins/dns.py ipalib/request.py

ipalib/request.py:76: [E1101(no-member), destroy_context] Instance of 'bool' has no 'disconnect' member)

-----------------------------------
Your code has been rated at 9.97/10
```

Or even adding 'context.some_attr = True' into ipalib/request.py.
It's should be treated as no one member of `context`'s attrs is a
`Connection` instance and has `destroy_context` member.

To tell Pylint that there are such members the corresponding
transformation is added.

[0] https://github.com/PyCQA/astroid/commit/79d5a3a7

Related: https://pagure.io/freeipa/issue/8116
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Stanislav Levin
19462788f1 ipatests: Properly kill gpg-agent
There is a race condition exposed in 'test_gpg_asymmetric'.
The teardown of 'tempdir' fixture and gpg-agent being called
from the teardown of 'gpgkey' fixture could simultaneously
remove the gnugpg's socket files.

This results in an error like:
```

================= ERRORS ===================
_ ERROR at teardown of test_gpg_asymmetric __
...

>  os.unlink(entry.name, dir_fd=topfd)
E  FileNotFoundError: [Errno 2] No such file or directory: 'S.gpg-agent.extra'

/usr/lib64/python3.7/shutil.py:450: FileNotFoundError

```

The problem is that the agent is not terminated properly.
Instead, gpgconf could be used to kill daemonized gpg-agent.

Related: https://pagure.io/freeipa/issue/7989
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Alexander Bokovoy
43a97082bb Update Azure Pipelines to use Fedora 31
nodejs:12 requires libicu-65.1 while gdb (not direct dependency)
libicu-63.2. As a workaround gdb-minimal [0] could be used.
It's even better as requires less packages to be downloaded
and then installed.

[0] https://fedoraproject.org/wiki/Changes/Minimal_GDB_in_buildroot

Co-authored-by: Stanislav Levin <slev@altlinux.org>
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Stanislav Levin
8c7447fd42 pytest: Warn about unittest/nose/xunit tests
This Pytest plugin is intended to issue warnings on collecting
tests, which employ unittest/nose frameworks or xunit style.
For example, this may look like:
"""
test_a/test_xunit.py:25
  test_a/test_xunit.py:25: PytestDeprecationWarning: xunit style is deprecated

    def test_foo_bar(self):

test_b/test_unittest.py:7
  test_b/test_unittest.py:7: PytestDeprecationWarning: unittest is deprecated
    def test_foo_bar(self):
"""

To treat these warnings as errors it's enough to run Pytest with:
-W error:'xunit style is deprecated':pytest.PytestDeprecationWarning

Related: https://pagure.io/freeipa/issue/7989
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Stanislav Levin
fec66942d4 pytest: Migrate unittest/nose to Pytest fixtures
Even though Pytest supports xunit style setups, unittest and nose
tests, this support is limited and may be dropped in the future
releases. Worst of all is that the mixing of various test
frameworks results in weird conflicts and of course, is not widely
tested.

This is a part of work to remove the mixing of test idioms in the
IPA's test suite:
1) replace unittest.TestCase subclasses
2) replace unittest test controls (SkipTest, fail, etc.)
3) replace unittest assertions

Related: https://pagure.io/freeipa/issue/7989
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Stanislav Levin
292d686c0b pytest: Migrate xunit-style setups to Pytest fixtures
Even though Pytest supports xunit style setups, unittest and nose
tests, this support is limited and may be dropped in the future
releases. Worst of all is that the mixing of various test
frameworks results in weird conflicts and of course, is not widely
tested.

This is a part of work to remove the mixing of test idioms in the
IPA's test suite:
1) replace xunit style
2) employ the fixtures' interdependencies

Related: https://pagure.io/freeipa/issue/7989
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Alexander Bokovoy
ff547a2777 install/updates: move external members past schema compat update
There is an ordering discrepancy because the base compat tree
configuration is in install/updates/80-schema_compat.update so it is ran
after 50-externalmembers.update. And since at that point
cn=groups,cn=Schema ... does not exist yet, external members
configuration is not applied.

Move it around to make sure it is applied after Schema Compatibility
plugin configuration is created.

Fixes: https://pagure.io/freeipa/issue/8193
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-02-12 11:45:39 +01:00
Florence Blanc-Renaud
cec1ddc39e ipatests: fix modify_sssd_conf()
The method modify_sssd_conf() is copying a remote sssd.conf file
to the test controller then uses sssd python API to modify the
config file.
When the test controller does not have sssd-common package installed,
SSSDConfig() call fails because the API needs sssd schema in order
to properly parse the config file, and the schema files are provided
by sssd-common pkg.
The fix also downloads the files representing sssd schema and calls
SSSDConfig() with those files. Using the schema from the test machine
is ensuring that config is consistent with the schema (if the sssd
version differs between controller and test machine for instance).

Note: we currently don't see any issue in the nightly tests because
the test controller is installed with sssd-common package but if you
run the tests as specified in https://www.freeipa.org/page/Testing
with a controller missing sssd-common, you will see the issue.

Reviewed-By: Sergey Orlov <sorlov@redhat.com>
2020-02-11 17:28:19 +01:00
Sumedh Sidhaye
f0f2c2645e Added a test to check if ipa host-find --pkey-only does not return SSH public key
It checks if 'SSH public key fingerprint' is
not present in the output of the command

Related: https://pagure.io/freeipa/issue/8029

Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-02-11 17:24:37 +01:00
Florence Blanc-Renaud
60f746d998 ipatests: update packages for rawhide and updates-testing nightlies
The nightly tests for rawhide and updates_testing are expected
to set
        update_packages: True
in all the job definitions to make sure that dnf/yum update is called
before starting the tests.

This tag was missing for some jobs, this commit fixes the issue.

Reviewed-By: Armando Neto <abiagion@redhat.com>
2020-02-10 15:22:54 +01:00
Serhii Tsymbaliuk
a4634a59c9
WebUI tests: Fix broken reference to parent facet in table record check
Add decorator to has_record method which repeats the check when an active facet is changed
(catch StaleElementReferenceException).

Ticket: https://pagure.io/freeipa/issue/8157

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2020-02-06 10:21:36 +01:00
Armando Neto
19f0142e79 prci: Bump version of all templates
These new images have SELinux enabled in permissive mode. After
this all tests skipped because SELinux was disabled will be
executed again.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-02-05 14:48:34 -03:00
Serhii Tsymbaliuk
9418042ee7
WebUI tests: Fix 'Button is not displayed' exception
Add a small timeout (up to 5 seconds) which allows to prevent exceptions when
WebDriver attempts to click a button before it is rendered.

Ticket: https://pagure.io/freeipa/issue/8169

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
2020-02-05 12:04:50 +01:00
sumenon
d7830d900d Adding back temp config definition removed
fedora-latest/temp_commit section was removed from
temp_commit.yaml file while working with PR4108, adding it back.

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-02-05 10:02:37 +01:00
sumenon
000703c89f Nightly definition for ipa-healthcheck tool
Signed-off-by: sumenon <sumenon@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2020-02-04 09:20:23 -05:00
sumenon
b5c8efa33c Tier-1 test for ipa-healthcheck tool
Signed-off-by: sumenon <sumenon@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2020-02-04 09:20:23 -05:00
Endi S. Dewata
edfe95b120 Removed hard-coded default profile subsystem class name
Previously in order to enable the LDAP profile subsystem
the ca_enable_ldap_profile_subsystem() would check the
current value of the profile subsystem class parameter in
CS.cfg. If the parameter was still set to the default value
(i.e. ProfileSubsystem), the code would change it to
LDAPProfileSubsystem.

There is a effort in PKI to clean up the profile subsystem
classes which may require changing the default value for
this parameter. However, this improvement is blocked since
the ca_enable_ldap_profile_subsystem() is implicitly assuming
that the default value will always be ProfileSubsystem.

This patch modifies the code such that instead of checking
for a specific value that needs to be changed, it will check
whether it has the desired value already. This mechanism
will reduce potential conflicts with future PKI improvements.

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2020-02-04 19:34:26 +11:00
Anuja More
ab1999deb6 After mounting "Unspecified GSS failure" should not be in logs.
When there is directory mounted on the ipa-client
Then no "Unspecified GSS failure" should be in logs.

This is an integration test for :
https://bugzilla.redhat.com/show_bug.cgi?id=1759665

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Sumedh Sidhaye <ssidhaye@redhat.com>
2020-02-04 07:57:43 +01:00
Isaac Boukris
c940f96b70 Fix legacy S4U2Proxy in DAL v8 support
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-01 10:05:46 +02:00
Isaac Boukris
d92f21ae1b Fix DAL v8 support
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-02-01 10:05:46 +02:00
Robbie Harwood
93e81cfd0c Drop support for DAL version 5.0
No supported Linux distro packages a version of krb5 with this DAL, so
we don't lose anything by removing it.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-01-31 14:36:31 +01:00
Robbie Harwood
ff10f3fa18 Support DAL version 8.0
Provide stubs for backward compatibility.  DAL 8.0 was released with
krb5-1.18, which is part of Fedora 32+.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-01-31 14:36:31 +01:00