Commit Graph

62 Commits

Author SHA1 Message Date
Florence Blanc-Renaud
fbfd64fc2b ipatests: fix wrong condition in xfail_context for auto private grp
The tests
TestNonPosixAutoPrivateGroup::test_idoverride_with_auto_private_group
and
TestPosixAutoPrivateGroup::test_gidnumber_not_corresponding_existing_group
are expected to fail until SSSD fixes issues 5988 and 5989.
They currently define an xfail_context with a condition based on
sssd version but that condition is wrong (as of today, no version
of sssd provides the fix).

Remove the wrong condition so that the test is always expected to fail.

Fixes: https://pagure.io/freeipa/issue/9141
Reviewed-By: Anuja More <amore@redhat.com>
2022-04-25 09:04:17 +02:00
Stanislav Levin
5a00882eab pylint: Fix useless-suppression
Cleanup up no longer used Pylint's disables where possible.

Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-03-11 13:37:08 -05:00
Anuja More
3403af580d
Mark xfail test_gidnumber_not_corresponding_existing_group[true,hybrid]
Related : https://github.com/SSSD/sssd/issues/5988

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-02-23 10:29:14 +01:00
Anuja More
9d1f227975
mark xfail for test_idoverride_with_auto_private_group[hybrid]
Related : https://github.com/SSSD/sssd/issues/5989

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-02-23 10:29:14 +01:00
Anuja More
663cd9af68
ipatests: Tests for Autoprivate group.
Added tests using posix AD trust and non posix AD trust.
For option --auto-private-groups=[hybrid/true/false]

Related : https://pagure.io/freeipa/issue/8807

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-02-23 10:29:14 +01:00
Sergey Orlov
f1922fe501
ipatests: use AD domain name from config instead of hardcoded value
The test fails when test config contains AD domain value other than one
hardcoded in the test code.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-11-01 13:57:18 +01:00
Sergey Orlov
2a7285c8dd
ipatests: check for message in sssd log only during actual test action
Get size of the log file immediately before main test action to avoid
capturing messages written to log during environment preparation.

Fixes https://pagure.io/freeipa/issue/8987

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2021-10-05 10:23:31 +02:00
Stanislav Levin
91e7452393 pylint: Fix several warnings
Fixes Pylint warnings:
- R1729(use-a-generator)
- R1710(inconsistent-return-statements)
- R1727(condition-evals-to-constant)

Fixes: https://pagure.io/freeipa/issue/8772
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-03-30 09:58:42 +02:00
Sergey Orlov
4d87982b07
ipatests: skip tests for AD trust with shared secret in FIPS mode
Related to https://pagure.io/freeipa/issue/8715

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-02-19 13:31:28 +01:00
Sergey Orlov
4a1cb7e719
ipatests: rewrite test for requests routing to subordinate suffixes
The original test had some issues:
* it was doing many actions not related to the tested issue which obscured
  actual test scenario
* subordinate suffix was hard coded in the test which prevented the test
  from checking original issue in case AD domain name did not match this
  hard coded value
* Invocation of commands on AD controller was failing in some environments

Other improvements:
* added docstring with test details
* added guard assertions for test preliminary conditions

Related to https://pagure.io/freeipa/issue/8554

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-01-29 16:50:43 +01:00
Alexander Bokovoy
c91a1a078a ipatests: when talking to AD DCs, use FQDN credentials
Samba 4.13+ in Fedora 33+ and RHEL 8.4+ defaults to Kerberos
authentication. This means user name used for authentication must be
mapped to a target realm.

We have to remove trust on AD side first before removing it locally or
otherwise MIT Kerberos might not be able to locate DCs from AD as
removal of the trust information would cause SSSD to clear the details
for a KDC locator plugin as well.

For the test that modifies AD DNS zone on IPA side to inject unreachable
DCs addresses, the configuration has to be reverted first, to allow
plain 'kinit' during removal of trust to reach AD DCs directly.

Fixes: https://pagure.io/freeipa/issue/8678
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2021-01-26 13:05:27 -05:00
Alexander Bokovoy
642b81e99f test_trust: add tests for using AD users and groups in SUDO rules
Tests test_integration/test_trust.py::TestTrust::test_sudorules_ad_*
check that a user from a trusted AD domain can perform SUDO
authentication without a password for any command based on a direct user
reference or on indirect AD group reference. The test suite also ensures
an AD user and group can be used for runAsUser/runAsGroup settings.

Due to https://github.com/SSSD/sssd/issues/5475 anything added to
'ipaSudoRunAsExtUserGroup' attribute will be prefixed with '%' and thus
any relying on the value of this attribute displayed by 'sudo -l'
command will fail. The test only validates that a proper group name
appears in the 'sudo' output, so we handle both prefixes in the
corresponding test check. It is not possible to differ by the SSSD
version as a fix to the issue is only a patch on top of 2.4.0 in RHEL.

Fixes: https://pagure.io/freeipa/issue/3226
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2021-01-26 13:05:27 -05:00
Sergey Orlov
9d19c08269 ipatests: use fully qualified name for AD admin when establishing trust
Changes in https://pagure.io/freeipa/issue/8655 made it impossible
to use AD admin name without domain part in "ipa trust-add" command to
establish external trust with an AD tree domain.
Also use fully qualified admin name by default in all trust related tests
to reduce abiguity

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-01-22 12:21:33 -05:00
Florence Blanc-Renaud
4a3a39f59f ipatests: fix expected errmsg in TestTrust::test_ipa_commands_run_as_aduser
389ds does not return any more additional information
about a failing bind (to avoid leaking information).

As a consequence, when ipa ping is executed with an AD user
the error message contains less info as in the past and needs to be fixed.

Fixes: https://pagure.io/freeipa/issue/8668
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
2021-01-19 10:29:20 +01:00
Florence Blanc-Renaud
97aa70cd7a ipatests: fix TestTrust::test_subordinate_suffix
The test test_subordinate_suffix is failing when configuring the DNS
for the trust, because the dnsforwardzone already exists. It was
configured during the previous test for nonposix trust.

At the end of the tests for nonposix trust, unconfigure the DNS
and the trust before calling the subordinate_suffix test, and add
a test cleaning up subordinate_suffix test.

Fixes: https://pagure.io/freeipa/issue/8601
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-12-02 21:54:26 +02:00
Sudhir Menon
442038c41a ipatests: support subordinate upn suffixes
This test adds new UPN Suffix on the AD side
within the ad.test subtree i.e new.ad.test and this
UPN is then assigned to aduser and then try to
kinit using aduser along with the UPN set, to ensure
that the kinit succeeds

Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-11-26 12:00:57 +02:00
Florence Blanc-Renaud
c053b5e0d6 ipatests: curl outputs the cookie in stderr and not in sdtout
The integration test test_trust.py::TestTrust::test_password_login_as_aduser
is expecting curl to output the cookie obtained after password login
in stdout but should use stderr instead.

Fixes: https://pagure.io/freeipa/issue/8559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-11-03 09:49:22 +02:00
Alexander Bokovoy
b8b46779dc rpcserver: fallback to non-armored kinit in case of trusted domains
MIT Kerberos implements FAST negotiation as specified in RFC 6806
section 11. The implementation relies on the caller to provide a hint
whether FAST armoring must be used.

FAST armor can only be used when both client and KDC have a shared
secret. When KDC is from a trusted domain, there is no way to have a
shared secret between a generic Kerberos client and that KDC.

[MS-KILE] section 3.2.5.4 'Using FAST When the Realm Supports FAST'
allows KILE clients (Kerberos clients) to have local settings that
direct it to enforce use of FAST. This is equal to the current
implementation of 'kinit' utility in MIT Kerberos requiring to use FAST
if armor cache (option '-T') is provided.

[MS-KILE] section 3.3.5.7.4 defines a way for a computer from a
different realm to use compound identity TGS-REQ to create FAST TGS-REQ
explicitly armored with the computer's TGT. However, this method is not
available to IPA framework as we don't have access to the IPA server's
host key. In addition, 'kinit' utility does not support this method.

Active Directory has a policy to force use of FAST when client
advertizes its use. Since we cannot know in advance whether a principal
to obtain initial credentials for belongs to our realm or to a trusted
one due to enterprise principal canonicalization, we have to try to
kinit. Right now we fail unconditionally if FAST couldn't be used and
libkrb5 communication with a KDC from the user realm (e.g. from a
trusted forest) causes enforcement of a FAST.

In the latter case, as we cannot use FAST anyway, try to kinit again
without advertizing FAST. This works even in the situations when FAST
enforcement is enabled on Active Directory side: if client doesn't
advertize FAST capability, it is not required. Additionally, FAST cannot
be used for any practical need for a trusted domain's users yet.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-10-30 12:48:22 -04:00
Alexander Bokovoy
9248d23ae8 ipatests: test that adding Active Directory user to a role makes it an administrator
Fixes: https://pagure.io/freeipa/issue/8357

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-06-08 12:39:34 -04:00
Mohammad Rizwan Yusuf
a02df530a6 ipatests:Test if proper error thrown when AD user tries to run IPA commands
Before fix the error used to implies that the ipa setup is broken.
Fix is to throw the proper error. This test is to check that the
error with 'Invalid credentials' thrown when AD user tries to run
IPA commands.

related: https://pagure.io/freeipa/issue/8163

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-04-02 14:30:52 +02:00
Sergey Orlov
aae30eb708
ipatests: provide AD admin password when trying to establish trust
`ipa trust-add --password` command requires that user provides a password.

Related to: https://pagure.io/freeipa/issue/7895

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-03-24 18:26:03 +01:00
Sergey Orlov
9450aef75f
ipatests: replace utility for editing sssd.conf
There are three patterns for editing sssd.conf in tests now:
1. using modify_sssd_conf() which allows to modify only domain sections
2. using remote_ini_file
3. direct file editing using `sed`

This patch introduces new utility function which combines advantages of
first two approaches:
* changes are verified against schema, so that mistakes can be spotted
  early
* has convenient interface for simple options modification,
  both in domain and service sections
* allows sophisticated modifications through SSSDConfig object

Fixes: https://pagure.io/freeipa/issue/8219
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-03-09 16:17:13 +01:00
Stanislav Levin
e128e7d691 pylint: Synchronize pylint plugin to ipatests code
Pylint is a static analysis tool and therefore, couldn't always
analyze dynamic stuff properly. Transformation plugins is a way
to teach Pylint how to handle such cases.

Particularly, with the help of FreeIPA own plugin, it is possible
to tell Pylint about instance fields having a duck-typing nature.

A drawback exposed here is that a static view (Pylint's) of code
should be consistent with an actual one, otherwise, codebase will
be polluted with various skips of pylint checks.

* added missing fields to ipatests.test_integration.base.IntegrationTest
* an attempt is made to clear `no-member` skips for ipatests
* removed no longer needed `pytest` module transformation

Related: https://pagure.io/freeipa/issue/8116
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Stanislav Levin
fec66942d4 pytest: Migrate unittest/nose to Pytest fixtures
Even though Pytest supports xunit style setups, unittest and nose
tests, this support is limited and may be dropped in the future
releases. Worst of all is that the mixing of various test
frameworks results in weird conflicts and of course, is not widely
tested.

This is a part of work to remove the mixing of test idioms in the
IPA's test suite:
1) replace unittest.TestCase subclasses
2) replace unittest test controls (SkipTest, fail, etc.)
3) replace unittest assertions

Related: https://pagure.io/freeipa/issue/7989
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-12 18:08:32 +02:00
Sergey Orlov
f16c08b7d6
ipatests: in DNS zone file add A record for name server
Testcase test_server_option_with_unreachable_ad creates a zone file
for AD domain. This file had a hard-coded A record for host specified in
NS record. Some versions of BIND consider this zone invalid and refuse
to start with message:
```
zone ad.test/IN: NS 'root-dc.ad.test' has no address records (A or AAAA)
```

Fixed by replacing hard-coded value with short name of the AD instance.

Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2019-11-05 17:24:24 +01:00
Sergey Orlov
0d7f89c5a0
ipatests: fix DNS forwarders setup for AD trust tests with non-root domains
The tests are failing to establish trust with AD subdomain and tree domain
controllers. This happens because IPA server needs to contact root domain
controller to fetch domain-wide UPN suffixes but can not do it because we
setup DNS forwarding only for the domains with which we try to establish
trust.
To establish trust with AD subdomain we now setup forwarder for root AD
domain, and to establish trust with AD treedomain  -- two forwarders:
one for root domain and another one for treedomain.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-10-10 13:27:03 +02:00
Anuja More
e5e0693aa2 Extdom plugin should not return error (32)/'No such object'
Regression test for https://pagure.io/freeipa/issue/8044

If there is a timeout during a request to SSSD the extdom plugin
should not return error 'No such object' and the existing
user should not be added to negative cache on the client.

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
2019-09-19 15:52:51 +02:00
Sergey Orlov
843f57abe4
ipatests: new test for trust with partially unreachable AD topology
Establishing trust with partially unavailable AD hosts require usage
of --server option. The new test checks that both commands trust-add
and trust-fetch-domains properly use this option and also that
trust-add correctly passes the server value when imlicitly invoking
trust-fetch-domains.

Relates to: https://pagure.io/freeipa/issue/7895.

Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2019-07-15 14:35:51 +02:00
Anuja More
986e16dafe ipatests: POSIX attributes are no longer overwritten or missing
Added test which validates that POSIX attributes, such
as shell or home directory, are no longer overwritten or missing.

Related Ticket : https://pagure.io/SSSD/sssd/issue/2474

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
2019-06-28 14:26:20 +02:00
Stanislav Levin
d86b57c057 Make use of the single configuration point for the default shells
For now all the default shells of users and admin are hardcoded in
different parts of the project. This makes it impossible to run the
test suite against the setup, which has the default shell differed
from '/bin/sh'.

The single configuration point for the shell of users and admin is
added to overcome this limitation.

Fixes: https://pagure.io/freeipa/issue/7978
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2019-06-19 11:39:51 +02:00
Sergey Orlov
3f02fc945e ipatests: new tests for establishing one-way AD trust with shared secret
Tests added for two scenarios:
1) adding one-way external trust, trust on Windows side is created using
   netdom utility.
2) adding one-way forest trust, trust on Windows side is created using
   powershell bindings to .Net functions
Tests verify that specified trusts can be established, trust domains can
be  fetched and AD user data can be queried by IPA client.

Relates: https://pagure.io/freeipa/issue/6077
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
2019-05-29 10:44:41 +03:00
Alexander Bokovoy
245a8bcdfe test_legacy_clients: fix class inheritance
Fixes: https://pagure.io/freeipa/issue/7940
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-05-16 09:51:45 +03:00
Sergey Orlov
c819716521 ipatests: refactor test_trust.py
Tests in test_trust.py were organized in ten classes, one for each trust type,
requiring ten cycles of ipaserver installation/uninstallation and the full test
run lasted for about 5500 seconds.
There is no need in reinstallation of ipaserver between establishing different
types of trust.
I moved all tests to sinle class, preserving test logic.

Additional changes:
 * TestEnforcedPosixADTrust was totally removed as it was duplicate of
   TestPosixADTrust
 * code of repeated checks was moved to methods
 * A task was cretated for cleaning up DNS configuration changes made for
   establishing trust

Related to https://pagure.io/freeipa/issue/7889

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-01 10:24:46 -04:00
Sergey Orlov
94a6cb11ea ipatests: adapt test_trust.py for changes in multihost fixture
AD hosts can now be extracted from list in respective class attributes and host
domain names -- from properties provided by multihost plugin (host.domain.name).
Also removed conditional skips of tests when test configuration contains only
part of required AD machines as this feature never worked:
multihost plugin removes all machines from config which are not explicitly
requested.

Related to https://pagure.io/freeipa/issue/7889

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-01 10:24:46 -04:00
Sergey Orlov
e8955cc796 ipatests: fix expectations of ipa trust-find output for trust with root domain
Test was expecting that when trust is established with forest root, than all
three AD domains should be found when quering trust-find for that domain.
Actually only root domain and its subdomain should be returned, without
the tree domain.

Related to https://pagure.io/freeipa/issue/7889

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-01 10:24:46 -04:00
Sergey Orlov
1d0a612a0f ipatests: in test_trust.py fix parent class
TestExternalTrustWithRootDomain was inherited from ADTrustSubdomainBase
This caused that external trust was checked two times with subdomain
and was not checked with root domain.

Related to https://pagure.io/freeipa/issue/7889

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-01 10:24:46 -04:00
Sergey Orlov
3e01d2619e ipatests: in test_trust.py fix prameters in invocation of tasks.configure_dns_for_trust
It was changed in f487233df0
for unknown reason. It did not influence test runs as
configure_dns_for_trust was made no-op in previous commit
1d9e1521c5. As now this commit is reverted,
configure_dns_for_trust is restored, invocation parameters also need to
be changed to initial values.

Related to https://pagure.io/freeipa/issue/7889

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-01 10:24:46 -04:00
Christian Heimes
4a58adf79e Sprinkle raw strings across the code base
tox / pytest is complaining about lots and lots of invalid escape
sequences in our code base. Sprinkle raw strings or backslash escapes
across the code base to fix most occurences of:

  DeprecationWarning: invalid escape sequence

There is still one warning that keeps repeating, though:

  source:264: DeprecationWarning: invalid escape sequence \d

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-09-27 10:23:03 +02:00
Christian Heimes
6414509343
Rename pytest_plugins to ipatests.pytest_ipa
pytest 3.7.0 doesn't like ipatests.pytest_plugins package. The string
"pytest_plugins" is used as marker to load plugins. By populare vote and
to avoid future conflicts, we decided to rename the directory to pytest_ipa.

Fixes: https://pagure.io/freeipa/issue/7663
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-08-02 17:07:43 +02:00
Ganna Kaihorodova
5165afd501 Fix trust tests for Posix Support
Test ecxpects auto-detection of trust type, Windows Server 2016 doesn't have
support for MFU/NIS (SFU - Services for Unix), so auto detection doesn't work
Fix is to pass extra arguments to the trust-add command,
such as --range-type="ipa-ad-trust-posix" to enforce a particular range type

https://pagure.io/freeipa/issue/7508

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-04-25 11:52:32 +02:00
Stanislav Laznicka
b5bdd07bc5
Add absolute_import future imports
Add absolute_import from __future__ so that pylint
does not fail and to achieve python3 behavior in
python2.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-04-20 09:43:37 +02:00
Ganna Kaihorodova
9797309ef9
Overide trust methods for integration tests
Overide trust method test_establish_trust_with_posix_attributes to test_establish_trust.
Windows Server 2016 doesn't have support for MFU/NIS, so autodetection is not working

https://pagure.io/freeipa/issue/7313

Reviewed-By: Alexander Koksharov <akokshar@redhat.com>
2018-03-08 09:05:01 +01:00
Christian Heimes
d7426ccbe7 Replace nose with unittest and pytest
* Replace raise nose.SkipTest with raise unittest.SkipTest
* Replace nose.tools.assert_equal(a, b) with assert a == b
* Replace nose.tools.raises with pytest.raises
* Convert @raises decorator to pytest.raises() but just for relevant
  lines.
* Remove nose dependency

I left the nose_compat pytest plugin in place. It can be removed in
another request in case it is no longer used.

https://pagure.io/freeipa/issue/7301

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-12-12 16:16:58 +01:00
Christian Heimes
24161a6190
Move remaining util functions to tasks module
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
8aadd55c93
Move function run_repeatedly to tasks module
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
313ae46b57
Move tasks module to ipatests.pytest_plugins.integration.tasks
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Simo Sorce
d2f5fc304f Configure HTTPD to work via Gss-Proxy
https://fedorahosted.org/freeipa/ticket/4189
https://fedorahosted.org/freeipa/ticket/5959

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2017-02-15 07:13:37 +01:00
Lenka Doudova
4df1d9d1a5 Tests: Providing trust tests with tree root domain
https://fedorahosted.org/freeipa/ticket/6347

Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
2016-11-15 13:34:38 +01:00
Lenka Doudova
8a177732af Tests: Provide AD cleanup for trust tests
Providing cleanup of trust information from AD machines for trusts tests.

https://fedorahosted.org/freeipa/ticket/6396

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-11-14 14:32:10 +01:00
Lenka Doudova
936a6a38b8 Tests: Add krb5kdc.service restart to integration trust tests
krb5kdc.service restart is necessary for proper running of integration trust
related tests.

https://fedorahosted.org/freeipa/ticket/6322

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-21 18:44:42 +02:00