Commit Graph

145 Commits

Author SHA1 Message Date
Sergey Orlov
3f02fc945e ipatests: new tests for establishing one-way AD trust with shared secret
Tests added for two scenarios:
1) adding one-way external trust, trust on Windows side is created using
   netdom utility.
2) adding one-way forest trust, trust on Windows side is created using
   powershell bindings to .Net functions
Tests verify that specified trusts can be established, trust domains can
be  fetched and AD user data can be queried by IPA client.

Relates: https://pagure.io/freeipa/issue/6077
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
2019-05-29 10:44:41 +03:00
Fraser Tweedale
f9b22283dd add test for external CA key size sanity check
We recently added validation of externally-signed CA certificate to
ensure certificates signed by external CAs with too-small keys
(according to system crypto policy) are rejected.

Add an integration test that attempts to renew with a 1024-bit
external CA, and asserts failure.

Part of: https://pagure.io/freeipa/issue/7761

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2019-05-28 10:04:30 +03:00
Kaleemullah Siddiqui
c9c8b3e048 Order of master and replica corrected in logger.info
Order of master/replica was incorect which has been
corrected

Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2019-05-23 09:58:18 +02:00
Christian Heimes
289f9c7e25 Delay import of SSSDConfig
SSSDConfig is not available on PyPI.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-05-16 13:20:38 +02:00
Christian Heimes
2042b5a0d2 Use PKCS#8 instead of traditional privkey format
The modern PKCS#8 private key format supports better encryption standard
and is preferable over traditional, weak PKCS#1 key format.

Fixes: https://pagure.io/freeipa/issue/7943
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Oleg Kozlov <okozlov@redhat.com>
2019-05-14 17:11:54 +02:00
Christian Heimes
d7e17655c7 Check for SELinux AVCs after installation
Look for SELinux violation after installing a master with CA, KRA, and
DNS with DNSSEC. The test does not fail yet, because there are known
SELinux violations.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-26 09:50:23 +02:00
Christian Heimes
45b8cc1d83 Increase default key size for CA to 3072 bits
The signing key for IPA's CA certificate now uses a 3072 bit RSA key by
default.

According to https://www.keylength.com/, NIST 800-57 Part 1 Rev. 4
recommends 3072 bit RSA keys for keys that are used beyond 2030 for 128 bit
strength.

Fixes: https://pagure.io/freeipa/issue/6790
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-16 16:51:40 +02:00
Christian Heimes
dd47cfc75a Add pki.ini override option
Allow to specify a pki.ini overlay file on the command line. The override
file can be used to override pkispawn settings.

Fixes: https://pagure.io/freeipa/issue/5608
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-10 13:43:23 +02:00
Christian Heimes
3c354e74f3 Verify external CA's basic constraint pathlen
IPA no verifies that intermediate certs of external CAs have a basic
constraint path len of at least 1 and increasing.

Fixes: https://pagure.io/freeipa/issue/7877
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-04 10:05:10 +02:00
Sergey Orlov
c819716521 ipatests: refactor test_trust.py
Tests in test_trust.py were organized in ten classes, one for each trust type,
requiring ten cycles of ipaserver installation/uninstallation and the full test
run lasted for about 5500 seconds.
There is no need in reinstallation of ipaserver between establishing different
types of trust.
I moved all tests to sinle class, preserving test logic.

Additional changes:
 * TestEnforcedPosixADTrust was totally removed as it was duplicate of
   TestPosixADTrust
 * code of repeated checks was moved to methods
 * A task was cretated for cleaning up DNS configuration changes made for
   establishing trust

Related to https://pagure.io/freeipa/issue/7889

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-01 10:24:46 -04:00
Sergey Orlov
35a4642ad0 ipatests: allow AD hosts to be placed in separate domain config objects
Tests for AD trust can use three types (roles) of AD machines:
forest root, subdomain and tree domain.
All those machines were placed in one domain object of multihost configuration,
though they all have different domain names.
This is bad as we can not use domain attributes provided by multihost plugin
like host.domain.name and host.domain.basedn and others and need to reimplement
them, evaluating domain name from host.hostname.
And if we accidently used those properties it would lead to difficult to locate
errors (we would use same domain name for all AD hosts).
I modified multihost fixture function mh() to allow creating several AD domains.
As multihost plugin does not support requesting multiple domains with the same type,
I had to introduce new domain types: AD_SUBDOMAIN and AD_TREEDOMAIN.
Also there was a error in mh() which forced user to provide all three AD
machines when only one was needed (value from test class property num_ad_domains
was applied to subdomains and treedomains requirement).
I changed this behavior and now additional AD machines are specified with
properties num_ad_subdomains and num_ad_treedomains.

Related to https://pagure.io/freeipa/issue/7889

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-01 10:24:46 -04:00
Sergey Orlov
03e2693a7d ipatests: relax requirements for time server quality
When synchronizing time with windows server using chronyd I often see
error "No suitable source for synchronisation". This happens because chronyd
with default options refuses to use time servers with big jitter and delay.
For some reasons Windows time server does have big jitter. In some test setups
delay also can be rathe big.

Related to https://pagure.io/freeipa/issue/7889

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-01 10:24:46 -04:00
Sergey Orlov
14f27d299e ipatests: disable bind dns validation when preparing to establish AD trust
Before establishing trust with AD it is recommended in documentation
(and for many setups necessary) to create add DNS forwarder for AD domain.
Bind config supplied by ipa server has dnssec validation enabled.
If Windows server DNS does not have DNSSEC enabled with valid certificate,
then bind will not be able to use it as forwarder and trust will not be
established.

Related to https://pagure.io/freeipa/issue/7889

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-01 10:24:46 -04:00
Sergey Orlov
cc1fb2fac5 Revert "Tests: Remove DNS configuration from trust tests"
This reverts commit 1d9e1521c5.
The reverted commit message states:
"Since DNS configuration is no longer needed for running trust tests,
this method's contents are removed."
In fact tests can run without DNS configuration only in case if test setup
has a DNS server with DNSSEC support and there are A records for Windows
machines and SRV records  Windows AD services and this DNS server is used
as forwarder by bind. If one of these in not true
then tests fail when trying to establish trust (ipa trust-add) as --server
option is not used and ipa can not find the AD machine. If we specify
--server option and add Windows hosts to /etc/hosts, then trust will be
established, but then sssd will fail to find the host to talk for getting users
from AD. So for general case we should setup DNS forwarders prior to
establishing trust, as stated in
https://www.freeipa.org/page/Active_Directory_trust_setup

Related to https://pagure.io/freeipa/issue/7889

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-01 10:24:46 -04:00
Tibor Dudlák
692cbc5d3f
Fix test_ntp_options to use tasks' methods
Use methods:
- tasks.replica_install()
- tasks.client_install()
instead of custom methods.
Move ntp_pool/server to class scope.
Using teardown_method for cleanup.
Edit tasks.client_install to return result of installation.
Refactor install_replica task:
Add promote parameter to install_replica task.
Add ntp_args to install_client call and remove from
replica installation from tasks.install_replica while promoting.
Use case while not promoting has to have user allowed to enroll
a replica and server to contact in case autodiscovery does not work.

Related: https://pagure.io/freeipa/issue/7719
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-03-29 18:56:40 +01:00
Christian Heimes
e04dc9a8e1 Test replica installation from hidden replica
Exercise ipa-replica-install with a hidden replica as source server and
creation of replication agreements between a hidden and an enabled
replica.

Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
2019-03-28 17:57:58 +01:00
Christian Heimes
73bc11a20b Add ldapmodify/search helper functions
Move common LDAP commands to ldapmodify_dm() and ldapsearch_dm() helper
functions.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-02-05 08:39:13 -05:00
Christian Heimes
1a2ceb1557 Use secure LDAP connection in tests
Integration tests are now using StartTLS with IPA's CA cert instead of
plain text connections.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-02-05 08:39:13 -05:00
Christian Heimes
a3934a211d Use new LDAPClient constructors
Replace get_ldap_uri() + LDAPClient() with new LDAPClient constructors
like LDAPClient.from_realm().

Some places now use LDAPI with external bind instead of LDAP with simple
bind. Although the FQDN *should* resolve to 127.0.0.1 / [::1], there is
no hard guarantee. The draft
https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-04#section-5.1
specifies that applications must verify that the resulting IP is a
loopback API. LDAPI is always local and a bit more efficient, too.

The simple_bind() method also prevents the caller from sending a
password over an insecure line.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-02-05 08:39:13 -05:00
Rob Crittenden
fd4b84d6d2 tests: Don't provide explicit hostname to ldapmodify
Manual revert of bbac233b5e

The assumption was that ldap.conf was hosed and it couldn't
tell what hostname to use so one was hardcoded. This code
doesn't explicitly test that ldap.conf is sane but it is
a nice side-effect I suppose.

https://pagure.io/freeipa/issue/5880
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2019-02-01 13:54:49 -05:00
Sergey Orlov
20d8286b60 ipatests: fix ldap server url
master.external_hostname was used to construct ldap url
which caused ldappasswd utility to exit with error due to host name
mismatch in client certificate. master.hostname should be used instead
as this name is used to generate certificate.

Fixes https://pagure.io/freeipa/issue/7844

Signed-off-by: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-01-30 08:16:55 +01:00
Christian Heimes
18f610caea Always collect test logs
mh.install() is the default multi host installer. Most integration test
classes use it to install master, replicas, and clients. In case of a
failed installation, the test collector step is skipped.

Guard log collection with a try/finally block so logs are always
collected.

Also collect journald output for mh.install() steps. The journal output
was missing from installation logs and were only available in each test
step.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
2018-12-13 16:55:41 +01:00
Christian Heimes
a86abd37e9 Log stderr in run_command
pytest_multihost's run_command() does not log stderr when a command
fails. Wrap the function call to log stderr so it's easier to debug
failing tests.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-12-11 13:46:52 +01:00
Florence Blanc-Renaud
a81ea9af19 ipatests: fix test_full_backup_and_restore
The test is failing when calling (on the replica)
    ipa-replica-manage re-initialize --from <master>
because the tool needs to resolve master.
The test does not set /etc/resolv.conf on the replica, as a
consequence it relies on whatever DNS server is configured in
your test environment prior to launching the test, and makes
the test unreliable.
In PR-CI env, /etc/resolv.conf points to the machine hosting
the replica vm, which is unable to resolve master.ipa.test.

The fix is modifying the replica's /etc/resolv.conf to use the
master as DNS.

Fixes https://pagure.io/freeipa/issue/7778

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-12-10 17:04:56 +01:00
Thomas Woerner
228d1c81c0 ipatests integration/tasks.py: Honor clean for firewall in uninstall_master
This fix will make sure that the firewall services are only cleaned up if
the clean flag is True for example for backup and restore tests where the
clean flag is set to False for the server uninstall.

See: https://pagure.io/freeipa/issue/7755
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-12-07 17:29:59 +01:00
Christian Heimes
5a2a7151d5 Add integration tests for idviews
Add several tests to verify new anchor override and general idview
override functionality.

Fixes: https://pagure.io/freeipa/issue/6594
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-12-07 11:39:23 +01:00
Thomas Woerner
e3d134e66f ipatests/pytest_ipa/integration/tasks.py: Configure firewall
install_master: Enable firewall services freeipa-ldap and freeipa-ldaps by
default, enable dns if setup_dns is set and enable freeipa-trust if
setup_adtrust is set. The services are enabled after the master has been
successfully installed.

install_replica: Enable firewall services freeipa-ldap and freeipa-ldaps
by default, enable dns if setup_dns is set and enable freeipa-trust if
setup_adtrust is set. The services are enabled before the replica gets
installed and disabled if the installation failed.

install_adtrust: Enable firewall service freeipa-trust after
ipa-adtrust-install has been called.

uninstall_master: Disable services freeipa-ldap, freeipa-ldaps,
freeipa-trust and dns after ipa-server-install --uninstall -U has been
called.

install_dns: Enable firewall service dns after ipa-dns-install has been
called.

See: https://pagure.io/freeipa/issue/7755
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2018-12-03 11:26:08 +01:00
Thomas Woerner
fc70c78e45 New firewall support class in ipatests/pytest_ipa/integration/firewall
The new Firewall class provides methods to enable and disable a service,
service lists and also methods to apply a passthrough rule, also to add,
prepend and also remove a list of passthrough rules:

class Firewall
    __init__(host)
        Initialize with host where firewall changes should be applied
        Unmasks, enables and starts firewalld

    enable_service(service)
        Enable firewall service in firewalld runtime and permanent
        environment

    disable_service(service)
        Disable firewall service in firewalld runtime and permanent
        environment

    enable_services(services)
        Enable list of firewall services in firewalld runtime and
        permanent environment

    disable_services(services)
        Disable list of firewall services in firewalld runtime and
        permanent environment

    passthrough_rule(rule, ipv=None)
        Generic method to get direct passthrough rules to firewalld
        rule is an ip[6]tables rule without using the ip[6]tables command.
        The rule will per default be added to the IPv4 and IPv6 firewall.
        If there are IP version specific parts in the rule, please make
        sure that ipv is set properly.
        The rule is added to the direct sub chain of the chain that is
        used in the rule

    add_passthrough_rules(rules, ipv=None)
        Add passthough rules to the end of the chain
        rules is a list of ip[6]tables rules, where the first entry of each
        rule is the chain. No --append/-A, --delete/-D should be added
        before the chain name, beacuse these are added by the method.
        If there are IP version specific parts in the rule, please make
        sure that ipv is set to either ipv4 or ipv6.

    prepend_passthrough_rules(rules, ipv=None)
        Insert passthough rules starting at position 1 as a block
        rules is a list of ip[6]tables rules, where the first entry of each
        rule is the chain. No --append/-A, --delete/-D should be added
        before the chain name, beacuse these are added by the method.
        If there are IP version specific parts in the rule, please make
        sure that ipv is set to either ipv4 or ipv6.

    remove_passthrough_rules(rules, ipv=None)
        Remove passthrough rules
        rules is a list of ip[6]tables rules, where the first entry of each
        rule is the chain. No --append/-A, --delete/-D should be added
        before the chain name, beacuse these are added by the method.
        If there are IP version specific parts in the rule, please make
        sure that ipv is set to either ipv4 or ipv6.

See: https://pagure.io/freeipa/issue/7755
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2018-12-03 11:26:08 +01:00
Christian Heimes
3243498faa Increase debugging for blocked port 749 and 464
kadmin.service is still failing to start sometimes. List and check both
source and destination ports of listening and non-listening TCP and UDP
sockets.

See: https://pagure.io/freeipa/issue/7769
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
2018-11-27 14:43:20 +01:00
Christian Heimes
533a5b2633 pylint 2.2: Fix unnecessary pass statement
pylint 2.2.0 has a new checker for unnecessary pass statements. There is
no need to have a pass statement in functions or classes with a doc
string.

Fixes: https://pagure.io/freeipa/issue/7772
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
2018-11-26 16:54:43 +01:00
Sergey Orlov
8182ebc6c3
ipatests: add test for ipa-restore in multi-master configuration
Test ensures that after ipa-restore on the master, the replica can be
re-synchronized and a new replica can be created.

https://pagure.io/freeipa/issue/7455

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-11-21 10:29:51 +01:00
Florence Blanc-Renaud
55c0a93271 ipatests: fix test_replica_uninstall_deletes_ruvs
test_topology.py is failing because of a wrong scenario.
Currently, test_replica_uninstall_deletes_ruvs does:
- install master + replica with CA
- ipa-replica-manage list-ruv to check that the repl is
propery setup
- ipa-replica-manage del $replica
- (on replica) ipa-server-install --uninstall -U
- ipa-replica-manage list-ruv to check that replica
does not appear any more in the RUV list

When ipa-replica-manage del is run, the topology plugin
creates 2 tasks cleanallruvs (one for the domain, one for the ca)
and they are run asynchronously. This means that the ruvs may
still be present when the test moves forward and calls list-ruv.

The test should wait for the cleanallruvs tasks to finish before
checking that list-ruv does not display replica anymore.

Fixes https://pagure.io/freeipa/issue/7545

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-11-20 13:34:07 +01:00
Christian Heimes
7434a3299d PR-CI: Restart rpcbind when it blocks kadmin port
Every now and then, a PR-CI job fails because rpcbind blocks the kadmin
port 749/UDP and kadmin.service fails to start. When NFS secure port is
configured, rpcbind reserves a random low port.

A new workaround detects the blocked port and restarts rpcbind.service.

See: https://pagure.io/freeipa/issue/7769
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
2018-11-20 09:31:32 +01:00
Christian Heimes
85286beb5b Address inconsistent-return-statements
Pylint warns about inconsistent return statements when some paths of a
function return None implicitly. Make all implicit returns either
explicit or raise a proper exception.

See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-11-13 13:37:58 +01:00
Christian Heimes
204353e4dc Use tasks.install_master() in external_ca tests
The install_master() function performs additional steps besides just
installing a server. It also sets up log collection and performs
additional tests.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-10-26 20:10:23 +02:00
Rob Crittenden
552777293d Collect the client and server uninstall logs in tests
When running the integration tests capture the uninstallation
logs as well as the installation logs.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-10-26 08:11:03 +02:00
Christian Heimes
15d5e44ee8 Py3: Replace six.moves imports
Replace six.moves and six.StringIO/BytesIO imports with cannonical
Python 3 packages.

Note: six.moves.input behaves differently than builtin input function.
Therefore I left six.moves.input for now.

See: https://pagure.io/freeipa/issue/7715
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-10-05 12:06:19 +02:00
Christian Heimes
964a9bdcec Py3: Replace six.string_types with str
In Python 3, six.string_types is just an alias for str.

See: https://pagure.io/freeipa/issue/7715
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-09-27 16:11:18 +02:00
Christian Heimes
4a58adf79e Sprinkle raw strings across the code base
tox / pytest is complaining about lots and lots of invalid escape
sequences in our code base. Sprinkle raw strings or backslash escapes
across the code base to fix most occurences of:

  DeprecationWarning: invalid escape sequence

There is still one warning that keeps repeating, though:

  source:264: DeprecationWarning: invalid escape sequence \d

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-09-27 10:23:03 +02:00
Thomas Woerner
7eb8695e84 Remove DL0 specific code from ipatests/pytest_ipa/integration/tasks.py
The functions get_replica_filename and replica_prepare are not needed anymore
with the DL0 removal. The DL0 specific code has been removed from the
functions install_replica, install_kra and install_ca.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-09-12 13:11:21 +02:00
Michal Reznik
c29581c9a0
add strip_cert_header() to tasks.py
https://pagure.io/freeipa/issue/7687

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-09-06 13:49:34 +02:00
Michal Reznik
31a92c1677
tests: sssd_ssh fd leaks when user cert converted into SSH key
https://pagure.io/freeipa/issue/7687

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-09-06 13:49:34 +02:00
Christian Heimes
13000e2f19 Disable DL0 specific tests
Disable tests that use domain level 0. Fail early to catch additional
tests that depend on DL0.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
2018-08-13 18:49:05 +02:00
Michal Reznik
0aeccc0852
ipa_tests: test ssh keys login
Integration test for:

https://pagure.io/SSSD/sssd/issue/3747

IPA ticket: https://pagure.io/freeipa/issue/7664

Reviewed-By: Armando Neto <abiagion@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-08-10 17:01:45 +02:00
Christian Heimes
6414509343
Rename pytest_plugins to ipatests.pytest_ipa
pytest 3.7.0 doesn't like ipatests.pytest_plugins package. The string
"pytest_plugins" is used as marker to load plugins. By populare vote and
to avoid future conflicts, we decided to rename the directory to pytest_ipa.

Fixes: https://pagure.io/freeipa/issue/7663
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-08-02 17:07:43 +02:00