IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 00:41:25 -06:00
Code Issues Packages Projects Releases Wiki Activity
55c0a93271
freeipa/ipatests/test_integration/test_installation.py
Fraser Tweedale 4b920df483 Restore KRA clone installation integration test 
This Dogtag issue that caused KRA clone installation failure in some
scenarios has been fixed (https://pagure.io/dogtagpki/issue/3055).
This reverts commit 2488813260 and
bumps the pki-core dependency.

Fixes: https://pagure.io/freeipa/issue/7654
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-10-26 21:37:39 +02:00

464 lines
14 KiB
Python
Raw Blame History

#
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
"""
Module provides tests which testing ability of various subsystems to be
installed.
"""
from __future__ import absolute_import
import os
import pytest
from ipalib.constants import DOMAIN_LEVEL_0
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipatests.pytest_ipa.integration.env_config import get_global_config
from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_ipa.integration import tasks
from ipatests.test_integration.test_caless import CALessBase, ipa_certs_cleanup
config = get_global_config()
def create_broken_resolv_conf(master):
# Force a broken resolv.conf to simulate a bad response to
# reverse zone lookups
master.run_command([
'/usr/bin/mv',
paths.RESOLV_CONF,
'%s.sav' % paths.RESOLV_CONF
])
contents = "# Set as broken by ipatests\nnameserver 127.0.0.2\n"
master.put_file_contents(paths.RESOLV_CONF, contents)
def restore_resolv_conf(master):
if os.path.exists('%s.sav' % paths.RESOLV_CONF):
master.run_command([
'/usr/bin/mv',
'%s.sav' % paths.RESOLV_CONF,
paths.RESOLV_CONF
])
def server_install_setup(func):
def wrapped(*args):
master = args[0].master
create_broken_resolv_conf(master)
try:
func(*args)
finally:
tasks.uninstall_master(master, clean=False)
restore_resolv_conf(master)
ipa_certs_cleanup(master)
return wrapped
class InstallTestBase1(IntegrationTest):
num_replicas = 3
topology = 'star'
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=False)
def test_replica0_ca_less_install(self):
tasks.install_replica(self.master, self.replicas[0], setup_ca=False)
def test_replica0_ipa_ca_install(self):
tasks.install_ca(self.replicas[0])
def test_replica0_ipa_kra_install(self):
tasks.install_kra(self.replicas[0], first_instance=True)
def test_replica0_ipa_dns_install(self):
tasks.install_dns(self.replicas[0])
def test_replica1_with_ca_install(self):
tasks.install_replica(self.master, self.replicas[1], setup_ca=True)
def test_replica1_ipa_kra_install(self):
tasks.install_kra(self.replicas[1])
def test_replica1_ipa_dns_install(self):
tasks.install_dns(self.replicas[1])
def test_replica2_with_ca_kra_install(self):
tasks.install_replica(self.master, self.replicas[2], setup_ca=True,
setup_kra=True)
def test_replica2_ipa_dns_install(self):
tasks.install_dns(self.replicas[2])
class InstallTestBase2(IntegrationTest):
num_replicas = 3
topology = 'star'
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=False)
def test_replica1_with_ca_dns_install(self):
tasks.install_replica(self.master, self.replicas[1], setup_ca=True,
setup_dns=True)
def test_replica1_ipa_kra_install(self):
tasks.install_kra(self.replicas[1])
def test_replica2_with_dns_install(self):
tasks.install_replica(self.master, self.replicas[2], setup_ca=False,
setup_dns=True)
def test_replica2_ipa_ca_install(self):
tasks.install_ca(self.replicas[2])
def test_replica2_ipa_kra_install(self):
tasks.install_kra(self.replicas[2])
class ADTrustInstallTestBase(IntegrationTest):
"""
Base test for builtin AD trust installation im combination with other
components
"""
num_replicas = 2
topology = 'star'
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=False)
def install_replica(self, replica, **kwargs):
tasks.install_replica(self.master, replica, setup_adtrust=True,
**kwargs)
def test_replica0_only_adtrust(self):
self.install_replica(self.replicas[0], setup_ca=False)
def test_replica1_all_components_adtrust(self):
self.install_replica(self.replicas[1], setup_ca=True)
##
# Master X Replicas installation tests
##
class TestInstallWithCA1(InstallTestBase1):
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=False)
@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
reason='does not work on DOMAIN_LEVEL_0 by design')
def test_replica1_ipa_kra_install(self):
super(TestInstallWithCA1, self).test_replica1_ipa_kra_install()
@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
reason='does not work on DOMAIN_LEVEL_0 by design')
def test_replica2_with_ca_kra_install(self):
super(TestInstallWithCA1, self).test_replica2_with_ca_kra_install()
@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
reason='does not work on DOMAIN_LEVEL_0 by design')
def test_replica2_ipa_dns_install(self):
super(TestInstallWithCA1, self).test_replica2_ipa_dns_install()
class TestInstallWithCA2(InstallTestBase2):
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=False)
@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
reason='does not work on DOMAIN_LEVEL_0 by design')
def test_replica1_ipa_kra_install(self):
super(TestInstallWithCA2, self).test_replica1_ipa_kra_install()
@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
reason='does not work on DOMAIN_LEVEL_0 by design')
def test_replica2_ipa_kra_install(self):
super(TestInstallWithCA2, self).test_replica2_ipa_kra_install()
class TestInstallWithCA_KRA1(InstallTestBase1):
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=False, setup_kra=True)
def test_replica0_ipa_kra_install(self):
tasks.install_kra(self.replicas[0], first_instance=False)
class TestInstallWithCA_KRA2(InstallTestBase2):
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=False, setup_kra=True)
class TestInstallWithCA_DNS1(InstallTestBase1):
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
reason='does not work on DOMAIN_LEVEL_0 by design')
def test_replica1_ipa_kra_install(self):
super(TestInstallWithCA_DNS1, self).test_replica1_ipa_kra_install()
@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
reason='does not work on DOMAIN_LEVEL_0 by design')
def test_replica2_with_ca_kra_install(self):
super(TestInstallWithCA_DNS1, self).test_replica2_with_ca_kra_install()
@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
reason='does not work on DOMAIN_LEVEL_0 by design')
def test_replica2_ipa_dns_install(self):
super(TestInstallWithCA_DNS1, self).test_replica2_ipa_dns_install()
class TestInstallWithCA_DNS2(InstallTestBase2):
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
reason='does not work on DOMAIN_LEVEL_0 by design')
def test_replica1_ipa_kra_install(self):
super(TestInstallWithCA_DNS2, self).test_replica1_ipa_kra_install()
@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
reason='does not work on DOMAIN_LEVEL_0 by design')
def test_replica2_ipa_kra_install(self):
super(TestInstallWithCA_DNS2, self).test_replica2_ipa_kra_install()
class TestInstallWithCA_DNS3(CALessBase):
"""
Test an install with a bad DNS resolver configured to force a
timeout trying to verify the existing zones. In the case of a reverse
zone it is skipped unless --allow-zone-overlap is set regardless of
the value of --auto-reverse. Confirm that --allow-zone-overlap
lets the reverse zone be created.
ticket 7239
"""
@server_install_setup
def test_number_of_zones(self):
"""There should be two zones: one forward, one reverse"""
self.create_pkcs12('ca1/server')
self.prepare_cacert('ca1')
self.install_server(extra_args=['--allow-zone-overlap'])
result = self.master.run_command([
'ipa', 'dnszone-find'])
assert "in-addr.arpa." in result.stdout_text
assert "returned 2" in result.stdout_text
class TestInstallWithCA_DNS4(CALessBase):
"""
Test an install with a bad DNS resolver configured to force a
timeout trying to verify the existing zones. In the case of a reverse
zone it is skipped unless --allow-zone-overlap is set regardless of
the value of --auto-reverse. Confirm that without --allow-reverse-zone
only the forward zone is created.
ticket 7239
"""
@server_install_setup
def test_number_of_zones(self):
"""There should be one zone, a forward because rev timed-out"""
self.create_pkcs12('ca1/server')
self.prepare_cacert('ca1')
# no zone overlap by default
self.install_server()
result = self.master.run_command([
'ipa', 'dnszone-find'])
assert "in-addr.arpa." not in result.stdout_text
assert "returned 1" in result.stdout_text
@pytest.mark.cs_acceptance
class TestInstallWithCA_KRA_DNS1(InstallTestBase1):
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True, setup_kra=True)
def test_replica0_ipa_kra_install(self):
tasks.install_kra(self.replicas[0], first_instance=False)
class TestInstallWithCA_KRA_DNS2(InstallTestBase2):
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True, setup_kra=True)
class TestADTrustInstall(ADTrustInstallTestBase):
"""
Tests built-in AD trust installation in various combinations (see the base
class for more details) against plain IPA master (no DNS, no KRA, no AD
trust)
"""
pass
class TestADTrustInstallWithDNS_KRA_ADTrust(ADTrustInstallTestBase):
"""
Tests built-in AD trust installation in various combinations (see the base
class for more details) against fully equipped (DNS, CA, KRA, ADtrust)
master. Additional two test cases were added to test interplay including
KRA installer
"""
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True, setup_kra=True,
setup_adtrust=True)
def test_replica1_all_components_adtrust(self):
self.install_replica(self.replicas[1], setup_ca=True, setup_kra=True)
##
# Rest of master installation tests
##
class TestInstallMaster(IntegrationTest):
num_replicas = 0
@classmethod
def install(cls, mh):
pass
def test_install_master(self):
tasks.install_master(self.master, setup_dns=False)
def test_install_kra(self):
tasks.install_kra(self.master, first_instance=True)
def test_install_dns(self):
tasks.install_dns(self.master)
def test_WSGI_worker_process(self):
""" Test if WSGI worker process count is set to 4
related ticket : https://pagure.io/freeipa/issue/7587
"""
# check process count in httpd conf file i.e expected string
exp = b'WSGIDaemonProcess ipa processes=%d' % constants.WSGI_PROCESSES
httpd_conf = self.master.get_file_contents(paths.HTTPD_IPA_CONF)
assert exp in httpd_conf
# check the process count
cmd = self.master.run_command('ps -eF')
wsgi_count = cmd.stdout_text.count('wsgi:ipa')
assert constants.WSGI_PROCESSES == wsgi_count
class TestInstallMasterKRA(IntegrationTest):
num_replicas = 0
@classmethod
def install(cls, mh):
pass
def test_install_master(self):
tasks.install_master(self.master, setup_dns=False, setup_kra=True)
def test_install_dns(self):
tasks.install_dns(self.master)
class TestInstallMasterDNS(IntegrationTest):
num_replicas = 0
@classmethod
def install(cls, mh):
pass
def test_install_master(self):
tasks.install_master(
self.master,
setup_dns=True,
extra_args=['--zonemgr', 'me@example.org'],
)
def test_install_kra(self):
tasks.install_kra(self.master, first_instance=True)
class TestInstallMasterReservedIPasForwarder(IntegrationTest):
"""Test to check if IANA reserved IP doesn't accepted as DNS forwarder
IANA reserved IP address can not be used as a forwarder.
This test checks if ipa server installation throws an error when
0.0.0.0 is specified as forwarder IP address.
related ticket: https://pagure.io/freeipa/issue/6894
"""
def test_reserved_ip_as_forwarder(self):
args = [
'ipa-server-install',
'-n', self.master.domain.name,
'-r', self.master.domain.realm,
'-p', self.master.config.dirman_password,
'-a', self.master.config.admin_password,
'--setup-dns',
'--forwarder', '0.0.0.0',
'--auto-reverse']
cmd = self.master.run_command(args, raiseonerr=False)
assert cmd.returncode == 2
exp_str = ("error: option --forwarder: invalid IP address 0.0.0.0: "
"cannot use IANA reserved IP address 0.0.0.0")
assert exp_str in cmd.stderr_text
server_install_options = (
"yes\n"
"{hostname}\n"
"{dmname}\n\n"
"{dm_pass}\n{dm_pass}"
"\n{admin_pass}\n{admin_pass}\n"
"yes\nyes\n0.0.0.0\n".format(
dm_pass=self.master.config.dirman_password,
admin_pass=self.master.config.admin_password,
dmname=self.master.domain.name,
hostname=self.master.hostname))
cmd = self.master.run_command(['ipa-server-install'],
stdin_text=server_install_options,
raiseonerr=False)
exp_str = ("Invalid IP Address 0.0.0.0: cannot use IANA reserved "
"IP address 0.0.0.0")
assert exp_str in cmd.stdout_text
Reference in New Issue View Git Blame Copy Permalink