freeipa/ipatests/test_integration
Rob Crittenden fb58b76a80 Uninstall without starting the CA in cert expiration test
Some certificates may have started renewal so returning to
present time can bind the server up with trying to renew.

certmonger fires off helpers when it's time to renew
certificates. This scenario puts the time within the renewal
window. If certmonger notices while the test is running it
will kick off renewal for all 12 certificates.

A lock is used to serialize things. The CA was shut down prior
to changing time so there is no chance of issuing new certs.

A fixture was used to ensure that things restarted when
the test was over. This was for chronyd and the CA. By restarting
the CA we allow the chance that it will be able to do some
work, versus returning a connection error and letting
certmonger just error out (CA_UNREACHABLE).

During uninstallation we call certmonger remove_request over
DBus (the equivalent to stop-tracking). As part of this
certmonger waits for any child (helper) processes to go away.
This used to do it via SIGKILL but that caused other problems
so it was changed to waitpid(). We know that it isn't going to
return for a while because the CA isn't up. DBus has a
hardcoded 25 second timeout. So we're guaranteed to get a
DBus timeout. We *could* try to play with it and change the
timeout, or retry a bunch of times, but it isn't worth the
hassle.

This is a contrived scenario that uninstalls immediately after
tweaking time forward. So rather than trying to make this
succesful, uninstall at the future time with the CA stopped
so that helpers won't be hanging around and certmonger can
remove the certs.

This is the last test so also the last time we need the replica
so to avoid replication bogging things down remove that prior
to executing the test. It's one less moving part during the
uninstall phase.

https://pagure.io/freeipa/issue/8506

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2021-03-26 10:54:08 +01:00
..
__init__.py Add marker needs_ipaapi and option to skip tests 2017-12-11 20:40:06 +01:00
base.py lint: Make Pylint-2.4 happy again 2020-02-12 18:08:32 +02:00
test_acme.py ipatests: Enable certbot test on rhel 2021-03-23 15:57:51 +01:00
test_adtrust_install.py ipatests: use pexpect to control inetractive session of ipa-adtrust-install 2021-02-03 09:06:12 +02:00
test_advise.py pylint: Synchronize pylint plugin to ipatests code 2020-02-12 18:08:32 +02:00
test_authselect.py ipatests: fix test_authselect 2020-07-30 13:10:39 +02:00
test_automember.py Tests for autounmembership feature 2019-06-06 16:51:55 +02:00
test_backup_and_restore.py ipatests: introduce wait_for_replication in test_rolecheck_Trust 2021-03-17 09:04:30 +01:00
test_ca_custom_sdn.py test_integration: add tests for custom CA subject DN 2019-10-17 08:17:46 +02:00
test_caless.py ipatests: Check permissions of /etc/ipa/ca.crt new installations 2020-08-06 12:49:51 +02:00
test_cert.py ipatests: Don't rely on certmonger's assigned request id 2021-03-25 15:46:54 +01:00
test_cli_ipa_not_configured.py ipatests: Test for ipa-backup with ipa not configured 2019-08-27 12:04:45 +02:00
test_commands.py ipatests: use whole date when calling journalctl --since 2021-03-02 11:47:09 +01:00
test_crlgen_manage.py ipatests: fix test_crlgen_manage 2019-11-29 11:17:13 +01:00
test_customized_ds_config_install.py ipatests: do not configure nameserver when installing client and replica 2021-03-04 18:47:32 +01:00
test_dns_locations.py dnspython: Add compatibility shim 2020-08-31 09:46:03 +03:00
test_dns.py Tests for fake_mname parameter setup 2020-08-06 18:43:53 +02:00
test_dnssec.py ipatests: fix TestInstalDNSSECFirst::test_resolvconf logic 2021-03-17 16:28:19 +01:00
test_epn.py EPN: Allow authentication by SMTP client's certificate 2020-11-17 14:25:39 +02:00
test_external_ca.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
test_fips.py Test installation with (fake) userspace FIPS 2019-11-14 16:01:15 +01:00
test_forced_client_reenrollment.py ipatests: do not manually modify /etc/resolv.conf in tests 2021-03-04 18:47:32 +01:00
test_http_kdc_proxy.py ipatests: add test for kdcproxy handling reply split to several TCP packets 2021-03-18 13:41:49 +01:00
test_idviews.py ipatests: fix the method adding ifp to sssd.conf 2020-06-24 17:22:24 -04:00
test_installation_client.py ipatests: make sure dns_lookup_kdc is always true 2020-12-18 13:35:06 +02:00
test_installation.py ipatests: check for the "no sudo present" string absence 2021-03-16 08:44:03 -04:00
test_ipa_cert_fix.py ipatests: Test if ipa-cert-fix renews expired certs with kra installed 2021-02-23 13:25:26 +01:00
test_ipahealthcheck.py Uninstall without starting the CA in cert expiration test 2021-03-26 10:54:08 +01:00
test_kerberos_flags.py Rename pytest_plugins to ipatests.pytest_ipa 2018-08-02 17:07:43 +02:00
test_krbtpolicy.py ccache_sweeper: Add gssproxy service 2021-03-04 14:17:01 +02:00
test_legacy_clients.py ipatests: when talking to AD DCs, use FQDN credentials 2021-01-26 13:05:27 -05:00
test_membermanager.py Show group-add/remove-member-manager failures 2019-11-20 17:08:40 +01:00
test_netgroup.py Rename pytest_plugins to ipatests.pytest_ipa 2018-08-02 17:07:43 +02:00
test_nfs.py ipatests: remove the xfail for test_nfs.py 2020-07-30 13:10:39 +02:00
test_ntp_options.py ipatests: do not configure nameserver when installing client and replica 2021-03-04 18:47:32 +01:00
test_otp.py ipatests: test_otp: convert test_2fa_enable_single_prompt to run_ssh_cmd 2020-07-29 13:53:52 +02:00
test_pki_config_override.py Fix and extend pki config override test 2019-04-24 17:08:24 +02:00
test_pkinit_manage.py Ensure that KDC cert has SAN DNS entry 2021-01-29 13:36:41 -05:00
test_pwpolicy.py ipatests: add test for password policies 2020-10-23 09:32:52 -04:00
test_replica_promotion.py ipatests: do not configure nameserver when installing client and replica 2021-03-04 18:47:32 +01:00
test_replication_layouts.py Rename pytest_plugins to ipatests.pytest_ipa 2018-08-02 17:07:43 +02:00
test_resolvers_manager.py ipatests: add utility for managing domain name resolvers 2021-03-04 18:47:32 +01:00
test_server_del.py ipatests/test_integration/test_server_del.py: Enable dns in fw for dnssec 2018-12-07 17:29:59 +01:00
test_service_permissions.py Rename pytest_plugins to ipatests.pytest_ipa 2018-08-02 17:07:43 +02:00
test_simple_replication.py Check ca_wrapped in ipa-custodia-check 2020-10-05 14:24:55 +02:00
test_smb.py ipatests: do not manually modify /etc/resolv.conf in tests 2021-03-04 18:47:32 +01:00
test_sssd.py ipatests: filter_users belongs to nss section 2021-03-17 16:20:37 +01:00
test_sudo.py ipatests: test addition of invalid sudo command 2021-02-15 09:59:41 +02:00
test_testconfig.py ipatests: mock resolver factory 2021-03-04 18:47:32 +01:00
test_topologies.py Fix comparison-with-callable 2018-11-13 13:37:58 +01:00
test_topology.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
test_trust.py ipatests: skip tests for AD trust with shared secret in FIPS mode 2021-02-19 13:31:28 +01:00
test_uninstallation.py ipatests: do not configure nameserver when installing client and replica 2021-03-04 18:47:32 +01:00
test_upgrade.py ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection 2021-01-14 14:56:26 +01:00
test_user_permissions.py ipatests: test_user_permissions: test_selinux_user_optimized Paramiko=>OpenSSH 2020-07-29 13:53:52 +02:00
test_vault.py Fix E266 too many leading '#' for block comment 2020-05-05 10:42:46 +02:00
test_winsyncmigrate.py pylint: Synchronize pylint plugin to ipatests code 2020-02-12 18:08:32 +02:00