URL: https://github.com/freeipa/freeipa/pull/1145
Author: stlaz
 Title: #1145: [Backport][ipa-4-6] tests: add host zone with overlap
Action: opened

PR body:
"""
This PR was opened automatically because PR #1106 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1145/head:pr1145
git checkout pr1145
From 76a7f38e939cbd20a5356775de1804da88adfb80 Mon Sep 17 00:00:00 2001
From: Michal Reznik <mrez...@redhat.com>
Date: Wed, 13 Sep 2017 16:31:41 +0200
Subject: [PATCH] tests: add host zone with overlap

This patch is mainly for test_forced_client_reenrolment suite
where when we are not in control of our client DNS we create an
overlap zone in order to get the host records updated. This also
sets resolv.conf before every ipa-client-install to the ipa master.

https://pagure.io/freeipa/issue/7124
---
 ipatests/pytest_plugins/integration/tasks.py       | 26 ++++++++++++++++
 .../test_forced_client_reenrollment.py             | 36 ++++++++++++++++------
 2 files changed, 53 insertions(+), 9 deletions(-)

diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py
index efefb51173..2229b2918c 100644
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -1330,3 +1330,29 @@ def ldappasswd_user_change(user, oldpw, newpw, master):
     args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
             '-s', newpw, '-x']
     master.run_command(args)
+
+
+def add_dns_zone(master, zone, skip_overlap_check=False,
+                 dynamic_update=False, add_a_record_hosts=None):
+    """
+    Add DNS zone if it is not already added.
+    """
+
+    result = master.run_command(
+        ['ipa', 'dnszone-show', zone], raiseonerr=False)
+
+    if result.returncode != 0:
+        command = ['ipa', 'dnszone-add', zone]
+        if skip_overlap_check:
+            command.append('--skip-overlap-check')
+        if dynamic_update:
+            command.append('--dynamic-update=True')
+
+        master.run_command(command)
+
+        if add_a_record_hosts:
+            for host in add_a_record_hosts:
+                master.run_command(['ipa', 'dnsrecord-add', zone,
+                                    host.hostname + ".", '--a-rec', host.ip])
+    else:
+        logger.debug('Zone %s already added.', zone)
diff --git a/ipatests/test_integration/test_forced_client_reenrollment.py b/ipatests/test_integration/test_forced_client_reenrollment.py
index 9b514e38ea..b4012caddb 100644
--- a/ipatests/test_integration/test_forced_client_reenrollment.py
+++ b/ipatests/test_integration/test_forced_client_reenrollment.py
@@ -43,6 +43,19 @@ class TestForcedClientReenrollment(IntegrationTest):
     def install(cls, mh):
         super(TestForcedClientReenrollment, cls).install(mh)
         tasks.install_master(cls.master)
+
+        cls.client_dom = cls.clients[0].hostname.split('.', 1)[1]
+        if cls.client_dom != cls.master.domain.name:
+            # In cases where client is managed by upstream DNS server we
+            # overlap its zone so we can save DNS records (e.g. SSHFP) for
+            # comparison.
+            servers = [cls.master] + cls.replicas
+            tasks.add_dns_zone(cls.master, cls.client_dom,
+                               skip_overlap_check=True,
+                               dynamic_update=True,
+                               add_a_record_hosts=servers
+                               )
+
         tasks.install_replica(cls.master, cls.replicas[0], setup_ca=False)
         cls.BACKUP_KEYTAB = os.path.join(
             cls.master.config.test_dir,
@@ -162,13 +175,14 @@ def restore_client(self):
             '-p', 'tcp',
             '--dport', '22'
         ])
-        client.run_command([
-            'iptables',
-            '-A', 'INPUT',
-            '-j', 'REJECT',
-            '-p', 'all',
-            '--source', self.master.ip
-        ])
+        for host in [self.master] + self.replicas:
+            client.run_command([
+                'iptables',
+                '-A', 'INPUT',
+                '-j', 'REJECT',
+                '-p', 'all',
+                '--source', host.ip
+            ])
         self.uninstall_client()
         client.run_command(['iptables', '-F'])
 
@@ -246,7 +260,7 @@ def get_sshfp_record(self):
         client_host = self.clients[0].hostname.split('.')[0]
 
         result = self.master.run_command(
-            ['ipa', 'dnsrecord-show', self.master.domain.name, client_host]
+            ['ipa', 'dnsrecord-show', self.client_dom, client_host]
         )
 
         lines = result.stdout_text.splitlines()
@@ -270,7 +284,8 @@ def restore_keytab(self):
         contents = self.master.get_file_contents(self.BACKUP_KEYTAB)
         self.clients[0].put_file_contents(self.BACKUP_KEYTAB, contents)
 
-    def fix_resolv_conf(self, client, server):
+    @classmethod
+    def fix_resolv_conf(cls, client, server):
         """
         Put server's ip address at the top of resolv.conf
         """
@@ -284,6 +299,9 @@ def fix_resolv_conf(self, client, server):
 
 @pytest.fixture()
 def client(request):
+    # Here we call "fix_resolv_conf" method before every ipa-client-install so
+    # we get the client pointing to ipa master as DNS server.
+    request.cls.fix_resolv_conf(request.cls.clients[0], request.cls.master)
     tasks.install_client(request.cls.master, request.cls.clients[0])
 
     def teardown_client():
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to