URL: https://github.com/freeipa/freeipa/pull/2043
Author: amore17
Title: #2043: Test for : ipa-client-install should not use hardcoded admin
principal
Action: opened
PR body:
"""
Related to : https://pagure.io/freeipa/issue/5406
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2043/head:pr2043
git checkout pr2043
From 579984bfecb922c31632cc639f8b2d47839114c4 Mon Sep 17 00:00:00 2001
From: Anuja More <am...@redhat.com>
Date: Wed, 30 May 2018 16:42:49 +0530
Subject: [PATCH 1/3] Add test for --external-cert-file points to a
non-existing file or invalid file.
Signed-off-by: Anuja More <am...@redhat.com>
---
.freeipa-pr-ci.yaml | 173 +------------------------------
ipatests/test_integration/test_caless.py | 18 ++++
2 files changed, 20 insertions(+), 171 deletions(-)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index 21f1c004d7..08ff0a7464 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -27,18 +27,6 @@ jobs:
timeout: 1800
topology: *build
- fedora-28/simple_replication:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_simple_replication.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl
-
fedora-28/caless:
requires: [fedora-28/build]
priority: 50
@@ -46,164 +34,7 @@ jobs:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
+ test_suite: test_integration/test_caless.py::TestReplicaInstall
template: *ci-master-f28
- timeout: 3600
+ timeout: 6600
topology: *master_1repl
-
- fedora-28/external_ca:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl_1client
-
- fedora-28/test_topologies:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_topologies.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl
-
- fedora-28/test_sudo:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_sudo.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl_1client
-
- fedora-28/test_commands:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_commands.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl
-
- fedora-28/test_kerberos_flags:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_kerberos_flags.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl_1client
-
- fedora-28/test_http_kdc_proxy:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_http_kdc_proxy.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl_1client
-
- fedora-28/test_forced_client_enrolment:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_forced_client_reenrollment.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl_1client
-
- fedora-28/test_advise:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_advise.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl
-
- fedora-28/test_testconfig:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_testconfig.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl
-
- fedora-28/test_service_permissions:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_service_permissions.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl
-
- fedora-28/test_netgroup:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_netgroup.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl
-
- fedora-28/test_vault:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_vault.py
- template: *ci-master-f28
- timeout: 4500
- topology: *master_1repl
-
- fedora-28/test_authconfig:
- requires: [fedora-28/build]
- priority: 50
- job:
- class: RunPytest
- args:
- build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_authselect.py
- template: *ci-master-f28
- timeout: 3600
- topology: *master_1repl_1client
-
diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index 1666b1ce41..86a5f0f82d 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -1181,6 +1181,24 @@ def test_no_ds_password(self):
if self.domain_level > DOMAIN_LEVEL_0:
self.verify_installation()
+ @replica_install_teardown
+ def test_install_ca_replica(self):
+ # related to https://pagure.io/freeipa/issue/6985
+ replica = self.replicas[0]
+
+ # install ca on replica with non-existing cert
+ tasks.install_ca(replica, external_ca=True, cert_files='abc.crt')
+
+ # install ca with invalid cert
+ contents = (
+ '-----BEGIN CERTIFICATE-----\n'
+ 'sdnmsdkfbsdifbsdbasdsdSDDDasdmnd\n'
+ '-----END CERTIFICATE-----')
+
+ cert1 = tempfile.mkdtemp(suffix='abc.crt', dir=paths.TMP)
+ replica.put_file_contents(cert1, contents)
+ tasks.install_ca(replica, external_ca=True, cert_files=cert1)
+
class TestClientInstall(CALessBase):
num_clients = 1
From 688a566fa4df5ee8cafbba3dd31ceb0ff0b5a17b Mon Sep 17 00:00:00 2001
From: amore17 <38001338+amor...@users.noreply.github.com>
Date: Fri, 1 Jun 2018 14:46:39 +0000
Subject: [PATCH 2/3] Revert "Add test for --external-cert-file points to a
non-existing file or invalid file."
This reverts commit 579984bfecb922c31632cc639f8b2d47839114c4.
---
.freeipa-pr-ci.yaml | 173 ++++++++++++++++++++++++++++++-
ipatests/test_integration/test_caless.py | 18 ----
2 files changed, 171 insertions(+), 20 deletions(-)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index 08ff0a7464..21f1c004d7 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -27,6 +27,18 @@ jobs:
timeout: 1800
topology: *build
+ fedora-28/simple_replication:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_simple_replication.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl
+
fedora-28/caless:
requires: [fedora-28/build]
priority: 50
@@ -34,7 +46,164 @@ jobs:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
- test_suite: test_integration/test_caless.py::TestReplicaInstall
+ test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
template: *ci-master-f28
- timeout: 6600
+ timeout: 3600
topology: *master_1repl
+
+ fedora-28/external_ca:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl_1client
+
+ fedora-28/test_topologies:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_topologies.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl
+
+ fedora-28/test_sudo:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_sudo.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl_1client
+
+ fedora-28/test_commands:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_commands.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl
+
+ fedora-28/test_kerberos_flags:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_kerberos_flags.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl_1client
+
+ fedora-28/test_http_kdc_proxy:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_http_kdc_proxy.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl_1client
+
+ fedora-28/test_forced_client_enrolment:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_forced_client_reenrollment.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl_1client
+
+ fedora-28/test_advise:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_advise.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl
+
+ fedora-28/test_testconfig:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_testconfig.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl
+
+ fedora-28/test_service_permissions:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_service_permissions.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl
+
+ fedora-28/test_netgroup:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_netgroup.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl
+
+ fedora-28/test_vault:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_vault.py
+ template: *ci-master-f28
+ timeout: 4500
+ topology: *master_1repl
+
+ fedora-28/test_authconfig:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_authselect.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl_1client
+
diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index 86a5f0f82d..1666b1ce41 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -1181,24 +1181,6 @@ def test_no_ds_password(self):
if self.domain_level > DOMAIN_LEVEL_0:
self.verify_installation()
- @replica_install_teardown
- def test_install_ca_replica(self):
- # related to https://pagure.io/freeipa/issue/6985
- replica = self.replicas[0]
-
- # install ca on replica with non-existing cert
- tasks.install_ca(replica, external_ca=True, cert_files='abc.crt')
-
- # install ca with invalid cert
- contents = (
- '-----BEGIN CERTIFICATE-----\n'
- 'sdnmsdkfbsdifbsdbasdsdSDDDasdmnd\n'
- '-----END CERTIFICATE-----')
-
- cert1 = tempfile.mkdtemp(suffix='abc.crt', dir=paths.TMP)
- replica.put_file_contents(cert1, contents)
- tasks.install_ca(replica, external_ca=True, cert_files=cert1)
-
class TestClientInstall(CALessBase):
num_clients = 1
From b6e3a7e2505e256ad44c1b39732fd76ed43f7fd4 Mon Sep 17 00:00:00 2001
From: Anuja More <am...@redhat.com>
Date: Tue, 19 Jun 2018 16:15:24 +0530
Subject: [PATCH 3/3] Test for ipa-client-install should not use hardcoded
admin principal
Signed-off-by: Anuja More <am...@redhat.com>
---
.freeipa-pr-ci.yaml | 12 +++++++
ipatests/test_integration/test_user_permissions.py | 40 +++++++++++++++++++++-
2 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index f5c86c51a1..7b24c64b7a 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -219,3 +219,15 @@ jobs:
timeout: 3600
topology: *master_1repl_1client
+ fedora-28/test_service_permissions:
+ requires: [fedora-28/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-28/build_url}'
+ test_suite: test_integration/test_user_permissions.py
+ template: *ci-master-f28
+ timeout: 3600
+ topology: *master_1repl_1client
+
diff --git a/ipatests/test_integration/test_user_permissions.py b/ipatests/test_integration/test_user_permissions.py
index 39dc1fe75e..5d61ce6cdf 100644
--- a/ipatests/test_integration/test_user_permissions.py
+++ b/ipatests/test_integration/test_user_permissions.py
@@ -2,10 +2,10 @@
# Copyright (C) 2018 FreeIPA Contributors see COPYING for license
#
+from ipaplatform.paths import paths
from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_plugins.integration import tasks
-
class TestUserPermissions(IntegrationTest):
topology = 'star'
altadmin = "altadmin"
@@ -93,3 +93,41 @@ def test_stageuser_show_as_alternate_admin(self):
# the field Kerberos Keys available must contain True
result = self.master.run_command(['ipa', 'stageuser-show', stageuser])
assert 'Kerberos keys available: True' in result.stdout_text
+
+
+class TestInstallClientNoAdmin(IntegrationTest):
+
+ def test_installclient_as_user_admin(self):
+ """ipa-client-install should not use hardcoded admin for principal
+ Related to : https://pagure.io/freeipa/issue/5406
+ """
+ tasks.install_master(self.master)
+ tasks.kinit_admin(self.master)
+ username = 'testuser1'
+ password = self.master.config.admin_password
+ password_confirmation = "%s\n%s\n" % (password,
+ password)
+
+ self.master.run_command(['ipa', 'user-add', username,
+ '--first', username,
+ '--last', username,
+ '--password'],
+ stdin_text=password_confirmation)
+
+ runcmd1 = ['ipa', 'role-add', 'useradmin']
+ self.master.run_command(runcmd1)
+ runcmd2 = ['ipa', 'role-add-privilege', 'useradmin',
+ '--privileges="Host Enrollment"']
+ self.master.run_command(runcmd2)
+ runcmd3 = ['ipa', 'role-add-member', 'useradmin',
+ '--users=' + username]
+ self.master.run_command(runcmd3)
+ cmd = ['ipa-client-install', '-U',
+ '--domain', self.client.domain.name,
+ '--realm', self.client.domain.realm,
+ '-p', username
+ '-w', self.master.config.admin_password,
+ '--server', self.master.hostname]
+ self.client.run_command(cmd)
+ msg = "getent passwd %s@%s" % (username, self.client.domain.name)
+ assert msg in paths.IPACLIENT_INSTALL_LOG
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/UJVBI73NFH4XUHWNOFL6HALLXZMY5GUZ/
