URL: https://github.com/freeipa/freeipa/pull/2276 Author: tiran Title: #2276: [Backport][ipa-4-6] ipa commands: print 'IPA is not configured' when ipa is not setup Action: opened
PR body: """ This PR was opened automatically because PR #2268 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2276/head:pr2276 git checkout pr2276
From ddc5bfbbdd09545725cbe5d6f67fb1d9f534f526 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Wed, 22 Aug 2018 18:29:07 +0200 Subject: [PATCH 1/2] ipa commands: print 'IPA is not configured' when ipa is not setup Some commands print tracebacks or unclear error message when they are called on a machine where ipa packages are installed but IPA is not configured. Consistently report 'IPA is not configured on this system' in this case. Related to https://pagure.io/freeipa/issue/6261 --- install/tools/ipa-compat-manage | 2 ++ install/tools/ipa-csreplica-manage | 4 +++- ipaserver/advise/base.py | 2 ++ ipaserver/install/ipa_pkinit_manage.py | 2 ++ ipaserver/install/ipa_server_upgrade.py | 2 ++ ipaserver/install/ipa_winsync_migrate.py | 2 +- 6 files changed, 12 insertions(+), 2 deletions(-) diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index 6dd259d2aa..ce61b70268 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -82,6 +82,8 @@ def main(): retval = 0 files = [paths.SCHEMA_COMPAT_ULDIF] + installutils.check_server_configuration() + options, args = parse_options() if len(args) != 1: diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index 87f034d120..c7b62b293d 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -32,6 +32,7 @@ from ipaserver.install import (replication, installutils, bindinstance, from ipalib import api, errors from ipalib.util import has_managed_topology from ipapython import ipautil, ipaldap, version +from ipapython.admintool import ScriptError from ipapython.dn import DN logger = logging.getLogger(os.path.basename(__file__)) @@ -408,6 +409,7 @@ def exit_on_managed_topology(what, hint="topologysegment"): def main(): + installutils.check_server_configuration() options, args = parse_options() # Just initialize the environment. This is so the installer can have @@ -496,7 +498,7 @@ try: main() except KeyboardInterrupt: sys.exit(1) -except SystemExit as e: +except (SystemExit, ScriptError) as e: sys.exit(e) except Exception as e: sys.exit("unexpected error: %s" % e) diff --git a/ipaserver/advise/base.py b/ipaserver/advise/base.py index 40f2e65dc8..07b1431e84 100644 --- a/ipaserver/advise/base.py +++ b/ipaserver/advise/base.py @@ -30,6 +30,7 @@ from ipaplatform.paths import paths from ipapython import admintool from ipapython.ipa_log_manager import Filter +from ipaserver.install import installutils """ @@ -418,6 +419,7 @@ def add_options(cls, parser): def validate_options(self): super(IpaAdvise, self).validate_options(needs_root=False) + installutils.check_server_configuration() if len(self.args) > 1: raise self.option_parser.error("You can only provide one " diff --git a/ipaserver/install/ipa_pkinit_manage.py b/ipaserver/install/ipa_pkinit_manage.py index c54bb14f58..4a79bba5d1 100644 --- a/ipaserver/install/ipa_pkinit_manage.py +++ b/ipaserver/install/ipa_pkinit_manage.py @@ -9,6 +9,7 @@ from ipalib import api from ipaplatform.paths import paths from ipapython.admintool import AdminTool +from ipaserver.install import installutils from ipaserver.install.krbinstance import KrbInstance, is_pkinit_enabled logger = logging.getLogger(__name__) @@ -21,6 +22,7 @@ class PKINITManage(AdminTool): def validate_options(self): super(PKINITManage, self).validate_options(needs_root=True) + installutils.check_server_configuration() option_parser = self.option_parser diff --git a/ipaserver/install/ipa_server_upgrade.py b/ipaserver/install/ipa_server_upgrade.py index 1e52bca976..7643b97f22 100644 --- a/ipaserver/install/ipa_server_upgrade.py +++ b/ipaserver/install/ipa_server_upgrade.py @@ -35,6 +35,8 @@ def add_options(cls, parser): def validate_options(self): super(ServerUpgrade, self).validate_options(needs_root=True) + installutils.check_server_configuration() + if self.options.force: self.options.skip_version_check = True diff --git a/ipaserver/install/ipa_winsync_migrate.py b/ipaserver/install/ipa_winsync_migrate.py index 0399b9b7b6..43330ad502 100644 --- a/ipaserver/install/ipa_winsync_migrate.py +++ b/ipaserver/install/ipa_winsync_migrate.py @@ -350,7 +350,7 @@ def main(cls, argv): # Check if the IPA server is configured before attempting to migrate try: installutils.check_server_configuration() - except RuntimeError as e: + except admintool.ScriptError as e: sys.exit(e) # Finalize API From 4e091c904107de6a9d365f3b3f1773f2b6ab7f21 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Wed, 22 Aug 2018 18:31:24 +0200 Subject: [PATCH 2/2] Test: test ipa-* commands when IPA is not configured Add a test checking that ipa-* commands properly display 'IPA is not configured on this system' when called on a system without IPA. Related to: https://pagure.io/freeipa/issue/6261 --- ipatests/test_cmdline/test_cli.py | 56 +++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/ipatests/test_cmdline/test_cli.py b/ipatests/test_cmdline/test_cli.py index 8211c03515..94a16e4841 100644 --- a/ipatests/test_cmdline/test_cli.py +++ b/ipatests/test_cmdline/test_cli.py @@ -342,3 +342,59 @@ def test_cli_fsencoding(): out, err = p.communicate() assert p.returncode > 0, (out, err) assert b'System encoding must be UTF-8' in err, (out, err) + + +IPA_NOT_CONFIGURED = b'IPA is not configured on this system' +IPA_CLIENT_NOT_CONFIGURED = b'IPA client is not configured on this system' + + +@pytest.mark.needs_ipaapi +@pytest.mark.skipif( + os.geteuid() != 0 or os.path.isfile('/etc/ipa/default.conf'), + reason="Must have root privileges to run this test " + "and IPA must not be installed") +@pytest.mark.parametrize( + "args, retcode, output, error", + [ + # Commands delivered by the client pkg + (['ipa'], 1, None, IPA_CLIENT_NOT_CONFIGURED), + (['ipa-certupdate'], 1, None, IPA_CLIENT_NOT_CONFIGURED), + (['ipa-client-automount'], 1, IPA_CLIENT_NOT_CONFIGURED, None), + # Commands delivered by the server pkg + (['ipa-adtrust-install'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-advise'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-backup'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-cacert-manage'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-ca-install'], 1, None, + b'IPA server is not configured on this system'), + (['ipa-compat-manage'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-csreplica-manage'], 1, None, IPA_NOT_CONFIGURED), + (['ipactl', 'status'], 4, None, b'IPA is not configured'), + (['ipa-dns-install'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-kra-install'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-ldap-updater', + '/usr/share/ipa/updates/05-pre_upgrade_plugins.update'], + 2, None, IPA_NOT_CONFIGURED), + (['ipa-managed-entries'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-nis-manage'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-pkinit-manage'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-replica-manage', 'list'], 1, IPA_NOT_CONFIGURED, None), + (['ipa-server-certinstall'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-server-upgrade'], 2, None, IPA_NOT_CONFIGURED), + (['ipa-winsync-migrate'], 1, None, IPA_NOT_CONFIGURED) + ]) +def test_command_ipa_not_installed(args, retcode, output, error): + """ + Test that the commands properly return that IPA client|server is not + configured on this system. + Launch the command specified in args. + Check that the exit code is as expected and that stdout and stderr + contain the expected strings. + """ + p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + out, err = p.communicate() + assert retcode == p.returncode + if output: + assert output in out + if error: + assert error in err
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/2ZPUV7RF4EEZUT6CL5OWTGFAFAD4PVTI/