URL: https://github.com/freeipa/freeipa/pull/3811
Author: amore17
Title: #3811: ipatests: 'sss_ssh_authorizedkeys user' should return ssh key
Action: opened
PR body:
"""
Added regression tests which validates that when there is ssh key and
certificate is added for IPA user then 'sss_ssh_authorizedkeys user' should
return ssh key.
Related Ticket:
https://pagure.io/SSSD/sssd/issue/3937
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3811/head:pr3811
git checkout pr3811
From 15b5a81ce54f29737e9c3d2abca736d4234a37ba Mon Sep 17 00:00:00 2001
From: Anuja More <am...@redhat.com>
Date: Fri, 18 Oct 2019 17:18:20 +0530
Subject: [PATCH 1/2] ipatests : sss_ssh_authorizedkeys for user ssh key should
be returned.
Signed-off-by: Anuja More <am...@redhat.com>
---
ipatests/test_integration/test_commands.py | 64 ++++++++++++++++++----
1 file changed, 53 insertions(+), 11 deletions(-)
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index d3c6ca9f5a..477301640e 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -40,6 +40,18 @@
HIDDEN_SERVICE = u'hiddenService'
+def create_cert():
+ certs = []
+ external_ca = ExternalCA()
+ for _dummy in range(3):
+ cert = external_ca.create_ca()
+ cert = tasks.strip_cert_header(cert.decode('utf-8'))
+ certs.append('"{}"'.format(cert))
+ cert_args = list(
+ chain.from_iterable(list(zip(repeat('--certificate'), certs))))
+ return cert_args
+
+
class TestIPACommand(IntegrationTest):
"""
A lot of commands can be executed against a single IPA installation
@@ -368,18 +380,8 @@ def count_pipes():
tasks.kinit_admin(self.master)
self.master.run_command(['ipa', 'user-add', test_user,
'--first=tester', '--last=tester'])
+ cert_args = create_cert()
- certs = []
-
- # we are ok with whatever certificate for this test
- external_ca = ExternalCA()
- for _dummy in range(3):
- cert = external_ca.create_ca()
- cert = tasks.strip_cert_header(cert.decode('utf-8'))
- certs.append('"{}"'.format(cert))
-
- cert_args = list(
- chain.from_iterable(list(zip(repeat('--certificate'), certs))))
cmd = 'ipa user-add-cert {} {}'.format(test_user, ' '.join(cert_args))
self.master.run_command(cmd)
@@ -679,3 +681,43 @@ def test_user_mod_change_capitalization_issue5879(self):
assert 'Modified user "%s"' % (ipauser) in cmd.stdout_text
assert 'First name: %s' % (modfirst) in cmd.stdout_text
assert 'Last name: %s' % (modlast) in cmd.stdout_text
+
+ def test_sss_ssh_authorizedkeys(self):
+ """
+ Test that when there is ssh key and certificate is added for IPA
+ user then 'sss_ssh_authorizedkeys user' should return ssh key.
+
+ This is test for : https://pagure.io/SSSD/sssd/issue/3937
+
+ Steps:
+ 1. add ipa user with ssh-key and certificate.
+ 2. to simulate the timeout replace /usr/libexec/sssd/p11_child with
+ a shell script which calls 'sleep 999999'
+ 3. call sss_ssh_authorizedkeys and ssh key should be returned
+ """
+ user = 'testuser'
+ script = '/usr/libexec/sssd/p11_child'
+ script_backup = tasks.FileBackup(self.master, script)
+ shell_script = "#!/bin/bash\nsleep 999999"
+ self.master.run_command('rm', script)
+ self.master.put_file_contents(script, shell_script)
+ self.master.run_command(
+ ['chcon', 'system_u:object_r:bin_t:s0', script])
+ try:
+ user = 'testuser'
+ tasks.kinit_admin(self.master)
+ tasks.user_add(self.master, user)
+ cert_args = create_cert()
+ cmd = 'ipa user-add-cert {} {}'.format(user, ' '.join(cert_args))
+ self.master.run_command(cmd)
+ private_key_str, public_key_str = tasks.generate_ssh_keypair()
+ keys_opts = ' '.join(['--ssh "{}"'.format(public_key_str)])
+ cmd = 'ipa user-mod {} {}'.format(user, keys_opts)
+ self.master.run_command(cmd)
+ result = self.master.run_command(
+ [paths.SSS_SSH_AUTHORIZEDKEYS, user])
+ assert public_key_str in result.stdout_text
+ finally:
+ # cleanup
+ script_backup.restore()
+ self.master.run_command(['ipa', 'user-del', user])
From 3913a85e46d63944573971c855d6b859a1ed1e79 Mon Sep 17 00:00:00 2001
From: Anuja More <am...@redhat.com>
Date: Fri, 18 Oct 2019 17:31:40 +0530
Subject: [PATCH 2/2] temp_commit
Signed-off-by: Anuja More <am...@redhat.com>
---
.freeipa-pr-ci.yaml | 2 +-
ipatests/prci_definitions/temp_commit.yaml | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index abcf8c5b63..8065669008 120000
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -1 +1 @@
-ipatests/prci_definitions/gating.yaml
\ No newline at end of file
+ipatests/prci_definitions/temp_commit.yaml
\ No newline at end of file
diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml
index 9cd8a0a9cd..40203be283 100644
--- a/ipatests/prci_definitions/temp_commit.yaml
+++ b/ipatests/prci_definitions/temp_commit.yaml
@@ -53,14 +53,14 @@ jobs:
timeout: 1800
topology: *build
- fedora-30/temp_commit:
+ fedora-30/test_commands:
requires: [fedora-30/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-30/build_url}'
- test_suite: test_integration/test_REPLACEME.py
+ test_suite: test_integration/test_commands.py
template: *ci-master-f30
timeout: 3600
- topology: *master_1repl_1client
+ topology: *master_1repl
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
