URL: https://github.com/freeipa/freeipa/pull/4934
Author: rcritten
Title: #4934: [Backport][ipa-4-8] ipatests: Test for ipa-nis-manage CLI tool
Action: opened
PR body:
"""
This PR was opened automatically because PR #4875 was pushed to master and
backport to ipa-4-8 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4934/head:pr4934
git checkout pr4934
From 56cb2e099eec0367c073cf5ad69c4ab3ab390f91 Mon Sep 17 00:00:00 2001
From: sumenon <sume...@redhat.com>
Date: Mon, 8 Jun 2020 14:11:52 +0530
Subject: [PATCH] ipatests: Test for ipa-nis-manage CLI tool.
The testcases added check the various options of ipa-nis-manage CLI
tool as below
1. ipa-nis-mange enable
2. ipa-nis-manage disable
3. Enabling NIS pluging with invalid admin password
---
ipatests/test_integration/test_commands.py | 95 ++++++++++++++++++++++
1 file changed, 95 insertions(+)
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index e2f6762ac8..bacde50416 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -36,6 +36,7 @@
from ipatests.create_external_ca import ExternalCA
from ipatests.test_ipalib.test_x509 import good_pkcs7, badcert
from ipapython.ipautil import realm_to_suffix, ipa_generate_password
+from ipaserver.install.installutils import realm_to_serverid
logger = logging.getLogger(__name__)
@@ -44,6 +45,8 @@
ENABLED_SERVICE = u'enabledService'
HIDDEN_SERVICE = u'hiddenService'
+DIRSRV_SLEEP = 5
+
isrgrootx1 = (
b'-----BEGIN CERTIFICATE-----\n'
b'MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\n'
@@ -1216,3 +1219,95 @@ def test_login_wrong_password(self, user_creation_deletion):
'-u', 'sshd',
'--since={}'.format(since)])
assert exp_msg in result.stdout_text
+
+ def get_dirsrv_id(self):
+ serverid = realm_to_serverid(self.master.domain.realm)
+ return("dirsrv@%s.service" % serverid)
+
+ def test_ipa_nis_manage_enable(self):
+ """
+ This testcase checks if ipa-nis-manage enable
+ command enables plugin on an IPA master
+ """
+ dirsrv_service = self.get_dirsrv_id()
+ console_msg = (
+ "Enabling plugin\n"
+ "This setting will not take effect until "
+ "you restart Directory Server.\n"
+ "The rpcbind service may need to be started"
+ )
+ status_msg = "Plugin is enabled"
+ tasks.kinit_admin(self.master)
+ result = self.master.run_command(
+ ["ipa-nis-manage", "enable"],
+ stdin_text=self.master.config.admin_password,
+ )
+ assert console_msg in result.stdout_text
+ # verify using backend
+ conn = self.master.ldap_connect() # pylint: disable=no-member
+ dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
+ entry = conn.get_entry(dn) # pylint: disable=no-member
+ nispluginstring = entry.get('nsslapd-pluginEnabled')
+ assert 'on' in nispluginstring
+ # restart for changes to take effect
+ self.master.run_command(["systemctl", "restart", dirsrv_service])
+ self.master.run_command(["systemctl", "restart", "rpcbind"])
+ time.sleep(DIRSRV_SLEEP)
+ # check status msg on the console
+ result = self.master.run_command(
+ ["ipa-nis-manage", "status"],
+ stdin_text=self.master.config.admin_password,
+ )
+ assert status_msg in result.stdout_text
+
+ def test_ipa_nis_manage_disable(self):
+ """
+ This testcase checks if ipa-nis-manage disable
+ command disable plugin on an IPA Master
+ """
+ dirsrv_service = self.get_dirsrv_id()
+ msg = (
+ "This setting will not take effect "
+ "until you restart Directory Server."
+ )
+ status_msg = "Plugin is not enabled"
+ tasks.kinit_admin(self.master)
+ result = self.master.run_command(
+ ["ipa-nis-manage", "disable"],
+ stdin_text=self.master.config.admin_password,
+ )
+ assert msg in result.stdout_text
+ # verify using backend
+ conn = self.master.ldap_connect() # pylint: disable=no-member
+ dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
+ entry = conn.get_entry(dn) # pylint: disable=no-member
+ nispluginstring = entry.get('nsslapd-pluginEnabled')
+ assert 'off' in nispluginstring
+ # restart dirsrv for changes to take effect
+ self.master.run_command(["systemctl", "restart", dirsrv_service])
+ time.sleep(DIRSRV_SLEEP)
+ # check status msg on the console
+ result = self.master.run_command(
+ ["ipa-nis-manage", "status"],
+ stdin_text=self.master.config.admin_password,
+ raiseonerr=False,
+ )
+ assert result.returncode == 4
+ assert status_msg in result.stdout_text
+
+ def test_ipa_nis_manage_enable_incorrect_password(self):
+ """
+ This testcase checks if ipa-nis-manage enable
+ command throws error on console for invalid DS admin password
+ """
+ msg = (
+ "Insufficient access: Invalid credentials "
+ "Invalid credentials\n"
+ )
+ result = self.master.run_command(
+ ["ipa-nis-manage", "enable"],
+ stdin_text='Invalid_pwd',
+ raiseonerr=False,
+ )
+ assert result.returncode == 1
+ assert msg in result.stderr_text
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
