URL: https://github.com/freeipa/freeipa/pull/5850 Author: stanislavlevin Title: #5850: ipatests: healthcheck: Update IPAHostKeytab assumptions Action: opened
PR body: """ As of 0.9 freeipa-healthcheck requires running `dirsrv` service for `IPAHostKeytab` check. So, previous assumption about the triggering the GSSAPI error no longer works. For example, this can be achieved by deletion of host's keytab. Fixes: https://pagure.io/freeipa/issue/8889 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5850/head:pr5850 git checkout pr5850
From 1a00593921e734d54cc72a6dcfb3dc96889bac0c Mon Sep 17 00:00:00 2001 From: Stanislav Levin <s...@altlinux.org> Date: Mon, 21 Jun 2021 18:38:50 +0300 Subject: [PATCH] ipatests: healthcheck: Update IPAHostKeytab assumptions As of 0.9 freeipa-healthcheck requires running `dirsrv` service for `IPAHostKeytab` check. So, previous assumption about the triggering the GSSAPI error no longer works. For example, this can be achieved by deletion of host's keytab. Fixes: https://pagure.io/freeipa/issue/8889 Signed-off-by: Stanislav Levin <s...@altlinux.org> --- .../test_integration/test_ipahealthcheck.py | 53 +++++++------------ 1 file changed, 19 insertions(+), 34 deletions(-) diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py index 8a0641961c7..305d7b94506 100644 --- a/ipatests/test_integration/test_ipahealthcheck.py +++ b/ipatests/test_integration/test_ipahealthcheck.py @@ -492,44 +492,29 @@ def test_source_ipahealthcheck_meta_core_metacheck(self): assert data[0]["kw"]["ipa_version"] in result.stdout_text assert data[0]["kw"]["ipa_api_version"] in result.stdout_text - def test_source_ipahealthcheck_ipa_host_check_ipahostkeytab( - self, restart_service - ): + def test_source_ipahealthcheck_ipa_host_check_ipahostkeytab(self): """ Testcase checks behaviour of check IPAHostKeytab in source - ipahealthcheck.ipa.host when dirsrv service is stopped and - running on IPA master - """ - msgs = ( - ( - "Failed to obtain host TGT: Major (851968): " - "Unspecified GSS failure. " - "Minor code may provide more information, " - "Minor (2529638972): Generic error (see e-text)" - ), - ( - "Failed to obtain host TGT: Major (458752): " - "No credentials were supplied, or the credentials " - "were unavailable or inaccessible, " - "Minor (2529638972): Generic error (see e-text)" - ), - ) - restart_service(self.master, "dirsrv") - dirsrv_ipactl_status = 'Directory Service: STOPPED' - result = self.master.run_command( - ["ipactl", "status"], - raiseonerr=False) - returncode, data = run_healthcheck( - self.master, - "ipahealthcheck.ipa.host", - "IPAHostKeytab", + ipahealthcheck.ipa.host when GSSAPI credentials cannot be obtained + from host's keytab. + """ + msg = ( + "Failed to obtain host TGT: Major (458752): " + "No credentials were " + "supplied, or the credentials were unavailable or inaccessible, " + "Minor (2529639107): No credentials cache found" ) - assert returncode == 1 - if dirsrv_ipactl_status in result.stdout_text: + + with tasks.FileBackup(self.master, paths.KRB5_KEYTAB): + self.master.run_command(["rm", "-f", paths.KRB5_KEYTAB]) + returncode, data = run_healthcheck( + self.master, + source="ipahealthcheck.ipa.host", + check="IPAHostKeytab", + ) + assert returncode == 1 assert data[0]["result"] == "ERROR" - assert data[0]["kw"]["msg"] in msgs - else: - assert data[0]["result"] == "SUCCESS" + assert data[0]["kw"]["msg"] == msg def test_source_ipahealthcheck_topology_IPATopologyDomainCheck(self): """
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
