Patches attached. https://fedorahosted.org/freeipa/ticket/5733
-- Milan Kubik
From 985814ef076a828ac59aeafd0598d87983edc809 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com> Date: Fri, 1 Apr 2016 11:11:54 +0200 Subject: [PATCH] ipatests: Add test case for requesting a certificate with full principal. Also fixes an issue in change_principal context manager that caused a resource leak on test case failure. https://fedorahosted.org/freeipa/ticket/5733 --- .../test_xmlrpc/test_caacl_profile_enforcement.py | 8 ++++++++ ipatests/util.py | 19 ++++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py index dca4151d614a4c2e2f5a09455426d117da4c1c80..a0b8d614cf6dd42b18eb03100a318e4a3fbfb4e0 100644 --- a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py +++ b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py @@ -130,6 +130,14 @@ class TestCertSignMIME(XMLRPC_test): api.Command.cert_request(csr, principal=smime_user, profile_id=smime_profile.name) + @pytest.mark.xfail(strict=True, reason='freeipa ticket 5733') + def test_sign_smime_csr_full_principal(self, smime_profile, smime_user): + csr = generate_user_csr(smime_user) + smime_user_principal = '@'.join((smime_user, api.env.realm)) + with change_principal(smime_user, SMIME_USER_PW): + api.Command.cert_request(csr, principal=smime_user_principal, + profile_id=smime_profile.name) + @pytest.mark.tier1 class TestSignWithDisabledACL(XMLRPC_test): diff --git a/ipatests/util.py b/ipatests/util.py index 6aefe74d34fd7b1bd063c4b17c98af4840d6f042..118c47a12e0d97907cb559d716989a9ca6c5f304 100644 --- a/ipatests/util.py +++ b/ipatests/util.py @@ -696,17 +696,18 @@ def change_principal(user, password, client=None, path=None): client.Backend.rpcclient.disconnect() - with private_ccache(ccache_name): - kinit_password(user, password, ccache_name) + try: + with private_ccache(ccache_name): + kinit_password(user, password, ccache_name) + client.Backend.rpcclient.connect() + + try: + yield + finally: + client.Backend.rpcclient.disconnect() + finally: client.Backend.rpcclient.connect() - try: - yield - finally: - client.Backend.rpcclient.disconnect() - - client.Backend.rpcclient.connect() - def get_group_dn(cn): return DN(('cn', cn), api.env.container_group, api.env.basedn) -- 2.8.0
From f3cb98f26551d342968281fb01d288e10cda85de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com> Date: Fri, 1 Apr 2016 11:11:54 +0200 Subject: [PATCH] ipatests: Add test case for requesting a certificate with full principal. Also fixes an issue in change_principal context manager that caused a resource leak on test case failure. https://fedorahosted.org/freeipa/ticket/5733 --- .../test_xmlrpc/test_caacl_profile_enforcement.py | 8 ++++++++ ipatests/util.py | 19 ++++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py index 78262ae8c17716633ac33fcc8114f6b549066a42..98165c4919e719e72fd7a4aec977f12dacd79249 100644 --- a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py +++ b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py @@ -125,6 +125,14 @@ class TestCertSignMIME(XMLRPC_test): api.Command.cert_request(csr, principal=smime_user, profile_id=smime_profile.name) + @pytest.mark.xfail(strict=True, reason='freeipa ticket 5733') + def test_sign_smime_csr_full_principal(self, smime_profile, smime_user): + csr = generate_user_csr(smime_user) + smime_user_principal = '@'.join((smime_user, api.env.realm)) + with change_principal(smime_user, SMIME_USER_PW): + api.Command.cert_request(csr, principal=smime_user_principal, + profile_id=smime_profile.name) + @pytest.mark.tier1 class TestSignWithDisabledACL(XMLRPC_test): diff --git a/ipatests/util.py b/ipatests/util.py index 4d99ff6e0a505cd3f75053f97caca9edbc802bcf..a3c4889c6fd0026bf5caa655170f785f571e09f5 100644 --- a/ipatests/util.py +++ b/ipatests/util.py @@ -687,13 +687,14 @@ def change_principal(user, password, client=None, path=None): client.Backend.rpcclient.disconnect() - with private_ccache(ccache_name): - kinit_password(user, password, ccache_name) + try: + with private_ccache(ccache_name): + kinit_password(user, password, ccache_name) + client.Backend.rpcclient.connect() + + try: + yield + finally: + client.Backend.rpcclient.disconnect() + except: client.Backend.rpcclient.connect() - - try: - yield - finally: - client.Backend.rpcclient.disconnect() - - client.Backend.rpcclient.connect() -- 2.8.0
From 985814ef076a828ac59aeafd0598d87983edc809 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com> Date: Fri, 1 Apr 2016 11:11:54 +0200 Subject: [PATCH] ipatests: Add test case for requesting a certificate with full principal. Also fixes an issue in change_principal context manager that caused a resource leak on test case failure. https://fedorahosted.org/freeipa/ticket/5733 --- .../test_xmlrpc/test_caacl_profile_enforcement.py | 8 ++++++++ ipatests/util.py | 19 ++++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py index dca4151d614a4c2e2f5a09455426d117da4c1c80..a0b8d614cf6dd42b18eb03100a318e4a3fbfb4e0 100644 --- a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py +++ b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py @@ -130,6 +130,14 @@ class TestCertSignMIME(XMLRPC_test): api.Command.cert_request(csr, principal=smime_user, profile_id=smime_profile.name) + @pytest.mark.xfail(strict=True, reason='freeipa ticket 5733') + def test_sign_smime_csr_full_principal(self, smime_profile, smime_user): + csr = generate_user_csr(smime_user) + smime_user_principal = '@'.join((smime_user, api.env.realm)) + with change_principal(smime_user, SMIME_USER_PW): + api.Command.cert_request(csr, principal=smime_user_principal, + profile_id=smime_profile.name) + @pytest.mark.tier1 class TestSignWithDisabledACL(XMLRPC_test): diff --git a/ipatests/util.py b/ipatests/util.py index 6aefe74d34fd7b1bd063c4b17c98af4840d6f042..118c47a12e0d97907cb559d716989a9ca6c5f304 100644 --- a/ipatests/util.py +++ b/ipatests/util.py @@ -696,17 +696,18 @@ def change_principal(user, password, client=None, path=None): client.Backend.rpcclient.disconnect() - with private_ccache(ccache_name): - kinit_password(user, password, ccache_name) + try: + with private_ccache(ccache_name): + kinit_password(user, password, ccache_name) + client.Backend.rpcclient.connect() + + try: + yield + finally: + client.Backend.rpcclient.disconnect() + finally: client.Backend.rpcclient.connect() - try: - yield - finally: - client.Backend.rpcclient.disconnect() - - client.Backend.rpcclient.connect() - def get_group_dn(cn): return DN(('cn', cn), api.env.container_group, api.env.basedn) -- 2.8.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code