On 07/01/2016 11:13 AM, Lenka Doudova wrote:
And, of course, a patch file :)

On 07/01/2016 11:09 AM, Lenka Doudova wrote:
Hi all,

here's patch with basic test suite for support of UPN.

Note: it needs to be applied on top of my patch 0025.2 (or later, if
there's will be more fixes to that patch).


Hi Lenka,

test data such as usernames, etc. should be stored either in separate resource files or at least as class attributes like this:

diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
index e8fdc6b..86ba7cc 100644
--- a/ipatests/test_integration/test_trust.py
+++ b/ipatests/test_integration/test_trust.py
@@ -394,28 +394,33 @@ class TestTrustWithUPN(ADTrustBase):
     Test support of UPN for trusted domains
+    upn_suffix = 'UPNsuffix.com'
+    upn_username = 'upnuser'
+    upn_princ = '{}@{}'.format(upn_username, upn_suffix)
+    upn_password = 'Secret123456'
     def test_upn_in_nonposix_trust(self):
         """ Check that UPN is listed as trust attribute """
result = self.master.run_command(['ipa', 'trust-show', self.ad_domain,
                                           '--all', '--raw'])

- assert "ipantadditionalsuffixes: UPNsuffix.com" in result.stdout_text
+        assert ("ipantadditionalsuffixes: {}".format(self.upn_suffix) in
+                result.stdout_text)

     def test_upn_user_resolution_in_nonposix_trust(self):
         """ Check that user with UPN can be resolved """
-        upnuser = 'upnu...@upnsuffix.com'
-        result = self.master.run_command(['getent', 'passwd', upnuser])
+ result = self.master.run_command(['getent', 'passwd', self.upn_princ])

         # result will contain AD domain, not UPN
-        upnuser_regex = "^upnuser@{0}:\*:(\d+):(\d+):UPN User:/:$".format(
-            self.ad_domain)
+        upnuser_regex = "^{}@{}:\*:(\d+):(\d+):UPN User:/:$".format(
+            self.upn_username, self.ad_domain)
         assert re.search(upnuser_regex, result.stdout_text)

     def test_upn_user_authentication(self):
         """ Check that AD user with UPN can authenticate in IPA """
         self.master.run_command(['systemctl', 'restart', 'krb5kdc'])
- self.master.run_command(['kinit', '-C', '-E', 'upnu...@upnsuffix.com'],
-                                stdin_text='Secret123456')
+        self.master.run_command(['kinit', '-C', '-E', self.upn_princ],
+                                stdin_text=self.upn_password)

otherwise LGTM.

Martin^3 Babinsky

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to