2 out of 7 tests currently fail due to a known issue [1], others pass.

[1] https://fedorahosted.org/freeipa/ticket/6029


--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From b19ef400462c722976aea5d2eb853315af1e1099 Mon Sep 17 00:00:00 2001
From: Oleg Fayans <ofay...@redhat.com>
Date: Mon, 4 Jul 2016 22:47:05 +0200
Subject: [PATCH] Updated forced_client_reenrollment test

With current current implementation the clietn host record stays in master's
ldap after client uninstallation in a common way so there is no need to dance
around with turning iptables on and off.
Also, in some environments neither A nor SSHFP records don't get created for
the client, it is more robust to check for host sshfp using host-find command
---
 .../test_forced_client_reenrollment.py             | 94 ++++++----------------
 1 file changed, 26 insertions(+), 68 deletions(-)

diff --git a/ipatests/test_integration/test_forced_client_reenrollment.py b/ipatests/test_integration/test_forced_client_reenrollment.py
index d430a98e74450f44eac286ac0ad35a5aee7cc602..d0ad51bb1b5ff8854e17eb5a3060ce957ff65fbf 100644
--- a/ipatests/test_integration/test_forced_client_reenrollment.py
+++ b/ipatests/test_integration/test_forced_client_reenrollment.py
@@ -17,6 +17,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
+import re
 import subprocess
 from ipaplatform.paths import paths
 import pytest
@@ -50,8 +51,8 @@ class TestForcedClientReenrollment(IntegrationTest):
         Client re-enrollment using admin credentials (--force-join)
         """
         sshfp_record_pre = self.get_sshfp_record()
-        self.restore_client()
-        self.check_client_host_entry()
+        self.uninstall_client()
+        self.check_client_host_entry(enabled=False)
         self.reenroll_client(force_join=True)
         sshfp_record_post = self.get_sshfp_record()
         assert sshfp_record_pre == sshfp_record_post
@@ -62,8 +63,8 @@ class TestForcedClientReenrollment(IntegrationTest):
         """
         self.backup_keytab()
         sshfp_record_pre = self.get_sshfp_record()
-        self.restore_client()
-        self.check_client_host_entry()
+        self.uninstall_client()
+        self.check_client_host_entry(enabled=False)
         self.restore_keytab()
         self.reenroll_client(keytab=self.BACKUP_KEYTAB)
         sshfp_record_post = self.get_sshfp_record()
@@ -75,8 +76,8 @@ class TestForcedClientReenrollment(IntegrationTest):
         """
         self.backup_keytab()
         sshfp_record_pre = self.get_sshfp_record()
-        self.restore_client()
-        self.check_client_host_entry()
+        self.uninstall_client()
+        self.check_client_host_entry(enabled=False)
         self.restore_keytab()
         self.reenroll_client(force_join=True, keytab=self.BACKUP_KEYTAB)
         sshfp_record_post = self.get_sshfp_record()
@@ -88,8 +89,8 @@ class TestForcedClientReenrollment(IntegrationTest):
         """
         self.backup_keytab()
         sshfp_record_pre = self.get_sshfp_record()
-        self.restore_client()
-        self.check_client_host_entry()
+        self.uninstall_client()
+        self.check_client_host_entry(enabled=False)
         self.restore_keytab()
         self.reenroll_client(keytab=self.BACKUP_KEYTAB, to_replica=True)
         sshfp_record_post = self.get_sshfp_record()
@@ -101,7 +102,7 @@ class TestForcedClientReenrollment(IntegrationTest):
         """
         self.backup_keytab()
         self.disable_client_host_entry()
-        self.restore_client()
+        self.uninstall_client()
         self.check_client_host_entry(enabled=False)
         self.restore_keytab()
         self.reenroll_client(keytab=self.BACKUP_KEYTAB, expect_fail=True)
@@ -112,7 +113,6 @@ class TestForcedClientReenrollment(IntegrationTest):
         """
         self.backup_keytab()
         self.uninstall_client()
-        self.restore_client()
         self.check_client_host_entry(enabled=False)
         self.restore_keytab()
         self.reenroll_client(keytab=self.BACKUP_KEYTAB, expect_fail=True)
@@ -123,7 +123,7 @@ class TestForcedClientReenrollment(IntegrationTest):
         """
         self.backup_keytab()
         self.delete_client_host_entry()
-        self.restore_client()
+        self.uninstall_client()
         self.check_client_host_entry(not_found=True)
         self.restore_keytab()
         self.reenroll_client(keytab=self.BACKUP_KEYTAB, expect_fail=True)
@@ -136,45 +136,16 @@ class TestForcedClientReenrollment(IntegrationTest):
             self.clients[0].config.test_dir,
             'empty.keytab'
         )
-        self.restore_client()
-        self.check_client_host_entry()
+        self.uninstall_client()
+        self.check_client_host_entry(enabled=False)
         self.clients[0].run_command(['touch', EMPTY_KEYTAB])
         self.reenroll_client(keytab=EMPTY_KEYTAB, expect_fail=True)
 
-    def uninstall_client(self):
-        self.clients[0].run_command(
-            ['ipa-client-install', '--uninstall', '-U'],
-            set_env=False,
-            raiseonerr=False
-        )
-
-    def restore_client(self):
-        client = self.clients[0]
-
-        client.run_command([
-            'iptables',
-            '-A', 'INPUT',
-            '-j', 'ACCEPT',
-            '-p', 'tcp',
-            '--dport', '22'
-        ])
-        client.run_command([
-            'iptables',
-            '-A', 'INPUT',
-            '-j', 'REJECT',
-            '-p', 'all',
-            '--source', self.master.ip
-        ])
-        self.uninstall_client()
-        client.run_command(['iptables', '-F'])
-
     def reenroll_client(self, keytab=None, to_replica=False, force_join=False,
                         expect_fail=False):
         server = self.replicas[0] if to_replica else self.master
         client = self.clients[0]
 
-        self.fix_resolv_conf(client, server)
-
         args = [
             'ipa-client-install', '-U',
             '--server', server.hostname,
@@ -238,24 +209,17 @@ class TestForcedClientReenrollment(IntegrationTest):
                 raise
 
     def get_sshfp_record(self):
-        sshfp_record = ''
-        client_host = self.clients[0].hostname.split('.')[0]
-
         result = self.master.run_command(
-            ['ipa', 'dnsrecord-show', self.master.domain.name, client_host]
+            ['ipa', 'host-find']
         )
-
-        lines = result.stdout_text.splitlines()
-        for line in lines:
-            if 'SSHFP record:' in line:
-                sshfp_record = line.replace('SSHFP record:', '').strip()
-
-        assert sshfp_record, 'SSHFP record not found'
-
-        sshfp_record = set(sshfp_record.split(', '))
-        self.log.debug("SSHFP record for host %s: %s", client_host, str(sshfp_record))
-
-        return sshfp_record
+        records = result.stdout_text.split('\n\n')
+        sshkey_re = re.compile('.+SSH public key: ssh-\w+ (\S+?),.+')
+        for hostrecord in records:
+            if self.clients[0].hostname in hostrecord:
+                sshfps = sshkey_re.findall(hostrecord)
+                assert sshfps, 'SSHFP record not found'
+                sshfp = sshfps[0]
+        return sshfp
 
     def backup_keytab(self):
         contents = self.clients[0].get_file_contents(CLIENT_KEYTAB)
@@ -265,16 +229,10 @@ class TestForcedClientReenrollment(IntegrationTest):
         contents = self.master.get_file_contents(self.BACKUP_KEYTAB)
         self.clients[0].put_file_contents(self.BACKUP_KEYTAB, contents)
 
-    def fix_resolv_conf(self, client, server):
-        """
-        Put server's ip address at the top of resolv.conf
-        """
-        contents = client.get_file_contents(paths.RESOLV_CONF)
-        nameserver = 'nameserver %s\n' % server.ip
-
-        if not contents.startswith(nameserver):
-            contents = nameserver + contents.replace(nameserver, '')
-            client.put_file_contents(paths.RESOLV_CONF, contents)
+    def uninstall_client(self):
+        self.clients[0].run_command(['ipa-client-install',
+                                     '--uninstall', '-U'],
+                                    raiseonerr=False)
 
 
 @pytest.fixture()
-- 
1.8.3.1

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to