URL: https://github.com/freeipa/freeipa/pull/5008 Author: rcritten Title: #5008: EPN: handle empty attributes Action: opened
PR body: """ The admin user doesn't have a givenname and mail is empty by default. Handle those in a general way. Add test for this case. Based on https://github.com/freeipa/freeipa/pull/5006/ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5008/head:pr5008 git checkout pr5008
From 24ba3df7e66a681acf3d4938b5191dd929459bee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Thu, 6 Aug 2020 17:07:36 +0200 Subject: [PATCH 1/4] IPA-EPN: Use a helper to retrieve LDAP attributes from an entry Allow for empty attributes. --- ipaclient/install/ipa_epn.py | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/ipaclient/install/ipa_epn.py b/ipaclient/install/ipa_epn.py index 65f9f3d47f..0d1ae2addf 100644 --- a/ipaclient/install/ipa_epn.py +++ b/ipaclient/install/ipa_epn.py @@ -122,22 +122,30 @@ def __len__(self): """Return len(self).""" return len(self._expiring_password_user_dq) + def get_ldap_attr(self, entry, attr): + """Get a single value from a multi-valued attr in a safe way""" + return str(entry.get(attr, [""]).pop(0)) + def add(self, entry): """Parses and appends an LDAP user entry with the uid, cn, givenname, sn, krbpasswordexpiration and mail attributes. """ try: self._sorted = False + if entry.get("mail") is None: + logger.error("IPA-EPN: No mail address defined for: %s", + entry.dn) + return self._expiring_password_user_dq.append( dict( - uid=str(entry["uid"].pop(0)), - cn=str(entry["cn"].pop(0)), - givenname=str(entry["givenname"].pop(0)), - sn=str(entry["sn"].pop(0)), - krbpasswordexpiration=str( - entry["krbpasswordexpiration"].pop(0) + uid=self.get_ldap_attr(entry, "uid"), + cn=self.get_ldap_attr(entry, "cn"), + givenname=self.get_ldap_attr(entry, "givenname"), + sn=self.get_ldap_attr(entry, "sn"), + krbpasswordexpiration=( + self.get_ldap_attr(entry,"krbpasswordexpiration") ), - mail=str(entry["mail"]), + mail=str(entry.get("mail")), ) ) except IndexError as e: From 9d6bbb0244c2388906ce273bc40bae7bcb7377db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Thu, 6 Aug 2020 17:13:19 +0200 Subject: [PATCH 2/4] IPA-EPN: fix configuration file typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: François Cami <fc...@redhat.com> --- client/share/epn.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/share/epn.conf b/client/share/epn.conf index 0e590dfc3b..e3645801cb 100644 --- a/client/share/epn.conf +++ b/client/share/epn.conf @@ -23,7 +23,7 @@ smtp_port = 25 # Default None (empty value). # smtp_password = -# pecifies the number of seconds to wait for SMTP to respond. +# Specifies the number of seconds to wait for SMTP to respond. smtp_timeout = 60 # Specifies the type of secure connection to make. Options are: none, From 8e157ce02595c115c36983fd90110189d0e0bf07 Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Thu, 6 Aug 2020 18:57:10 -0400 Subject: [PATCH 3/4] IPA-EPN: Test that users without givenname and/or mail are handled The admin user does not have a givenname by default, allow for that. Report errors for users without a default e-mail address. Update the SHA256 hash with the typo fix. --- ipatests/test_integration/test_epn.py | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_epn.py b/ipatests/test_integration/test_epn.py index f4c123c6d8..946e8e602a 100644 --- a/ipatests/test_integration/test_epn.py +++ b/ipatests/test_integration/test_epn.py @@ -231,7 +231,7 @@ def test_EPN_config_file(self): assert epn_conf in cmd1.stdout_text assert epn_template in cmd1.stdout_text cmd2 = self.master.run_command(["sha256sum", epn_conf]) - ck = "4c207b5c9c760c36db0d3b2b93da50ea49edcc4002d6d1e7383601f0ec30b957" + ck = "192481b52fb591112afd7b55b12a44c6618fdbc7e05a3b1866fd67ec579c51df" assert cmd2.stdout_text.find(ck) == 0 def test_EPN_smoketest_1(self): @@ -487,3 +487,23 @@ def test_EPN_delay_config(self, cleanupmail): self.master.put_file_contents('/etc/ipa/epn.conf', epn_conf) result = tasks.ipa_epn(self.master, raiseonerr=False) assert "smtp_delay cannot be less than zero" in result.stderr_text + + def test_EPN_admin(self): + """The admin user is special and has no givenName by default + It also doesn't by default have an e-mail address + Check --dry-run output. + """ + epn_conf = textwrap.dedent(''' + [global] + ''') + self.master.put_file_contents('/etc/ipa/epn.conf', epn_conf) + self.master.run_command( + ['ipa', 'user-mod', 'admin', '--password-expiration', + datetime_to_generalized_time( + datetime.datetime.utcnow() + datetime.timedelta(days=7) + )] + ) + (unused, stderr_text) = self._check_epn_output( + self.master, dry_run=True + ) + assert "uid=admin" in stderr_text From 2584b43be7ae74b45c6445d325c5be57d5046bbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Thu, 6 Aug 2020 17:09:23 +0200 Subject: [PATCH 4/4] temp commit --- .freeipa-pr-ci.yaml | 2 +- ipatests/prci_definitions/temp_commit.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b63..8065669008 120000 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index e337068145..8a857acaaf 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -61,14 +61,14 @@ jobs: timeout: 1800 topology: *build - fedora-latest/temp_commit: + fedora-latest/test_epn: requires: [fedora-latest/build] priority: 50 job: class: RunPytest args: build_url: '{fedora-latest/build_url}' - test_suite: test_integration/test_REPLACEME.py + test_suite: test_integration/test_epn.py template: *ci-master-latest - timeout: 3600 - topology: *master_1repl_1client + timeout: 7200 + topology: *master_3client
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org