URL: https://github.com/freeipa/freeipa/pull/5346 Author: menonsudhir Title: #5346: ipatests: Test for IPATrustDomainsCheck with external trust to AD Action: opened
PR body: """ This testcase checks that when external trust is configured between IPA and AD subdomain, IPATrustDomainsCheck doesnot display ERROR Signed-off-by: Sudhir Menon <sume...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5346/head:pr5346 git checkout pr5346
From c5489ab8493340f21cbd047ffef361227476b3ee Mon Sep 17 00:00:00 2001 From: Sudhir Menon <sume...@redhat.com> Date: Thu, 5 Nov 2020 22:51:10 +0530 Subject: [PATCH] ipatests: Test for IPATrustDomainsCheck with external trust to AD This testcase checks that when external trust is configured between IPA and AD subdomain, IPATrustDomainsCheck doesnot display ERROR Signed-off-by: Sudhir Menon <sume...@redhat.com> --- .../test_integration/test_ipahealthcheck.py | 48 ++++++++++++++++--- 1 file changed, 42 insertions(+), 6 deletions(-) diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py index af0f22ab4b9..7b40089bb32 100644 --- a/ipatests/test_integration/test_ipahealthcheck.py +++ b/ipatests/test_integration/test_ipahealthcheck.py @@ -1326,15 +1326,22 @@ def test_ipa_certs_check_ipacertnsstrust(self): class TestIpaHealthCheckWithADtrust(IntegrationTest): """ Test for ipa-healthcheck tool with IPA Master with trust setup - with AD system + with Windows AD. """ topology = "line" num_ad_domains = 1 + num_ad_treedomains = 1 + num_ad_subdomains = 1 @classmethod def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) cls.ad = cls.ads[0] + cls.child_ad = cls.ad_subdomains[0] + cls.tree_ad = cls.ad_treedomains[0] + cls.ad_domain = cls.ad.domain.name + cls.ad_subdomain = cls.child_ad.domain.name + cls.ad_treedomain = cls.tree_ad.domain.name tasks.install_adtrust(cls.master) tasks.configure_dns_for_trust(cls.master, cls.ad) tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name) @@ -1350,16 +1357,17 @@ def test_ipahealthcheck_trust_domainscheck(self): self.master, "ipahealthcheck.ipa.trust", "IPATrustDomainsCheck" ) assert returncode == 0 + trust_domains = ', '.join((self.ad_domain, self.ad_subdomain,)) for check in data: if check["kw"]["key"] == "domain-list": assert check["result"] == "SUCCESS" assert ( - check["kw"]["sssd_domains"] == self.ad.domain.name - and check["kw"]["trust_domains"] == self.ad.domain.name + check["kw"]["sssd_domains"] == trust_domains + and check["kw"]["trust_domains"] == trust_domains ) elif check["kw"]["key"] == "domain-status": assert check["result"] == "SUCCESS" - assert check["kw"]["domain"] == self.ad.domain.name + assert check["kw"]["domain"] in trust_domains def test_ipahealthcheck_trust_catalogcheck(self): """ @@ -1371,13 +1379,14 @@ def test_ipahealthcheck_trust_catalogcheck(self): self.master, "ipahealthcheck.ipa.trust", "IPATrustCatalogCheck" ) assert returncode == 0 + trust_domains = ', '.join((self.ad_domain, self.ad_subdomain,)) for check in data: if check["kw"]["key"] == "AD Global Catalog": assert check["result"] == "SUCCESS" - assert check["kw"]["domain"] == self.ad.domain.name + assert check["kw"]["domain"] in trust_domains elif check["kw"]["key"] == "AD Domain Controller": assert check["result"] == "SUCCESS" - assert check["kw"]["domain"] == self.ad.domain.name + assert check["kw"]["domain"] in trust_domains def test_ipahealthcheck_trustcontoller_conf_check(self): """ @@ -1443,6 +1452,33 @@ def test_ipahealthcheck_trust_agent_member_check(self): assert check["result"] == "SUCCESS" assert check["kw"]["key"] == self.master.hostname + def test_ipahealthcheck_with_external_ad_trust(self): + """ + This testcase checks that when external trust is configured + between IPA and AD tree domain, IPATrustDomainsCheck + doesnot display ERROR + """ + tasks.configure_dns_for_trust(self.master, self.tree_ad) + tasks.establish_trust_with_ad( + self.master, self.ad_treedomain, + extra_args=['--range-type', 'ipa-ad-trust', '--external=True']) + trust_domains = ', '.join((self.ad_domain, self.ad_subdomain, + self.ad_treedomain,)) + returncode, data = run_healthcheck( + self.master, + "ipahealthcheck.ipa.trust", + "IPATrustDomainsCheck", + ) + assert returncode == 0 + for check in data: + assert check["kw"]["key"] in ('domain-list', 'domain-status',) + assert check["result"] == "SUCCESS" + assert check["kw"].get("msg") is None + if check["kw"]["key"] == 'domain-list': + assert check["kw"]["sssd_domains"] == trust_domains + assert check["kw"]["trust_domains"] == trust_domains + else: + assert check["kw"]["domain"] in trust_domains @pytest.fixture def modify_permissions():
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org