URL: https://github.com/freeipa/freeipa/pull/5347
Author: menonsudhir
Title: #5347: [Backport] [ipa-4-8] ipatests: Test for IPATrustDomainsCheck
with external trust to AD
Action: opened
PR body:
"""
This testcase checks that when external trust is configured
between IPA and AD subdomain, IPATrustDomainsCheck
doesnot display ERROR
Signed-off-by: Sudhir Menon <sume...@redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5347/head:pr5347
git checkout pr5347
From 8674ebfe8022a6d82b3bc98748ef3d9e3603472e Mon Sep 17 00:00:00 2001
From: Sudhir Menon <sume...@redhat.com>
Date: Thu, 5 Nov 2020 22:51:10 +0530
Subject: [PATCH] ipatests: Test for IPATrustDomainsCheck with external trust
to AD
This testcase checks that when external trust is configured
between IPA and AD subdomain, IPATrustDomainsCheck
doesnot display ERROR
Signed-off-by: Sudhir Menon <sume...@redhat.com>
---
.../test_integration/test_ipahealthcheck.py | 48 ++++++++++++++++---
1 file changed, 42 insertions(+), 6 deletions(-)
diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py
index af0f22ab4b9..7b40089bb32 100644
--- a/ipatests/test_integration/test_ipahealthcheck.py
+++ b/ipatests/test_integration/test_ipahealthcheck.py
@@ -1326,15 +1326,22 @@ def test_ipa_certs_check_ipacertnsstrust(self):
class TestIpaHealthCheckWithADtrust(IntegrationTest):
"""
Test for ipa-healthcheck tool with IPA Master with trust setup
- with AD system
+ with Windows AD.
"""
topology = "line"
num_ad_domains = 1
+ num_ad_treedomains = 1
+ num_ad_subdomains = 1
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
cls.ad = cls.ads[0]
+ cls.child_ad = cls.ad_subdomains[0]
+ cls.tree_ad = cls.ad_treedomains[0]
+ cls.ad_domain = cls.ad.domain.name
+ cls.ad_subdomain = cls.child_ad.domain.name
+ cls.ad_treedomain = cls.tree_ad.domain.name
tasks.install_adtrust(cls.master)
tasks.configure_dns_for_trust(cls.master, cls.ad)
tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name)
@@ -1350,16 +1357,17 @@ def test_ipahealthcheck_trust_domainscheck(self):
self.master, "ipahealthcheck.ipa.trust", "IPATrustDomainsCheck"
)
assert returncode == 0
+ trust_domains = ', '.join((self.ad_domain, self.ad_subdomain,))
for check in data:
if check["kw"]["key"] == "domain-list":
assert check["result"] == "SUCCESS"
assert (
- check["kw"]["sssd_domains"] == self.ad.domain.name
- and check["kw"]["trust_domains"] == self.ad.domain.name
+ check["kw"]["sssd_domains"] == trust_domains
+ and check["kw"]["trust_domains"] == trust_domains
)
elif check["kw"]["key"] == "domain-status":
assert check["result"] == "SUCCESS"
- assert check["kw"]["domain"] == self.ad.domain.name
+ assert check["kw"]["domain"] in trust_domains
def test_ipahealthcheck_trust_catalogcheck(self):
"""
@@ -1371,13 +1379,14 @@ def test_ipahealthcheck_trust_catalogcheck(self):
self.master, "ipahealthcheck.ipa.trust", "IPATrustCatalogCheck"
)
assert returncode == 0
+ trust_domains = ', '.join((self.ad_domain, self.ad_subdomain,))
for check in data:
if check["kw"]["key"] == "AD Global Catalog":
assert check["result"] == "SUCCESS"
- assert check["kw"]["domain"] == self.ad.domain.name
+ assert check["kw"]["domain"] in trust_domains
elif check["kw"]["key"] == "AD Domain Controller":
assert check["result"] == "SUCCESS"
- assert check["kw"]["domain"] == self.ad.domain.name
+ assert check["kw"]["domain"] in trust_domains
def test_ipahealthcheck_trustcontoller_conf_check(self):
"""
@@ -1443,6 +1452,33 @@ def test_ipahealthcheck_trust_agent_member_check(self):
assert check["result"] == "SUCCESS"
assert check["kw"]["key"] == self.master.hostname
+ def test_ipahealthcheck_with_external_ad_trust(self):
+ """
+ This testcase checks that when external trust is configured
+ between IPA and AD tree domain, IPATrustDomainsCheck
+ doesnot display ERROR
+ """
+ tasks.configure_dns_for_trust(self.master, self.tree_ad)
+ tasks.establish_trust_with_ad(
+ self.master, self.ad_treedomain,
+ extra_args=['--range-type', 'ipa-ad-trust', '--external=True'])
+ trust_domains = ', '.join((self.ad_domain, self.ad_subdomain,
+ self.ad_treedomain,))
+ returncode, data = run_healthcheck(
+ self.master,
+ "ipahealthcheck.ipa.trust",
+ "IPATrustDomainsCheck",
+ )
+ assert returncode == 0
+ for check in data:
+ assert check["kw"]["key"] in ('domain-list', 'domain-status',)
+ assert check["result"] == "SUCCESS"
+ assert check["kw"].get("msg") is None
+ if check["kw"]["key"] == 'domain-list':
+ assert check["kw"]["sssd_domains"] == trust_domains
+ assert check["kw"]["trust_domains"] == trust_domains
+ else:
+ assert check["kw"]["domain"] in trust_domains
@pytest.fixture
def modify_permissions():
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
