URL: https://github.com/freeipa/freeipa/pull/5395
Author: flo-renaud
Title: #5395: [Backport][ipa-4-9] ipatests: Test for
IPATrustControllerPrincipalCheck
Action: opened
PR body:
"""
This PR was opened automatically because PR #5253 was pushed to master and
backport to ipa-4-9 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5395/head:pr5395
git checkout pr5395
From e8c6b7a985fd92bc587a1ce55da3260ecd98895a Mon Sep 17 00:00:00 2001
From: Sudhir Menon <sume...@redhat.com>
Date: Thu, 12 Nov 2020 00:00:07 +0530
Subject: [PATCH] ipatests: Test for IPATrustControllerPrincipalCheck
This testcase checks when trust between IPA-AD is established
successfully, IPATrustControllerPrincipalCheck displays
result as SUCCESS
Signed-off-by: Sudhir Menon <sume...@redhat.com>
---
.../test_integration/test_ipahealthcheck.py | 66 +++++++++++++++++++
1 file changed, 66 insertions(+)
diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py
index 5242fe8751e..f6cc1e4e7e6 100644
--- a/ipatests/test_integration/test_ipahealthcheck.py
+++ b/ipatests/test_integration/test_ipahealthcheck.py
@@ -1408,6 +1408,72 @@ def test_ipahealthcheck_trustcontoller_conf_check(self):
assert check["result"] == "SUCCESS"
assert check["kw"]["key"] == "net conf list"
+ @pytest.fixture
+ def modify_cifs_princ(self):
+ """
+ This fixture removes the cifs principal from the
+ cn=adtrust agents and adds it back
+ """
+ ldap = self.master.ldap_connect()
+ basedn = self.master.domain.basedn
+ dn = DN(
+ ("cn", "adtrust agents"),
+ ("cn", "sysaccounts"),
+ ("cn", "etc"),
+ basedn,
+ )
+ entry = ldap.get_entry(dn) # pylint: disable=no-member
+ krbprinc = entry['member']
+ entry['member'] = ''
+ ldap.update_entry(entry) # pylint: disable=no-member
+
+ yield
+
+ # Add the entry back
+ entry['member'] = krbprinc
+ ldap.update_entry(entry) # pylint: disable=no-member
+
+ def test_trustcontroller_principalcheck(self, modify_cifs_princ):
+ """
+ This testcase checks when trust between IPA-AD is established
+ without any errors, IPATrustControllerPrincipalCheck displays
+ result as ERROR and when cifs principal is removed
+ """
+ error_msg = "{key} is not a member of {group}"
+ keyname = "cifs/{}@{}".format(
+ self.master.hostname, self.master.domain.realm
+ )
+ returncode, data = run_healthcheck(
+ self.master,
+ "ipahealthcheck.ipa.trust",
+ "IPATrustControllerPrincipalCheck",
+ )
+ assert returncode == 1
+ for check in data:
+ assert check["result"] == "ERROR"
+ assert check["kw"]["key"] == keyname
+ assert check["kw"]["group"] == "adtrust agents"
+ assert check["kw"]["msg"] == error_msg
+
+ def test_principalcheck_with_cifs_entry(self):
+ """
+ This testcase checks IPATrustControllerPrincipalCheck
+ displays result as SUCCESS when cifs principal is present
+ in cn=adtrust agents group
+ """
+ keyname = "cifs/{}@{}".format(
+ self.master.hostname, self.master.domain.realm
+ )
+ returncode, data = run_healthcheck(
+ self.master,
+ "ipahealthcheck.ipa.trust",
+ "IPATrustControllerPrincipalCheck",
+ )
+ assert returncode == 0
+ for check in data:
+ assert check["result"] == "SUCCESS"
+ assert check["kw"]["key"] == keyname
+
def test_ipahealthcheck_sidgenpluginCheck(self):
"""
This testcase checks when trust between IPA-AD is established,
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
