URL: https://github.com/freeipa/freeipa/pull/5395 Author: flo-renaud Title: #5395: [Backport][ipa-4-9] ipatests: Test for IPATrustControllerPrincipalCheck Action: opened
PR body: """ This PR was opened automatically because PR #5253 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5395/head:pr5395 git checkout pr5395
From e8c6b7a985fd92bc587a1ce55da3260ecd98895a Mon Sep 17 00:00:00 2001 From: Sudhir Menon <sume...@redhat.com> Date: Thu, 12 Nov 2020 00:00:07 +0530 Subject: [PATCH] ipatests: Test for IPATrustControllerPrincipalCheck This testcase checks when trust between IPA-AD is established successfully, IPATrustControllerPrincipalCheck displays result as SUCCESS Signed-off-by: Sudhir Menon <sume...@redhat.com> --- .../test_integration/test_ipahealthcheck.py | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py index 5242fe8751e..f6cc1e4e7e6 100644 --- a/ipatests/test_integration/test_ipahealthcheck.py +++ b/ipatests/test_integration/test_ipahealthcheck.py @@ -1408,6 +1408,72 @@ def test_ipahealthcheck_trustcontoller_conf_check(self): assert check["result"] == "SUCCESS" assert check["kw"]["key"] == "net conf list" + @pytest.fixture + def modify_cifs_princ(self): + """ + This fixture removes the cifs principal from the + cn=adtrust agents and adds it back + """ + ldap = self.master.ldap_connect() + basedn = self.master.domain.basedn + dn = DN( + ("cn", "adtrust agents"), + ("cn", "sysaccounts"), + ("cn", "etc"), + basedn, + ) + entry = ldap.get_entry(dn) # pylint: disable=no-member + krbprinc = entry['member'] + entry['member'] = '' + ldap.update_entry(entry) # pylint: disable=no-member + + yield + + # Add the entry back + entry['member'] = krbprinc + ldap.update_entry(entry) # pylint: disable=no-member + + def test_trustcontroller_principalcheck(self, modify_cifs_princ): + """ + This testcase checks when trust between IPA-AD is established + without any errors, IPATrustControllerPrincipalCheck displays + result as ERROR and when cifs principal is removed + """ + error_msg = "{key} is not a member of {group}" + keyname = "cifs/{}@{}".format( + self.master.hostname, self.master.domain.realm + ) + returncode, data = run_healthcheck( + self.master, + "ipahealthcheck.ipa.trust", + "IPATrustControllerPrincipalCheck", + ) + assert returncode == 1 + for check in data: + assert check["result"] == "ERROR" + assert check["kw"]["key"] == keyname + assert check["kw"]["group"] == "adtrust agents" + assert check["kw"]["msg"] == error_msg + + def test_principalcheck_with_cifs_entry(self): + """ + This testcase checks IPATrustControllerPrincipalCheck + displays result as SUCCESS when cifs principal is present + in cn=adtrust agents group + """ + keyname = "cifs/{}@{}".format( + self.master.hostname, self.master.domain.realm + ) + returncode, data = run_healthcheck( + self.master, + "ipahealthcheck.ipa.trust", + "IPATrustControllerPrincipalCheck", + ) + assert returncode == 0 + for check in data: + assert check["result"] == "SUCCESS" + assert check["kw"]["key"] == keyname + def test_ipahealthcheck_sidgenpluginCheck(self): """ This testcase checks when trust between IPA-AD is established,
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org