URL: https://github.com/freeipa/freeipa/pull/5563 Author: wladich Title: #5563: ipatests: skip tests for AD trust with shared secret in FIPS mode Action: opened
PR body: """ Related to https://pagure.io/freeipa/issue/8715 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5563/head:pr5563 git checkout pr5563
From 8193e255cd99225634a6267b483d29f25958f7f2 Mon Sep 17 00:00:00 2001 From: Sergey Orlov <sor...@redhat.com> Date: Tue, 16 Feb 2021 12:32:55 +0100 Subject: [PATCH 1/2] ipatests: skip tests for AD trust with shared secret in FIPS mode Related to https://pagure.io/freeipa/issue/8715 --- ipatests/test_integration/test_trust.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py index 3e522617d46..c8a348212fd 100644 --- a/ipatests/test_integration/test_trust.py +++ b/ipatests/test_integration/test_trust.py @@ -5,6 +5,7 @@ import re import textwrap import time +import functools import pytest @@ -13,6 +14,7 @@ from ipatests.test_integration.base import IntegrationTest from ipatests.pytest_ipa.integration import tasks +from ipatests.pytest_ipa.integration import fips from ipapython.dn import DN from collections import namedtuple from contextlib import contextmanager @@ -20,6 +22,18 @@ TestDataRule = namedtuple('TestDataRule', ['name', 'ruletype', 'user', 'subject']) + +def skip_in_fips_mode_due_to_issue_8715(test_method): + @functools.wraps(test_method) + def wrapper(instance): + if fips.is_fips_enabled(instance.master): + pytest.skip('Skipping in FIPS mode due to ' + 'https://pagure.io/freeipa/issue/8715') + else: + test_method(instance) + return wrapper + + class BaseTestTrust(IntegrationTest): num_clients = 1 topology = 'line' @@ -751,6 +765,7 @@ def test_remove_external_rootdomain_trust(self): # Test for one-way forest trust with shared secret + @skip_in_fips_mode_due_to_issue_8715 def test_establish_forest_trust_with_shared_secret(self): tasks.configure_dns_for_trust(self.master, self.ad) tasks.configure_windows_dns_for_trust(self.ad, self.master) @@ -775,6 +790,7 @@ def test_establish_forest_trust_with_shared_secret(self): tasks.establish_trust_with_ad( self.master, self.ad_domain, shared_secret=self.shared_secret) + @skip_in_fips_mode_due_to_issue_8715 def test_trustdomains_found_in_forest_trust_with_shared_secret(self): result = self.master.run_command( ['ipa', 'trust-fetch-domains', self.ad.domain.name], @@ -783,6 +799,7 @@ def test_trustdomains_found_in_forest_trust_with_shared_secret(self): self.check_trustdomains( self.ad_domain, [self.ad_domain, self.ad_subdomain]) + @skip_in_fips_mode_due_to_issue_8715 def test_user_gid_uid_resolution_in_forest_trust_with_shared_secret(self): """Check that user has SID-generated UID""" # Using domain name since it is lowercased realm name for AD domains @@ -801,6 +818,7 @@ def test_user_gid_uid_resolution_in_forest_trust_with_shared_secret(self): assert re.search( testuser_regex, result.stdout_text), result.stdout_text + @skip_in_fips_mode_due_to_issue_8715 def test_remove_forest_trust_with_shared_secret(self): ps_cmd = ( '[System.DirectoryServices.ActiveDirectory.Forest]' @@ -823,6 +841,7 @@ def test_remove_forest_trust_with_shared_secret(self): # Test for one-way external trust with shared secret + @skip_in_fips_mode_due_to_issue_8715 def test_establish_external_trust_with_shared_secret(self): tasks.configure_dns_for_trust(self.master, self.ad) tasks.configure_windows_dns_for_trust(self.ad, self.master) @@ -838,6 +857,7 @@ def test_establish_external_trust_with_shared_secret(self): self.master, self.ad_domain, shared_secret=self.shared_secret, extra_args=['--range-type', 'ipa-ad-trust', '--external=True']) + @skip_in_fips_mode_due_to_issue_8715 def test_trustdomains_found_in_external_trust_with_shared_secret(self): result = self.master.run_command( ['ipa', 'trust-fetch-domains', self.ad.domain.name], @@ -846,6 +866,7 @@ def test_trustdomains_found_in_external_trust_with_shared_secret(self): self.check_trustdomains( self.ad_domain, [self.ad_domain]) + @skip_in_fips_mode_due_to_issue_8715 def test_user_uid_resolution_in_external_trust_with_shared_secret(self): """Check that user has SID-generated UID""" # Using domain name since it is lowercased realm name for AD domains @@ -864,6 +885,7 @@ def test_user_uid_resolution_in_external_trust_with_shared_secret(self): assert re.search( testuser_regex, result.stdout_text), result.stdout_text + @skip_in_fips_mode_due_to_issue_8715 def test_remove_external_trust_with_shared_secret(self): self.ad.run_command( ['netdom.exe', 'trust', self.master.domain.name, From 2140c9d01520444c04abafdff5d7286845a1191f Mon Sep 17 00:00:00 2001 From: Sergey Orlov <sor...@redhat.com> Date: Tue, 16 Feb 2021 12:39:29 +0100 Subject: [PATCH 2/2] temp commit --- .freeipa-pr-ci.yaml | 2 +- ipatests/prci_definitions/temp_commit.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b634..80656690080 120000 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 8f8a357acd1..2f5e7a216d3 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -61,14 +61,14 @@ jobs: timeout: 1800 topology: *build - fedora-latest/temp_commit: + fedora-latest/test_trust: requires: [fedora-latest/build] priority: 50 job: - class: RunPytest + class: RunADTests args: build_url: '{fedora-latest/build_url}' - test_suite: test_integration/test_REPLACEME.py + test_suite: test_integration/test_trust.py template: *ci-master-latest - timeout: 3600 - topology: *master_1repl_1client + timeout: 9000 + topology: *adroot_adchild_adtree_master_1client
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure