[Freeipa-devel] [freeipa PR#5563][opened] ipatests: skip tests for AD trust with shared secret in FIPS mode

wladich via FreeIPA-devel Tue, 16 Feb 2021 03:41:50 -0800

   URL: https://github.com/freeipa/freeipa/pull/5563
Author: wladich
 Title: #5563: ipatests: skip tests for AD trust with shared secret in FIPS mode
Action: opened


PR body:
"""
Related to https://pagure.io/freeipa/issue/8715
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5563/head:pr5563
git checkout pr5563

From 8193e255cd99225634a6267b483d29f25958f7f2 Mon Sep 17 00:00:00 2001
From: Sergey Orlov <sor...@redhat.com>
Date: Tue, 16 Feb 2021 12:32:55 +0100
Subject: [PATCH 1/2] ipatests: skip tests for AD trust with shared secret in
 FIPS mode

Related to https://pagure.io/freeipa/issue/8715
---
 ipatests/test_integration/test_trust.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
index 3e522617d46..c8a348212fd 100644
--- a/ipatests/test_integration/test_trust.py
+++ b/ipatests/test_integration/test_trust.py
@@ -5,6 +5,7 @@
 import re
 import textwrap
 import time
+import functools
 
 import pytest
 
@@ -13,6 +14,7 @@
 
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.pytest_ipa.integration import tasks
+from ipatests.pytest_ipa.integration import fips
 from ipapython.dn import DN
 from collections import namedtuple
 from contextlib import contextmanager
@@ -20,6 +22,18 @@
 TestDataRule = namedtuple('TestDataRule',
                           ['name', 'ruletype', 'user', 'subject'])
 
+
+def skip_in_fips_mode_due_to_issue_8715(test_method):
+    @functools.wraps(test_method)
+    def wrapper(instance):
+        if fips.is_fips_enabled(instance.master):
+            pytest.skip('Skipping in FIPS mode due to '
+                        'https://pagure.io/freeipa/issue/8715')
+        else:
+            test_method(instance)
+    return wrapper
+
+
 class BaseTestTrust(IntegrationTest):
     num_clients = 1
     topology = 'line'
@@ -751,6 +765,7 @@ def test_remove_external_rootdomain_trust(self):
 
     # Test for one-way forest trust with shared secret
 
+    @skip_in_fips_mode_due_to_issue_8715
     def test_establish_forest_trust_with_shared_secret(self):
         tasks.configure_dns_for_trust(self.master, self.ad)
         tasks.configure_windows_dns_for_trust(self.ad, self.master)
@@ -775,6 +790,7 @@ def test_establish_forest_trust_with_shared_secret(self):
         tasks.establish_trust_with_ad(
             self.master, self.ad_domain, shared_secret=self.shared_secret)
 
+    @skip_in_fips_mode_due_to_issue_8715
     def test_trustdomains_found_in_forest_trust_with_shared_secret(self):
         result = self.master.run_command(
             ['ipa', 'trust-fetch-domains', self.ad.domain.name],
@@ -783,6 +799,7 @@ def test_trustdomains_found_in_forest_trust_with_shared_secret(self):
         self.check_trustdomains(
             self.ad_domain, [self.ad_domain, self.ad_subdomain])
 
+    @skip_in_fips_mode_due_to_issue_8715
     def test_user_gid_uid_resolution_in_forest_trust_with_shared_secret(self):
         """Check that user has SID-generated UID"""
         # Using domain name since it is lowercased realm name for AD domains
@@ -801,6 +818,7 @@ def test_user_gid_uid_resolution_in_forest_trust_with_shared_secret(self):
         assert re.search(
             testuser_regex, result.stdout_text), result.stdout_text
 
+    @skip_in_fips_mode_due_to_issue_8715
     def test_remove_forest_trust_with_shared_secret(self):
         ps_cmd = (
             '[System.DirectoryServices.ActiveDirectory.Forest]'
@@ -823,6 +841,7 @@ def test_remove_forest_trust_with_shared_secret(self):
 
     # Test for one-way external trust with shared secret
 
+    @skip_in_fips_mode_due_to_issue_8715
     def test_establish_external_trust_with_shared_secret(self):
         tasks.configure_dns_for_trust(self.master, self.ad)
         tasks.configure_windows_dns_for_trust(self.ad, self.master)
@@ -838,6 +857,7 @@ def test_establish_external_trust_with_shared_secret(self):
             self.master, self.ad_domain, shared_secret=self.shared_secret,
             extra_args=['--range-type', 'ipa-ad-trust', '--external=True'])
 
+    @skip_in_fips_mode_due_to_issue_8715
     def test_trustdomains_found_in_external_trust_with_shared_secret(self):
         result = self.master.run_command(
             ['ipa', 'trust-fetch-domains', self.ad.domain.name],
@@ -846,6 +866,7 @@ def test_trustdomains_found_in_external_trust_with_shared_secret(self):
         self.check_trustdomains(
             self.ad_domain, [self.ad_domain])
 
+    @skip_in_fips_mode_due_to_issue_8715
     def test_user_uid_resolution_in_external_trust_with_shared_secret(self):
         """Check that user has SID-generated UID"""
         # Using domain name since it is lowercased realm name for AD domains
@@ -864,6 +885,7 @@ def test_user_uid_resolution_in_external_trust_with_shared_secret(self):
         assert re.search(
             testuser_regex, result.stdout_text), result.stdout_text
 
+    @skip_in_fips_mode_due_to_issue_8715
     def test_remove_external_trust_with_shared_secret(self):
         self.ad.run_command(
             ['netdom.exe', 'trust', self.master.domain.name,

From 2140c9d01520444c04abafdff5d7286845a1191f Mon Sep 17 00:00:00 2001
From: Sergey Orlov <sor...@redhat.com>
Date: Tue, 16 Feb 2021 12:39:29 +0100
Subject: [PATCH 2/2] temp commit

---
 .freeipa-pr-ci.yaml                        |  2 +-
 ipatests/prci_definitions/temp_commit.yaml | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index abcf8c5b634..80656690080 120000
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -1 +1 @@
-ipatests/prci_definitions/gating.yaml
\ No newline at end of file
+ipatests/prci_definitions/temp_commit.yaml
\ No newline at end of file
diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml
index 8f8a357acd1..2f5e7a216d3 100644
--- a/ipatests/prci_definitions/temp_commit.yaml
+++ b/ipatests/prci_definitions/temp_commit.yaml
@@ -61,14 +61,14 @@ jobs:
         timeout: 1800
         topology: *build
 
-  fedora-latest/temp_commit:
+  fedora-latest/test_trust:
     requires: [fedora-latest/build]
     priority: 50
     job:
-      class: RunPytest
+      class: RunADTests
       args:
         build_url: '{fedora-latest/build_url}'
-        test_suite: test_integration/test_REPLACEME.py
+        test_suite: test_integration/test_trust.py
         template: *ci-master-latest
-        timeout: 3600
-        topology: *master_1repl_1client
+        timeout: 9000
+        topology: *adroot_adchild_adtree_master_1client

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-devel] [freeipa PR#5563][opened] ipatests: skip tests for AD trust with shared secret in FIPS mode

Reply via email to