URL: https://github.com/freeipa/freeipa/pull/5943 Author: flo-renaud Title: #5943: [Backport][ipa-4-8] ipatests: Test for OTP when the LDAP connection timed out Action: opened
PR body: """ This PR was opened automatically because PR #5918 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5943/head:pr5943 git checkout pr5943
From ae55c75a29e7d5b4af58cb2cc98ebac07dbec306 Mon Sep 17 00:00:00 2001 From: Anuja More <am...@redhat.com> Date: Thu, 22 Jul 2021 14:55:50 +0530 Subject: [PATCH] ipatests: Test for OTP when the LDAP connection timed out. Test to verify that when the idle timeout is exceeded (30s idle, 60s sleep) then the ipa-otpd process should exit without error. Related : https://pagure.io/freeipa/issue/6587 Signed-off-by: Anuja More <am...@redhat.com> --- ipatests/test_integration/test_otp.py | 56 +++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/ipatests/test_integration/test_otp.py b/ipatests/test_integration/test_otp.py index b2e65af1b67..fd55898caeb 100644 --- a/ipatests/test_integration/test_otp.py +++ b/ipatests/test_integration/test_otp.py @@ -20,6 +20,7 @@ from ipatests.test_integration.base import IntegrationTest from ipaplatform.paths import paths from ipatests.pytest_ipa.integration import tasks +from ipapython.dn import DN PASSWORD = "DummyPassword123" @@ -309,3 +310,58 @@ def test_2fa_disable_single_prompt(self): master.run_command(['ipa', 'user-del', USER2]) self.master.run_command(['semanage', 'login', '-D']) sssd_conf_backup.restore() + + @pytest.fixture + def setup_otp_nsslapd(self): + # setting nsslapd-idletimeout + new_limit = 30 + conn = self.master.ldap_connect() + dn = DN(('cn', 'config')) + entry = conn.get_entry(dn) # pylint: disable=no-member + orig_limit = entry.single_value.get('nsslapd-idletimeout') + ldap_query = textwrap.dedent(""" + dn: cn=config + changetype: modify + replace: nsslapd-idletimeout + nsslapd-idletimeout: {limit} + """) + tasks.ldapmodify_dm(self.master, ldap_query.format(limit=new_limit)) + # Be sure no services are running and failed units + self.master.run_command(['killall', 'ipa-otpd'], raiseonerr=False) + check_services = self.master.run_command( + ['systemctl', 'list-units', '--state=failed'] + ) + assert "0 loaded units listed" in check_services.stdout_text + assert "ipa-otpd" not in check_services.stdout_text + yield + # cleanup + tasks.ldapmodify_dm(self.master, ldap_query.format(limit=orig_limit)) + + def test_check_otpd_after_idle_timeout(self, setup_otp_nsslapd): + """Test for OTP when the LDAP connection timed out. + + Test for : https://pagure.io/freeipa/issue/6587 + + ipa-otpd was exiting with failure when LDAP connection timed out. + Test to verify that when the nsslapd-idletimeout is exceeded (30s idle, + 60s sleep) then the ipa-otpd process should exit without error. + """ + since = time.strftime('%H:%M:%S') + tasks.kinit_admin(self.master) + otpuid, totp = add_otptoken(self.master, USER, otptype="totp") + try: + # kinit with OTP auth + otpvalue = totp.generate(int(time.time())).decode("ascii") + kinit_otp(self.master, USER, password=PASSWORD, otp=otpvalue) + time.sleep(60) + failed_services = self.master.run_command( + ['systemctl', 'list-units', '--state=failed'] + ) + assert "ipa-otpd" not in failed_services.stdout_text + cmd_jornalctl = self.master.run_command( + ['journalctl', '--since={}'.format(since)] + ) + regex = r".*ipa-otpd@.*\sSucceeded" + assert re.search(regex, cmd_jornalctl.stdout_text) + finally: + del_otptoken(self.master, otpuid)
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
