Hi, the attached patches fix the following tickets
https://fedorahosted.org/freeipa/ticket/4134 https://fedorahosted.org/freeipa/ticket/4132 and some additional errors as well. Comments in the commit messages. Tomas
>From 6f451a73d245c0ea801a7be21be8575ae0bdfd0f Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Thu, 23 Jan 2014 10:05:09 +0100 Subject: [PATCH] ipatests: legacy_clients: Test legacy clients with non-posix trust Adds test cases for legacy client support with IPA that has estabilish trust with AD that does not leverage POSIX attributes defined on AD. https://fedorahosted.org/freeipa/ticket/4134 --- ipatests/test_integration/test_legacy_clients.py | 89 ++++++++++++++++++++---- 1 file changed, 76 insertions(+), 13 deletions(-) diff --git a/ipatests/test_integration/test_legacy_clients.py b/ipatests/test_integration/test_legacy_clients.py index 3edceb2dcb110557fe7566534fb10a466d8f78a8..b4fd13175154ffeb7c7ca102d8cf64862053e763 100644 --- a/ipatests/test_integration/test_legacy_clients.py +++ b/ipatests/test_integration/test_legacy_clients.py @@ -29,7 +29,7 @@ from ipatests.test_integration import tasks from ipatests.test_integration import test_trust as trust_tests -class BaseTestLegacyClient(trust_tests.TestEnforcedPosixADTrust): +class BaseTestLegacyClient(object): """ Tests legacy client support. """ @@ -42,6 +42,13 @@ class BaseTestLegacyClient(trust_tests.TestEnforcedPosixADTrust): '/etc/nsswitch.conf', '/etc/sssd/sssd.conf'] + # Actual test classes need to override these attributes to set the expected + # values on the UID and GID results, since this varies with the usage of the + # POSIX and non-POSIX ID ranges + + testuser_uid_regex = None + testuser_gid_regex = None + @classmethod def setup_class(cls): super(BaseTestLegacyClient, cls).setup_class() @@ -53,9 +60,6 @@ class BaseTestLegacyClient(trust_tests.TestEnforcedPosixADTrust): for f in cls.backup_files: tasks.backup_file(cls.legacy_client, f) - def test_remove_trust_with_posix_attributes(self): - pass - def test_apply_advice(self): # Obtain the advice from the server tasks.kinit_admin(self.master) @@ -110,9 +114,11 @@ class BaseTestLegacyClient(trust_tests.TestEnforcedPosixADTrust): testuser = 'testuser@%s' % self.ad.domain.name result = self.legacy_client.run_command(['getent', 'passwd', testuser]) - testuser_stdout = "testuser@%s:*:10042:10047:"\ + testuser_stdout = "testuser@%s:*:%s:%s:"\ "Test User:/home/testuser:/bin/sh"\ - % self.ad.domain.name + % (self.ad.domain.name, + self.testuser_uid_regex, + self.testuser_gid_regex) assert testuser_stdout in result.stdout_text @@ -121,7 +127,7 @@ class BaseTestLegacyClient(trust_tests.TestEnforcedPosixADTrust): testgroup = 'testgroup@%s' % self.ad.domain.name result = self.legacy_client.run_command(['getent', 'group', testgroup]) - testgroup_stdout = "%s:\*:10047:" % testgroup + testgroup_stdout = "%s:\*:%s:" % (testgroup, self.testuser_gid_regex) assert re.search(testgroup_stdout, result.stdout_text) def test_id_ad_user(self): @@ -131,9 +137,9 @@ class BaseTestLegacyClient(trust_tests.TestEnforcedPosixADTrust): result = self.legacy_client.run_command(['id', testuser]) - uid_regex = "uid=10042\(%s\)" % testuser - gid_regex = "gid=10047\(%s\)" % testgroup - groups_regex = "groups=10047\(%s\)" % testgroup + uid_regex = "uid=%s\(%s\)" % (self.testuser_uid_regex, testuser) + gid_regex = "gid=%s\(%s\)" % (self.testuser_gid_regex, testgroup) + groups_regex = "groups=%s\(%s\)" % (self.testuser_gid_regex, testgroup) assert re.search(uid_regex, result.stdout_text) assert re.search(gid_regex, result.stdout_text) @@ -241,13 +247,15 @@ class BaseTestLegacyClient(trust_tests.TestEnforcedPosixADTrust): super(BaseTestLegacyClient, cls).uninstall() -class TestLegacySSSDBefore19RedHat(BaseTestLegacyClient): +# Base classes with attributes that are specific for each legacy client test + +class BaseTestLegacySSSDBefore19RedHat(object): advice_id = 'config-redhat-sssd-before-1-9' required_extra_roles = ['legacy_client_sssd_redhat'] -class TestLegacyNssPamLdapdRedHat(BaseTestLegacyClient): +class BaseTestLegacyNssPamLdapdRedHat(object): advice_id = 'config-redhat-nss-pam-ldapd' required_extra_roles = ['legacy_client_nss_pam_ldapd_redhat'] @@ -256,10 +264,65 @@ class TestLegacyNssPamLdapdRedHat(BaseTestLegacyClient): tasks.clear_sssd_cache(self.master) -class TestLegacyNssLdapRedHat(BaseTestLegacyClient): +class BaseTestLegacyNssLdapRedHat(object): advice_id = 'config-redhat-nss-ldap' required_extra_roles = ['legacy_client_nss_ldap_redhat'] def clear_sssd_caches(self): tasks.clear_sssd_cache(self.master) + + +# Base classes that join legacy client specific steps with steps required +# to setup IPA with trust (both with and without using the POSIX attributes) + +class BaseTestLegacyClientPosix(BaseTestLegacyClient, + trust_tests.TestEnforcedPosixADTrust): + + testuser_uid_regex = '10042' + testuser_gid_regex = '10047' + + def test_remove_trust_with_posix_attributes(self): + pass + + +class BaseTestLegacyClientNonPosix(BaseTestLegacyClient, + trust_tests.TestBasicADTrust): + + testuser_uid_regex = '(?!10042)(\d+)' + testuser_gid_regex = '(?!10047)(\d+)' + + def test_remove_nonposix_trust(self): + pass + + +# Tests definitions themselvels. Beauty. Just pure beauty. + +class TestLegacySSSDBefore19RedHatNonPosix(BaseTestLegacySSSDBefore19RedHat, + BaseTestLegacyClientNonPosix): + pass + + +class TestLegacyNssPamLdapdRedHatNonPosix(BaseTestLegacyNssPamLdapdRedHat, + BaseTestLegacyClientNonPosix): + pass + + +class TestLegacyNssLdapRedHatNonPosix(BaseTestLegacyNssLdapRedHat, + BaseTestLegacyClientNonPosix): + pass + + +class TestLegacySSSDBefore19RedHatPosix(BaseTestLegacySSSDBefore19RedHat, + BaseTestLegacyClientPosix): + pass + + +class TestLegacyNssPamLdapdRedHatPosix(BaseTestLegacyNssPamLdapdRedHat, + BaseTestLegacyClientPosix): + pass + + +class TestLegacyNssLdapRedHatPosix(BaseTestLegacyNssLdapRedHat, + BaseTestLegacyClientPosix): + pass -- 1.8.4.2
>From c9892e9bf61018da9fc5d864f2c98188b2f844a3 Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Thu, 23 Jan 2014 13:33:59 +0100 Subject: [PATCH] ipatests: Perform a connection test before preparing the client When the host is down, the preparation of the host fails. This produces misleading errors, since the test framework reports that the actual command being executed failed, when in fact (in case of SSHTransport), the cause of failure was unability to establish a SSH session. https://fedorahosted.org/freeipa/ticket/4132 --- ipatests/test_integration/tasks.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index 72196914f6d27cd46dd84eef15b3d1dd60aacdf3..fe1291f3babe8bb775ca6811f7b8752b36f2c4ef 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -42,6 +42,10 @@ log = log_mgr.get_logger(__name__) def prepare_host(host): if isinstance(host, Host): env_filename = os.path.join(host.config.test_dir, 'env.sh') + + # First we try to run simple echo command to test the connection + host.run_command(['true'], set_env=False) + host.collect_log(env_filename) host.transport.mkdir_recursive(host.config.test_dir) host.put_file_contents(env_filename, env_to_script(host.to_env())) -- 1.8.4.2
>From d2024c2a717590b8d58253a74c854a97e654458a Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Wed, 5 Feb 2014 09:07:45 +0100 Subject: [PATCH] ipatests: Make sure we re-kinit as admin before adding the disabledipauser When we add the disabledipauser during the setup class part of the BaseTestLegacyClient, we need to make sure that we re-kinit admin since we do ntpsync with the AD just before that, which can render the previous ticket invalid. --- ipatests/test_integration/test_legacy_clients.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ipatests/test_integration/test_legacy_clients.py b/ipatests/test_integration/test_legacy_clients.py index 32800e958d8e8e8d6425e798eb5ed79435d69883..a12dadb51943d752296085900db3924e30299d1c 100644 --- a/ipatests/test_integration/test_legacy_clients.py +++ b/ipatests/test_integration/test_legacy_clients.py @@ -317,6 +317,8 @@ class BaseTestLegacyClient(object): def install(cls): super(BaseTestLegacyClient, cls).install() + tasks.kinit_admin(cls.master) + password_confirmation = ( cls.master.config.admin_password + '\n' + -- 1.8.4.2
>From 71188583b32ad3a2441667698a58f284584fdfcb Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Wed, 5 Feb 2014 12:07:26 +0100 Subject: [PATCH] ipatests: Stop sssd service before deleting the cache In the integration tests, we do not stop the sssd service before deleting the cache, but rather start it. We need to stop sssd before deleting the cache. --- ipatests/test_integration/tasks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index 7a7fd4b3e3e90fff12ca6395cefd86db24483776..9a6ea3fa548a53d6e5ab6d19783227c2d956a001 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -399,9 +399,9 @@ def clear_sssd_cache(host): systemd_available = host.transport.file_exists('/bin/systemctl') if systemd_available: - host.run_command(['systemctl', 'start', 'sssd']) + host.run_command(['systemctl', 'stop', 'sssd']) else: - host.run_command(['/sbin/service', 'sssd', 'start']) + host.run_command(['/sbin/service', 'sssd', 'stop']) host.run_command("find /var/lib/sss/db -name '*.ldb' | " "xargs rm -fv") -- 1.8.4.2
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel