[Freeipa-devel] [freeipa PR#2340][closed] [Backport][ipa-4-6] Integration test for sssd_ssh leaks

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2340
Author: Tiboris
 Title: #2340: [Backport][ipa-4-6] Integration test for sssd_ssh leaks
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2340/head:pr2340
git checkout pr2340
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#2352][opened] bump PRCI template version to 0.1.9

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2352
Author: Rezney
 Title: #2352: bump PRCI template version to 0.1.9
Action: opened

PR body:
"""

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2352/head:pr2352
git checkout pr2352
From 526e7c3a019b1a8166366d0505c59521b846d894 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 11 Sep 2018 11:20:04 +0200
Subject: [PATCH] bump PRCI template version to 0.1.9

---
 ipatests/prci_definitions/gating.yaml | 2 +-
 ipatests/prci_definitions/nightly_master.yaml | 2 +-
 ipatests/prci_definitions/temp_commit.yaml| 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipatests/prci_definitions/gating.yaml b/ipatests/prci_definitions/gating.yaml
index 362f84e308..00791cf8bf 100644
--- a/ipatests/prci_definitions/gating.yaml
+++ b/ipatests/prci_definitions/gating.yaml
@@ -23,7 +23,7 @@ jobs:
 git_refspec: '{git_refspec}'
 template: &ci-master-f28
   name: freeipa/ci-master-f28
-  version: 0.1.8
+  version: 0.1.9
 timeout: 1800
 topology: *build
 
diff --git a/ipatests/prci_definitions/nightly_master.yaml b/ipatests/prci_definitions/nightly_master.yaml
index 8793cdac01..bc93f38de3 100644
--- a/ipatests/prci_definitions/nightly_master.yaml
+++ b/ipatests/prci_definitions/nightly_master.yaml
@@ -35,7 +35,7 @@ jobs:
 git_refspec: '{git_refspec}'
 template: &ci-master-f28
   name: freeipa/ci-master-f28
-  version: 0.1.8
+  version: 0.1.9
 timeout: 1800
 topology: *build
 
diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml
index 42503f79d6..cd49379fc8 100644
--- a/ipatests/prci_definitions/temp_commit.yaml
+++ b/ipatests/prci_definitions/temp_commit.yaml
@@ -29,7 +29,7 @@ jobs:
 git_refspec: '{git_refspec}'
 template: &ci-master-f28
   name: freeipa/ci-master-f28
-  version: 0.1.8
+  version: 0.1.9
 timeout: 1800
 topology: *build
 
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#2314][opened] bump PRCI template version to 0.1.8

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2314
Author: Rezney
 Title: #2314: bump PRCI template version to 0.1.8
Action: opened

PR body:
"""

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2314/head:pr2314
git checkout pr2314
From 940bc18f38e13690fcce68a5477f9591b61e2639 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Fri, 31 Aug 2018 15:31:33 +0200
Subject: [PATCH] bump PRCI template version to 0.1.8

---
 ipatests/prci_definitions/gating.yaml | 2 +-
 ipatests/prci_definitions/nightly_master.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipatests/prci_definitions/gating.yaml b/ipatests/prci_definitions/gating.yaml
index ba09d8276c..362f84e308 100644
--- a/ipatests/prci_definitions/gating.yaml
+++ b/ipatests/prci_definitions/gating.yaml
@@ -23,7 +23,7 @@ jobs:
 git_refspec: '{git_refspec}'
 template: &ci-master-f28
   name: freeipa/ci-master-f28
-  version: 0.1.7
+  version: 0.1.8
 timeout: 1800
 topology: *build
 
diff --git a/ipatests/prci_definitions/nightly_master.yaml b/ipatests/prci_definitions/nightly_master.yaml
index 0332c6eca9..8793cdac01 100644
--- a/ipatests/prci_definitions/nightly_master.yaml
+++ b/ipatests/prci_definitions/nightly_master.yaml
@@ -35,7 +35,7 @@ jobs:
 git_refspec: '{git_refspec}'
 template: &ci-master-f28
   name: freeipa/ci-master-f28
-  version: 0.1.7
+  version: 0.1.8
 timeout: 1800
 topology: *build
 
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#2309][opened] Add "389-ds-base-legacy-tools" to requires.

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2309
Author: Rezney
 Title: #2309: Add "389-ds-base-legacy-tools" to requires.
Action: opened

PR body:
"""
"389-ds-base-legacy-tools" needs to be added to requires until
the switch to python installer is completed.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2309/head:pr2309
git checkout pr2309
From ee03f60ea5dc252db29eb213858ce159f257bbfb Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Fri, 31 Aug 2018 09:49:15 +0200
Subject: [PATCH] Add "389-ds-base-legacy-tools" to requires.

"389-ds-base-legacy-tools" needs to be added to requires until
the switch to python installer is completed.
---
 freeipa.spec.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 02881b4945..cffbccd72e 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -329,6 +329,7 @@ Requires: python2-ipaserver = %{version}-%{release}
 Requires: python2-ldap >= %{python_ldap_version}
 %endif
 Requires: 389-ds-base >= %{ds_version}
+Requires: 389-ds-base-legacy-tools >= %{ds_version}
 Requires: openldap-clients > 2.4.35-4
 Requires: nss >= %{nss_version}
 Requires: nss-tools >= %{nss_version}
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#2287][opened] Integration test for sssd_ssh leaks

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2287
Author: Rezney
 Title: #2287: Integration test for sssd_ssh leaks
Action: opened

PR body:
"""
Integration test for sssd_ssh leaks

https://pagure.io/SSSD/sssd/issue/3794
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2287/head:pr2287
git checkout pr2287
From 1af32fd29f577abaf6cb02aafabda7b14496ad3f Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 23 Aug 2018 10:34:39 +0200
Subject: [PATCH 1/3] tests: sssd_ssh fd leaks when user cert converted into
 SSH key

---
 ipatests/pytest_ipa/integration/tasks.py   |  1 +
 ipatests/test_integration/test_commands.py | 48 ++
 2 files changed, 49 insertions(+)

diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py
index 23090ebbab..fcfd703b41 100644
--- a/ipatests/pytest_ipa/integration/tasks.py
+++ b/ipatests/pytest_ipa/integration/tasks.py
@@ -1530,3 +1530,4 @@ def generate_ssh_keypair():
 public_key_str = public_key.decode('utf-8')
 
 return (private_key_str, public_key_str)
+
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index e207c7543c..5fc68f7a1f 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -11,6 +11,7 @@
 import logging
 import ssl
 from tempfile import NamedTemporaryFile
+from itertools import chain, repeat
 import textwrap
 import time
 import paramiko
@@ -20,6 +21,7 @@
 
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.pytest_ipa.integration import tasks
+from ipatests.create_external_ca import ExternalCA
 
 logger = logging.getLogger(__name__)
 
@@ -355,3 +357,49 @@ def test_ssh_key_connection(self, tmpdir):
 
 # cleanup
 self.master.run_command(['ipa', 'user-del', test_user])
+
+def test_ssh_leak(self):
+"""
+Integration test for https://pagure.io/SSSD/sssd/issue/3794
+"""
+
+def count_pipes():
+
+res = self.master.run_command(['pidof', 'sssd_ssh'])
+pid = res.stdout_text.strip()
+proc_path = '/proc/{}/fd'.format(pid)
+res = self.master.run_command(['ls', '-la', proc_path])
+fds_text = res.stdout_text.strip()
+return sum((1 for _ in re.finditer(r'pipe', fds_text)))
+
+test_user = 'test-ssh'
+
+tasks.kinit_admin(self.master)
+self.master.run_command(['ipa', 'user-add', test_user,
+ '--first=tester', '--last=tester'])
+
+certs = []
+
+# we are ok with whatever certificate for this test
+external_ca = ExternalCA()
+for i in range(3):
+cert = external_ca.create_ca()
+cert = tasks.strip_cert_header(cert.decode('utf-8'))
+certs.append('"{}"'.format(cert))
+
+cert_args = list(
+chain.from_iterable(list(zip(repeat('--certificate'), certs
+cmd = 'ipa user-add-cert {} {}'.format(test_user, ' '.join(cert_args))
+self.master.run_command(cmd)
+
+tasks.clear_sssd_cache(self.master)
+
+num_of_pipes = count_pipes()
+
+for i in range(3):
+self.master.run_command([paths.SSS_SSH_AUTHORIZEDKEYS, test_user])
+current_num_of_pipes = count_pipes()
+assert current_num_of_pipes == num_of_pipes
+
+# cleanup
+self.master.run_command(['ipa', 'user-del', test_user])

From 5ee328086d1effbc611472d8fd6741efc8e74eb1 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 23 Aug 2018 10:42:31 +0200
Subject: [PATCH 2/3] temp_commit

---
 ipatests/prci_definitions/gating.yaml | 207 +-
 1 file changed, 2 insertions(+), 205 deletions(-)

diff --git a/ipatests/prci_definitions/gating.yaml b/ipatests/prci_definitions/gating.yaml
index ba09d8276c..dd9fbe8ca3 100644
--- a/ipatests/prci_definitions/gating.yaml
+++ b/ipatests/prci_definitions/gating.yaml
@@ -27,218 +27,15 @@ jobs:
 timeout: 1800
 topology: *build
 
-  fedora-28/simple_replication:
+  fedora-28/test_commands_SSH:
 requires: [fedora-28/build]
 priority: 50
 job:
   class: RunPytest
   args:
 build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_simple_replication.py
+test_suite: test_integration/test_commands.py::TestIPACommand::test_ssh_leak
 template: *ci-master-f28
 timeout: 3600
 topology: *master_1repl
 
-  fedora-28/caless:
-requires: [fedora-28/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
-
-  fedora-28/external_ca_1:
-requires: [fedora-28/build]
-prio

[Freeipa-devel] [freeipa PR#2225][closed] [testing master] Nightly run

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2225
Author: Tiboris
 Title: #2225: [testing master] Nightly run
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2225/head:pr2225
git checkout pr2225
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/HRALTWY3V3KOPN62HYKVIKJUNBCAVSYZ/

[Freeipa-devel] [freeipa PR#2247][opened] test: client uninstall fails when installed using non-existing hostname

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2247
Author: Rezney
 Title: #2247: test: client uninstall fails when installed using non-existing 
hostname
Action: opened

PR body:
"""
test: client uninstall fails when installed using non-existing hostname

https://pagure.io/freeipa/issue/7620
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2247/head:pr2247
git checkout pr2247
From 8cfa969b8e97705cfb6b524e163a1f03d11e Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Mon, 13 Aug 2018 17:09:15 +0200
Subject: [PATCH 1/2] test: client uninstall fails when installed using
 non-existing hostname

https://pagure.io/freeipa/issue/7620
---
 ipatests/test_integration/test_uninstallation.py | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/ipatests/test_integration/test_uninstallation.py b/ipatests/test_integration/test_uninstallation.py
index ccdf5b3c8a..3d9aa14abb 100644
--- a/ipatests/test_integration/test_uninstallation.py
+++ b/ipatests/test_integration/test_uninstallation.py
@@ -25,6 +25,21 @@ class TestUninstallBase(IntegrationTest):
 def install(cls, mh):
 tasks.install_master(cls.master, setup_dns=False)
 
+def test_uninstall_client_invalid_hostname(self):
+
+# using replica as client just for convenience
+client = self.replicas[0]
+client_inv_hostname = '{}.nonexistent'.format(client.hostname)
+tasks.install_client(self.master, client,  extra_args=[
+'hostname', client_inv_hostname])
+
+self.client.run_command(['ipa-client-install', '--uninstall', '-U'])
+client_uninstall_log = self.client.get_file_contents(
+paths.IPACLIENT_UNINSTALL_LOG, encoding='utf-8'
+)
+
+assert "exception: ScriptError:" not in client_uninstall_log
+
 def test_failed_uninstall(self):
 self.master.run_command(['ipactl', 'stop'])
 

From 418ae73bd6d5e8639e6e2a29385cf1f1dbe5dbee Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Mon, 13 Aug 2018 17:10:57 +0200
Subject: [PATCH 2/2] temp_commit

---
 ipatests/prci_definitions/gating.yaml | 208 +-
 1 file changed, 2 insertions(+), 206 deletions(-)

diff --git a/ipatests/prci_definitions/gating.yaml b/ipatests/prci_definitions/gating.yaml
index ba09d8276c..e226ca25cf 100644
--- a/ipatests/prci_definitions/gating.yaml
+++ b/ipatests/prci_definitions/gating.yaml
@@ -27,218 +27,14 @@ jobs:
 timeout: 1800
 topology: *build
 
-  fedora-28/simple_replication:
+  fedora-28/test_uninstallation:
 requires: [fedora-28/build]
 priority: 50
 job:
   class: RunPytest
   args:
 build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_simple_replication.py
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
-
-  fedora-28/caless:
-requires: [fedora-28/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
-
-  fedora-28/external_ca_1:
-requires: [fedora-28/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_external_ca.py::TestExternalCA
-template: *ci-master-f28
-timeout: 4800
-topology: *master_1repl_1client
-
-  fedora-28/external_ca_2:
-requires: [fedora-28/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
-
-  fedora-28/test_topologies:
-requires: [fedora-28/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_topologies.py
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
-
-  fedora-28/test_sudo:
-requires: [fedora-28/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_sudo.py
-template: *ci-master-f28
-timeout: 4800
-topology: *master_1repl_1client
-
-  fedora-28/test_commands:
-requires: [fedora-28/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_commands.py
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
-
-  fedora-28/test_kerberos_flags:
-requires: [fedora-28

[Freeipa-devel] [freeipa PR#2224][opened] PR-CI extend timeouts

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2224
Author: Rezney
 Title: #2224: PR-CI extend timeouts
Action: opened

PR body:
"""
extend timeout with one hour as timed out many times in PRCI nightly
- test_dnssec
- test_replication_layouts_TestLineTopologyWithCA
- test_replication_layouts_TestLineTopologyWithCAKRA
- test_replication_layouts_TestStarTopologyWithCAKRA
- test_server_del
- test_webui

Signed-off-by: Pavel Picka 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2224/head:pr2224
git checkout pr2224
From a849c42ddb088247570eb0c8d862466a1f125919 Mon Sep 17 00:00:00 2001
From: Pavel Picka 
Date: Mon, 30 Jul 2018 10:43:32 +0200
Subject: [PATCH] PR-CI extend timeouts

extend timeout with one hour as timed out many times in PRCI nightly
- test_dnssec
- test_replication_layouts_TestLineTopologyWithCA
- test_replication_layouts_TestLineTopologyWithCAKRA
- test_replication_layouts_TestStarTopologyWithCAKRA
- test_server_del
- test_webui

Signed-off-by: Pavel Picka 
---
 ipatests/prci_definitions/nightly_master.yaml | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ipatests/prci_definitions/nightly_master.yaml b/ipatests/prci_definitions/nightly_master.yaml
index 6a79da742e..c299e4138a 100644
--- a/ipatests/prci_definitions/nightly_master.yaml
+++ b/ipatests/prci_definitions/nightly_master.yaml
@@ -48,7 +48,7 @@ jobs:
 build_url: '{fedora-28/build_url}'
 test_suite: test_integration/test_server_del.py
 template: *ci-master-f28
-timeout: 8000
+timeout: 10800
 topology: *master_2repl_1client
 
   fedora-28/test_installation_TestInstallWithCA1:
@@ -385,7 +385,7 @@ jobs:
 build_url: '{fedora-28/build_url}'
 test_suite: test_integration/test_dnssec.py
 template: *ci-master-f28
-timeout: 7200
+timeout: 10800
 topology: *master_2repl_1client
 
   fedora-28/test_replica_promotion_TestReplicaPromotionLevel0:
@@ -601,7 +601,7 @@ jobs:
 build_url: '{fedora-28/build_url}'
 test_suite: test_integration/test_replication_layouts.py::TestLineTopologyWithCA
 template: *ci-master-f28
-timeout: 7200
+timeout: 10800
 topology: *master_3repl_1client
 
   fedora-28/test_replication_layouts_TestLineTopologyWithCAKRA:
@@ -613,7 +613,7 @@ jobs:
 build_url: '{fedora-28/build_url}'
 test_suite: test_integration/test_replication_layouts.py::TestLineTopologyWithCAKRA
 template: *ci-master-f28
-timeout: 7200
+timeout: 10800
 topology: *master_3repl_1client
 
   fedora-28/test_replication_layouts.py_TestStarTopologyWithoutCA:
@@ -649,7 +649,7 @@ jobs:
 build_url: '{fedora-28/build_url}'
 test_suite: test_integration/test_replication_layouts.py::TestStarTopologyWithCAKRA
 template: *ci-master-f28
-timeout: 7200
+timeout: 10800
 topology: *master_3repl_1client
 
   fedora-28/test_replication_layouts_TestCompleteTopologyWithoutCA:
@@ -697,5 +697,5 @@ jobs:
 build_url: '{fedora-28/build_url}'
 test_suite: test_webui/
 template: *ci-master-f28
-timeout: 16000
+timeout: 19600
 topology: *ipaserver
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/2SYDX6JKKNTV53FYCFDYIQ5H2LR2RZGZ/

[Freeipa-devel] [freeipa PR#2195][opened] ipa_tests: test ssh keys login

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2195
Author: Rezney
 Title: #2195: ipa_tests: test ssh keys login
Action: opened

PR body:
"""
Integration test for:

https://pagure.io/SSSD/sssd/issue/3747
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2195/head:pr2195
git checkout pr2195
From 1a11c2a10eb827e871c5173363275c212513c0c4 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 31 Jul 2018 13:24:01 +0200
Subject: [PATCH 1/2] ipa_tests: test ssh keys login

Integration test for:

https://pagure.io/SSSD/sssd/issue/3747
---
 ipatests/pytest_plugins/integration/tasks.py | 27 
 ipatests/test_integration/test_commands.py   | 65 
 2 files changed, 92 insertions(+)

diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py
index a50b55d7d5..06488628e5 100644
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -34,6 +34,10 @@
 from ldif import LDIFWriter
 from SSSDConfig import SSSDConfig
 from six import StringIO
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.backends import default_backend
+
 
 from ipapython import ipautil
 from ipaplatform.paths import paths
@@ -1479,3 +1483,26 @@ def sign_ca_and_transport(host, csr_name, root_ca_name, ipa_ca_name):
 host.put_file_contents(ipa_ca_fname, ipa_ca)
 
 return (root_ca_fname, ipa_ca_fname)
+
+
+def generate_ssh_keypair():
+"""
+Create SSH keypair for key authentication testing
+"""
+key = rsa.generate_private_key(backend=default_backend(),
+   public_exponent=65537,
+   key_size=2048)
+
+public_key = key.public_key().public_bytes(
+serialization.Encoding.OpenSSH, serialization.PublicFormat.OpenSSH)
+
+pem = key.private_bytes(
+encoding=serialization.Encoding.PEM,
+format=serialization.PrivateFormat.TraditionalOpenSSL,
+encryption_algorithm=serialization.NoEncryption()
+)
+
+private_key_str = pem.decode('utf-8')
+public_key_str = public_key.decode('utf-8')
+
+return (private_key_str, public_key_str)
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index faea96f065..8b8e2fe615 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -4,17 +4,24 @@
 """Misc test for 'ipa' CLI regressions
 """
 from __future__ import absolute_import
+import os
+import re
+import logging
 
 import base64
 import ssl
 from tempfile import NamedTemporaryFile
 import textwrap
+import tempfile
+import paramiko
+import pytest
 
 from ipaplatform.paths import paths
 
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.pytest_plugins.integration import tasks
 
+logger = logging.getLogger(__name__)
 
 class TestIPACommand(IntegrationTest):
 """
@@ -187,3 +194,61 @@ def test_list_help_topics(self):
 raiseonerr=False
 )
 assert result.returncode == 0
+
+def test_ssh_key_connection(self):
+"""
+Integration test for https://pagure.io/SSSD/sssd/issue/3747
+"""
+
+test_user = 'test-ssh'
+master = self.master.hostname
+
+with tempfile.TemporaryDirectory() as tmpdirname:
+pub_keys = []
+
+for i in range(40):
+ssh_key_pair = tasks.generate_ssh_keypair()
+pub_keys.append(ssh_key_pair[1])
+with open(
+os.path.join(
+tmpdirname, 'ssh_priv_{}'.format(i)), 'w') as fp:
+fp.write(ssh_key_pair[0])
+
+tasks.kinit_admin(self.master)
+self.master.run_command(['ipa', 'user-add', test_user,
+ '--first=tester', '--last=tester'])
+
+keys_opts = ' '.join(['--ssh "{}"'.format(k) for k in pub_keys])
+cmd = 'ipa user-mod {} {}'.format(test_user, keys_opts)
+self.master.run_command(cmd)
+
+# connect with first SSH key
+first_priv_key_path = os.path.join(tmpdirname, 'ssh_priv_1')
+# change private key permission to comply with SS rules
+os.chmod(first_priv_key_path, 0o600)
+
+sshcon = paramiko.SSHClient()
+sshcon.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+
+# first connection attempt is a workaround for
+# https://pagure.io/SSSD/sssd/issue/3669
+try:
+sshcon.connect(master, username=test_user,
+   key_filename=first_priv_key_path, timeout=1)
+except (paramiko.AuthenticationException, paramiko.SSHException):
+pass
+
+try:
+   

[Freeipa-devel] [freeipa PR#2188][opened] prci_definitions: fix wrong indentation in the nightly yaml

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2188
Author: Rezney
 Title: #2188: prci_definitions: fix wrong indentation in the nightly yaml
Action: opened

PR body:
"""
TestLineTopologyWithoutCA definition has wrong indentation. 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2188/head:pr2188
git checkout pr2188
From 85fd192046234d9c092de964d92a5de34b00d00a Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Fri, 27 Jul 2018 12:56:52 +0200
Subject: [PATCH] prci_definitions: fix wrong indentation in the nightly yaml

TestLineTopologyWithoutCA definition has wrong indentation.
---
 .../{nightly_master => nightly_master.yaml}  | 20 ++--
 .../{nightly_rawhide => nightly_rawhide.yaml}|  0
 2 files changed, 10 insertions(+), 10 deletions(-)
 rename ipatests/prci_definitions/{nightly_master => nightly_master.yaml} (98%)
 rename ipatests/prci_definitions/{nightly_rawhide => nightly_rawhide.yaml} (100%)

diff --git a/ipatests/prci_definitions/nightly_master b/ipatests/prci_definitions/nightly_master.yaml
similarity index 98%
rename from ipatests/prci_definitions/nightly_master
rename to ipatests/prci_definitions/nightly_master.yaml
index fc91de43ef..6a79da742e 100644
--- a/ipatests/prci_definitions/nightly_master
+++ b/ipatests/prci_definitions/nightly_master.yaml
@@ -581,16 +581,16 @@ jobs:
 topology: *master_3repl_1client
 
   fedora-28/test_replication_layouts_TestLineTopologyWithoutCA:
-  requires: [fedora-28/build]
-  priority: 50
-  job:
-class: RunPytest
-args:
-  build_url: '{fedora-28/build_url}'
-  test_suite: test_integration/test_replication_layouts.py::TestLineTopologyWithoutCA
-  template: *ci-master-f28
-  timeout: 7200
-  topology: *master_3repl_1client
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_replication_layouts.py::TestLineTopologyWithoutCA
+template: *ci-master-f28
+timeout: 7200
+topology: *master_3repl_1client
 
   fedora-28/test_replication_layouts_TestLineTopologyWithCA:
 requires: [fedora-28/build]
diff --git a/ipatests/prci_definitions/nightly_rawhide b/ipatests/prci_definitions/nightly_rawhide.yaml
similarity index 100%
rename from ipatests/prci_definitions/nightly_rawhide
rename to ipatests/prci_definitions/nightly_rawhide.yaml
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/W7TVJKWBW7QA2H3CYY5YQAN7UG5TU6XO/

[Freeipa-devel] [freeipa PR#2186][opened] [Backport][IPA-4-7] - Making nigthly test definition editable by FreeIPA's contributors

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2186
Author: Rezney
 Title: #2186: [Backport][IPA-4-7] - Making nigthly test definition editable by 
FreeIPA's contributors
Action: opened

PR body:
"""
Backport of https://github.com/freeipa/freeipa/pull/2139

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2186/head:pr2186
git checkout pr2186
From dae4e83245cbf240f86a5e6ddd97c5a824c4b134 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Wed, 11 Jul 2018 14:25:44 +0200
Subject: [PATCH 1/3] Add convenient template for temp commits

Signed-off-by: Christian Heimes 
Reviewed-By: Michal Reznik 
---
 ipatests/prci_definitions/gating.yaml  | 244 ++
 ipatests/prci_definitions/nightly_master   | 701 +
 ipatests/prci_definitions/temp_commit.yaml |  46 ++
 3 files changed, 991 insertions(+)
 create mode 100644 ipatests/prci_definitions/gating.yaml
 create mode 100644 ipatests/prci_definitions/nightly_master
 create mode 100644 ipatests/prci_definitions/temp_commit.yaml

diff --git a/ipatests/prci_definitions/gating.yaml b/ipatests/prci_definitions/gating.yaml
new file mode 100644
index 00..cfd802d6e2
--- /dev/null
+++ b/ipatests/prci_definitions/gating.yaml
@@ -0,0 +1,244 @@
+topologies:
+  build: &build
+name: build
+cpu: 2
+memory: 3800
+  master_1repl: &master_1repl
+name: master_1repl
+cpu: 4
+memory: 5750
+  master_1repl_1client: &master_1repl_1client
+name: master_1repl_1client
+cpu: 4
+memory: 6700
+
+jobs:
+  fedora-28/build:
+requires: []
+priority: 100
+job:
+  class: Build
+  args:
+git_repo: '{git_repo}'
+git_refspec: '{git_refspec}'
+template: &ci-master-f28
+  name: freeipa/ci-master-f28
+  version: 0.1.7
+timeout: 1800
+topology: *build
+
+  fedora-28/simple_replication:
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_simple_replication.py
+template: *ci-master-f28
+timeout: 3600
+topology: *master_1repl
+
+  fedora-28/caless:
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
+template: *ci-master-f28
+timeout: 3600
+topology: *master_1repl
+
+  fedora-28/external_ca_1:
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_external_ca.py::TestExternalCA
+template: *ci-master-f28
+timeout: 3600
+topology: *master_1repl_1client
+
+  fedora-28/external_ca_2:
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
+template: *ci-master-f28
+timeout: 3600
+topology: *master_1repl
+
+  fedora-28/test_topologies:
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_topologies.py
+template: *ci-master-f28
+timeout: 3600
+topology: *master_1repl
+
+  fedora-28/test_sudo:
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_sudo.py
+template: *ci-master-f28
+timeout: 3600
+topology: *master_1repl_1client
+
+  fedora-28/test_commands:
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_commands.py
+template: *ci-master-f28
+timeout: 3600
+topology: *master_1repl
+
+  fedora-28/test_kerberos_flags:
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_kerberos_flags.py
+template: *ci-master-f28
+timeout: 3600
+topology: *master_1repl_1client
+
+  fedora-28/test_http_kdc_proxy:
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_http_kdc_proxy.py
+template: *ci-master-f28
+timeout: 3600
+topology: *master_1repl_1client
+
+  fedora-28/test_forced_client_enrolment:
+

[Freeipa-devel] [freeipa PR#2139][closed] Making nigthly test definition editable by FreeIPA's contributors

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2139
Author: tiran
 Title: #2139: Making nigthly test definition editable by FreeIPA's contributors
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2139/head:pr2139
git checkout pr2139
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/YMBKZE5M42LRHQ5RLUWJTUPBSAPGBHHG/

[Freeipa-devel] [freeipa PR#2161][opened] Mark DL0 TestReplicaManageDel tests as xfail

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2161
Author: Rezney
 Title: #2161: Mark DL0 TestReplicaManageDel tests as xfail
Action: opened

PR body:
"""
Mark failing DL0 TestReplicaManageDel tests as xfail until
issue 7622 is fixed.

https://pagure.io/freeipa/issue/7622
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2161/head:pr2161
git checkout pr2161
From a404b0e2e1d2fa0a2fc30d96d71c9716ae0de433 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 17 Jul 2018 10:28:51 +0200
Subject: [PATCH] Mark DL0 TestReplicaManageDel tests as xfail

Mark failing DL0 TestReplicaManageDel tests as xfail until
issue 7622 is fixed.

https://pagure.io/freeipa/issue/7622
---
 ipatests/test_integration/test_topology.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ipatests/test_integration/test_topology.py b/ipatests/test_integration/test_topology.py
index dd24f7b910..7e8580abb4 100644
--- a/ipatests/test_integration/test_topology.py
+++ b/ipatests/test_integration/test_topology.py
@@ -249,6 +249,7 @@ def test_replica_uninstall_deletes_ruvs(self):
 "Replica RUVs were not clean during replica uninstallation")
 
 
+@pytest.mark.xfail(reason="Ticket N 7622", strict=True)
 class TestReplicaManageDel(IntegrationTest):
 domain_level = 0
 topology = 'star'
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/72Q4JDNU54GX3XIE67RZXCHTKUICNB5W/

[Freeipa-devel] [freeipa PR#2098][opened] ipa_tests: ipa-replica-prepare stuck on user input

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2098
Author: Rezney
 Title: #2098: ipa_tests: ipa-replica-prepare stuck on user input
Action: opened

PR body:
"""
TestOldReplicaWorksAfterDomainUpgrade is getting stuck while
running "ipa-replica-prepare" as it is asking for user input:
"Do you want to search for missing reverse zones?". Adding
"--auto-reverse" in order to continue.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2098/head:pr2098
git checkout pr2098
From b0d86818e3e79d05cd4e3e826bc53ecb3d01c38e Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 4 Jul 2018 10:05:32 +0200
Subject: [PATCH 1/2] ipa_tests: ipa-replica-prepare stuck on user input

TestOldReplicaWorksAfterDomainUpgrade is getting stuck while
running "ipa-replica-prepare" as it is asking for user input:
"Do you want to search for missing reverse zones?". Adding
"--auto-reverse" in order to continue.
---
 ipatests/pytest_plugins/integration/tasks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py
index 6a12e78fe7..54c12bf783 100644
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -379,7 +379,7 @@ def replica_prepare(master, replica, extra_args=(),
 '-p', replica.config.dirman_password,
 replica.hostname]
 if master_authoritative_for_client_domain(master, replica):
-args.extend(['--ip-address', replica.ip])
+args.extend(['--ip-address', replica.ip, '--auto-reverse'])
 args.extend(extra_args)
 result = master.run_command(args, raiseonerr=raiseonerr,
 stdin_text=stdin_text)

From 77b072abff2572fae9adb439dd3a8a20d00d8eb0 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 4 Jul 2018 11:23:22 +0200
Subject: [PATCH 2/2] TEMP COMMIT - activate other PRCI test

---
 .freeipa-pr-ci.yaml | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index cd3e5e5e61..c7a08f72cd 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -23,7 +23,7 @@ jobs:
 git_refspec: '{git_refspec}'
 template: &ci-master-f28
   name: freeipa/ci-master-f28
-  version: 0.1.5
+  version: 0.1.6
 timeout: 1800
 topology: *build
 
@@ -230,3 +230,15 @@ jobs:
 template: *ci-master-f28
 timeout: 3600
 topology: *master_1repl
+
+  fedora-28/test_replica_promotion_TestOldReplicaWorksAfterDomainUpgrade:
+requires: [fedora-28/build]
+priority: 50
+job:
+  class: RunPytest
+  args:
+build_url: '{fedora-28/build_url}'
+test_suite: test_integration/test_replica_promotion.py::TestOldReplicaWorksAfterDomainUpgrade
+template: *ci-master-f28
+timeout: 7200
+topology: *master_1repl
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/XDSWIQOKHRN2Y7GX47DQFAGBK6VCBDWX/

[Freeipa-devel] [freeipa PR#2092][closed] [IPA-4-6] - initialize ASN.1 object by hand.

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2092
Author: Rezney
 Title: #2092: [IPA-4-6] - initialize ASN.1 object by hand.
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2092/head:pr2092
git checkout pr2092
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/5VKOQRQVP6E3ONSTG3DS3PE2PUJXNO37/

[Freeipa-devel] [freeipa PR#2092][opened] [IPA-4-6] - initialize ASN.1 object by hand.

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2092
Author: Rezney
 Title: #2092: [IPA-4-6] - initialize ASN.1 object by hand.
Action: opened

PR body:
"""
Same workaround as for 7.5
https://github.com/freeipa/freeipa/pull/1643


"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2092/head:pr2092
git checkout pr2092
From 8837ca9e20da2b0fd9ab3ce2b880288087e5ef65 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 3 Jul 2018 08:39:11 +0200
Subject: [PATCH] initialize ASN.1 object by hand.

This workaround is needed for testing on RHEL 7.6 as native decoder is
currently not present in "python2-pyasn1-0.1.9-7.el7.noarch" package.
---
 ipatests/pytest_plugins/integration/create_caless_pki.py | 14 --
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/ipatests/pytest_plugins/integration/create_caless_pki.py b/ipatests/pytest_plugins/integration/create_caless_pki.py
index 9a2e8e26b6..8c4c158fe6 100644
--- a/ipatests/pytest_plugins/integration/create_caless_pki.py
+++ b/ipatests/pytest_plugins/integration/create_caless_pki.py
@@ -27,7 +27,6 @@
 from cryptography.x509.oid import NameOID
 from pyasn1.type import univ, char, namedtype, tag
 from pyasn1.codec.der import encoder as der_encoder
-from pyasn1.codec.native import decoder as native_decoder
 
 if six.PY3:
 unicode = str
@@ -239,7 +238,18 @@ def profile_kdc(builder, ca_nick, ca,
 'name-string': ['krbtgt', realm],
 },
 }
-name = native_decoder.decode(name, asn1Spec=KRB5PrincipalName())
+
+# Initialize ASN.1 object by hand
+# This workaround is needed for testing on RHEL 7.6 as native decoder is
+# currently not present in "python2-pyasn1-0.1.9-7.el7.noarch" package.
+name = KRB5PrincipalName()
+name['realm'] = realm
+name['principalName'] = None
+name['principalName']['name-type'] = 2
+name['principalName']['name-string'] = None
+name['principalName']['name-string'][0] = 'krbtgt'
+name['principalName']['name-string'][1] = realm
+
 name = der_encoder.encode(name)
 
 names = [x509.OtherName(x509.ObjectIdentifier('1.3.6.1.5.2.2'), name)]
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/K2R353E6INW6UZYDF6UPHAN2ULBJFKZJ/

[Freeipa-devel] [freeipa PR#2091][closed] [testing_master] Nightly PR

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2091
Author: freeipa-pr-ci
 Title: #2091: [testing_master] Nightly PR
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2091/head:pr2091
git checkout pr2091
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/FCYSKNWRBJIV7XNAORZ3MUASBRUD33NF/

[Freeipa-devel] [freeipa PR#2076][opened] ui_tests - stabilization fixes

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2076
Author: Rezney
 Title: #2076: ui_tests - stabilization fixes
Action: opened

PR body:
"""
This patch aims to fix the following tests which seems to be quite
unstable recently:

test_user::test_actions - closing notification and moving to element
to have screenshot of current place.

test_user::certificates - add wait() / close_notification

test_config::test_size_limits - add wait() to fill_input()
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2076/head:pr2076
git checkout pr2076
From 339d86d6713ed331c1e781f908ee4aa5a376e29b Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 27 Jun 2018 15:36:32 +0200
Subject: [PATCH 1/2] ui_tests: stabilization fixes

This patch aims to fix the following tests which seems to be quite
unstable recently:

test_user::test_actions - closing notification and moving to element
to have screenshot of current place.

test_user::certificates - add wait() / close_notification

test_config::test_size_limits - add wait() to fill_input()
---
 ipatests/test_webui/test_user.py | 5 +
 ipatests/test_webui/ui_driver.py | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/ipatests/test_webui/test_user.py b/ipatests/test_webui/test_user.py
index 00995744da..0529111537 100644
--- a/ipatests/test_webui/test_user.py
+++ b/ipatests/test_webui/test_user.py
@@ -237,6 +237,8 @@ def test_certificates(self):
 cert_widget_sel = "div.certificate-widget"
 
 self.add_record(user.ENTITY, user.DATA)
+self.wait()
+self.close_notifications()
 self.navigate_to_record(user.PKEY)
 
 # cert request
@@ -539,6 +541,8 @@ def test_add_delete_undo_reset_multivalue(self):
 first_mail = self.create_email_addr(user.DATA.get('pkey'))
 
 self.add_record(user.ENTITY, user.DATA)
+self.wait()
+self.close_notifications()
 self.navigate_to_record(user.DATA.get('pkey'))
 
 # add a new mail (without save) and reset
@@ -574,6 +578,7 @@ def test_add_delete_undo_reset_multivalue(self):
 # cleanup
 self.delete(user.ENTITY, [user.DATA])
 
+@screenshot
 def test_user_misc(self):
 """
 Test various miscellaneous test cases under one roof to save init time
diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
index 88774c64f7..159079ce0f 100644
--- a/ipatests/test_webui/ui_driver.py
+++ b/ipatests/test_webui/ui_driver.py
@@ -797,6 +797,7 @@ def fill_input(self, name, value, input_type="text", parent=None):
 """
 s = "div[name='%s'] input[type='%s'][name='%s']" % (name, input_type, name)
 self.fill_text(s, value, parent)
+self.wait()
 
 def fill_textarea(self, name, value, parent=None):
 """
@@ -1734,6 +1735,8 @@ def disable_action(self):
 self.action_list_action('disable')
 self.wait_for_request(n=2)
 self.assert_no_error_dialog()
+self.close_notifications()
+self.move_to_element_in_page(title)
 self.assert_class(title, 'disabled')
 
 def delete_action(self, entity, pkey, action='delete', facet='search'):

From f7425aba2f74f519ed56e2cf520087e9815f5a1c Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 27 Jun 2018 15:47:36 +0200
Subject: [PATCH 2/2] TEMP_COMMIT - activate WebUI tests

---
 .freeipa-pr-ci.yaml | 188 +++-
 1 file changed, 23 insertions(+), 165 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index f5c86c51a1..c625f06ffb 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -3,6 +3,9 @@ topologies:
 name: build
 cpu: 2
 memory: 3800
+  ipaserver: &ipaserver
+name: ipaserver
+cpu: 1
   master_1repl: &master_1repl
 name: master_1repl
 cpu: 4
@@ -27,195 +30,50 @@ jobs:
 timeout: 1800
 topology: *build
 
-  fedora-28/simple_replication:
+  fedora-28/test_webui_a_to_d:
 requires: [fedora-28/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_simple_replication.py
+test_suite: test_webui/test_automember.py test_webui/test_cert.py test_webui/test_config.py test_webui/test_delegation.py test_webui/test_dns.py
 template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
+timeout: 7200
+topology: *ipaserver
 
-  fedora-28/caless:
+  fedora-28/test_webui_g_to_m:
 requires: [fedora-28/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
+test_suite: test_webui/test_group.py test_webui/test_hbac.py test_webui/test

[Freeipa-devel] [freeipa PR#2042][opened] [Backport][ipa-4-6] Extended UI test for Certificates

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2042
Author: Rezney
 Title: #2042: [Backport][ipa-4-6] Extended UI test for Certificates
Action: opened

PR body:
"""
This PR was opened automatically because PR #1961 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2042/head:pr2042
git checkout pr2042
From 1628b78eae5dd8cb60d3340cf70a72988e91ff80 Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan Yusuf 
Date: Thu, 24 May 2018 18:56:17 +0530
Subject: [PATCH] Extended UI test for Certificates

Signed-off-by: Mohammad Rizwan Yusuf 
---
 ipatests/test_webui/test_cert.py | 478 +++
 1 file changed, 478 insertions(+)

diff --git a/ipatests/test_webui/test_cert.py b/ipatests/test_webui/test_cert.py
index c1a3461ad0..1cb8108f3a 100644
--- a/ipatests/test_webui/test_cert.py
+++ b/ipatests/test_webui/test_cert.py
@@ -23,10 +23,98 @@
 
 from ipatests.test_webui.ui_driver import UI_driver
 from ipatests.test_webui.ui_driver import screenshot
+from datetime import date, timedelta
 import pytest
 
 ENTITY = 'cert'
 
+CERT_CSR = ("""-BEGIN NEW CERTIFICATE REQUEST-
+MIICcjCCAVoCAQAwLTERMA8GA1UEChMISVBBLlRFU1QxGDAWBgNVBAMTD21hc3Rl
+ci5pcGEudGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9xZ/OT
+PC9vlwP78ACCYTOGy8C+Ho4OUF4p4PYPkns4Zdov6N/f0MlUcxY7cpAlKlAZT53b
+OphSKamc7nlNgUAzV1S6JTm1YXiTzG6mAOWWK/i3O25rNfiz0D+srlqS0ADsGPwG
+4vxuWJYwUEKcV4YgCYCJj78dD+yxoz5anVrNosN4tVGg6jfaPI9uu1T+FhsNM/AC
+EN7pa50bgeV7iBZs/pdZEXEsk18NO4W55yPAKQp5JFCL6eeBJcHTU/IuEb/YPCSr
+e873Iwzw4ZqW8dHbE10Za3VzdKPDUbtJp93rvU6imRavvifIAa3GgBuLYbpEXXcG
+B6MLHdWOApwPBoMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQClXDGZoGUSetZP
+lwx//vSN6P6y30dpiHDQiY4hCLYplpoB7V6wXXVMyuKpJjRMQ2mSdyuFge14Lvwr
+y1pE8Vg0+D99PW09tGTp54egPCKeyXptJ/1xi/Quo70OfSSI01vSczMDGTa4OfAB
+VPzE2xey1qL0a0UHqwBaSqnt6D0Xmid79YP0XkVEqZeHZvprtXzeA4dNc1GrZrjb
+7bazcPXbd7PXQaEFvmhqbDMFvu3xMBm5HJd4WkYKvBFDw4NHfT6jw/yRZXkWwJ/F
+EI0h2e9yxrSKgOEpWmeCdETZhMCljx5C2rLNqLAWJIJQ293UuVRCg4Rn6fdIefhF
+yKHlBerZ
+-END NEW CERTIFICATE REQUEST-""")
+
+ERR_SPACE = "invalid '{}': Leading and trailing spaces are not allowed"
+ERR_MUST_INTEGER = "invalid '{}': must be an integer"
+LEAST_SERIAL = "invalid '{}': must be at least 0"
+INV_DATE = ("invalid '{}': does not match any of accepted formats: "
+"%Y%m%d%H%M%SZ, %Y-%m-%dT%H:%M:%SZ, %Y-%m-%dT%H:%MZ, "
+"%Y-%m-%dZ, %Y-%m-%d %H:%M:%SZ, %Y-%m-%d %H:%MZ")
+
+
+def search_pkey(self, pkey):
+search_field_s = '.search-filter input[name=filter]'
+self.fill_text(search_field_s, pkey)
+self.action_button_click('find', parent=None)
+self.wait_for_request(n=2)
+
+
+def add_cert(self, principal, csr):
+self.facet_button_click('request_cert')
+self.fill_textbox('principal', principal)
+self.check_option('add', 'checked')
+self.fill_textarea('csr', csr)
+self.dialog_button_click('issue')
+self.assert_notification(assert_text='Certificate requested')
+self.navigate_to_entity(ENTITY)
+rows = self.get_rows()
+return rows[-1]
+
+
+def revoke_cert(self, record, reason):
+self.navigate_to_entity(ENTITY)
+self.navigate_to_row_record(record)
+self.action_list_action('revoke_cert', False)
+self.select('select[name=revocation_reason]', reason)
+self.dialog_button_click('ok')
+
+
+def check_option_negative(self, date, option):
+self.navigate_to_entity(ENTITY)
+self.select('select[name=search_option]', option)
+search_pkey(self, date)
+self.assert_last_error_dialog(INV_DATE.format(option))
+self.close_all_dialogs()
+
+
+def check_space_error(self, string, option):
+self.navigate_to_entity(ENTITY)
+self.select('select[name=search_option]', option)
+search_pkey(self, string)
+self.assert_last_error_dialog(ERR_SPACE.format(option))
+self.close_all_dialogs()
+
+
+def check_integer(self, string, option):
+"""
+Method to check if provided value is integer.
+If not check for error dialog
+"""
+self.navigate_to_entity(ENTITY)
+self.select('select[name=search_option]', option)
+search_pkey(self, string)
+self.assert_last_error_dialog(ERR_MUST_INTEGER.format(option))
+self.close_all_dialogs()
+
+
+def check_minimum_serial(self, serial, option):
+self.navigate_to_entity(ENTITY)
+self.select('select[name=search_option]', option)
+search_pkey(self, serial)
+self.assert_last_error_dialog(LEAST_SERIAL.format(option))
+self.close_all_dialogs()
+
 
 @pytest.mark.tier1
 class test_cert(UI_driver):
@@ -49,3 +137,393 @@ def test_read(self):
 rows = self.get_rows()
 self.navigate_to_row_record(rows[0])
 self.navigate_by_breadcrumb("Certificates")
+
+@screenshot
+def test_search_subject(self):
+"""
+Try to search certificate by subject
+"""
+self.init_app()
+self.navigate_to_entity(ENTITY

[Freeipa-devel] [freeipa PR#1961][closed] Extended UI test for Certificates

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1961
Author: mrizwan93
 Title: #1961: Extended UI test for Certificates
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1961/head:pr1961
git checkout pr1961
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/JAE75EJXXCKCWESEAVEXOLBNAEVKGLW6/

[Freeipa-devel] [freeipa PR#1999][closed] ui_tests: fixes for issues with sending key and focus on element

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1999
Author: Rezney
 Title: #1999: ui_tests: fixes for issues with sending key and focus on element
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1999/head:pr1999
git checkout pr1999
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/PFIADOXJJ6QM4MSNRQOZE357XOL2KXSQ/

[Freeipa-devel] [freeipa PR#2006][opened] [Backport][ipa-4-6] ui_tests: fixes for issues with sending key and focus on element

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2006
Author: Rezney
 Title: #2006: [Backport][ipa-4-6] ui_tests: fixes for issues with sending key 
and focus on element
Action: opened

PR body:
"""
This PR was opened automatically because PR #1999 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2006/head:pr2006
git checkout pr2006
From 1dd005ce24827f1032b6403e20395c33a502a7e2 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 7 Jun 2018 12:25:49 +0200
Subject: [PATCH] ui_tests: fixes for issues with sending key and focus on
 element

Fixes 2 issues in WebUI tests. One issue is that we are unable to
confirm a dialog by "Enter" keyboard - "actions.click()" helps
here to get focus on the page.

Second issue is probbaly related to screen resolution as we cannot
click to some of the action buttons (buttons which are having issue
varies).

https://pagure.io/freeipa/issue/7583
---
 ipatests/test_webui/test_service.py | 1 +
 ipatests/test_webui/ui_driver.py| 1 +
 2 files changed, 2 insertions(+)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index 621ebe60cd..74cca36be4 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -592,6 +592,7 @@ def test_add_service_using_enter(self):
 pkey = self.get_service_pkey('smtp')
 self.add_service('smtp', confirm=False)
 actions = ActionChains(self.driver)
+actions.click()
 actions.send_keys(Keys.ENTER).perform()
 self.wait(1)
 assert self.has_record(pkey)
diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
index 570e186a3e..503d139e2e 100644
--- a/ipatests/test_webui/ui_driver.py
+++ b/ipatests/test_webui/ui_driver.py
@@ -1689,6 +1689,7 @@ def action_list_action(self, name, confirm=True, confirm_btn="ok",
 expand.click()
 action_link = self.find("li[data-name=%s] a" % name, By.CSS_SELECTOR,
 context, strict=True)
+self.move_to_element_in_page(action_link)
 action_link.click()
 if confirm:
 self.wait(0.5)  # wait for dialog
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/4VSYHHWD5W37WZ5INNZRB7UOM4AYEWBA/

[Freeipa-devel] [freeipa PR#1999][opened] ui_tests: fixes for issues with sending key and focus on element

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1999
Author: Rezney
 Title: #1999: ui_tests: fixes for issues with sending key and focus on element
Action: opened

PR body:
"""
Fixes 2 issues in WebUI tests. One issue is that we are unable to
confirm a dialog by "Enter" keyboard - "actions.click()" helps
here to get focus on the page.

Second issue is probbaly related to screen resolution as we cannot
click to some of the action buttons (buttons which are having issue
varies).

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1999/head:pr1999
git checkout pr1999
From 66e3e6016192283f48f019eda8ea81d14189927c Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 7 Jun 2018 12:25:49 +0200
Subject: [PATCH 1/2] ui_tests: fixes for issues with sending key and focus on
 element

Fixes 2 issues in WebUI tests. One issue is that we are unable to
confirm a dialog by "Enter" keyboard - "actions.click()" helps
here to get focus on the page.

Second issue is probbaly related to screen resolution as we cannot
click to some of the action buttons (buttons which are having issue
varies).

https://pagure.io/freeipa/issue/7583
---
 ipatests/test_webui/test_service.py | 1 +
 ipatests/test_webui/ui_driver.py| 1 +
 2 files changed, 2 insertions(+)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index 621ebe60cd..74cca36be4 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -592,6 +592,7 @@ def test_add_service_using_enter(self):
 pkey = self.get_service_pkey('smtp')
 self.add_service('smtp', confirm=False)
 actions = ActionChains(self.driver)
+actions.click()
 actions.send_keys(Keys.ENTER).perform()
 self.wait(1)
 assert self.has_record(pkey)
diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
index 6a611f9c02..88774c64f7 100644
--- a/ipatests/test_webui/ui_driver.py
+++ b/ipatests/test_webui/ui_driver.py
@@ -1699,6 +1699,7 @@ def action_list_action(self, name, confirm=True, confirm_btn="ok",
 expand.click()
 action_link = self.find("li[data-name=%s] a" % name, By.CSS_SELECTOR,
 context, strict=True)
+self.move_to_element_in_page(action_link)
 action_link.click()
 if confirm:
 self.wait(0.5)  # wait for dialog

From 3e475642508f99f990d70313efa1109088a4b2a8 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 7 Jun 2018 12:36:31 +0200
Subject: [PATCH 2/2] TEMP_COMMIT: activate UI tests

---
 .freeipa-pr-ci.yaml | 176 +++-
 1 file changed, 23 insertions(+), 153 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index 21f1c004d7..c625f06ffb 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -3,6 +3,9 @@ topologies:
 name: build
 cpu: 2
 memory: 3800
+  ipaserver: &ipaserver
+name: ipaserver
+cpu: 1
   master_1repl: &master_1repl
 name: master_1repl
 cpu: 4
@@ -27,183 +30,50 @@ jobs:
 timeout: 1800
 topology: *build
 
-  fedora-28/simple_replication:
+  fedora-28/test_webui_a_to_d:
 requires: [fedora-28/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_simple_replication.py
+test_suite: test_webui/test_automember.py test_webui/test_cert.py test_webui/test_config.py test_webui/test_delegation.py test_webui/test_dns.py
 template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
+timeout: 7200
+topology: *ipaserver
 
-  fedora-28/caless:
+  fedora-28/test_webui_g_to_m:
 requires: [fedora-28/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
+test_suite: test_webui/test_group.py test_webui/test_hbac.py test_webui/test_host.py test_webui/test_hostgroup.py test_webui/test_idviews.py test_webui/test_krbtpolicy.py test_webui/test_misc_cases.py
 template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
+timeout: 7200
+topology: *ipaserver
 
-  fedora-28/external_ca:
+  fedora-28/test_webui_n_to_r:
 requires: [fedora-28/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
+test_suite: test_webui/test_navigation.py test_webui/test_netgroup.py test_webui/test_pwpolicy.py test_webui/

[Freeipa-devel] [freeipa PR#1995][opened] ui_tests: extend test_config.py suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1995
Author: Rezney
 Title: #1995:  ui_tests: extend test_config.py suite
Action: opened

PR body:
"""
Extend test_config.py suite with new test cases.

https://pagure.io/freeipa/issue/7576
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1995/head:pr1995
git checkout pr1995
From d0dfc5f6ed7d8a0a0d6746567316bcbb24c7da88 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 15 May 2018 12:38:00 +0200
Subject: [PATCH 1/2] ui_tests: extend test_config.py suite

Extend test_config.py suite with new test cases.

Added tests:

config_email_undo
config_groupsearch_reset
groupsearchfield_blank
groupsearchfield_existing
groupsearchfield_leading_space
groupsearchfield_notallowed
groupsearchfield_trailing_space
usersearchfield_trailing_space
sizelimit_blank
sizelimit_letter
sizelimit_space
timelimit_blank
timelimit_letter
timelimit_negative
timelimit_space
userDefaultShell_blank
userDefaultShell_leading_space
userDefaultShell_new
userDefaultShell_specialchar
userDefaultShell_trailing_space
useremail_leading_space
useremail_new
useremail_trailing_space
usergroup_new
userhomedir_blank
userhomedir_leading_space
userhomedir_numbers
userhomedir_space_inbetween
userhomedir_specialchar
userhomedir_trailing_space
usermigrationmode_disable
usermigrationmode_enable
usernamelength_blank
usernamelength_letters
usernamelength_max
usernamelength_new
usernamelength_space_inbetween
usernamelength_specialchar
userpwdexpnotify_blank
userpwdexpnotify_letters
userpwdexpnotify_max
userpwdexpnotify_space_inbetween
userpwdexpnotify_specialchar
usersearchfield_blank
usersearchfield_existing
usersearchfield_leading_space
usersearchfield_new
usersearchfield_notallowed

https://pagure.io/freeipa/issue/7576
---
 ipatests/test_webui/data_config.py |  58 +
 ipatests/test_webui/data_user.py   |   1 +
 ipatests/test_webui/test_config.py | 487 +++--
 3 files changed, 530 insertions(+), 16 deletions(-)
 create mode 100644 ipatests/test_webui/data_config.py

diff --git a/ipatests/test_webui/data_config.py b/ipatests/test_webui/data_config.py
new file mode 100644
index 00..ccef72aba2
--- /dev/null
+++ b/ipatests/test_webui/data_config.py
@@ -0,0 +1,58 @@
+#
+# Copyright (C) 2018  FreeIPA Contributors see COPYING for license
+#
+
+ENTITY = 'config'
+
+GRP_SEARCH_FIELD_DEFAULT = 'cn,description'
+USR_SEARCH_FIELD_DEFAULT = 'uid,givenname,sn,telephonenumber,ou,title'
+
+DATA = {
+'mod': [
+('textbox', 'ipasearchrecordslimit', '200'),
+('textbox', 'ipasearchtimelimit', '3'),
+],
+}
+
+DATA2 = {
+'mod': [
+('textbox', 'ipasearchrecordslimit', '100'),
+('textbox', 'ipasearchtimelimit', '2'),
+],
+}
+
+DATA_SIZE_LIMIT_LETTER = {
+'mod': [
+('textbox', 'ipasearchrecordslimit', 'a'),
+],
+}
+
+DATA_SIZE_LIMIT_SPACE = {
+'mod': [
+('textbox', 'ipasearchrecordslimit', ' space'),
+],
+}
+
+DATA_SIZE_LIMIT_NEG = {
+'mod': [
+('textbox', 'ipasearchrecordslimit', '-2'),
+],
+}
+
+DATA_TIME_LIMIT_LETTER = {
+'mod': [
+('textbox', 'ipasearchtimelimit', 'a'),
+],
+}
+
+DATA_TIME_LIMIT_SPACE = {
+'mod': [
+('textbox', 'ipasearchtimelimit', ' space'),
+],
+}
+
+DATA_TIME_LIMIT_NEG = {
+'mod': [
+('textbox', 'ipasearchtimelimit', '-2'),
+],
+}
diff --git a/ipatests/test_webui/data_user.py b/ipatests/test_webui/data_user.py
index ae62f72610..67425f0e29 100644
--- a/ipatests/test_webui/data_user.py
+++ b/ipatests/test_webui/data_user.py
@@ -111,6 +111,7 @@
 'mod': [
 ('textbox', 'givenname', 'OtherName2'),
 ('textbox', 'sn', 'OtherSurname2'),
+('textbox', 'postalcode', '007007'),
 ],
 }
 
diff --git a/ipatests/test_webui/test_config.py b/ipatests/test_webui/test_config.py
index b64e90f146..4b8280d089 100644
--- a/ipatests/test_webui/test_config.py
+++ b/ipatests/test_webui/test_config.py
@@ -23,35 +23,490 @@
 
 from ipatests.test_webui.ui_driver import UI_driver
 from ipatests.test_webui.ui_driver import screenshot
+import ipatests.test_webui.data_config as config_data
+import ipatests.test_webui.data_user as user_data
+import ipatests.test_webui.data_group as group_data
 import pytest
 
-ENTITY = 'config'
+try:
+from selenium.webdriver.common.by import By
+from selenium.webdriver.common.keys import Keys
+except ImportError:
+pass
 
-DATA = {
-'mod': [
-('textbox', 'ipasearchrecordslimit', '200'),
-('textbox', 'ipasearchtimelimit', '3'),
-],
-}
 
-DATA2 = {
-'mod': [
-('textbox', 'ipasearchrecordslimit', '100'),
-('textbox', 'ipasearchtimelimit', '2'),
-],
-}
+ERR_USR_SEARCH_SPACES = ("invalid 'usersearch': Leading and trailing spaces "
+ "are not allowed")
+ERR_USR_SEARCH_INV = ("invalid 'ipausersearchfields': attribute {} not "
+  "all

[Freeipa-devel] [freeipa PR#1942][closed] [Backport][ipa-4-6] ui_tests: extend test_selinuxusermap.py suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1942
Author: Rezney
 Title: #1942: [Backport][ipa-4-6] ui_tests: extend test_selinuxusermap.py suite
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1942/head:pr1942
git checkout pr1942
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/C27CGIFDPY7CRVEXHZJWTA2SSSYYCDSJ/

[Freeipa-devel] [freeipa PR#1944][closed] [Backport][ipa-4-6] Extend WebUI test_krbpolicy automation suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1944
Author: Rezney
 Title: #1944: [Backport][ipa-4-6] Extend WebUI test_krbpolicy automation suite
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1944/head:pr1944
git checkout pr1944
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/575GM3J52SDQHLIC26WKNKIAACWCFAKO/

[Freeipa-devel] [freeipa PR#1946][closed] [Backport][ipa-4-6] Test webui realm domains

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1946
Author: Rezney
 Title: #1946: [Backport][ipa-4-6] Test webui realm domains
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1946/head:pr1946
git checkout pr1946
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/IRLPZCOEG5FHFDHNIZ3KM6KI4JXTRUW4/

[Freeipa-devel] [freeipa PR#1946][opened] [Backport][ipa-4-6] Test webui realm domains

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1946
Author: Rezney
 Title: #1946: [Backport][ipa-4-6] Test webui realm domains
Action: opened

PR body:
"""
This PR was opened automatically because PR #1724 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1946/head:pr1946
git checkout pr1946
From d2dd6389ff1ed6ece4319b286b8d99e42ea450ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Thu, 1 Mar 2018 13:29:18 +0100
Subject: [PATCH] webui:tests: Add tests for realmd domains

This patch expands WebUI testing on realmd domains
page. The added tests are:
  test_add_single_labeled_domain
  test_dnszone_del_hooked_to_realmdomains_mod
  test_dns_reversezone_add_hooked_to_realmdomains_mod
  test_dnszone_add_hooked_to_realmdomains_mod
  test_del_domain_of_ipa_server_bug1035286
  test_add_non_dns_configured_domain_positive
  test_add_non_dns_configured_domain_negative
  test_del_domain_with_force_update
  test_del_domain_and_update
  test_del_domain_and_refresh
  test_del_domain_revert
  test_del_domain_undo_all
  test_del_domain_undo
  test_add_domain_and_update
  test_add_domain_with_trailing_space
  test_add_domain_with_leading_space
  test_add_empty_domain
  test_add_duplicate_domaini
  test_add_domain_and_revert
  test_add_domain_and_refresh
  test_add_domain_and_undo_all
  test_add_domain_and_undo
  test_add_domain_with_special_char
---
 ipatests/test_webui/test_realmdomains.py | 631 ++-
 ipatests/test_webui/ui_driver.py |  12 +
 2 files changed, 622 insertions(+), 21 deletions(-)

diff --git a/ipatests/test_webui/test_realmdomains.py b/ipatests/test_webui/test_realmdomains.py
index 56fd791ec6..08aba2df5d 100644
--- a/ipatests/test_webui/test_realmdomains.py
+++ b/ipatests/test_webui/test_realmdomains.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Authors:
 #   Petr Vobornik 
 #
@@ -19,12 +20,16 @@
 
 """
 Realm domains tests
+
+Update means Check DNS in WebUI.
+Force udpate means Force Update in WebUI.
 """
 
 from ipatests.test_webui.ui_driver import UI_driver
 from ipatests.test_webui.ui_driver import screenshot
 from ipatests.test_webui.data_dns import (
-ZONE_ENTITY, ZONE_DATA, ZONE_PKEY, ZONE_DEFAULT_FACET
+ZONE_ENTITY, FORWARD_ZONE_ENTITY, ZONE_DATA, FORWARD_ZONE_DATA,
+ZONE_PKEY, FORWARD_ZONE_PKEY, ZONE_DEFAULT_FACET
 )
 import pytest
 
@@ -41,26 +46,10 @@ def del_realm_domain(self, realmdomain, button):
 self.wait_for_request()
 self.close_notifications()
 
-@screenshot
-def test_read(self):
+def prepare_dns_zone(self, realmdomain):
 """
-Realm domains mod tests
+Prepare dns zone record for realmdomain
 """
-self.init_app()
-self.navigate_to_entity(ENTITY)
-
-# add with force - skipping DNS check
-self.add_multivalued('associateddomain', 'itest.bar')
-self.facet_button_click('save')
-self.dialog_button_click('force')
-self.wait_for_request()
-self.close_notifications()
-
-# delete
-self.del_realm_domain('itest.bar', 'force')
-self.wait_for_request()
-
-# Try adding and deleting with "Check DNS" (in html 'ok' button)
 
 # DNS check expects that the added domain will have DNS record:
 #TXT _kerberos.$domain "$REALM"
@@ -74,7 +63,6 @@ def test_read(self):
 self.navigate_to_entity(ZONE_ENTITY)
 self.add_record(ZONE_ENTITY, ZONE_DATA)
 
-realmdomain = ZONE_PKEY.strip('.')
 realm = self.config.get('ipa_realm')
 
 # remove the added domain from Realm Domain
@@ -97,14 +85,615 @@ def test_read(self):
 self.add_record(ZONE_ENTITY, DNS_RECORD_ADD_DATA,
 facet=ZONE_DEFAULT_FACET, navigate=False)
 
+def _add_associateddomain(self, values, force=False):
+"""
+Add values to associated domains and click OK or Force
+"""
+for val in values:
+self.add_multivalued('associateddomain', val)
+self.facet_button_click('save')
+self.dialog_button_click('force' if force else 'ok')
+self.wait_for_request()
+self.close_notifications()
+
+@screenshot
+def test_read(self):
+"""
+Realm domains mod tests
+"""
+self.init_app()
+self.navigate_to_entity(ENTITY)
+
+# add with force - skipping DNS check
+self._add_associateddomain(['itest.bar'], force=True)
+self.close_notifications()
+
+# delete
+self.del_realm_domain('itest.bar', 'force')
+self.wait_for_request()
+
+realmdomain = ZONE_PKEY.strip('.')
+self.prepare_dns_zone(realmdomain)
+
 # add Realm Domain and Check DNS
 self.navigate_to_entity(ENTITY)
-self.add_multivalued('associateddomain', realmdomain)
+self._add_associateddo

[Freeipa-devel] [freeipa PR#1724][closed] Test webui realm domains

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1724
Author: celestian
 Title: #1724: Test webui realm domains
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1724/head:pr1724
git checkout pr1724
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/XYNBOMVZ2KBKNMEM3DJCJZ33YG2SSO23/

[Freeipa-devel] [freeipa PR#1944][opened] [Backport][ipa-4-6] Extend WebUI test_krbpolicy automation suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1944
Author: Rezney
 Title: #1944: [Backport][ipa-4-6] Extend WebUI test_krbpolicy automation suite
Action: opened

PR body:
"""
This PR was opened automatically because PR #1923 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1944/head:pr1944
git checkout pr1944
From fb678d3b1e064b7d8ae0d4c720759c6b5d7c4745 Mon Sep 17 00:00:00 2001
From: Varun Mylaraiah 
Date: Mon, 14 May 2018 12:54:57 +0530
Subject: [PATCH] Extend WebUI test_krbpolicy suite with the following test
 cases: test_verifying_button (verify button's action in various scenarios)
 test_negative_value (verify invalid values) test_verifying_measurement_unit

https://pagure.io/freeipa/issue/7540

Signed-off-by: Varun Mylaraiah 
---
 ipatests/test_webui/test_krbtpolicy.py | 96 ++
 1 file changed, 96 insertions(+)

diff --git a/ipatests/test_webui/test_krbtpolicy.py b/ipatests/test_webui/test_krbtpolicy.py
index 2bfb964827..5ccdddf6c1 100644
--- a/ipatests/test_webui/test_krbtpolicy.py
+++ b/ipatests/test_webui/test_krbtpolicy.py
@@ -55,3 +55,99 @@ def test_mod(self):
 
 self.mod_record(ENTITY, DATA)
 self.mod_record(ENTITY, DATA2)
+
+@screenshot
+def test_verifying_button(self):
+"""
+verifying Revert, Refresh and Undo button
+"""
+self.init_app()
+self.navigate_to_entity(ENTITY)
+
+# verifying Revert, Refresh and Undo button for max renewable age
+self.button_reset('krbmaxrenewableage', '444800')
+
+# verifying Revert, Refresh and Undo button for max ticket age
+self.button_reset('krbmaxticketlife', '46400')
+
+def button_reset(self, field, value):
+"""
+testing "Revert", "Refresh" and "Undo" button
+"""
+# verifying undo button
+self.fill_textbox(field, value)
+facet = self.get_facet()
+s = ".input-group button[name='undo']"
+self._button_click(s, facet)
+self.verify_btn_action(field, value)
+self.wait_for_request(n=2)
+
+# verifying revert button
+self.fill_textbox(field, value)
+self.facet_button_click('revert')
+self.verify_btn_action(field, value)
+self.wait_for_request(n=2)
+
+# verifying refresh button
+self.fill_textbox(field, value)
+self.facet_button_click('refresh')
+self.verify_btn_action(field, value)
+self.wait_for_request(n=2)
+
+def verify_btn_action(self, field, mod_value, negative=True):
+"""
+comparing current value with modified value
+"""
+current_value = self.get_field_value(field, element="input")
+if negative:
+assert current_value != mod_value
+else:
+assert current_value == mod_value
+
+@screenshot
+def test_negative_value(self):
+"""
+Negative test for Max renew
+"""
+self.init_app()
+self.navigate_to_entity(ENTITY)
+
+# string used instead of integer
+expected_error = 'Must be an integer'
+value = 'nonInteger'
+self.modify_policy(expected_error, value)
+
+# bigger than max value
+expected_error = 'Maximum value is 2147483647'
+value = '2147483649'
+self.modify_policy(expected_error, value)
+
+# smaller than max value
+expected_error = 'Minimum value is 1'
+value = '-1'
+self.modify_policy(expected_error, value)
+
+def modify_policy(self, expected_error, value):
+"""
+modifying kerberos policy values and asserting expected error
+"""
+self.fill_textbox('krbmaxrenewableage', value)
+self.wait_for_request()
+self.assert_field_validation(expected_error)
+self.facet_button_click('revert')
+self.fill_textbox('krbmaxticketlife', value)
+self.wait_for_request()
+self.assert_field_validation(expected_error, field='krbmaxticketlife')
+self.facet_button_click('revert')
+
+@screenshot
+def test_verify_measurement_unit(self):
+"""
+verifying measurement unit for Max renew and Max life
+"""
+self.init_app()
+self.navigate_to_entity(ENTITY)
+krbmaxrenewableage = self.get_text('label[name="krbmaxrenewableage"]')
+krbmaxticketlife = self.get_text('label[name="krbmaxticketlife"]')
+assert "Max renew (seconds)" in krbmaxrenewableage
+assert "Max life (seconds)" in krbmaxticketlife
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_

[Freeipa-devel] [freeipa PR#1923][closed] Extend WebUI test_krbpolicy automation suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1923
Author: varunmylaraiah
 Title: #1923: Extend WebUI test_krbpolicy automation suite
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1923/head:pr1923
git checkout pr1923
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/TGKJHXR34Y462HBODZTHTJU6UZR4575U/

[Freeipa-devel] [freeipa PR#1925][closed] ui_tests: extend test_selinuxusermap.py suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1925
Author: Rezney
 Title: #1925: ui_tests: extend test_selinuxusermap.py suite
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1925/head:pr1925
git checkout pr1925
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/XYBKNCHWZ3SWI22GWYZ54CN4WA3CQG4E/

[Freeipa-devel] [freeipa PR#1942][opened] [Backport][ipa-4-6] ui_tests: extend test_selinuxusermap.py suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1942
Author: Rezney
 Title: #1942: [Backport][ipa-4-6] ui_tests: extend test_selinuxusermap.py suite
Action: opened

PR body:
"""
This PR was opened automatically because PR #1925 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1942/head:pr1942
git checkout pr1942
From c264735aa0c7068d14f39e653aa309fd3214fdcd Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Mon, 14 May 2018 13:31:06 +0200
Subject: [PATCH 1/2] ui_tests: extend test_selinuxusermap.py suite

Extend test_selinuxusermap.py suite with new test cases. Details in
the ticket.

We also modify "add_table_associations" to handle "cancel" and
"negative" in the way other methods works.

Lastly, we start using dialog_btn=None to test keyboard confirmation
as we did use it incorrectly with "Negative=True" where it was already
confirmed by "click".

Added tests:

addselinuxusermap_MLS_singlelevel
addselinuxusermap_cancel
addselinuxusermap_disabledhbacrule
addselinuxusermap_MLS_range
addselinuxusermap_MCS_range
addselinuxusermap_MCS_commas
addselinuxusermap_MLS_singlevalue
addselinuxusermap_multiple
addandeditselinuxusermap
selinuxusermap_undo
selinuxusermap_refresh
selinuxusermap_reset
selinuxusermap_update
selinuxusermap_backlink_cancel
selinuxusermap_backlink_reset
selinuxusermap_backlink_update
selinuxusermap_deletemultiple
add_user_selinuxusermap_cancel
add_host_selinuxusermap_cancel
add_hostgroup_selinuxusermap_cancel
selinuxusermap_requiredfield
selinuxusermap_duplicate
selinuxusermap_nonexistinguser
selinuxusermap_invalidusersyntaxMCS
selinuxusermap_invalidusersyntaxMLS
add_usernegative_selinuxusermap
selinuxusermap_addNegativeHBACrule
selinuxusermap_search
selinuxusermap_searchnegative
selinuxusermap_disablemultiple
selinuxusermap_enablemultiple
selinuxusermap_deleteNegativeHBACrule
add_selinuxusermap_adder_dialog_bug910463
delete_selinuxusermap_deleter_dialog_bug910463

https://pagure.io/freeipa/issue/7544
---
 ipatests/test_webui/data_selinuxusermap.py | 100 ++
 ipatests/test_webui/test_netgroup.py   |  10 +-
 ipatests/test_webui/test_selinuxusermap.py | 292 +++--
 ipatests/test_webui/ui_driver.py   |  16 +-
 4 files changed, 390 insertions(+), 28 deletions(-)
 create mode 100644 ipatests/test_webui/data_selinuxusermap.py

diff --git a/ipatests/test_webui/data_selinuxusermap.py b/ipatests/test_webui/data_selinuxusermap.py
new file mode 100644
index 00..c8e826bf27
--- /dev/null
+++ b/ipatests/test_webui/data_selinuxusermap.py
@@ -0,0 +1,100 @@
+#
+# Copyright (C) 2018  FreeIPA Contributors see COPYING for license
+#
+
+ENTITY = 'selinuxusermap'
+
+PKEY = 'itest-selinuxusermap'
+DATA = {
+'pkey': PKEY,
+'add': [
+('textbox', 'cn', PKEY),
+('textbox', 'ipaselinuxuser', 'user_u:s0'),
+],
+'mod': [
+('textarea', 'description', 'itest-selinuxusermap desc'),
+],
+}
+
+PKEY2 = 'itest-selinuxusermap2'
+DATA2 = {
+'pkey': PKEY2,
+'add': [
+('textbox', 'cn', PKEY2),
+('textbox', 'ipaselinuxuser', 'unconfined_u:s0-s0:c0.c1023'),
+],
+'mod': [
+('textarea', 'description', 'itest-selinuxusermap desc2'),
+],
+}
+
+PKEY_MLS_RANGE = 'itest-selinuxusermap_MLS_range'
+DATA_MLS_RANGE = {
+'pkey': PKEY_MLS_RANGE,
+'add': [
+('textbox', 'cn', PKEY_MLS_RANGE),
+('textbox', 'ipaselinuxuser', 'user_u:s0-s1'),
+],
+}
+
+PKEY_MCS_RANGE = 'itest-selinuxusermap_MLS_range'
+DATA_MCS_RANGE = {
+'pkey': PKEY_MCS_RANGE,
+'add': [
+('textbox', 'cn', PKEY_MCS_RANGE),
+('textbox', 'ipaselinuxuser', 'user_u:s0-s15:c0.c1023'),
+],
+}
+
+PKEY_MCS_COMMAS = 'itest-selinuxusermap_MCS_commas'
+DATA_MCS_COMMAS = {
+'pkey': PKEY_MCS_COMMAS,
+'add': [
+('textbox', 'cn', PKEY_MCS_COMMAS),
+('textbox', 'ipaselinuxuser', 'user_u:s0-s1:c0,c2,c15.c26'),
+],
+}
+
+PKEY_MLS_SINGLE_VAL = 'itest-selinuxusermap_MLS_single_val'
+DATA_MLS_SINGLE_VAL = {
+'pkey': PKEY_MLS_SINGLE_VAL,
+'add': [
+('textbox', 'cn', PKEY_MLS_SINGLE_VAL),
+('textbox', 'ipaselinuxuser', 'user_u:s0-s0:c0.c1023'),
+],
+}
+
+PKEY_NON_EXIST_SEUSER = 'itest-selinuxusermap_nonexistent_user'
+DATA_NON_EXIST_SEUSER = {
+'pkey': PKEY_NON_EXIST_SEUSER,
+'add': [
+('textbox', 'cn', PKEY_NON_EXIST_SEUSER),
+('textbox', 'ipaselinuxuser', 'abc:s0'),
+],
+}
+
+PKEY_INVALID_MCS = 'itest-selinuxusermap_invalid_MCS'
+DATA_INVALID_MCS = {
+'pkey': PKEY_INVALID_MCS,
+'add': [
+('textbox', 'cn', PKEY_INVALID_MCS),
+('textbox', 'ipaselinuxuser', 'user:s0:c'),
+],
+}
+
+PKEY_INVALID_MLS = 'itest-selinuxusermap_invalid_MLS'
+DATA_INVALID_MLS = {
+'pkey': PKEY_INVALID_MLS,
+'add': [
+('textbox', 'cn', PKEY_INVALID_MLS),
+('textbox', 'ipaselinuxuse

[Freeipa-devel] [freeipa PR#1929][closed] [Backport][ipa-4-6] ui_tests: improve "field_validation" method

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1929
Author: Rezney
 Title: #1929: [Backport][ipa-4-6] ui_tests: improve "field_validation" method
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1929/head:pr1929
git checkout pr1929
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1928][closed] [Backport][ipa-4-6] ui_tests: checkbox click fix

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1928
Author: Rezney
 Title: #1928: [Backport][ipa-4-6] ui_tests: checkbox click fix
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1928/head:pr1928
git checkout pr1928
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1929][opened] [Backport][ipa-4-6] ui_tests: improve "field_validation" method

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1929
Author: Rezney
 Title: #1929: [Backport][ipa-4-6] ui_tests: improve "field_validation" method
Action: opened

PR body:
"""
This PR was opened automatically because PR #1920 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1929/head:pr1929
git checkout pr1929
From ab6af97b7e6c4375d82503f9b35115dbc8666cdb Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Fri, 11 May 2018 08:20:39 +0200
Subject: [PATCH] ui_tests: improve "field_validation" method

Often when trying to check e.g. required field we pass the
method another element as parent in order to narrow down a scope
for validation. This way we can just pass "field" name to make the
process easier.

https://pagure.io/freeipa/issue/7546
---
 ipatests/test_webui/ui_driver.py | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
index 3e266dc9bf..ae66876e6d 100644
--- a/ipatests/test_webui/ui_driver.py
+++ b/ipatests/test_webui/ui_driver.py
@@ -2129,7 +2129,7 @@ def assert_action_list_action(self, action, visible=True, enabled=True,
 assert is_enabled == enabled, ('Invalid enabled state of action item %s. '
'Expected: %s') % (action, str(visible))
 
-def assert_field_validation(self, expect_error, parent=None):
+def assert_field_validation(self, expect_error, parent=None, field=None):
 """
 Assert for error in field validation
 """
@@ -2137,14 +2137,18 @@ def assert_field_validation(self, expect_error, parent=None):
 if not parent:
 parent = self.get_form()
 
+if field:
+field_s = '.widget[name="{}"]'.format(field)
+parent = self.find(field_s, By.CSS_SELECTOR, context=parent)
+
 req_field_css = '.help-block[name="error_link"]'
 
 res = self.find(req_field_css, By.CSS_SELECTOR, context=parent)
 assert expect_error in res.text, \
 'Expected error: {} not found'.format(expect_error)
 
-def assert_field_validation_required(self, parent=None):
-self.assert_field_validation('Required field', parent)
+def assert_field_validation_required(self, parent=None, field=None):
+self.assert_field_validation('Required field', parent, field)
 
 def assert_notification(self, type='success', assert_text=None):
 """
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1920][closed] ui_tests: improve "field_validation" method

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1920
Author: Rezney
 Title: #1920: ui_tests: improve "field_validation" method
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1920/head:pr1920
git checkout pr1920
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1919][closed] ui_tests: checkbox click fix

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1919
Author: Rezney
 Title: #1919: ui_tests: checkbox click fix
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1919/head:pr1919
git checkout pr1919
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1928][opened] [Backport][ipa-4-6] ui_tests: checkbox click fix

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1928
Author: Rezney
 Title: #1928: [Backport][ipa-4-6] ui_tests: checkbox click fix
Action: opened

PR body:
"""
This PR was opened automatically because PR #1919 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1928/head:pr1928
git checkout pr1928
From 1ab0ae7826073a8ebdfc43b3aafda6f0650008ee Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 10 May 2018 14:35:21 +0200
Subject: [PATCH] ui_tests: checkbox click fix

We check a box with clicking on label by default however sometimes
when a label is too short (1-2 letters) we are hitting an issue
that the checkbox obscures the label.

https://pagure.io/freeipa/issue/7547
---
 ipatests/test_webui/ui_driver.py | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
index 3e266dc9bf..87ceec6029 100644
--- a/ipatests/test_webui/ui_driver.py
+++ b/ipatests/test_webui/ui_driver.py
@@ -43,6 +43,7 @@
 from selenium.common.exceptions import InvalidElementStateException
 from selenium.common.exceptions import StaleElementReferenceException
 from selenium.common.exceptions import WebDriverException
+from selenium.common.exceptions import ElementClickInterceptedException
 from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
 from selenium.webdriver.common.keys import Keys
 from selenium.webdriver.common.by import By
@@ -902,15 +903,21 @@ def check_option(self, name, value=None, parent=None):
 s += "[@value='%s']" % value
 opts = self.find(s, "xpath", parent, many=True)
 label = None
+checkbox = None
 # Select only the one which matches exactly the name
 for o in opts:
 n = o.get_attribute("name")
 if n == name or re.match("^%s\d+$" % name, n):
 s = "label[for='%s']" % o.get_attribute("id")
 label = self.find(s, By.CSS_SELECTOR, parent, strict=True)
+checkbox = o
 break
 assert label is not None, "Option not found: %s" % name
-label.click()
+
+try:
+label.click()
+except ElementClickInterceptedException:
+checkbox.click()
 
 def select_combobox(self, name, value, parent=None, combobox_input=None):
 """
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1925][opened] ui_tests: extend test_selinuxusermap.py suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1925
Author: Rezney
 Title: #1925: ui_tests: extend test_selinuxusermap.py suite
Action: opened

PR body:
"""
Extend test_selinuxusermap.py suite with new test cases. Details in the ticket.

We also modify "add_table_associations" to handle "cancel" and "negative" in 
the way other methods works.

Lastly, we start using dialog_btn=None to test keyboard confirmation as we did 
use it incorrectly with "Negative=True" where it was already confirmed by 
"click".
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1925/head:pr1925
git checkout pr1925
From 790ff512b48d90b1f82fa8eef285b259983ac93c Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Mon, 14 May 2018 13:31:06 +0200
Subject: [PATCH 1/2] ui_tests: extend test_selinuxusermap.py suite

Extend test_selinuxusermap.py suite with new test cases. Details in
the ticket.

We also modify "add_table_associations" to handle "cancel" and
"negative" in the way other methods works.

Lastly, we start using dialog_btn=None to test keyboard confirmation
as we did use it incorrectly with "Negative=True" where it was already
confirmed by "click".

https://pagure.io/freeipa/issue/7544
---
 ipatests/test_webui/data_selinuxusermap.py | 100 +++
 ipatests/test_webui/test_netgroup.py   |   4 +-
 ipatests/test_webui/test_selinuxusermap.py | 263 +
 ipatests/test_webui/ui_driver.py   |  16 +-
 4 files changed, 376 insertions(+), 7 deletions(-)
 create mode 100644 ipatests/test_webui/data_selinuxusermap.py

diff --git a/ipatests/test_webui/data_selinuxusermap.py b/ipatests/test_webui/data_selinuxusermap.py
new file mode 100644
index 00..c8e826bf27
--- /dev/null
+++ b/ipatests/test_webui/data_selinuxusermap.py
@@ -0,0 +1,100 @@
+#
+# Copyright (C) 2018  FreeIPA Contributors see COPYING for license
+#
+
+ENTITY = 'selinuxusermap'
+
+PKEY = 'itest-selinuxusermap'
+DATA = {
+'pkey': PKEY,
+'add': [
+('textbox', 'cn', PKEY),
+('textbox', 'ipaselinuxuser', 'user_u:s0'),
+],
+'mod': [
+('textarea', 'description', 'itest-selinuxusermap desc'),
+],
+}
+
+PKEY2 = 'itest-selinuxusermap2'
+DATA2 = {
+'pkey': PKEY2,
+'add': [
+('textbox', 'cn', PKEY2),
+('textbox', 'ipaselinuxuser', 'unconfined_u:s0-s0:c0.c1023'),
+],
+'mod': [
+('textarea', 'description', 'itest-selinuxusermap desc2'),
+],
+}
+
+PKEY_MLS_RANGE = 'itest-selinuxusermap_MLS_range'
+DATA_MLS_RANGE = {
+'pkey': PKEY_MLS_RANGE,
+'add': [
+('textbox', 'cn', PKEY_MLS_RANGE),
+('textbox', 'ipaselinuxuser', 'user_u:s0-s1'),
+],
+}
+
+PKEY_MCS_RANGE = 'itest-selinuxusermap_MLS_range'
+DATA_MCS_RANGE = {
+'pkey': PKEY_MCS_RANGE,
+'add': [
+('textbox', 'cn', PKEY_MCS_RANGE),
+('textbox', 'ipaselinuxuser', 'user_u:s0-s15:c0.c1023'),
+],
+}
+
+PKEY_MCS_COMMAS = 'itest-selinuxusermap_MCS_commas'
+DATA_MCS_COMMAS = {
+'pkey': PKEY_MCS_COMMAS,
+'add': [
+('textbox', 'cn', PKEY_MCS_COMMAS),
+('textbox', 'ipaselinuxuser', 'user_u:s0-s1:c0,c2,c15.c26'),
+],
+}
+
+PKEY_MLS_SINGLE_VAL = 'itest-selinuxusermap_MLS_single_val'
+DATA_MLS_SINGLE_VAL = {
+'pkey': PKEY_MLS_SINGLE_VAL,
+'add': [
+('textbox', 'cn', PKEY_MLS_SINGLE_VAL),
+('textbox', 'ipaselinuxuser', 'user_u:s0-s0:c0.c1023'),
+],
+}
+
+PKEY_NON_EXIST_SEUSER = 'itest-selinuxusermap_nonexistent_user'
+DATA_NON_EXIST_SEUSER = {
+'pkey': PKEY_NON_EXIST_SEUSER,
+'add': [
+('textbox', 'cn', PKEY_NON_EXIST_SEUSER),
+('textbox', 'ipaselinuxuser', 'abc:s0'),
+],
+}
+
+PKEY_INVALID_MCS = 'itest-selinuxusermap_invalid_MCS'
+DATA_INVALID_MCS = {
+'pkey': PKEY_INVALID_MCS,
+'add': [
+('textbox', 'cn', PKEY_INVALID_MCS),
+('textbox', 'ipaselinuxuser', 'user:s0:c'),
+],
+}
+
+PKEY_INVALID_MLS = 'itest-selinuxusermap_invalid_MLS'
+DATA_INVALID_MLS = {
+'pkey': PKEY_INVALID_MLS,
+'add': [
+('textbox', 'cn', PKEY_INVALID_MLS),
+('textbox', 'ipaselinuxuser', 'user'),
+],
+}
+
+PKEY_FIELD_REQUIRED = 'itest-selinuxusermap_without_SELinux_user'
+DATA_FIELD_REQUIRED = {
+'pkey': PKEY_FIELD_REQUIRED,
+'add': [
+('textbox', 'cn', PKEY_FIELD_REQUIRED),
+],
+}
diff --git a/ipatests/test_webui/test_netgroup.py b/ipatests/test_webui/test_netgroup.py
index bc29cfc587..069894af81 100644
--- a/ipatests/test_webui/test_netgroup.py
+++ b/ipatests/test_webui/test_netgroup.py
@@ -68,7 +68,7 @@ def test_basic_workflows(self):
 delete=True)
 
 # add netgroup using enter
-self.add_record(netgroup.ENTITY, netgroup.DATA, negative=True)
+self.add_record(netgroup.ENTITY, netgroup.DATA, dialog_btn=None)
 actions = ActionChains(self.driver)
 actions.send_keys(Keys.ENTER).perform()
 self.w

[Freeipa-devel] [freeipa PR#1920][opened] ui_tests: improve "field_validation" method

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1920
Author: Rezney
 Title: #1920: ui_tests: improve "field_validation" method
Action: opened

PR body:
"""
Often when trying to check e.g. required field we pass the method another 
element as parent in order to narrow down a scope for validation. This way we 
can just pass "field" name to make the process easier.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1920/head:pr1920
git checkout pr1920
From 274dc0304b86ff8cd0cfbf9e89a18d86d7a30c9e Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Fri, 11 May 2018 08:20:39 +0200
Subject: [PATCH 1/2] ui_tests: improve "field_validation" method

Often when trying to check e.g. required field we pass the
method another element as parent in order to narrow down a scope
for validation. This way we can just pass "field" name to make the
process easier.
---
 ipatests/test_webui/ui_driver.py | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
index 34d21ae35d..1febc3d367 100644
--- a/ipatests/test_webui/ui_driver.py
+++ b/ipatests/test_webui/ui_driver.py
@@ -2139,7 +2139,7 @@ def assert_action_list_action(self, action, visible=True, enabled=True,
 assert is_enabled == enabled, ('Invalid enabled state of action item %s. '
'Expected: %s') % (action, str(visible))
 
-def assert_field_validation(self, expect_error, parent=None):
+def assert_field_validation(self, expect_error, parent=None, field=None):
 """
 Assert for error in field validation
 """
@@ -2147,14 +2147,18 @@ def assert_field_validation(self, expect_error, parent=None):
 if not parent:
 parent = self.get_form()
 
+if field:
+field_s = '.widget[name="{}"]'.format(field)
+parent = self.find(field_s, By.CSS_SELECTOR, context=parent)
+
 req_field_css = '.help-block[name="error_link"]'
 
 res = self.find(req_field_css, By.CSS_SELECTOR, context=parent)
 assert expect_error in res.text, \
 'Expected error: {} not found'.format(expect_error)
 
-def assert_field_validation_required(self, parent=None):
-self.assert_field_validation('Required field', parent)
+def assert_field_validation_required(self, parent=None, field=None):
+self.assert_field_validation('Required field', parent, field)
 
 def assert_notification(self, type='success', assert_text=None):
 """

From b94fc69ae3f269b154af2a04a3cfbee08098c9c5 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Fri, 11 May 2018 08:34:25 +0200
Subject: [PATCH 2/2] TEMP_COMMIT: activate web_ui tests

---
 .freeipa-pr-ci.yaml | 174 +---
 1 file changed, 28 insertions(+), 146 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index 88d34d58fc..cf937d4b6e 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -3,6 +3,9 @@ topologies:
 name: build
 cpu: 2
 memory: 3800
+  ipaserver: &ipaserver
+name: ipaserver
+cpu: 1
   master_1repl: &master_1repl
 name: master_1repl
 cpu: 4
@@ -27,183 +30,62 @@ jobs:
 timeout: 1800
 topology: *build
 
-  fedora-27/simple_replication:
+  fedora-27/test_webui_a_to_d:
 requires: [fedora-27/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_simple_replication.py
+test_suite: test_webui/test_[a-d]\*.py
 template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
+timeout: 7200
+topology: *ipaserver
 
-  fedora-27/caless:
+  fedora-27/test_webui_g_to_m:
 requires: [fedora-27/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
+test_suite: test_webui/test_[g-m]\*.py
 template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
+timeout: 7200
+topology: *ipaserver
 
-  fedora-27/external_ca:
+  fedora-27/test_webui_n_to_r:
 requires: [fedora-27/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
+test_suite: 'test_webui/test_[n-r]*.py --'
 template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
+timeout: 7200
+topology: *ipaserver
 
-  fedora-27/test_topologi

[Freeipa-devel] [freeipa PR#1919][opened] ui_tests: checkbox click fix

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1919
Author: Rezney
 Title: #1919: ui_tests: checkbox click fix
Action: opened

PR body:
"""
We check a box with clicking on label by default however sometimes when a label 
is too short 
(1-2 letters) we are hitting an issue that the checkbox obscures the label.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1919/head:pr1919
git checkout pr1919
From e2804575ee4fd88cd3a3f75681f45e82d6000635 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 10 May 2018 14:35:21 +0200
Subject: [PATCH 1/2] ui_tests: checkbox click fix

We check a box with clicking on label by default however sometimes
when a label is too short (1-2 letters) we are hitting an issue
that the checkbox obscures the label.
---
 ipatests/test_webui/ui_driver.py | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
index 34d21ae35d..239cfa7b97 100644
--- a/ipatests/test_webui/ui_driver.py
+++ b/ipatests/test_webui/ui_driver.py
@@ -42,6 +42,7 @@
 from selenium.common.exceptions import InvalidElementStateException
 from selenium.common.exceptions import StaleElementReferenceException
 from selenium.common.exceptions import WebDriverException
+from selenium.common.exceptions import ElementClickInterceptedException
 from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
 from selenium.webdriver.common.keys import Keys
 from selenium.webdriver.common.by import By
@@ -912,15 +913,21 @@ def check_option(self, name, value=None, parent=None):
 s += "[@value='%s']" % value
 opts = self.find(s, "xpath", parent, many=True)
 label = None
+checkbox = None
 # Select only the one which matches exactly the name
 for o in opts:
 n = o.get_attribute("name")
 if n == name or re.match("^%s\d+$" % name, n):
 s = "label[for='%s']" % o.get_attribute("id")
 label = self.find(s, By.CSS_SELECTOR, parent, strict=True)
+checkbox = o
 break
 assert label is not None, "Option not found: %s" % name
-label.click()
+
+try:
+label.click()
+except ElementClickInterceptedException:
+checkbox.click()
 
 def select_combobox(self, name, value, parent=None, combobox_input=None):
 """

From 6fe54e26952add3f302d05443af6a2c510d77fbf Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 10 May 2018 15:00:11 +0200
Subject: [PATCH 2/2] TEMP_COMMIT: activate WebUI tests

---
 .freeipa-pr-ci.yaml | 173 ++--
 1 file changed, 20 insertions(+), 153 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index 88d34d58fc..af48bd307a 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -27,183 +27,50 @@ jobs:
 timeout: 1800
 topology: *build
 
-  fedora-27/simple_replication:
+  fedora-27/test_webui_a_to_d:
 requires: [fedora-27/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_simple_replication.py
+test_suite: test_webui/test_[a-d]*.py
 template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
+timeout: 7200
+topology: *ipaserver
 
-  fedora-27/caless:
+  fedora-27/test_webui_g_to_m:
 requires: [fedora-27/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
+test_suite: test_webui/test_[g-m]*.py
 template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
+timeout: 7200
+topology: *ipaserver
 
-  fedora-27/external_ca:
+  fedora-27/test_webui_n_to_r:
 requires: [fedora-27/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
+test_suite: test_webui/test_[n-r]*.py
 template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
+timeout: 7200
+topology: *ipaserver
 
-  fedora-27/test_topologies:
+  fedora-27/test_webui_s_to_z:
 requires: [fedora-27/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_topologies.py
+test_suite: test_webui/test_[s-z]*.p

[Freeipa-devel] [freeipa PR#1869][opened] [Backport][ipa-4-6] ui_tests: extend test_user suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1869
Author: Rezney
 Title: #1869: [Backport][ipa-4-6] ui_tests: extend test_user suite
Action: opened

PR body:
"""
This PR was opened automatically because PR #1838 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1869/head:pr1869
git checkout pr1869
From ac46e6f069f248c20e26a9a08d43661af49ab0fe Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 19 Apr 2018 15:19:37 +0200
Subject: [PATCH 1/3] ui_tests: extend test_user suite

Extend WebUI test_user suite with the following test cases:

test_add_user_special
test_user_misc
test_ssh_keys
test_add_delete_undo_reset
test_disable_delete_admin
test_login_without_username

https://pagure.io/freeipa/issue/7507
---
 ipatests/test_webui/data_user.py | 154 +++
 ipatests/test_webui/test_user.py | 416 ++-
 2 files changed, 563 insertions(+), 7 deletions(-)

diff --git a/ipatests/test_webui/data_user.py b/ipatests/test_webui/data_user.py
index c5ed796c7b..ae62f72610 100644
--- a/ipatests/test_webui/data_user.py
+++ b/ipatests/test_webui/data_user.py
@@ -17,6 +17,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
+
 ENTITY = 'user'
 
 PKEY = 'itest-user'
@@ -35,17 +36,67 @@
 'mod': [
 ('textbox', 'givenname', 'OtherName'),
 ('textbox', 'sn', 'OtherSurname'),
+('textbox', 'initials', 'NOS'),
+('textbox', 'loginshell', '/bin/csh'),
+('textbox', 'homedirectory', '/home/alias'),
 ('multivalued', 'telephonenumber', [
 ('add', '123456789'),
 ('add', '987654321'),
 ]),
+('multivalued', 'mail', [
+('add', 'o...@ipa.test'),
+('add', 't...@ipa.test'),
+('add', 'th...@ipa.test'),
+]),
+('multivalued', 'pager', [
+('add', '1234567'),
+('add', '7654321'),
+]),
+('multivalued', 'mobile', [
+('add', '001123456'),
+('add', '001654321'),
+]),
+('multivalued', 'facsimiletelephonenumber', [
+('add', '1122334'),
+('add', '4332211'),
+]),
+('textbox', 'street', 'Wonderwall ave.'),
+('textbox', 'l', 'Atlantis'),
+('textbox', 'st', 'Universe'),
+('textbox', 'postalcode', '61600'),
+('multivalued', 'carlicense', [
+('add', 'ZLA-1336'),
+]),
+('textbox', 'ou', 'QE'),
 ('combobox', 'manager', 'admin'),
+('textbox', 'employeenumber', '123'),
+('textbox', 'employeetype', 'contractor'),
+('textbox', 'preferredlanguage', 'Spanish'),
 ],
 'mod_v': [
 ('textbox', 'givenname', 'OtherName'),
 ('textbox', 'sn', 'OtherSurname'),
+('textbox', 'initials', 'NOS'),
+('textbox', 'loginshell', '/bin/csh'),
+('textbox', 'homedirectory', '/home/alias'),
+('label', 'krbmaxrenewableage', '604800'),
+('label', 'krbmaxticketlife', '86400'),
 ('multivalued', 'telephonenumber', ['123456789', '987654321']),
+('multivalued', 'mail', ['o...@ipa.test', 't...@ipa.test',
+ 'th...@ipa.test']),
+('multivalued', 'pager', ['1234567', '7654321']),
+('multivalued', 'mobile', ['001123456', '001654321']),
+('multivalued', 'facsimiletelephonenumber', ['1122334', '4332211']),
+('textbox', 'street', 'Wonderwall ave.'),
+('textbox', 'l', 'Atlantis'),
+('textbox', 'st', 'Universe'),
+('textbox', 'postalcode', '61600'),
+('multivalued', 'carlicense', ['ZLA-1336']),
+('textbox', 'ou', 'QE'),
 ('combobox', 'manager', 'admin'),
+('textbox', 'employeenumber', '123'),
+('textbox', 'employeetype', 'contractor'),
+('textbox', 'preferredlanguage', 'Spanish'),
 ],
 }
 
@@ -85,3 +136,106 @@
 ('combobox', 'gidnumber', '7'),
 ]
 }
+
+PKEY_SPECIAL_CHARS = '1spe.cial_us-er$'
+PASSWD_SCECIAL_CHARS = '!!!@@@###$$$'
+DATA_SPECIAL_CHARS = {
+'pkey': PKEY_SPECIAL_CHARS,
+'add': [
+('textbox', 'uid', PKEY_SPECIAL_CHARS),
+('textbox', 'givenname', 'S$p|e>c--i_a%l_'),
+('textbox', 'sn', '%U&s?e+r'),
+('password', 'userpassword', PASSWD_SCECIAL_CHARS),
+('password', 'userpassword2', PASSWD_SCECIAL_CHARS),
+]
+}
+
+PKEY_LONG_LOGIN = 'itest-user' * 5
+DATA_LONG_LOGIN = {
+'pkey': PKEY_LONG_LOGIN,
+'add': [
+('textbox', 'uid', PKEY_LONG_LOGIN),
+('textbox', 'givenname', 'Name8'),
+('textbox', 'sn', 'Surname8'),
+]
+}
+
+PKEY_PASSWD_LEAD_SPACE = 'itest-user-passwd-leading-space'
+DATA_PASSWD_LEAD_SPACE = {
+'pkey': PKEY_PASSWD_LEAD_SPACE,
+'add': [
+('textbo

[Freeipa-devel] [freeipa PR#1838][closed] ui_tests: extend test_user suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1838
Author: Rezney
 Title: #1838: ui_tests: extend test_user suite
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1838/head:pr1838
git checkout pr1838
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1839][closed] WebUI tests: Extend netgroup tests with more scenarios

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1839
Author: varunmylaraiah
 Title: #1839: WebUI tests: Extend netgroup tests with more scenarios
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1839/head:pr1839
git checkout pr1839
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1868][opened] [Backport][ipa-4-6] WebUI tests: Extend netgroup tests with more scenarios

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1868
Author: Rezney
 Title: #1868: [Backport][ipa-4-6] WebUI tests: Extend netgroup tests with more 
scenarios
Action: opened

PR body:
"""
This PR was opened automatically because PR #1839 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1868/head:pr1868
git checkout pr1868
From 41f8788199fc904d7c22b8334da58280b6c26b3d Mon Sep 17 00:00:00 2001
From: Varun Mylaraiah 
Date: Wed, 18 Apr 2018 17:29:17 +0530
Subject: [PATCH] WebUI tests: Extend netgroup tests with more scenarios

Extended webui group automation test with below scenarios
Scenarios
 *add netgroup with invalid names
 *add and delete records in various scenarios
 *verify button's action in various scenarios.

https://pagure.io/freeipa/issue/7505

Signed-off-by: Varun Mylaraiah 
---
 ipatests/test_webui/data_netgroup.py |  59 
 ipatests/test_webui/test_netgroup.py | 281 +++
 ipatests/test_webui/ui_driver.py |   9 +-
 3 files changed, 347 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_webui/data_netgroup.py b/ipatests/test_webui/data_netgroup.py
index 8484ba9e14..71feaccc9e 100644
--- a/ipatests/test_webui/data_netgroup.py
+++ b/ipatests/test_webui/data_netgroup.py
@@ -41,3 +41,62 @@
 ('textarea', 'description', 'test-netgroup2 desc modified'),
 ],
 }
+
+PKEY3 = 'itest-netgroup3'
+DATA3 = {
+'pkey': PKEY3,
+'add': [
+('textbox', 'cn', PKEY3),
+('textarea', 'description', 'test-netgroup3 desc'),
+]
+}
+
+PKEY4 = 'itest-netgroup4'
+DATA4 = {
+'pkey': PKEY4,
+'add': [
+('textbox', 'cn', PKEY4),
+('textarea', 'description', 'test-netgroup4 desc'),
+]
+}
+
+PKEY5 = 'NewNetGroup'
+DATA_MIXED_CASE = {
+'pkey': PKEY5,
+'add': [
+('textbox', 'cn', PKEY5),
+('textarea', 'description', 'Trying to add mixed case netgroup name'),
+]
+}
+
+PKEY6 = 'long-netgroup-name_{}'.format('long' * 15)
+DATA_LONG_NAME = {
+'pkey': PKEY6,
+'add': [
+('textbox', 'cn', PKEY6),
+('textarea', 'description', 'Trying to add long netgroup name'),
+]
+}
+
+PKEY7 = 'a'
+DATA_SINGLE_CHAR = {
+'pkey': PKEY7,
+'add': [
+('textbox', 'cn', PKEY7),
+('textarea', 'description', 'Trying to add single character netgroup'
+' name'),
+]
+}
+
+PKEY8 = 'itest-netgroup8'
+DATA8 = {
+'pkey': PKEY8,
+'add': [
+('textbox', 'cn', PKEY8),
+('textarea', 'description', 'test-netgroup8 desc'),
+],
+'mod': [
+('textarea', 'description', 'description modified for testing buttons'
+ ),
+],
+}
diff --git a/ipatests/test_webui/test_netgroup.py b/ipatests/test_webui/test_netgroup.py
index 05036366ec..bc29cfc587 100644
--- a/ipatests/test_webui/test_netgroup.py
+++ b/ipatests/test_webui/test_netgroup.py
@@ -30,6 +30,12 @@
 from ipatests.test_webui.test_host import host_tasks, ENTITY as HOST_ENTITY
 import pytest
 
+try:
+from selenium.webdriver.common.keys import Keys
+from selenium.webdriver.common.action_chains import ActionChains
+except ImportError:
+pass
+
 
 @pytest.mark.tier1
 class test_netgroup(UI_driver):
@@ -42,6 +48,242 @@ def test_crud(self):
 self.init_app()
 self.basic_crud(netgroup.ENTITY, netgroup.DATA)
 
+@screenshot
+def test_basic_workflows(self):
+"""
+add and delete netgroup with various scenarios.
+"""
+self.init_app()
+
+# add mixed case netgroup name
+self.add_record(netgroup.ENTITY, netgroup.DATA_MIXED_CASE)
+pkey = netgroup.DATA_MIXED_CASE['pkey'].lower()
+self.delete_record(pkey)
+
+# add long netgroup name
+self.add_record(netgroup.ENTITY, netgroup.DATA_LONG_NAME, delete=True)
+
+# add single character netgroup name ticket#2671
+self.add_record(netgroup.ENTITY, netgroup.DATA_SINGLE_CHAR,
+delete=True)
+
+# add netgroup using enter
+self.add_record(netgroup.ENTITY, netgroup.DATA, negative=True)
+actions = ActionChains(self.driver)
+actions.send_keys(Keys.ENTER).perform()
+self.wait_for_request()
+self.assert_record(netgroup.PKEY)
+self.close_notifications()
+
+# delete netgroup using enter
+self.select_record(netgroup.PKEY)
+self.facet_button_click('remove')
+self.wait_for_request()
+actions.send_keys(Keys.ENTER).perform()
+self.wait_for_request()
+self.assert_record(netgroup.PKEY, negative=True)
+self.close_all_dialogs()
+
+# delete and cancel
+self.add_record(netgroup.ENTITY, netgroup.DATA)
+self.select_record(netgroup.PKEY)
+self.facet_button_click('remove')
+self.dialog_button_click('cancel')
+self.a

[Freeipa-devel] [freeipa PR#1834][closed] [Backport][ipa-4-6] webui: refresh complex pages after modification

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1834
Author: Rezney
 Title: #1834: [Backport][ipa-4-6] webui: refresh complex pages after 
modification
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1834/head:pr1834
git checkout pr1834
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1835][closed] [Backport][ipa-4-6] WebUI test :: Updated existing test_group

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1835
Author: Rezney
 Title: #1835: [Backport][ipa-4-6] WebUI test :: Updated existing test_group
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1835/head:pr1835
git checkout pr1835
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1838][opened] ui_tests: extend test_user suite

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1838
Author: Rezney
 Title: #1838: ui_tests: extend test_user suite
Action: opened

PR body:
"""
ui_tests: extend test_user suite

Extend WebUI test_user suite with the following test cases:

test_add_user_special
test_user_misc
test_ssh_keys
test_add_delete_undo_reset
test_disable_delete_admin
test_login_without_username

https://pagure.io/freeipa/issue/7507
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1838/head:pr1838
git checkout pr1838
From 83d11b8233db91a3d61555f4a0c111378e1d1ba4 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 19 Apr 2018 15:19:37 +0200
Subject: [PATCH 1/3] ui_tests: extend test_user suite

Extend WebUI test_user suite with the following test cases:

test_add_user_special
test_user_misc
test_ssh_keys
test_add_delete_undo_reset
test_disable_delete_admin
test_login_without_username

https://pagure.io/freeipa/issue/7507
---
 ipatests/test_webui/data_user.py | 155 ++
 ipatests/test_webui/test_user.py | 443 ++-
 2 files changed, 593 insertions(+), 5 deletions(-)

diff --git a/ipatests/test_webui/data_user.py b/ipatests/test_webui/data_user.py
index c5ed796c7b..87048bba5b 100644
--- a/ipatests/test_webui/data_user.py
+++ b/ipatests/test_webui/data_user.py
@@ -17,6 +17,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
+
 ENTITY = 'user'
 
 PKEY = 'itest-user'
@@ -35,17 +36,67 @@
 'mod': [
 ('textbox', 'givenname', 'OtherName'),
 ('textbox', 'sn', 'OtherSurname'),
+('textbox', 'initials', 'NOS'),
+('textbox', 'loginshell', '/bin/csh'),
+('textbox', 'homedirectory', '/home/alias'),
 ('multivalued', 'telephonenumber', [
 ('add', '123456789'),
 ('add', '987654321'),
 ]),
+('multivalued', 'mail', [
+('add', 'o...@ipa.test'),
+('add', 't...@ipa.test'),
+('add', 'th...@ipa.test'),
+]),
+('multivalued', 'pager', [
+('add', '1234567'),
+('add', '7654321'),
+]),
+('multivalued', 'mobile', [
+('add', '001123456'),
+('add', '001654321'),
+]),
+('multivalued', 'facsimiletelephonenumber', [
+('add', '1122334'),
+('add', '4332211'),
+]),
+('textbox', 'street', 'Wonderwall ave.'),
+('textbox', 'l', 'Atlantis'),
+('textbox', 'st', 'Universe'),
+('textbox', 'postalcode', '61600'),
+('multivalued', 'carlicense', [
+('add', 'ZLA-1336'),
+]),
+('textbox', 'ou', 'QE'),
 ('combobox', 'manager', 'admin'),
+('textbox', 'employeenumber', '123'),
+('textbox', 'employeetype', 'contractor'),
+('textbox', 'preferredlanguage', 'Spanish'),
 ],
 'mod_v': [
 ('textbox', 'givenname', 'OtherName'),
 ('textbox', 'sn', 'OtherSurname'),
+('textbox', 'initials', 'NOS'),
+('textbox', 'loginshell', '/bin/csh'),
+('textbox', 'homedirectory', '/home/alias'),
+('label', 'krbmaxrenewableage', '604800'),
+('label', 'krbmaxticketlife', '86400'),
 ('multivalued', 'telephonenumber', ['123456789', '987654321']),
+('multivalued', 'mail', ['o...@ipa.test', 't...@ipa.test',
+ 'th...@ipa.test']),
+('multivalued', 'pager', ['1234567', '7654321']),
+('multivalued', 'mobile', ['001123456', '001654321']),
+('multivalued', 'facsimiletelephonenumber', ['1122334', '4332211']),
+('textbox', 'street', 'Wonderwall ave.'),
+('textbox', 'l', 'Atlantis'),
+('textbox', 'st', 'Universe'),
+('textbox', 'postalcode', '61600'),
+('multivalued', 'carlicense', ['ZLA-1336']),
+('textbox', 'ou', 'QE'),
 ('combobox', 'manager', 'admin'),
+('textbox', 'employeenumber', '123'),
+('textbox', 'employeetype', 'contractor'),
+('textbox', 'preferredlanguage', 'Spanish'),
 ],
 }
 
@@ -71,6 +122,8 @@
 ('textbox', 'givenname', 'Name3'),
 ('textbox', 'sn', 'Surname3'),
 ('checkbox', 'noprivate', None),
+('password', 'userpassword', 'Supersecret123'),
+('password', 'userpassword2', 'Supersecret123'),
 ]
 }
 
@@ -85,3 +138,105 @@
 ('combobox', 'gidnumber', '7'),
 ]
 }
+
+PKEY5 = '1spe.cial_us-er$'
+DATA5 = {
+'pkey': PKEY5,
+'add': [
+('textbox', 'uid', PKEY5),
+('textbox', 'givenname', 'S$p|e>c--i_a%l_'),
+('textbox', 'sn', '%U&s?e+r'),
+('password', 'userpassword', '!!!@@@###$$$'),
+('password', 'userpassword2', '!!!@@@###$$$'),
+]
+}
+
+PKEY6 = 'itest-user' * 5
+DATA6 = {
+'pkey': PKEY6

[Freeipa-devel] [freeipa PR#1835][opened] [Backport][ipa-4-6] WebUI test :: Updated existing test_group

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1835
Author: Rezney
 Title: #1835: [Backport][ipa-4-6] WebUI test :: Updated existing test_group
Action: opened

PR body:
"""
This PR was opened automatically because PR #1728 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1835/head:pr1835
git checkout pr1835
From 1cf1b30d5e45918e6e70c647b9a5dfdf8bd5fd2b Mon Sep 17 00:00:00 2001
From: Varun Mylaraiah 
Date: Thu, 5 Apr 2018 13:21:51 +0530
Subject: [PATCH 1/2] WebUI tests: Extend user group tests with more scenarios

1) Extended webui group automation test with below scenarios
	Scenarios
	 *Add user group with invalid names
	 *Add multiple groups records at one shot
	 *Select and delete multiple records
	 *Find and delete records etc...
2) Improved add_record method to support additional use cases:
	 *confirm by additional buttons: 'Add', 'Add and add another', 'Add and Edit,' 'Cancel'
	 *add multiple records in one call (uses 'Add and add another' behavior)

https://pagure.io/freeipa/issue/7485

Signed-off-by: Varun Mylaraiah 
---
 ipatests/test_webui/data_group.py |  38 
 ipatests/test_webui/test_group.py | 185 --
 ipatests/test_webui/ui_driver.py  | 117 
 3 files changed, 273 insertions(+), 67 deletions(-)

diff --git a/ipatests/test_webui/data_group.py b/ipatests/test_webui/data_group.py
index 517f98f04b..7ef4edd390 100644
--- a/ipatests/test_webui/data_group.py
+++ b/ipatests/test_webui/data_group.py
@@ -78,3 +78,41 @@
 ('textbox', 'gidnumber', '7'),
 ]
 }
+
+PKEY7 = ''
+DATA7 = {
+'pkey': PKEY7,
+'add': [
+('textbox', 'cn', PKEY7),
+('textarea', 'description', 'Empty Group name'),
+]
+}
+
+PKEY8 = ';test-gr@up'
+DATA8 = {
+'pkey': PKEY8,
+'add': [
+('textbox', 'cn', PKEY8),
+('textarea', 'description', 'Invalid Group name'),
+]
+}
+
+PKEY9 = 'itest-group9'
+DATA9 = {
+'pkey': PKEY9,
+'add': [
+('textbox', 'cn', PKEY9),
+('textarea', 'description', 'test-group9 desc'),
+('radio', 'type', 'nonposix'),
+]
+}
+
+PKEY10 = 'itest-group10'
+DATA10 = {
+'pkey': PKEY10,
+'add': [
+('textbox', 'cn', PKEY10),
+('textarea', 'description', 'test-group10 desc'),
+('radio', 'type', 'nonposix'),
+]
+}
diff --git a/ipatests/test_webui/test_group.py b/ipatests/test_webui/test_group.py
index db9acef345..fc1a3a2d97 100644
--- a/ipatests/test_webui/test_group.py
+++ b/ipatests/test_webui/test_group.py
@@ -31,6 +31,12 @@
 import ipatests.test_webui.data_sudo as sudo
 import pytest
 
+try:
+from selenium.webdriver.common.keys import Keys
+from selenium.webdriver.common.action_chains import ActionChains
+except ImportError:
+pass
+
 
 @pytest.mark.tier1
 class test_group(UI_driver):
@@ -75,6 +81,118 @@ def test_group_types(self):
 def check_posix_enabled(self, enabled):
 self.assert_disabled("[name=gidnumber]", negative=enabled)
 
+@screenshot
+def test_add_group_negative(self):
+"""
+Negative test for adding groups
+"""
+self.init_app()
+
+self.empty_group_name()
+self.invalid_group_name()
+self.duplicate_group_name()
+self.tailing_spaces_in_group_description()
+self.leading_spaces_in_group_description()
+
+def empty_group_name(self):
+self.navigate_to_entity(group.ENTITY)
+self.facet_button_click('add')
+self.dialog_button_click('add')
+elem = self.find(".widget[name='cn']")
+self.assert_field_validation_required(elem)
+self.dialog_button_click('cancel')
+
+def invalid_group_name(self):
+expected_error = 'may only include letters, numbers, _, -, . and $'
+pkey = ';test-gr@up'
+self.navigate_to_entity(group.ENTITY)
+self.facet_button_click('add')
+self.fill_input('cn', pkey)
+elem = self.find(".widget[name='cn']")
+self.assert_field_validation(expected_error, parent=elem)
+self.dialog_button_click('cancel')
+
+def duplicate_group_name(self):
+pkey = 'editors'
+expected_error = 'group with name "editors" already exists'
+self.navigate_to_entity(group.ENTITY)
+self.facet_button_click('add')
+self.fill_input('cn', pkey)
+self.cancel_retry_dialog(expected_error)
+
+def tailing_spaces_in_group_description(self):
+pkey = 'itest_group0'
+desc = 'with_trailing_space '
+expected_error = 'invalid \'desc\': Leading and trailing ' \
+ 'spaces are not allowed'
+self.navigate_to_entity(group.ENTITY)
+self.facet_button_click('add')
+self.fill_input('cn', pkey)
+self.fill_textarea('description', desc)
+self.cancel_retry_dialog(expected_error)
+

[Freeipa-devel] [freeipa PR#1728][closed] WebUI test :: Updated existing test_group

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1728
Author: varunmylaraiah
 Title: #1728: WebUI test :: Updated existing test_group
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1728/head:pr1728
git checkout pr1728
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1782][closed] webui: refresh complex pages after modification

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1782
Author: pvoborni
 Title: #1782: webui: refresh complex pages after modification
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1782/head:pr1782
git checkout pr1782
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1834][opened] [Backport][ipa-4-6] webui: refresh complex pages after modification

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1834
Author: Rezney
 Title: #1834: [Backport][ipa-4-6] webui: refresh complex pages after 
modification
Action: opened

PR body:
"""
This PR was opened automatically because PR #1782 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1834/head:pr1834
git checkout pr1834
From 5f96d9a76c0c8757a7304a9497b8a648d458312c Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Thu, 5 Apr 2018 13:56:00 +0200
Subject: [PATCH] webui: refresh complex pages after modification

Details facet for user, hosts, service, user override entities require
complex reload as they gather information from multiple sources - e.g.
all of them do cert-find. On update only $entity-mod is execute and its
result doesn't have all information required for refresh of the page
therefore some fields are missing or empty.

This patch modifies the facets to do full refresh instead of default
load and thus the pages will have all required info.

https://pagure.io/freeipa/issue/5776
---
 install/ui/src/freeipa/host.js| 6 ++
 install/ui/src/freeipa/idviews.js | 6 ++
 install/ui/src/freeipa/service.js | 6 ++
 install/ui/src/freeipa/user.js| 5 +
 4 files changed, 23 insertions(+)

diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js
index acecff1e5b..8aa1ef9d8c 100644
--- a/install/ui/src/freeipa/host.js
+++ b/install/ui/src/freeipa/host.js
@@ -518,6 +518,12 @@ IPA.host.details_facet = function(spec, no_init) {
 return that.entity.name+'_show_'+that.get_pkey();
 };
 
+that.update_on_success = function(data, text_status, xhr) {
+that.on_update.notify();
+that.nofify_update_success();
+that.refresh();
+};
+
 if (!no_init) that.init_details_facet();
 
 return that;
diff --git a/install/ui/src/freeipa/idviews.js b/install/ui/src/freeipa/idviews.js
index 0511820e2b..b0ee8b5a03 100644
--- a/install/ui/src/freeipa/idviews.js
+++ b/install/ui/src/freeipa/idviews.js
@@ -450,6 +450,12 @@ idviews.id_override_user_details_facet = function(spec) {
 return batch;
 };
 
+that.update_on_success = function(data, text_status, xhr) {
+that.on_update.notify();
+that.nofify_update_success();
+that.refresh();
+};
+
 return that;
 };
 
diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js
index c798d2999f..93808b0122 100644
--- a/install/ui/src/freeipa/service.js
+++ b/install/ui/src/freeipa/service.js
@@ -500,6 +500,12 @@ IPA.service.details_facet = function(spec, no_init) {
 return batch;
 };
 
+that.update_on_success = function(data, text_status, xhr) {
+that.on_update.notify();
+that.nofify_update_success();
+that.refresh();
+};
+
 if (!no_init) that.init_details_facet();
 
 return that;
diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js
index 6b2bf196c3..30ab40fb33 100644
--- a/install/ui/src/freeipa/user.js
+++ b/install/ui/src/freeipa/user.js
@@ -621,6 +621,11 @@ IPA.user.details_facet = function(spec, no_init) {
 return batch;
 };
 
+that.update_on_success = function(data, text_status, xhr) {
+that.on_update.notify();
+that.nofify_update_success();
+that.refresh();
+};
 
 if (!no_init) that.init_details_facet();
 
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1780][closed] ui_tests: workaround for data disappearing

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1780
Author: Rezney
 Title: #1780:  ui_tests: workaround for data disappearing
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1780/head:pr1780
git checkout pr1780
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1780][opened] ui_tests: workaround for data disappearing

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1780
Author: Rezney
 Title: #1780:  ui_tests: workaround for data disappearing
Action: opened

PR body:
"""
Some data disappear from user details page after
the save action is performed.

https://pagure.io/freeipa/issue/5776
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1780/head:pr1780
git checkout pr1780
From cffbec83d290d2ec6cba3d1dfaab6781c68557b5 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 5 Apr 2018 09:43:02 +0200
Subject: [PATCH 1/2] ui_tests: workaround for data disappearing

Some data disappear from user details page after
the save action is performed.

https://pagure.io/freeipa/issue/5776
---
 ipatests/test_webui/ui_driver.py | 5 +
 1 file changed, 5 insertions(+)

diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
index 1cc3583979..1c6beac4b2 100644
--- a/ipatests/test_webui/ui_driver.py
+++ b/ipatests/test_webui/ui_driver.py
@@ -1329,6 +1329,11 @@ def mod_record(self, entity, data, facet='details', facet_btn='save'):
 self.facet_button_click(facet_btn)
 self.wait_for_request()
 self.wait_for_request()
+
+# Workaround until https://pagure.io/freeipa/issue/5776 is fixed
+self.facet_button_click('refresh')
+self.wait()
+
 self.assert_facet_button_enabled(facet_btn, enabled=False)
 
 def basic_crud(self, entity, data,

From 190ad0ff4426db315e130e640414fce46cf3dd2f Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 5 Apr 2018 09:52:07 +0200
Subject: [PATCH 2/2] temp PRCI commit

---
 .freeipa-pr-ci.yaml | 171 +++-
 1 file changed, 9 insertions(+), 162 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index 1c261141f0..7de92aab11 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -3,6 +3,10 @@ topologies:
 name: build
 cpu: 2
 memory: 3800
+  ipaserver: &ipaserver
+name: ipaserver
+cpu: 1
+memory: 2400
   master_1repl: &master_1repl
 name: master_1repl
 cpu: 4
@@ -27,171 +31,14 @@ jobs:
 timeout: 1800
 topology: *build
 
-  fedora-27/simple_replication:
+  fedora-27/test_webui:
 requires: [fedora-27/build]
 priority: 50
 job:
-  class: RunPytest
+  class: RunWebuiTests
   args:
 build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_simple_replication.py
+test_suite: test_webui
 template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
-
-  fedora-27/caless:
-requires: [fedora-27/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
-template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
-
-  fedora-27/external_ca:
-requires: [fedora-27/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_external_ca.py
-template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
-
-  fedora-27/test_topologies:
-requires: [fedora-27/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_topologies.py
-template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
-
-  fedora-27/test_sudo:
-requires: [fedora-27/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_sudo.py
-template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl_1client
-
-  fedora-27/test_kerberos_flags:
-requires: [fedora-27/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_kerberos_flags.py
-template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl_1client
-
-  fedora-27/test_http_kdc_proxy:
-requires: [fedora-27/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_http_kdc_proxy.py
-template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl_1client
-
-  fedora-27/test_forced_client_enrolment:
-requires: [fedora-27/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_forced_client_reenrollment.py
-template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl_1client
-
-  fedora-27/test_advise:
-re

[Freeipa-devel] [freeipa PR#1745][closed] [Backport][ipa-4-5] - WebUI tests: test_service

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1745
Author: Rezney
 Title: #1745: [Backport][ipa-4-5] - WebUI tests: test_service
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1745/head:pr1745
git checkout pr1745
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1745][opened] [Backport][ipa-4-5] - WebUI tests: test_service

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1745
Author: Rezney
 Title: #1745: [Backport][ipa-4-5] - WebUI tests: test_service
Action: opened

PR body:
"""
Extension of test_service WebUI tests.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1745/head:pr1745
git checkout pr1745
From c6d0d57fb2252ec5dd43af148c4f820d4b8325ca Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:05:03 +0100
Subject: [PATCH 01/13] ui_tests: change get_http_pkey() function

change get_http_pkey() function to more generic one in
order to get pkey for different services

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik 
---
 ipatests/test_webui/test_service.py | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index 602ae4d83b..b134b73e68 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -54,10 +54,11 @@ def load_file(self, path):
 content = file_d.read()
 return content
 
-def get_http_pkey(self):
-host = self.config.get('ipa_server')
+def get_service_pkey(self, service, host=None):
+if not host:
+host = self.config.get('ipa_server')
 realm = self.config.get('ipa_realm')
-pkey = 'HTTP/%s@%s' % (host, realm)
+pkey = '{}/{}@{}'.format(service, host, realm)
 return pkey
 
 
@@ -265,7 +266,7 @@ def test_kerberos_flags(self):
 Test Kerberos flags
 http://www.freeipa.org/page/V3/Kerberos_Flags
 """
-pkey = self.get_http_pkey()
+pkey = self.get_service_pkey('HTTP')
 name = 'ipakrbokasdelegate'
 mod = {'mod': [('checkbox', name, None)]}
 checked = ['checked']

From f9e96fb0b4dd467cfd97d511559f96ca75dc414c Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:09:08 +0100
Subject: [PATCH 02/13] ui_tests: add_host() support func in test_service

Add add_host() support func into test_service to
create temp hosts.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik 
---
 ipatests/test_webui/test_service.py | 8 
 1 file changed, 8 insertions(+)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index b134b73e68..cc7f8b1ccb 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -61,6 +61,14 @@ def get_service_pkey(self, service, host=None):
 pkey = '{}/{}@{}'.format(service, host, realm)
 return pkey
 
+def add_host(self, hostname, dns_zone, force=False):
+self.navigate_to_entity('host')
+self.facet_button_click('add')
+self.fill_textbox('hostname', hostname)
+self.fill_textbox('dnszone', dns_zone)
+if force:
+self.check_option('force', 'checked')
+self.dialog_button_click('add')
 
 @pytest.mark.tier1
 class test_service(sevice_tasks):

From 4f18f0a38323a16990db061dccce6edf367d6774 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:17:18 +0100
Subject: [PATCH 03/13] ui_tests: add_service() support func in test_service

Add add_service() support func into test_service.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik 
---
 ipatests/test_webui/test_service.py | 25 +
 1 file changed, 25 insertions(+)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index cc7f8b1ccb..1faaf8d744 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -70,6 +70,31 @@ def add_host(self, hostname, dns_zone, force=False):
 self.check_option('force', 'checked')
 self.dialog_button_click('add')
 
+def add_service(self, service,
+host=None,
+textbox=None,
+force=False,
+cancel=False,
+confirm=True):
+
+if not host:
+host = self.config.get('ipa_server')
+self.navigate_to_entity(ENTITY)
+self.facet_button_click('add')
+
+self.select_combobox('service', service, combobox_input=textbox)
+self.select_combobox('host', host)
+if force:
+self.wait(0.5)
+self.check_option('force', 'checked')
+if cancel:
+self.dialog_button_click('cancel')
+return
+if not confirm:
+return
+self.dialog_button_click('add')
+self.wait(0.3)
+self.assert_no_error_dialog()
 @pytest.mark.tier1
 class test_service(sevice_tasks):
 

From 2496155ccbef80ce2d22aa9fd6bfb44c412db14a Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:23:11 +0100
Subject: [PATCH 04/13] ui_tests: add more test cases to test_certification

Add cases for:
"cancel_cert_request", "cancel_hold_cert", "cancel_r

[Freeipa-devel] [freeipa PR#1741][closed] [Backport][ipa-4-6] - WebUI tests: test_service

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1741
Author: Rezney
 Title: #1741: [Backport][ipa-4-6] -  WebUI tests: test_service
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1741/head:pr1741
git checkout pr1741
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1741][opened] [Backport][ipa-4-6] - Web ui services backport

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1741
Author: Rezney
 Title: #1741: [Backport][ipa-4-6] - Web ui services backport
Action: opened

PR body:
"""
Web ui services backport for 4.6
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1741/head:pr1741
git checkout pr1741
From f74077828b7b6ccb4189bb3373a1eb88e5169a46 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:05:03 +0100
Subject: [PATCH 01/13] ui_tests: change get_http_pkey() function

change get_http_pkey() function to more generic one in
order to get pkey for different services

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik 
---
 ipatests/test_webui/test_service.py | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index 602ae4d83b..b134b73e68 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -54,10 +54,11 @@ def load_file(self, path):
 content = file_d.read()
 return content
 
-def get_http_pkey(self):
-host = self.config.get('ipa_server')
+def get_service_pkey(self, service, host=None):
+if not host:
+host = self.config.get('ipa_server')
 realm = self.config.get('ipa_realm')
-pkey = 'HTTP/%s@%s' % (host, realm)
+pkey = '{}/{}@{}'.format(service, host, realm)
 return pkey
 
 
@@ -265,7 +266,7 @@ def test_kerberos_flags(self):
 Test Kerberos flags
 http://www.freeipa.org/page/V3/Kerberos_Flags
 """
-pkey = self.get_http_pkey()
+pkey = self.get_service_pkey('HTTP')
 name = 'ipakrbokasdelegate'
 mod = {'mod': [('checkbox', name, None)]}
 checked = ['checked']

From 5cc3be5ee6856d8801866b24ca8506bb8ce1890b Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:09:08 +0100
Subject: [PATCH 02/13] ui_tests: add_host() support func in test_service

Add add_host() support func into test_service to
create temp hosts.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik 
---
 ipatests/test_webui/test_service.py | 8 
 1 file changed, 8 insertions(+)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index b134b73e68..cc7f8b1ccb 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -61,6 +61,14 @@ def get_service_pkey(self, service, host=None):
 pkey = '{}/{}@{}'.format(service, host, realm)
 return pkey
 
+def add_host(self, hostname, dns_zone, force=False):
+self.navigate_to_entity('host')
+self.facet_button_click('add')
+self.fill_textbox('hostname', hostname)
+self.fill_textbox('dnszone', dns_zone)
+if force:
+self.check_option('force', 'checked')
+self.dialog_button_click('add')
 
 @pytest.mark.tier1
 class test_service(sevice_tasks):

From 6e0979cb83f791d060b9882e3573108215f5cfb0 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:17:18 +0100
Subject: [PATCH 03/13] ui_tests: add_service() support func in test_service

Add add_service() support func into test_service.

https://pagure.io/freeipa/issue/7441

Reviewed-By: Petr Vobornik 
---
 ipatests/test_webui/test_service.py | 25 +
 1 file changed, 25 insertions(+)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index cc7f8b1ccb..1faaf8d744 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -70,6 +70,31 @@ def add_host(self, hostname, dns_zone, force=False):
 self.check_option('force', 'checked')
 self.dialog_button_click('add')
 
+def add_service(self, service,
+host=None,
+textbox=None,
+force=False,
+cancel=False,
+confirm=True):
+
+if not host:
+host = self.config.get('ipa_server')
+self.navigate_to_entity(ENTITY)
+self.facet_button_click('add')
+
+self.select_combobox('service', service, combobox_input=textbox)
+self.select_combobox('host', host)
+if force:
+self.wait(0.5)
+self.check_option('force', 'checked')
+if cancel:
+self.dialog_button_click('cancel')
+return
+if not confirm:
+return
+self.dialog_button_click('add')
+self.wait(0.3)
+self.assert_no_error_dialog()
 @pytest.mark.tier1
 class test_service(sevice_tasks):
 

From a22e85dc845125568847cc8e64e4d5dff0c57576 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:23:11 +0100
Subject: [PATCH 04/13] ui_tests: add more test cases to test_certification

Add cases for:
"cancel_cert_request", "cancel_hold_cert", "cancel_remove_h

[Freeipa-devel] [freeipa PR#1740][opened] test_webui: user life-cycles

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1740
Author: Rezney
 Title: #1740: test_webui: user life-cycles
Action: opened

PR body:
"""
Add user life-cycles test cases.

https://pagure.io/freeipa/issue/7463
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1740/head:pr1740
git checkout pr1740
From da41318adea1ab733b4eaf0dd6a866d7e2f0552c Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Mon, 26 Mar 2018 12:32:29 +0200
Subject: [PATCH 1/3] test_webui: add user life-cycles tests

Add user life-cycles test cases.

https://pagure.io/freeipa/issue/7463
---
 ipatests/test_webui/test_user.py | 100 +++
 1 file changed, 100 insertions(+)

diff --git a/ipatests/test_webui/test_user.py b/ipatests/test_webui/test_user.py
index bf3d359408..7a1f7a47a2 100644
--- a/ipatests/test_webui/test_user.py
+++ b/ipatests/test_webui/test_user.py
@@ -37,6 +37,10 @@
 pass
 
 
+USR_EXIST = 'user with name "{}" already exists'
+ENTRY_EXIST = 'This entry already exists'
+ACTIVE_ERR = 'active user with name "{}" already exists'
+
 @pytest.mark.tier1
 class user_tasks(UI_driver):
 def load_file(self, path):
@@ -408,3 +412,99 @@ def test_noprivate_gidnumber(self):
 
 self.add_record(user.ENTITY, user.DATA4, combobox_input='gidnumber')
 self.delete(user.ENTITY, [user.DATA4])
+
+@pytest.mark.tier1
+class TestLifeCycles(UI_driver):
+
+def test_life_cycles(self):
+"""
+Test user life-cycles
+"""
+
+self.init_app()
+
+# create "itest-user" and send him to preserved
+self.add_record(user.ENTITY, user.DATA)
+self.delete_record(user.DATA.get('pkey'), confirm_btn=None)
+self.check_option('preserve', value='true')
+self.dialog_button_click('ok')
+
+# try to add the same user again (should fail)
+self.add_record(user.ENTITY, user.DATA, assert_on=False)
+err_dialog_txt = self.get_last_error_dialog().text
+assert USR_EXIST.format(user.DATA.get('pkey')) in err_dialog_txt
+self.close_all_dialogs()
+self.wait()
+
+# restore "itest-user" user
+self.switch_to_facet('search_preserved')
+self.select_record(user.DATA.get('pkey'))
+self.button_click('undel')
+self.dialog_button_click('ok')
+self.assert_no_error_dialog()
+self.assert_notification(assert_text='1 user(s) restored')
+self.wait()
+
+# add already existing user "itest-user" to stage and try to activate
+# the latter (should fail)
+self.add_record('stageuser', user.DATA)
+self.select_record(user.DATA.get('pkey'))
+self.button_click('activate')
+self.dialog_button_click('ok')
+
+err_msg = ACTIVE_ERR.format(user.DATA.get('pkey'))
+self.assert_last_dialog_details(err_msg)
+self.dialog_button_click('ok')
+
+# delete "itest-user" staged user
+self.delete_record(user.DATA.get('pkey'))
+self.assert_record(user.DATA.get('pkey'), negative=True)
+
+# add "itest-user2" and send him to staged (through preserved)
+self.close_all_dialogs()
+self.add_record(user.ENTITY, user.DATA2)
+self.delete_record(user.DATA2.get('pkey'), confirm_btn=None)
+self.check_option('preserve', value='true')
+self.dialog_button_click('ok')
+
+self.switch_to_facet('search_preserved')
+self.select_record(user.DATA2.get('pkey'))
+self.button_click('batch_stage')
+self.dialog_button_click('ok')
+self.assert_no_error_dialog()
+self.wait(0.7)
+self.assert_notification(assert_text='1 users(s) staged')
+
+# add new "itest-user2" - one is already staged (should pass)
+self.add_record(user.ENTITY, user.DATA2)
+self.assert_record(user.DATA2.get('pkey'))
+
+# send active "itest-user2" to preserved
+self.delete_record(user.DATA2.get('pkey'), confirm_btn=None)
+self.check_option('preserve', value='true')
+self.dialog_button_click('ok')
+
+# try to activate staged "itest-user2" while one is already preserved
+# (should fail)
+self.navigate_to_entity('stageuser')
+self.select_record(user.DATA2.get('pkey'))
+self.button_click('activate')
+self.dialog_button_click('ok')
+self.assert_last_dialog_details(ENTRY_EXIST)
+self.dialog_button_click('ok')
+
+# delete preserved "itest-user2" and activate the staged one
+# (should pass)
+self.switch_to_facet('search_preserved')
+self.delete_record(user.DATA2.get('pkey'))
+
+self.navigate_to_entity('stageuser')
+self.select_record(user.DATA2.get('pkey'))
+self.button_click('activate')
+self.wait()
+self.dialog_button_click('ok')
+
+# cleanup
+self.navigate_to_entity('user')
+self.delete_re

[Freeipa-devel] [freeipa PR#1680][closed] [Backport][ipa-4-5] - Sub ca sign

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1680
Author: Rezney
 Title: #1680: [Backport][ipa-4-5] - Sub ca sign
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1680/head:pr1680
git checkout pr1680
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1680][opened] [Backport][ipa-4-5] - Sub ca sign

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1680
Author: Rezney
 Title: #1680: [Backport][ipa-4-5] - Sub ca sign
Action: opened

PR body:
"""
test to verify that replica is able to sign a certificate with
new sub CA.

https://pagure.io/freeipa/issue/7387

Reviewed-By: Fraser Tweedale 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1680/head:pr1680
git checkout pr1680
From 54a6b16619c237224f1966598a07647304b7de78 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Mon, 26 Feb 2018 15:58:17 +0100
Subject: [PATCH] ipa_tests: test signing request with subca on replica

test to verify that replica is able to sign a certificate with
new sub CA.

https://pagure.io/freeipa/issue/7387

Reviewed-By: Fraser Tweedale 
---
 .../test_integration/test_replica_promotion.py | 23 ++
 1 file changed, 23 insertions(+)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
index c093369464..4a31828183 100644
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -613,3 +613,26 @@ def test_sub_ca_key_replication(self):
   encoding='utf-8')
 # check for cert/key import error message
 assert self.ERR_MESS not in pki_debug_log
+
+def test_sign_with_subca_on_replica(self):
+master = self.master
+replica = self.replicas[0]
+
+TEST_KEY_FILE = '/etc/pki/tls/private/test_subca.key'
+TEST_CRT_FILE = '/etc/pki/tls/private/test_subca.crt'
+
+caacl_cmd = ['ipa', 'caacl-add-ca', 'hosts_services_caIPAserviceCert',
+ '--cas', self.SUBCA]
+master.run_command(caacl_cmd)
+
+request_cmd = [paths.IPA_GETCERT, 'request', '-w', '-k',
+   TEST_KEY_FILE, '-f', TEST_CRT_FILE, '-X', self.SUBCA]
+replica.run_command(request_cmd)
+
+status_cmd = [paths.IPA_GETCERT, 'status', '-v', '-f', TEST_CRT_FILE]
+status = replica.run_command(status_cmd)
+assert 'State MONITORING, stuck: no' in status.stdout_text
+
+ssl_cmd = ['openssl', 'x509', '-text', '-in', TEST_CRT_FILE]
+ssl = replica.run_command(ssl_cmd)
+assert 'Issuer: CN = {}'.format(self.SUBCA) in ssl.stdout_text
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1679][opened] WebUI tests: test_service

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1679
Author: Rezney
 Title: #1679: WebUI tests: test_service
Action: opened

PR body:
"""
Extension of test_service WebUI tests.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1679/head:pr1679
git checkout pr1679
From e998332ac0f407a3421c137a7989e6f5df01e2c6 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:05:03 +0100
Subject: [PATCH 01/14] ui_tests: change get_http_pkey() function

change get_http_pkey() function to more generic one in
order to get pkey for different services

https://pagure.io/freeipa/issue/7441
---
 ipatests/test_webui/test_service.py | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index 602ae4d83b..b134b73e68 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -54,10 +54,11 @@ def load_file(self, path):
 content = file_d.read()
 return content
 
-def get_http_pkey(self):
-host = self.config.get('ipa_server')
+def get_service_pkey(self, service, host=None):
+if not host:
+host = self.config.get('ipa_server')
 realm = self.config.get('ipa_realm')
-pkey = 'HTTP/%s@%s' % (host, realm)
+pkey = '{}/{}@{}'.format(service, host, realm)
 return pkey
 
 
@@ -265,7 +266,7 @@ def test_kerberos_flags(self):
 Test Kerberos flags
 http://www.freeipa.org/page/V3/Kerberos_Flags
 """
-pkey = self.get_http_pkey()
+pkey = self.get_service_pkey('HTTP')
 name = 'ipakrbokasdelegate'
 mod = {'mod': [('checkbox', name, None)]}
 checked = ['checked']

From c7bcc8e25aff32319b93b49f046df5a0330c8541 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:09:08 +0100
Subject: [PATCH 02/14] ui_tests: add_host() support func in test_service

Add add_host() support func into test_service to
create temp hosts.

https://pagure.io/freeipa/issue/7441
---
 ipatests/test_webui/test_service.py | 8 
 1 file changed, 8 insertions(+)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index b134b73e68..cc7f8b1ccb 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -61,6 +61,14 @@ def get_service_pkey(self, service, host=None):
 pkey = '{}/{}@{}'.format(service, host, realm)
 return pkey
 
+def add_host(self, hostname, dns_zone, force=False):
+self.navigate_to_entity('host')
+self.facet_button_click('add')
+self.fill_textbox('hostname', hostname)
+self.fill_textbox('dnszone', dns_zone)
+if force:
+self.check_option('force', 'checked')
+self.dialog_button_click('add')
 
 @pytest.mark.tier1
 class test_service(sevice_tasks):

From d90def572873e0fe8b90889a8066158b1d99de78 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:17:18 +0100
Subject: [PATCH 03/14] ui_tests: add_service() support func in test_service

Add add_service() support func into test_service.

https://pagure.io/freeipa/issue/7441
---
 ipatests/test_webui/test_service.py | 24 
 1 file changed, 24 insertions(+)

diff --git a/ipatests/test_webui/test_service.py b/ipatests/test_webui/test_service.py
index cc7f8b1ccb..ab88f865e0 100644
--- a/ipatests/test_webui/test_service.py
+++ b/ipatests/test_webui/test_service.py
@@ -70,6 +70,30 @@ def add_host(self, hostname, dns_zone, force=False):
 self.check_option('force', 'checked')
 self.dialog_button_click('add')
 
+def add_service(self, service,
+host=None,
+textbox=None,
+force=False,
+cancel=False,
+confirm=True):
+
+if not host:
+host = self.config.get('ipa_server')
+self.navigate_to_entity(ENTITY)
+self.facet_button_click('add')
+
+self.select_combobox('service', service, combobox_input=textbox)
+self.select_combobox('host', host)
+if force:
+self.check_option('force', 'checked')
+if cancel:
+self.dialog_button_click('cancel')
+return
+if not confirm:
+return
+self.dialog_button_click('add')
+self.wait(0.3)
+self.assert_no_error_dialog()
 @pytest.mark.tier1
 class test_service(sevice_tasks):
 

From e78b98e44715f714164a7761ef939608cc4595ec Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 13 Mar 2018 18:23:11 +0100
Subject: [PATCH 04/14] ui_tests: add more test cases to test_certification

Add cases for:
"cancel_cert_request", "cancel_hold_cert", "cancel_remove_hold",
"cancel_revoke_cert" and "revoke_cert"

https://pagure.io/freeipa/issue/7441
---
 ipatests/test_webui/test_service.py | 45 ++

[Freeipa-devel] [freeipa PR#1669][opened] test_caless: adjust try/except to capture all [Errno 2] - ENOENT

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1669
Author: Rezney
 Title: #1669: test_caless: adjust try/except to capture all [Errno 2] - ENOENT
Action: opened

PR body:
"""
While testing on RHEL we are getting IOError instead of OSError.
Add also IOError and check for [Errno 2] - ENOENT there.

This is mostly for compatibility reasons however should not cause
any issue as IOError is alias for OSError on Python3.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1669/head:pr1669
git checkout pr1669
From e3a519c979fd76b71505407b368c7b7068d68ca1 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Mon, 12 Mar 2018 15:06:33 +0100
Subject: [PATCH] test_caless: adjust try/except to capture all [Errno 2] -
 ENOENT

While testing on RHEL we are getting IOError instead of OSError.
Add also IOError and check for [Errno 2] - ENOENT there.

This is mostly for compatibility reasons however should not cause
any issue as IOError is alias for OSError on Python3.
---
 ipatests/test_integration/test_caless.py | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index 9be8c4f413..d3b396baf2 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -24,7 +24,7 @@
 import glob
 import contextlib
 import unittest
-
+import errno
 import pytest
 import six
 
@@ -273,8 +273,10 @@ def prepare_replica(self, _replica_number=0, replica=None, master=None,
 destination_host.transport.put_file(
 os.path.join(self.cert_dir, filename),
 os.path.join(destination_host.config.test_dir, filename))
-except OSError:
-pass
+except (IOError, OSError) as e:
+if e.errno == errno.ENOENT:
+pass
+
 extra_args = []
 if http_pkcs12_exists:
 extra_args.extend(['--http-cert-file', http_pkcs12])
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1643][closed] ipa-4-5: python2-pyasn1 workaround

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1643
Author: Rezney
 Title: #1643: ipa-4-5: python2-pyasn1 workaround
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1643/head:pr1643
git checkout pr1643
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1645][opened] ipa_tests: test signing request with subca on replica

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1645
Author: Rezney
 Title: #1645: ipa_tests: test signing request with subca on replica
Action: opened

PR body:
"""
test to verify that replica is able to sign a certificate with new sub CA.

https://pagure.io/freeipa/issue/7387
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1645/head:pr1645
git checkout pr1645
From 9cce12e1c0520e1ee2176afa15395c2aae9b7b87 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Mon, 26 Feb 2018 15:58:17 +0100
Subject: [PATCH] ipa_tests: test signing request with subca on replica

test to verify that replica is able to sign a certificate with
new sub CA.

https://pagure.io/freeipa/issue/7387
---
 .../test_integration/test_replica_promotion.py | 23 ++
 1 file changed, 23 insertions(+)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
index c093369464..7f1c07f431 100644
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -613,3 +613,26 @@ def test_sub_ca_key_replication(self):
   encoding='utf-8')
 # check for cert/key import error message
 assert self.ERR_MESS not in pki_debug_log
+
+def test_sign_with_subca_on_replica(self):
+master = self.master
+replica = self.replicas[0]
+
+SUBCA_KEY_FILE = '/etc/pki/tls/private/test_subca.key'
+SUBCA_CRT_FILE = '/etc/pki/tls/private/test_subca.crt'
+
+caacl_cmd = ['ipa', 'caacl-add-ca', 'hosts_services_caIPAserviceCert',
+ '--cas', self.SUBCA]
+master.run_command(caacl_cmd)
+
+request_cmd = [paths.IPA_GETCERT, 'request', '-w', '-k',
+   SUBCA_KEY_FILE, '-f', SUBCA_CRT_FILE, '-X', self.SUBCA]
+replica.run_command(request_cmd)
+
+status_cmd = [paths.IPA_GETCERT, 'status', '-v', '-f', SUBCA_CRT_FILE]
+status = replica.run_command(status_cmd)
+assert 'State MONITORING, stuck: no' in status.stdout_text
+
+ssl_cmd = ['openssl', 'x509', '-text', '-in', SUBCA_CRT_FILE]
+ssl = replica.run_command(ssl_cmd)
+assert 'Issuer: CN = {}'.format(self.SUBCA) in ssl.stdout_text
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1643][opened] ipa-4-5: python2-pyasn1 workaround

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1643
Author: Rezney
 Title: #1643: ipa-4-5: python2-pyasn1 workaround
Action: opened

PR body:
"""
initialize ASN.1 object by hand to make it compatible with ancient pyasn1
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1643/head:pr1643
git checkout pr1643
From 4379d5365094ba4ff794c35afe979a6e1f7bc0b5 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 1 Mar 2018 10:05:51 +0100
Subject: [PATCH] ipa-4-5: python2-pyasn1 workaround

initialize ASN.1 object by hand to make it compatible with ancient pyasn1
---
 ipatests/pytest_plugins/integration/create_caless_pki.py | 13 +++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/ipatests/pytest_plugins/integration/create_caless_pki.py b/ipatests/pytest_plugins/integration/create_caless_pki.py
index 9a2e8e26b6..543e59d607 100644
--- a/ipatests/pytest_plugins/integration/create_caless_pki.py
+++ b/ipatests/pytest_plugins/integration/create_caless_pki.py
@@ -27,7 +27,6 @@
 from cryptography.x509.oid import NameOID
 from pyasn1.type import univ, char, namedtype, tag
 from pyasn1.codec.der import encoder as der_encoder
-from pyasn1.codec.native import decoder as native_decoder
 
 if six.PY3:
 unicode = str
@@ -239,7 +238,17 @@ def profile_kdc(builder, ca_nick, ca,
 'name-string': ['krbtgt', realm],
 },
 }
-name = native_decoder.decode(name, asn1Spec=KRB5PrincipalName())
+
+# initialize ASN.1 object by hand
+# this is an ugly workaround to make it compatible with ancient pyasn1
+name = KRB5PrincipalName()
+name['realm'] = realm
+name['principalName'] = None
+name['principalName']['name-type'] = 2
+name['principalName']['name-string'] = None
+name['principalName']['name-string'][0] = 'krbtgt'
+name['principalName']['name-string'][1] = realm
+
 name = der_encoder.encode(name)
 
 names = [x509.OtherName(x509.ObjectIdentifier('1.3.6.1.5.2.2'), name)]
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1625][opened] [Backport][ipa-4-5] - test_x509: test very long OID

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1625
Author: Rezney
 Title: #1625: [Backport][ipa-4-5] - test_x509: test very long OID
Action: opened

PR body:
"""
Active Directory creates OIDs long enough to trigger a failure.
This can cause e.g. ipa-server-install failure when installing
with an externally-signed CA.

https://pagure.io/freeipa/issue/7300

Reviewed-By: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1625/head:pr1625
git checkout pr1625
From 2205e18b71ed57d14e5633fe6fa1cca4170639e3 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 5 Dec 2017 15:06:10 +0100
Subject: [PATCH] test_x509: test very long OID

Active Directory creates OIDs long enough to trigger a failure.
This can cause e.g. ipa-server-install failure when installing
with an externally-signed CA.

https://pagure.io/freeipa/issue/7300

Reviewed-By: Christian Heimes 
---
 ipatests/test_ipalib/test_x509.py | 51 +++
 1 file changed, 51 insertions(+)

diff --git a/ipatests/test_ipalib/test_x509.py b/ipatests/test_ipalib/test_x509.py
index 1ccf99d3e5..16739d8414 100644
--- a/ipatests/test_ipalib/test_x509.py
+++ b/ipatests/test_ipalib/test_x509.py
@@ -26,6 +26,7 @@
 
 import pytest
 
+from cryptography import x509 as crypto_x509
 from ipalib import x509
 from ipapython.dn import DN
 
@@ -39,6 +40,41 @@
 # The base64-encoded string 'bad cert'
 badcert = 'YmFkIGNlcnQ='
 
+long_oid_cert = '''
+-BEGIN CERTIFICATE-
+MIIFiTCCBHGgAwIBAgITSAd1bEC5lsOdnQAABzANBgkqhkiG9w0BAQsF
+ADBLMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxEjAQBgoJkiaJk/IsZAEZFgJhZDEe
+MBwGA1UEAxMVYWQtV0lOLVBQSzAxNUY5TURRLUNBMB4XDTE3MDUyNTIzNDg0NVoX
+DTE5MDUyNTIzNTg0NVowNDESMBAGA1UEChMJSVBBLkxPQ0FMMR4wHAYDVQQDExVD
+ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDyyuty6irlL89hdaSW0UyAGLsOOMgAuJwBAeuRUorR159rsSnUXLcTHIsm
+EszKhwxp3NkkawRWx/s0UN1m2+RUwMl6gvlw+G80Mz0S77C77M+2lO8HRmZGm+Wu
+zBNcc9SANHuDQ1NISfZgLiscMS0+l0T3g6/Iqtg1kPWrq/tMevfh6tJEIedSBGo4
+3xKEMSDkrvaeTuSVrgn/QT0m+WNccZa0c7X35L/hgR22/l5sr057Ef8F9vL8zUH5
+TttFBIuiWJo8A8XX9I1zYIFhWjW3OVDZPBUnhGHH6yNyXGxXMRfcrrc74eTw8ivC
+080AQuRtgwvDErB/JPDJ5w5t/ielAgMBAAGjggJ7MIICdzA9BgkrBgEEAYI3FQcE
+MDAuBiYrBgEEAYI3FQiEoqJGhYq1PoGllQqGi+F4nacAgRODs5gfgozzAAIBZAIB
+BTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUnSrC
+yW3CR0e3ilJdN6kL06P3KHMwHwYDVR0jBBgwFoAUj69xtyUNwp8on+NWO+HlxKyg
+X7AwgdgGA1UdHwSB0DCBzTCByqCBx6CBxIaBwWxkYXA6Ly8vQ049YWQtV0lOLVBQ
+SzAxNUY5TURRLUNBLENOPVdJTi1QUEswMTVGOU1EUSxDTj1DRFAsQ049UHVibGlj
+JTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixE
+Qz1hZCxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2Jq
+ZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0
+MIGxBggrBgEFBQcwAoaBpGxkYXA6Ly8vQ049YWQtV0lOLVBQSzAxNUY5TURRLUNB
+LENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+Tj1Db25maWd1cmF0aW9uLERDPWFkLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFz
+ZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MDMGA1UdIAQsMCow
+KAYmKwYBBAGCNxUIhKKiRoWKtT6BpZUKhovheJ2nAIEThrXzUYabpA4wDQYJKoZI
+hvcNAQELBQADggEBAIsFS+Qc/ufTrkuHbMmzksOpxq+OIi9rot8zy9/1Vmj6d+iP
+kB+vQ1u4/IhdQArJFNhsBzWSY9Pi8ZclovpepFeEZfXPUenyeRCU43HdMXcHXnlP
+YZfyLQWOugdo1WxK6S9qQSOSlC7BSGZWvKkiAPAwr4zNbbS+ROA2w0xaYMv0rr5W
+A4UAyzZAdqaGRJBRvCZ/uFHM5wMw0LzNCL4CqKW9jfZX0Fc2tdGx8zbTYxIdgr2D
+PL25as32r3S/m4uWqoQaK0lxK5Y97eusK2rrmidy32Jctzwl29UWq8kpjRAuD8iR
+CSc7sKqOf+fn3+fKITR2/DcSVvb0SGCr5fVVnjQ=
+-END CERTIFICATE-
+'''
+
 class test_x509(object):
 """
 Test `ipalib.x509`
@@ -119,3 +155,18 @@ def test_3_cert_contents(self):
 assert cert.serial_number == 1093
 assert cert.not_valid_before == not_before
 assert cert.not_valid_after == not_after
+
+def test_long_oid(self):
+"""
+Test cerificate with very long OID. In this case we are using a
+certificate from an opened case where one of X509v3 Certificate`s
+Policies OID is longer then 80 chars.
+"""
+cert = x509.load_certificate(long_oid_cert)
+ext = cert.extensions.get_extension_for_class(crypto_x509.
+  CertificatePolicies)
+
+assert len(ext.value) == 1
+assert ext.value[0].policy_identifier.dotted_string == (
+u'1.3.6.1.4.1.311.21.8.8950086.10656446.2706058.12775672.480128.'
+'147.13466065.13029902')
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1620][closed] [Backport][ipa-4-5] - test_caless: test PKINIT install and anchor update

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1620
Author: Rezney
 Title: #1620: [Backport][ipa-4-5] - test_caless: test PKINIT install and 
anchor update
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1620/head:pr1620
git checkout pr1620
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1619][closed] [Backport][ipa-4-5] - test for second phase of ipa-server-install with --external-ca when dirsrv instance is stopped

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1619
Author: Rezney
 Title: #1619: [Backport][ipa-4-5] - test for second phase of 
ipa-server-install with --external-ca when dirsrv instance is stopped
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1619/head:pr1619
git checkout pr1619
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1620][opened] [Backport][ipa-4-5] - test_caless: test PKINIT install and anchor update

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1620
Author: Rezney
 Title: #1620: [Backport][ipa-4-5] - test_caless: test PKINIT install and 
anchor update
Action: opened

PR body:
"""
Add test case for installing PKINIT and anchor update when using
3rd party CA after caless installation. Related to #6831 issue.

https://pagure.io/freeipa/issue/7233

Reviewed-By: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1620/head:pr1620
git checkout pr1620
From c597326f08440c75414eddabdfa845b954a1f225 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 25 Oct 2017 18:08:03 +0200
Subject: [PATCH] test_caless: test PKINIT install and anchor update

Add test case for installing PKINIT and anchor update when using
3rd party CA after caless installation. Related to #6831 issue.

https://pagure.io/freeipa/issue/7233

Reviewed-By: Christian Heimes 
---
 ipatests/test_integration/test_caless.py | 41 ++--
 1 file changed, 34 insertions(+), 7 deletions(-)

diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index b52251947c..10acbb696d 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -118,6 +118,8 @@ class CALessBase(IntegrationTest):
 def install(cls, mh):
 cls.cert_dir = tempfile.mkdtemp(prefix="ipatest-")
 cls.pem_filename = os.path.join(cls.cert_dir, 'root.pem')
+cls.ca2_crt = 'ca2_crt.pem'
+cls.ca2_kdc_crt = 'ca2_kdc_crt.pem'
 cls.cert_password = cls.master.config.admin_password
 cls.crl_path = os.path.join(cls.master.config.test_dir, 'crl')
 
@@ -319,7 +321,7 @@ def create_pkcs12(cls, nickname, filename='server.p12', password=None):
 
 # to construct whole chain e.g "ca1 - ca1/sub - ca1/sub/server"
 for index, _value in enumerate(nick_chain):
-cert_nick = '/'.join(nick_chain[:index+1])
+cert_nick = '/'.join(nick_chain[:index + 1])
 cert_path = '{}.crt'.format(os.path.join(cls.cert_dir, cert_nick))
 if os.path.isfile(cert_path):
 fname_chain.append(cert_path)
@@ -332,15 +334,17 @@ def create_pkcs12(cls, nickname, filename='server.p12', password=None):
 
 ipautil.run(["openssl", "pkcs12", "-export", "-out", filename,
  "-inkey", key_fname, "-in", certchain_fname, "-passin",
- "pass:"+cls.cert_password, "-passout", "pass:"+password,
- "-name", nickname], cwd=cls.cert_dir)
+ "pass:" + cls.cert_password, "-passout", "pass:" +
+ password, "-name", nickname], cwd=cls.cert_dir)
 
 @classmethod
-def prepare_cacert(cls, nickname):
+def prepare_cacert(cls, nickname, filename=None):
 """ Prepare pem file for root_ca_file/ca-cert-file option """
+if filename is None:
+filename = cls.pem_filename.split(os.sep)[-1]
 # create_caless_pki saves certificates with ".crt" extension by default
 fname_from_nick = '{}.crt'.format(os.path.join(cls.cert_dir, nickname))
-shutil.copy(fname_from_nick, cls.pem_filename)
+shutil.copy(fname_from_nick, os.path.join(cls.cert_dir, filename))
 
 @classmethod
 def get_pem(cls, nickname):
@@ -432,7 +436,10 @@ def test_ca_2_certs(self):
 
 self.create_pkcs12('ca1/server')
 self.prepare_cacert('ca1')
-self.prepare_cacert('ca2')
+self.prepare_cacert('ca2', filename=self.ca2_crt)
+with open(self.pem_filename, 'a') as ca1:
+with open(os.path.join(self.cert_dir, self.ca2_crt), 'r') as ca2:
+ca1.write(ca2.read())
 
 result = self.install_server()
 assert_error(result, 'root.pem contains more than one certificate')
@@ -1272,7 +1279,7 @@ def certinstall(self, mode, cert_nick=None, cert_exists=True,
 filename='server.p12', pin=_DEFAULT, stdin_text=None,
 p12_pin=None, args=None):
 if cert_nick:
-self.create_pkcs12(cert_nick, password=p12_pin)
+self.create_pkcs12(cert_nick, password=p12_pin, filename=filename)
 if pin is _DEFAULT:
 pin = self.cert_password
 if cert_exists:
@@ -1502,6 +1509,26 @@ def test_ds_old_options(self):
   args=args, stdin_text=stdin_text)
 assert_error(result, "no such option: --dirsrv-pin")
 
+def test_anon_pkinit_with_external_CA(self):
+
+test_dir = self.master.config.test_dir
+self.prepare_cacert('ca2', filename=self.ca2_crt)
+self.copy_cert(self.master, self.ca2_crt)
+
+result = self.master.run_command(['ipa-cacert-manage', 'install',
+  os.path.join(test_dir, self.ca2_crt)]
+ )
+assert result.returncode == 0
+

[Freeipa-devel] [freeipa PR#1618][closed] [Backport][ipa-4-6] - test PKINIT and anchor update

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1618
Author: Rezney
 Title: #1618: [Backport][ipa-4-6] - test PKINIT and anchor update 
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1618/head:pr1618
git checkout pr1618
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1617][closed] [Backport][ipa-4-6] - test for second phase of ipa-server-install with --external-ca when dirsrv instance is stopped

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1617
Author: Rezney
 Title: #1617: [Backport][ipa-4-6] - test for second phase of 
ipa-server-install with --external-ca when dirsrv instance is stopped
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1617/head:pr1617
git checkout pr1617
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1619][opened] [Backport][ipa-4-5] [Backport][ipa-4-6] - test for second phase of ipa-server-install with --external-ca when dirsrv instance is stopped

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1619
Author: Rezney
 Title: #1619: [Backport][ipa-4-5] [Backport][ipa-4-6] - test for second phase 
of ipa-server-install with --external-ca when dirsrv instance is stopped
Action: opened

PR body:
"""
This PR was opened automatically because PR #1617 was pushed to ipa-4-6 and 
backport to ipa-4-5 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1619/head:pr1619
git checkout pr1619
From 096fc61f75ab6ed8e668b162af3259f5fb1fb458 Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan Yusuf 
Date: Fri, 12 Jan 2018 16:58:12 +0530
Subject: [PATCH 1/2] When the dirsrv service, which gets started during the
 first ipa-server-install --external-ca phase, is not running when the second
 phase is run with --external-cert-file options, the ipa-server-install
 command fail.

This test checks if second phase installs successfully when dirsrv
is stoped.

related ticket: https://pagure.io/freeipa/issue/6611

Signed-off-by: Mohammad Rizwan Yusuf 
Reviewed-By: Stanislav Laznicka 
---
 ipatests/test_integration/test_external_ca.py | 71 +++
 1 file changed, 71 insertions(+)

diff --git a/ipatests/test_integration/test_external_ca.py b/ipatests/test_integration/test_external_ca.py
index 6d23f06de9..644642fd69 100644
--- a/ipatests/test_integration/test_external_ca.py
+++ b/ipatests/test_integration/test_external_ca.py
@@ -64,6 +64,43 @@ def match_in_journal(host, string, since='today', services=('certmonger',)):
 return match
 
 
+def install_server_external_ca_step1(host):
+"""funtion for step 1 to install the ipa server with external ca"""
+
+args = ['ipa-server-install', '-U',
+'-a', host.config.admin_password,
+'-p', host.config.dirman_password,
+'--setup-dns', '--no-forwarders',
+'-n', host.domain.name,
+'-r', host.domain.realm,
+'--domain-level=%i' % host.config.domain_level,
+'--external-ca']
+
+cmd = host.run_command(args)
+return cmd
+
+
+def install_server_external_ca_step2(host, ipa_ca_cert, root_ca_cert):
+"""funtion for step 2 to install the ipa server with external ca"""
+
+args = ['ipa-server-install',
+'-a', host.config.admin_password,
+'-p', host.config.dirman_password,
+'--external-cert-file', ipa_ca_cert,
+'--external-cert-file', root_ca_cert]
+
+cmd = host.run_command(args)
+return cmd
+
+
+def service_control_dirsrv(host, function):
+"""Function to control the dirsrv service i.e start, stop, restart etc"""
+dashed_domain = host.domain.realm.replace(".", '-')
+dirsrv_service = "dirsrv@%s.service" % dashed_domain
+cmd = host.run_command(['systemctl', function, dirsrv_service])
+assert cmd.returncode == 0
+
+
 class TestExternalCA(IntegrationTest):
 """
 Test of FreeIPA server installation with exernal CA
@@ -158,3 +195,37 @@ def test_switch_back_to_self_signed(self):
 
 result = self.master.run_command([paths.IPA_CERTUPDATE])
 assert result.returncode == 0
+
+
+class TestExternalCAdirsrvStop(IntegrationTest):
+"""When the dirsrv service, which gets started during the first
+ipa-server-install --external-ca phase, is not running when the
+second phase is run with --external-cert-file options, the
+ipa-server-install command fail.
+
+This test checks if second phase installs successfully when dirsrv
+is stoped.
+
+related ticket: https://pagure.io/freeipa/issue/6611""";
+def test_external_ca_dirsrv_stop(self):
+
+# Step 1 of ipa-server-install
+result = install_server_external_ca_step1(self.master)
+assert result.returncode == 0
+
+# stop dirsrv server.
+service_control_dirsrv(self.master, 'stop')
+
+# Sign CA, transport it to the host and get ipa and root ca paths.
+root_ca_fname, ipa_ca_fname = tasks.sign_ca_and_transport(
+self.master, paths.ROOT_IPA_CSR, ROOT_CA, IPA_CA)
+
+# Step 2 of ipa-server-install.
+result = install_server_external_ca_step2(
+self.master, ipa_ca_fname, root_ca_fname)
+assert result.returncode == 0
+
+# Make sure IPA server is working properly
+tasks.kinit_admin(self.master)
+result = self.master.run_command(['ipa', 'user-show', 'admin'])
+assert 'User login: admin' in result.stdout_text

From b15856b27a273cd140c713a72a4983852a427cf7 Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan Yusuf 
Date: Thu, 25 Jan 2018 17:01:08 +0530
Subject: [PATCH 2/2] Updated the TestExternalCA with the functions introduced
 for the steps of external CA installation.

Signed-off-by: Mohammad Rizwan Yusuf 
Reviewed-By: Stanislav Laznicka 
---
 ipatests/test_integration/test_external_ca.py | 27 ---
 1 file changed, 8 insertions(+), 19 deletions(-)

diff --git a/ipates

[Freeipa-devel] [freeipa PR#1618][opened] [Backport][ipa-4-6] - test PKINIT and anchor update

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1618
Author: Rezney
 Title: #1618: [Backport][ipa-4-6] - test PKINIT and anchor update 
Action: opened

PR body:
"""
Add test case for installing PKINIT and anchor update when using
3rd party CA after caless installation. Related to #6831 issue.

https://pagure.io/freeipa/issue/7233

Reviewed-By: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1618/head:pr1618
git checkout pr1618
From 3685bae4ddbcb3bbcd73965d829f1b8a2827c015 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 25 Oct 2017 18:08:03 +0200
Subject: [PATCH] test_caless: test PKINIT install and anchor update

Add test case for installing PKINIT and anchor update when using
3rd party CA after caless installation. Related to #6831 issue.

https://pagure.io/freeipa/issue/7233

Reviewed-By: Christian Heimes 
---
 ipatests/test_integration/test_caless.py | 41 ++--
 1 file changed, 34 insertions(+), 7 deletions(-)

diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index 36592af5d7..c6f75cc120 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -122,6 +122,8 @@ class CALessBase(IntegrationTest):
 def install(cls, mh):
 cls.cert_dir = tempfile.mkdtemp(prefix="ipatest-")
 cls.pem_filename = os.path.join(cls.cert_dir, 'root.pem')
+cls.ca2_crt = 'ca2_crt.pem'
+cls.ca2_kdc_crt = 'ca2_kdc_crt.pem'
 cls.cert_password = cls.master.config.admin_password
 cls.crl_path = os.path.join(cls.master.config.test_dir, 'crl')
 
@@ -321,7 +323,7 @@ def create_pkcs12(cls, nickname, filename='server.p12', password=None):
 
 # to construct whole chain e.g "ca1 - ca1/sub - ca1/sub/server"
 for index, _value in enumerate(nick_chain):
-cert_nick = '/'.join(nick_chain[:index+1])
+cert_nick = '/'.join(nick_chain[:index + 1])
 cert_path = '{}.crt'.format(os.path.join(cls.cert_dir, cert_nick))
 if os.path.isfile(cert_path):
 fname_chain.append(cert_path)
@@ -334,15 +336,17 @@ def create_pkcs12(cls, nickname, filename='server.p12', password=None):
 
 ipautil.run(["openssl", "pkcs12", "-export", "-out", filename,
  "-inkey", key_fname, "-in", certchain_fname, "-passin",
- "pass:"+cls.cert_password, "-passout", "pass:"+password,
- "-name", nickname], cwd=cls.cert_dir)
+ "pass:" + cls.cert_password, "-passout", "pass:" +
+ password, "-name", nickname], cwd=cls.cert_dir)
 
 @classmethod
-def prepare_cacert(cls, nickname):
+def prepare_cacert(cls, nickname, filename=None):
 """ Prepare pem file for root_ca_file/ca-cert-file option """
+if filename is None:
+filename = cls.pem_filename.split(os.sep)[-1]
 # create_caless_pki saves certificates with ".crt" extension by default
 fname_from_nick = '{}.crt'.format(os.path.join(cls.cert_dir, nickname))
-shutil.copy(fname_from_nick, cls.pem_filename)
+shutil.copy(fname_from_nick, os.path.join(cls.cert_dir, filename))
 
 @classmethod
 def get_pem(cls, nickname):
@@ -433,7 +437,10 @@ def test_ca_2_certs(self):
 
 self.create_pkcs12('ca1/server')
 self.prepare_cacert('ca1')
-self.prepare_cacert('ca2')
+self.prepare_cacert('ca2', filename=self.ca2_crt)
+with open(self.pem_filename, 'a') as ca1:
+with open(os.path.join(self.cert_dir, self.ca2_crt), 'r') as ca2:
+ca1.write(ca2.read())
 
 result = self.install_server()
 assert_error(result, 'root.pem contains more than one certificate')
@@ -1267,7 +1274,7 @@ def certinstall(self, mode, cert_nick=None, cert_exists=True,
 filename='server.p12', pin=_DEFAULT, stdin_text=None,
 p12_pin=None, args=None):
 if cert_nick:
-self.create_pkcs12(cert_nick, password=p12_pin)
+self.create_pkcs12(cert_nick, password=p12_pin, filename=filename)
 if pin is _DEFAULT:
 pin = self.cert_password
 if cert_exists:
@@ -1493,6 +1500,26 @@ def test_ds_old_options(self):
   args=args, stdin_text=stdin_text)
 assert_error(result, "no such option: --dirsrv-pin")
 
+def test_anon_pkinit_with_external_CA(self):
+
+test_dir = self.master.config.test_dir
+self.prepare_cacert('ca2', filename=self.ca2_crt)
+self.copy_cert(self.master, self.ca2_crt)
+
+result = self.master.run_command(['ipa-cacert-manage', 'install',
+  os.path.join(test_dir, self.ca2_crt)]
+ )
+assert result.returncode == 0
+result = self.mas

[Freeipa-devel] [freeipa PR#1617][opened] [Backport][ipa-4-6] - test for second phase of ipa-server-install with --external-ca when dirsrv instance is stopped

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1617
Author: Rezney
 Title: #1617: [Backport][ipa-4-6] - test for second phase of 
ipa-server-install with --external-ca when dirsrv instance is stopped
Action: opened

PR body:
"""
When the dirsrv service, which gets started during the first
ipa-server-install --external-ca phase, is not running when the
second phase is run with --external-cert-file options, the
ipa-server-install command fail.

This test checks if second phase installs successfully when dirsrv
is stoped.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1617/head:pr1617
git checkout pr1617
From 8ad0e86be3dc60016fdc12c7278cb46e86b63d8b Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan Yusuf 
Date: Fri, 12 Jan 2018 16:58:12 +0530
Subject: [PATCH 1/2] When the dirsrv service, which gets started during the
 first ipa-server-install --external-ca phase, is not running when the second
 phase is run with --external-cert-file options, the ipa-server-install
 command fail.

This test checks if second phase installs successfully when dirsrv
is stoped.

related ticket: https://pagure.io/freeipa/issue/6611

Signed-off-by: Mohammad Rizwan Yusuf 
Reviewed-By: Stanislav Laznicka 
---
 ipatests/test_integration/test_external_ca.py | 71 +++
 1 file changed, 71 insertions(+)

diff --git a/ipatests/test_integration/test_external_ca.py b/ipatests/test_integration/test_external_ca.py
index 6d23f06de9..644642fd69 100644
--- a/ipatests/test_integration/test_external_ca.py
+++ b/ipatests/test_integration/test_external_ca.py
@@ -64,6 +64,43 @@ def match_in_journal(host, string, since='today', services=('certmonger',)):
 return match
 
 
+def install_server_external_ca_step1(host):
+"""funtion for step 1 to install the ipa server with external ca"""
+
+args = ['ipa-server-install', '-U',
+'-a', host.config.admin_password,
+'-p', host.config.dirman_password,
+'--setup-dns', '--no-forwarders',
+'-n', host.domain.name,
+'-r', host.domain.realm,
+'--domain-level=%i' % host.config.domain_level,
+'--external-ca']
+
+cmd = host.run_command(args)
+return cmd
+
+
+def install_server_external_ca_step2(host, ipa_ca_cert, root_ca_cert):
+"""funtion for step 2 to install the ipa server with external ca"""
+
+args = ['ipa-server-install',
+'-a', host.config.admin_password,
+'-p', host.config.dirman_password,
+'--external-cert-file', ipa_ca_cert,
+'--external-cert-file', root_ca_cert]
+
+cmd = host.run_command(args)
+return cmd
+
+
+def service_control_dirsrv(host, function):
+"""Function to control the dirsrv service i.e start, stop, restart etc"""
+dashed_domain = host.domain.realm.replace(".", '-')
+dirsrv_service = "dirsrv@%s.service" % dashed_domain
+cmd = host.run_command(['systemctl', function, dirsrv_service])
+assert cmd.returncode == 0
+
+
 class TestExternalCA(IntegrationTest):
 """
 Test of FreeIPA server installation with exernal CA
@@ -158,3 +195,37 @@ def test_switch_back_to_self_signed(self):
 
 result = self.master.run_command([paths.IPA_CERTUPDATE])
 assert result.returncode == 0
+
+
+class TestExternalCAdirsrvStop(IntegrationTest):
+"""When the dirsrv service, which gets started during the first
+ipa-server-install --external-ca phase, is not running when the
+second phase is run with --external-cert-file options, the
+ipa-server-install command fail.
+
+This test checks if second phase installs successfully when dirsrv
+is stoped.
+
+related ticket: https://pagure.io/freeipa/issue/6611""";
+def test_external_ca_dirsrv_stop(self):
+
+# Step 1 of ipa-server-install
+result = install_server_external_ca_step1(self.master)
+assert result.returncode == 0
+
+# stop dirsrv server.
+service_control_dirsrv(self.master, 'stop')
+
+# Sign CA, transport it to the host and get ipa and root ca paths.
+root_ca_fname, ipa_ca_fname = tasks.sign_ca_and_transport(
+self.master, paths.ROOT_IPA_CSR, ROOT_CA, IPA_CA)
+
+# Step 2 of ipa-server-install.
+result = install_server_external_ca_step2(
+self.master, ipa_ca_fname, root_ca_fname)
+assert result.returncode == 0
+
+# Make sure IPA server is working properly
+tasks.kinit_admin(self.master)
+result = self.master.run_command(['ipa', 'user-show', 'admin'])
+assert 'User login: admin' in result.stdout_text

From 4328982c85fe6b6c6fdaf58d3d13080f04459223 Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan Yusuf 
Date: Thu, 25 Jan 2018 17:01:08 +0530
Subject: [PATCH 2/2] Updated the TestExternalCA with the functions introduced
 for the steps of external CA installation.

Signed-off-by: Mohammad Rizwan Yusuf 
Reviewed-By: Stanisla

[Freeipa-devel] [freeipa PR#1583][closed] [Backport][ipa-4-5]- Ca > ext > ca backport-4-5

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1583
Author: Rezney
 Title: #1583: [Backport][ipa-4-5]- Ca > ext > ca backport-4-5
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1583/head:pr1583
git checkout pr1583
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1613][closed] [Backport][ipa-4-5] - test_caless: add caless to external CA test

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1613
Author: Rezney
 Title: #1613: [Backport][ipa-4-5] - test_caless: add caless to external CA test
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1613/head:pr1613
git checkout pr1613
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1613][opened] [Backport][ipa-4-5] - test_caless: add caless to external CA test

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1613
Author: Rezney
 Title: #1613: [Backport][ipa-4-5] - test_caless: add caless to external CA test
Action: opened

PR body:
"""
Add caless to external CA test as the suite is currently
missing one.

https://pagure.io/freeipa/issue/7155

Reviewed-By: Stanislav Laznicka 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1613/head:pr1613
git checkout pr1613
From e0526bee2228cbc2d7cdd6d34887a2c3d84ba3c3 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 14 Sep 2017 15:48:40 +0200
Subject: [PATCH] test_caless: add caless to external CA test

Add caless to external CA test as the suite is currently
missing one.

https://pagure.io/freeipa/issue/7155

Reviewed-By: Stanislav Laznicka 
---
 ipatests/pytest_plugins/integration/tasks.py | 10 ++-
 ipatests/test_integration/test_caless.py | 45 
 2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py
index 421bddb72d..ee6e33dd15 100644
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -1182,7 +1182,8 @@ def install_kra(host, domain_level=None, first_instance=False, raiseonerr=True):
 return result
 
 
-def install_ca(host, domain_level=None, first_instance=False, raiseonerr=True):
+def install_ca(host, domain_level=None, first_instance=False,
+   external_ca=False, cert_files=None, raiseonerr=True):
 if domain_level is None:
 domain_level = domainlevel(host)
 command = ["ipa-ca-install", "-U", "-p", host.config.dirman_password,
@@ -1190,6 +1191,13 @@ def install_ca(host, domain_level=None, first_instance=False, raiseonerr=True):
 if domain_level == DOMAIN_LEVEL_0 and not first_instance:
 replica_file = get_replica_filename(host)
 command.append(replica_file)
+# First step of ipa-ca-install --external-ca
+if external_ca:
+command.append('--external-ca')
+# Continue with ipa-ca-install --external-ca
+if cert_files:
+for fname in cert_files:
+command.extend(['--external-cert-file', fname])
 try:
 result = host.run_command(command, raiseonerr=raiseonerr)
 finally:
diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index 6b7de61d56..9931dbc13f 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -34,6 +34,7 @@
 from ipapython.dn import DN
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration import create_caless_pki
+from ipatests.test_integration.create_external_ca import ExternalCA
 from ipatests.pytest_plugins.integration import tasks
 from ipalib.constants import DOMAIN_LEVEL_0
 
@@ -1589,3 +1590,47 @@ def test_replica_ipa_ca_install(self):
 
 ca_replica = tasks.install_ca(self.replicas[0])
 assert ca_replica.returncode == 0
+
+
+class TestServerCALessToExternalCA(CALessBase):
+"""Test server caless to extarnal CA scenario"""
+
+def test_install_caless_server(self):
+"""Install CA-less master"""
+
+self.create_pkcs12('ca1/server')
+self.prepare_cacert('ca1')
+
+master = self.install_server()
+assert master.returncode == 0
+
+def test_server_ipa_ca_install_external(self):
+"""Install external CA on master"""
+
+# First step of ipa-ca-install (get CSR)
+ca_master_pre = tasks.install_ca(self.master, external_ca=True)
+assert ca_master_pre.returncode == 0
+
+# Create external CA
+external_ca = ExternalCA()
+root_ca = external_ca.create_ca()
+
+# Get IPA CSR as string
+ipa_csr = self.master.get_file_contents('/root/ipa.csr')
+# Have CSR signed by the external CA
+ipa_ca = external_ca.sign_csr(ipa_csr)
+
+test_dir = self.master.config.test_dir
+
+root_ca_fname = os.path.join(test_dir, 'root_ca.crt')
+ipa_ca_fname = os.path.join(test_dir, 'ipa_ca.crt')
+
+# Transport certificates (string > file) to master
+self.master.put_file_contents(root_ca_fname, root_ca)
+self.master.put_file_contents(ipa_ca_fname, ipa_ca)
+
+cert_files = [root_ca_fname, ipa_ca_fname]
+
+# Continue with ipa-ca-install
+ca_master_post = tasks.install_ca(self.master, cert_files=cert_files)
+assert ca_master_post.returncode == 0
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1612][closed] [Backport][ipa-4-5]- test_caless: introduce new python makepki + fix SKI extension issue

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1612
Author: Rezney
 Title: #1612: [Backport][ipa-4-5]-  test_caless: introduce new python makepki 
+ fix SKI extension issue
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1612/head:pr1612
git checkout pr1612
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1612][opened] [Backport][ipa-4-5]- test_caless: introduce new python makepki + fix SKI extension issue

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1612
Author: Rezney
 Title: #1612: [Backport][ipa-4-5]-  test_caless: introduce new python makepki 
+ fix SKI extension issue
Action: opened

PR body:
"""
Change makepki.sh for new makepki.py which should be more
readable, maintainable and extendable than the old script.
In this test we use it as a module and import create_pki().

The new makepki adds SKI and AKI extensions for correct
cert validation.

Other minor changes needed as we do not use NSS to store our
certificates on the test controller.

https://pagure.io/freeipa/issue/7030

Signed-off-by: Michal Reznik 
Reviewed-By: Stanislav Laznicka 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1612/head:pr1612
git checkout pr1612
From f008951589fded62d931a2f644d9de60d26a15b0 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 28 Jun 2017 10:28:48 +0200
Subject: [PATCH] test_caless: introduce new python makepki + fix SKI extension
 issue

Change makepki.sh for new makepki.py which should be more
readable, maintainable and extendable than the old script.
In this test we use it as a module and import create_pki().

The new makepki adds SKI and AKI extensions for correct
cert validation.

Other minor changes needed as we do not use NSS to store our
certificates on the test controller.

https://pagure.io/freeipa/issue/7030

Signed-off-by: Michal Reznik 
Reviewed-By: Stanislav Laznicka 
---
 ipatests/test_integration/create_caless_pki.py | 548 +
 .../test_integration/scripts/caless-create-pki | 188 ---
 ipatests/test_integration/test_caless.py   | 450 +
 3 files changed, 768 insertions(+), 418 deletions(-)
 create mode 100644 ipatests/test_integration/create_caless_pki.py
 delete mode 100644 ipatests/test_integration/scripts/caless-create-pki

diff --git a/ipatests/test_integration/create_caless_pki.py b/ipatests/test_integration/create_caless_pki.py
new file mode 100644
index 00..ddad3f96bc
--- /dev/null
+++ b/ipatests/test_integration/create_caless_pki.py
@@ -0,0 +1,548 @@
+# Copyright (c) 2015-2017, Jan Cholasta 
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
+# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
+import collections
+import datetime
+import itertools
+import os
+import os.path
+import six
+
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.x509.oid import NameOID
+from pyasn1.type import univ, char, namedtype, tag
+from pyasn1.codec.der import encoder as der_encoder
+from pyasn1.codec.native import decoder as native_decoder
+
+if six.PY3:
+unicode = str
+
+DAY = datetime.timedelta(days=1)
+YEAR = 365 * DAY
+
+# we get the variables from ca_less test
+domain = None
+realm = None
+server1 = None
+server2 = None
+client = None
+password = None
+cert_dir = None
+
+CertInfo = collections.namedtuple('CertInfo', 'nick key cert counter')
+
+
+class PrincipalName(univ.Sequence):
+'''See RFC 4120 for details'''
+componentType = namedtype.NamedTypes(
+namedtype.NamedType(
+'name-type',
+univ.Integer().subtype(
+explicitTag=tag.Tag(
+tag.tagClassContext,
+tag.tagFormatSimple,
+0,
+),
+),
+),
+namedtype.NamedType(
+'name-string',
+univ.SequenceOf(char.GeneralString()).subtype(
+explicitTag=tag.Tag(
+tag.tagClassContext,
+tag.tagFormatSimple,
+1,
+),
+),
+),
+)
+
+
+class KRB5PrincipalName(univ.Sequence):
+'''See RFC 4556 for details'''
+componentType = namedtype.NamedTypes(
+namedtype.NamedType(
+'realm',
+char.GeneralString().subtype(
+explicitTag=tag.Tag(
+tag.tagClassContext,
+tag.tagFormatSimple,
+0,
+),
+),
+),
+namedtype.NamedType(
+'principalName',
+PrincipalName().subtype(
+ 

[Freeipa-devel] [freeipa PR#1574][closed] [Backport][ipa-4-5] - ipa_tests: test subca key replication

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1574
Author: Rezney
 Title: #1574: [Backport][ipa-4-5] - ipa_tests: test subca key replication
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1574/head:pr1574
git checkout pr1574
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1583][opened] [Backport][ipa-4-5]- Ca > ext > ca backport-4-5

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1583
Author: Rezney
 Title: #1583: [Backport][ipa-4-5]- Ca > ext > ca backport-4-5
Action: opened

PR body:
"""
Backport of #1372 

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1583/head:pr1583
git checkout pr1583
From 6621b290c2d033c9d48657a971133a6d1f7e0489 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 6 Dec 2017 11:34:47 +0100
Subject: [PATCH 1/4] paths: add IPA_CACERT_MANAGE and IPA_CERTUPDATE constants

Add IPA_CACERT_MANAGE and IPA_CERTUPDATE constants which will be
used in test_external_ca test suite.

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud 
---
 ipaplatform/base/paths.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 42240a7106..ac7dcde63c 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -271,6 +271,8 @@ class BasePathNamespace(object):
 DNSSEC_TOKENS_DIR = "/var/lib/ipa/dnssec/tokens"
 DNSSEC_SOFTHSM_PIN = "/var/lib/ipa/dnssec/softhsm_pin"
 IPA_CA_CSR = "/var/lib/ipa/ca.csr"
+IPA_CACERT_MANAGE = "/usr/sbin/ipa-cacert-manage"
+IPA_CERTUPDATE = "/usr/sbin/ipa-certupdate"
 PKI_CA_PUBLISH_DIR = "/var/lib/ipa/pki-ca/publish"
 REPLICA_INFO_TEMPLATE = "/var/lib/ipa/replica-info-%s"
 REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg"

From 295a4d47f4a6aed6f776f5ac48f029e4c9f51555 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 6 Dec 2017 11:49:09 +0100
Subject: [PATCH 2/4] test_tasks: add sign_ca_and_transport() function

Add sign_ca_and_transport() function which will sign provided csr
and transport root CA and signed IPA CA to the host.

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud 
---
 ipatests/pytest_plugins/integration/tasks.py | 28 
 1 file changed, 28 insertions(+)

diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py
index 421bddb72d..91b6a1d377 100644
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -41,6 +41,7 @@
 from ipalib.constants import (
 DEFAULT_CONFIG, DOMAIN_SUFFIX_NAME, DOMAIN_LEVEL_0)
 
+from .create_external_ca import ExternalCA
 from .env_config import env_to_script
 from .host import Host
 
@@ -1339,3 +1340,30 @@ def ldappasswd_user_change(user, oldpw, newpw, master):
 args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
 '-s', newpw, '-x', '-H', master_ldap_uri]
 master.run_command(args)
+
+
+def sign_ca_and_transport(host, csr_name, root_ca_name, ipa_ca_name):
+"""
+Sign ipa csr and save signed CA together with root CA back to the host.
+Returns root CA and IPA CA paths on the host.
+"""
+
+test_dir = host.config.test_dir
+
+# Get IPA CSR as bytes
+ipa_csr = host.get_file_contents(csr_name)
+
+external_ca = ExternalCA()
+# Create root CA
+root_ca = external_ca.create_ca()
+# Sign CSR
+ipa_ca = external_ca.sign_csr(ipa_csr)
+
+root_ca_fname = os.path.join(test_dir, root_ca_name)
+ipa_ca_fname = os.path.join(test_dir, ipa_ca_name)
+
+# Transport certificates (string > file) to master
+host.put_file_contents(root_ca_fname, root_ca)
+host.put_file_contents(ipa_ca_fname, ipa_ca)
+
+return (root_ca_fname, ipa_ca_fname)

From f107246c8141d24c99beed7bb0d2053566895ce7 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 6 Dec 2017 11:53:35 +0100
Subject: [PATCH 3/4] test_external_ca: selfsigned->ext_ca->selfsigned

Add selfsigned > external_ca > selfsigned test case.

Covers Pagure issue #7106

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud 
---
 ipatests/test_integration/test_external_ca.py | 125 ++
 1 file changed, 106 insertions(+), 19 deletions(-)

diff --git a/ipatests/test_integration/test_external_ca.py b/ipatests/test_integration/test_external_ca.py
index e3c44100e4..6d23f06de9 100644
--- a/ipatests/test_integration/test_external_ca.py
+++ b/ipatests/test_integration/test_external_ca.py
@@ -15,11 +15,53 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
-import os
+import re
+import time
 
 from ipatests.pytest_plugins.integration import tasks
 from ipatests.test_integration.base import IntegrationTest
-from ipatests.test_integration.create_external_ca import ExternalCA
+from ipaplatform.paths import paths
+
+from itertools import chain, repeat
+
+IPA_CA = 'ipa_ca.crt'
+ROOT_CA = 'root_ca.crt'
+
+# string to identify PKI restart in the journal
+PKI_START_STR = 'Started pki_tomcatd'
+
+
+def check_CA_flag(host, nssdb=paths.PKI_TOMCAT_ALIAS_DIR,
+  cn='example.test'):
+"""
+Check if external CA (by default 'example.test' in our test en

[Freeipa-devel] [freeipa PR#1581][closed] [Backport][ipa-4-6]- Ca > ext > ca backport-4-6

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1581
Author: Rezney
 Title: #1581: [Backport][ipa-4-6]- Ca > ext  > ca backport-4-6
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1581/head:pr1581
git checkout pr1581
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1579][closed] [Backport][ipa-4-5] - test_renewal_master: add ipa csreplica-manage test

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1579
Author: Rezney
 Title: #1579: [Backport][ipa-4-5] - test_renewal_master: add ipa 
csreplica-manage test
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1579/head:pr1579
git checkout pr1579
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1581][opened] [Backport][ipa-4-5]- Ca > ext > ca backport-4-6

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1581
Author: Rezney
 Title: #1581: [Backport][ipa-4-5]- Ca > ext  > ca backport-4-6
Action: opened

PR body:
"""
Backport of https://github.com/freeipa/freeipa/pull/1372

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1581/head:pr1581
git checkout pr1581
From 7e69ea7fe118aeb2a9d2f765fcccf4b496da43cf Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 6 Dec 2017 11:34:47 +0100
Subject: [PATCH 1/4] paths: add IPA_CACERT_MANAGE and IPA_CERTUPDATE constants

Add IPA_CACERT_MANAGE and IPA_CERTUPDATE constants which will be
used in test_external_ca test suite.

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud 
---
 ipaplatform/base/paths.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 3b39fe5487..2b21eceb76 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -271,6 +271,8 @@ class BasePathNamespace(object):
 DNSSEC_TOKENS_DIR = "/var/lib/ipa/dnssec/tokens"
 DNSSEC_SOFTHSM_PIN = "/var/lib/ipa/dnssec/softhsm_pin"
 IPA_CA_CSR = "/var/lib/ipa/ca.csr"
+IPA_CACERT_MANAGE = "/usr/sbin/ipa-cacert-manage"
+IPA_CERTUPDATE = "/usr/sbin/ipa-certupdate"
 PKI_CA_PUBLISH_DIR = "/var/lib/ipa/pki-ca/publish"
 REPLICA_INFO_TEMPLATE = "/var/lib/ipa/replica-info-%s"
 REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg"

From b2ed6af5adaf082dd93afdebd564f56c3650d348 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 6 Dec 2017 11:49:09 +0100
Subject: [PATCH 2/4] test_tasks: add sign_ca_and_transport() function

Add sign_ca_and_transport() function which will sign provided csr
and transport root CA and signed IPA CA to the host.

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud 
---
 ipatests/pytest_plugins/integration/tasks.py | 28 
 1 file changed, 28 insertions(+)

diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py
index d9ba187d92..f2789a11ca 100644
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -42,6 +42,7 @@
 from ipalib.constants import (
 DEFAULT_CONFIG, DOMAIN_SUFFIX_NAME, DOMAIN_LEVEL_0)
 
+from .create_external_ca import ExternalCA
 from .env_config import env_to_script
 from .host import Host
 
@@ -1382,3 +1383,30 @@ def add_dns_zone(master, zone, skip_overlap_check=False,
 host.hostname + ".", '--a-rec', host.ip])
 else:
 logger.debug('Zone %s already added.', zone)
+
+
+def sign_ca_and_transport(host, csr_name, root_ca_name, ipa_ca_name):
+"""
+Sign ipa csr and save signed CA together with root CA back to the host.
+Returns root CA and IPA CA paths on the host.
+"""
+
+test_dir = host.config.test_dir
+
+# Get IPA CSR as bytes
+ipa_csr = host.get_file_contents(csr_name)
+
+external_ca = ExternalCA()
+# Create root CA
+root_ca = external_ca.create_ca()
+# Sign CSR
+ipa_ca = external_ca.sign_csr(ipa_csr)
+
+root_ca_fname = os.path.join(test_dir, root_ca_name)
+ipa_ca_fname = os.path.join(test_dir, ipa_ca_name)
+
+# Transport certificates (string > file) to master
+host.put_file_contents(root_ca_fname, root_ca)
+host.put_file_contents(ipa_ca_fname, ipa_ca)
+
+return (root_ca_fname, ipa_ca_fname)

From 2842f63b4beefcc580402decdb57160f3167d428 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 6 Dec 2017 11:53:35 +0100
Subject: [PATCH 3/4] test_external_ca: selfsigned->ext_ca->selfsigned

Add selfsigned > external_ca > selfsigned test case.

Covers Pagure issue #7106

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud 
---
 ipatests/test_integration/test_external_ca.py | 125 ++
 1 file changed, 106 insertions(+), 19 deletions(-)

diff --git a/ipatests/test_integration/test_external_ca.py b/ipatests/test_integration/test_external_ca.py
index e3c44100e4..6d23f06de9 100644
--- a/ipatests/test_integration/test_external_ca.py
+++ b/ipatests/test_integration/test_external_ca.py
@@ -15,11 +15,53 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see .
 
-import os
+import re
+import time
 
 from ipatests.pytest_plugins.integration import tasks
 from ipatests.test_integration.base import IntegrationTest
-from ipatests.test_integration.create_external_ca import ExternalCA
+from ipaplatform.paths import paths
+
+from itertools import chain, repeat
+
+IPA_CA = 'ipa_ca.crt'
+ROOT_CA = 'root_ca.crt'
+
+# string to identify PKI restart in the journal
+PKI_START_STR = 'Started pki_tomcatd'
+
+
+def check_CA_flag(host, nssdb=paths.PKI_TOMCAT_ALIAS_DIR,
+  cn='example.test'):
+"""
+Check if external CA (by default '

[Freeipa-devel] [freeipa PR#1575][closed] [Backport][ipa-4-5] - External ca py crypto backport

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1575
Author: Rezney
 Title: #1575: [Backport][ipa-4-5] - External ca py crypto backport
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1575/head:pr1575
git checkout pr1575
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1576][closed] [Backport][ipa-4-5] [Backport][ipa-4-6] - Help cache test

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1576
Author: Rezney
 Title: #1576: [Backport][ipa-4-5] [Backport][ipa-4-6] - Help cache test
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1576/head:pr1576
git checkout pr1576
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1572][closed] [Backport][ipa-4-5] - cn to san backport

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1572
Author: Rezney
 Title: #1572: [Backport][ipa-4-5] - cn to san backport
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1572/head:pr1572
git checkout pr1572
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1579][opened] [Backport][ipa-4-5] [Backport][ipa-4-6] - test_renewal_master: add ipa csreplica-manage test

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1579
Author: Rezney
 Title: #1579: [Backport][ipa-4-5] [Backport][ipa-4-6] - test_renewal_master: 
add ipa csreplica-manage test
Action: opened

PR body:
"""
This PR was opened automatically because PR #1573 was pushed to ipa-4-6 and 
backport to ipa-4-5 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1579/head:pr1579
git checkout pr1579
From 43f3979a03daa8f25a80148a5224e65e91ad1b7f Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 13 Dec 2017 09:49:54 +0100
Subject: [PATCH] test_renewal_master: add ipa csreplica-manage test

Add test case for setting renewal master using command
ipa-csreplica-manage.

Automation related to upstream ticket #7120. Testing using
config-mod already covered.

https://pagure.io/freeipa/issue/7321

Reviewed-By: Christian Heimes 
---
 .../test_integration/test_replica_promotion.py | 46 +-
 1 file changed, 44 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
index 4629d1ff05..5ee79601e4 100644
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -454,6 +454,13 @@ class TestRenewalMaster(IntegrationTest):
 def uninstall(cls, mh):
 super(TestRenewalMaster, cls).uninstall(mh)
 
+def assertCARenewalMaster(self, host, expected):
+""" Ensure there is only one CA renewal master set """
+result = host.run_command(["ipa", "config-show"]).stdout_text
+matches = list(re.finditer('IPA CA renewal master: (.*)', result))
+assert len(matches), 1
+assert matches[0].group(1) == expected
+
 def test_replica_not_marked_as_renewal_master(self):
 """
 https://fedorahosted.org/freeipa/ticket/5902
@@ -476,10 +483,45 @@ def test_manual_renewal_master_transfer(self):
 assert("IPA CA renewal master: %s" % replica.hostname in result), (
 "Replica hostname not found among CA renewal masters"
 )
+# additional check e.g. to see if there is only one renewal master
+self.assertCARenewalMaster(replica, replica.hostname)
+
+def test_renewal_master_with_csreplica_manage(self):
+
+master = self.master
+replica = self.replicas[0]
+
+self.assertCARenewalMaster(master, replica.hostname)
+self.assertCARenewalMaster(replica, replica.hostname)
+
+master.run_command(['ipa-csreplica-manage', 'set-renewal-master',
+'-p', master.config.dirman_password])
+result = master.run_command(["ipa", "config-show"]).stdout_text
+
+assert("IPA CA renewal master: %s" % master.hostname in result), (
+"Master hostname not found among CA renewal masters"
+)
+
+# lets give replication some time
+time.sleep(60)
+
+self.assertCARenewalMaster(master, master.hostname)
+self.assertCARenewalMaster(replica, master.hostname)
+
+replica.run_command(['ipa-csreplica-manage', 'set-renewal-master',
+ '-p', replica.config.dirman_password])
+result = replica.run_command(["ipa", "config-show"]).stdout_text
+
+assert("IPA CA renewal master: %s" % replica.hostname in result), (
+"Replica hostname not found among CA renewal masters"
+)
+
+self.assertCARenewalMaster(master, replica.hostname)
+self.assertCARenewalMaster(replica, replica.hostname)
 
 def test_automatic_renewal_master_transfer_ondelete(self):
-# Test that after master uninstallation, replica overtakes the cert
-# renewal master role
+# Test that after replica uninstallation, master overtakes the cert
+# renewal master role from replica (which was previously set there)
 tasks.uninstall_master(self.replicas[0])
 result = self.master.run_command(['ipa', 'config-show']).stdout_text
 assert("IPA CA renewal master: %s" % self.master.hostname in result), (
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1573][closed] [Backport][ipa-4-6] - test_renewal_master: add ipa csreplica-manage test

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1573
Author: Rezney
 Title: #1573: [Backport][ipa-4-6] - test_renewal_master: add ipa 
csreplica-manage test
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1573/head:pr1573
git checkout pr1573
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1576][opened] [Backport][ipa-4-5] [Backport][ipa-4-6] - Help cache test

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1576
Author: Rezney
 Title: #1576: [Backport][ipa-4-5] [Backport][ipa-4-6] - Help cache test
Action: opened

PR body:
"""
This PR was opened automatically because PR #1570 was pushed to ipa-4-6 and 
backport to ipa-4-5 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1576/head:pr1576
git checkout pr1576
From d1a8b15eb5a7f43c59511d1f46fd1126f5a49ed3 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Fri, 15 Dec 2017 14:49:40 +0100
Subject: [PATCH] test_help: test "help" command without cache

This test case addresses upsteam ticket #6999, where "ipa help"
does not work if called when no schema is cached.

https://pagure.io/freeipa/issue/7325

Reviewed-By: Christian Heimes 
---
 ipatests/test_cmdline/test_help.py | 25 +
 1 file changed, 25 insertions(+)

diff --git a/ipatests/test_cmdline/test_help.py b/ipatests/test_cmdline/test_help.py
index b28aa2303d..919e60885a 100644
--- a/ipatests/test_cmdline/test_help.py
+++ b/ipatests/test_cmdline/test_help.py
@@ -18,6 +18,9 @@
 #
 
 import sys
+import os
+import shutil
+import errno
 
 import six
 from six import StringIO
@@ -70,6 +73,27 @@ def test_ipa_help():
 assert ctx.stderr == ''
 
 
+def test_ipa_help_without_cache():
+"""Test `ipa help` without schema cache"""
+cache_dir = os.path.expanduser('~/.cache/ipa/schema/')
+backup_dir = os.path.expanduser('~/.cache/ipa/schema.bak/')
+shutil.rmtree(backup_dir, ignore_errors=True)
+if os.path.isdir(cache_dir):
+os.rename(cache_dir, backup_dir)
+try:
+with CLITestContext() as ctx:
+return_value = api.Backend.cli.run(['help'])
+assert return_value == 0
+assert ctx.stderr == ''
+finally:
+shutil.rmtree(cache_dir, ignore_errors=True)
+try:
+os.rename(backup_dir, cache_dir)
+except OSError as e:
+if e.errno != errno.ENOENT:
+raise
+
+
 def test_ipa_without_arguments():
 """Test that `ipa` errors out, and prints the help to stderr"""
 with CLITestContext(exception=SystemExit) as ctx:
@@ -134,6 +158,7 @@ def test_ambiguous_command_or_topic():
 
 assert h_ctx.stdout != help_ctx.stdout
 
+
 def test_multiline_description():
 """Test that all of a multi-line command description appears in output
 """
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1570][closed] [Backport][ipa-4-6] - Help cache test

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1570
Author: Rezney
 Title: #1570: [Backport][ipa-4-6] - Help cache test
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1570/head:pr1570
git checkout pr1570
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1575][opened] [Backport][ipa-4-5] - External ca py crypto backport

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1575
Author: Rezney
 Title: #1575: [Backport][ipa-4-5] - External ca py crypto backport
Action: opened

PR body:
"""
Switch external CA generation from certutil to python-cryptography
as this way of handling the certificates should be more readable,
maintainable and extendable (e.g. extensions handling).

Also as external CA is now a separate module we can import it and
use elsewhere.

https://pagure.io/freeipa/issue/7154

Reviewed-By: Stanislav Laznicka 
Reviewed-By: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1575/head:pr1575
git checkout pr1575
From b6361b91de213fbc10e6030cbf4356dee77e845c Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Fri, 8 Sep 2017 08:52:38 +0200
Subject: [PATCH] test_external_ca: switch to python-cryptography

Switch external CA generation from certutil to python-cryptography
as this way of handling the certificates should be more readable,
maintainable and extendable (e.g. extensions handling).

Also as external CA is now a separate module we can import it and
use elsewhere.

https://pagure.io/freeipa/issue/7154

Reviewed-By: Stanislav Laznicka 
Reviewed-By: Christian Heimes 
---
 ipatests/test_integration/create_external_ca.py | 155 
 ipatests/test_integration/test_external_ca.py   |  82 +++--
 2 files changed, 174 insertions(+), 63 deletions(-)
 create mode 100644 ipatests/test_integration/create_external_ca.py

diff --git a/ipatests/test_integration/create_external_ca.py b/ipatests/test_integration/create_external_ca.py
new file mode 100644
index 00..dc4ef048cc
--- /dev/null
+++ b/ipatests/test_integration/create_external_ca.py
@@ -0,0 +1,155 @@
+#
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+
+from cryptography import x509
+from cryptography.x509.oid import NameOID
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
+
+import datetime
+import six
+
+
+class ExternalCA(object):
+"""
+Provide external CA for testing
+"""
+def create_ca(self, cn='example.test'):
+"""Create root CA.
+
+:returns: bytes -- Root CA in PEM format.
+"""
+self.ca_key = rsa.generate_private_key(
+public_exponent=65537,
+key_size=2048,
+backend=default_backend(),
+)
+
+self.ca_public_key = self.ca_key.public_key()
+
+subject = self.issuer = x509.Name([
+x509.NameAttribute(NameOID.COMMON_NAME, six.text_type(cn)),
+])
+
+builder = x509.CertificateBuilder()
+builder = builder.subject_name(subject)
+builder = builder.issuer_name(self.issuer)
+builder = builder.public_key(self.ca_public_key)
+builder = builder.serial_number(x509.random_serial_number())
+builder = builder.not_valid_before(datetime.datetime.utcnow())
+builder = builder.not_valid_after(
+  datetime.datetime.utcnow() + datetime.timedelta(days=365)
+  )
+
+builder = builder.add_extension(
+x509.KeyUsage(
+digital_signature=False,
+content_commitment=False,
+key_encipherment=False,
+data_encipherment=False,
+key_agreement=False,
+key_cert_sign=True,
+crl_sign=True,
+encipher_only=False,
+decipher_only=False,
+),
+critical=True,
+)
+
+builder = builder.add_extension(
+x509.BasicConstraints(ca=True, path_length=None),
+critical=True,
+)
+
+builder = builder.add_extension(
+x509.SubjectKeyIdentifier.from_public_key(self.ca_public_key),
+critical=False,
+)
+
+builder = builder.add_extension(
+x509.AuthorityKeyIdentifier.from_issuer_public_key(
+ self.ca_public_key
+ ),
+critical=False,
+)
+
+cert = builder.sign(self.ca_key, hashes.SHA256(), default_backend())
+
+return

[Freeipa-devel] [freeipa PR#1574][opened] [Backport][ipa-4-5] - ipa_tests: test subca key replication

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1574
Author: Rezney
 Title: #1574: [Backport][ipa-4-5] - ipa_tests: test subca key replication
Action: opened

PR body:
"""
Test if key replication is not failing.

https://pagure.io/freeipa/issue/7387

Reviewed-By: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1574/head:pr1574
git checkout pr1574
From 759a38370027d3c610a78afeec1f8059d006790d Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Thu, 1 Feb 2018 13:17:48 +0100
Subject: [PATCH] ipa_tests: test subca key replication

Test if key replication is not failing.

https://pagure.io/freeipa/issue/7387

Reviewed-By: Christian Heimes 
---
 .../test_integration/test_replica_promotion.py | 49 --
 1 file changed, 46 insertions(+), 3 deletions(-)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
index 4629d1ff05..67b596209f 100644
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -10,9 +10,9 @@
 from ipatests.pytest_plugins.integration import tasks
 from ipatests.pytest_plugins.integration.tasks import (
 assert_error, replicas_cleanup)
-from ipalib.constants import DOMAIN_LEVEL_0
-from ipalib.constants import DOMAIN_LEVEL_1
-from ipalib.constants import DOMAIN_SUFFIX_NAME
+from ipalib.constants import (
+DOMAIN_LEVEL_0, DOMAIN_LEVEL_1, DOMAIN_SUFFIX_NAME, IPA_CA_NICKNAME)
+from ipaplatform.paths import paths
 
 
 class ReplicaPromotionBase(IntegrationTest):
@@ -527,3 +527,46 @@ def test_replica_install_with_existing_entry(self):
 master.run_command(arg)
 
 tasks.install_replica(master, replica)
+
+
+class TestSubCAkeyReplication(IntegrationTest):
+"""
+Test if subca key replication is not failing.
+"""
+topology = 'line'
+num_replicas = 1
+
+SUBCA = 'test_subca'
+SUBCA_CN = 'cn=' + SUBCA
+
+PKI_DEBUG_PATH = '/var/log/pki/pki-tomcat/ca/debug'
+
+ERR_MESS = 'Caught exception during cert/key import'
+
+def test_sub_ca_key_replication(self):
+master = self.master
+replica = self.replicas[0]
+
+result = master.run_command(['ipa', 'ca-add', self.SUBCA, '--subject',
+ self.SUBCA_CN])
+
+uuid = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
+auth_id_re = re.compile('Authority ID: ({})'.format(uuid),
+re.IGNORECASE)
+auth_id = "".join(re.findall(auth_id_re, result.stdout_text))
+
+cert_nick = '{} {}'.format(IPA_CA_NICKNAME, auth_id)
+
+# give replication some time
+time.sleep(30)
+
+replica.run_command(['ipa-certupdate'])
+replica.run_command(['ipa', 'ca-show', self.SUBCA])
+
+tasks.run_certutil(replica, ['-L', '-n', cert_nick],
+   paths.PKI_TOMCAT_ALIAS_DIR)
+
+pki_debug_log = replica.get_file_contents(self.PKI_DEBUG_PATH,
+  encoding='utf-8')
+# check for cert/key import error message
+assert self.ERR_MESS not in pki_debug_log
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1569][closed] [Backport][ipa-4-6] - test_x509: test very long OID

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1569
Author: Rezney
 Title: #1569: [Backport][ipa-4-6] - test_x509: test very long OID
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1569/head:pr1569
git checkout pr1569
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1573][opened] [Backport][ipa-4-6] - test_renewal_master: add ipa csreplica-manage test

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1573
Author: Rezney
 Title: #1573: [Backport][ipa-4-6] - test_renewal_master: add ipa 
csreplica-manage test
Action: opened

PR body:
"""
Add test case for setting renewal master using command
ipa-csreplica-manage.

Automation related to upstream ticket #7120. Testing using
config-mod already covered.

https://pagure.io/freeipa/issue/7321

Reviewed-By: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1573/head:pr1573
git checkout pr1573
From 205d17957747641b6efb220d5a28e6623d64e88a Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 13 Dec 2017 09:49:54 +0100
Subject: [PATCH] test_renewal_master: add ipa csreplica-manage test

Add test case for setting renewal master using command
ipa-csreplica-manage.

Automation related to upstream ticket #7120. Testing using
config-mod already covered.

https://pagure.io/freeipa/issue/7321

Reviewed-By: Christian Heimes 
---
 .../test_integration/test_replica_promotion.py | 46 +-
 1 file changed, 44 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
index c804c689db..c093369464 100644
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -455,6 +455,13 @@ class TestRenewalMaster(IntegrationTest):
 def uninstall(cls, mh):
 super(TestRenewalMaster, cls).uninstall(mh)
 
+def assertCARenewalMaster(self, host, expected):
+""" Ensure there is only one CA renewal master set """
+result = host.run_command(["ipa", "config-show"]).stdout_text
+matches = list(re.finditer('IPA CA renewal master: (.*)', result))
+assert len(matches), 1
+assert matches[0].group(1) == expected
+
 def test_replica_not_marked_as_renewal_master(self):
 """
 https://fedorahosted.org/freeipa/ticket/5902
@@ -477,10 +484,45 @@ def test_manual_renewal_master_transfer(self):
 assert("IPA CA renewal master: %s" % replica.hostname in result), (
 "Replica hostname not found among CA renewal masters"
 )
+# additional check e.g. to see if there is only one renewal master
+self.assertCARenewalMaster(replica, replica.hostname)
+
+def test_renewal_master_with_csreplica_manage(self):
+
+master = self.master
+replica = self.replicas[0]
+
+self.assertCARenewalMaster(master, replica.hostname)
+self.assertCARenewalMaster(replica, replica.hostname)
+
+master.run_command(['ipa-csreplica-manage', 'set-renewal-master',
+'-p', master.config.dirman_password])
+result = master.run_command(["ipa", "config-show"]).stdout_text
+
+assert("IPA CA renewal master: %s" % master.hostname in result), (
+"Master hostname not found among CA renewal masters"
+)
+
+# lets give replication some time
+time.sleep(60)
+
+self.assertCARenewalMaster(master, master.hostname)
+self.assertCARenewalMaster(replica, master.hostname)
+
+replica.run_command(['ipa-csreplica-manage', 'set-renewal-master',
+ '-p', replica.config.dirman_password])
+result = replica.run_command(["ipa", "config-show"]).stdout_text
+
+assert("IPA CA renewal master: %s" % replica.hostname in result), (
+"Replica hostname not found among CA renewal masters"
+)
+
+self.assertCARenewalMaster(master, replica.hostname)
+self.assertCARenewalMaster(replica, replica.hostname)
 
 def test_automatic_renewal_master_transfer_ondelete(self):
-# Test that after master uninstallation, replica overtakes the cert
-# renewal master role
+# Test that after replica uninstallation, master overtakes the cert
+# renewal master role from replica (which was previously set there)
 tasks.uninstall_master(self.replicas[0])
 result = self.master.run_command(['ipa', 'config-show']).stdout_text
 assert("IPA CA renewal master: %s" % self.master.hostname in result), (
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1572][opened] [Backport][ipa-4-5] - cn to san backport

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1572
Author: Rezney
 Title: #1572: [Backport][ipa-4-5] - cn to san backport
Action: opened

PR body:
"""
https://pagure.io/freeipa/issue/7334

Reviewed-By: Fraser Tweedale 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1572/head:pr1572
git checkout pr1572
From 5b0fe9acef48accf75e38b4c8a485e3c32911e8f Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Wed, 20 Dec 2017 16:05:37 +0100
Subject: [PATCH] test_cert_plugin: check if SAN is added with default profile

https://pagure.io/freeipa/issue/7334

Reviewed-By: Fraser Tweedale 
---
 ipatests/test_xmlrpc/test_cert_plugin.py | 25 +
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/ipatests/test_xmlrpc/test_cert_plugin.py b/ipatests/test_xmlrpc/test_cert_plugin.py
index dc9e8cba7b..7315f5f30b 100644
--- a/ipatests/test_xmlrpc/test_cert_plugin.py
+++ b/ipatests/test_xmlrpc/test_cert_plugin.py
@@ -242,16 +242,14 @@ def test_0009_cert_find(self):
 assert 'valid_not_before' in res
 assert 'valid_not_after' in res
 
-def test_00010_cleanup(self):
+def test_00010_san_in_cert(self):
 """
-Clean up cert test data
+Test if SAN extension is automatically added with default profile.
 """
-# Now clean things up
-api.Command['host_del'](self.host_fqdn)
-
-# Verify that the service is gone
-res = api.Command['service_find'](self.service_princ)
-assert res['count'] == 0
+csr = self.generateCSR(str(self.subject))
+res = api.Command[
+'cert_request'](csr, principal=self.service_princ)['result']
+assert 'san_dnsname' in res
 
 def test_00011_emails_are_valid(self):
 """
@@ -276,6 +274,17 @@ def test_00011_emails_are_valid(self):
 result = _emails_are_valid(email_addrs, [])
 assert False == result, result
 
+def test_9_cleanup(self):
+"""
+Clean up cert test data
+"""
+# Now clean things up
+api.Command['host_del'](self.host_fqdn)
+
+# Verify that the service is gone
+res = api.Command['service_find'](self.service_princ)
+assert res['count'] == 0
+
 
 @pytest.mark.tier1
 class test_cert_find(XMLRPC_test):
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1570][opened] [Backport][ipa-4-6] - Help cache test

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1570
Author: Rezney
 Title: #1570: [Backport][ipa-4-6] - Help cache test
Action: opened

PR body:
"""
This test case addresses upsteam ticket #6999, where "ipa help"
does not work if called when no schema is cached.

https://pagure.io/freeipa/issue/7325

Reviewed-By: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1570/head:pr1570
git checkout pr1570
From 82a2bdb2040d3b8317b1c86e2c5a2da5dc94cee2 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Fri, 15 Dec 2017 14:49:40 +0100
Subject: [PATCH] test_help: test "help" command without cache

This test case addresses upsteam ticket #6999, where "ipa help"
does not work if called when no schema is cached.

https://pagure.io/freeipa/issue/7325

Reviewed-By: Christian Heimes 
---
 ipatests/test_cmdline/test_help.py | 25 +
 1 file changed, 25 insertions(+)

diff --git a/ipatests/test_cmdline/test_help.py b/ipatests/test_cmdline/test_help.py
index 2656a8df4c..67e44426f7 100644
--- a/ipatests/test_cmdline/test_help.py
+++ b/ipatests/test_cmdline/test_help.py
@@ -18,6 +18,9 @@
 #
 
 import sys
+import os
+import shutil
+import errno
 
 import six
 from six import StringIO
@@ -73,6 +76,27 @@ def test_ipa_help():
 assert ctx.stderr == ''
 
 
+def test_ipa_help_without_cache():
+"""Test `ipa help` without schema cache"""
+cache_dir = os.path.expanduser('~/.cache/ipa/schema/')
+backup_dir = os.path.expanduser('~/.cache/ipa/schema.bak/')
+shutil.rmtree(backup_dir, ignore_errors=True)
+if os.path.isdir(cache_dir):
+os.rename(cache_dir, backup_dir)
+try:
+with CLITestContext() as ctx:
+return_value = api.Backend.cli.run(['help'])
+assert return_value == 0
+assert ctx.stderr == ''
+finally:
+shutil.rmtree(cache_dir, ignore_errors=True)
+try:
+os.rename(backup_dir, cache_dir)
+except OSError as e:
+if e.errno != errno.ENOENT:
+raise
+
+
 def test_ipa_without_arguments():
 """Test that `ipa` errors out, and prints the help to stderr"""
 with CLITestContext(exception=SystemExit) as ctx:
@@ -137,6 +161,7 @@ def test_ambiguous_command_or_topic():
 
 assert h_ctx.stdout != help_ctx.stdout
 
+
 def test_multiline_description():
 """Test that all of a multi-line command description appears in output
 """
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1569][opened] [Backport][ipa-4-6] - test_x509: test very long OID

[Rezney via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1569
Author: Rezney
 Title: #1569: [Backport][ipa-4-6] - test_x509: test very long OID
Action: opened

PR body:
"""
Active Directory creates OIDs long enough to trigger a failure.
This can cause e.g. ipa-server-install failure when installing
with an externally-signed CA.

https://pagure.io/freeipa/issue/7300

Reviewed-By: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1569/head:pr1569
git checkout pr1569
From b0908123b70ae70d4ec96b8da9e1afbe9364d0e6 Mon Sep 17 00:00:00 2001
From: Michal Reznik 
Date: Tue, 5 Dec 2017 15:06:10 +0100
Subject: [PATCH] test_x509: test very long OID

Active Directory creates OIDs long enough to trigger a failure.
This can cause e.g. ipa-server-install failure when installing
with an externally-signed CA.

https://pagure.io/freeipa/issue/7300

Reviewed-By: Christian Heimes 
---
 ipatests/test_ipalib/test_x509.py | 51 +++
 1 file changed, 51 insertions(+)

diff --git a/ipatests/test_ipalib/test_x509.py b/ipatests/test_ipalib/test_x509.py
index 09b3933892..8edf6f0647 100644
--- a/ipatests/test_ipalib/test_x509.py
+++ b/ipatests/test_ipalib/test_x509.py
@@ -26,6 +26,7 @@
 
 import pytest
 
+from cryptography import x509 as crypto_x509
 from ipalib import x509
 from ipapython.dn import DN
 
@@ -85,6 +86,41 @@
 b'-END PKCS7-'
 )
 
+long_oid_cert = b'''
+-BEGIN CERTIFICATE-
+MIIFiTCCBHGgAwIBAgITSAd1bEC5lsOdnQAABzANBgkqhkiG9w0BAQsF
+ADBLMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxEjAQBgoJkiaJk/IsZAEZFgJhZDEe
+MBwGA1UEAxMVYWQtV0lOLVBQSzAxNUY5TURRLUNBMB4XDTE3MDUyNTIzNDg0NVoX
+DTE5MDUyNTIzNTg0NVowNDESMBAGA1UEChMJSVBBLkxPQ0FMMR4wHAYDVQQDExVD
+ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDyyuty6irlL89hdaSW0UyAGLsOOMgAuJwBAeuRUorR159rsSnUXLcTHIsm
+EszKhwxp3NkkawRWx/s0UN1m2+RUwMl6gvlw+G80Mz0S77C77M+2lO8HRmZGm+Wu
+zBNcc9SANHuDQ1NISfZgLiscMS0+l0T3g6/Iqtg1kPWrq/tMevfh6tJEIedSBGo4
+3xKEMSDkrvaeTuSVrgn/QT0m+WNccZa0c7X35L/hgR22/l5sr057Ef8F9vL8zUH5
+TttFBIuiWJo8A8XX9I1zYIFhWjW3OVDZPBUnhGHH6yNyXGxXMRfcrrc74eTw8ivC
+080AQuRtgwvDErB/JPDJ5w5t/ielAgMBAAGjggJ7MIICdzA9BgkrBgEEAYI3FQcE
+MDAuBiYrBgEEAYI3FQiEoqJGhYq1PoGllQqGi+F4nacAgRODs5gfgozzAAIBZAIB
+BTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUnSrC
+yW3CR0e3ilJdN6kL06P3KHMwHwYDVR0jBBgwFoAUj69xtyUNwp8on+NWO+HlxKyg
+X7AwgdgGA1UdHwSB0DCBzTCByqCBx6CBxIaBwWxkYXA6Ly8vQ049YWQtV0lOLVBQ
+SzAxNUY5TURRLUNBLENOPVdJTi1QUEswMTVGOU1EUSxDTj1DRFAsQ049UHVibGlj
+JTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixE
+Qz1hZCxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2Jq
+ZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0
+MIGxBggrBgEFBQcwAoaBpGxkYXA6Ly8vQ049YWQtV0lOLVBQSzAxNUY5TURRLUNB
+LENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+Tj1Db25maWd1cmF0aW9uLERDPWFkLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFz
+ZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MDMGA1UdIAQsMCow
+KAYmKwYBBAGCNxUIhKKiRoWKtT6BpZUKhovheJ2nAIEThrXzUYabpA4wDQYJKoZI
+hvcNAQELBQADggEBAIsFS+Qc/ufTrkuHbMmzksOpxq+OIi9rot8zy9/1Vmj6d+iP
+kB+vQ1u4/IhdQArJFNhsBzWSY9Pi8ZclovpepFeEZfXPUenyeRCU43HdMXcHXnlP
+YZfyLQWOugdo1WxK6S9qQSOSlC7BSGZWvKkiAPAwr4zNbbS+ROA2w0xaYMv0rr5W
+A4UAyzZAdqaGRJBRvCZ/uFHM5wMw0LzNCL4CqKW9jfZX0Fc2tdGx8zbTYxIdgr2D
+PL25as32r3S/m4uWqoQaK0lxK5Y97eusK2rrmidy32Jctzwl29UWq8kpjRAuD8iR
+CSc7sKqOf+fn3+fKITR2/DcSVvb0SGCr5fVVnjQ=
+-END CERTIFICATE-
+'''
+
 
 class test_x509(object):
 """
@@ -151,3 +187,18 @@ def test_load_pkcs7_pem(self):
 cert = certlist[0]
 assert DN(cert.subject) == DN('CN=Certificate Authority,O=EXAMPLE.COM')
 assert cert.serial_number == 1
+
+def test_long_oid(self):
+"""
+Test cerificate with very long OID. In this case we are using a
+certificate from an opened case where one of X509v3 Certificate`s
+Policies OID is longer then 80 chars.
+"""
+cert = x509.load_pem_x509_certificate(long_oid_cert)
+ext = cert.extensions.get_extension_for_class(crypto_x509.
+  CertificatePolicies)
+
+assert len(ext.value) == 1
+assert ext.value[0].policy_identifier.dotted_string == (
+u'1.3.6.1.4.1.311.21.8.8950086.10656446.2706058.12775672.480128.'
+'147.13466065.13029902')
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org