URL: https://github.com/freeipa/freeipa/pull/346 Author: martbab Title: #346: Minimal test suite for kadmin.local Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/346/head:pr346 git checkout pr346
From b4cc5cf19940119bae75e2fc291325c0ec20fc36 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Thu, 15 Dec 2016 17:09:12 +0100 Subject: [PATCH 1/2] Make `kadmin` family of functions return the result of ipautil.run This allows for diagnose the output and error code of these operations. Otherwise there is no way to infer their success or failure apart from inspecting logs post-mortem. https://fedorahosted.org/freeipa/ticket/6561 --- ipaserver/install/installutils.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index a6cde89..e7fd69f 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -450,14 +450,17 @@ def get_directive(filename, directive, separator=' '): return None def kadmin(command): - ipautil.run(["kadmin.local", "-q", command, - "-x", "ipa-setup-override-restrictions"]) + return ipautil.run(["kadmin.local", "-q", command, + "-x", "ipa-setup-override-restrictions"], + capture_output=True, + capture_error=True) + def kadmin_addprinc(principal): - kadmin("addprinc -randkey " + principal) + return kadmin("addprinc -randkey " + principal) def kadmin_modprinc(principal, options): - kadmin("modprinc " + options + " " + principal) + return kadmin("modprinc " + options + " " + principal) def create_keytab(path, principal): try: @@ -466,7 +469,7 @@ def create_keytab(path, principal): except os.error: root_logger.critical("Failed to remove %s." % path) - kadmin("ktadd -k " + path + " " + principal) + return kadmin("ktadd -k " + path + " " + principal) def resolve_ip_addresses_nss(fqdn): """Get list of IP addresses for given host (using NSS/getaddrinfo). From f7ea62c9656a44a0d4c9e61c0825ecd08e738612 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Thu, 15 Dec 2016 17:11:48 +0100 Subject: [PATCH 2/2] Add a basic test suite for `kadmin.local` interface This small integration suite tests some basic operations using kadmin.local interface on services in both kerberos and services subtree. https://fedorahosted.org/freeipa/ticket/6561 --- ipatests/test_ipaserver/test_kadmin.py | 125 +++++++++++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 ipatests/test_ipaserver/test_kadmin.py diff --git a/ipatests/test_ipaserver/test_kadmin.py b/ipatests/test_ipaserver/test_kadmin.py new file mode 100644 index 0000000..1b38791 --- /dev/null +++ b/ipatests/test_ipaserver/test_kadmin.py @@ -0,0 +1,125 @@ +# +# Copyright (C) 2016 FreeIPA Contributors see COPYING for license +# + +""" +Test suite for creating principals via kadmin.local and modifying their keys +""" + +import os +import pytest +import tempfile + +from ipalib import api + +from ipaserver.install import installutils + + +@pytest.yield_fixture() +def keytab(): + fd, keytab_path = tempfile.mkstemp(suffix='.keytab') + os.close(fd) + + try: + yield keytab_path + finally: + try: + os.remove(keytab_path) + except OSError: + pass + + +@pytest.fixture() +def service_in_kerberos_subtree(request): + princ = u'svc1/{0.host}@{0.realm}'.format(api.env) + installutils.kadmin_addprinc(princ) + + def fin(): + try: + installutils.kadmin( + 'delprinc -force {}'.format(princ)) + except Exception: + pass + request.addfinalizer(fin) + return princ + + +@pytest.fixture() +def service_in_service_subtree(request): + princ = u'svc2/{0.host}@{0.realm}'.format(api.env) + rpcclient = api.Backend.rpcclient + was_connected = rpcclient.isconnected() + + if not was_connected: + rpcclient.connect() + + api.Command.service_add(princ) + + def fin(): + try: + api.Command.service_del(princ) + except Exception: + pass + + try: + if not was_connected: + rpcclient.disconnect() + except Exception: + pass + + request.addfinalizer(fin) + return princ + + +@pytest.fixture(params=[service_in_kerberos_subtree, + service_in_service_subtree]) +def service(request): + return request.param(request) + + +@pytest.mark.skipif( + os.getuid() != 0, reason="kadmin.local is accesible only to root") +class TestKadmin(object): + def assert_success(self, command, *args): + """ + Since kadmin.local returns 0 also when internal errors occur, we have + to catch the command's stderr and check that it is empty + """ + result = command(*args) + assert not result.error_output + + def test_create_keytab(self, service, keytab): + """ + tests that ktadd command works for both types of services + """ + self.assert_success( + installutils.create_keytab, + keytab, + service) + + def test_change_key(self, service, keytab): + """ + tests that both types of service can have passwords changed using + kadmin + """ + self.assert_success( + installutils.create_keytab, + keytab, + service) + self.assert_success( + installutils.kadmin, + 'change_password -randkey {}'.format(service)) + + def test_append_key(self, service, keytab): + """ + Tests that we can create a new keytab for both service types and then + append new keys to it + """ + self.assert_success( + installutils.create_keytab, + keytab, + service) + self.assert_success( + installutils.create_keytab, + keytab, + service)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
