From 720e0f5bcf481db3b6e43652cb6577c012b5337e Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 22 Jan 2013 22:29:30 -0500 Subject: Propagate policy changes over iprop via full dump Since iprop cannot carry policy changes, force a full resync to happen each time a policy change occurs. Based on a patch from Richard Basch . ticket: 7522 --- src/tests/t_iprop.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'src/tests') diff --git a/src/tests/t_iprop.py b/src/tests/t_iprop.py index f61279f236..bd9ab8984d 100644 --- a/src/tests/t_iprop.py +++ b/src/tests/t_iprop.py @@ -147,6 +147,36 @@ out = realm.run_kadminl('getprinc w', slave) if 'Attributes:\n' not in out: fail('Slave has different state from master') +# Create a policy and check that it propagates via full resync. +realm.run_kadminl('addpol -minclasses 2 testpol') +check_serial(realm, 'None') +kpropd.send_signal(signal.SIGUSR1) +wait_for_prop(kpropd, True) +check_serial(realm, 'None', slave) +out = realm.run_kadminl('getpol testpol', slave) +if 'Minimum number of password character classes: 2' not in out: + fail('Slave does not have policy from master') + +# Modify the policy and test that it also propagates via full resync. +realm.run_kadminl('modpol -minlength 17 testpol') +check_serial(realm, 'None') +kpropd.send_signal(signal.SIGUSR1) +wait_for_prop(kpropd, True) +check_serial(realm, 'None', slave) +out = realm.run_kadminl('getpol testpol', slave) +if 'Minimum password length: 17' not in out: + fail('Slave does not have policy change from master') + +# Delete the policy and test that it propagates via full resync. +realm.run_kadminl('delpol -force testpol') +check_serial(realm, 'None') +kpropd.send_signal(signal.SIGUSR1) +wait_for_prop(kpropd, True) +check_serial(realm, 'None', slave) +out = realm.run_kadminl('getpol testpol', slave) +if 'Policy does not exist' not in out: + fail('Slave did not get policy deletion from master') + # Reset the ulog on the master side to force a full resync to all slaves. # XXX Note that we only have one slave in this test, so we can't really # test this. -- cgit