summaryrefslogtreecommitdiffstats
path: root/ipatests
Commit message (Collapse)AuthorAgeFilesLines
* Remove the unused ipalib.frontend.Property classPetr Viktorin2014-02-211-65/+15
| | | | | | | | | | This class was built into the framework from its early days but it's not used anywhere. Remove it along with its tests https://fedorahosted.org/freeipa/ticket/3460 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add tests for multivalued filtersPetr Viktorin2014-02-201-0/+216
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permissions: Use multivalued targetfilterPetr Viktorin2014-02-203-177/+196
| | | | | | | | | | | | | | | | Change the target filter to be multivalued. Make the `type` option on permissions set location and an (objectclass=...) targetfilter, instead of location and target. Make changing or unsetting `type` remove existing (objectclass=...) targetfilters only, and similarly, changing/unsetting `memberof` to remove (memberof=...) only. Update tests Part of the work for: https://fedorahosted.org/freeipa/ticket/4074 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Modify DNS tests with LOC records to workaround bug in python-dns.Petr Spacek2014-02-181-5/+5
| | | | | | | | | | | Older versions of dnspython have problems with implicit values for size and h/v precision so our tests use explicit value. See https://github.com/rthalley/dnspython/issues/47 This change is necessary because we want to test if data visible over DNS protocol matches data visible over LDAP. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* tests: Move zone enable/disable tests to end of test_dns_plugin.pyPetr Spacek2014-02-141-72/+74
| | | | | | | | This prevents the test suite from hitting limitations in bind-dyndb-ldap 4.0. For details see https://fedorahosted.org/bind-dyndb-ldap/ticket/127 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add support for managed permissionsPetr Viktorin2014-02-122-66/+635
| | | | | | | | | | | | | | | | This adds support for managed permissions. The attribute list of these is computed from the "default" (modifiable only internally), "allowed", and "excluded" lists. This makes it possible to cleanly merge updated IPA defaults and user changes on upgrades. The default managed permissions are to be added in a future patch. For now they can only be created manually (see test_managed_permissions). Tests included. Part of the work for: https://fedorahosted.org/freeipa/ticket/4033 Design: http://www.freeipa.org/page/V3/Managed_Read_permissions Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Make it possible to call custom functions in Declarative testsPetr Viktorin2014-02-121-5/+12
| | | | | | | | | Sometimes, we will want to do more than just call IPA commands and check the output. This patch makes it possible to add arbitrary functions to Declarative tests. They will be called as part of the sequence of tests. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix test_host_plugin for DNS Classless Reverse zonesMartin Basti2014-02-121-2/+2
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4143 Reviewed-by: Martin Kosek <mkosek@redhat.com>
* DNS tests for classless reverse domainsMartin Basti2014-02-114-21/+246
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4143 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipatests: Do not require group name resolution for the non-posix testsTomas Babej2014-02-111-4/+16
| | | | | | | | | | In the non-posix tests on the legacy clients, the testuser does not belong to the testgroup (since this is represented by the NIS group membership). Relax the regular expression check for the output of the id testuser. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipatests: Change expected home directories returned by getentTomas Babej2014-02-112-8/+20
| | | | | | | | | | | | | The hardcoded values for the home directories for the AD users did not properly scale up from the POSIX attrs only test scanario. When using POSIX attrs, the home dir is returned as whatever is set in the AD (/home/username by default). Without using POSIX attributes, the /home/domain/username form is taken by default. Refactor the tests to take this behaviour into account. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipatests: Add test cases for subdomain users on legacy clientsTomas Babej2014-02-111-9/+113
| | | | | | | | | | | Adds test cases for: * getent subdomain user on legacy client * getent subdomain group on legacy client * getent id subdomain user on legacy client * ssh into legacy client with subdomain user * ssh into legacy client with disabled subdomain user Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipatests: Stop sssd service before deleting the cacheTomas Babej2014-02-101-2/+2
| | | | | | | | In the integration tests, we do not stop the sssd service before deleting the cache, but rather start it. We need to stop sssd before deleting the cache. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipatests: Make sure we re-kinit as admin before adding the disabledipauserTomas Babej2014-02-101-0/+2
| | | | | | | | | When we add the disabledipauser during the setup class part of the BaseTestLegacyClient, we need to make sure that we re-kinit admin since we do ntpsync with the AD just before that, which can render the previous ticket invalid. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipatests: Perform a connection test before preparing the clientTomas Babej2014-02-101-0/+4
| | | | | | | | | | | | When the host is down, the preparation of the host fails. This produces misleading errors, since the test framework reports that the actual command being executed failed, when in fact (in case of SSHTransport), the cause of failure was unability to establish a SSH session. https://fedorahosted.org/freeipa/ticket/4132 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipatests: legacy_clients: Test legacy clients with non-posix trustTomas Babej2014-02-101-13/+76
| | | | | | | | | Adds test cases for legacy client support with IPA that has estabilish trust with AD that does not leverage POSIX attributes defined on AD. https://fedorahosted.org/freeipa/ticket/4134 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipatests: Run restoring backup files and restoring their context in one sessionTomas Babej2014-02-051-10/+14
| | | | | | | | | | | | | | Restoring backup files and restoring their context were two separate commands, what means that in case we use SSHTrasport, which creates a separate SSH session for each command, we try to restore the SELinux context of the changed files in a new session. This causes problems, if the access to files themselves are necessary for the creation of the new SSH session. https://fedorahosted.org/freeipa/ticket/4133 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Add records for all hosts in master's domainTomas Babej2014-02-053-0/+62
| | | | | | | | | | | | | | All the hosts in the domain have IPA master set as their only nameserver. However, the IPA master does not create records for these machines by default. This is not an big issue for clients or replicas, since those records do get created in other ways, but external hosts using their internal hostnames will not resolve. Adds an A record for each host in master's domain. https://fedorahosted.org/freeipa/ticket/4130 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: test_legacy_clients: Change "test group" to "testgroup"Tomas Babej2014-02-051-2/+2
| | | | | | | | | | The integration test for legacy clients used incorrectly "test group" instead of "testgroup" as group used on AD for test purposes. This is inconsistent with the usage of "testuser". https://fedorahosted.org/freeipa/ticket/4131 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* integration tests OpenSSHTransport: Expand tilde to home in ↵Petr Viktorin2014-02-051-1/+2
| | | | | | | | | root_ssh_key_filename Expand paths beginning with a tilde, such as the default ~/.ssh/id_rsa, to the home directory. https://fedorahosted.org/freeipa/ticket/4115
* Use reserved domain names for testsPetr Spacek2014-01-301-31/+38
| | | | https://fedorahosted.org/freeipa/ticket/4139
* Rename variables in test xmlrpc/dns_pluginPetr Spacek2014-01-301-479/+486
| | | | https://fedorahosted.org/freeipa/ticket/4139
* Use private IPv4 addresses for testsPetr Spacek2014-01-301-48/+63
| | | | https://fedorahosted.org/freeipa/ticket/4139
* Convert remaining test code to LDAPEntry API.Jan Cholasta2014-01-242-5/+5
|
* Implement XML introspectionPetr Viktorin2014-01-141-3/+89
| | | | https://fedorahosted.org/freeipa/ticket/2937
* Web UI integration tests: maximize browser window by defaultPetr Vobornik2014-01-211-0/+1
|
* Replace icons with the ones from Font AwesomePetr Vobornik2014-01-211-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3904
* RCUE dialog implementationPetr Vobornik2014-01-211-4/+4
| | | | https://fedorahosted.org/freeipa/ticket/3904
* New checkboxes and radio stylesPetr Vobornik2014-01-211-9/+11
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Change undo to regular buttonPetr Vobornik2014-01-211-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Remove jquery button usage and unify button codePetr Vobornik2014-01-211-2/+5
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Adapt password expiration notification to new navigationPetr Vobornik2014-01-211-3/+2
| | | | https://fedorahosted.org/freeipa/ticket/3902
* RCUE HeaderPetr Vobornik2014-01-211-7/+16
| | | | https://fedorahosted.org/freeipa/ticket/3902
* RCUE NavigationPetr Vobornik2014-01-211-11/+11
| | | | https://fedorahosted.org/freeipa/ticket/3902
* ipatests: Check for legacy_client attribute presence if unapplying fixesTomas Babej2014-01-201-1/+5
| | | | | | | | | | When legacy client tests fail during IPA installation, the legacy client test produces an additional misleading error (the real cause is reported as well). This happens due the fact that we try to cleanup host that was not yet defined. We need to check for this attribute being defined before unapplying fixes there. https://fedorahosted.org/freeipa/ticket/4124
* ipatests: Remove sudo calls from tasksTomas Babej2014-01-201-2/+2
| | | | | | | | Sudo calls are not necessary since we log in as a root. Additionally, sudo requires tty in default configuration, which is not acquired when using OpenSSH transport. https://fedorahosted.org/freeipa/ticket/4125
* Stop adding a default password policy referenceSimo Sorce2014-01-161-4/+0
| | | | | | | | | | | | | | | Both the password plugin and the kdb driver code automatically fall back to the default password policy. so stop adding an explicit reference to user objects and instead rely on the fallback. This way users created via the framework and users created via winsync plugin behave the same way wrt password policies and no surprises will happen. Also in case we need to change the default password policy DN this will allow just code changes instead of having to change each user entry created, and distinguish between the default policy and explicit admin changes. Related: https://fedorahosted.org/freeipa/ticket/4085
* Change the way we determine if the host has a password set.Rob Crittenden2014-01-151-0/+27
| | | | | | | | | | When creating a host with a password we don't set a Kerberos principal or add the Kerberos objectclasses. Those get added when the host is enrolled. If one passed in --password= (so no password) then we incorrectly thought the user was in fact setting a password, so the principal and objectclasses weren't updated. https://fedorahosted.org/freeipa/ticket/4102
* Allow anonymous and all permissionsPetr Viktorin2014-01-071-0/+282
| | | | | | | Disallow adding permissions with non-default bindtype to privileges Ticket: https://fedorahosted.org/freeipa/ticket/4032 Design: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions
* Use /usr/bin/python2Xiao-Long Chen2014-01-037-7/+7
| | | | | | | | | | | | Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com
* Test adding noaci/system permissions to privilegesPetr Viktorin2013-12-131-1/+41
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
* Make sure SYSTEM permissions can be retreived with --all --rawPetr Viktorin2013-12-131-2/+16
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
* permission plugin: Ensure ipapermlocation (subtree) always existsPetr Viktorin2013-12-131-1/+17
|
* Roll back ACI changes on failed permission updatesPetr Viktorin2013-12-131-0/+101
|
* Verify ACIs are added correctly in testsPetr Viktorin2013-12-131-1/+258
| | | | | | | To double-check the ACIs are correct, this uses different code than the new permission plugin: the aci_show command. A new option, location, is added to the command to support these checks.
* Rewrite the Permission pluginPetr Viktorin2013-12-134-142/+911
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3566 Design: http://www.freeipa.org/page/V3/Permissions_V2
* Add tests for permission plugin with older clientsPetr Viktorin2013-12-131-0/+1127
| | | | | These tests use an old API version, which triggers backwards-compatible behavior in the plugin.
* Allow Declarative test classes to specify the API versionPetr Viktorin2013-12-131-1/+2
| | | | This makes it possible to test behavior with older clients.
* test_webui: Allow False values in configuration for no_ca, no_dns, has_trustsPetr Viktorin2013-12-101-3/+3
| | | | | | | | | | | | The driver only checked if the corresponding value was in the config, so no_dns: False had the same effect as no_dns: True Change the check to take the value into consideration. This makes false-y values like False (from YAML) and empty string (from environment) work as if the value was not specified.
* Regression test for user_status crashPetr Viktorin2013-12-101-0/+25
| | | | https://fedorahosted.org/freeipa/ticket/4066
generated by cgit (git 2.34.1) at 2024-05-18 10:34:24 +0000