freeipa.git/ipatests/test_xmlrpc, branch fix_ber_scanf FreeIPA patches Extend the list of supported pre-auth mechanisms in IPA server API 2019-09-10T09:33:21+00:00 Changmin Teng cteng@redhat.com 2019-07-29T15:00:35+00:00 d0570404ef5a79dfc08d7959d21e9e4843973faf As new authentication indicators implemented, we also modified server API to support those new values. Also, "krbprincipalauthind" attribute is modified to use a pre-defined set of values instead of arbitrary strings. Resolves: https://pagure.io/freeipa/issue/8001 Signed-off-by: Changmin Teng <cteng@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> 
As new authentication indicators implemented, we also modified server
API to support those new values. Also, "krbprincipalauthind" attribute
is modified to use a pre-defined set of values instead of arbitrary
strings.

Resolves: https://pagure.io/freeipa/issue/8001
Signed-off-by: Changmin Teng <cteng@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
ipatests: add tests for ipa host-add with non-default maxhostnamelength 2019-09-09T10:12:39+00:00 Michal Polovka mpolovka@redhat.com 2019-09-02T08:09:44+00:00 8ce0e6bf6065e8d08cee7e924eda05174d26d883 Implement test for ticket 2018: Change hostname length limit to 64. The fix provides a new configuration parameter (maxhostname) that can be modified through ipa config-mod, and governs the max hostname len allowed through ipa host-add. Add new tests: - check that maxhostname cannot be changed to a value < 64 - check that ipa host-add is refused if the hostname length is > maxhostname - check that ipa host-add is OK if the hostname length is <= maxhostname Related: https://pagure.io/freeipa/issue/2018 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> 
Implement test for ticket 2018: Change hostname length limit to 64.
The fix provides a new configuration parameter (maxhostname) that can be modified through ipa config-mod, and governs the max hostname len allowed through ipa host-add.
Add new tests:

    - check that maxhostname cannot be changed to a value < 64
    - check that ipa host-add is refused if the hostname length is > maxhostname
    - check that ipa host-add is OK if the hostname length is <= maxhostname

Related: https://pagure.io/freeipa/issue/2018
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Fix wrong use of identity operation 2019-09-04T08:30:07+00:00 Christian Heimes cheimes@redhat.com 2019-09-03T11:55:27+00:00 0fc4b8c25cb4f1ee49cbf9b47610168b24a9ee56 Strings should not be compared with the identity operation 'is' or 'is not'. Fixes: https://pagure.io/freeipa/issue/8057 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> 
Strings should not be compared with the identity operation 'is' or
'is not'.

Fixes: https://pagure.io/freeipa/issue/8057
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
xmlrpc test: add test for preserved > stage user 2019-07-31T06:34:34+00:00 Florence Blanc-Renaud flo@redhat.com 2019-07-26T13:44:58+00:00 8ebbb271a556ace5d1f68c404a786aef6d56ba97 When moving a preserved user to the stage area, check that the custom attributes are not lost ( = the attr for which there is no specific user_stage option). Test scenario: - add a stage user with --setattr "businesscategory=value" - activate the user, check that businesscategory is still present - delete (preserve) the user, check that attr is still present - stage the user, check that attr is still present Related: https://pagure.io/freeipa/issue/7597 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> 
When moving a preserved user to the stage area, check that the
custom attributes are not lost ( = the attr for which there is
no specific user_stage option).

Test scenario:
- add a stage user with --setattr "businesscategory=value"
- activate the user, check that businesscategory is still present
- delete (preserve) the user, check that attr is still present
- stage the user, check that attr is still present

Related: https://pagure.io/freeipa/issue/7597
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
test_xmlrpc: fix TestAutomemberFindOrphans.test_find_orphan_automember_rules 2019-07-30T07:39:06+00:00 Florence Blanc-Renaud flo@redhat.com 2019-07-18T13:01:15+00:00 11e40336c5f0c5b086bbb7a98fb5cd22c80b4df3 Test scenario: - create a hostgroup - create a host - create an automember rule for the hostgroup with a condition fulfilled by the host - delete the hostgroup - call automember-rebuild (1) - call automember-find-orphans to remove the orphan automember group - call automember-rebuild(2) The test was expecting the first rebuild command to fail but this assumption is not true if the DS version is >= 1.4.0.22 because of the fix for https://pagure.io/389-ds-base/issue/50077 Modify the test so that it expects failure only when DS is older. Fixes: https://pagure.io/freeipa/issue/7902 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> 
Test scenario:
- create a hostgroup
- create a host
- create an automember rule for the hostgroup with a condition fulfilled
by the host
- delete the hostgroup
- call automember-rebuild (1)
- call automember-find-orphans to remove the orphan automember group
- call automember-rebuild(2)

The test was expecting the first rebuild command to fail but this
assumption is not true if the DS version is >= 1.4.0.22 because of the
fix for https://pagure.io/389-ds-base/issue/50077

Modify the test so that it expects failure only when DS is older.

Fixes: https://pagure.io/freeipa/issue/7902
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
certmaprule: add negative test for altSecurityIdentities 2019-07-17T14:50:07+00:00 Alexander Bokovoy abokovoy@redhat.com 2019-05-07T03:56:34+00:00 95c2b34c4b468a9b766b24172e34ff2d8b6c9530 Try to create a certmap rule that mentiones altSecurityIdentities in its mapping rule but uses IPA domain to apply to. It should fail with ValidationError. Related: https://pagure.io/freeipa/issue/7932 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> 
Try to create a certmap rule that mentiones altSecurityIdentities in its
mapping rule but uses IPA domain to apply to. It should fail with
ValidationError.

Related: https://pagure.io/freeipa/issue/7932
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Fix `test_webui.test_selinuxusermap` 2019-07-15T11:41:23+00:00 Stanislav Levin slev@altlinux.org 2019-07-05T11:39:17+00:00 ac1ea0ec6710f40adffc3f04b39422f3043c6554 A previous refactoring of SELinux tests has have a wrong assumption about the user field separator within ipaSELinuxUserMapOrder. That was '$$', but should be just '$'. Actually, '.ldif' and '.update' files are passed through Python template string substitution: > $$ is an escape; it is replaced with a single $. > $identifier names a substitution placeholder matching > a mapping key of "identifier" This means that the text to be substituted on should not be escaped. The wrong ipaSELinuxUserMapOrder previously set will be replaced on upgrade. Fixes: https://pagure.io/freeipa/issue/7996 Fixes: https://pagure.io/freeipa/issue/8005 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> 
A previous refactoring of SELinux tests has have a wrong
assumption about the user field separator within
ipaSELinuxUserMapOrder. That was '$$', but should be just '$'.

Actually, '.ldif' and '.update' files are passed through
Python template string substitution:

> $$ is an escape; it is replaced with a single $.
> $identifier names a substitution placeholder matching
> a mapping key of "identifier"

This means that the text to be substituted on should not be escaped.
The wrong ipaSELinuxUserMapOrder previously set will be replaced on
upgrade.

Fixes: https://pagure.io/freeipa/issue/7996
Fixes: https://pagure.io/freeipa/issue/8005
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
ipatests: fix ipatests/test_xmlrpc/test_dns_plugin.py 2019-07-02T07:41:25+00:00 Florence Blanc-Renaud flo@redhat.com 2019-07-01T14:09:47+00:00 71884176478917aa75a4277e580ed785f818b57d The test is calling dnsrecord-mod --ttl and should expect a unicode value in order to be python2/python3 compatible. Related: https://pagure.io/freeipa/issue/7982 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
The test is calling dnsrecord-mod --ttl and should expect a unicode
value in order to be python2/python3 compatible.

Related: https://pagure.io/freeipa/issue/7982
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Make use of single configuration point for SELinux 2019-07-01T11:44:57+00:00 Stanislav Levin slev@altlinux.org 2019-06-27T08:52:40+00:00 b2acd65013348c0f5d91582f240714b0f3357678 For now, FreeIPA supports SELinux things as they are in RedHat/Fedora. But different distributions may have their own SELinux customizations. This moves SELinux configuration out to platform constants: - SELINUX_MCS_MAX - SELINUX_MCS_REGEX - SELINUX_MLS_MAX - SELINUX_MLS_REGEX - SELINUX_USER_REGEX - SELINUX_USERMAP_DEFAULT - SELINUX_USERMAP_ORDER and applies corresponding changes to the test code. Fixes: https://pagure.io/freeipa/issue/7996 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
For now, FreeIPA supports SELinux things as they are in RedHat/Fedora.
But different distributions may have their own SELinux customizations.

This moves SELinux configuration out to platform constants:
- SELINUX_MCS_MAX
- SELINUX_MCS_REGEX
- SELINUX_MLS_MAX
- SELINUX_MLS_REGEX
- SELINUX_USER_REGEX
- SELINUX_USERMAP_DEFAULT
- SELINUX_USERMAP_ORDER

and applies corresponding changes to the test code.

Fixes: https://pagure.io/freeipa/issue/7996
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
XMLRPC tests: add new test for ipa dsnrecord-mod $ZONE $RECORD --ttl 2019-07-01T07:16:21+00:00 Florence Blanc-Renaud flo@redhat.com 2019-06-18T13:47:32+00:00 f25a7c2e962e3165e54a01479067ca9a900db6a2 The test suite did not have any test for modification of the TTL of an existing DNS record. Related: https://pagure.io/freeipa/issue/7982 Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
The test suite did not have any test for modification of the TTL
of an existing DNS record.

Related: https://pagure.io/freeipa/issue/7982
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>