summaryrefslogtreecommitdiffstats
path: root/ipatests
Commit message (Collapse)AuthorAgeFilesLines
* Fix session cookiesFlorence Blanc-Renaud2016-07-221-0/+15
| | | | | | | | | | | | | | The CLI was not using session cookies for communication with IPA API. The kernel_keyring code was expecting the keyname to be a string, but in python 2 a unicode was supplied (the key is built using ipa_session_cookie:%principal and principal is a unicode). The patch fixes the assertions, allowing to store and retrieve the cookie. It also adds a test with unicode key name. https://fedorahosted.org/freeipa/ticket/5984 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix conflict between "got" and "expected" valuesGanna Kaihorodova2016-07-211-1/+2
| | | | | | | Fix conflict between "got" and "expected" values when testing "dnsconfig_mod: Update global DNS settings" Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Improve handling of rename operation by user trackerLenka Doudova2016-07-202-25/+15
| | | | | | | | | | | | | | Improving handling of rename operation by user tracker, together with fixes for user tests, that failed as consequence. Failures were caused by RFE Kerberos principal alias. Some tests were rewritten, since they used "--setattr" option instead of "--rename", and hence didn't reflect proper behaviour of the principal aliases feature. https://fedorahosted.org/freeipa/ticket/6024 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Tests: Support of UPN for trusted domainsLenka Doudova2016-07-191-0/+42
| | | | | | | | | | | | | | | Basic set of tests to verify support of UPN functionality. Test cases: - establish trust - verify the trust recognizes UPN - verify AD user with UPN can be resolved - verify AD user with UPN can authenticate - remove trust https://fedorahosted.org/freeipa/ticket/6094 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Tests: External trustLenka Doudova2016-07-192-32/+154
| | | | | | | | | | | | | | | | | Provides basic coverage for external trust feature. Test cases: 1. verify an external trust with AD subdomain can be established - verify only one trustdomain is listed - verify subdomain users are resolvable - verify trust can be deleted 2. verify non-external trust with AD subdomain cannot be established 3. verify an external trust with AD forest root domain can be established - verify that even if AD subdomain is specified, it is not associated with the trust - verify trust can be deleted https://fedorahosted.org/freeipa/ticket/6093 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* CI: DNS locationsMartin Basti2016-07-183-17/+277
| | | | | | | | This test is testing default IPA system records in locations, if priority and weight were properly set per service, per server, per location. Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Tests: Authentication indicators integration testsLenka Doudova2016-07-151-0/+56
| | | | | | https://fedorahosted.org/freeipa/ticket/433 Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Tests: Authentication indicators xmlrpc testsLenka Doudova2016-07-151-1/+44
| | | | | | https://fedorahosted.org/freeipa/ticket/433 Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Tests: Tracker class for servicesLenka Doudova2016-07-151-0/+152
| | | | | | | | | Provides basic service tracker, so far for purposes of [1]. Tracker is not complete, some methods will need to be added in case of service test refactoring. [1] https://fedorahosted.org/freeipa/ticket/433 Reviewed-By: Milan Kubik <mkubik@redhat.com>
* ipatests: remove ipacertbase option from test CSR configurationMilan Kubík2016-07-122-7/+0
| | | | | | | | | The issue was found during test review. If the cert base contains spaces, openssl req fails. https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* ipatests: Test Sub CA with CAACL and certificate profileMilan Kubík2016-07-121-0/+110
| | | | | | | | | | | | | Test the Sub CA feature by signing a CSR with custom certificate profile. The test also covers 'cert-request' fallback behaviour for missing 'cacn' and 'profile-id' options by reusing the fixtures from the module. https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* ipatests: Extend CAACL suite to cover Sub CA membersMilan Kubík2016-07-122-7/+45
| | | | | | https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* ipatests: Tracker implementation for Sub CA featureMilan Kubík2016-07-124-0/+309
| | | | | | | | | The patch implements Tracker subclass for CA plugin and the basic CRUD tests for the plugin entries. https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Test for incorrect client domainOleg Fayans2016-07-011-0/+52
| | | | | | https://fedorahosted.org/freeipa/ticket/5976 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Unify display of principal names/aliases across entitiesMartin Babinsky2016-07-017-9/+44
| | | | | | | | | | | | Since now users, hosts, and service all support assigning multiple principal aliases to them, the display of kerberos principal names should be consistent across all these objects. Principal aliases and canonical names will now be displayed in all add, mod, show, and find operations. https://fedorahosted.org/freeipa/ticket/3864 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Migrate management framework plugins to use Principal parameterMartin Babinsky2016-07-014-6/+15
| | | | | | | | | | | | All plugins will now use this parameter and common code for all operations on Kerberos principals. Additional semantic validators and normalizers were added to determine or append a correct realm so that the previous behavior is kept intact. https://fedorahosted.org/freeipa/ticket/3864 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Test suite for `ipapython/kerberos.py`Martin Babinsky2016-07-011-0/+137
| | | | | | | | | Low-level unittests checking the correctness principal parsing. https://fedorahosted.org/freeipa/ticket/3864 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Tests: Fix frontend testsLenka Doudova2016-06-301-3/+0
| | | | | | | | Test ipatests/test_ipalib/test_frontend.py::test_Command::test_validate fails due to attributes that are no longer present, therefore assertion for these values was removed. https://fedorahosted.org/freeipa/ticket/5987 Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
* Tests: Fix failing tests in ipatests/test_ipalib/test_frontend.pyLenka Doudova2016-06-301-11/+9
| | | | | | | | | | | | Test fails were caused mainly by assertion between unicode and nonunicode string, or due to changes in code related to thin client. Fixes: test_Command::test_default_from_chaining test_Command::test_args_options_2_params test_Command::test_params_2_args_options test_Command::test_validate_output_per_type Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
* Tests: Remove DNS configuration from trust testsLenka Doudova2016-06-301-40/+4
| | | | | | | Since DNS configuration is no longer needed for running trust tests, this method's contents are removed. Method is left empty as reference for others, should they have issues with DNS configuration. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* Tests: Fix failing ipatests/test_ipalib/test_errors.pyLenka Doudova2016-06-291-4/+4
| | | | | | Some strings in the testsuite are unicode which wasn't reflected in the tests. This patch fixes the problem by changing concerned strings to unicode. Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
* test: cert: Reflect change in behavior in testsDavid Kupka2016-06-291-2/+3
| | | | | | | | | | | | | Command cert-find with parameter sizelimit set to 0 no longer returns 0 certificates but returns all. More precise ConversionError is returned when parameter is not convertible to its type. https://fedorahosted.org/freeipa/ticket/5381 https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* test: automember: Fix expected exception messageDavid Kupka2016-06-291-2/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* The LDAP*ReverseMember shouldn't imply --all is always specifiedStanislav Laznicka2016-06-292-9/+0
| | | | | | | | | | | The LDAP*ReverseMember methods would always return the whole LDAP object even though --all is not specified. Also had to fix some tests as objectClass will not be returned by default now. https://fedorahosted.org/freeipa/ticket/5892 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* DNS: Fix tests for realm domains integration with DNS zone addPetr Spacek2016-06-281-5/+5
| | | | | | | | | We forgot to update tests after change in 22f4045f72daf182c44ce574291c0d8a7733713b. https://fedorahosted.org/freeipa/ticket/5980 Reviewed-By: David Kupka <dkupka@redhat.com>
* Tests: Make ID views tests reflect new krbcanonicalname attributeLenka Doudova2016-06-281-0/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/3864 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* test-{service,host}-plugin: only expect krbcanonicalname when all=TrueMartin Babinsky2016-06-282-6/+0
| | | | | | | | | fixes incorrect assertions in tests that create, retrieve, and search for services https://fedorahosted.org/freeipa/ticket/3864 Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* test_serverroles: ensure that test API is initialized with correct ldap_uriMartin Babinsky2016-06-281-1/+6
| | | | | | | | | This ensures that the serverroles test works also when run together with other iaserver test suites. https://fedorahosted.org/freeipa/ticket/6000 Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* keep setting ipakrbprincipal objectclass on new service entriesMartin Babinsky2016-06-272-1/+4
| | | | | | | | | | | | | this is required for replica promotion to work, since the ACI allowing hosts to add their own services uses this objectclass as target filter. This partially reverts changes from commit 705f66f7490c64de1adc129221b31927616c485d https://fedorahosted.org/freeipa/ticket/5996 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Fix ipatests/test_ipaserver/test_rpcserver.pyLenka Doudova2016-06-241-1/+0
| | | | | | Removed no longer valid assert. Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* Tests: Fix for failing location testsLenka Doudova2016-06-233-26/+87
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* account for added krbcanonicalname attribute during xmlrpc testsMartin Babinsky2016-06-237-7/+19
| | | | | | | https://fedorahosted.org/freeipa/ticket/3864 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* frontend: don't copy command arguments to output paramsJan Cholasta2016-06-201-3/+3
| | | | | | | | | | | | | | Use only object params and params defined in has_output_params as output params. This removes unnecessary duplication of params defined both in object plugins and as command arguments. This requires all command output params to be properly defined in either the object plugins or the command's has_output_params. Fix the plugins where this wasn't true. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* CI test suite for `server-del`Martin Babinsky2016-06-173-16/+339
| | | | | | | | | | | | | these tests cover various scenarios such as: * trying to remove master that would disconnect topology in one of the suffixes * forcing master removal regardless of topology state before/after removal * trying to remove last CA/DNS server/DNSSec key master * forcing removal of the last DNSSec key master https://fedorahosted.org/freeipa/ticket/5588 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS Locations: Rename ipalocationweight to ipaserviceweightMartin Basti2016-06-173-9/+9
| | | | | | | | | Service weight explains better meaning of attribute than location weight, because location itself have no weight only services have. https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix minor typosYuri Chornoivan2016-06-161-1/+1
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* plugable: initialize plugins on demandJan Cholasta2016-06-152-11/+11
| | | | | | | | | Use a new API namespace class which does not initialize plugins until they are accessed. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* Test suite for `serverroles` backendMartin Babinsky2016-06-131-0/+745
| | | | | | | | | | | Tests retrieving roles/attributes and setting server attributes in various scenarios. https://fedorahosted.org/freeipa/ticket/5181 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* test: test_cli: Do not expect defaults in kwargs.David Kupka2016-06-061-80/+46
| | | | | | | | Client is no longer forwarding in arguments with default values to the server. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove service and host cert issuer validationFraser Tweedale2016-06-061-2/+1
| | | | | | | | | | | When adding certifiates to a host or service entry, we currently check that the issuer matches the issuer DN of the IPA CA. Now that sub-CAs have been implemented, this check is no longer valid and will cause false negatives. Remove it and update call sites. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* DNS Locations: extend tests with server-* commandsMartin Basti2016-06-034-7/+240
| | | | | | | https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* DNS Locations: API testsMartin Basti2016-06-032-0/+232
| | | | | | | | | Tests for location-* commands https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipalib: move server-side plugins to ipaserverJan Cholasta2016-06-0334-35/+35
| | | | | | | | | | Move the remaining plugin code from ipalib.plugins to ipaserver.plugins. Remove the now unused ipalib.plugins package. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* rpc: specify connection options in API configJan Cholasta2016-06-037-13/+13
| | | | | | | | | Specify RPC connection options once in API.bootstrap rather than in each invocation of rpcclient.connect. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* plugable: turn Plugin attributes into propertiesJan Cholasta2016-06-032-5/+1
| | | | | | | | | | | | | | Implement the `name`, `doc` and `summary` Plugin attributes as properties to allow them to be overriden in sub-classes. Always use .doc rather than .__doc__ to access plugin documentation. Remove the mostly unused `module`, `fullname`, `bases` and `label` attributes. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* Test: fix failing host_testMartin Basti2016-06-011-1/+1
| | | | | | | | Regression caused by patches related to empty zones https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Performance: Find commands: do not process members by defaultMartin Basti2016-05-3117-52/+921
| | | | | | | | | | | | | | | | In all *-find commands, member attributes shouldn't be processed due high amount fo ldpaserches cause serious performance issues. For this reason --no-members option is set by default in CLI and API. To get members in *-find command option --all in CLI is rquired or 'no_members=False' or 'all=True' must be set in API call. For other commands processing of members stays unchanged. WebUI is not affected by this change. https://fedorahosted.org/freeipa/ticket/4995 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Turn verify_host_resolvable() into a wrapper around ipapython.dnsutilPetr Spacek2016-05-301-2/+1
| | | | | | | | | | | | | The code was duplicate and less generic anyway. As a side-effect I had to re-wrap dns.exception.DNSException into a PublicError so it can be displayed to the user. DNSError is now a super class for other DNS-related errors. Errors from DNS resolver are re-raised as DNSResolverError. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use root_logger for verify_host_resolvable()Petr Spacek2016-05-301-1/+1
| | | | | | | | | | After discussion with Martin Basti we decided to standardize on root_logger with hope that one day we will use root_logger.getLogger('module') to make logging prettier and tunable per module. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS: Warn if forwarding policy conflicts with automatic empty zonesPetr Spacek2016-05-301-0/+14
| | | | | | | | | | | | | | | | | | Forwarding policy "first" or "none" may conflicts with some automatic empty zones. Queries for zones specified by RFC 6303 will ignore forwarding and recursion and always result in NXDOMAIN answers. This is not detected and warned about. Global forwarding is equivalent to forward zone ".". Example: Forward zone 1.10.in-addr.arpa with policy "first" will not forward anything because BIND will automatically prefer automatic empty zone "10.in-addr.arpa." which is authoritative. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
generated by cgit (git 2.34.1) at 2025-08-31 22:07:29 +0000