summaryrefslogtreecommitdiffstats
path: root/ipatests
Commit message (Collapse)AuthorAgeFilesLines
* User Tracker: Test to create user with minimal valuesGanna Kaihorodova2017-01-191-0/+13
| | | | | | | | | | Test to create user with minimal values, where uid is not specified https://fedorahosted.org/freeipa/ticket/6126 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Milan Kubik <mkubik@redhat.com> Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* User Tracker: creation of user with minimal valuesGanna Kaihorodova2017-01-191-11/+31
| | | | | | | | | | | | Fix provide possibility to create user-add test with minimal values, where uid is not specified, to provide better coverage. Also provide check for non-empty unicode string for attributes required in init method https://fedorahosted.org/freeipa/ticket/6126 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Milan Kubik <mkubik@redhat.com> Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* Stage User: Test to create stage user with minimal valuesGanna Kaihorodova2017-01-191-0/+11
| | | | | | | | | Test to create stage user with minimal values, where uid is not specified https://fedorahosted.org/freeipa/ticket/6448 Reviewed-By: Lenka Doudova <ldoudova@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Tests: Stage User Tracker implementationGanna Kaihorodova2017-01-191-8/+30
| | | | | | | | | | | Fix provide possibility of creation stage user with minimal values, with uid not specified and check for non-empty unicode string for attributes requested in init method https://fedorahosted.org/freeipa/ticket/6448 Reviewed-By: Lenka Doudova <ldoudova@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Tests: Add tree root domain role in legacy client testsGanna Kaihorodova2017-01-181-3/+3
| | | | | | | | | Legacy client tests inherits test cases from trust tests, that have role for tree root domain. That role was missing in legacy client tests. https://fedorahosted.org/freeipa/ticket/6600 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* pytest: set rules to find test files and functionsChristian Heimes2017-01-121-6/+10
| | | | | | | | | 1e06a5195bafe0224d77371987f2509f5508ca2f removed pytest.ini. Without the ini file, pytest 3.x has suboptimal settings and no longer picks up all test functions and test files. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Generate sha256 ssh pubkey fingerprints for hostsStanislav Laznicka2017-01-125-5/+5
| | | | | | | | Replace md5 with sha256 for host ssh pubkey fingerprints https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Use pytest conftest.py and drop pytest.iniChristian Heimes2017-01-054-29/+84
| | | | | | | | | | | | | | Let's replace some ugly hacks with proper pytest conftest.py hooks. Test initialization of ipalib.api is now handled in pytest_cmdline_main(). Pytest plugins, markers and ignores are also moved into conftest.py. Additional guards make it possible to run tests without ipaserver installed. I added confcutdir to ensure that pytest does not leave our project space. Pytest used pytest.ini or setup.py before but pytest.ini is gone. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Catch ValueError raised by pytest.config.getoption()Christian Heimes2017-01-052-3/+5
| | | | | | pytest.config.getoption() can raise ValueError for unknown options, too. Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Remove "Request Certificate with SubjectAltName" permissionFraser Tweedale2016-12-211-1/+1
| | | | | | | | | | | | | | | | | | subjectAltName is required or relevant in most certificate use cases (esp. TLS, where carrying DNS name in Subject DN CN attribute is deprecated). Therefore it does not really make sense to have a special permission for this, over and above "request certificate" permission. Furthermore, we already do rigorously validate SAN contents again the subject principal, and the permission is waived for self-service requests or if the operator is a host principal. So remove the permission, the associated virtual operation, and the associated code in cert_request. Fixes: https://fedorahosted.org/freeipa/ticket/6526 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Remove named-pkcs11 workarounds from DNSSEC tests.Petr Spacek2016-12-191-82/+0
| | | | | | | | | | As far as I can tell the tests are passing for some time in Jenkins so maybe a bug in some underlying component was fixed. Let's remove workarounds to make tests actually test real setups. https://fedorahosted.org/freeipa/ticket/5348 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add a basic test suite for `kadmin.local` interfaceMartin Babinsky2016-12-161-0/+125
| | | | | | | | | | This small integration suite tests some basic operations using kadmin.local interface on services in both kerberos and services subtree. https://fedorahosted.org/freeipa/ticket/6561 Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* tests: Expect krbpwdpolicyreference in result of {host,service}-{find,show} ↵David Kupka2016-12-144-2/+58
| | | | | | | | | | | --all Result of {host,service}-{find,show} commands with option '--all' always contains krbpwpolicyreference attributes. https://fedorahosted.org/freeipa/ticket/6561 Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* Add options to write lightweight CA cert or chain to fileFraser Tweedale2016-12-122-7/+41
| | | | | | | | | | | | | | Administrators need a way to retrieve the certificate or certificate chain of an IPA-managed lightweight CA. Add params to the `ca' object for carrying the CA certificate and chain (as multiple DER values). Add the `--chain' flag for including the chain in the result (chain is also included with `--all'). Add the `--certificate-out' option for writing the certificate to a file (or the chain, if `--chain' was given). Fixes: https://fedorahosted.org/freeipa/ticket/6178 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
* Test: uniqueness of certificate renewal masterOleg Fayans2016-12-081-0/+42
| | | | | | | https://fedorahosted.org/freeipa/ticket/6504 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* cert-request: match names against principal aliasesFraser Tweedale2016-12-061-12/+73
| | | | | | | | | | | | | | | Currently we do not check Kerberos principal aliases when validating a CSR. Enhance cert-request to accept the following scenarios: - for hosts and services: CN and SAN dnsNames match a principal alias (realm and service name must be same as nominated principal) - for all principal types: UPN or KRB5PrincipalName othername match any principal alias. Fixes: https://fedorahosted.org/freeipa/ticket/6295 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Fetch correct exception in IPA_CONFDIR testChristian Heimes2016-12-051-2/+1
| | | | | | | fixes c2934aaa Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use env var IPA_CONFDIR to get confdirChristian Heimes2016-12-022-2/+44
| | | | | | | | | | | | | The environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Some scripts (e.g. servers, installers, and upgrades) set the confdir explicitly and do not support the env var. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove import of ipaplatform.paths from test_ipalibChristian Heimes2016-12-021-5/+4
| | | | | | | | | ipalib's env bootstrapping uses hard-coded defaults, too. https://fedorahosted.org/freeipa/ticket/6474 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Remove BIN_FALSE and BIN_TRUEChristian Heimes2016-12-021-4/+4
| | | | | | | https://fedorahosted.org/freeipa/ticket/6474 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Test: basic kerberos over http functionalityOleg Fayans2016-11-301-0/+58
| | | | | | https://fedorahosted.org/freeipa/ticket/6446 Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Test: made kinit_admin a returning functionOleg Fayans2016-11-301-2/+2
| | | | | | | In some cases we need to check the result of kinit and print out the error message. Therefore we need it to return the result. Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Adjustments for setup requirementsChristian Heimes2016-11-301-9/+9
| | | | | | | | | | | | | | * Fix some typos, missing or surplus dependencies. * Remove setup requirement on wheel since it triggers download. ipatests is now installable. Tests need further changes to be runable. https://fedorahosted.org/freeipa/ticket/6468 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Enhance __repr__ method of PrincipalMartin Babinsky2016-11-301-0/+2
| | | | | | | | | | | | `__repr__` now returns more descriptive string containing the actual principal name while keeping the ability to reconstruct the object from it. This makes principal names visible in debug logs, easing troubleshooting a bit. https://fedorahosted.org/freeipa/ticket/6505 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* tests: Added basic tests for certs in idoverridesOleg Fayans2016-11-291-0/+82
| | | | | | | https://fedorahosted.org/freeipa/ticket/6412 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Created idview trackerOleg Fayans2016-11-291-0/+116
| | | | | | | | | Needed for basic certs in idoverrides tests https://fedorahosted.org/freeipa/ticket/6412 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Milan Kubik <mkubik@redhat.com>
* ipautil: move kinit functions to ipalib.installJan Cholasta2016-11-291-3/+2
| | | | | | | | | | | kinit_password() depends on ipaplatform. Move kinit_password() as well as kinit_keytab() to a new ipalib.install.kinit module, as they are used only from installers. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* ipapython: move dnssec, p11helper and secrets to ipaserverJan Cholasta2016-11-293-4/+4
| | | | | | | | | | | The dnssec and secrets subpackages and the p11helper module depend on ipaplatform. Move them to ipaserver as they are used only on the server. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Improve the robustness FreeIPA's i18n module and its testsMartin Babinsky2016-11-282-7/+32
| | | | | | | | | | | | | Prevent false positive errors reported by `ipatests/i18n.py` and `ipatests/test_ipalib/test_text.py` when LANGUAGE env variable is set in the environment. Additionally, also set LC_ALL and LC_MESSAGES during checks to further improve the robustness. https://fedorahosted.org/freeipa/ticket/6512 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix Python 3 bugs discovered by pylintChristian Heimes2016-11-255-7/+16
| | | | | | | | | | | | In Python 3 exception instances no longer have a message attribute. For most exceptions, str(e) or string formatting give the same result. Fix some renamed modules, module members and functions. https://fedorahosted.org/freeipa/ticket/4985 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Python3 pylint fixesChristian Heimes2016-11-251-1/+1
| | | | | | | | | | | Sprinkle 'pylint disable' comments over the code base to silence a bunch of pylint warnings on Python 3. All silenced warnings are harmless and not bugs. https://fedorahosted.org/freeipa/ticket/4985 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add main guards to a couple of Python scriptsChristian Heimes2016-11-241-12/+0
| | | | | Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Build: integrate translation system tests againPetr Spacek2016-11-221-1/+4
| | | | | | | | | | | | | | | | | The Makefile test targets were lost when gettextize infrastructure was introduced. Now it is re-added in its modernized form which counts with generated .pot files. ipatests/i18n.py is now explicitly setting character encoding in files it generates. According to gettext manual chapter "Filling in the Header Entry" the Content-Type header is language-specific so it does not make sense to fill it in in .pot file. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* tests: Mark 389-ds acceptance testsDavid Kupka2016-11-222-0/+4
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* tests: Mark Dogtag acceptance testsDavid Kupka2016-11-222-0/+2
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipapython and ipatest no longer require lxmlChristian Heimes2016-11-171-1/+0
| | | | | | | Commits 64af88fe and 9fbd29cc have removed dependency on lxml. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Port ipapython.dnssec.odsmgr to xml.etreeChristian Heimes2016-11-161-0/+41
| | | | | | | | | | The module ipapython.dnssec.odsmgr is the only module in ipalib, ipaclient, ipapython and ipaplatform that uses lxml.etree. https://fedorahosted.org/freeipa/ticket/6469 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add install requirements to Python packagesChristian Heimes2016-11-161-1/+24
| | | | | | | https://fedorahosted.org/freeipa/ticket/6468 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Build: remove incorrect use of MAINTAINERCLEANFILESPetr Spacek2016-11-161-4/+0
| | | | | | | | | | | | | Automake manual section 13 What Gets Cleaned says that make maintainer-clean should not remove files necessary for subsequent runs of ./configure. It practically means that all usage of MAINTAINERCLEANFILES were incorrect so I've removed them. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Document make_delete_command method in UserTrackerLenka Doudova2016-11-151-3/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/6485 Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Tests: Providing trust tests with tree root domainLenka Doudova2016-11-152-15/+97
| | | | | | https://fedorahosted.org/freeipa/ticket/6347 Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
* Test for installing rules with service principalsOleg Fayans2016-11-141-0/+82
| | | | | | https://fedorahosted.org/freeipa/ticket/6481 Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* Test: integration tests for certs in idoverrides featureOleg Fayans2016-11-141-0/+156
| | | | | | https://fedorahosted.org/freeipa/ticket/6005 Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* Added interface to certutilOleg Fayans2016-11-141-0/+7
| | | | | | Added generic method to run certutil with arbitrary set of paramenters Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* ipatests: Fix assert_deepequal outside of pytest processMilan Kubík2016-11-141-1/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/6420 Reviewed-By: Martin Basti <mbasti@redhat.com>
* TESTS: Update group type namePavel Vomacka2016-11-141-1/+1
| | | | | | | | | As the group type has been changed from 'normal' to 'nonposix' we need to update this information also in tests. https://fedorahosted.org/freeipa/ticket/6334 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Verify that validity info is present in cert-show and cert-find commandLenka Doudova2016-11-141-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/6419 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Provide AD cleanup for legacy client testsLenka Doudova2016-11-141-0/+4
| | | | | | | | Providing cleanup of trust information from AD machines for legacy client tests. https://fedorahosted.org/freeipa/ticket/6396 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Tests: Provide AD cleanup for trust testsLenka Doudova2016-11-142-0/+14
| | | | | | | | Providing cleanup of trust information from AD machines for trusts tests. https://fedorahosted.org/freeipa/ticket/6396 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Refactor installer code requesting certificatesFlorence Blanc-Renaud2016-11-101-0/+1
| | | | | | | | | | | | | | | | | | | | - Temporary modify certmonger dogtag-ipa-ca-renew helper to request the IPA RA agent cert, using the temp cert created during pkispawn. The cert request is now processed through certmonger, and the helper arguments are restored once the agent cert is obtained. - Modify the installer code creating HTTP and LDAP certificates to use certmonger's IPA helper with temporary parameters (calling dogtag-submit instead of ipa-submit) - Clean-up for the integration tests: sometimes ipa renewal.lock is not released during ipa-server-uninstall. Make sure that the file is removed to allow future installations. https://fedorahosted.org/freeipa/ticket/6433 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-01 13:18:48 +0000