areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone

Blame SOURCES/0001-Use-replace-instead-of-add-to-set-new-default-ipaSEL.patch

95ea96
From 463e5e73a27bb31e3549c9204efe20555b7cb8dd Mon Sep 17 00:00:00 2001
95ea96
From: Rob Crittenden <rcritten@redhat.com>
95ea96
Date: Fri, 1 Jun 2018 15:19:35 -0400
95ea96
Subject: [PATCH] Use replace instead of add to set new default
95ea96
 ipaSELinuxUserMapOrder
95ea96
95ea96
The add was in effect replacing whatever data was already there
95ea96
causing any custom order to be lost on each run of
95ea96
ipa-server-upgrade.
95ea96
95ea96
https://pagure.io/freeipa/issue/6610
95ea96
95ea96
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
95ea96
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
95ea96
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
95ea96
---
95ea96
 install/updates/50-ipaconfig.update        |  2 +-
95ea96
 ipatests/test_integration/test_commands.py | 48 ++++++++++++++++++++++++++++++
95ea96
 2 files changed, 49 insertions(+), 1 deletion(-)
95ea96
 create mode 100644 ipatests/test_integration/test_commands.py
95ea96
95ea96
diff --git a/install/updates/50-ipaconfig.update b/install/updates/50-ipaconfig.update
95ea96
index 23d2919dbd976c34d9217fc31cca88a0df6c7f5b..18501cb7b8a87377a76bc53b7fe3c469c23e2d41 100644
95ea96
--- a/install/updates/50-ipaconfig.update
95ea96
+++ b/install/updates/50-ipaconfig.update
95ea96
@@ -1,5 +1,5 @@
95ea96
 dn: cn=ipaConfig,cn=etc,$SUFFIX
95ea96
-add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
95ea96
+replace: ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023::ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
95ea96
 add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
95ea96
 add:ipaUserObjectClasses: ipasshuser
95ea96
 remove:ipaConfigString:AllowLMhash
95ea96
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
95ea96
new file mode 100644
95ea96
index 0000000000000000000000000000000000000000..b2c0d5c710c9810cfd74216983f793808f4cf3c4
95ea96
--- /dev/null
95ea96
+++ b/ipatests/test_integration/test_commands.py
95ea96
@@ -0,0 +1,48 @@
95ea96
+#
95ea96
+# Copyright (C) 2018  FreeIPA Contributors see COPYING for license
95ea96
+#
95ea96
+"""Misc test for 'ipa' CLI regressions
95ea96
+"""
95ea96
+from __future__ import absolute_import
95ea96
+
95ea96
+from ipatests.test_integration.base import IntegrationTest
95ea96
+
95ea96
+
95ea96
+class TestIPACommand(IntegrationTest):
95ea96
+    """
95ea96
+    A lot of commands can be executed against a single IPA installation
95ea96
+    so provide a generic class to execute one-off commands that need to be
95ea96
+    tested without having to fire up a full server to run one command.
95ea96
+    """
95ea96
+    topology = 'line'
95ea96
+
95ea96
+    def test_change_selinuxusermaporder(self):
95ea96
+        """
95ea96
+        An update file meant to ensure a more sane default was
95ea96
+        overriding any customization done to the order.
95ea96
+        """
95ea96
+        maporder = "unconfined_u:s0-s0:c0.c1023"
95ea96
+
95ea96
+        # set a new default
95ea96
+        result = self.master.run_command(
95ea96
+            ["ipa", "config-mod",
95ea96
+             "--ipaselinuxusermaporder={}".format(maporder)],
95ea96
+            raiseonerr=False
95ea96
+        )
95ea96
+        assert result.returncode == 0
95ea96
+
95ea96
+        # apply the update
95ea96
+        result = self.master.run_command(
95ea96
+            ["ipa-server-upgrade"],
95ea96
+            raiseonerr=False
95ea96
+        )
95ea96
+        assert result.returncode == 0
95ea96
+
95ea96
+        # ensure result is the same
95ea96
+        result = self.master.run_command(
95ea96
+            ["ipa", "config-show"],
95ea96
+            raiseonerr=False
95ea96
+        )
95ea96
+        assert result.returncode == 0
95ea96
+        assert "SELinux user map order: {}".format(
95ea96
+            maporder) in result.stdout_text
95ea96
-- 
95ea96
2.14.4
95ea96