From f643289f42a0d537da2e8ab6be4727d0bc679690 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@redhat.com>

Date: Fri, 22 Mar 2019 19:29:01 +0100

Subject: [PATCH] ipatests: Exercise hidden replica feature

A hidden replica is a replica that does not advertise its services via

DNS SRV records, ipa-ca DNS entry, or LDAP. Clients do not auto-select a

hidden replica, but are still free to explicitly connect to it.

Fixes: https://pagure.io/freeipa/issue/7892

Co-authored-by: Francois Cami <fcami@redhat.com>

Signed-off-by: Francois Cami <fcami@redhat.com>

Reviewed-By: Thomas Woerner <twoerner@redhat.com>

Reviewed-By: Francois Cami <fcami@redhat.com>

---

 .../test_replica_promotion.py                 | 114 ++++++++++++++++++

 1 file changed, 114 insertions(+)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py

index 6608b23f7fb37948d54c21c88d572527356e7335..80890bf05cb242fe09af77aa27b411ac6194e2d6 100644

--- a/ipatests/test_integration/test_replica_promotion.py

+++ b/ipatests/test_integration/test_replica_promotion.py

@@ -17,6 +17,10 @@ from ipatests.pytest_ipa.integration.env_config import get_global_config

 from ipalib.constants import (

     DOMAIN_LEVEL_0, DOMAIN_LEVEL_1, DOMAIN_SUFFIX_NAME, IPA_CA_NICKNAME)

 from ipaplatform.paths import paths

+from ipatests.test_integration.test_backup_and_restore import backup

+from ipatests.test_integration.test_dns_locations import (

+    resolve_records_from_server

+)

 config = get_global_config()

@@ -795,3 +799,113 @@ class TestReplicaInForwardZone(IntegrationTest):

             # Restore /etc/hosts on master and replica

             restore_etc_hosts(master)

             restore_etc_hosts(replica)

+

+

+class TestHiddenReplicaPromotion(IntegrationTest):

+    """

+    Test hidden replica features

+    """

+

+    topology = 'star'

+    num_replicas = 1

+

+    @classmethod

+    def install(cls, mh):

+        tasks.install_master(cls.master, setup_dns=True, setup_kra=True)

+

+    @replicas_cleanup

+    def test_hidden_replica_install(self):

+        self.replicas[0].run_command([

+            'ipa-client-install',

+            '-p', 'admin',

+            '-w', self.master.config.admin_password,

+            '--domain', self.master.domain.name,

+            '--realm', self.master.domain.realm,

+            '--server', self.master.hostname,

+            '-U'

+        ])

+        self.replicas[0].run_command([

+            'ipa-replica-install', '-w',

+            self.master.config.admin_password,

+            '-n', self.master.domain.name,

+            '-r', self.master.domain.realm,

+            '--server', self.master.hostname,

+            '--setup-ca',

+            '--setup-dns', '--no-forwarders',

+            '--hidden-replica',

+            '--setup-kra',

+            '-U'

+        ])

+        expected_txt = 'hidden'

+        result = self.replicas[0].run_command([

+            'ipa', 'ipa server-role-find',

+            '--server', self.replicas[0].hostname

+        ])

+        assert expected_txt in result.stdout

+        dnsrecords = {

+            '.'.join(('_kerberos._udp', self.master.domain.name)): 'SRV',

+            '.'.join(('_kerberos._tcp', self.master.domain.name)): 'SRV',

+            '.'.join(('_ldap._tcp', self.master.domain.name)): 'SRV',

+            self.master.domain.name: 'NS'

+        }

+        nameserver = self.master.ip

+        results = []

+        for record in dnsrecords:

+            srvr = resolve_records_from_server(

+                record, dnsrecords[record], nameserver

+            )

+            results.extend(re.findall(

+                '|'.join((self.master.hostname, self.replicas[0].hostname)),

+                srvr)

+            )

+        assert self.master.hostname in results

+        assert self.replicas[0].hostname not in results

+

+    def test_hidden_replica_promote(self):

+        self.replicas[0].run_command([

+            'ipa', 'server-mod', '--state=enabled'

+        ])

+        unexpected_txt = 'hidden'

+        result = self.replicas[0].run_command([

+            'ipa', 'ipa server-role-find',

+            '--server', self.replicas[0].hostname

+        ])

+        assert unexpected_txt not in result.stdout

+

+    def test_hidden_replica_demote(self):

+        self.replicas[0].run_command([

+            'ipa', 'server-mod', '--state=hidden'

+        ])

+        expected_txt = 'hidden'

+        result = self.replicas[0].run_command([

+            'ipa', 'ipa server-role-find',

+            '--server', self.replicas[0].hostname

+        ])

+        assert expected_txt in result.stdout

+

+    def test_hidden_replica_backup_and_restore(self):

+        """

+        Exercises backup+restore and hidden replica uninstall

+        """

+        # set expectations

+        expected_txt = 'hidden'

+        result = self.replicas[0].run_command([

+            'ipa', 'ipa server-role-find',

+            '--server', self.replicas[0].hostname

+        ])

+        assert expected_txt in result.stdout

+        # backup

+        backup_path = backup(self.replicas[0])

+        # uninstall

+        result = self.replicas[0].run_command([

+            'ipa-server-uninstall', '-U', 'hidden-replica'

+        ])

+        # restore

+        dirman_password = self.master.config.dirman_password

+        self.replicas[0].run_command(

+            ['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes'

+        )

+        # check that the resulting server can be promoted to enabled

+        self.replicas[0].run_command([

+            'ipa', 'server-mod', '--state=enabled'

+        ])

-- 

2.20.1