|
|
ccffd0 |
From 6d7b2d7d1b4711255ea72d62d27b5c5f4ec7c6e1 Mon Sep 17 00:00:00 2001
|
|
|
ccffd0 |
From: Sergey Orlov <sorlov@redhat.com>
|
|
|
ccffd0 |
Date: Tue, 16 Feb 2021 12:32:55 +0100
|
|
|
ccffd0 |
Subject: [PATCH] ipatests: skip tests for AD trust with shared secret in FIPS
|
|
|
ccffd0 |
mode
|
|
|
ccffd0 |
|
|
|
ccffd0 |
Related to https://pagure.io/freeipa/issue/8715
|
|
|
ccffd0 |
|
|
|
ccffd0 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
ccffd0 |
---
|
|
|
ccffd0 |
ipatests/test_integration/test_trust.py | 22 ++++++++++++++++++++++
|
|
|
ccffd0 |
1 file changed, 22 insertions(+)
|
|
|
ccffd0 |
|
|
|
ccffd0 |
diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
|
|
|
ccffd0 |
index 3e522617d..c8a348212 100644
|
|
|
ccffd0 |
--- a/ipatests/test_integration/test_trust.py
|
|
|
ccffd0 |
+++ b/ipatests/test_integration/test_trust.py
|
|
|
ccffd0 |
@@ -5,6 +5,7 @@ from __future__ import absolute_import
|
|
|
ccffd0 |
import re
|
|
|
ccffd0 |
import textwrap
|
|
|
ccffd0 |
import time
|
|
|
ccffd0 |
+import functools
|
|
|
ccffd0 |
|
|
|
ccffd0 |
import pytest
|
|
|
ccffd0 |
|
|
|
ccffd0 |
@@ -13,6 +14,7 @@ from ipaplatform.paths import paths
|
|
|
ccffd0 |
|
|
|
ccffd0 |
from ipatests.test_integration.base import IntegrationTest
|
|
|
ccffd0 |
from ipatests.pytest_ipa.integration import tasks
|
|
|
ccffd0 |
+from ipatests.pytest_ipa.integration import fips
|
|
|
ccffd0 |
from ipapython.dn import DN
|
|
|
ccffd0 |
from collections import namedtuple
|
|
|
ccffd0 |
from contextlib import contextmanager
|
|
|
ccffd0 |
@@ -20,6 +22,18 @@ from contextlib import contextmanager
|
|
|
ccffd0 |
TestDataRule = namedtuple('TestDataRule',
|
|
|
ccffd0 |
['name', 'ruletype', 'user', 'subject'])
|
|
|
ccffd0 |
|
|
|
ccffd0 |
+
|
|
|
ccffd0 |
+def skip_in_fips_mode_due_to_issue_8715(test_method):
|
|
|
ccffd0 |
+ @functools.wraps(test_method)
|
|
|
ccffd0 |
+ def wrapper(instance):
|
|
|
ccffd0 |
+ if fips.is_fips_enabled(instance.master):
|
|
|
ccffd0 |
+ pytest.skip('Skipping in FIPS mode due to '
|
|
|
ccffd0 |
+ 'https://pagure.io/freeipa/issue/8715')
|
|
|
ccffd0 |
+ else:
|
|
|
ccffd0 |
+ test_method(instance)
|
|
|
ccffd0 |
+ return wrapper
|
|
|
ccffd0 |
+
|
|
|
ccffd0 |
+
|
|
|
ccffd0 |
class BaseTestTrust(IntegrationTest):
|
|
|
ccffd0 |
num_clients = 1
|
|
|
ccffd0 |
topology = 'line'
|
|
|
ccffd0 |
@@ -751,6 +765,7 @@ class TestTrust(BaseTestTrust):
|
|
|
ccffd0 |
|
|
|
ccffd0 |
# Test for one-way forest trust with shared secret
|
|
|
ccffd0 |
|
|
|
ccffd0 |
+ @skip_in_fips_mode_due_to_issue_8715
|
|
|
ccffd0 |
def test_establish_forest_trust_with_shared_secret(self):
|
|
|
ccffd0 |
tasks.configure_dns_for_trust(self.master, self.ad)
|
|
|
ccffd0 |
tasks.configure_windows_dns_for_trust(self.ad, self.master)
|
|
|
ccffd0 |
@@ -775,6 +790,7 @@ class TestTrust(BaseTestTrust):
|
|
|
ccffd0 |
tasks.establish_trust_with_ad(
|
|
|
ccffd0 |
self.master, self.ad_domain, shared_secret=self.shared_secret)
|
|
|
ccffd0 |
|
|
|
ccffd0 |
+ @skip_in_fips_mode_due_to_issue_8715
|
|
|
ccffd0 |
def test_trustdomains_found_in_forest_trust_with_shared_secret(self):
|
|
|
ccffd0 |
result = self.master.run_command(
|
|
|
ccffd0 |
['ipa', 'trust-fetch-domains', self.ad.domain.name],
|
|
|
ccffd0 |
@@ -783,6 +799,7 @@ class TestTrust(BaseTestTrust):
|
|
|
ccffd0 |
self.check_trustdomains(
|
|
|
ccffd0 |
self.ad_domain, [self.ad_domain, self.ad_subdomain])
|
|
|
ccffd0 |
|
|
|
ccffd0 |
+ @skip_in_fips_mode_due_to_issue_8715
|
|
|
ccffd0 |
def test_user_gid_uid_resolution_in_forest_trust_with_shared_secret(self):
|
|
|
ccffd0 |
"""Check that user has SID-generated UID"""
|
|
|
ccffd0 |
# Using domain name since it is lowercased realm name for AD domains
|
|
|
ccffd0 |
@@ -801,6 +818,7 @@ class TestTrust(BaseTestTrust):
|
|
|
ccffd0 |
assert re.search(
|
|
|
ccffd0 |
testuser_regex, result.stdout_text), result.stdout_text
|
|
|
ccffd0 |
|
|
|
ccffd0 |
+ @skip_in_fips_mode_due_to_issue_8715
|
|
|
ccffd0 |
def test_remove_forest_trust_with_shared_secret(self):
|
|
|
ccffd0 |
ps_cmd = (
|
|
|
ccffd0 |
'[System.DirectoryServices.ActiveDirectory.Forest]'
|
|
|
ccffd0 |
@@ -823,6 +841,7 @@ class TestTrust(BaseTestTrust):
|
|
|
ccffd0 |
|
|
|
ccffd0 |
# Test for one-way external trust with shared secret
|
|
|
ccffd0 |
|
|
|
ccffd0 |
+ @skip_in_fips_mode_due_to_issue_8715
|
|
|
ccffd0 |
def test_establish_external_trust_with_shared_secret(self):
|
|
|
ccffd0 |
tasks.configure_dns_for_trust(self.master, self.ad)
|
|
|
ccffd0 |
tasks.configure_windows_dns_for_trust(self.ad, self.master)
|
|
|
ccffd0 |
@@ -838,6 +857,7 @@ class TestTrust(BaseTestTrust):
|
|
|
ccffd0 |
self.master, self.ad_domain, shared_secret=self.shared_secret,
|
|
|
ccffd0 |
extra_args=['--range-type', 'ipa-ad-trust', '--external=True'])
|
|
|
ccffd0 |
|
|
|
ccffd0 |
+ @skip_in_fips_mode_due_to_issue_8715
|
|
|
ccffd0 |
def test_trustdomains_found_in_external_trust_with_shared_secret(self):
|
|
|
ccffd0 |
result = self.master.run_command(
|
|
|
ccffd0 |
['ipa', 'trust-fetch-domains', self.ad.domain.name],
|
|
|
ccffd0 |
@@ -846,6 +866,7 @@ class TestTrust(BaseTestTrust):
|
|
|
ccffd0 |
self.check_trustdomains(
|
|
|
ccffd0 |
self.ad_domain, [self.ad_domain])
|
|
|
ccffd0 |
|
|
|
ccffd0 |
+ @skip_in_fips_mode_due_to_issue_8715
|
|
|
ccffd0 |
def test_user_uid_resolution_in_external_trust_with_shared_secret(self):
|
|
|
ccffd0 |
"""Check that user has SID-generated UID"""
|
|
|
ccffd0 |
# Using domain name since it is lowercased realm name for AD domains
|
|
|
ccffd0 |
@@ -864,6 +885,7 @@ class TestTrust(BaseTestTrust):
|
|
|
ccffd0 |
assert re.search(
|
|
|
ccffd0 |
testuser_regex, result.stdout_text), result.stdout_text
|
|
|
ccffd0 |
|
|
|
ccffd0 |
+ @skip_in_fips_mode_due_to_issue_8715
|
|
|
ccffd0 |
def test_remove_external_trust_with_shared_secret(self):
|
|
|
ccffd0 |
self.ad.run_command(
|
|
|
ccffd0 |
['netdom.exe', 'trust', self.master.domain.name,
|
|
|
ccffd0 |
--
|
|
|
ccffd0 |
2.29.2
|
|
|
ccffd0 |
|