|
 |
a99c7c |
From 1d19b860d4cd3bd65a4b143b588425d9a64237fd Mon Sep 17 00:00:00 2001
|
|
|
a99c7c |
From: Mohammad Rizwan <myusuf@redhat.com>
|
|
|
a99c7c |
Date: Thu, 18 Nov 2021 18:36:58 +0530
|
|
|
a99c7c |
Subject: [PATCH] Test cases for ipa-replica-conncheck command
|
|
|
a99c7c |
|
|
|
a99c7c |
Following test cases would be checked:
|
|
|
a99c7c |
- when called with --principal (it should then prompt for a password)
|
|
|
a99c7c |
- when called with --principal / --password
|
|
|
a99c7c |
- when called without principal and password but with a kerberos TGT,
|
|
|
a99c7c |
kinit admin done before calling ipa-replica-conncheck
|
|
|
a99c7c |
- when called without principal and password, and without any kerberos
|
|
|
a99c7c |
TGT (it should default to principal=admin and prompt for a password)
|
|
|
a99c7c |
|
|
|
a99c7c |
related: https://pagure.io/freeipa/issue/9047
|
|
|
a99c7c |
|
|
|
a99c7c |
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
|
|
|
a99c7c |
---
|
|
|
a99c7c |
.../test_replica_promotion.py | 70 +++++++++++++++++++
|
|
|
a99c7c |
1 file changed, 70 insertions(+)
|
|
|
a99c7c |
|
|
|
a99c7c |
diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
|
|
|
a99c7c |
index b9c56f775d08885cb6b1226eeb7bcf105f87cdc1..1a4e9bc121abf41a3919aedda3d334de9404d1a0 100644
|
|
|
a99c7c |
--- a/ipatests/test_integration/test_replica_promotion.py
|
|
|
a99c7c |
+++ b/ipatests/test_integration/test_replica_promotion.py
|
|
|
a99c7c |
@@ -437,6 +437,76 @@ class TestRenewalMaster(IntegrationTest):
|
|
|
a99c7c |
self.assertCARenewalMaster(master, replica.hostname)
|
|
|
a99c7c |
self.assertCARenewalMaster(replica, replica.hostname)
|
|
|
a99c7c |
|
|
|
a99c7c |
+ def test_replica_concheck(self):
|
|
|
a99c7c |
+ """Test cases for ipa-replica-conncheck command
|
|
|
a99c7c |
+
|
|
|
a99c7c |
+ Following test cases would be checked:
|
|
|
a99c7c |
+ - when called with --principal (it should then prompt for a password)
|
|
|
a99c7c |
+ - when called with --principal / --password
|
|
|
a99c7c |
+ - when called without principal and password but with a kerberos TGT,
|
|
|
a99c7c |
+ kinit admin done before calling ipa-replica-conncheck
|
|
|
a99c7c |
+ - when called without principal and password, and without any kerberos
|
|
|
a99c7c |
+ TGT (it should default to principal=admin and prompt for a password)
|
|
|
a99c7c |
+
|
|
|
a99c7c |
+ related: https://pagure.io/freeipa/issue/9047
|
|
|
a99c7c |
+ """
|
|
|
a99c7c |
+ exp_str1 = "Connection from replica to master is OK."
|
|
|
a99c7c |
+ exp_str2 = "Connection from master to replica is OK"
|
|
|
a99c7c |
+ tasks.kdestroy_all(self.replicas[0])
|
|
|
a99c7c |
+ # when called with --principal (it should then prompt for a password)
|
|
|
a99c7c |
+ result = self.replicas[0].run_command(
|
|
|
a99c7c |
+ ['ipa-replica-conncheck', '--auto-master-check',
|
|
|
a99c7c |
+ '--master', self.master.hostname,
|
|
|
a99c7c |
+ '-r', self.replicas[0].domain.realm,
|
|
|
a99c7c |
+ '-p', self.replicas[0].config.admin_name],
|
|
|
a99c7c |
+ stdin_text=self.master.config.admin_password
|
|
|
a99c7c |
+ )
|
|
|
a99c7c |
+ assert result.returncode == 0
|
|
|
a99c7c |
+ assert (
|
|
|
a99c7c |
+ exp_str1 in result.stderr_text and exp_str2 in result.stderr_text
|
|
|
a99c7c |
+ )
|
|
|
a99c7c |
+
|
|
|
a99c7c |
+ # when called with --principal / --password
|
|
|
a99c7c |
+ result = self.replicas[0].run_command([
|
|
|
a99c7c |
+ 'ipa-replica-conncheck', '--auto-master-check',
|
|
|
a99c7c |
+ '--master', self.master.hostname,
|
|
|
a99c7c |
+ '-r', self.replicas[0].domain.realm,
|
|
|
a99c7c |
+ '-p', self.replicas[0].config.admin_name,
|
|
|
a99c7c |
+ '-w', self.master.config.admin_password
|
|
|
a99c7c |
+ ])
|
|
|
a99c7c |
+ assert result.returncode == 0
|
|
|
a99c7c |
+ assert (
|
|
|
a99c7c |
+ exp_str1 in result.stderr_text and exp_str2 in result.stderr_text
|
|
|
a99c7c |
+ )
|
|
|
a99c7c |
+
|
|
|
a99c7c |
+ # when called without principal and password, and without
|
|
|
a99c7c |
+ # any kerberos TGT, it should default to principal=admin
|
|
|
a99c7c |
+ # and prompt for a password
|
|
|
a99c7c |
+ result = self.replicas[0].run_command(
|
|
|
a99c7c |
+ ['ipa-replica-conncheck', '--auto-master-check',
|
|
|
a99c7c |
+ '--master', self.master.hostname,
|
|
|
a99c7c |
+ '-r', self.replicas[0].domain.realm],
|
|
|
a99c7c |
+ stdin_text=self.master.config.admin_password
|
|
|
a99c7c |
+ )
|
|
|
a99c7c |
+ assert result.returncode == 0
|
|
|
a99c7c |
+ assert (
|
|
|
a99c7c |
+ exp_str1 in result.stderr_text and exp_str2 in result.stderr_text
|
|
|
a99c7c |
+ )
|
|
|
a99c7c |
+
|
|
|
a99c7c |
+ # when called without principal and password but with a kerberos TGT,
|
|
|
a99c7c |
+ # kinit admin done before calling ipa-replica-conncheck
|
|
|
a99c7c |
+ tasks.kinit_admin(self.replicas[0])
|
|
|
a99c7c |
+ result = self.replicas[0].run_command(
|
|
|
a99c7c |
+ ['ipa-replica-conncheck', '--auto-master-check',
|
|
|
a99c7c |
+ '--master', self.master.hostname,
|
|
|
a99c7c |
+ '-r', self.replicas[0].domain.realm]
|
|
|
a99c7c |
+ )
|
|
|
a99c7c |
+ assert result.returncode == 0
|
|
|
a99c7c |
+ assert (
|
|
|
a99c7c |
+ exp_str1 in result.stderr_text and exp_str2 in result.stderr_text
|
|
|
a99c7c |
+ )
|
|
|
a99c7c |
+ tasks.kdestroy_all(self.replicas[0])
|
|
|
a99c7c |
+
|
|
|
a99c7c |
def test_automatic_renewal_master_transfer_ondelete(self):
|
|
|
a99c7c |
# Test that after replica uninstallation, master overtakes the cert
|
|
|
a99c7c |
# renewal master role from replica (which was previously set there)
|
|
|
a99c7c |
--
|
|
|
a99c7c |
2.34.1
|
|
|
a99c7c |
|