|
 |
6d47df |
From fd3f5153beb3221be077f277b07d886b6ca53b10 Mon Sep 17 00:00:00 2001
|
|
|
6d47df |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
6d47df |
Date: Nov 21 2018 03:21:29 +0000
|
|
|
6d47df |
Subject: ipa-replica-install: password and admin-password options mutually exclusive
|
|
|
6d47df |
|
|
|
6d47df |
|
|
|
6d47df |
Currently it is possible to run ipa-replica-install in one step,
|
|
|
6d47df |
and provide --password and --admin-password simultaneously.
|
|
|
6d47df |
This is confusing as --password is intended for one-time pwd
|
|
|
6d47df |
when the ipa-replica-install command is delegated to a user
|
|
|
6d47df |
who doesn't know the admin password.
|
|
|
6d47df |
|
|
|
6d47df |
The fix makes --password and --admin-password options
|
|
|
6d47df |
mutually exclusive.
|
|
|
6d47df |
|
|
|
6d47df |
Fixes https://pagure.io/freeipa/issue/6353
|
|
|
6d47df |
|
|
|
6d47df |
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
|
6d47df |
|
|
|
6d47df |
---
|
|
|
6d47df |
|
|
|
6d47df |
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
|
|
|
6d47df |
index 03d096d..d3e28a1 100644
|
|
|
6d47df |
--- a/ipaserver/install/server/replicainstall.py
|
|
|
6d47df |
+++ b/ipaserver/install/server/replicainstall.py
|
|
|
6d47df |
@@ -771,6 +771,10 @@ def promote_check(installer):
|
|
|
6d47df |
|
|
|
6d47df |
client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
|
|
|
6d47df |
if not client_fstore.has_files():
|
|
|
6d47df |
+ # One-step replica installation
|
|
|
6d47df |
+ if options.password and options.admin_password:
|
|
|
6d47df |
+ raise ScriptError("--password and --admin-password options are "
|
|
|
6d47df |
+ "mutually exclusive")
|
|
|
6d47df |
ensure_enrolled(installer)
|
|
|
6d47df |
else:
|
|
|
6d47df |
if (options.domain_name or options.server or options.realm_name or
|
|
|
6d47df |
|
|
|
6d47df |
From 2b155f98e7b9ced739233242ff53e2d4b4c7f063 Mon Sep 17 00:00:00 2001
|
|
|
6d47df |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
6d47df |
Date: Nov 21 2018 03:21:29 +0000
|
|
|
6d47df |
Subject: ipatests: add test for ipa-replica-install options
|
|
|
6d47df |
|
|
|
6d47df |
|
|
|
6d47df |
Add a test checking that --password and --admin-password
|
|
|
6d47df |
options are mutually exclusive.
|
|
|
6d47df |
|
|
|
6d47df |
Related to https://pagure.io/freeipa/issue/6353
|
|
|
6d47df |
|
|
|
6d47df |
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
|
6d47df |
|
|
|
6d47df |
---
|
|
|
6d47df |
|
|
|
6d47df |
diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
|
|
|
6d47df |
index 7803c34..e665318 100644
|
|
|
6d47df |
--- a/ipatests/test_integration/test_replica_promotion.py
|
|
|
6d47df |
+++ b/ipatests/test_integration/test_replica_promotion.py
|
|
|
6d47df |
@@ -50,6 +50,26 @@ class TestReplicaPromotionLevel1(ReplicaPromotionBase):
|
|
|
6d47df |
domain_level = DOMAIN_LEVEL_1
|
|
|
6d47df |
|
|
|
6d47df |
@replicas_cleanup
|
|
|
6d47df |
+ def test_one_step_install_pwd_and_admin_pwd(self):
|
|
|
6d47df |
+ """--password and --admin-password options are mutually exclusive
|
|
|
6d47df |
+
|
|
|
6d47df |
+ Test for ticket 6353
|
|
|
6d47df |
+ """
|
|
|
6d47df |
+ expected_err = "--password and --admin-password options are " \
|
|
|
6d47df |
+ "mutually exclusive"
|
|
|
6d47df |
+ result = self.replicas[0].run_command([
|
|
|
6d47df |
+ 'ipa-replica-install', '-w',
|
|
|
6d47df |
+ self.master.config.admin_password,
|
|
|
6d47df |
+ '-p', 'OTPpwd',
|
|
|
6d47df |
+ '-n', self.master.domain.name,
|
|
|
6d47df |
+ '-r', self.master.domain.realm,
|
|
|
6d47df |
+ '--server', self.master.hostname,
|
|
|
6d47df |
+ '-U'],
|
|
|
6d47df |
+ raiseonerr=False)
|
|
|
6d47df |
+ assert result.returncode == 1
|
|
|
6d47df |
+ assert expected_err in result.stderr_text
|
|
|
6d47df |
+
|
|
|
6d47df |
+ @replicas_cleanup
|
|
|
6d47df |
def test_one_command_installation(self):
|
|
|
6d47df |
"""
|
|
|
6d47df |
TestCase:
|
|
|
6d47df |
|