|
 |
7e1b55 |
From 7a13200fd8b92dd90ebc4b6416ef25659df8aa71 Mon Sep 17 00:00:00 2001
|
|
|
7e1b55 |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
7e1b55 |
Date: Fri, 16 Jul 2021 12:59:47 -0400
|
|
|
7e1b55 |
Subject: [PATCH] ipatests: test ipa-getkeytab server option
|
|
|
7e1b55 |
|
|
|
7e1b55 |
Test various usages of the -s/--server option:
|
|
|
7e1b55 |
* -s is defined, use it as the server
|
|
|
7e1b55 |
* no -s, use the host value from /etc/ipa/default.conf
|
|
|
7e1b55 |
* -s is '_srv_', do DNS discovery
|
|
|
7e1b55 |
|
|
|
7e1b55 |
https://pagure.io/freeipa/issue/8478
|
|
|
7e1b55 |
|
|
|
7e1b55 |
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
7e1b55 |
---
|
|
|
7e1b55 |
ipatests/test_integration/test_commands.py | 58 ++++++++++++++++++++++
|
|
|
7e1b55 |
1 file changed, 58 insertions(+)
|
|
|
7e1b55 |
|
|
|
7e1b55 |
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
|
|
|
7e1b55 |
index d64519eb7..2035ced56 100644
|
|
|
7e1b55 |
--- a/ipatests/test_integration/test_commands.py
|
|
|
7e1b55 |
+++ b/ipatests/test_integration/test_commands.py
|
|
|
7e1b55 |
@@ -1467,6 +1467,64 @@ class TestIPACommand(IntegrationTest):
|
|
|
7e1b55 |
assert 'This account is currently not available' in \
|
|
|
7e1b55 |
result.stdout_text
|
|
|
7e1b55 |
|
|
|
7e1b55 |
+ def test_ipa_getkeytab_server(self):
|
|
|
7e1b55 |
+ """
|
|
|
7e1b55 |
+ Exercise the ipa-getkeytab server options
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
+ This relies on the behavior that without a TGT
|
|
|
7e1b55 |
+ ipa-getkeytab will quit and not do much of anything.
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
+ A bogus keytab and principal are passed in to satisfy the
|
|
|
7e1b55 |
+ minimum requirements.
|
|
|
7e1b55 |
+ """
|
|
|
7e1b55 |
+ tasks.kdestroy_all(self.master)
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
+ # Pass in a server name to use
|
|
|
7e1b55 |
+ result = self.master.run_command(
|
|
|
7e1b55 |
+ [
|
|
|
7e1b55 |
+ paths.IPA_GETKEYTAB,
|
|
|
7e1b55 |
+ "-k",
|
|
|
7e1b55 |
+ "/tmp/keytab",
|
|
|
7e1b55 |
+ "-p",
|
|
|
7e1b55 |
+ "foo",
|
|
|
7e1b55 |
+ "-s",
|
|
|
7e1b55 |
+ self.master.hostname,
|
|
|
7e1b55 |
+ "-v",
|
|
|
7e1b55 |
+ ], raiseonerr=False).stderr_text
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
+ assert 'Using provided server %s' % self.master.hostname in result
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
+ # Don't pass in a name, should use /etc/ipa/default.conf
|
|
|
7e1b55 |
+ result = self.master.run_command(
|
|
|
7e1b55 |
+ [
|
|
|
7e1b55 |
+ paths.IPA_GETKEYTAB,
|
|
|
7e1b55 |
+ "-k",
|
|
|
7e1b55 |
+ "/tmp/keytab",
|
|
|
7e1b55 |
+ "-p",
|
|
|
7e1b55 |
+ "foo",
|
|
|
7e1b55 |
+ "-v",
|
|
|
7e1b55 |
+ ], raiseonerr=False).stderr_text
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
+ assert (
|
|
|
7e1b55 |
+ 'Using server from config %s' % self.master.hostname
|
|
|
7e1b55 |
+ in result
|
|
|
7e1b55 |
+ )
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
+ # Use DNS SRV lookup
|
|
|
7e1b55 |
+ result = self.master.run_command(
|
|
|
7e1b55 |
+ [
|
|
|
7e1b55 |
+ paths.IPA_GETKEYTAB,
|
|
|
7e1b55 |
+ "-k",
|
|
|
7e1b55 |
+ "/tmp/keytab",
|
|
|
7e1b55 |
+ "-p",
|
|
|
7e1b55 |
+ "foo",
|
|
|
7e1b55 |
+ "-s",
|
|
|
7e1b55 |
+ "_srv_",
|
|
|
7e1b55 |
+ "-v",
|
|
|
7e1b55 |
+ ], raiseonerr=False).stderr_text
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
+ assert 'Discovered server %s' % self.master.hostname in result
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
|
|
|
7e1b55 |
class TestIPACommandWithoutReplica(IntegrationTest):
|
|
|
7e1b55 |
"""
|
|
|
7e1b55 |
--
|
|
|
7e1b55 |
2.31.1
|
|
|
7e1b55 |
|