From 701adb9185c77194ba1ad0c5fd2f13484417ef6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= Date: Tue, 20 Jul 2021 20:22:23 +0200 Subject: [PATCH] test_acme: make password renewal more robust MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A kinit immediately following a password change can fail. Setting KRB5_TRACE and retrieving kdcinfo will help to understand the cause of failure. Fixes: https://pagure.io/freeipa/issue/8929 Signed-off-by: François Cami Reviewed-By: Michal Polovka --- ipatests/test_integration/test_acme.py | 28 +++++++++++++------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/ipatests/test_integration/test_acme.py b/ipatests/test_integration/test_acme.py index b4aa1b351..10195a95f 100644 --- a/ipatests/test_integration/test_acme.py +++ b/ipatests/test_integration/test_acme.py @@ -576,25 +576,25 @@ class TestACMERenew(IntegrationTest): # request a standalone acme cert certbot_standalone_cert(self.clients[0], self.acme_server) - cmd_input = ( - # Password for admin@{REALM}: - "{pwd}\n" - # Password expired. You must change it now. - # Enter new password: - "{pwd}\n" - # Enter it again: - "{pwd}\n" - ) # move system date to expire acme cert for host in self.clients[0], self.master: tasks.kdestroy_all(host) tasks.move_date(host, 'stop', '+90days') - self.clients[0].run_command( - ['kinit', 'admin'], - stdin_text=cmd_input.format( - pwd=self.clients[0].config.admin_password - ) + + tasks.get_kdcinfo(host) + # Note raiseonerr=False: + # the assert is located after kdcinfo retrieval. + result = host.run_command( + "KRB5_TRACE=/dev/stdout kinit %s" % 'admin', + stdin_text='{0}\n{0}\n{0}\n'.format( + self.clients[0].config.admin_password + ), + raiseonerr=False ) + # Retrieve kdc.$REALM after the password change, just in case SSSD + # domain status flipped to online during the password change. + tasks.get_kdcinfo(host) + assert result.returncode == 0 yield -- 2.31.1