Imported Upstream version 4.8.10

ipatests/test_ipaserver/test_install/test_adtrustinstance.py

@@ -19,12 +19,16 @@
 """
 Test `adtrustinstance`
 """
-
-import os
-import nose
+import pytest
+import six
 
 from ipaserver.install import adtrustinstance
 
+if six.PY3:
+    unicode = str
+
+
+@pytest.mark.tier0
 class test_adtrustinstance:
     """
     Test `adtrustinstance`.

ipatests/test_ipaserver/test_install/test_installer.py

@@ -0,0 +1,151 @@
+#
+# Copyright (C) 2018  FreeIPA Contributors.  See COPYING for license
+#
+from __future__ import absolute_import
+
+import six
+
+from abc import ABCMeta, abstractproperty
+from collections import namedtuple
+import itertools
+
+import pytest
+
+from ipatests.util import assert_equal
+from ipaserver.install.ipa_replica_install import ReplicaInstall
+
+Keyval = namedtuple('Keyval', ['option', 'value'])
+
+
+class InstallerTestBase(six.with_metaclass(ABCMeta, object)):
+    OPTS_DICT = {}
+
+    # don't allow creating classes with tested_cls unspecified
+    @abstractproperty
+    def tested_cls(self):
+        return None
+
+    @pytest.fixture(autouse=True, scope="class")
+    def installer_setup(self, request):
+        """Initializes the tested class so that it can be used later on
+        """
+        cls = request.cls
+        cls.tested_cls.make_parser()
+        assert \
+            getattr(cls.tested_cls, 'option_parser', False), \
+            ("Unable to generate option parser for {}"
+             .format(cls.tested_cls.__name__))
+
+        cls._populate_opts_dict()
+
+    @classmethod
+    def _populate_opts_dict(cls):
+        """Populate the class-owned OPTS_DICT with available options
+        """
+        if not getattr(cls.tested_cls, 'option_parser', False):
+            raise RuntimeError("You need to create the parser of the tested "
+                               "class first.")
+
+        # add all options from the option groups
+        # pylint: disable=no-member
+        for opt_group in cls.tested_cls.option_parser.option_groups:
+            for opt in opt_group.option_list:
+                cls.OPTS_DICT[opt.dest] = opt._short_opts + opt._long_opts
+        # add options outside groups
+        for opt in cls.tested_cls.option_parser.option_list:
+            cls.OPTS_DICT[opt.dest] = opt._short_opts + opt._long_opts
+
+    def parse_cli_args(self, args):
+        """Parses the CLI-like arguments and returns them in python objects
+
+        :param args: A string representing the CLI arguments
+
+        :returns: dictionary and a list of parsed options and arguments
+        """
+        return self.tested_cls.option_parser.parse_args(args.split())
+
+    def get_installer_instance(self, args):
+        """Get instance of the configuring class
+        """
+        parsed_opts = self.parse_cli_args(args)
+        cls = self.tested_cls.get_command_class(*parsed_opts)
+        command_instance = cls(*parsed_opts)
+        return command_instance.init_configurator()
+
+    def combine_options(self, *args):
+        return ' '.join(args)
+
+    def all_option_permutations(self, *key_val):
+        """Gets all short-option/long-option permutations
+
+        :param key_val: Keyval tuples specifying the options to grab from
+                        OPTS_DICT along with the values to assign to them
+
+        :returns: list or list of lists of all permutations
+        """
+        if len(key_val) == 0:
+            return []
+        elif len(key_val) == 1:
+            val = key_val[0].value
+            return ['{opt} {val}'.format(opt=opt, val=val)
+                    for opt in self.OPTS_DICT[key_val[0].option]]
+
+        permutation_lists = [self.OPTS_DICT[k.option] for k in key_val]
+        permutation = itertools.product(*permutation_lists)
+
+        ret = []
+        for p in permutation:
+            opt_vals = []
+            for i, kv in enumerate(key_val):
+                opt_vals.append(
+                    '{opt} {val}'.format(
+                        opt=p[i], val=kv.value))
+            ret.append(opt_vals)
+        return ret
+
+
+class TestReplicaInstaller(InstallerTestBase):
+    tested_cls = ReplicaInstall
+
+    PASSWORD = Keyval("auto_password",
+                      "c3ca2246bcf309d1b636581ce429da3522a8aec4")
+    ADMIN_PASSWORD = Keyval("admin_password", "milan_je_buh123")
+    PRINCIPAL = Keyval("principal", "ubercool_guy")
+
+    def test_password_option_DL1(self):
+        # OTP enrollment
+        for passwd_opt in self.all_option_permutations(self.PASSWORD):
+            ic = self.get_installer_instance(passwd_opt)
+            assert_equal(ic.password, self.PASSWORD.value)
+
+        # admin principal enrollment
+        for adm_password_opt in (
+            self.all_option_permutations(self.ADMIN_PASSWORD)
+        ):
+            ic = self.get_installer_instance(adm_password_opt)
+            assert_equal(ic.password, None)
+            assert_equal(ic.admin_password, self.ADMIN_PASSWORD.value)
+
+        # if principal is set, we interpret --password as that principal's
+        for passwd_opt, principal_opt in (
+            self.all_option_permutations(self.PASSWORD, self.PRINCIPAL)
+        ):
+            ic = self.get_installer_instance(
+                self.combine_options(passwd_opt, principal_opt))
+            assert_equal(ic.password, None)
+            assert_equal(ic.principal, self.PRINCIPAL.value)
+            assert_equal(ic.admin_password, self.PASSWORD.value)
+
+        # if principal is set, we interpret --password as that principal's
+        # unless admin-password is also specified, in which case it's once
+        # again an OTP
+        for adm_password_opt, passwd_opt, principal_opt in (
+            self.all_option_permutations(
+                self.ADMIN_PASSWORD, self.PASSWORD, self.PRINCIPAL)
+        ):
+            ic = self.get_installer_instance(
+                self.combine_options(
+                    adm_password_opt, passwd_opt, principal_opt))
+            assert_equal(ic.password, self.PASSWORD.value)
+            assert_equal(ic.principal, self.PRINCIPAL.value)
+            assert_equal(ic.admin_password, self.ADMIN_PASSWORD.value)

ipatests/test_ipaserver/test_install/test_installutils.py

@@ -0,0 +1,262 @@
+#
+# Copyright (C) 2017  FreeIPA Contributors.  See COPYING for license
+#
+from __future__ import absolute_import
+
+import binascii
+import os
+import psutil
+import re
+import subprocess
+import textwrap
+
+import pytest
+
+from unittest.mock import patch, mock_open
+
+from ipaplatform.paths import paths
+from ipapython import ipautil
+from ipapython.admintool import ScriptError
+from ipaserver.install import installutils
+from ipaserver.install import ipa_backup
+from ipaserver.install import ipa_restore
+
+
+GPG_GENKEY = textwrap.dedent("""
+%echo Generating a standard key
+Key-Type: RSA
+Key-Length: 2048
+Name-Real: IPA Backup
+Name-Comment: IPA Backup
+Name-Email: root@example.com
+Expire-Date: 0
+Passphrase: {passphrase}
+%commit
+%echo done
+""")
+
+
+@pytest.fixture
+def gpgkey(request, tempdir):
+    passphrase = "Secret123"
+    gnupghome = os.path.join(tempdir, "gnupg")
+    os.makedirs(gnupghome, 0o700)
+    # provide clean env for gpg test
+    env = os.environ.copy()
+    orig_gnupghome = env.get('GNUPGHOME')
+    env['GNUPGHOME'] = gnupghome
+    env['LC_ALL'] = 'C.UTF-8'
+    env['LANGUAGE'] = 'C'
+    devnull = open(os.devnull, 'w')
+
+    # allow passing passphrases to agent
+    with open(os.path.join(gnupghome, "gpg-agent.conf"), 'w') as f:
+        f.write("verbose\n")
+        f.write("allow-preset-passphrase\n")
+
+    # daemonize agent (detach from the console and run in the background)
+    subprocess.Popen(
+        [paths.GPG_AGENT, '--batch', '--daemon'],
+        env=env, stdout=devnull, stderr=devnull
+    )
+
+    def fin():
+        if orig_gnupghome is not None:
+            os.environ['GNUPGHOME'] = orig_gnupghome
+        else:
+            os.environ.pop('GNUPGHOME', None)
+        subprocess.run(
+            [paths.GPG_CONF, '--kill', 'all'],
+            check=True,
+            env=env,
+        )
+
+    request.addfinalizer(fin)
+
+    # create public / private key pair
+    keygen = os.path.join(gnupghome, 'keygen')
+    with open(keygen, 'w') as f:
+        f.write(GPG_GENKEY.format(passphrase=passphrase))
+    subprocess.check_call(
+        [paths.GPG2, '--batch', '--gen-key', keygen],
+        env=env, stdout=devnull, stderr=devnull
+    )
+
+    # get keygrip of private key
+    out = subprocess.check_output(
+        [paths.GPG2, "--list-secret-keys", "--with-keygrip"],
+        env=env, stderr=subprocess.STDOUT
+    )
+    mo = re.search("Keygrip = ([A-Z0-9]{32,})", out.decode('utf-8'))
+    if mo is None:
+        raise ValueError(out.decode('utf-8'))
+    keygrip = mo.group(1)
+
+    # unlock private key
+    cmd = "PRESET_PASSPHRASE {} -1 {}".format(
+        keygrip,
+        binascii.hexlify(passphrase.encode('utf-8')).decode('utf-8')
+    )
+    subprocess.check_call(
+        [paths.GPG_CONNECT_AGENT, cmd, "/bye"],
+        env=env, stdout=devnull, stderr=devnull
+    )
+
+    # set env for the rest of the progress
+    os.environ['GNUPGHOME'] = gnupghome
+
+
+def test_gpg_encrypt(tempdir):
+    src = os.path.join(tempdir, "data.txt")
+    encrypted = os.path.join(tempdir, "data.gpg")
+    decrypted = os.path.join(tempdir, "data.out")
+    passwd = 'Secret123'
+    payload = 'Dummy text\n'
+
+    with open(src, 'w') as f:
+        f.write(payload)
+
+    installutils.encrypt_file(src, encrypted, password=passwd)
+    assert os.path.isfile(encrypted)
+
+    installutils.decrypt_file(encrypted, decrypted, password=passwd)
+    assert os.path.isfile(decrypted)
+    with open(decrypted) as f:
+        assert f.read() == payload
+
+    with pytest.raises(ipautil.CalledProcessError):
+        installutils.decrypt_file(encrypted, decrypted, password='invalid')
+
+
+def test_gpg_asymmetric(tempdir, gpgkey):
+    src = os.path.join(tempdir, "asymmetric.txt")
+    encrypted = src + ".gpg"
+    payload = 'Dummy text\n'
+
+    with open(src, 'w') as f:
+        f.write(payload)
+
+    ipa_backup.encrypt_file(src, remove_original=True)
+    assert os.path.isfile(encrypted)
+    assert not os.path.exists(src)
+
+    ipa_restore.decrypt_file(tempdir, encrypted)
+    assert os.path.isfile(src)
+    with open(src) as f:
+        assert f.read() == payload
+
+
+@pytest.mark.parametrize(
+    "platform, expected",
+    [
+        ("fedora", "fedora"),
+        ("fedora_container", "fedora"),
+        ("fedora_containers", "fedora_containers"),
+        ("fedoracontainer", "fedoracontainer"),
+        ("rhel", "rhel"),
+        ("rhel_container", "rhel"),
+    ]
+)
+def test_get_current_platform(monkeypatch, platform, expected):
+    monkeypatch.setattr(installutils.ipaplatform, "NAME", platform)
+    assert installutils.get_current_platform() == expected
+
+
+# The mock_exists in the following tests mocks that the cgroups
+# files exist even in non-containers. The values are provided by
+# mock_open_multi.
+
+
+@patch('ipaserver.install.installutils.in_container')
+@patch('os.path.exists')
+def test_in_container_no_cgroup(mock_exists, mock_in_container):
+    """
+    In a container in a container without cgroups, can't detect RAM
+    """
+    mock_in_container.return_value = True
+    mock_exists.side_effect = [False, False]
+    with pytest.raises(ScriptError):
+        installutils.check_available_memory(False)
+
+
+def mock_open_multi(*contents):
+    """Mock opening multiple files.
+
+       For our purposes the first read is limit, second is usage.
+
+       Note: this overrides *all* opens so if you use pdb then you will
+             need to extend the list by 2.
+    """
+    mock_files = [
+        mock_open(read_data=content).return_value for content in contents
+    ]
+    mock_multi = mock_open()
+    mock_multi.side_effect = mock_files
+
+    return mock_multi
+
+
+RAM_OK = str(1800 * 1000 * 1000)
+RAM_CA_USED = str(150 * 1000 * 1000)
+RAM_MOSTLY_USED = str(1500 * 1000 * 1000)
+RAM_NOT_OK = str(10 * 1000 * 1000)
+
+
+@patch('ipaserver.install.installutils.in_container')
+@patch('builtins.open', mock_open_multi(RAM_NOT_OK, "0"))
+@patch('os.path.exists')
+def test_in_container_insufficient_ram(mock_exists, mock_in_container):
+    """In a container with insufficient RAM and zero used"""
+    mock_in_container.return_value = True
+    mock_exists.side_effect = [True, True]
+
+    with pytest.raises(ScriptError):
+        installutils.check_available_memory(True)
+
+
+@patch('ipaserver.install.installutils.in_container')
+@patch('builtins.open', mock_open_multi(RAM_OK, RAM_CA_USED))
+@patch('os.path.exists')
+def test_in_container_ram_ok_no_ca(mock_exists, mock_in_container):
+    """In a container with just enough RAM to install w/o a CA"""
+    mock_in_container.return_value = True
+    mock_exists.side_effect = [True, True]
+
+    installutils.check_available_memory(False)
+
+
+@patch('ipaserver.install.installutils.in_container')
+@patch('builtins.open', mock_open_multi(RAM_OK, RAM_MOSTLY_USED))
+@patch('os.path.exists')
+def test_in_container_insufficient_ram_with_ca(mock_exists, mock_in_container):
+    """In a container and just miss the minimum RAM required"""
+    mock_in_container.return_value = True
+    mock_exists.side_effect = [True, True]
+
+    with pytest.raises(ScriptError):
+        installutils.check_available_memory(True)
+
+
+@patch('ipaserver.install.installutils.in_container')
+@patch('psutil.virtual_memory')
+def test_not_container_insufficient_ram_with_ca(mock_psutil, mock_in_container):
+    """Not a container and insufficient RAM"""
+    mock_in_container.return_value = False
+    fake_memory = psutil._pslinux.svmem
+    fake_memory.available = int(RAM_NOT_OK)
+    mock_psutil.return_value = fake_memory
+
+    with pytest.raises(ScriptError):
+        installutils.check_available_memory(True)
+
+
+@patch('ipaserver.install.installutils.in_container')
+@patch('psutil.virtual_memory')
+def test_not_container_ram_ok(mock_psutil, mock_in_container):
+    """Not a container and sufficient RAM"""
+    mock_in_container.return_value = False
+    fake_memory = psutil._pslinux.svmem
+    fake_memory.available = int(RAM_OK)
+    mock_psutil.return_value = fake_memory
+
+    installutils.check_available_memory(True)

ipatests/test_ipaserver/test_install/test_service.py

@@ -22,8 +22,10 @@ Tests for the `ipaserver.service` module.
 """
 
 from ipaserver.install import service
+import pytest
 
 
+@pytest.mark.tier0
 def test_format_seconds():
     assert service.format_seconds(0) == '0 seconds'
     assert service.format_seconds(1) == '1 second'