Import Upstream version 4.12.4

2025-08-12 22:28:56 +02:00
parent 03a8170b15
commit 9181ee2487
1629 changed files with 874094 additions and 554378 deletions
--- a/ipatests/test_cmdline/cmdline.py
+++ b/ipatests/test_cmdline/cmdline.py
@@ -23,10 +23,10 @@ Base class for all cmdline tests

 from __future__ import absolute_import

-import distutils.spawn
 import os

 import pytest
+import shutil

 from ipalib import api
 from ipalib import errors
@@ -60,7 +60,7 @@ class cmdline_test(XMLRPC_test):
        cls = request.cls
        original_command = cls.command
        if not os.path.isabs(cls.command):
-            cls.command = distutils.spawn.find_executable(cls.command)
+            cls.command = shutil.which(cls.command)
        # raise an error if the command is missing even if the remote
        # server is not available.
        if not cls.command:
--- a/ipatests/test_cmdline/test_ipagetkeytab.py
+++ b/ipatests/test_cmdline/test_ipagetkeytab.py
@@ -44,8 +44,8 @@ from contextlib import contextmanager
@contextmanager
 def use_keytab(principal, keytab):
    with private_ccache() as ccache_file:
+        old_principal = getattr(context, 'principal', None)
        try:
-            old_principal = getattr(context, 'principal', None)
            name = gssapi.Name(principal, gssapi.NameType.kerberos_principal)
            store = {'ccache': ccache_file,
                     'client_keytab': keytab}
@@ -462,8 +462,8 @@ class test_smb_service(KeytabRetrievalTest):
            try:
                conn.update_entry(entry)
            except errors.ACIError:
-                assert ('No correct ACI to the allow ipaNTUserAttrs '
-                        'for SMB service' in "failure")
+                assert False,  ('No correct ACI to the allow ipaNTUserAttrs '
+                                'for SMB service')

        # Step 2. With ipaNTUserAttrs in place, we can ask to regenerate
        # ipaNTHash value. We can also verify it is possible to write to
@@ -475,15 +475,14 @@ class test_smb_service(KeytabRetrievalTest):
            try:
                conn.update_entry(entry)
            except errors.ACIError:
-                assert ("No correct ACI to the ipaNTHash for SMB service"
-                        in "failure")
+                assert False, "No correct ACI to the ipaNTHash for SMB service"
            except errors.EmptyResult:
-                assert "No arcfour-hmac in Kerberos keys" in "failure"
+                assert False, "No arcfour-hmac in Kerberos keys"
            except errors.DatabaseError:
                # Most likely ipaNTHash already existed -- we either get
                # OPERATIONS_ERROR or UNWILLING_TO_PERFORM, both map to
                # the same DatabaseError class.
-                assert "LDAP Entry corruption after generation" in "failure"
+                assert False, "LDAP Entry corruption after generation"

        # Update succeeded, now we have either MagicRegen (broken) or
        # a real NT hash in the entry. However, we can only retrieve it as
--- a/ipatests/test_cmdline/test_schema.py
+++ b/ipatests/test_cmdline/test_schema.py
@@ -0,0 +1,80 @@
+#
+# Copyright (C) 2021  FreeIPA Contributors see COPYING for license
+#
+import pytest
+import time
+
+from ipaclient.remote_plugins import ServerInfo
+
+
+class TestServerInfo(ServerInfo):
+    """Simplified ServerInfo class with hardcoded values"""
+    def __init__(self, fingerprint='deadbeef', hostname='ipa.example.test',
+                 force_check=False, language='en_US',
+                 version='2.0', expiration=None):
+        self._force_check = force_check
+        self._language = language
+        self._now = time.time()
+        self._dict = {
+            'fingerprint': fingerprint,
+            'expiration': expiration or time.time() + 3600,
+            'language': language,
+            'version': version,
+        }
+
+    def _read(self):
+        """Running on test controller, this is a no-op"""
+
+    def _write(self):
+        """Running on test controller, this is a no-op"""
+
+
+@pytest.mark.tier0
+class TestIPAServerInfo:
+    """Test that ServerInfo detects changes in remote configuration"""
+
+    def test_valid(self):
+        server_info = TestServerInfo()
+        assert server_info.is_valid() is True
+
+    def test_force_check(self):
+        server_info = TestServerInfo(force_check=True)
+        assert server_info.is_valid() is False
+
+    def test_language_change(self):
+        server_info = TestServerInfo()
+        assert server_info.is_valid() is True
+        server_info._language = 'fr_FR'
+        assert server_info.is_valid() is False
+        server_info._language = 'en_US'
+
+    def test_expired(self):
+        server_info = TestServerInfo(expiration=time.time() + 2)
+        assert server_info.is_valid() is True
+
+        # skip past the expiration time
+        server_info._now = time.time() + 5
+        assert server_info.is_valid() is False
+
+        # set a new expiration time in the future
+        server_info.update_validity(10)
+        assert server_info.is_valid() is True
+
+        # move to the future beyond expiration
+        server_info._now = time.time() + 15
+        assert server_info.is_valid() is False
+
+    def test_update_validity(self):
+        server_info = TestServerInfo(expiration=time.time() + 1)
+
+        # Expiration and time are one second off so the cache is ok
+        assert server_info.is_valid() is True
+
+        # Simulate time passing by
+        server_info._now = time.time() + 2
+
+        # the validity should be updated because it is now expired
+        server_info.update_validity(3600)
+
+        # the cache is now valid for another hour
+        assert server_info.is_valid() is True