Import Upstream version 4.12.4
This commit is contained in:
geos_one
@@ -35,6 +35,7 @@ from ipatests.test_integration.base import IntegrationTest
|
||||
from ipatests.pytest_ipa.integration import tasks
|
||||
from ipatests.test_integration.test_dnssec import wait_until_record_is_signed
|
||||
from ipatests.test_integration.test_simple_replication import check_replication
|
||||
from ipatests.test_integration.test_topology import find_segment
|
||||
from ipatests.util import assert_deepequal
|
||||
from ldap.dn import escape_dn_chars
|
||||
|
||||
@@ -209,6 +210,40 @@ class TestBackupAndRestore(IntegrationTest):
|
||||
'"%a %G:%U"', log_path])
|
||||
assert "770 dirsrv:dirsrv" in cmd.stdout_text
|
||||
|
||||
def test_data_backup_and_restore(self):
|
||||
"""backup data only then restore"""
|
||||
with restore_checker(self.master):
|
||||
backup_path = tasks.get_backup_dir(self.master, data_only=True)
|
||||
|
||||
self.master.run_command(['ipa', 'user-add', 'testuser',
|
||||
'--first', 'test',
|
||||
'--last', 'user'])
|
||||
|
||||
tasks.ipa_restore(self.master, backup_path)
|
||||
|
||||
# the user added in the interim should now be gone
|
||||
result = self.master.run_command(
|
||||
['ipa', 'user-show', 'test-user'], raiseonerr=False
|
||||
)
|
||||
assert 'user not found' in result.stderr_text
|
||||
|
||||
def test_data_backup_and_restore_backend(self):
|
||||
"""backup data only then restore"""
|
||||
with restore_checker(self.master):
|
||||
backup_path = tasks.get_backup_dir(self.master, data_only=True)
|
||||
|
||||
self.master.run_command(['ipa', 'user-add', 'testuser',
|
||||
'--first', 'test',
|
||||
'--last', 'user'])
|
||||
|
||||
tasks.ipa_restore(self.master, backup_path, backend='userRoot')
|
||||
|
||||
# the user added in the interim should now be gone
|
||||
result = self.master.run_command(
|
||||
['ipa', 'user-show', 'test-user'], raiseonerr=False
|
||||
)
|
||||
assert 'user not found' in result.stderr_text
|
||||
|
||||
def test_full_backup_and_restore_with_removed_users(self):
|
||||
"""regression test for https://fedorahosted.org/freeipa/ticket/3866"""
|
||||
with restore_checker(self.master):
|
||||
@@ -311,6 +346,11 @@ class BaseBackupAndRestoreWithDNS(IntegrationTest):
|
||||
tasks.install_master(self.master, setup_dns=True)
|
||||
self.master.run_command(['ipa-restore', backup_path],
|
||||
stdin_text=dirman_password + '\nyes')
|
||||
if reinstall:
|
||||
# If the server was reinstalled, reinstall may have changed
|
||||
# the uid and restore reverts to the original value.
|
||||
# clear the cache to make sure we get up-to-date values
|
||||
tasks.clear_sssd_cache(self.master)
|
||||
tasks.resolve_record(self.master.ip, self.example_test_zone)
|
||||
|
||||
tasks.kinit_admin(self.master)
|
||||
@@ -380,6 +420,12 @@ class BaseBackupAndRestoreWithDNSSEC(IntegrationTest):
|
||||
self.master.run_command(['ipa-restore', backup_path],
|
||||
stdin_text=dirman_password + '\nyes')
|
||||
|
||||
if reinstall:
|
||||
# If the server was reinstalled, reinstall may have changed
|
||||
# the uid and restore reverts to the original value.
|
||||
# clear the cache to make sure we get up-to-date values
|
||||
tasks.clear_sssd_cache(self.master)
|
||||
|
||||
assert (
|
||||
wait_until_record_is_signed(
|
||||
self.master.ip, self.example_test_zone)
|
||||
@@ -451,9 +497,11 @@ class BaseBackupAndRestoreWithKRA(IntegrationTest):
|
||||
|
||||
backup_path = tasks.get_backup_dir(self.master)
|
||||
|
||||
self.master.run_command(['ipa-server-install',
|
||||
'--uninstall',
|
||||
'-U'])
|
||||
# check that no error message in uninstall log for KRA instance
|
||||
cmd = self.master.run_command(['ipa-server-install',
|
||||
'--uninstall',
|
||||
'-U'])
|
||||
assert "failed to uninstall KRA" not in cmd.stderr_text
|
||||
|
||||
if reinstall:
|
||||
tasks.install_master(self.master, setup_dns=True)
|
||||
@@ -462,6 +510,12 @@ class BaseBackupAndRestoreWithKRA(IntegrationTest):
|
||||
self.master.run_command(['ipa-restore', backup_path],
|
||||
stdin_text=dirman_password + '\nyes')
|
||||
|
||||
if reinstall:
|
||||
# If the server was reinstalled, reinstall may have changed
|
||||
# the uid and restore reverts to the original value.
|
||||
# clear the cache to make sure we get up-to-date values
|
||||
tasks.clear_sssd_cache(self.master)
|
||||
|
||||
tasks.kinit_admin(self.master)
|
||||
# retrieve secret after restore
|
||||
self.master.run_command([
|
||||
@@ -482,6 +536,20 @@ class TestBackupReinstallRestoreWithKRA(BaseBackupAndRestoreWithKRA):
|
||||
"""backup, uninstall, reinstall, restore"""
|
||||
self._full_backup_restore_with_vault(reinstall=True)
|
||||
|
||||
def test_no_error_message_with_uninstall_ipa_with_kra(self):
|
||||
"""Test there is no error message in uninstall log for KRA instance
|
||||
|
||||
There was error message in uninstall log when IPA with KRA was
|
||||
uninstalled. This test check that there is no error message in
|
||||
uninstall log for kra instance.
|
||||
|
||||
related: https://pagure.io/freeipa/issue/8550
|
||||
"""
|
||||
cmd = self.master.run_command(['ipa-server-install',
|
||||
'--uninstall',
|
||||
'-U'])
|
||||
assert "failed to uninstall KRA" not in cmd.stderr_text
|
||||
|
||||
|
||||
class TestBackupAndRestoreWithReplica(IntegrationTest):
|
||||
"""Regression tests for issues 7234 and 7455
|
||||
@@ -506,15 +574,6 @@ class TestBackupAndRestoreWithReplica(IntegrationTest):
|
||||
domain_level = cls.master.config.domain_level
|
||||
else:
|
||||
domain_level = cls.domain_level
|
||||
# Configure /etc/resolv.conf on each replica to use the master as DNS
|
||||
# Otherwise ipa-replica-manage re-initialize is unable to
|
||||
# resolve the master name
|
||||
tasks.config_host_resolvconf_with_master_data(
|
||||
cls.master, cls.replica1
|
||||
)
|
||||
tasks.config_host_resolvconf_with_master_data(
|
||||
cls.master, cls.replica2
|
||||
)
|
||||
# Configure only master and one replica.
|
||||
# Replica is configured without CA
|
||||
tasks.install_topo(
|
||||
@@ -577,6 +636,12 @@ class TestBackupAndRestoreWithReplica(IntegrationTest):
|
||||
tasks.user_add(self.replica1, 'test2_replica')
|
||||
|
||||
# simulate master crash
|
||||
# the replica is stopped to make sure master uninstallation
|
||||
# does not delete any entry on the replica. In case of a
|
||||
# real master crash there would not be any communication between
|
||||
# master and replica
|
||||
self.replica1.run_command(['ipactl', 'stop'])
|
||||
|
||||
self.master.run_command(['ipactl', 'stop'])
|
||||
tasks.uninstall_master(self.master, clean=False)
|
||||
|
||||
@@ -587,6 +652,7 @@ class TestBackupAndRestoreWithReplica(IntegrationTest):
|
||||
self.master.run_command([
|
||||
"systemctl", "disable", "oddjobd"
|
||||
])
|
||||
self.replica1.run_command(['ipactl', 'start'])
|
||||
|
||||
self.master.run_command(['ipa-restore', '-U', backup_path])
|
||||
|
||||
@@ -837,14 +903,16 @@ class TestReplicaInstallAfterRestore(IntegrationTest):
|
||||
master.run_command(['ipa-restore', backup_path],
|
||||
stdin_text=dirman_password + '\nyes')
|
||||
|
||||
tasks.kinit_admin(master)
|
||||
# re-initialize topology after restore.
|
||||
topo_name = "{}-to-{}".format(master.hostname, replica1.hostname)
|
||||
for topo_suffix in 'domain', 'ca':
|
||||
arg = ['ipa',
|
||||
'topologysegment-reinitialize',
|
||||
topo_suffix,
|
||||
topo_name,
|
||||
'--left']
|
||||
topo_name = find_segment(master, replica1, topo_suffix)
|
||||
arg = ['ipa', 'topologysegment-reinitialize',
|
||||
topo_suffix, topo_name]
|
||||
if topo_name.split('-to-', maxsplit=1)[0] != master.hostname:
|
||||
arg.append('--left')
|
||||
else:
|
||||
arg.append('--right')
|
||||
replica1.run_command(arg)
|
||||
|
||||
# wait sometime for re-initialization
|
||||
@@ -1021,6 +1089,13 @@ class TestBackupRoles(IntegrationTest):
|
||||
'-a', self.master.config.admin_password,
|
||||
'--add-sids'
|
||||
])
|
||||
|
||||
# wait for replication to propagate the change on
|
||||
# cn=adtrust agents,cn=sysaccounts,cn=etc,dc=ipa,dc=test
|
||||
# as the ipa server-role-find call is using this entry to
|
||||
# build its output
|
||||
tasks.wait_for_replication(self.replicas[0].ldap_connect())
|
||||
|
||||
# double-check
|
||||
assert self._ipa_replica_role_check(
|
||||
self.replicas[0].hostname, self.serverroles['ADTC']
|
||||
@@ -1055,6 +1130,13 @@ class TestBackupRoles(IntegrationTest):
|
||||
self.replicas[0].run_command([
|
||||
'ipa-adtrust-install', '--add-agents'], stdin_text=cmd_input
|
||||
)
|
||||
|
||||
# wait for replication to propagate the change on
|
||||
# cn=adtrust agents,cn=sysaccounts,cn=etc,dc=ipa,dc=test
|
||||
# as the ipa server-role-find call is using this entry to
|
||||
# build its output
|
||||
tasks.wait_for_replication(self.replicas[0].ldap_connect())
|
||||
|
||||
# check that master is now an AD Trust agent
|
||||
assert self._ipa_replica_role_check(
|
||||
self.master.hostname, self.serverroles['ADTA']
|
||||
@@ -1072,6 +1154,13 @@ class TestBackupRoles(IntegrationTest):
|
||||
'-a', self.master.config.admin_password,
|
||||
'--add-sids'
|
||||
])
|
||||
|
||||
# wait for replication to propagate the change on
|
||||
# cn=adtrust agents,cn=sysaccounts,cn=etc,dc=ipa,dc=test
|
||||
# as the ipa server-role-find call is using this entry to
|
||||
# build its output
|
||||
tasks.wait_for_replication(self.master.ldap_connect())
|
||||
|
||||
# master and replicas[0] are both AD Trust Controllers now.
|
||||
for hostname in [self.master.hostname, self.replicas[0].hostname]:
|
||||
assert self._ipa_replica_role_check(
|
||||
|
||||
Reference in New Issue
Block a user