ipa/0018-ipatests-Test-for-ipa-hbac-rule-duplication.patch

From 7f4e7e1d6a2ae9d05a2dfcf620f4df07d09d9d2b Mon Sep 17 00:00:00 2001
From: Sudhir Menon <sumenon@redhat.com>
Date: Thu, 3 Oct 2024 18:45:31 +0530
Subject: [PATCH] ipatests: Test for ipa hbac rule duplication

This test checks that ipa-migrate is not creating duplicate default hbac rules
for allow_all and allow_systemd-user rules.

Related: https://pagure.io/freeipa/issue/9640

Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
---
 .../test_ipa_ipa_migration.py                 | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/ipatests/test_integration/test_ipa_ipa_migration.py b/ipatests/test_integration/test_ipa_ipa_migration.py
index 288165e8a83a96e6f6bd4e52866f98617f497c56..70c268951a0d7e40806742b16e62b764b2bae37b 100644
--- a/ipatests/test_integration/test_ipa_ipa_migration.py
+++ b/ipatests/test_integration/test_ipa_ipa_migration.py
@@ -9,6 +9,7 @@ from __future__ import absolute_import
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.pytest_ipa.integration import tasks
 from ipaplatform.paths import paths
+from collections import Counter
 
 import pytest
 import textwrap
@@ -920,3 +921,28 @@ class TestIPAMigrateScenario1(IntegrationTest):
         )
         assert result.returncode == 1
         assert ERR_MSG in result.stderr_text
+
+    def test_ipa_hbac_rule_duplication(self):
+        """
+        This testcase checks that default hbac rules
+        are not duplicated on the local server when
+        ipa-migrate command is run.
+        """
+        run_migrate(
+            self.replicas[0],
+            "prod-mode",
+            self.master.hostname,
+            "cn=Directory Manager",
+            self.master.config.admin_password,
+            extra_args=['-n']
+        )
+        result = self.replicas[0].run_command(
+            ['ipa', 'hbacrule-find']
+        )
+        lines = result.stdout_text.splitlines()
+        line = []
+        for i in lines:
+            line.append(i.strip())
+        count = Counter(line)
+        assert count.get('Rule name: allow_all') < 2
+        assert count.get('Rule name: allow_systemd-user') < 2
-- 
2.46.2
ipa-4.12.2-2 - Related: RHEL-59788 Rebase Samba to the latest 4.21.x release - Fixes: RHEL-61642 Uninstall ACME separately during PKI uninstallation - Fixes: RHEL-56963 SSSD offline causing test-adtrust-install failure - Fixes: RHEL-56473 Include latest fixes in python3-ipatests packages - Fixes: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode - Fixes: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges - Fixes: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode - Fixes: RHEL-4915 Last expired OTP token would be c Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> 2024-10-21 17:24:16 +00:00			`From 7f4e7e1d6a2ae9d05a2dfcf620f4df07d09d9d2b Mon Sep 17 00:00:00 2001`
			`From: Sudhir Menon <sumenon@redhat.com>`
			`Date: Thu, 3 Oct 2024 18:45:31 +0530`
			`Subject: [PATCH] ipatests: Test for ipa hbac rule duplication`

			`This test checks that ipa-migrate is not creating duplicate default hbac rules`
			`for allow_all and allow_systemd-user rules.`

			`Related: https://pagure.io/freeipa/issue/9640`

			`Signed-off-by: Sudhir Menon <sumenon@redhat.com>`
			`Reviewed-By: Rob Crittenden <rcritten@redhat.com>`
			`Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>`
			`---`
			`.../test_ipa_ipa_migration.py \| 26 +++++++++++++++++++`
			`1 file changed, 26 insertions(+)`

			`diff --git a/ipatests/test_integration/test_ipa_ipa_migration.py b/ipatests/test_integration/test_ipa_ipa_migration.py`
			`index 288165e8a83a96e6f6bd4e52866f98617f497c56..70c268951a0d7e40806742b16e62b764b2bae37b 100644`
			`--- a/ipatests/test_integration/test_ipa_ipa_migration.py`
			`+++ b/ipatests/test_integration/test_ipa_ipa_migration.py`
			`@@ -9,6 +9,7 @@ from __future__ import absolute_import`
			`from ipatests.test_integration.base import IntegrationTest`
			`from ipatests.pytest_ipa.integration import tasks`
			`from ipaplatform.paths import paths`
			`+from collections import Counter`

			`import pytest`
			`import textwrap`
			`@@ -920,3 +921,28 @@ class TestIPAMigrateScenario1(IntegrationTest):`
			`)`
			`assert result.returncode == 1`
			`assert ERR_MSG in result.stderr_text`
			`+`
			`+ def test_ipa_hbac_rule_duplication(self):`
			`+ """`
			`+ This testcase checks that default hbac rules`
			`+ are not duplicated on the local server when`
			`+ ipa-migrate command is run.`
			`+ """`
			`+ run_migrate(`
			`+ self.replicas[0],`
			`+ "prod-mode",`
			`+ self.master.hostname,`
			`+ "cn=Directory Manager",`
			`+ self.master.config.admin_password,`
			`+ extra_args=['-n']`
			`+ )`
			`+ result = self.replicas[0].run_command(`
			`+ ['ipa', 'hbacrule-find']`
			`+ )`
			`+ lines = result.stdout_text.splitlines()`
			`+ line = []`
			`+ for i in lines:`
			`+ line.append(i.strip())`
			`+ count = Counter(line)`
			`+ assert count.get('Rule name: allow_all') < 2`
			`+ assert count.get('Rule name: allow_systemd-user') < 2`
			`--`
			`2.46.2`