From ad4b7f6cedaed54acf279033b650010c65face10 Mon Sep 17 00:00:00 2001 From: Sudhir Menon Date: Tue, 20 Aug 2024 14:52:03 +0530 Subject: [PATCH] ipatests: Check Default PAC type is added to config This patch checks that the default PAC type is added to configuration i.e ipaKrbAuthzData: MS-PAC during ipa-server-installation The patch also checks that if 'ipaKrbAuthzData: MS-PAC' attribute is deleted and then when we run 'ipa-server-upgrade' command the attribute is added back. Related: https://pagure.io/freeipa/issue/9632 Signed-off-by: Sudhir Menon Reviewed-By: Florence Blanc-Renaud --- .../test_integration/test_installation.py | 15 +++++++++++ ipatests/test_integration/test_upgrade.py | 26 ++++++++++++++++++- 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index ada43e33fe173ea3c315178c37e2a664b05b905b..c5565c452010f23f038ddf329454b591ef09f6af 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -1190,6 +1190,21 @@ class TestInstallMaster(IntegrationTest): expected_stdout=f'href="https://{self.master.hostname}/' ) + def test_pac_configuration_enabled(self): + """ + This testcase checks that the default PAC type + is added to configuration. + """ + base_dn = str(self.master.domain.basedn) + dn = DN( + ("cn", "ipaConfig"), + ("cn", "etc"), + base_dn + ) + result = tasks.ldapsearch_dm(self.master, str(dn), + ["ipaKrbAuthzData"]) + assert 'ipaKrbAuthzData: MS-PAC' in result.stdout_text + def test_hostname_parameter(self, server_cleanup): """ Test that --hostname parameter is respected in interactive mode. diff --git a/ipatests/test_integration/test_upgrade.py b/ipatests/test_integration/test_upgrade.py index 011de939e92790734d63da2f85be1c25349116a8..a0f393780ccc25774466992976532c876aa876da 100644 --- a/ipatests/test_integration/test_upgrade.py +++ b/ipatests/test_integration/test_upgrade.py @@ -165,7 +165,6 @@ class TestUpgrade(IntegrationTest): ldap.update_entry(location_krb_rec) yield _setup_locations - ldap = self.master.ldap_connect() modified = False @@ -491,3 +490,28 @@ class TestUpgrade(IntegrationTest): tasks.reinstall_packages(self.master, ['*ipa-client']) assert not self.master.transport.file_exists( paths.SSH_CONFIG + ".orig") + + def test_mspac_attribute_set(self): + """ + This testcase deletes the already existing attribute + 'ipaKrbAuthzData: MS-PAC'. + The test then runs ipa-server-upgrade and checks that + the attribute 'ipaKrbAuthzData: MS-PAC' is added again. + """ + base_dn = str(self.master.domain.basedn) + dn = DN( + ("cn", "ipaConfig"), + ("cn", "etc"), + base_dn + ) + ldif = textwrap.dedent(""" + dn: cn=ipaConfig,cn=etc,{} + changetype: modify + delete: ipaKrbAuthzData + """).format(base_dn) + tasks.ldapmodify_dm(self.master, ldif) + tasks.kinit_admin(self.master) + self.master.run_command(['ipa-server-upgrade']) + result = tasks.ldapsearch_dm(self.master, str(dn), + ["ipaKrbAuthzData"]) + assert 'ipaKrbAuthzData: MS-PAC' in result.stdout_text -- 2.46.2