From 8b703150a47bf509f37856bdc27cfa99e85e5e6b Mon Sep 17 00:00:00 2001
From: Anuja More <amore@redhat.com>
Date: Mon, 24 Jun 2024 13:48:24 +0530
Subject: [PATCH] ipatests: Test replica installation using AD admin.

Test to verify that replica connection check is not failing when
the AD administrator Administrator@AD.EXAMPLE.COM is
used for the deployment or promotion of a replica

Related: https://pagure.io/freeipa/issue/9542

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
---
 .../test_replica_promotion.py                 | 46 +++++++++++++++++++
 1 files changed, 46 insertions(+)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
index 7ef44c571c8a4106577d27f4712f661be873dacc..c754cef88cb275987f5afdaad43f2ea07e3b7476 100644
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -1318,3 +1318,49 @@ class TestHiddenReplicaKRA(IntegrationTest):
             self.replicas[0].hostname, '--state=hidden'
         ])
         assert result.returncode == 0
+
+
+class TestReplicaConn(IntegrationTest):
+    num_replicas = 1
+    num_ad_domains = 1
+
+    @classmethod
+    def install(cls, mh):
+        cls.replica = cls.replicas[0]
+        cls.ad = cls.ads[0]
+        ad_domain = cls.ad.domain.name
+        cls.ad_admin = 'Administrator@{}'.format(ad_domain.upper())
+        cls.adview = 'Default Trust View'
+        tasks.install_master(cls.master, setup_adtrust=True)
+        tasks.configure_dns_for_trust(cls.master, cls.ad)
+        tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name)
+        tasks.install_client(cls.master, cls.replica)
+
+    def test_replica_conncheck_ad_admin(self):
+        """
+        Test to verify that replica installation is not failing for
+        replica connection check when AD administrator
+        Administrator@AD.EXAMPLE.COM is used for the deployment
+        or promotion of a replica.
+
+        Related : https://pagure.io/freeipa/issue/9542
+        """
+        self.master.run_command(
+            ['ipa', 'idoverrideuser-add', self.adview, self.ad_admin]
+        )
+        self.master.run_command(
+            ["ipa", "group-add-member", "admins", "--idoverrideusers",
+             self.ad_admin]
+        )
+        tasks.clear_sssd_cache(self.master)
+
+        self.replica.run_command(
+            ["ipa-replica-install", "--setup-ca", "-U", "--ip-address",
+             self.replica.ip, "--realm", self.replica.domain.realm,
+             "--domain", self.replica.domain.name,
+             "--principal={0}".format(self.ad_admin),
+             "--password", self.master.config.ad_admin_password]
+        )
+        logs = self.replica.get_file_contents(paths.IPAREPLICA_CONNCHECK_LOG)
+        error = "not allowed to perform server connection check"
+        assert error.encode() not in logs
-- 
2.45.2