From 90b22ff888cc55132c78024d08ffcf0ce8021cea Mon Sep 17 00:00:00 2001 From: Sudhir Menon Date: Tue, 25 Jun 2024 11:00:28 +0530 Subject: [PATCH] ipatests: Tests for ipa-ipa migration tool This patch includes tests for ipa-ipa migration tool Signed-off-by: Sudhir Menon Reviewed-By: Florence Blanc-Renaud Reviewed-By: Mark Reynolds --- ipaplatform/base/paths.py | 1 + .../test_ipa_ipa_migration.py | 879 ++++++++++++++++++ 2 files changed, 880 insertions(+) create mode 100644 ipatests/test_integration/test_ipa_ipa_migration.py diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 2b0fc6b5aa954a1018f602605eb0cdcebcee0592..b339d2202f440e0277d50073060f4a3b55e312fe 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -425,6 +425,7 @@ class BasePathNamespace: IPA_CUSTODIA_HANDLER = "/usr/libexec/ipa/custodia" IPA_CUSTODIA_CHECK = "/usr/libexec/ipa/ipa-custodia-check" IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab' + IPA_MIGRATE_LOG = '/var/log/ipa-migrate.log' EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d' GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf' KRB5CC_HTTPD = '/tmp/krb5cc-httpd' diff --git a/ipatests/test_integration/test_ipa_ipa_migration.py b/ipatests/test_integration/test_ipa_ipa_migration.py new file mode 100644 index 0000000000000000000000000000000000000000..7e2d4a34216f6cf168f15dda10ce10538a3c3cb9 --- /dev/null +++ b/ipatests/test_integration/test_ipa_ipa_migration.py @@ -0,0 +1,879 @@ +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# + +""" +Tests to verify ipa-migrate tool. +""" + +from __future__ import absolute_import +from ipatests.test_integration.base import IntegrationTest +from ipatests.pytest_ipa.integration import tasks +from ipaplatform.paths import paths + +import pytest +import textwrap + + +def prepare_ipa_server(master): + """ + Setup remote IPA server environment + """ + # Setup IPA users + for i in range(1, 5): + master.run_command( + [ + "ipa", + "user-add", + "testuser%d" % i, + "--first", + "Test", + "--last", + "User%d" % i, + ] + ) + + # Setup IPA group + master.run_command(["ipa", "group-add", "testgroup"]) + + # Add respective members to each group + master.run_command( + ["ipa", "group-add-member", "testgroup", "--users=testuser1"] + ) + + # Adding stage user + master.run_command( + [ + "ipa", + "stageuser-add", + "--first=Tim", + "--last=User", + "--password", + "tuser1", + ] + ) + + # Add Custom idrange + master.run_command( + [ + "ipa", + "idrange-add", + "testrange", + "--base-id=10000", + "--range-size=10000", + "--rid-base=300000", + "--secondary-rid-base=400000", + ] + ) + + # Add Automount locations and maps + master.run_command(["ipa", "automountlocation-add", "baltimore"]) + master.run_command(["ipa", "automountmap-add", "baltimore", "auto.share"]) + master.run_command( + [ + "ipa", + "automountmap-add-indirect", + "baltimore", + "--parentmap=auto.share", + "--mount=sub auto.man", + ] + ) + master.run_command( + [ + "ipa", + "automountkey-add", + "baltimore", + "auto.master", + "--key=/share", + "--info=auto.share", + ] + ) + + # Run ipa-adtrust-install + master.run_command(["dnf", "install", "-y", "ipa-server-trust-ad"]) + master.run_command( + [ + "ipa-adtrust-install", + "-a", + master.config.admin_password, + "--add-sids", + "-U", + ] + ) + + # Generate subids for users + master.run_command(["ipa", "subid-generate", "--owner=testuser1"]) + master.run_command(["ipa", "subid-generate", "--owner=admin"]) + + # Add Sudo rules + master.run_command(["ipa", "sudorule-add", "readfiles"]) + master.run_command(["ipa", "sudocmd-add", "/usr/bin/less"]) + master.run_command( + [ + "ipa", + "sudorule-add-allow-command", + "readfiles", + "--sudocmds", + "/usr/bin/less", + ] + ) + master.run_command( + [ + "ipa", + "sudorule-add-host", + "readfiles", + "--hosts", + "server.example.com", + ] + ) + master.run_command( + ["ipa", "sudorule-add-user", "readfiles", "--users", "testuser1"] + ) + + # Add Custom CA + master.run_command( + [ + "ipa", + "ca-add", + "puppet", + "--desc", + '"Puppet"', + "--subject", + "CN=Puppet CA,O=TESTRELM.TEST", + ] + ) + + # Add ipa roles and add privileges to the role + master.run_command( + ["ipa", "role-add", "--desc=Junior-level admin", "junioradmin"] + ) + master.run_command( + [ + "ipa", + "role-add-privilege", + "--privileges=User Administrators", + "junioradmin", + ] + ) + + # Add permission + master.run_command( + [ + "ipa", + "permission-add", + "--type=user", + "--permissions=add", + "Add Users", + ] + ) + + # Add otp token for testuser1 + master.run_command( + [ + "ipa", + "otptoken-add", + "--type=totp", + "--owner=testuser1", + '--desc="My soft token', + ] + ) + + # Add a netgroup and user to the netgroup + master.run_command( + ["ipa", "netgroup-add", '--desc="NFS admins"', "admins"] + ) + master.run_command( + ["ipa", "netgroup-add-member", "--users=testuser2", "admins"] + ) + + # Set krbpolicy policy + master.run_command( + ["ipa", "krbtpolicy-mod", "--maxlife=99999", "--maxrenew=99999"] + ) + master.run_command(["ipa", "krbtpolicy-mod", "admin", "--maxlife=9600"]) + + # Add IPA location + master.run_command( + ["ipa", "location-add", "location", "--description", "My location"] + ) + + # Add idviews and overrides + master.run_command(["ipa", "idview-add", "idview1"]) + master.run_command(["ipa", "idoverrideuser-add", "idview1", "testuser1"]) + master.run_command( + [ + "ipa", + "idoverrideuser-mod", + "idview1", + "testuser1", + "--shell=/bin/sh", + ] + ) + + # Add DNSzone + master.run_command( + [ + "ipa", + "dnszone-add", + "example.test", + "--admin-email=admin@example.test", + ] + ) + master.run_command( + ["ipa", "dnszone-mod", "example.test", "--dynamic-update=TRUE"] + ) + + # Add hbac rule + master.run_command(["ipa", "hbacrule-add", "--usercat=all", "test1"]) + master.run_command( + ["ipa", "hbacrule-add", "--hostcat=all", "testuser_sshd"] + ) + master.run_command( + ["ipa", "hbacrule-add-user", "--users=testuser1", "testuser_sshd"] + ) + master.run_command( + ["ipa", "hbacrule-add-service", "--hbacsvcs=sshd", "testuser_sshd"] + ) + + # Vault addition + master.run_command( + [ + "ipa", + "vault-add", + "--password", + "vault1234", + "--type", + "symmetric", + ] + ) + + # Add Selinuxusermap + master.run_command( + [ + "ipa", + "selinuxusermap-add", + "--usercat=all", + "--selinuxuser=xguest_u:s0", + "test1", + ] + ) + + # Modify passkeyconfig + master.run_command( + ["ipa", "passkeyconfig-mod", "--require-user-verification=FALSE"] + ) + + +def run_migrate( + host, mode, remote_host, bind_dn=None, bind_pwd=None, extra_args=None +): + """ + ipa-migrate tool command + """ + cmd = ["ipa-migrate"] + if mode: + cmd.append(mode) + if remote_host: + cmd.append(remote_host) + if bind_dn: + cmd.append("-D") + cmd.append(bind_dn) + if bind_pwd: + cmd.append("-w") + cmd.append(bind_pwd) + if extra_args: + for arg in extra_args: + cmd.append(arg) + result = host.run_command(cmd, raiseonerr=False) + return result + + +class TestIPAMigrateScenario1(IntegrationTest): + """ + Tier-1 tests for ipa-migrate tool with DNS enabled on + local and remote server + """ + + num_replicas = 1 + num_clients = 1 + topology = "line" + + @classmethod + def install(cls, mh): + tasks.install_master(cls.master, setup_dns=True, setup_kra=True) + prepare_ipa_server(cls.master) + tasks.install_client(cls.master, cls.clients[0], nameservers=None) + + def test_remote_server(self): + """ + This test installs IPA server instead of replica on + system under test with the same realm and domain name. + """ + tasks.install_master(self.replicas[0], setup_dns=True, setup_kra=True) + + def test_ipa_migrate_without_kinit_as_admin(self): + """ + This test checks that ipa-migrate tool displays + error when kerberos ticket is missing for admin + """ + self.replicas[0].run_command(["kdestroy", "-A"]) + KINIT_ERR_MSG = "ipa: ERROR: Did not receive Kerberos credentials\n" + result = run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=['-x'], + ) + assert result.returncode == 1 + assert KINIT_ERR_MSG in result.stderr_text + tasks.kinit_admin(self.replicas[0]) + + def test_ipa_migrate_log_file_is_created(self): + """ + This test checks that ipa-migrate.log file is created when ipa-migrate + tool is run + """ + run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=['-x'], + ) + assert self.replicas[0].transport.file_exists(paths.IPA_MIGRATE_LOG) + + def test_ipa_migrate_with_incorrect_bind_pwd(self): + """ + This test checks that ipa-migrate tool fails with incorrect + bind password + """ + ERR_MSG = ( + "IPA to IPA migration starting ...\n" + "Failed to bind to remote server: Insufficient access: " + "Invalid credentials\n" + ) + result = run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + "incorrect_bind_pwd", + extra_args=['-x'], + ) + assert result.returncode == 1 + assert ERR_MSG in result.stderr_text + + def test_ipa_migrate_with_incorrect_bind_dn(self): + """ + This test checks that ipa-migrate tool fails with incorrect + bind dn + """ + ERR_MSG = ( + "IPA to IPA migration starting ...\n" + "Failed to bind to remote server: Insufficient access: " + "Invalid credentials\n" + ) + result = run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Dir Manager", + self.master.config.admin_password, + extra_args=['-x'], + ) + assert result.returncode == 1 + assert ERR_MSG in result.stderr_text + + def test_ipa_migrate_with_invalid_host(self): + """ + This test checks that ipa-migrate tools fails with + invalid host + """ + hostname = "server.invalid.host" + ERR_MSG = ( + "IPA to IPA migration starting ...\n" + "Failed to bind to remote server: cannot connect to " + "'ldap://" + "{}': \n".format(hostname) + ) + result = run_migrate( + self.replicas[0], + "stage-mode", + "server.invalid.host", + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=['-x'], + ) + assert result.returncode == 1 + assert ERR_MSG in result.stderr_text + + def test_dry_run_record_output_ldif(self): + """ + This testcase run ipa-migrate tool with the + -o option which captures the output to ldif file + """ + ldif_file = "/tmp/test.ldif" + param = ['-x', '-o', ldif_file] + run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=param, + ) + assert self.replicas[0].transport.file_exists("/tmp/test.ldif") + + @pytest.fixture() + def empty_log_file(self): + """ + This fixture empties the log file before ipa-migrate tool + is run since the log is appended everytime the tool is run. + """ + self.replicas[0].run_command( + ["truncate", "-s", "0", paths.IPA_MIGRATE_LOG] + ) + yield + + def test_ipa_sigden_plugin_fail_error(self, empty_log_file): + """ + This testcase checks that sidgen plugin fail error is + not seen during migrate prod-mode + """ + SIDGEN_ERR_MSG = "SIDGEN task failed: \n" + run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=['-x'], + ) + error_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert SIDGEN_ERR_MSG not in error_msg + + def test_ipa_migrate_stage_mode_dry_run(self, empty_log_file): + """ + Test ipa-migrate stage mode with dry-run option + """ + tasks.kinit_admin(self.master) + tasks.kinit_admin(self.replicas[0]) + IPA_MIGRATE_STAGE_DRY_RUN_LOG = "--dryrun=True\n" + IPA_SERVER_UPRGADE_LOG = "Skipping ipa-server-upgrade in dryrun mode.\n" + IPA_SKIP_SIDGEN_LOG = "Skipping SIDGEN task in dryrun mode." + result = run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=['-x'], + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert result.returncode == 0 + assert IPA_MIGRATE_STAGE_DRY_RUN_LOG in install_msg + assert IPA_SERVER_UPRGADE_LOG in install_msg + assert IPA_SKIP_SIDGEN_LOG in install_msg + + def test_ipa_migrate_prod_mode_dry_run(self, empty_log_file): + """ + Test ipa-migrate prod mode with dry run option + """ + tasks.kinit_admin(self.master) + tasks.kinit_admin(self.replicas[0]) + IPA_MIGRATE_PROD_DRY_RUN_LOG = "--dryrun=True\n" + IPA_SERVER_UPRGADE_LOG = ( + "Skipping ipa-server-upgrade in dryrun mode.\n" + ) + IPA_SIDGEN_LOG = "Skipping SIDGEN task in dryrun mode.\n" + result = run_migrate( + self.replicas[0], + "prod-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=['-x'], + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert result.returncode == 0 + assert IPA_MIGRATE_PROD_DRY_RUN_LOG in install_msg + assert IPA_SERVER_UPRGADE_LOG in install_msg + assert IPA_SIDGEN_LOG in install_msg + + def test_ipa_migrate_with_skip_schema_option_dry_run(self, empty_log_file): + """ + This test checks that ipa-migrate tool works + with -S(schema) options in stage mode + """ + param = ['-x', '-S'] + tasks.kinit_admin(self.master) + tasks.kinit_admin(self.replicas[0]) + SKIP_SCHEMA_MSG_LOG = "Schema Migration " \ + "(migrated 0 definitions)\n" + run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=param, + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert SKIP_SCHEMA_MSG_LOG in install_msg + + def test_ipa_migrate_with_skip_config_option_dry_run(self, empty_log_file): + """ + This test checks that ipa-migrate tool works + with -C(config) options in stage mode + """ + SKIP_MIGRATION_CONFIG_LOG = "DS Configuration Migration " \ + "(migrated 0 entries)\n" + param = ['-x', '-C'] + tasks.kinit_admin(self.master) + tasks.kinit_admin(self.replicas[0]) + + run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=param, + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert SKIP_MIGRATION_CONFIG_LOG in install_msg + + def test_ipa_migrate_reset_range(self, empty_log_file): + """ + This test checks the reset range option -r + along with prod-mode, since stage-mode this is done + automatically. + """ + param = ['-r', '-n'] + tasks.kinit_admin(self.master) + tasks.kinit_admin(self.replicas[0]) + RESET_RANGE_LOG = "--reset-range=True\n" + run_migrate( + self.replicas[0], + "prod-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=param, + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert RESET_RANGE_LOG in install_msg + + def test_ipa_migrate_stage_mode_dry_override_schema(self, empty_log_file): + """ + This test checks that -O option (override schema) works + in dry mode + """ + param = ['-x', '-O', '-n'] + tasks.kinit_admin(self.master) + tasks.kinit_admin(self.replicas[0]) + SCHEMA_OVERRIDE_LOG = "--schema-overwrite=True\n" + run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=param, + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert SCHEMA_OVERRIDE_LOG in install_msg + + @pytest.mark.xfail( + reason="https://issues.redhat.com/browse/RHEL-45463", strict=True + ) + def test_ipa_migrate_stage_mode(self, empty_log_file): + """ + This test checks that ipa-migrate is successful + in dry run mode + """ + tasks.kinit_admin(self.master) + tasks.kinit_admin(self.replicas[0]) + MIGRATION_SCHEMA_LOG_MSG = "Migrating schema ...\n" + MIGRATION_CONFIG_LOG_MSG = "Migrating configuration ...\n" + IPA_UPGRADE_LOG_MSG = ( + "Running ipa-server-upgrade ... (this make take a while)\n" + ) + SIDGEN_TASK_LOG_MSG = "Running SIDGEN task ...\n" + MIGRATION_COMPLETE_LOG_MSG = "Migration complete!\n" + result = run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=['-n'], + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert result.returncode == 0 + assert MIGRATION_SCHEMA_LOG_MSG in install_msg + assert MIGRATION_CONFIG_LOG_MSG in install_msg + assert IPA_UPGRADE_LOG_MSG in install_msg + assert SIDGEN_TASK_LOG_MSG in install_msg + assert MIGRATION_COMPLETE_LOG_MSG in install_msg + + def test_ipa_migrate_prod_mode(self, empty_log_file): + """ + This test checks that ipa-migrate is successful + in prod run mode + """ + tasks.kinit_admin(self.master) + tasks.kinit_admin(self.replicas[0]) + MIGRATION_SCHEMA_LOG_MSG = "Migrating schema ...\n" + MIGRATION_DATABASE_LOG_MSG = ( + "Migrating database ... (this make take a while)\n" + ) + IPA_UPGRADE_LOG_MSG = ( + "Running ipa-server-upgrade ... (this make take a while)\n" + ) + SIDGEN_TASK_LOG_MSG = "Running SIDGEN task ...\n" + result = run_migrate( + self.replicas[0], + "prod-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=['-n'], + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert result.returncode == 0 + assert MIGRATION_SCHEMA_LOG_MSG in install_msg + assert MIGRATION_DATABASE_LOG_MSG in install_msg + assert IPA_UPGRADE_LOG_MSG in install_msg + assert SIDGEN_TASK_LOG_MSG in install_msg + + def test_ipa_migrate_with_bind_pwd_file_option(self, empty_log_file): + """ + This testcase checks that ipa-migrate tool + works with valid bind_pwd specified in a file using '-j' + option + """ + DEBUG_MSG = "--bind-pw-file=/tmp/pwd.txt\n" + bind_pwd_file = "/tmp/pwd.txt" + bind_pwd_file_content = self.master.config.admin_password + self.replicas[0].put_file_contents( + bind_pwd_file, bind_pwd_file_content + ) + param = ['-j', bind_pwd_file, '-x'] + result = run_migrate( + host=self.replicas[0], + mode="stage-mode", + remote_host=self.master.hostname, + bind_dn="cn=Directory Manager", + bind_pwd=None, + extra_args=param, + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert DEBUG_MSG in install_msg + assert result.returncode == 0 + + def test_ipa_migrate_using_db_ldif(self): + """ + This test checks that ipa-migrate tool + works with db ldif file using -C option + """ + DB_LDIF_LOG = "--db-ldif=/tmp/dse.ldif\n" + tasks.kinit_admin(self.master) + tasks.kinit_admin(self.replicas[0]) + ldif_file_path = "/tmp/dse.ldif" + param = ["-f", ldif_file_path, "-n", "-x"] + realm_name = self.master.domain.realm + base_dn = str(self.master.domain.basedn) + dse_ldif = textwrap.dedent( + f""" + dn: cn={realm_name},cn=kerberos,{base_dn} + cn: {realm_name} + objectClass: top + objectClass: krbrealmcontainer + """ + ).format( + realm_name=self.master.domain.realm, + base_dn=str(self.master.domain.basedn), + ) + self.replicas[0].put_file_contents(ldif_file_path, dse_ldif) + result = run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=param, + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert result.returncode == 0 + assert DB_LDIF_LOG in install_msg + + def test_ipa_migrate_using_invalid_dbldif_file(self): + """ + This testcase checks that proper error msg is + displayed when invalid ldif file without realm is used + as input to schema config option -f + """ + ERR_MSG = ( + "IPA to IPA migration starting ...\n" + "Unable to find realm from remote LDIF\n" + ) + tasks.kinit_admin(self.master) + tasks.kinit_admin(self.replicas[0]) + base_dn = str(self.master.domain.basedn) + ldif_file = "/tmp/ldif_file" + param = ["-f", ldif_file, "-n", "-x"] + dse_ldif = textwrap.dedent( + """ + version: 1 + dn: cn=schema,{} + + """ + ).format(base_dn) + self.replicas[0].put_file_contents(ldif_file, dse_ldif) + result = run_migrate( + self.replicas[0], + "prod-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=param, + ) + assert result.returncode == 2 + assert ERR_MSG in result.stderr_text + + def test_ipa_migrate_subtree_option(self): + """ + This testcase checks the subtree option + -s along with the ipa-migrate command + """ + base_dn = str(self.master.domain.basedn) + subtree = 'cn=security,{}'.format(base_dn) + params = ['-s', subtree, '-n', '-x'] + base_dn = str(self.master.domain.basedn) + CUSTOM_SUBTREE_LOG = ( + "Add db entry 'cn=security,{} - custom'" + ).format(base_dn) + dse_ldif = textwrap.dedent( + """ + dn: cn=security,{base_dn} + changetype: add + objectClass:top + objectClass: nscontainer + """ + ).format(base_dn=base_dn) + tasks.ldapmodify_dm(self.master, dse_ldif) + result = run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=params, + ) + assert result.returncode == 0 + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert CUSTOM_SUBTREE_LOG in install_msg + + @pytest.fixture() + def modify_dns_zone(self): + zone_name = 'ipatest.test' + self.master.run_command( + ["ipa", "dnszone-add", zone_name, "--force"] + ) + yield + self.replicas[0].run_command( + ["ipa", "dnszone-del", zone_name] + ) + + def test_ipa_migrate_dns_option(self, modify_dns_zone): + """ + This testcase checks that when migrate dns option + -B is used the dns entry is migrated to the + local host. + """ + zone_name = "ipatest.test." + base_dn = str(self.master.domain.basedn) + DNS_LOG1 = "--migrate-dns=True\n" + DNS_LOG2 = ( + "DEBUG Added entry: idnsname={},cn=dns,{}\n" + ).format(zone_name, base_dn) + DNS_LOG3 = ( + "DEBUG Added entry: idnsname=_kerberos," + "idnsname={},cn=dns,{}\n" + ).format(zone_name, base_dn) + params = ["-B", "-n"] + run_migrate( + self.replicas[0], + "prod-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=params, + ) + result = self.replicas[0].run_command(["ipa", "dnszone-find"]) + assert "Zone name: ipatest.test." in result.stdout_text + install_msg = self.replicas[0].get_file_contents( + paths.IPA_MIGRATE_LOG, encoding="utf-8" + ) + assert DNS_LOG1 in install_msg + assert DNS_LOG2 in install_msg + assert DNS_LOG3 in install_msg + + @pytest.mark.xfail(reason="https://issues.redhat.com/browse/RHEL-46003", + strict=True) + def test_ipa_migrate_version_option(self): + """ + This testcase checks the version of + the ipa-migrate tool using -v option + """ + CONSOLE_LOG = ( + "ipa-migrate: error: the following arguments are " + "required: mode, hostname" + ) + result = self.master.run_command(["ipa-migrate", "-V"]) + assert result.returncode == 0 + assert CONSOLE_LOG not in result.stderr_text + + def test_ipa_migrate_with_log_file_option(self): + """ + This testcase checks that log file is created + with -l option + """ + custom_log_file = "/tmp/test.log" + params = ['-x', '-n', '-l', custom_log_file] + run_migrate( + self.replicas[0], + "stage-mode", + self.master.hostname, + "cn=Directory Manager", + self.master.config.admin_password, + extra_args=params, + ) + assert self.replicas[0].transport.file_exists(custom_log_file) -- 2.45.2