c8a18bb46d
- Related: RHEL-59788 Rebase Samba to the latest 4.21.x release - Fixes: RHEL-61642 Uninstall ACME separately during PKI uninstallation - Fixes: RHEL-56963 SSSD offline causing test-adtrust-install failure - Fixes: RHEL-56473 Include latest fixes in python3-ipatests packages - Fixes: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode - Fixes: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges - Fixes: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode - Fixes: RHEL-4915 Last expired OTP token would be c Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
62 lines
2.2 KiB
Diff
62 lines
2.2 KiB
Diff
From 7f4e7e1d6a2ae9d05a2dfcf620f4df07d09d9d2b Mon Sep 17 00:00:00 2001
|
|
From: Sudhir Menon <sumenon@redhat.com>
|
|
Date: Thu, 3 Oct 2024 18:45:31 +0530
|
|
Subject: [PATCH] ipatests: Test for ipa hbac rule duplication
|
|
|
|
This test checks that ipa-migrate is not creating duplicate default hbac rules
|
|
for allow_all and allow_systemd-user rules.
|
|
|
|
Related: https://pagure.io/freeipa/issue/9640
|
|
|
|
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
|
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
|
---
|
|
.../test_ipa_ipa_migration.py | 26 +++++++++++++++++++
|
|
1 file changed, 26 insertions(+)
|
|
|
|
diff --git a/ipatests/test_integration/test_ipa_ipa_migration.py b/ipatests/test_integration/test_ipa_ipa_migration.py
|
|
index 288165e8a83a96e6f6bd4e52866f98617f497c56..70c268951a0d7e40806742b16e62b764b2bae37b 100644
|
|
--- a/ipatests/test_integration/test_ipa_ipa_migration.py
|
|
+++ b/ipatests/test_integration/test_ipa_ipa_migration.py
|
|
@@ -9,6 +9,7 @@ from __future__ import absolute_import
|
|
from ipatests.test_integration.base import IntegrationTest
|
|
from ipatests.pytest_ipa.integration import tasks
|
|
from ipaplatform.paths import paths
|
|
+from collections import Counter
|
|
|
|
import pytest
|
|
import textwrap
|
|
@@ -920,3 +921,28 @@ class TestIPAMigrateScenario1(IntegrationTest):
|
|
)
|
|
assert result.returncode == 1
|
|
assert ERR_MSG in result.stderr_text
|
|
+
|
|
+ def test_ipa_hbac_rule_duplication(self):
|
|
+ """
|
|
+ This testcase checks that default hbac rules
|
|
+ are not duplicated on the local server when
|
|
+ ipa-migrate command is run.
|
|
+ """
|
|
+ run_migrate(
|
|
+ self.replicas[0],
|
|
+ "prod-mode",
|
|
+ self.master.hostname,
|
|
+ "cn=Directory Manager",
|
|
+ self.master.config.admin_password,
|
|
+ extra_args=['-n']
|
|
+ )
|
|
+ result = self.replicas[0].run_command(
|
|
+ ['ipa', 'hbacrule-find']
|
|
+ )
|
|
+ lines = result.stdout_text.splitlines()
|
|
+ line = []
|
|
+ for i in lines:
|
|
+ line.append(i.strip())
|
|
+ count = Counter(line)
|
|
+ assert count.get('Rule name: allow_all') < 2
|
|
+ assert count.get('Rule name: allow_systemd-user') < 2
|
|
--
|
|
2.46.2
|
|
|