ipa/0011-ipatests-Tests-for-ipa-ipa-migration-tool.patch
Florence Blanc-Renaud d0ca280108 ipa-4.12.0-5
- Resolves: RHEL-37285 IPA Web UI not showing replication agreement for non-admin users
- Resolves: RHEL-42703 PSKC.xml issues with ipa_otptoken_import.py
- Resolves: RHEL-41194 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed
- Resolves: RHEL-39477 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica
- Resolves: RHEL-46559 Include latest fixes in python3-ipatests packages
- Resolves: RHEL-22188 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
2024-07-08 18:35:11 +02:00

918 lines
29 KiB
Diff

From 90b22ff888cc55132c78024d08ffcf0ce8021cea Mon Sep 17 00:00:00 2001
From: Sudhir Menon <sumenon@redhat.com>
Date: Tue, 25 Jun 2024 11:00:28 +0530
Subject: [PATCH] ipatests: Tests for ipa-ipa migration tool
This patch includes tests for ipa-ipa migration
tool
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Mark Reynolds <mreynolds@redhat.com>
---
ipaplatform/base/paths.py | 1 +
.../test_ipa_ipa_migration.py | 879 ++++++++++++++++++
2 files changed, 880 insertions(+)
create mode 100644 ipatests/test_integration/test_ipa_ipa_migration.py
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 2b0fc6b5aa954a1018f602605eb0cdcebcee0592..b339d2202f440e0277d50073060f4a3b55e312fe 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -425,6 +425,7 @@ class BasePathNamespace:
IPA_CUSTODIA_HANDLER = "/usr/libexec/ipa/custodia"
IPA_CUSTODIA_CHECK = "/usr/libexec/ipa/ipa-custodia-check"
IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab'
+ IPA_MIGRATE_LOG = '/var/log/ipa-migrate.log'
EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d'
GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf'
KRB5CC_HTTPD = '/tmp/krb5cc-httpd'
diff --git a/ipatests/test_integration/test_ipa_ipa_migration.py b/ipatests/test_integration/test_ipa_ipa_migration.py
new file mode 100644
index 0000000000000000000000000000000000000000..7e2d4a34216f6cf168f15dda10ce10538a3c3cb9
--- /dev/null
+++ b/ipatests/test_integration/test_ipa_ipa_migration.py
@@ -0,0 +1,879 @@
+# Copyright (C) 2020 FreeIPA Contributors see COPYING for license
+#
+
+"""
+Tests to verify ipa-migrate tool.
+"""
+
+from __future__ import absolute_import
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.pytest_ipa.integration import tasks
+from ipaplatform.paths import paths
+
+import pytest
+import textwrap
+
+
+def prepare_ipa_server(master):
+ """
+ Setup remote IPA server environment
+ """
+ # Setup IPA users
+ for i in range(1, 5):
+ master.run_command(
+ [
+ "ipa",
+ "user-add",
+ "testuser%d" % i,
+ "--first",
+ "Test",
+ "--last",
+ "User%d" % i,
+ ]
+ )
+
+ # Setup IPA group
+ master.run_command(["ipa", "group-add", "testgroup"])
+
+ # Add respective members to each group
+ master.run_command(
+ ["ipa", "group-add-member", "testgroup", "--users=testuser1"]
+ )
+
+ # Adding stage user
+ master.run_command(
+ [
+ "ipa",
+ "stageuser-add",
+ "--first=Tim",
+ "--last=User",
+ "--password",
+ "tuser1",
+ ]
+ )
+
+ # Add Custom idrange
+ master.run_command(
+ [
+ "ipa",
+ "idrange-add",
+ "testrange",
+ "--base-id=10000",
+ "--range-size=10000",
+ "--rid-base=300000",
+ "--secondary-rid-base=400000",
+ ]
+ )
+
+ # Add Automount locations and maps
+ master.run_command(["ipa", "automountlocation-add", "baltimore"])
+ master.run_command(["ipa", "automountmap-add", "baltimore", "auto.share"])
+ master.run_command(
+ [
+ "ipa",
+ "automountmap-add-indirect",
+ "baltimore",
+ "--parentmap=auto.share",
+ "--mount=sub auto.man",
+ ]
+ )
+ master.run_command(
+ [
+ "ipa",
+ "automountkey-add",
+ "baltimore",
+ "auto.master",
+ "--key=/share",
+ "--info=auto.share",
+ ]
+ )
+
+ # Run ipa-adtrust-install
+ master.run_command(["dnf", "install", "-y", "ipa-server-trust-ad"])
+ master.run_command(
+ [
+ "ipa-adtrust-install",
+ "-a",
+ master.config.admin_password,
+ "--add-sids",
+ "-U",
+ ]
+ )
+
+ # Generate subids for users
+ master.run_command(["ipa", "subid-generate", "--owner=testuser1"])
+ master.run_command(["ipa", "subid-generate", "--owner=admin"])
+
+ # Add Sudo rules
+ master.run_command(["ipa", "sudorule-add", "readfiles"])
+ master.run_command(["ipa", "sudocmd-add", "/usr/bin/less"])
+ master.run_command(
+ [
+ "ipa",
+ "sudorule-add-allow-command",
+ "readfiles",
+ "--sudocmds",
+ "/usr/bin/less",
+ ]
+ )
+ master.run_command(
+ [
+ "ipa",
+ "sudorule-add-host",
+ "readfiles",
+ "--hosts",
+ "server.example.com",
+ ]
+ )
+ master.run_command(
+ ["ipa", "sudorule-add-user", "readfiles", "--users", "testuser1"]
+ )
+
+ # Add Custom CA
+ master.run_command(
+ [
+ "ipa",
+ "ca-add",
+ "puppet",
+ "--desc",
+ '"Puppet"',
+ "--subject",
+ "CN=Puppet CA,O=TESTRELM.TEST",
+ ]
+ )
+
+ # Add ipa roles and add privileges to the role
+ master.run_command(
+ ["ipa", "role-add", "--desc=Junior-level admin", "junioradmin"]
+ )
+ master.run_command(
+ [
+ "ipa",
+ "role-add-privilege",
+ "--privileges=User Administrators",
+ "junioradmin",
+ ]
+ )
+
+ # Add permission
+ master.run_command(
+ [
+ "ipa",
+ "permission-add",
+ "--type=user",
+ "--permissions=add",
+ "Add Users",
+ ]
+ )
+
+ # Add otp token for testuser1
+ master.run_command(
+ [
+ "ipa",
+ "otptoken-add",
+ "--type=totp",
+ "--owner=testuser1",
+ '--desc="My soft token',
+ ]
+ )
+
+ # Add a netgroup and user to the netgroup
+ master.run_command(
+ ["ipa", "netgroup-add", '--desc="NFS admins"', "admins"]
+ )
+ master.run_command(
+ ["ipa", "netgroup-add-member", "--users=testuser2", "admins"]
+ )
+
+ # Set krbpolicy policy
+ master.run_command(
+ ["ipa", "krbtpolicy-mod", "--maxlife=99999", "--maxrenew=99999"]
+ )
+ master.run_command(["ipa", "krbtpolicy-mod", "admin", "--maxlife=9600"])
+
+ # Add IPA location
+ master.run_command(
+ ["ipa", "location-add", "location", "--description", "My location"]
+ )
+
+ # Add idviews and overrides
+ master.run_command(["ipa", "idview-add", "idview1"])
+ master.run_command(["ipa", "idoverrideuser-add", "idview1", "testuser1"])
+ master.run_command(
+ [
+ "ipa",
+ "idoverrideuser-mod",
+ "idview1",
+ "testuser1",
+ "--shell=/bin/sh",
+ ]
+ )
+
+ # Add DNSzone
+ master.run_command(
+ [
+ "ipa",
+ "dnszone-add",
+ "example.test",
+ "--admin-email=admin@example.test",
+ ]
+ )
+ master.run_command(
+ ["ipa", "dnszone-mod", "example.test", "--dynamic-update=TRUE"]
+ )
+
+ # Add hbac rule
+ master.run_command(["ipa", "hbacrule-add", "--usercat=all", "test1"])
+ master.run_command(
+ ["ipa", "hbacrule-add", "--hostcat=all", "testuser_sshd"]
+ )
+ master.run_command(
+ ["ipa", "hbacrule-add-user", "--users=testuser1", "testuser_sshd"]
+ )
+ master.run_command(
+ ["ipa", "hbacrule-add-service", "--hbacsvcs=sshd", "testuser_sshd"]
+ )
+
+ # Vault addition
+ master.run_command(
+ [
+ "ipa",
+ "vault-add",
+ "--password",
+ "vault1234",
+ "--type",
+ "symmetric",
+ ]
+ )
+
+ # Add Selinuxusermap
+ master.run_command(
+ [
+ "ipa",
+ "selinuxusermap-add",
+ "--usercat=all",
+ "--selinuxuser=xguest_u:s0",
+ "test1",
+ ]
+ )
+
+ # Modify passkeyconfig
+ master.run_command(
+ ["ipa", "passkeyconfig-mod", "--require-user-verification=FALSE"]
+ )
+
+
+def run_migrate(
+ host, mode, remote_host, bind_dn=None, bind_pwd=None, extra_args=None
+):
+ """
+ ipa-migrate tool command
+ """
+ cmd = ["ipa-migrate"]
+ if mode:
+ cmd.append(mode)
+ if remote_host:
+ cmd.append(remote_host)
+ if bind_dn:
+ cmd.append("-D")
+ cmd.append(bind_dn)
+ if bind_pwd:
+ cmd.append("-w")
+ cmd.append(bind_pwd)
+ if extra_args:
+ for arg in extra_args:
+ cmd.append(arg)
+ result = host.run_command(cmd, raiseonerr=False)
+ return result
+
+
+class TestIPAMigrateScenario1(IntegrationTest):
+ """
+ Tier-1 tests for ipa-migrate tool with DNS enabled on
+ local and remote server
+ """
+
+ num_replicas = 1
+ num_clients = 1
+ topology = "line"
+
+ @classmethod
+ def install(cls, mh):
+ tasks.install_master(cls.master, setup_dns=True, setup_kra=True)
+ prepare_ipa_server(cls.master)
+ tasks.install_client(cls.master, cls.clients[0], nameservers=None)
+
+ def test_remote_server(self):
+ """
+ This test installs IPA server instead of replica on
+ system under test with the same realm and domain name.
+ """
+ tasks.install_master(self.replicas[0], setup_dns=True, setup_kra=True)
+
+ def test_ipa_migrate_without_kinit_as_admin(self):
+ """
+ This test checks that ipa-migrate tool displays
+ error when kerberos ticket is missing for admin
+ """
+ self.replicas[0].run_command(["kdestroy", "-A"])
+ KINIT_ERR_MSG = "ipa: ERROR: Did not receive Kerberos credentials\n"
+ result = run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=['-x'],
+ )
+ assert result.returncode == 1
+ assert KINIT_ERR_MSG in result.stderr_text
+ tasks.kinit_admin(self.replicas[0])
+
+ def test_ipa_migrate_log_file_is_created(self):
+ """
+ This test checks that ipa-migrate.log file is created when ipa-migrate
+ tool is run
+ """
+ run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=['-x'],
+ )
+ assert self.replicas[0].transport.file_exists(paths.IPA_MIGRATE_LOG)
+
+ def test_ipa_migrate_with_incorrect_bind_pwd(self):
+ """
+ This test checks that ipa-migrate tool fails with incorrect
+ bind password
+ """
+ ERR_MSG = (
+ "IPA to IPA migration starting ...\n"
+ "Failed to bind to remote server: Insufficient access: "
+ "Invalid credentials\n"
+ )
+ result = run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ "incorrect_bind_pwd",
+ extra_args=['-x'],
+ )
+ assert result.returncode == 1
+ assert ERR_MSG in result.stderr_text
+
+ def test_ipa_migrate_with_incorrect_bind_dn(self):
+ """
+ This test checks that ipa-migrate tool fails with incorrect
+ bind dn
+ """
+ ERR_MSG = (
+ "IPA to IPA migration starting ...\n"
+ "Failed to bind to remote server: Insufficient access: "
+ "Invalid credentials\n"
+ )
+ result = run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Dir Manager",
+ self.master.config.admin_password,
+ extra_args=['-x'],
+ )
+ assert result.returncode == 1
+ assert ERR_MSG in result.stderr_text
+
+ def test_ipa_migrate_with_invalid_host(self):
+ """
+ This test checks that ipa-migrate tools fails with
+ invalid host
+ """
+ hostname = "server.invalid.host"
+ ERR_MSG = (
+ "IPA to IPA migration starting ...\n"
+ "Failed to bind to remote server: cannot connect to "
+ "'ldap://"
+ "{}': \n".format(hostname)
+ )
+ result = run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ "server.invalid.host",
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=['-x'],
+ )
+ assert result.returncode == 1
+ assert ERR_MSG in result.stderr_text
+
+ def test_dry_run_record_output_ldif(self):
+ """
+ This testcase run ipa-migrate tool with the
+ -o option which captures the output to ldif file
+ """
+ ldif_file = "/tmp/test.ldif"
+ param = ['-x', '-o', ldif_file]
+ run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=param,
+ )
+ assert self.replicas[0].transport.file_exists("/tmp/test.ldif")
+
+ @pytest.fixture()
+ def empty_log_file(self):
+ """
+ This fixture empties the log file before ipa-migrate tool
+ is run since the log is appended everytime the tool is run.
+ """
+ self.replicas[0].run_command(
+ ["truncate", "-s", "0", paths.IPA_MIGRATE_LOG]
+ )
+ yield
+
+ def test_ipa_sigden_plugin_fail_error(self, empty_log_file):
+ """
+ This testcase checks that sidgen plugin fail error is
+ not seen during migrate prod-mode
+ """
+ SIDGEN_ERR_MSG = "SIDGEN task failed: \n"
+ run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=['-x'],
+ )
+ error_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert SIDGEN_ERR_MSG not in error_msg
+
+ def test_ipa_migrate_stage_mode_dry_run(self, empty_log_file):
+ """
+ Test ipa-migrate stage mode with dry-run option
+ """
+ tasks.kinit_admin(self.master)
+ tasks.kinit_admin(self.replicas[0])
+ IPA_MIGRATE_STAGE_DRY_RUN_LOG = "--dryrun=True\n"
+ IPA_SERVER_UPRGADE_LOG = "Skipping ipa-server-upgrade in dryrun mode.\n"
+ IPA_SKIP_SIDGEN_LOG = "Skipping SIDGEN task in dryrun mode."
+ result = run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=['-x'],
+ )
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert result.returncode == 0
+ assert IPA_MIGRATE_STAGE_DRY_RUN_LOG in install_msg
+ assert IPA_SERVER_UPRGADE_LOG in install_msg
+ assert IPA_SKIP_SIDGEN_LOG in install_msg
+
+ def test_ipa_migrate_prod_mode_dry_run(self, empty_log_file):
+ """
+ Test ipa-migrate prod mode with dry run option
+ """
+ tasks.kinit_admin(self.master)
+ tasks.kinit_admin(self.replicas[0])
+ IPA_MIGRATE_PROD_DRY_RUN_LOG = "--dryrun=True\n"
+ IPA_SERVER_UPRGADE_LOG = (
+ "Skipping ipa-server-upgrade in dryrun mode.\n"
+ )
+ IPA_SIDGEN_LOG = "Skipping SIDGEN task in dryrun mode.\n"
+ result = run_migrate(
+ self.replicas[0],
+ "prod-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=['-x'],
+ )
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert result.returncode == 0
+ assert IPA_MIGRATE_PROD_DRY_RUN_LOG in install_msg
+ assert IPA_SERVER_UPRGADE_LOG in install_msg
+ assert IPA_SIDGEN_LOG in install_msg
+
+ def test_ipa_migrate_with_skip_schema_option_dry_run(self, empty_log_file):
+ """
+ This test checks that ipa-migrate tool works
+ with -S(schema) options in stage mode
+ """
+ param = ['-x', '-S']
+ tasks.kinit_admin(self.master)
+ tasks.kinit_admin(self.replicas[0])
+ SKIP_SCHEMA_MSG_LOG = "Schema Migration " \
+ "(migrated 0 definitions)\n"
+ run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=param,
+ )
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert SKIP_SCHEMA_MSG_LOG in install_msg
+
+ def test_ipa_migrate_with_skip_config_option_dry_run(self, empty_log_file):
+ """
+ This test checks that ipa-migrate tool works
+ with -C(config) options in stage mode
+ """
+ SKIP_MIGRATION_CONFIG_LOG = "DS Configuration Migration " \
+ "(migrated 0 entries)\n"
+ param = ['-x', '-C']
+ tasks.kinit_admin(self.master)
+ tasks.kinit_admin(self.replicas[0])
+
+ run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=param,
+ )
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert SKIP_MIGRATION_CONFIG_LOG in install_msg
+
+ def test_ipa_migrate_reset_range(self, empty_log_file):
+ """
+ This test checks the reset range option -r
+ along with prod-mode, since stage-mode this is done
+ automatically.
+ """
+ param = ['-r', '-n']
+ tasks.kinit_admin(self.master)
+ tasks.kinit_admin(self.replicas[0])
+ RESET_RANGE_LOG = "--reset-range=True\n"
+ run_migrate(
+ self.replicas[0],
+ "prod-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=param,
+ )
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert RESET_RANGE_LOG in install_msg
+
+ def test_ipa_migrate_stage_mode_dry_override_schema(self, empty_log_file):
+ """
+ This test checks that -O option (override schema) works
+ in dry mode
+ """
+ param = ['-x', '-O', '-n']
+ tasks.kinit_admin(self.master)
+ tasks.kinit_admin(self.replicas[0])
+ SCHEMA_OVERRIDE_LOG = "--schema-overwrite=True\n"
+ run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=param,
+ )
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert SCHEMA_OVERRIDE_LOG in install_msg
+
+ @pytest.mark.xfail(
+ reason="https://issues.redhat.com/browse/RHEL-45463", strict=True
+ )
+ def test_ipa_migrate_stage_mode(self, empty_log_file):
+ """
+ This test checks that ipa-migrate is successful
+ in dry run mode
+ """
+ tasks.kinit_admin(self.master)
+ tasks.kinit_admin(self.replicas[0])
+ MIGRATION_SCHEMA_LOG_MSG = "Migrating schema ...\n"
+ MIGRATION_CONFIG_LOG_MSG = "Migrating configuration ...\n"
+ IPA_UPGRADE_LOG_MSG = (
+ "Running ipa-server-upgrade ... (this make take a while)\n"
+ )
+ SIDGEN_TASK_LOG_MSG = "Running SIDGEN task ...\n"
+ MIGRATION_COMPLETE_LOG_MSG = "Migration complete!\n"
+ result = run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=['-n'],
+ )
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert result.returncode == 0
+ assert MIGRATION_SCHEMA_LOG_MSG in install_msg
+ assert MIGRATION_CONFIG_LOG_MSG in install_msg
+ assert IPA_UPGRADE_LOG_MSG in install_msg
+ assert SIDGEN_TASK_LOG_MSG in install_msg
+ assert MIGRATION_COMPLETE_LOG_MSG in install_msg
+
+ def test_ipa_migrate_prod_mode(self, empty_log_file):
+ """
+ This test checks that ipa-migrate is successful
+ in prod run mode
+ """
+ tasks.kinit_admin(self.master)
+ tasks.kinit_admin(self.replicas[0])
+ MIGRATION_SCHEMA_LOG_MSG = "Migrating schema ...\n"
+ MIGRATION_DATABASE_LOG_MSG = (
+ "Migrating database ... (this make take a while)\n"
+ )
+ IPA_UPGRADE_LOG_MSG = (
+ "Running ipa-server-upgrade ... (this make take a while)\n"
+ )
+ SIDGEN_TASK_LOG_MSG = "Running SIDGEN task ...\n"
+ result = run_migrate(
+ self.replicas[0],
+ "prod-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=['-n'],
+ )
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert result.returncode == 0
+ assert MIGRATION_SCHEMA_LOG_MSG in install_msg
+ assert MIGRATION_DATABASE_LOG_MSG in install_msg
+ assert IPA_UPGRADE_LOG_MSG in install_msg
+ assert SIDGEN_TASK_LOG_MSG in install_msg
+
+ def test_ipa_migrate_with_bind_pwd_file_option(self, empty_log_file):
+ """
+ This testcase checks that ipa-migrate tool
+ works with valid bind_pwd specified in a file using '-j'
+ option
+ """
+ DEBUG_MSG = "--bind-pw-file=/tmp/pwd.txt\n"
+ bind_pwd_file = "/tmp/pwd.txt"
+ bind_pwd_file_content = self.master.config.admin_password
+ self.replicas[0].put_file_contents(
+ bind_pwd_file, bind_pwd_file_content
+ )
+ param = ['-j', bind_pwd_file, '-x']
+ result = run_migrate(
+ host=self.replicas[0],
+ mode="stage-mode",
+ remote_host=self.master.hostname,
+ bind_dn="cn=Directory Manager",
+ bind_pwd=None,
+ extra_args=param,
+ )
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert DEBUG_MSG in install_msg
+ assert result.returncode == 0
+
+ def test_ipa_migrate_using_db_ldif(self):
+ """
+ This test checks that ipa-migrate tool
+ works with db ldif file using -C option
+ """
+ DB_LDIF_LOG = "--db-ldif=/tmp/dse.ldif\n"
+ tasks.kinit_admin(self.master)
+ tasks.kinit_admin(self.replicas[0])
+ ldif_file_path = "/tmp/dse.ldif"
+ param = ["-f", ldif_file_path, "-n", "-x"]
+ realm_name = self.master.domain.realm
+ base_dn = str(self.master.domain.basedn)
+ dse_ldif = textwrap.dedent(
+ f"""
+ dn: cn={realm_name},cn=kerberos,{base_dn}
+ cn: {realm_name}
+ objectClass: top
+ objectClass: krbrealmcontainer
+ """
+ ).format(
+ realm_name=self.master.domain.realm,
+ base_dn=str(self.master.domain.basedn),
+ )
+ self.replicas[0].put_file_contents(ldif_file_path, dse_ldif)
+ result = run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=param,
+ )
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert result.returncode == 0
+ assert DB_LDIF_LOG in install_msg
+
+ def test_ipa_migrate_using_invalid_dbldif_file(self):
+ """
+ This testcase checks that proper error msg is
+ displayed when invalid ldif file without realm is used
+ as input to schema config option -f
+ """
+ ERR_MSG = (
+ "IPA to IPA migration starting ...\n"
+ "Unable to find realm from remote LDIF\n"
+ )
+ tasks.kinit_admin(self.master)
+ tasks.kinit_admin(self.replicas[0])
+ base_dn = str(self.master.domain.basedn)
+ ldif_file = "/tmp/ldif_file"
+ param = ["-f", ldif_file, "-n", "-x"]
+ dse_ldif = textwrap.dedent(
+ """
+ version: 1
+ dn: cn=schema,{}
+
+ """
+ ).format(base_dn)
+ self.replicas[0].put_file_contents(ldif_file, dse_ldif)
+ result = run_migrate(
+ self.replicas[0],
+ "prod-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=param,
+ )
+ assert result.returncode == 2
+ assert ERR_MSG in result.stderr_text
+
+ def test_ipa_migrate_subtree_option(self):
+ """
+ This testcase checks the subtree option
+ -s along with the ipa-migrate command
+ """
+ base_dn = str(self.master.domain.basedn)
+ subtree = 'cn=security,{}'.format(base_dn)
+ params = ['-s', subtree, '-n', '-x']
+ base_dn = str(self.master.domain.basedn)
+ CUSTOM_SUBTREE_LOG = (
+ "Add db entry 'cn=security,{} - custom'"
+ ).format(base_dn)
+ dse_ldif = textwrap.dedent(
+ """
+ dn: cn=security,{base_dn}
+ changetype: add
+ objectClass:top
+ objectClass: nscontainer
+ """
+ ).format(base_dn=base_dn)
+ tasks.ldapmodify_dm(self.master, dse_ldif)
+ result = run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=params,
+ )
+ assert result.returncode == 0
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert CUSTOM_SUBTREE_LOG in install_msg
+
+ @pytest.fixture()
+ def modify_dns_zone(self):
+ zone_name = 'ipatest.test'
+ self.master.run_command(
+ ["ipa", "dnszone-add", zone_name, "--force"]
+ )
+ yield
+ self.replicas[0].run_command(
+ ["ipa", "dnszone-del", zone_name]
+ )
+
+ def test_ipa_migrate_dns_option(self, modify_dns_zone):
+ """
+ This testcase checks that when migrate dns option
+ -B is used the dns entry is migrated to the
+ local host.
+ """
+ zone_name = "ipatest.test."
+ base_dn = str(self.master.domain.basedn)
+ DNS_LOG1 = "--migrate-dns=True\n"
+ DNS_LOG2 = (
+ "DEBUG Added entry: idnsname={},cn=dns,{}\n"
+ ).format(zone_name, base_dn)
+ DNS_LOG3 = (
+ "DEBUG Added entry: idnsname=_kerberos,"
+ "idnsname={},cn=dns,{}\n"
+ ).format(zone_name, base_dn)
+ params = ["-B", "-n"]
+ run_migrate(
+ self.replicas[0],
+ "prod-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=params,
+ )
+ result = self.replicas[0].run_command(["ipa", "dnszone-find"])
+ assert "Zone name: ipatest.test." in result.stdout_text
+ install_msg = self.replicas[0].get_file_contents(
+ paths.IPA_MIGRATE_LOG, encoding="utf-8"
+ )
+ assert DNS_LOG1 in install_msg
+ assert DNS_LOG2 in install_msg
+ assert DNS_LOG3 in install_msg
+
+ @pytest.mark.xfail(reason="https://issues.redhat.com/browse/RHEL-46003",
+ strict=True)
+ def test_ipa_migrate_version_option(self):
+ """
+ This testcase checks the version of
+ the ipa-migrate tool using -v option
+ """
+ CONSOLE_LOG = (
+ "ipa-migrate: error: the following arguments are "
+ "required: mode, hostname"
+ )
+ result = self.master.run_command(["ipa-migrate", "-V"])
+ assert result.returncode == 0
+ assert CONSOLE_LOG not in result.stderr_text
+
+ def test_ipa_migrate_with_log_file_option(self):
+ """
+ This testcase checks that log file is created
+ with -l option
+ """
+ custom_log_file = "/tmp/test.log"
+ params = ['-x', '-n', '-l', custom_log_file]
+ run_migrate(
+ self.replicas[0],
+ "stage-mode",
+ self.master.hostname,
+ "cn=Directory Manager",
+ self.master.config.admin_password,
+ extra_args=params,
+ )
+ assert self.replicas[0].transport.file_exists(custom_log_file)
--
2.45.2