WIP: Add a test of FreeIPA realm join using gnome-initial-setup

Signed-off-by: Adam Williamson <awilliam@redhat.com>

lib/utils.pm

@@ -819,16 +819,45 @@ sub gnome_initial_setup {
     }
     send_key "ret";
     if ($args{prelogin}) {
-        # create user
-        my $user_login = get_var("USER_LOGIN") || "test";
-        my $user_password = get_var("USER_PASSWORD") || "weakpassword";
-        type_very_safely $user_login;
-        wait_screen_change { assert_and_click "next_button"; };
-        type_very_safely $user_password;
-        send_key "tab";
-        type_very_safely $user_password;
-        wait_screen_change { assert_and_click "next_button"; };
-        send_key "ret";
+        my $completetime = 30;
+        if ($args{freeipa}) {
+            my @chars = ("A".."Z", "a".."z");
+            my $randomhostname;
+            $randomhostname .= $chars[rand @chars] for 1..8;
+            assert_and_click "initial_setup_enterprise";
+            type_very_safely "demo1.freeipa.org";
+            send_key "tab";
+            wait_still_screen 3;
+            type_very_safely "employee";
+            send_key "tab";
+            wait_still_screen 3;
+            type_very_safely "Secret123";
+            assert_and_click "next_button";
+            assert_and_click "initial_setup_enterprise_computer";
+            type_very_safely "$randomhostname.demo1.freeipa.org";
+            send_key "tab";
+            wait_still_screen 3;
+            type_very_safely "admin";
+            send_key "tab";
+            wait_still_screen 3;
+            # two tabs and an enter to hit Continue; after this we
+            # wind up at the 'everything's done!' screen after some
+            # time
+            type_very_safely "Secret123\t\t\n";
+            $completetime = 300;
+        }
+        else {
+            my $user_login = get_var("USER_LOGIN") || "test";
+            my $user_password = get_var("USER_PASSWORD") || "weakpassword";
+            # create user
+            type_very_safely $user_login;
+            wait_screen_change { assert_and_click "next_button"; };
+            type_very_safely $user_password;
+            send_key "tab";
+            type_very_safely $user_password;
+            wait_screen_change { assert_and_click "next_button"; };
+        }
+        assert_and_click("initial_setup_complete", button => "left", timeout => $completetime);
     }
     else {
         handle_welcome_screen;

needles/gnome/initial_setup_complete-20221118.json

@@ -0,0 +1,15 @@
+{
+  "area": [
+    {
+      "xpos": 429,
+      "ypos": 549,
+      "width": 77,
+      "height": 16,
+      "type": "match"
+    }
+  ],
+  "properties": [],
+  "tags": [
+    "initial_setup_complete"
+  ]
+}

needles/gnome/initial_setup_enterprise-20221117.json

@@ -0,0 +1,15 @@
+{
+  "area": [
+    {
+      "xpos": 454,
+      "ypos": 719,
+      "width": 117,
+      "height": 18,
+      "type": "match"
+    }
+  ],
+  "properties": [],
+  "tags": [
+    "initial_setup_enterprise"
+  ]
+}

needles/gnome/initial_setup_enterprise-f36-20221117.json

@@ -0,0 +1,15 @@
+{
+  "area": [
+    {
+      "xpos": 455,
+      "ypos": 713,
+      "height": 18,
+      "width": 117,
+      "type": "match"
+    }
+  ],
+  "properties": [],
+  "tags": [
+    "initial_setup_enterprise"
+  ]
+}

templates-updates.fif.json

@@ -422,6 +422,11 @@
                 "fedora-updates-server-x86_64-*-64bit": 40
             }
         },
+        "realmd_join_gis": {
+            "profiles": {
+                "fedora-updates-workstation-x86_64-*-64bit": 30
+            }
+        },
         "realmd_join_sssd": {
             "profiles": {
                 "fedora-updates-server-aarch64-*-aarch64": 30,

templates.fif.json

@@ -2283,6 +2283,21 @@
                 "WORKER_CLASS": "tap"
             }
         },
+        "realmd_join_gis": {
+            "profiles": {
+                "fedora-Workstation-live-iso-ppc64le-*-ppc64le": 20,
+                "fedora-Workstation-live-iso-x86_64-*-64bit": 20
+            },
+            "settings": {
+                "BOOTFROM": "c",
+                "FREEIPA_DEMO_INSTANCE": "1",
+                "HDD_1": "disk_%FLAVOR%_%MACHINE%.qcow2",
+                "POSTINSTALL": "realmd_join_gis freeipa_client",
+                "ROOT_PASSWORD": "weakpassword",
+                "START_AFTER_TEST": "%DEPLOY_UPLOAD_TEST%",
+                "USER_LOGIN": "false"
+            }
+        },
         "realmd_join_sssd": {
             "profiles": {
                 "fedora-Server-dvd-iso-aarch64-*-aarch64": 20,

tests/freeipa_client.pm

@@ -8,34 +8,50 @@ sub run {
     # switch to tty1 (we're usually there already, but just in case
     # we're carrying on from a failed freeipa_webui that didn't fail
     # at tty1)
+    my $domain = "test.openqa.fedoraproject.org";
+    my $ucdomain = "TEST.OPENQA.FEDORAPROJECT.ORG";
+    my $user1 = "test1";
+    my $user2 = "test2";
+    my $userpw = "batterystaple";
+    if (get_var("FREEIPA_DEMO_INSTANCE")) {
+        $domain = "demo1.freeipa.org";
+        $ucdomain = "DEMO1.FREEIPA.ORG";
+        $user1 = "employee";
+        $user2 = "";
+        $userpw = "Secret123";
+    }
+    my $qdomain = quotemeta($domain);
+    my $qucdomain = quotemeta($ucdomain);
     send_key "ctrl-alt-f1";
     wait_still_screen 1;
     # check domain is listed in 'realm list'
-    validate_script_output 'realm list', sub { $_ =~ m/domain-name: test\.openqa\.fedoraproject\.org.*configured: kerberos-member/s };
+    validate_script_output 'realm list', sub { $_ =~ m/domain-name: $qdomain.*configured: kerberos-member/s };
     # check we can see the admin user in getent
-    assert_script_run 'getent passwd admin@TEST.OPENQA.FEDORAPROJECT.ORG';
+    assert_script_run "getent passwd admin\@$ucdomain";
     # check keytab entries
     my $hostname = script_output 'hostname';
     my $qhost = quotemeta($hostname);
-    validate_script_output 'klist -k', sub { $_ =~ m/$qhost\@TEST\.OPENQA\.FEDORAPROJECT\.ORG/ };
+    validate_script_output 'klist -k', sub { $_ =~ m/$qhost\@$qucdomain/ };
     # check we can kinit with the host principal
-    assert_script_run "kinit -k host/$hostname\@TEST.OPENQA.FEDORAPROJECT.ORG";
+    assert_script_run "kinit -k host/$hostname\@$ucdomain";
     # Set a longer timeout for login(1) to workaround RHBZ #1661273
     assert_script_run 'echo "LOGIN_TIMEOUT 180" >> /etc/login.defs';
     # switch to tty2 for login tests
     send_key "ctrl-alt-f2";
     # try and login as test1, should work
-    console_login(user => 'test1@TEST.OPENQA.FEDORAPROJECT.ORG', password => 'batterystaple');
+    console_login(user => "$user1\@$ucdomain", password => $userpw);
     type_string "exit\n";
     # try and login as test2, should fail. we cannot use console_login
     # as it takes 10 seconds to complete when login fails, and
     # "permission denied" message doesn't last that long
     sleep 2;
     assert_screen "text_console_login";
-    type_string "test2\@TEST.OPENQA.FEDORAPROJECT.ORG\n";
-    assert_screen "console_password_required";
-    type_string "batterystaple\n";
-    assert_screen "login_permission_denied";
+    if ($user2) {
+        type_string "$user2\@$ucdomain\n";
+        assert_screen "console_password_required";
+        type_string "$userpw\n";
+        assert_screen "login_permission_denied";
+    }
 }
 
 

tests/realmd_join_gis.pm

@@ -0,0 +1,28 @@
+use base "installedtest";
+use strict;
+use testapi;
+use lockapi;
+use utils;
+use tapnet;
+use cockpit;
+
+sub run {
+    my $self = shift;
+    $self->root_console(tty=>3);
+    assert_script_run "printf 'KRB5_TRACE=/dev/stdout\n' > /etc/environment";
+    type_string "reboot\n";
+    do_bootloader(postinstall=>1, params=>"gnome.initial-setup=1", timeout=>60);
+    gnome_initial_setup(prelogin=>1, freeipa=>1, timeout=>300);
+    handle_welcome_screen;
+    mouse_set(300, 800);
+    check_desktop;
+    $self->root_console(tty=>3);
+}
+
+sub test_flags {
+    return {fatal => 1};
+}
+
+1;
+
+# vim: set sw=4 et: