Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: adding client ipa trust authentication tests #7779

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

tests: adding client ipa trust authentication tests #7779

wants to merge 1 commit into from

Conversation

danlavu
Copy link

@danlavu danlavu commented Dec 20, 2024

No description provided.

@danlavu danlavu force-pushed the tests-ipa-trust-lookup-fqn branch 4 times, most recently from 90cc21e to bede40a Compare December 20, 2024 21:25
jakub-vavra-cz
jakub-vavra-cz requested changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@jakub-vavra-cz jakub-vavra-cz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error messages should be different to make it easy to see which exact assert failed. I wonder if it would make a sense to create tests also with authentication using su. I would not parametrize these as they would be unsightly but test_ipa_trusts__authentication_with_default_settings_su seems worth adding.

justin-stephenson
justin-stephenson reviewed Jan 15, 2025
View reviewed changes
src/tests/system/tests/test_ipa_trusts.py
ipa_user = ipa.user("user1").add(password="Secret123").name
ipa_user_fqn = f"{ipa_user}@{ipa.domain}"
ad_user = trusted.user("user2").add(password="Secret123").name
ad_user_fqn = f"{ad_user}@{trusted.domain}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For ad, you can use ad_user_fqn = trusted.fqn("user2")

I added this fqn method to the IPA role here https://github.com/SSSD/sssd-test-framework/pull/119/files but it won't work until merged obviously

justin-stephenson
justin-stephenson reviewed Jan 15, 2025
View reviewed changes
src/tests/system/tests/test_ipa_trusts.py
ad_user = trusted.user("user2").add(password="Secret123").name
ad_user_fqn = f"{ad_user}@{trusted.domain}"

client.sssd.enable_responder("ssh")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really needed?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me double-check: the other IPA trust tests are using the IPA host to do the lookups; IIRC, this wasn't enabled on the client.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but we should update the IPA config in the framework. It's because

services = nss, pam

justin-stephenson
justin-stephenson reviewed Jan 15, 2025
View reviewed changes
src/tests/system/tests/test_ipa_trusts.py
ad_user = trusted.user("user2").add(password="Secret123").name
ad_user_fqn = f"{ad_user}@{trusted.domain}"

client.sssd.enable_responder("ssh")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really needed?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IPA was not doing that on RHEL 10 beta so we had this as a workaround. New IPA on 10.0 should include it but better to be safe.

@danlavu danlavu force-pushed the tests-ipa-trust-lookup-fqn branch from bede40a to dc1414a Compare January 16, 2025 05:42
@danlavu danlavu force-pushed the tests-ipa-trust-lookup-fqn branch from dc1414a to bfdfc67 Compare January 16, 2025 19:12
@justin-stephenson
Copy link
Contributor

Please fix the ipa-trust-samba errors in PRCI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakub-vavra-cz jakub-vavra-cz jakub-vavra-cz requested changes

@justin-stephenson justin-stephenson justin-stephenson left review comments

Assignees

@justin-stephenson justin-stephenson

@jakub-vavra-cz jakub-vavra-cz

Labels
branch: sssd-2-9 branch: sssd-2-10 Tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@danlavu @justin-stephenson @jakub-vavra-cz