PR#51011: Issue 49761 - Fix CI tests - 389-ds-base

389-ds-base

#51011 Issue 49761 - Fix CI tests

Closed 3 years ago by spichugi. Opened 4 years ago by vashirov.

vashirov/389-ds-base update-stable-tests into master

Issue 49761 - Fix CI tests

Viktor Ashirov • 3 years ago

1b8a6be

dirsrvtests/tests/suites/auth_token/basic_auth_test.py

file modified

+5 -5

		`@@ -25,7 +25,7 @@`
		`USER_PASSWORD = "password aouoaeu"`
		`TEST_KEY = "4PXhmtKG7iCdT9C49GoBdD92x5X1tvF3eW9bHq4ND2Q="`

		`- @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")`
		`+ @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")`
		`def test_ldap_auth_token_config(topology):`
		`""" Test that we are able to configure the ldapssotoken backend with various types and states.`

		`@@ -72,7 +72,7 @@`
		`topology.standalone.config.remove_all('nsslapd-ldapssotoken-secret')`


		`- @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")`
		`+ @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")`
		`def test_ldap_auth_token_nsuser(topology):`
		`"""`
		`Test that we can generate and authenticate with authentication tokens`
		`@@ -141,7 +141,7 @@`
		`with pytest.raises(ldap.INVALID_CREDENTIALS):`
		`user.authenticate_sso_token(token)`

		`- @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")`
		`+ @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")`
		`def test_ldap_auth_token_disabled(topology):`
		`""" Assert when the feature is disabled that token operations are not able to progress`

		`@@ -191,7 +191,7 @@`
		`user_account.authenticate_sso_token(token)`


		`- @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")`
		`+ @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")`
		`def test_ldap_auth_token_directory_manager(topology):`
		`""" Test token auth with directory manager is denied`

		`@@ -214,7 +214,7 @@`
		`dm.request_sso_token()`

		`## test as anon (will fail)`
		`- @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")`
		`+ @pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")`
		`def test_ldap_auth_token_anonymous(topology):`
		`""" Test token auth with Anonymous is denied.`

dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py

file modified

+5 -3

		`@@ -26,7 +26,7 @@`
		`TEST_PARAMS = [(DN_ROOT, False, [`
		`'aci', 'createTimestamp', 'creatorsName',`
		`'modifiersName', 'modifyTimestamp', 'namingContexts',`
		`- 'nsBackendSuffix', 'nsUniqueId', 'subschemaSubentry',`
		`+ 'nsBackendSuffix', 'subschemaSubentry',`
		`'supportedControl', 'supportedExtension',`
		`'supportedFeatures', 'supportedLDAPVersion',`
		`'supportedSASLMechanisms', 'vendorName', 'vendorVersion'`
		`@@ -34,7 +34,7 @@`
		`(DN_ROOT, True, [`
		`'createTimestamp', 'creatorsName',`
		`'modifiersName', 'modifyTimestamp', 'namingContexts',`
		`- 'nsBackendSuffix', 'nsUniqueId', 'subschemaSubentry',`
		`+ 'nsBackendSuffix', 'subschemaSubentry',`
		`'supportedControl', 'supportedExtension',`
		`'supportedFeatures', 'supportedLDAPVersion',`
		`'supportedSASLMechanisms', 'vendorName', 'vendorVersion'`
		`@@ -156,7 +156,9 @@`
		`entries = topology_st.standalone.search_s(search_suffix, ldap.SCOPE_BASE,`
		`'(objectclass=*)',`
		`search_filter)`
		`- found_attrs = entries[0].data.keys()`
		`+ found_attrs = set(entries[0].data.keys())`
		`+ if search_suffix == DN_ROOT and "nsUniqueId" in found_attrs:`
		`+ found_attrs.remove("nsUniqueId")`

		`if add_attr == '*':`
		`assert set(expected_attrs) - set(found_attrs) == set()`

dirsrvtests/tests/suites/fractional/__init__.py

file added

		`@@ -0,0 +1,3 @@`
		`+ """`
		`+ :Requirement: 389-ds-base: Fractional replication`
		`+ """`

dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py

file modified

+7 -2

		`@@ -99,6 +99,7 @@`
		`# Reset user's password`
		`our_user = UserAccount(topology_st.standalone, TEST_USER_DN)`
		`our_user.replace('userpassword', PASSWORD)`
		`+ time.sleep(.5)`

		`# Check that pwdReset is TRUE`
		`assert our_user.get_attr_val_utf8('pwdReset') == 'TRUE'`
		`@@ -106,6 +107,7 @@`
		`# Bind as user and change its own password`
		`our_user.rebind(PASSWORD)`
		`our_user.replace('userpassword', PASSWORD)`
		`+ time.sleep(.5)`

		`# Check that pwdReset is FALSE`
		`topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`@@ -114,6 +116,9 @@`
		`# Reset password policy config`
		`topology_st.standalone.config.replace('passwordMustChange', 'off')`

		`+ # Reset user's password`
		`+ our_user.replace('userpassword', TEST_USER_PWD)`
		`+`

		`@pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception',`
		`[('on', 'off', ldap.UNWILLING_TO_PERFORM),`
		`@@ -171,7 +176,7 @@`
		`user.reset_password('new_pass')`
		`except ldap.LDAPError as e:`
		`log.error('Failed to change userpassword for {}: error {}'.format(`
		`- TEST_USER_DN, e.message['info']))`
		`+ TEST_USER_DN, e.args[0]['info']))`
		`raise e`
		`finally:`
		`log.info('Bind as DM')`
		`@@ -245,7 +250,7 @@`
		`user.reset_password(TEST_USER_PWD)`
		`except ldap.LDAPError as e:`
		`log.error('Failed to change userpassword for {}: error {}'.format(`
		`- TEST_USER_DN, e.message['info']))`
		`+ TEST_USER_DN, e.args[0]['info']))`
		`raise e`
		`finally:`
		`log.info('Bind as DM')`

dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py

file modified

		`@@ -581,12 +581,15 @@`
		`('passwordExp', 'on'))`
		`user = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX, rdn=None).create_test_user()`
		`user.set('userPassword', 'anuj')`
		`+ time.sleep(0.5)`
		`expire_time = user.get_attr_val_utf8('passwordExpirationTime')`
		`config.replace('passwordMaxAge', '172800')`
		`user.set('userPassword', 'borah')`
		`+ time.sleep(0.5)`
		`expire_time2 = user.get_attr_val_utf8('passwordExpirationTime')`
		`config.replace('passwordMaxAge', '604800')`
		`user.set('userPassword', 'anujagaiin')`
		`+ time.sleep(0.5)`
		`expire_time3 = user.get_attr_val_utf8('passwordExpirationTime')`
		`assert expire_time != expire_time2 != expire_time3`
		`config.replace('passwordExp', 'off')`

dirsrvtests/tests/suites/password/pwp_test.py

file modified

+7 -2

		`@@ -15,11 +15,16 @@`
		`from lib389._constants import DEFAULT_SUFFIX`
		`from lib389.config import Config`
		`from lib389.idm.group import Group`
		`+ from lib389.utils import ds_is_older`
		`import ldap`
		`import time`

		`pytestmark = pytest.mark.tier1`

		`+ if ds_is_older('1.4'):`
		`+ DEFAULT_PASSWORD_STORAGE_SCHEME = 'SSHA512'`
		`+ else:`
		`+ DEFAULT_PASSWORD_STORAGE_SCHEME = 'PBKDF2_SHA256'`

		`def _create_user(topo, uid, cn, uidNumber, userpassword):`
		`"""`
		`@@ -400,7 +405,7 @@`
		`# Modify password Once`
		`user.replace('userPassword', 'secreter')`
		`time.sleep(1)`
		`- assert 'PBKDF2_SHA256' in user.get_attr_val_utf8('userPassword')`
		`+ assert DEFAULT_PASSWORD_STORAGE_SCHEME in user.get_attr_val_utf8('userPassword')`
		`# Try to change the password with same one`
		`for _ in range(3):`
		`with pytest.raises(ldap.CONSTRAINT_VIOLATION):`
		`@@ -508,4 +513,4 @@`

		`if __name__ == "__main__":`
		`CURRENT_FILE = os.path.realpath(__file__)`
		`- pytest.main("-s -v %s" % CURRENT_FILE)`
		`\ No newline at end of file`
		`+ pytest.main("-s -v %s" % CURRENT_FILE)`

dirsrvtests/tests/suites/plugins/rootdn_plugin_test.py

file modified

+38 -15

		`@@ -643,7 +643,10 @@`
		`plugin.apply_mods([(ldap.MOD_REPLACE, 'rootdn-deny-host', 'host.####.com')])`


		`- def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup):`
		`+ @pytest.mark.ds50800`
		`+ @pytest.mark.bz1807537`
		`+ @pytest.mark.xfail(ds_is_older('1.3.11', '1.4.3.5'), reason="May fail because of bz1807537")`
		`+ def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup, timeout=5):`
		`"""Test denied IP feature with a wildcard`

		`:id: 73c74f62-9ac2-4bb6-8a63-bacc8d8bbf93`
		`@@ -663,22 +666,33 @@`
		`log.info('Running test_rootdn_access_denied_ip_wildcard...')`

		`plugin.add_deny_ip('127.*')`
		`- time.sleep(.5)`

		`- # Bind as root DN - should fail`
		`+ # Bind as Root DN - should fail`
		`uri = 'ldap://{}:{}'.format('127.0.0.1', topology_st.standalone.port)`
		`- with pytest.raises(ldap.UNWILLING_TO_PERFORM):`
		`- rootdn_bind(topology_st.standalone, uri=uri)`
		`+ for i in range(0, timeout):`
		`+ try:`
		`+ rootdn_bind(topology_st.standalone, uri=uri)`
		`+ except ldap.UNWILLING_TO_PERFORM:`
		`+ break`
		`+ else:`
		`+ time.sleep(.5)`

		`# Change the denied IP so root DN succeeds`
		`plugin.apply_mods([(ldap.MOD_REPLACE, 'rootdn-deny-ip', '255.255.255.255')])`
		`- time.sleep(.5)`

		`- # Bind should succeed`
		`- rootdn_bind(topology_st.standalone, uri=uri)`
		`+ # Bind as Root DN - should succeed`
		`+ for i in range(0, timeout):`
		`+ try:`
		`+ rootdn_bind(topology_st.standalone, uri=uri)`
		`+ break`
		`+ except:`
		`+ time.sleep(.5)`


		`- def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup):`
		`+ @pytest.mark.ds50800`
		`+ @pytest.mark.bz1807537`
		`+ @pytest.mark.xfail(ds_is_older('1.3.11', '1.4.3.5'), reason="May fail because of bz1807537")`
		`+ def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup, timeout=5):`
		`"""Test allowed ip feature`

		`:id: c3e22c61-9ed2-4e89-8243-6ff686ecad9b`
		`@@ -702,16 +716,25 @@`
		`time.sleep(.5)`

		`# Bind as Root DN - should fail`
		`- uri = 'ldap://{}:{}'.format("127.0.0.1", topology_st.standalone.port)`
		`- with pytest.raises(ldap.UNWILLING_TO_PERFORM):`
		`- rootdn_bind(topology_st.standalone, uri=uri)`
		`+ uri = 'ldap://{}:{}'.format('127.0.0.1', topology_st.standalone.port)`
		`+ for i in range(0, timeout):`
		`+ try:`
		`+ rootdn_bind(topology_st.standalone, uri=uri)`
		`+ except ldap.UNWILLING_TO_PERFORM:`
		`+ break`
		`+ else:`
		`+ time.sleep(.5)`

		`# Allow localhost`
		`plugin.add_allow_ip('127.*')`
		`- time.sleep(.5)`

		`- # Bind should succeed`
		`- rootdn_bind(topology_st.standalone, uri=uri)`
		`+ # Bind as Root DN - should succeed`
		`+ for i in range(0, timeout):`
		`+ try:`
		`+ rootdn_bind(topology_st.standalone, uri=uri)`
		`+ break`
		`+ except:`
		`+ time.sleep(.5)`


		`if __name__ == '__main__':`

dirsrvtests/tests/suites/pwp_storage/storage_test.py

file modified

+2 -1

		`@@ -21,6 +21,7 @@`
		`from lib389._constants import DEFAULT_SUFFIX`
		`from lib389.config import Config`
		`from lib389.password_plugins import PBKDF2Plugin, SSHA512Plugin`
		`+ from lib389.utils import ds_is_older`

		`pytestmark = pytest.mark.tier1`

		`@@ -104,7 +105,7 @@`
		`in UserAccount(topo.standalone, user.dn).get_attr_val_utf8('userpassword').lower()`
		`user.delete()`

		`-`
		`+ @pytest.mark.skipif(ds_is_older('1.4'), reason="Not implemented")`
		`def test_check_pbkdf2_sha256(topo):`
		`"""Check password scheme PBKDF2_SHA256.`

dirsrvtests/tests/suites/replication/changelog_test.py

file modified

+4 -4

		`@@ -219,7 +219,7 @@`
		`log.info('Existing changelog %s file: %s removed' % (extension,changelog_file))`


		`- @pytest.mark.xfail(ds_is_older('1.3.10.1'), reason="bug bz1685059")`
		`+ @pytest.mark.xfail(ds_is_older('1.3.10.1', '1.4.3'), reason="bug bz1685059")`
		`@pytest.mark.bz1685059`
		`@pytest.mark.ds50498`
		`@pytest.mark.bz1769296`
		`@@ -367,7 +367,7 @@`
		`# primary condition before executing the core goal of this case : management of generated files.`

		`log.info("Use dsconf dump-changelog with invalid parameters")`
		`- cmdline=['python', '/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', 'badpasswd', 'replication', 'dump-changelog']`
		`+ cmdline=['/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', 'badpasswd', 'replication', 'dump-changelog']`
		`log.info('Command used : %s' % cmdline)`
		`proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE)`
		`msg = proc.communicate()`
		`@@ -377,7 +377,7 @@`
		`# Now the core goal of the test case`
		`# Using dsconf replication changelog without -l option`
		`log.info('Use dsconf replication changelog without -l option: no generated ldif files should be present in %s ' % changelog_dir)`
		`- cmdline=['python', '/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog']`
		`+ cmdline=['/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog']`
		`log.info('Command used : %s' % cmdline)`
		`proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE)`
		`proc.communicate()`
		`@@ -396,7 +396,7 @@`

		`# Using dsconf replication changelog without -l option`
		`log.info('Use dsconf replication changelog with -l option: generated ldif files should be kept in %s ' % changelog_dir)`
		`- cmdline=['python', '/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog', '-l']`
		`+ cmdline=['/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog', '-l']`
		`log.info('Command used : %s' % cmdline)`
		`proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE)`
		`proc.communicate()`

dirsrvtests/tests/suites/replication/cleanallruv_test.py

file modified

+1 -1

		`@@ -84,7 +84,7 @@`
		`replica = replicas.get(DEFAULT_SUFFIX)`

		`count = 0`
		`- while not clean and count < 10:`
		`+ while not clean and count < 20:`
		`ruv = replica.get_ruv()`
		`if m4rid in ruv._rids:`
		`time.sleep(5)`

dirsrvtests/tests/suites/rewriters/__init__.py

file added

		`@@ -0,0 +1,3 @@`
		`+ """`
		`+ :Requirement: 389-ds-base: Rewriters`
		`+ """`

dirsrvtests/tests/suites/roles/__init__.py

file added

		`@@ -0,0 +1,3 @@`
		`+ """`
		`+ :Requirement: 389-ds-base: Roles`
		`+ """`

dirsrvtests/tests/suites/sasl/allowed_mechs_test.py

file modified

		`@@ -10,6 +10,7 @@`
		`import pytest`
		`import os`
		`from lib389.topologies import topology_st`
		`+ from lib389.utils import ds_is_older`

		`pytestmark = pytest.mark.tier1`

		`@@ -178,6 +179,7 @@`

		`@pytest.mark.bz1816854`
		`@pytest.mark.ds50869`
		`+ @pytest.mark.xfail(ds_is_older('1.3.11', '1.4.3.6'), reason="May fail because of bz1816854")`
		`def test_config_set_few_mechs(topology_st):`
		`"""Test that we can successfully set multiple values to nsslapd-allowed-sasl-mechanisms`

dirsrvtests/tests/suites/setup_ds/remove_test.py

file modified

+2 -1

		`@@ -14,6 +14,7 @@`
		`from lib389.instance.remove import remove_ds_instance`
		`from lib389._constants import ReplicaRole`
		`from lib389.topologies import create_topology`
		`+ from lib389.utils import ds_is_older`

		`pytestmark = pytest.mark.tier0`

		`@@ -31,7 +32,7 @@`

		`return topology`

		`-`
		`+ @pytest.mark.skipif(ds_is_older('1.4.3'), reason="Backend split, lib389 supports only cn=bdb,cn=config...")`
		`@pytest.mark.parametrize("simple_allocate", (True, False))`
		`def test_basic(topology_st, simple_allocate):`
		`"""Check that all DS directories and systemd items were removed`

vashirov commented 4 years ago

Description:

Update pytest markers
Fix changelog test on EL8
Fix race conditions in pwdPolicy_warning_test, pwdPolicy_attribute_test, rootdn_plugin_test
Increase a timeout for check_ruv()
Use appropriate default password storage scheme on older versions
Remove nsUniqueId from the expected search on rootdse

rebased onto b1de9e55445c358921488506796b9395bdc0b516

4 years ago

rebased onto 41263be59688f468ebf3dc4044737c36c421d4b8

4 years ago

rebased onto 759774ade0355a60a0fa1ba339d797884b0a71a0

4 years ago

rebased onto e4bb675fb04fd9a82f171ee2f0e4bd68172faa0d

4 years ago

rebased onto 58f5bb76b7b1e95e9a9ac7181d27d014c8a7bda8

4 years ago

rebased onto 7eb0d17142d40ffc6377cce84dbdafbd16676397

4 years ago

1 new commit added

Remove nsUniqueId from the expected search on rootdse

4 years ago

rebased onto 85282ac7991b58fe08d4ffda27ae7c64ee716ac4

4 years ago

rebased onto 3eb46ace2fc7ba6665529be5d05f9f169c88bd86

4 years ago

rebased onto 2ed5ba5c98c4285c48afc0791b71311076fce3f4

4 years ago

spichugi commented on line 23 of dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py 4 years ago

Could you please also fix the credentials in this test? It fails when we run the whole test suite because test_pwd_reset changes the password for the user

Edited 4 years ago by spichugi

spichugi commented 4 years ago

The rest looks good! Ack

rebased onto 1b8a6be

3 years ago

vashirov commented 3 years ago

Could you please also fix the credentials in this test? It fails when we run the whole test suite because test_pwd_reset changes the password for the user

Good catch! Fixed.
Thanks!

Pull-Request has been merged by vashirov

3 years ago

spichugi commented 3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/4064

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.