From 1b8a6be1406c6bee9c02f01b68458902120f8761 Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Apr 29 2020 13:46:08 +0000 Subject: Issue 49761 - Fix CI tests Description: * Update pytest markers * Fix changelog test on EL8 * Fix race conditions in pwdPolicy_warning_test, pwdPolicy_attribute_test, rootdn_plugin_test * Increase a timeout for check_ruv() * Use appropriate default password storage scheme on older versions * Remove nsUniqueId from the expected attributes if search is done on rootdse * Add missing __init__.py for the test suites Relates: https://pagure.io/389-ds-base/issue/49761 Reviewed by: spichugi (Thanks!) --- diff --git a/dirsrvtests/tests/suites/auth_token/basic_auth_test.py b/dirsrvtests/tests/suites/auth_token/basic_auth_test.py index 2e592a4..8c55013 100644 --- a/dirsrvtests/tests/suites/auth_token/basic_auth_test.py +++ b/dirsrvtests/tests/suites/auth_token/basic_auth_test.py @@ -25,7 +25,7 @@ pytestmark = pytest.mark.tier1 USER_PASSWORD = "password aouoaeu" TEST_KEY = "4PXhmtKG7iCdT9C49GoBdD92x5X1tvF3eW9bHq4ND2Q=" -@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions") +@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions") def test_ldap_auth_token_config(topology): """ Test that we are able to configure the ldapssotoken backend with various types and states. @@ -72,7 +72,7 @@ def test_ldap_auth_token_config(topology): topology.standalone.config.remove_all('nsslapd-ldapssotoken-secret') -@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions") +@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions") def test_ldap_auth_token_nsuser(topology): """ Test that we can generate and authenticate with authentication tokens @@ -141,7 +141,7 @@ def test_ldap_auth_token_nsuser(topology): with pytest.raises(ldap.INVALID_CREDENTIALS): user.authenticate_sso_token(token) -@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions") +@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions") def test_ldap_auth_token_disabled(topology): """ Assert when the feature is disabled that token operations are not able to progress @@ -191,7 +191,7 @@ def test_ldap_auth_token_disabled(topology): user_account.authenticate_sso_token(token) -@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions") +@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions") def test_ldap_auth_token_directory_manager(topology): """ Test token auth with directory manager is denied @@ -214,7 +214,7 @@ def test_ldap_auth_token_directory_manager(topology): dm.request_sso_token() ## test as anon (will fail) -@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions") +@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions") def test_ldap_auth_token_anonymous(topology): """ Test token auth with Anonymous is denied. diff --git a/dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py b/dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py index db2be9f..2a97e1e 100644 --- a/dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py +++ b/dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py @@ -26,7 +26,7 @@ TEST_USER_PWD = 'all_attrs_test' TEST_PARAMS = [(DN_ROOT, False, [ 'aci', 'createTimestamp', 'creatorsName', 'modifiersName', 'modifyTimestamp', 'namingContexts', - 'nsBackendSuffix', 'nsUniqueId', 'subschemaSubentry', + 'nsBackendSuffix', 'subschemaSubentry', 'supportedControl', 'supportedExtension', 'supportedFeatures', 'supportedLDAPVersion', 'supportedSASLMechanisms', 'vendorName', 'vendorVersion' @@ -34,7 +34,7 @@ TEST_PARAMS = [(DN_ROOT, False, [ (DN_ROOT, True, [ 'createTimestamp', 'creatorsName', 'modifiersName', 'modifyTimestamp', 'namingContexts', - 'nsBackendSuffix', 'nsUniqueId', 'subschemaSubentry', + 'nsBackendSuffix', 'subschemaSubentry', 'supportedControl', 'supportedExtension', 'supportedFeatures', 'supportedLDAPVersion', 'supportedSASLMechanisms', 'vendorName', 'vendorVersion' @@ -156,7 +156,9 @@ def test_search_basic(topology_st, create_user, user_aci, add_attr, entries = topology_st.standalone.search_s(search_suffix, ldap.SCOPE_BASE, '(objectclass=*)', search_filter) - found_attrs = entries[0].data.keys() + found_attrs = set(entries[0].data.keys()) + if search_suffix == DN_ROOT and "nsUniqueId" in found_attrs: + found_attrs.remove("nsUniqueId") if add_attr == '*': assert set(expected_attrs) - set(found_attrs) == set() diff --git a/dirsrvtests/tests/suites/fractional/__init__.py b/dirsrvtests/tests/suites/fractional/__init__.py new file mode 100644 index 0000000..a0ff5f3 --- /dev/null +++ b/dirsrvtests/tests/suites/fractional/__init__.py @@ -0,0 +1,3 @@ +""" + :Requirement: 389-ds-base: Fractional replication +""" diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py index b37eff7..efe87e4 100644 --- a/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py +++ b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py @@ -99,6 +99,7 @@ def test_pwd_reset(topology_st, create_user): # Reset user's password our_user = UserAccount(topology_st.standalone, TEST_USER_DN) our_user.replace('userpassword', PASSWORD) + time.sleep(.5) # Check that pwdReset is TRUE assert our_user.get_attr_val_utf8('pwdReset') == 'TRUE' @@ -106,6 +107,7 @@ def test_pwd_reset(topology_st, create_user): # Bind as user and change its own password our_user.rebind(PASSWORD) our_user.replace('userpassword', PASSWORD) + time.sleep(.5) # Check that pwdReset is FALSE topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) @@ -114,6 +116,9 @@ def test_pwd_reset(topology_st, create_user): # Reset password policy config topology_st.standalone.config.replace('passwordMustChange', 'off') + # Reset user's password + our_user.replace('userpassword', TEST_USER_PWD) + @pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception', [('on', 'off', ldap.UNWILLING_TO_PERFORM), @@ -171,7 +176,7 @@ def test_change_pwd(topology_st, create_user, password_policy, user.reset_password('new_pass') except ldap.LDAPError as e: log.error('Failed to change userpassword for {}: error {}'.format( - TEST_USER_DN, e.message['info'])) + TEST_USER_DN, e.args[0]['info'])) raise e finally: log.info('Bind as DM') @@ -245,7 +250,7 @@ def test_pwd_min_age(topology_st, create_user, password_policy): user.reset_password(TEST_USER_PWD) except ldap.LDAPError as e: log.error('Failed to change userpassword for {}: error {}'.format( - TEST_USER_DN, e.message['info'])) + TEST_USER_DN, e.args[0]['info'])) raise e finally: log.info('Bind as DM') diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py index 0dca5f5..98d99ad 100644 --- a/dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py +++ b/dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py @@ -581,12 +581,15 @@ def test_password_expire_works(topology_st): ('passwordExp', 'on')) user = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX, rdn=None).create_test_user() user.set('userPassword', 'anuj') + time.sleep(0.5) expire_time = user.get_attr_val_utf8('passwordExpirationTime') config.replace('passwordMaxAge', '172800') user.set('userPassword', 'borah') + time.sleep(0.5) expire_time2 = user.get_attr_val_utf8('passwordExpirationTime') config.replace('passwordMaxAge', '604800') user.set('userPassword', 'anujagaiin') + time.sleep(0.5) expire_time3 = user.get_attr_val_utf8('passwordExpirationTime') assert expire_time != expire_time2 != expire_time3 config.replace('passwordExp', 'off') diff --git a/dirsrvtests/tests/suites/password/pwp_test.py b/dirsrvtests/tests/suites/password/pwp_test.py index cc29f6f..a1c2a11 100644 --- a/dirsrvtests/tests/suites/password/pwp_test.py +++ b/dirsrvtests/tests/suites/password/pwp_test.py @@ -15,11 +15,16 @@ from lib389.idm.user import UserAccounts, UserAccount from lib389._constants import DEFAULT_SUFFIX from lib389.config import Config from lib389.idm.group import Group +from lib389.utils import ds_is_older import ldap import time pytestmark = pytest.mark.tier1 +if ds_is_older('1.4'): + DEFAULT_PASSWORD_STORAGE_SCHEME = 'SSHA512' +else: + DEFAULT_PASSWORD_STORAGE_SCHEME = 'PBKDF2_SHA256' def _create_user(topo, uid, cn, uidNumber, userpassword): """ @@ -400,7 +405,7 @@ def test_expiration_date(topo, _fix_password): # Modify password Once user.replace('userPassword', 'secreter') time.sleep(1) - assert 'PBKDF2_SHA256' in user.get_attr_val_utf8('userPassword') + assert DEFAULT_PASSWORD_STORAGE_SCHEME in user.get_attr_val_utf8('userPassword') # Try to change the password with same one for _ in range(3): with pytest.raises(ldap.CONSTRAINT_VIOLATION): @@ -508,4 +513,4 @@ def test_passwordlockout(topo, _fix_password): if __name__ == "__main__": CURRENT_FILE = os.path.realpath(__file__) - pytest.main("-s -v %s" % CURRENT_FILE) \ No newline at end of file + pytest.main("-s -v %s" % CURRENT_FILE) diff --git a/dirsrvtests/tests/suites/plugins/rootdn_plugin_test.py b/dirsrvtests/tests/suites/plugins/rootdn_plugin_test.py index a565037..7664625 100644 --- a/dirsrvtests/tests/suites/plugins/rootdn_plugin_test.py +++ b/dirsrvtests/tests/suites/plugins/rootdn_plugin_test.py @@ -643,7 +643,10 @@ def test_rootdn_config_validate(topology_st, rootdn_setup, rootdn_cleanup): plugin.apply_mods([(ldap.MOD_REPLACE, 'rootdn-deny-host', 'host.####.com')]) -def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup): +@pytest.mark.ds50800 +@pytest.mark.bz1807537 +@pytest.mark.xfail(ds_is_older('1.3.11', '1.4.3.5'), reason="May fail because of bz1807537") +def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup, timeout=5): """Test denied IP feature with a wildcard :id: 73c74f62-9ac2-4bb6-8a63-bacc8d8bbf93 @@ -663,22 +666,33 @@ def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_clea log.info('Running test_rootdn_access_denied_ip_wildcard...') plugin.add_deny_ip('127.*') - time.sleep(.5) - # Bind as root DN - should fail + # Bind as Root DN - should fail uri = 'ldap://{}:{}'.format('127.0.0.1', topology_st.standalone.port) - with pytest.raises(ldap.UNWILLING_TO_PERFORM): - rootdn_bind(topology_st.standalone, uri=uri) + for i in range(0, timeout): + try: + rootdn_bind(topology_st.standalone, uri=uri) + except ldap.UNWILLING_TO_PERFORM: + break + else: + time.sleep(.5) # Change the denied IP so root DN succeeds plugin.apply_mods([(ldap.MOD_REPLACE, 'rootdn-deny-ip', '255.255.255.255')]) - time.sleep(.5) - # Bind should succeed - rootdn_bind(topology_st.standalone, uri=uri) + # Bind as Root DN - should succeed + for i in range(0, timeout): + try: + rootdn_bind(topology_st.standalone, uri=uri) + break + except: + time.sleep(.5) -def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup): +@pytest.mark.ds50800 +@pytest.mark.bz1807537 +@pytest.mark.xfail(ds_is_older('1.3.11', '1.4.3.5'), reason="May fail because of bz1807537") +def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup, timeout=5): """Test allowed ip feature :id: c3e22c61-9ed2-4e89-8243-6ff686ecad9b @@ -702,16 +716,25 @@ def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cle time.sleep(.5) # Bind as Root DN - should fail - uri = 'ldap://{}:{}'.format("127.0.0.1", topology_st.standalone.port) - with pytest.raises(ldap.UNWILLING_TO_PERFORM): - rootdn_bind(topology_st.standalone, uri=uri) + uri = 'ldap://{}:{}'.format('127.0.0.1', topology_st.standalone.port) + for i in range(0, timeout): + try: + rootdn_bind(topology_st.standalone, uri=uri) + except ldap.UNWILLING_TO_PERFORM: + break + else: + time.sleep(.5) # Allow localhost plugin.add_allow_ip('127.*') - time.sleep(.5) - # Bind should succeed - rootdn_bind(topology_st.standalone, uri=uri) + # Bind as Root DN - should succeed + for i in range(0, timeout): + try: + rootdn_bind(topology_st.standalone, uri=uri) + break + except: + time.sleep(.5) if __name__ == '__main__': diff --git a/dirsrvtests/tests/suites/pwp_storage/storage_test.py b/dirsrvtests/tests/suites/pwp_storage/storage_test.py index 888342f..8873916 100644 --- a/dirsrvtests/tests/suites/pwp_storage/storage_test.py +++ b/dirsrvtests/tests/suites/pwp_storage/storage_test.py @@ -21,6 +21,7 @@ from lib389.idm.user import UserAccounts, UserAccount from lib389._constants import DEFAULT_SUFFIX from lib389.config import Config from lib389.password_plugins import PBKDF2Plugin, SSHA512Plugin +from lib389.utils import ds_is_older pytestmark = pytest.mark.tier1 @@ -104,7 +105,7 @@ def test_check_two_scheme(topo): in UserAccount(topo.standalone, user.dn).get_attr_val_utf8('userpassword').lower() user.delete() - +@pytest.mark.skipif(ds_is_older('1.4'), reason="Not implemented") def test_check_pbkdf2_sha256(topo): """Check password scheme PBKDF2_SHA256. diff --git a/dirsrvtests/tests/suites/replication/changelog_test.py b/dirsrvtests/tests/suites/replication/changelog_test.py index e395f0e..9c51a7f 100644 --- a/dirsrvtests/tests/suites/replication/changelog_test.py +++ b/dirsrvtests/tests/suites/replication/changelog_test.py @@ -219,7 +219,7 @@ def remove_ldif_files_from_changelogdir(topo, extension): log.info('Existing changelog %s file: %s removed' % (extension,changelog_file)) -@pytest.mark.xfail(ds_is_older('1.3.10.1'), reason="bug bz1685059") +@pytest.mark.xfail(ds_is_older('1.3.10.1', '1.4.3'), reason="bug bz1685059") @pytest.mark.bz1685059 @pytest.mark.ds50498 @pytest.mark.bz1769296 @@ -367,7 +367,7 @@ def test_dsconf_dump_changelog_files_removed(topo): # primary condition before executing the core goal of this case : management of generated files. log.info("Use dsconf dump-changelog with invalid parameters") - cmdline=['python', '/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', 'badpasswd', 'replication', 'dump-changelog'] + cmdline=['/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', 'badpasswd', 'replication', 'dump-changelog'] log.info('Command used : %s' % cmdline) proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE) msg = proc.communicate() @@ -377,7 +377,7 @@ def test_dsconf_dump_changelog_files_removed(topo): # Now the core goal of the test case # Using dsconf replication changelog without -l option log.info('Use dsconf replication changelog without -l option: no generated ldif files should be present in %s ' % changelog_dir) - cmdline=['python', '/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog'] + cmdline=['/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog'] log.info('Command used : %s' % cmdline) proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE) proc.communicate() @@ -396,7 +396,7 @@ def test_dsconf_dump_changelog_files_removed(topo): # Using dsconf replication changelog without -l option log.info('Use dsconf replication changelog with -l option: generated ldif files should be kept in %s ' % changelog_dir) - cmdline=['python', '/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog', '-l'] + cmdline=['/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog', '-l'] log.info('Command used : %s' % cmdline) proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE) proc.communicate() diff --git a/dirsrvtests/tests/suites/replication/cleanallruv_test.py b/dirsrvtests/tests/suites/replication/cleanallruv_test.py index e93d16a..2b3c2a2 100644 --- a/dirsrvtests/tests/suites/replication/cleanallruv_test.py +++ b/dirsrvtests/tests/suites/replication/cleanallruv_test.py @@ -84,7 +84,7 @@ def check_ruvs(msg, topology_m4, m4rid): replica = replicas.get(DEFAULT_SUFFIX) count = 0 - while not clean and count < 10: + while not clean and count < 20: ruv = replica.get_ruv() if m4rid in ruv._rids: time.sleep(5) diff --git a/dirsrvtests/tests/suites/rewriters/__init__.py b/dirsrvtests/tests/suites/rewriters/__init__.py new file mode 100644 index 0000000..fb2e3b9 --- /dev/null +++ b/dirsrvtests/tests/suites/rewriters/__init__.py @@ -0,0 +1,3 @@ +""" + :Requirement: 389-ds-base: Rewriters +""" diff --git a/dirsrvtests/tests/suites/roles/__init__.py b/dirsrvtests/tests/suites/roles/__init__.py new file mode 100644 index 0000000..1981985 --- /dev/null +++ b/dirsrvtests/tests/suites/roles/__init__.py @@ -0,0 +1,3 @@ +""" + :Requirement: 389-ds-base: Roles +""" diff --git a/dirsrvtests/tests/suites/sasl/allowed_mechs_test.py b/dirsrvtests/tests/suites/sasl/allowed_mechs_test.py index 99ec46f..352cd62 100644 --- a/dirsrvtests/tests/suites/sasl/allowed_mechs_test.py +++ b/dirsrvtests/tests/suites/sasl/allowed_mechs_test.py @@ -10,6 +10,7 @@ import pytest import os from lib389.topologies import topology_st +from lib389.utils import ds_is_older pytestmark = pytest.mark.tier1 @@ -178,6 +179,7 @@ def test_basic_feature(topology_st): @pytest.mark.bz1816854 @pytest.mark.ds50869 +@pytest.mark.xfail(ds_is_older('1.3.11', '1.4.3.6'), reason="May fail because of bz1816854") def test_config_set_few_mechs(topology_st): """Test that we can successfully set multiple values to nsslapd-allowed-sasl-mechanisms diff --git a/dirsrvtests/tests/suites/setup_ds/remove_test.py b/dirsrvtests/tests/suites/setup_ds/remove_test.py index a66ddee..78e5c0a 100644 --- a/dirsrvtests/tests/suites/setup_ds/remove_test.py +++ b/dirsrvtests/tests/suites/setup_ds/remove_test.py @@ -14,6 +14,7 @@ from lib389 import DirSrv from lib389.instance.remove import remove_ds_instance from lib389._constants import ReplicaRole from lib389.topologies import create_topology +from lib389.utils import ds_is_older pytestmark = pytest.mark.tier0 @@ -31,7 +32,7 @@ def topology_st(request): return topology - +@pytest.mark.skipif(ds_is_older('1.4.3'), reason="Backend split, lib389 supports only cn=bdb,cn=config...") @pytest.mark.parametrize("simple_allocate", (True, False)) def test_basic(topology_st, simple_allocate): """Check that all DS directories and systemd items were removed