From dccaabbc6ae9573125b2d1af615c4f496521b231 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Nov 09 2020 14:37:26 +0000
Subject: Test that ipapwpolicy objectclass is added on upgrade


Use ldapmodify to remove the objectclass from the default
global policy then run ipa-server-upgrade to confirm
that it is properly added.

https://pagure.io/freeipa/issue/8555

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

---

diff --git a/ipatests/test_integration/test_upgrade.py b/ipatests/test_integration/test_upgrade.py
index e07233b..e66e849 100644
--- a/ipatests/test_integration/test_upgrade.py
+++ b/ipatests/test_integration/test_upgrade.py
@@ -9,6 +9,7 @@ import base64
 import configparser
 import os
 import io
+import textwrap
 
 from cryptography.hazmat.primitives import serialization
 import pytest
@@ -259,3 +260,21 @@ class TestUpgrade(IntegrationTest):
         self.master.run_command(['ipa-server-upgrade'])
         result = self.master.run_command(["ipa", "user-show", "admin"])
         assert rootprinc in result.stdout_text
+
+    def test_pwpolicy_upgrade(self):
+        """Test that ipapwdpolicy objectclass is added to all policies"""
+        entry_ldif = textwrap.dedent("""
+            dn: cn=global_policy,cn={realm},cn=kerberos,{base_dn}
+            changetype: modify
+            delete: objectclass
+            objectclass: ipapwdpolicy
+        """).format(
+            base_dn=str(self.master.domain.basedn),
+            realm=self.master.domain.realm)
+        tasks.ldapmodify_dm(self.master, entry_ldif)
+
+        tasks.kinit_admin(self.master)
+        self.master.run_command(['ipa-server-upgrade'])
+        result = self.master.run_command(["ipa", "pwpolicy-find"])
+        # if it is still missing the oc it won't be displayed
+        assert 'global_policy' in result.stdout_text