From b590dcef10680b4ea3181ae1caec183e5967562b Mon Sep 17 00:00:00 2001 From: François Cami Date: Feb 16 2021 17:51:11 +0000 Subject: ipatests: add TestInstallWithoutSudo Test IPA servers and clients behavior when sudo is not installed. Fixes: https://pagure.io/freeipa/issue/8530 Signed-off-by: François Cami Reviewed-By: Alexander Bokovoy Reviewed-By: Armando Neto Reviewed-By: Michal Polovka Reviewed-By: Alexander Bokovoy Reviewed-By: Armando Neto Reviewed-By: Michal Polovka Reviewed-By: Florence Blanc-Renaud --- diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml index 3acd6a1..d91b16c 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml @@ -535,6 +535,18 @@ jobs: timeout: 10800 topology: *master_1repl + fedora-latest-ipa-4-9/test_installation_TestInstallWithoutSudo: + requires: [fedora-latest-ipa-4-9/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest-ipa-4-9/build_url}' + test_suite: test_integration/test_installation.py::TestInstallWithoutSudo + template: *ci-ipa-4-9-latest + timeout: 4800 + topology: *master_1repl_1client + fedora-latest-ipa-4-9/test_idviews: requires: [fedora-latest-ipa-4-9/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml index c01192c..8adb06d 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml @@ -575,6 +575,19 @@ jobs: timeout: 10800 topology: *master_1repl + fedora-latest-ipa-4-9/test_installation_TestInstallWithoutSudo: + requires: [fedora-latest-ipa-4-9/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest-ipa-4-9/build_url}' + selinux_enforcing: True + test_suite: test_integration/test_installation.py::TestInstallWithoutSudo + template: *ci-ipa-4-9-latest + timeout: 4800 + topology: *master_1repl_1client + fedora-latest-ipa-4-9/test_idviews: requires: [fedora-latest-ipa-4-9/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml index a6ea24f..2b5d4fd 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml @@ -535,6 +535,18 @@ jobs: timeout: 10800 topology: *master_1repl + fedora-previous-ipa-4-9/test_installation_TestInstallWithoutSudo: + requires: [fedora-previous-ipa-4-9/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-previous-ipa-4-9/build_url}' + test_suite: test_integration/test_installation.py::TestInstallWithoutSudo + template: *ci-ipa-4-9-previous + timeout: 4800 + topology: *master_1repl_1client + fedora-previous-ipa-4-9/test_idviews: requires: [fedora-previous-ipa-4-9/build] priority: 50 diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index eb6f7d7..6e8af02 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -1537,3 +1537,69 @@ class TestInstallReplicaAgainstSpecificServer(IntegrationTest): self.replicas[0].hostname], stdin_text=dirman_password) assert self.replicas[0].hostname not in cmd.stdout_text + + +class TestInstallWithoutSudo(IntegrationTest): + + num_clients = 1 + num_replicas = 1 + no_sudo_str = "The sudo binary does not seem to be present on this" + + @classmethod + def install(cls, mh): + pass + + def test_sudo_removal(self): + # ipa-client makes sudo depend on libsss_sudo. + + # --nodeps is mandatory because dogtag uses sudo at install + # time until commit 49585867207922479644a03078c29548de02cd03 + # which is scheduled to land in 10.10. + + # This also means sudo+libsss_sudo cannot be uninstalled on + # IPA servers with a CA. + assert tasks.is_package_installed(self.clients[0], 'sudo') + assert tasks.is_package_installed(self.clients[0], 'libsss_sudo') + tasks.uninstall_packages( + self.clients[0], ['sudo', 'libsss_sudo'], nodeps=True + ) + + def test_ipa_installation_without_sudo(self): + # FixMe: When Dogtag 10.10 is out, test installation without sudo + tasks.install_master(self.master, setup_dns=True) + + def test_replica_installation_without_sudo(self): + # FixMe: When Dogtag 10.10 is out, test replica installation + # without sudo and with CA + tasks.uninstall_packages( + self.replicas[0], ['sudo', 'libsss_sudo'], nodeps=True + ) + # One-step install is needed. + # With promote=True, two-step install is done and that only captures + # the ipa-replica-install stdout/stderr, not ipa-client-install's. + result = tasks.install_replica( + self.master, self.replicas[0], promote=False, + setup_dns=True, setup_ca=False + ) + assert self.no_sudo_str in result.stderr_text + + def test_client_installation_without_sudo(self): + result = tasks.install_client(self.master, self.clients[0]) + assert self.no_sudo_str in result.stderr_text + + def test_remove_sudo_on_ipa(self): + tasks.uninstall_packages( + self.master, ['sudo', 'libsss_sudo'], nodeps=True + ) + self.master.run_command( + ['ipactl', 'restart'] + ) + + def test_install_sudo_on_client(self): + """ Check that installing sudo pulls libsss_sudo in""" + for pkg in ('sudo', 'libsss_sudo'): + assert tasks.is_package_installed(self.clients[0], pkg) is False + tasks.uninstall_client(self.clients[0]) + tasks.install_packages(self.clients[0], ['sudo']) + for pkg in ('sudo', 'libsss_sudo'): + assert tasks.is_package_installed(self.clients[0], pkg)