os-autoinst-distri-rocky/lib/freeipa.pm

68 lines
2.4 KiB
Perl
Raw Normal View History

add QA:Testcase_FreeIPA_password_change test Summary: again, added as a non-fatal module for realmd_join_cockpit as it's convenient to do it here. Also abstract a couple of ipa bits into a new exporter package in the style of SUSE's mm_network, rather than using ill-fitting class inheritance as we have before - we should probably convert our existing class based stuff to work this way. Also a few minor tweaks and clean-ups of the other tests: The path in console_login() where we detect login of a regular user when we want root or vice versa and log out was actually broken because it would 'wait' for the result of the 'exit' command, which obviously doesn't work (as it relies on running another command afterwards, and we're no longer at a shell). This commit no longer actually uses that path, but I spotted the bug with an earlier version of this which did, and we may as well keep the fix. /var/log/lastlog is an apparently-extremely-large sparse file. A couple of times it seemed to cause tar to run very slowly while creating the /var/log archive for upload on failure. It's no use for diagnosing bugs, so we may as well exclude it from the archive. I caught cockpit webUI login failing one time when testing the test, so threw in a wait_still_screen before starting to type the URL, as we have for the FreeIPA webUI. I also caught a timing issue with the openQA webUI policy add step; the test flips from the Users screen to the HBAC screen then clicks the 'add' button, but there's actually an identical 'add' button on *both* screens, so it could wind up trying to click the one on the Users screen instead, if the web UI took a few milliseconds to switch. So we throw in a needle match to make sure we're actually on the HBAC screen before clicking the button. We make the freeipa_webui test a 'milestone' so that if the new test fails, restoring to the last-known-good milestone doesn't take so long; it actually seems like openQA can get confused and try to cancel the test if restoring the milestone takes a *really* long time, and wind up with a zombie qemu process, which isn't good. This seems to avoid that happening. Test Plan: In the simple case, just run all the FreeIPA-related tests on Fedora 24 (as Rawhide is broken) and make sure they all work properly. To get a bit more advanced you can throw in an `assert_script_run 'false'` in either of the non-fatal tests to break it and make sure things go properly when that happens (the last milestone should be restored - which should be right after freeipa_webui, sitting at tty1 - and run properly; things are set up so each test starts with root logged in on tty1). Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D935
2016-08-03 20:21:12 +00:00
package freeipa;
use strict;
use base 'Exporter';
use Exporter;
use testapi;
use utils;
add QA:Testcase_FreeIPA_password_change test Summary: again, added as a non-fatal module for realmd_join_cockpit as it's convenient to do it here. Also abstract a couple of ipa bits into a new exporter package in the style of SUSE's mm_network, rather than using ill-fitting class inheritance as we have before - we should probably convert our existing class based stuff to work this way. Also a few minor tweaks and clean-ups of the other tests: The path in console_login() where we detect login of a regular user when we want root or vice versa and log out was actually broken because it would 'wait' for the result of the 'exit' command, which obviously doesn't work (as it relies on running another command afterwards, and we're no longer at a shell). This commit no longer actually uses that path, but I spotted the bug with an earlier version of this which did, and we may as well keep the fix. /var/log/lastlog is an apparently-extremely-large sparse file. A couple of times it seemed to cause tar to run very slowly while creating the /var/log archive for upload on failure. It's no use for diagnosing bugs, so we may as well exclude it from the archive. I caught cockpit webUI login failing one time when testing the test, so threw in a wait_still_screen before starting to type the URL, as we have for the FreeIPA webUI. I also caught a timing issue with the openQA webUI policy add step; the test flips from the Users screen to the HBAC screen then clicks the 'add' button, but there's actually an identical 'add' button on *both* screens, so it could wind up trying to click the one on the Users screen instead, if the web UI took a few milliseconds to switch. So we throw in a needle match to make sure we're actually on the HBAC screen before clicking the button. We make the freeipa_webui test a 'milestone' so that if the new test fails, restoring to the last-known-good milestone doesn't take so long; it actually seems like openQA can get confused and try to cancel the test if restoring the milestone takes a *really* long time, and wind up with a zombie qemu process, which isn't good. This seems to avoid that happening. Test Plan: In the simple case, just run all the FreeIPA-related tests on Fedora 24 (as Rawhide is broken) and make sure they all work properly. To get a bit more advanced you can throw in an `assert_script_run 'false'` in either of the non-fatal tests to break it and make sure things go properly when that happens (the last milestone should be restored - which should be right after freeipa_webui, sitting at tty1 - and run properly; things are set up so each test starts with root logged in on tty1). Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D935
2016-08-03 20:21:12 +00:00
our @EXPORT = qw/add_user start_webui/;
# add a user with given username and surname, always uses the password
# "correcthorse". Assumes FreeIPA web UI is showing the Users screen.
sub add_user {
my ($user, $surname) = @_;
wait_still_screen 1;
assert_and_click "freeipa_webui_add_button";
assert_screen "freeipa_webui_add_user";
wait_still_screen 1;
type_safely $user;
wait_screen_change { send_key "tab"; };
add QA:Testcase_FreeIPA_password_change test Summary: again, added as a non-fatal module for realmd_join_cockpit as it's convenient to do it here. Also abstract a couple of ipa bits into a new exporter package in the style of SUSE's mm_network, rather than using ill-fitting class inheritance as we have before - we should probably convert our existing class based stuff to work this way. Also a few minor tweaks and clean-ups of the other tests: The path in console_login() where we detect login of a regular user when we want root or vice versa and log out was actually broken because it would 'wait' for the result of the 'exit' command, which obviously doesn't work (as it relies on running another command afterwards, and we're no longer at a shell). This commit no longer actually uses that path, but I spotted the bug with an earlier version of this which did, and we may as well keep the fix. /var/log/lastlog is an apparently-extremely-large sparse file. A couple of times it seemed to cause tar to run very slowly while creating the /var/log archive for upload on failure. It's no use for diagnosing bugs, so we may as well exclude it from the archive. I caught cockpit webUI login failing one time when testing the test, so threw in a wait_still_screen before starting to type the URL, as we have for the FreeIPA webUI. I also caught a timing issue with the openQA webUI policy add step; the test flips from the Users screen to the HBAC screen then clicks the 'add' button, but there's actually an identical 'add' button on *both* screens, so it could wind up trying to click the one on the Users screen instead, if the web UI took a few milliseconds to switch. So we throw in a needle match to make sure we're actually on the HBAC screen before clicking the button. We make the freeipa_webui test a 'milestone' so that if the new test fails, restoring to the last-known-good milestone doesn't take so long; it actually seems like openQA can get confused and try to cancel the test if restoring the milestone takes a *really* long time, and wind up with a zombie qemu process, which isn't good. This seems to avoid that happening. Test Plan: In the simple case, just run all the FreeIPA-related tests on Fedora 24 (as Rawhide is broken) and make sure they all work properly. To get a bit more advanced you can throw in an `assert_script_run 'false'` in either of the non-fatal tests to break it and make sure things go properly when that happens (the last milestone should be restored - which should be right after freeipa_webui, sitting at tty1 - and run properly; things are set up so each test starts with root logged in on tty1). Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D935
2016-08-03 20:21:12 +00:00
# we don't need to be too careful here as the names don't matter
type_safely "Test";
wait_screen_change { send_key "tab"; };
type_safely $surname;
type_safely "\t\t\t\t";
type_safely "correcthorse";
wait_screen_change { send_key "tab"; };
type_safely "correcthorse\n";
add QA:Testcase_FreeIPA_password_change test Summary: again, added as a non-fatal module for realmd_join_cockpit as it's convenient to do it here. Also abstract a couple of ipa bits into a new exporter package in the style of SUSE's mm_network, rather than using ill-fitting class inheritance as we have before - we should probably convert our existing class based stuff to work this way. Also a few minor tweaks and clean-ups of the other tests: The path in console_login() where we detect login of a regular user when we want root or vice versa and log out was actually broken because it would 'wait' for the result of the 'exit' command, which obviously doesn't work (as it relies on running another command afterwards, and we're no longer at a shell). This commit no longer actually uses that path, but I spotted the bug with an earlier version of this which did, and we may as well keep the fix. /var/log/lastlog is an apparently-extremely-large sparse file. A couple of times it seemed to cause tar to run very slowly while creating the /var/log archive for upload on failure. It's no use for diagnosing bugs, so we may as well exclude it from the archive. I caught cockpit webUI login failing one time when testing the test, so threw in a wait_still_screen before starting to type the URL, as we have for the FreeIPA webUI. I also caught a timing issue with the openQA webUI policy add step; the test flips from the Users screen to the HBAC screen then clicks the 'add' button, but there's actually an identical 'add' button on *both* screens, so it could wind up trying to click the one on the Users screen instead, if the web UI took a few milliseconds to switch. So we throw in a needle match to make sure we're actually on the HBAC screen before clicking the button. We make the freeipa_webui test a 'milestone' so that if the new test fails, restoring to the last-known-good milestone doesn't take so long; it actually seems like openQA can get confused and try to cancel the test if restoring the milestone takes a *really* long time, and wind up with a zombie qemu process, which isn't good. This seems to avoid that happening. Test Plan: In the simple case, just run all the FreeIPA-related tests on Fedora 24 (as Rawhide is broken) and make sure they all work properly. To get a bit more advanced you can throw in an `assert_script_run 'false'` in either of the non-fatal tests to break it and make sure things go properly when that happens (the last milestone should be restored - which should be right after freeipa_webui, sitting at tty1 - and run properly; things are set up so each test starts with root logged in on tty1). Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D935
2016-08-03 20:21:12 +00:00
}
# access the FreeIPA web UI and log in as a given user. Assumes
# it's at a console ready to start Firefox.
add QA:Testcase_FreeIPA_password_change test Summary: again, added as a non-fatal module for realmd_join_cockpit as it's convenient to do it here. Also abstract a couple of ipa bits into a new exporter package in the style of SUSE's mm_network, rather than using ill-fitting class inheritance as we have before - we should probably convert our existing class based stuff to work this way. Also a few minor tweaks and clean-ups of the other tests: The path in console_login() where we detect login of a regular user when we want root or vice versa and log out was actually broken because it would 'wait' for the result of the 'exit' command, which obviously doesn't work (as it relies on running another command afterwards, and we're no longer at a shell). This commit no longer actually uses that path, but I spotted the bug with an earlier version of this which did, and we may as well keep the fix. /var/log/lastlog is an apparently-extremely-large sparse file. A couple of times it seemed to cause tar to run very slowly while creating the /var/log archive for upload on failure. It's no use for diagnosing bugs, so we may as well exclude it from the archive. I caught cockpit webUI login failing one time when testing the test, so threw in a wait_still_screen before starting to type the URL, as we have for the FreeIPA webUI. I also caught a timing issue with the openQA webUI policy add step; the test flips from the Users screen to the HBAC screen then clicks the 'add' button, but there's actually an identical 'add' button on *both* screens, so it could wind up trying to click the one on the Users screen instead, if the web UI took a few milliseconds to switch. So we throw in a needle match to make sure we're actually on the HBAC screen before clicking the button. We make the freeipa_webui test a 'milestone' so that if the new test fails, restoring to the last-known-good milestone doesn't take so long; it actually seems like openQA can get confused and try to cancel the test if restoring the milestone takes a *really* long time, and wind up with a zombie qemu process, which isn't good. This seems to avoid that happening. Test Plan: In the simple case, just run all the FreeIPA-related tests on Fedora 24 (as Rawhide is broken) and make sure they all work properly. To get a bit more advanced you can throw in an `assert_script_run 'false'` in either of the non-fatal tests to break it and make sure things go properly when that happens (the last milestone should be restored - which should be right after freeipa_webui, sitting at tty1 - and run properly; things are set up so each test starts with root logged in on tty1). Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D935
2016-08-03 20:21:12 +00:00
sub start_webui {
my ($user, $password) = @_;
# if we logged in as 'admin' we should land on the admin 'Active
# users' screen, otherwise we should land on the user's own page
my $user_screen = "freeipa_webui_user";
$user_screen = "freeipa_webui_users" if ($user eq 'admin');
# https://bugzilla.redhat.com/show_bug.cgi?id=1439429
assert_script_run "sed -i -e 's,enable_xauth=1,enable_xauth=0,g' /usr/bin/startx";
disable_firefox_studies;
type_string "startx /usr/bin/firefox -width 1024 -height 768 https://ipa001.domain.local\n";
assert_screen ["freeipa_webui_login", $user_screen, "firefox_certificate_error"], 30;
if (match_has_tag "firefox_certificate_error") {
# https://bugzilla.mozilla.org/show_bug.cgi?id=1530429
record_soft_failure "Certificate validation error - likely Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=1530429";
assert_and_click "firefox_refresh";
assert_screen ["freeipa_webui_login", $user_screen], 30;
}
wait_still_screen 5;
# softfail on kerberos ticket bugs meaning we get auto-logged in
# as the requested user when we don't expect to be
if (match_has_tag $user_screen) {
record_soft_failure "already logged in to web UI";
}
else {
type_safely $user;
wait_screen_change { send_key "tab"; };
type_safely $password;
send_key "ret";
assert_screen $user_screen;
}
wait_still_screen 3;
add QA:Testcase_FreeIPA_password_change test Summary: again, added as a non-fatal module for realmd_join_cockpit as it's convenient to do it here. Also abstract a couple of ipa bits into a new exporter package in the style of SUSE's mm_network, rather than using ill-fitting class inheritance as we have before - we should probably convert our existing class based stuff to work this way. Also a few minor tweaks and clean-ups of the other tests: The path in console_login() where we detect login of a regular user when we want root or vice versa and log out was actually broken because it would 'wait' for the result of the 'exit' command, which obviously doesn't work (as it relies on running another command afterwards, and we're no longer at a shell). This commit no longer actually uses that path, but I spotted the bug with an earlier version of this which did, and we may as well keep the fix. /var/log/lastlog is an apparently-extremely-large sparse file. A couple of times it seemed to cause tar to run very slowly while creating the /var/log archive for upload on failure. It's no use for diagnosing bugs, so we may as well exclude it from the archive. I caught cockpit webUI login failing one time when testing the test, so threw in a wait_still_screen before starting to type the URL, as we have for the FreeIPA webUI. I also caught a timing issue with the openQA webUI policy add step; the test flips from the Users screen to the HBAC screen then clicks the 'add' button, but there's actually an identical 'add' button on *both* screens, so it could wind up trying to click the one on the Users screen instead, if the web UI took a few milliseconds to switch. So we throw in a needle match to make sure we're actually on the HBAC screen before clicking the button. We make the freeipa_webui test a 'milestone' so that if the new test fails, restoring to the last-known-good milestone doesn't take so long; it actually seems like openQA can get confused and try to cancel the test if restoring the milestone takes a *really* long time, and wind up with a zombie qemu process, which isn't good. This seems to avoid that happening. Test Plan: In the simple case, just run all the FreeIPA-related tests on Fedora 24 (as Rawhide is broken) and make sure they all work properly. To get a bit more advanced you can throw in an `assert_script_run 'false'` in either of the non-fatal tests to break it and make sure things go properly when that happens (the last milestone should be restored - which should be right after freeipa_webui, sitting at tty1 - and run properly; things are set up so each test starts with root logged in on tty1). Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D935
2016-08-03 20:21:12 +00:00
}