add QA:Testcase_FreeIPA_password_change test

Summary:
again, added as a non-fatal module for realmd_join_cockpit as
it's convenient to do it here. Also abstract a couple of ipa
bits into a new exporter package in the style of SUSE's
mm_network, rather than using ill-fitting class inheritance as
we have before - we should probably convert our existing class
based stuff to work this way.

Also a few minor tweaks and clean-ups of the other tests:

The path in console_login() where we detect login of a regular
user when we want root or vice versa and log out was actually
broken because it would 'wait' for the result of the 'exit'
command, which obviously doesn't work (as it relies on running
another command afterwards, and we're no longer at a shell).
This commit no longer actually uses that path, but I spotted
the bug with an earlier version of this which did, and we may
as well keep the fix.

/var/log/lastlog is an apparently-extremely-large sparse file.
A couple of times it seemed to cause tar to run very slowly
while creating the /var/log archive for upload on failure. It's
no use for diagnosing bugs, so we may as well exclude it from
the archive.

I caught cockpit webUI login failing one time when testing the
test, so threw in a wait_still_screen before starting to type
the URL, as we have for the FreeIPA webUI.

I also caught a timing issue with the openQA webUI policy add
step; the test flips from the Users screen to the HBAC screen
then clicks the 'add' button, but there's actually an identical
'add' button on *both* screens, so it could wind up trying to
click the one on the Users screen instead, if the web UI took
a few milliseconds to switch. So we throw in a needle match to
make sure we're actually on the HBAC screen before clicking the
button.

We make the freeipa_webui test a 'milestone' so that if the
new test fails, restoring to the last-known-good milestone
doesn't take so long; it actually seems like openQA can get
confused and try to cancel the test if restoring the milestone
takes a *really* long time, and wind up with a zombie qemu
process, which isn't good. This seems to avoid that happening.

Test Plan:
In the simple case, just run all the FreeIPA-related
tests on Fedora 24 (as Rawhide is broken) and make sure they all
work properly. To get a bit more advanced you can throw in an
`assert_script_run 'false'` in either of the non-fatal tests to
break it and make sure things go properly when that happens (the
last milestone should be restored - which should be right after
freeipa_webui, sitting at tty1 - and run properly; things are
set up so each test starts with root logged in on tty1).

Reviewers: jskladan, garretraziel

Reviewed By: garretraziel

Subscribers: tflink

Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D935
This commit is contained in:
Adam Williamson 2016-08-03 13:21:12 -07:00
parent c6d8b54d58
commit a901fce4ab
21 changed files with 245 additions and 46 deletions

View File

@ -55,7 +55,8 @@ sub console_login {
return; return;
} }
elsif (check_screen $bad, 0) { elsif (check_screen $bad, 0) {
script_run "exit"; # we don't want to 'wait' for this as it won't return
script_run "exit", 0;
sleep 2; sleep 2;
} }
if ($needuser and check_screen "text_console_login", 0) { if ($needuser and check_screen "text_console_login", 0) {

60
lib/freeipa.pm Normal file
View File

@ -0,0 +1,60 @@
package freeipa;
use strict;
use base 'Exporter';
use Exporter;
use testapi;
our @EXPORT = qw/add_user start_webui/;
# add a user with given username and surname, always uses the password
# "correcthorse". Assumes FreeIPA web UI is showing the Users screen.
sub add_user {
my ($user, $surname) = @_;
wait_still_screen 1;
assert_and_click "freeipa_webui_add_button";
assert_screen "freeipa_webui_add_user";
wait_still_screen 1;
type_string $user;
wait_still_screen 1;
send_key "tab";
# we don't need to be too careful here as the names don't matter
type_string "Test";
send_key "tab";
type_string $surname;
send_key "tab";
send_key "tab";
send_key "tab";
send_key "tab";
type_string "correcthorse";
wait_still_screen 1;
send_key "tab";
wait_still_screen 1;
type_string "correcthorse\n";
}
# access the FreeIPA web UI and log in as a given user. Assumes
# Firefox is running.
sub start_webui {
my ($user, $password) = @_;
# new tab
send_key "ctrl-t";
wait_still_screen 2;
type_string "https://ipa001.domain.local";
# firefox's stupid 'smart' url bar is a pain. wait for things to settle.
wait_still_screen 3;
send_key "ret";
assert_screen "freeipa_webui_login";
type_string $user;
wait_still_screen 1;
send_key "tab";
wait_still_screen 1;
type_string $password;
wait_still_screen 1;
send_key "ret";
# if we logged in as 'admin' we should land on the admin 'Active
# users' screen, otherwise we should land on the user's own page
$user eq 'admin' ? assert_screen "freeipa_webui_users" : assert_screen "freeipa_webui_user";
}

View File

@ -39,7 +39,8 @@ sub post_fail_hook {
} }
# Upload /var/log # Upload /var/log
script_run "tar czvf /tmp/var_log.tar.gz /var/log"; # lastlog can mess up tar sometimes and it's not much use
script_run "tar czvf /tmp/var_log.tar.gz --exclude='lastlog' /var/log";
upload_logs "/tmp/var_log.tar.gz"; upload_logs "/tmp/var_log.tar.gz";
} }
@ -71,6 +72,7 @@ sub start_cockpit {
# open a new tab so we don't race with the default page load # open a new tab so we don't race with the default page load
# (also focuses the location bar for us) # (also focuses the location bar for us)
send_key "ctrl-t"; send_key "ctrl-t";
wait_still_screen 2;
type_string "http://localhost:9090"; type_string "http://localhost:9090";
# firefox's stupid 'smart' url bar is a pain. wait for things to settle. # firefox's stupid 'smart' url bar is a pain. wait for things to settle.
wait_still_screen 3; wait_still_screen 3;

View File

@ -0,0 +1,15 @@
{
"properties": [],
"area": [
{
"xpos": 231,
"ypos": 288,
"width": 47,
"height": 15,
"type": "match"
}
],
"tags": [
"freeipa_webui_actions"
]
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 46 KiB

View File

@ -0,0 +1,15 @@
{
"tags": [
"freeipa_webui_hbac"
],
"area": [
{
"xpos": 19,
"ypos": 200,
"width": 127,
"height": 24,
"type": "match"
}
],
"properties": []
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 40 KiB

View File

@ -0,0 +1,15 @@
{
"area": [
{
"xpos": 754,
"ypos": 202,
"width": 13,
"height": 12,
"type": "match"
}
],
"properties": [],
"tags": [
"freeipa_webui_logout"
]
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 49 KiB

View File

@ -0,0 +1,15 @@
{
"properties": [],
"area": [
{
"xpos": 575,
"ypos": 383,
"width": 92,
"height": 13,
"type": "match"
}
],
"tags": [
"freeipa_webui_reset_password_button"
]
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 51 KiB

View File

@ -0,0 +1,15 @@
{
"properties": [],
"area": [
{
"xpos": 141,
"ypos": 322,
"width": 89,
"height": 13,
"type": "match"
}
],
"tags": [
"freeipa_webui_reset_password_link"
]
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 49 KiB

View File

@ -0,0 +1,15 @@
{
"tags": [
"freeipa_webui_user"
],
"properties": [],
"area": [
{
"xpos": 41,
"ypos": 194,
"width": 56,
"height": 21,
"type": "match"
}
]
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 41 KiB

View File

@ -0,0 +1,22 @@
{
"properties": [],
"area": [
{
"xpos": 885,
"ypos": 83,
"width": 10,
"height": 11,
"type": "match"
},
{
"xpos": 826,
"ypos": 84,
"width": 11,
"height": 10,
"type": "match"
}
],
"tags": [
"freeipa_webui_user_menu"
]
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 46 KiB

View File

@ -1898,7 +1898,7 @@
{ {
name => "realmd_join_cockpit", name => "realmd_join_cockpit",
settings => [ settings => [
{ key => "POSTINSTALL", value => "realmd_join_cockpit freeipa_webui freeipa_client" }, { key => "POSTINSTALL", value => "realmd_join_cockpit freeipa_webui freeipa_password_change freeipa_client" },
{ key => "USER_LOGIN", value => "false" }, { key => "USER_LOGIN", value => "false" },
{ key => "ROOT_PASSWORD", value => "weakpassword" }, { key => "ROOT_PASSWORD", value => "weakpassword" },
{ key => "START_AFTER_TEST", value => "server_cockpit_default" }, { key => "START_AFTER_TEST", value => "server_cockpit_default" },

View File

@ -0,0 +1,59 @@
use base "installedtest";
use strict;
use testapi;
use freeipa;
sub run {
my $self = shift;
$self->console_login(user=>'root');
# clear browser data so we don't go back to the 'admin' login
assert_script_run 'rm -rf /root/.mozilla';
type_string "startx /usr/bin/firefox\n";
assert_screen "firefox";
start_webui("test1", "batterystaple");
assert_and_click "freeipa_webui_actions";
assert_and_click "freeipa_webui_reset_password_link";
wait_still_screen 3;
type_string "batterystaple";
wait_still_screen 1;
send_key "tab";
send_key "tab";
wait_still_screen 1;
type_string "loremipsum";
wait_still_screen 1;
send_key "tab";
wait_still_screen 1;
type_string "loremipsum";
wait_still_screen 1;
assert_and_click "freeipa_webui_reset_password_button";
wait_still_screen 2;
# log out
assert_and_click "freeipa_webui_user_menu";
assert_and_click "freeipa_webui_logout";
wait_still_screen 3;
# close browser, back to console
send_key "ctrl-q";
# we don't get back to a prompt instantly and keystrokes while X
# is still shutting down are swallowed, so wait_still_screen before
# finishing (and handing off to freeipa_client_postinstall)
wait_still_screen 5;
# check we can kinit with changed password
assert_script_run 'printf "loremipsum" | kinit test1';
# change password via CLI (back to batterystaple, as that's what
# freeipa_client test expects)
assert_script_run 'dnf -y install freeipa-admintools';
assert_script_run 'printf "batterystaple\nbatterystaple" | ipa user-mod test1 --password';
# check we can kinit again
assert_script_run 'printf "batterystaple" | kinit test1';
# we just stay here - freeipa_client will pick right up
}
sub test_flags {
# without anything - rollback to 'lastgood' snapshot if failed
# 'fatal' - whole test suite is in danger if this fails
# 'milestone' - after this test succeeds, update 'lastgood'
# 'important' - if this fails, set the overall state to 'fail'
return {};
}
1;

View File

@ -1,30 +1,7 @@
use base "installedtest"; use base "installedtest";
use strict; use strict;
use testapi; use testapi;
use freeipa;
sub add_user {
my ($user, $surname) = @_;
wait_still_screen 1;
assert_and_click "freeipa_webui_add_button";
assert_screen "freeipa_webui_add_user";
wait_still_screen 1;
type_string $user;
wait_still_screen 1;
send_key "tab";
# we don't need to be too careful here as the names don't matter
type_string "Test";
send_key "tab";
type_string $surname;
send_key "tab";
send_key "tab";
send_key "tab";
send_key "tab";
type_string "correcthorse";
wait_still_screen 1;
send_key "tab";
wait_still_screen 1;
type_string "correcthorse\n";
}
sub run { sub run {
my $self = shift; my $self = shift;
@ -33,26 +10,12 @@ sub run {
# refreshes and it trusts the web server cert # refreshes and it trusts the web server cert
type_string "startx /usr/bin/firefox\n"; type_string "startx /usr/bin/firefox\n";
assert_screen "firefox"; assert_screen "firefox";
# new tab start_webui("admin", "monkeys123");
send_key "ctrl-t";
wait_still_screen 2;
type_string "https://ipa001.domain.local";
# firefox's stupid 'smart' url bar is a pain. wait for things to settle.
wait_still_screen 3;
send_key "ret";
assert_screen "freeipa_webui_login";
type_string "admin";
wait_still_screen 1;
send_key "tab";
wait_still_screen 1;
type_string "monkeys123";
wait_still_screen 1;
send_key "ret";
assert_screen "freeipa_webui_users";
add_user("test3", "Three"); add_user("test3", "Three");
add_user("test4", "Four"); add_user("test4", "Four");
assert_screen "freeipa_webui_users_added"; assert_screen "freeipa_webui_users_added";
assert_and_click "freeipa_webui_policy"; assert_and_click "freeipa_webui_policy";
assert_screen "freeipa_webui_hbac";
assert_and_click "freeipa_webui_add_button"; assert_and_click "freeipa_webui_add_button";
assert_screen "freeipa_webui_add_policy"; assert_screen "freeipa_webui_add_policy";
type_string "allow-test3"; type_string "allow-test3";
@ -109,7 +72,7 @@ sub run {
assert_screen "console_password_required"; assert_screen "console_password_required";
type_string "batterystaple\n"; type_string "batterystaple\n";
assert_screen "login_permission_denied"; assert_screen "login_permission_denied";
# back to tty1 to let generic freeipa_client test pick up from here # back to tty1
send_key "ctrl-alt-f1"; send_key "ctrl-alt-f1";
} }
@ -118,7 +81,7 @@ sub test_flags {
# 'fatal' - whole test suite is in danger if this fails # 'fatal' - whole test suite is in danger if this fails
# 'milestone' - after this test succeeds, update 'lastgood' # 'milestone' - after this test succeeds, update 'lastgood'
# 'important' - if this fails, set the overall state to 'fail' # 'important' - if this fails, set the overall state to 'fail'
return {}; return { milestone => 1 };
} }
1; 1;

View File

@ -85,6 +85,8 @@ sub run {
assert_script_run 'ipa hbacrule-add-user testrule --users=test1'; assert_script_run 'ipa hbacrule-add-user testrule --users=test1';
# disable the default 'everyone everywhere' rule # disable the default 'everyone everywhere' rule
assert_script_run 'ipa hbacrule-disable allow_all'; assert_script_run 'ipa hbacrule-disable allow_all';
# allow immediate password changes (as we need to test this)
assert_script_run 'ipa pwpolicy-mod --minlife=0';
# kinit as each user and set a new password # kinit as each user and set a new password
assert_script_run 'printf "correcthorse\nbatterystaple\nbatterystaple" | kinit test1@DOMAIN.LOCAL'; assert_script_run 'printf "correcthorse\nbatterystaple\nbatterystaple" | kinit test1@DOMAIN.LOCAL';
assert_script_run 'printf "correcthorse\nbatterystaple\nbatterystaple" | kinit test2@DOMAIN.LOCAL'; assert_script_run 'printf "correcthorse\nbatterystaple\nbatterystaple" | kinit test2@DOMAIN.LOCAL';