os-autoinst-distri-rocky/tests/freeipa_client.pm
Louis Abel ff01caf988
Update FreeIPA tests
Updating freeipa tests to:

  * Make it more consistent with Rocky Linux
  * Use of rockylinux.org domain instead of fedoraproject.org
  * Ensure fedora-only elements are removed or changed to work in EL
2023-05-17 14:03:44 -07:00

51 lines
1.8 KiB
Perl

use base "installedtest";
use strict;
use testapi;
use utils;
sub run {
my $self = shift;
# switch to tty1 (we're usually there already, but just in case
# we're carrying on from a failed freeipa_webui that didn't fail
# at tty1)
my $ipa_domain = 'test.openqa.rockylinux.org';
my $ipa_realm = 'TEST.OPENQA.ROCKYLINUX.ORG';
send_key "ctrl-alt-f1";
wait_still_screen 1;
# check domain is listed in 'realm list'
validate_script_output 'realm list', sub { $_ =~ m/domain-name: test\.openqa\.rockylinux\.org.*configured: kerberos-member/s };
# check we can see the admin user in getent
assert_script_run "getent passwd admin\@$ipa_realm";
# check keytab entries
my $hostname = script_output 'hostname';
my $qhost = quotemeta($hostname);
validate_script_output 'klist -k', sub { $_ =~ m/$qhost\@TEST\.OPENQA\.ROCKYLINUX\.ORG/ };
# check we can kinit with the host principal
assert_script_run "kinit -k host/$hostname\@$ipa_realm";
# Set a longer timeout for login(1) to workaround RHBZ #1661273
assert_script_run 'echo "LOGIN_TIMEOUT 180" >> /etc/login.defs';
# switch to tty2 for login tests
send_key "ctrl-alt-f2";
# try and login as test1, should work
console_login(user => 'test1@TEST.OPENQA.ROCKYLINUX.ORG', password => 'batterystaple');
type_string "exit\n";
# try and login as test2, should fail. we cannot use console_login
# as it takes 10 seconds to complete when login fails, and
# "permission denied" message doesn't last that long
sleep 2;
assert_screen "text_console_login";
type_string "test2\@$ipa_realm\n";
assert_screen "console_password_required";
type_string "batterystaple\n";
assert_screen "login_permission_denied";
}
sub test_flags {
return {fatal => 1};
}
1;
# vim: set sw=4 et: