[Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

[Martin Babinsky]

On 07/01/2016 11:13 AM, Lenka Doudova wrote:
> And, of course, a patch file :)
>
>
> On 07/01/2016 11:09 AM, Lenka Doudova wrote:
>> Hi all,
>>
>> here's patch with basic test suite for support of UPN.
>>
>> Note: it needs to be applied on top of my patch 0025.2 (or later, if
>> there's will be more fixes to that patch).
>>
>>
>> Lenka
>>
>
>
>

Hi Lenka,

test data such as usernames, etc. should be stored either in separate 
resource files or at least as class attributes like this:

diff --git a/ipatests/test_integration/test_trust.py 
b/ipatests/test_integration/test_trust.py
index e8fdc6b..86ba7cc 100644
--- a/ipatests/test_integration/test_trust.py
+++ b/ipatests/test_integration/test_trust.py
@@ -394,28 +394,33 @@ class TestTrustWithUPN(ADTrustBase):
      """
      Test support of UPN for trusted domains
      """
+    upn_suffix = 'UPNsuffix.com'
+    upn_username = 'upnuser'
+    upn_princ = '{}@{}'.format(upn_username, upn_suffix)
+    upn_password = 'Secret123456'
+
      def test_upn_in_nonposix_trust(self):
          """ Check that UPN is listed as trust attribute """
          result = self.master.run_command(['ipa', 'trust-show', 
self.ad_domain,
                                            '--all', '--raw'])

-        assert "ipantadditionalsuffixes: UPNsuffix.com" in 
result.stdout_text
+        assert ("ipantadditionalsuffixes: {}".format(self.upn_suffix) in
+                result.stdout_text)

      def test_upn_user_resolution_in_nonposix_trust(self):
          """ Check that user with UPN can be resolved """
-        upnuser = 'upnuser at UPNsuffix.com'
-        result = self.master.run_command(['getent', 'passwd', upnuser])
+        result = self.master.run_command(['getent', 'passwd', 
self.upn_princ])

          # result will contain AD domain, not UPN
-        upnuser_regex = "^upnuser@{0}:\*:(\d+):(\d+):UPN User:/:$".format(
-            self.ad_domain)
+        upnuser_regex = "^{}@{}:\*:(\d+):(\d+):UPN User:/:$".format(
+            self.upn_username, self.ad_domain)
          assert re.search(upnuser_regex, result.stdout_text)

      def test_upn_user_authentication(self):
          """ Check that AD user with UPN can authenticate in IPA """
          self.master.run_command(['systemctl', 'restart', 'krb5kdc'])
-        self.master.run_command(['kinit', '-C', '-E', 
'upnuser at UPNsuffix.com'],
-                                stdin_text='Secret123456')
+        self.master.run_command(['kinit', '-C', '-E', self.upn_princ],
+                                stdin_text=self.upn_password)

otherwise LGTM.

-- 
Martin^3 Babinsky