Push V3 branch to the main branch. #43
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: Marek Havrila <[email protected]>
This commit contains following changes: 1. existing tests for p11_uri in sssd.conf are rewritten with use of console login instead of `su`. 2. Tests for 'with-smartcard-requied' profile are added 3. Test 'test_su_login_p11_uri_user_mismatch' is added (implemented via console login)
All the tests are using GUI module from SCAutolib to interact with system under test. Tests are divided int two files. The first one tests GDM with both smart card and password login. The second one tests lock screen from GNOME shell and lock-on-removal feature. Tests in both files cover various SSSD parameters.
Unsufficient expects in the tests led to false positive results. Expects fixing this faulty behavior are added.
Co-authored-by: Marek Havrila <[email protected]>
This test was never working because the allowed sudo commands needed to be added to IPA server. With this commit we fix this issue by creating a new fixture that allows all commands with sudo for the tested user.
Conftest takes care of loading user and card objects. It has to be updated due to changes in SCAutolib, mainly: - Card object is no longer bind to user object - it's independent - Some attributes (as PIN) were moved from user to card objects - SCAutolib supports multiple card objects and consequently correct CA certs need to be placed to CA database base on loaded card object
I realized that if there is multiple physical cards, it is necessary to add multiple root CA certs to CA db file.
SCAutolib-V3 is in development. It has changed since last commit and SC-tests needs to be updated to stay compatible. Backward compatibility fix is introduced.
I made an error in previous commits and some changes did not get to V3 in previous PR. Adding them now.
First automated tests used 'su' as a mean of testing smart card authentication. However, these tests were usually supposed to test login (not su), but support for any direct or indirect testing of login was not implemented yet. Testing logins in TTY and also in GUI is already supported. It's time to check test coverage and cover TCs that still use 'su' also with TTY and GUI logins. Co-authored-by: George Pantelakis <[email protected]>
The test was removed for several reasons: 1) The test was never really working. The only reason it was passing was because of sssd caching. 2) The test in order to work needs a lot of extra parameters in sssd configuration and there is neither the knowledge nor the time to invest in learning it. 3) The LDAP mapping is not really used in our days and we believe that the case the test is testing is very rare.
1) Sanity/test_smart_card_detection.py::test_pam_services_config: added new line at the end on /etc/pam.d/pam_cert_service 2) Sanity/test_sssd_conf.py::test_matchrule_defined_for_other_user: fix the way it replaces certmap/shadowutils section
In later versions of Fedora the "Activities" title of the menu has been removed. Changing tests to use "tosearch" to look for the search field shown on login. Also adding .*code-workspace to gitignore.
1) added timeout to all assert_text calls. 2) Changed order between GUI and Authselect class calling in context manager so the HTML file will include Authselect logs. This happens because HTML file initialization happens in GUI __init__ func. 3) fixed minor issues in test_insert_card_prompt.
For the changes of passwd to Shadow Utils in RHEL-10, CentOS 10 and fedora 40 there is no changing password message printed so the test fails.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.