New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipatests: Test ipaIdpSub attribute #7113
base: master
Are you sure you want to change the base?
Conversation
Test case to check if ipaIdpSub is correctly created for IdP and non-IdP users Related: https://pagure.io/freeipa/issue/9433 Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @miskopo
thanks for the PR, please see inline comments.
extra_args=["--user-auth-type=idp", | ||
"--idp-user-id=testuser1@ipa.test", | ||
"--idp=testidp"]) | ||
tasks.user_add(self.master, standard_user) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The test is adding idpuser but doesn't check anything on the output. Is this test useful, it seems redundant with the xmlrpc test in
freeipa/ipatests/test_xmlrpc/test_user_plugin.py
Lines 822 to 827 in 25b58e6
def test_create_with_idpsub(self, user_idp): | |
""" Test creation of a user with --idp-user-id""" | |
command = user_idp.make_create_command() | |
result = command() | |
user_idp.check_create(result, ['ipaidpsub']) | |
user_idp.delete() |
cmd = ["ipa", "user-mod", standard_user, | ||
"--idp-user-id=new.mydomain.test"] | ||
list_user = self.master.run_command(cmd).stdout_text | ||
assert "External IdP user identifier: new.mydomain.test" in list_user |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test looks redundant with the xmlrpc test in
freeipa/ipatests/test_xmlrpc/test_user_plugin.py
Lines 574 to 581 in 25b58e6
def test_update_add_idpsub(self, user): | |
""" Test user-mod --idp-user-id""" | |
user.ensure_exists() | |
command = user.make_update_command( | |
updates=dict(ipaidpsub=u'myidp_user_id') | |
) | |
command() | |
user.delete() |
list_user = self.master.run_command(cmd).stdout_text | ||
assert "External IdP user identifier: new.mydomain.test" in list_user | ||
|
||
# remove IdP and change idp-user-id for IdP user |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is actually the real meat: if an external idp is removed, any reference to this idp should be removed from user entries thanks to the referential integrity plugin.
But I don't think that it will remove the "idp" auth type from the user entry.
assert "External IdP user identifier: new.mydomain.test" in list_user | ||
|
||
# remove IdP and change idp-user-id for IdP user | ||
cmd = ["ipa", "idp-del", "keycloak"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
based on line 330, the name should be testidp
, not keycloak
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Test case to check if ipaIdpSub is correctly created
for IdP and non-IdP users
Related: https://pagure.io/freeipa/issue/9433
Signed-off-by: Michal Polovka mpolovka@redhat.com