Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipatests: Test ipaIdpSub attribute #7113

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

ipatests: Test ipaIdpSub attribute #7113

wants to merge 2 commits into from

Conversation

miskopo
Copy link
Member

@miskopo miskopo commented Dec 13, 2023

Test case to check if ipaIdpSub is correctly created
for IdP and non-IdP users

Related: https://pagure.io/freeipa/issue/9433

Signed-off-by: Michal Polovka mpolovka@redhat.com

@miskopo miskopo added the tests Pull Request related to ipatests label Dec 13, 2023
@miskopo miskopo self-assigned this Dec 13, 2023
@miskopo miskopo added ipa-4-9 Mark for backport to ipa 4.9 ipa-4-10 Mark for backport to ipa 4.10 ipa-4-11 Mark for backport to ipa 4.11 labels Dec 13, 2023
@miskopo
ipatests: Test ipaIdpSub attribute
6d6f9f4 
Test case to check if ipaIdpSub is correctly created
for IdP and non-IdP users

Related: https://pagure.io/freeipa/issue/9433

Signed-off-by: Michal Polovka <mpolovka@redhat.com>
@miskopo
temp commit
bf87a30 
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
flo-renaud
flo-renaud reviewed Dec 13, 2023
View reviewed changes
Copy link
Contributor

@flo-renaud flo-renaud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @miskopo
thanks for the PR, please see inline comments.

ipatests/test_integration/test_idp.py
extra_args=["--user-auth-type=idp",
"--idp-user-id=testuser1@ipa.test",
"--idp=testidp"])
tasks.user_add(self.master, standard_user)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test is adding idpuser but doesn't check anything on the output. Is this test useful, it seems redundant with the xmlrpc test in

freeipa/ipatests/test_xmlrpc/test_user_plugin.py

Lines 822 to 827 in 25b58e6

def test_create_with_idpsub(self, user_idp):
""" Test creation of a user with --idp-user-id"""
command = user_idp.make_create_command()
result = command()
user_idp.check_create(result, ['ipaidpsub'])
user_idp.delete()

ipatests/test_integration/test_idp.py
cmd = ["ipa", "user-mod", standard_user,
"--idp-user-id=new.mydomain.test"]
list_user = self.master.run_command(cmd).stdout_text
assert "External IdP user identifier: new.mydomain.test" in list_user
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test looks redundant with the xmlrpc test in

freeipa/ipatests/test_xmlrpc/test_user_plugin.py

Lines 574 to 581 in 25b58e6

def test_update_add_idpsub(self, user):
""" Test user-mod --idp-user-id"""
user.ensure_exists()
command = user.make_update_command(
updates=dict(ipaidpsub=u'myidp_user_id')
)
command()
user.delete()

ipatests/test_integration/test_idp.py
list_user = self.master.run_command(cmd).stdout_text
assert "External IdP user identifier: new.mydomain.test" in list_user

# remove IdP and change idp-user-id for IdP user
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is actually the real meat: if an external idp is removed, any reference to this idp should be removed from user entries thanks to the referential integrity plugin.
But I don't think that it will remove the "idp" auth type from the user entry.

flo-renaud
flo-renaud reviewed Dec 14, 2023
View reviewed changes
ipatests/test_integration/test_idp.py
assert "External IdP user identifier: new.mydomain.test" in list_user

# remove IdP and change idp-user-id for IdP user
cmd = ["ipa", "idp-del", "keycloak"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

based on line 330, the name should be testidp, not keycloak

@stale Stale
Copy link

stale bot commented Mar 17, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale Stale PR [Bot] label Mar 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flo-renaud flo-renaud flo-renaud left review comments

Assignees

@miskopo miskopo

Labels
ipa-4-9 Mark for backport to ipa 4.9 ipa-4-10 Mark for backport to ipa 4.10 ipa-4-11 Mark for backport to ipa 4.11 stale Stale PR [Bot] tests Pull Request related to ipatests
Projects
None yet
Milestone
No milestone
2 participants
@miskopo @flo-renaud