Fix IPA and RHSSO. (#15357)

IPA domain isn't necessarily the same as DNS domain so connect using DNS domain and there detect the actual IPA domain. RHSSO used nonexistent ssh_session methods, perhaps this has changed over time. I made it use the execute method and workarounded bug that happens when calling 'hammer auth login oauth' non-interactively by faking tty. (cherry picked from commit 5ce77c1)
SatelliteQE · Jun 11, 2024 · 46a33e9 · 46a33e9
1 parent 780c6ab
commit 46a33e9
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 17 deletions.
diff --git a/robottelo/hosts.py b/robottelo/hosts.py
@@ -2524,7 +2524,7 @@ def enroll_idm_and_configure_external_auth(self):
                 _, password = line.split(': ', 2)
                 break
         self.execute(f'ipa service-add HTTP/{self.satellite.hostname}')
-        _, domain = self.hostname.split('.', 1)
+        domain = self.execute('ipa realmdomains-show | awk \'{print $2}\'').stdout.strip()
         result = self.satellite.execute(
             f"ipa-client-install --password '{password}' "
             f'--domain {domain} '

diff --git a/tests/foreman/destructive/test_ldapauthsource.py b/tests/foreman/destructive/test_ldapauthsource.py
@@ -69,10 +69,7 @@ def test_rhsso_login_using_hammer(
     result = module_target_sat.cli.Auth.with_user(
         username=settings.rhsso.rhsso_user, password=settings.rhsso.rhsso_password
     ).status()
-    assert (
-        f"Session exists, currently logged in as '{settings.rhsso.rhsso_user}'."
-        == result[0]['message']
-    )
+    assert f"Session exists, currently logged in as '{settings.rhsso.rhsso_user}'." in result
     task_list = module_target_sat.cli.Task.with_user(
         username=settings.rhsso.rhsso_user, password=settings.rhsso.rhsso_password
     ).list()
@@ -136,15 +133,8 @@ def test_rhsso_two_factor_login_using_hammer(
             {'username': settings.rhsso.rhsso_user, 'password': settings.rhsso.rhsso_password},
             default_sso_host.get_two_factor_token_rh_sso_url(),
         )
-        with module_target_sat.session.shell() as ssh_session:
-            ssh_session.sendline(
-                f"echo '{two_factor_code['code']}' | hammer auth login oauth "
-                f'--oidc-token-endpoint {default_sso_host.oidc_token_endpoint} '
-                f'--oidc-authorization-endpoint {default_sso_host.oidc_authorization_endpoint} '
-                f'--oidc-client-id {default_sso_host.get_oidc_client_id()} '
-                f"--oidc-redirect-uri 'urn:ietf:wg:oauth:2.0:oob' "
-                f'--two-factor '
-            )
-            ssh_session.prompt()  # match the prompt
-            result = ssh_session.before.decode()
-            assert f"Successfully logged in as '{settings.rhsso.rhsso_user}'." in result
+    # to workaround SAT-25654, fake tty using 'ssh -tt'
+    result = module_target_sat.execute(
+        f"KEYPATH=/root/$RANDOM; ssh-keygen -f $KEYPATH -N ''; cat $KEYPATH.pub >> /root/.ssh/authorized_keys; ssh -tt -i $KEYPATH -o StrictHostKeyChecking=accept-new root@localhost 'echo '{two_factor_code['code']}' | hammer auth login oauth --oidc-token-endpoint {default_sso_host.oidc_token_endpoint} --oidc-authorization-endpoint {default_sso_host.oidc_authorization_endpoint} --oidc-client-id {default_sso_host.get_oidc_client_id()} --oidc-redirect-uri 'urn:ietf:wg:oauth:2.0:oob' --two-factor'"
+    )
+    assert f"Successfully logged in as '{settings.rhsso.rhsso_user}'." in result.stdout