From dc848da5a827870e5bf236bd32593badeab8d6d0 Mon Sep 17 00:00:00 2001
From: Satellite QE <115476073+Satellite-QE@users.noreply.github.com>
Date: Fri, 26 Apr 2024 12:46:13 -0400
Subject: [PATCH] [6.15.z] Assert commands results. Remove CA download,
 machines already have it. Do not install a library through pip. (#14901)

---
 pytest_fixtures/component/satellite_auth.py   | 52 ++++++++++---------
 .../destructive/test_ldap_authentication.py   |  4 +-
 2 files changed, 30 insertions(+), 26 deletions(-)

diff --git a/pytest_fixtures/component/satellite_auth.py b/pytest_fixtures/component/satellite_auth.py
index 9af5a98287a..d729559d194 100644
--- a/pytest_fixtures/component/satellite_auth.py
+++ b/pytest_fixtures/component/satellite_auth.py
@@ -18,7 +18,6 @@
 from robottelo.hosts import IPAHost, SSOHost
 from robottelo.utils.datafactory import gen_string
 from robottelo.utils.installer import InstallerCommand
-from robottelo.utils.issue_handlers import is_open
 
 LOGGEDOUT = 'Logged out.'
 
@@ -282,42 +281,45 @@ def auth_data(request, ad_data, ipa_data):
 @pytest.fixture(scope='module')
 def enroll_configure_rhsso_external_auth(module_target_sat):
     """Enroll the Satellite6 Server to an RHSSO Server."""
-    module_target_sat.execute(
-        'yum -y --disableplugin=foreman-protector install '
-        'mod_auth_openidc keycloak-httpd-client-install'
+    module_target_sat.register_to_cdn()
+    # keycloak-httpd-client-install needs lxml but it's not an rpm dependency + is not documented
+    assert (
+        module_target_sat.execute(
+            'yum -y --disableplugin=foreman-protector install '
+            'mod_auth_openidc keycloak-httpd-client-install python3-lxml '
+        ).status
+        == 0
     )
     # if target directory not given it is installing in /usr/local/lib64
-    module_target_sat.execute('python3 -m pip install lxml -t /usr/lib64/python3.6/site-packages')
-    module_target_sat.execute(
-        f'openssl s_client -connect {settings.rhsso.host_name} -showcerts </dev/null 2>/dev/null| '
-        f'sed "/BEGIN CERTIFICATE/,/END CERTIFICATE/!d" > {CERT_PATH}/rh-sso.crt'
-    )
-    module_target_sat.execute(
-        f'sshpass -p "{settings.rhsso.rhsso_password}" scp -o "StrictHostKeyChecking no" '
-        f'root@{settings.rhsso.host_name}:/root/ca_certs/*.crt {CERT_PATH}'
+    assert (
+        module_target_sat.execute(
+            f'openssl s_client -connect {settings.rhsso.host_name}:443 -showcerts </dev/null 2>/dev/null| '
+            f'sed "/BEGIN CERTIFICATE/,/END CERTIFICATE/!d" > {CERT_PATH}/rh-sso.crt'
+        ).status
+        == 0
     )
-    module_target_sat.execute('update-ca-trust')
-    module_target_sat.execute(
-        f'echo {settings.rhsso.rhsso_password} | keycloak-httpd-client-install \
+    assert (
+        module_target_sat.execute(
+            f'echo {settings.rhsso.rhsso_password} | keycloak-httpd-client-install \
                 --app-name foreman-openidc \
                 --keycloak-server-url {settings.rhsso.host_url} \
                 --keycloak-admin-username "admin" \
                 --keycloak-realm "{settings.rhsso.realm}" \
                 --keycloak-admin-realm master \
                 --keycloak-auth-role root-admin -t openidc -l /users/extlogin --force'
+        ).status
+        == 0
     )
-    if is_open('BZ:2113905'):
+    assert (
         module_target_sat.execute(
-            r"sed -i -e '$aapache::default_mods:\n  - authn_core' "
-            "/etc/foreman-installer/custom-hiera.yaml"
-        )
-    module_target_sat.execute(
-        f'satellite-installer --foreman-keycloak true '
-        f"--foreman-keycloak-app-name 'foreman-openidc' "
-        f"--foreman-keycloak-realm '{settings.rhsso.realm}' ",
-        timeout=1000000,
+            f'satellite-installer --foreman-keycloak true '
+            f"--foreman-keycloak-app-name 'foreman-openidc' "
+            f"--foreman-keycloak-realm '{settings.rhsso.realm}' ",
+            timeout=1000000,
+        ).status
+        == 0
     )
-    module_target_sat.execute('systemctl restart httpd')
+    assert module_target_sat.execute('systemctl restart httpd').status == 0
 
 
 @pytest.fixture(scope='module')
diff --git a/tests/foreman/destructive/test_ldap_authentication.py b/tests/foreman/destructive/test_ldap_authentication.py
index 33539fff89e..3a8468de3d0 100644
--- a/tests/foreman/destructive/test_ldap_authentication.py
+++ b/tests/foreman/destructive/test_ldap_authentication.py
@@ -327,7 +327,9 @@ def test_session_expire_rhsso_idle_timeout(
         session.rhsso_login.login(
             {'username': settings.rhsso.rhsso_user, 'password': settings.rhsso.rhsso_password}
         )
-        sleep(60)
+        sleep(
+            150
+        )  # give the browser some time to actually logout, even though Satellite should terminate session after one minute
         with pytest.raises(NavigationTriesExceeded) as error:
             session.task.read_all(widget_names='current_user')['current_user']
         assert error.typename == 'NavigationTriesExceeded'