Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assert commands results. Remove CA download, machines already have it. Do not install a library through pip. #14511

Merged
merged 5 commits into from
Apr 26, 2024
Merged

Assert commands results. Remove CA download, machines already have it. Do not install a library through pip. #14511

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7ffb14e
Assert commands results. Remove CA download, machines already have it…
lhellebr Mar 25, 2024
f02b15e
Increase time to wait. On Sat side, it should be 60 seconds but let's…
lhellebr Mar 26, 2024
1139af0
Remove commented-out part
lhellebr Apr 2, 2024
d421f40
Remove BZ check, it is closed
lhellebr Apr 23, 2024
ad3ea40
BZ has been converted to docs, package now should be installed manually
lhellebr Apr 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 36 additions & 23 deletions pytest_fixtures/component/satellite_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,42 +282,55 @@ def auth_data(request, ad_data, ipa_data):
@pytest.fixture(scope='module')
def enroll_configure_rhsso_external_auth(module_target_sat):
"""Enroll the Satellite6 Server to an RHSSO Server."""
module_target_sat.execute(
'yum -y --disableplugin=foreman-protector install '
'mod_auth_openidc keycloak-httpd-client-install'
module_target_sat.register_to_cdn()
# keycloak-httpd-client-install needs lxml but it's not an rpm dependency + is not documented
lxml = 'python3-lxml' if is_open('BZ:2271398') else ''
assert (
module_target_sat.execute(
f'yum -y --disableplugin=foreman-protector install '
f'mod_auth_openidc keycloak-httpd-client-install {lxml} '
# 'libxml2-devel libxslt-devel gcc python3-devel ' # pip needs these to install lxml
).status
== 0
)
# if target directory not given it is installing in /usr/local/lib64
module_target_sat.execute('python3 -m pip install lxml -t /usr/lib64/python3.6/site-packages')
module_target_sat.execute(
f'openssl s_client -connect {settings.rhsso.host_name} -showcerts </dev/null 2>/dev/null| '
f'sed "/BEGIN CERTIFICATE/,/END CERTIFICATE/!d" > {CERT_PATH}/rh-sso.crt'
)
module_target_sat.execute(
f'sshpass -p "{settings.rhsso.rhsso_password}" scp -o "StrictHostKeyChecking no" '
f'root@{settings.rhsso.host_name}:/root/ca_certs/*.crt {CERT_PATH}'
assert (
module_target_sat.execute(
f'openssl s_client -connect {settings.rhsso.host_name}:443 -showcerts </dev/null 2>/dev/null| '
f'sed "/BEGIN CERTIFICATE/,/END CERTIFICATE/!d" > {CERT_PATH}/rh-sso.crt'
).status
== 0
)
module_target_sat.execute('update-ca-trust')
module_target_sat.execute(
f'echo {settings.rhsso.rhsso_password} | keycloak-httpd-client-install \
assert (
module_target_sat.execute(
f'echo {settings.rhsso.rhsso_password} | keycloak-httpd-client-install \
--app-name foreman-openidc \
--keycloak-server-url {settings.rhsso.host_url} \
--keycloak-admin-username "admin" \
--keycloak-realm "{settings.rhsso.realm}" \
--keycloak-admin-realm master \
--keycloak-auth-role root-admin -t openidc -l /users/extlogin --force'
).status
== 0
)
if is_open('BZ:2113905'):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This condition can be removed as this BZ is verfied and closed now.

module_target_sat.execute(
r"sed -i -e '$aapache::default_mods:\n - authn_core' "
"/etc/foreman-installer/custom-hiera.yaml"
assert (
module_target_sat.execute(
r"sed -i -e '$aapache::default_mods:\n - authn_core' "
"/etc/foreman-installer/custom-hiera.yaml"
).status
== 0
)
module_target_sat.execute(
f'satellite-installer --foreman-keycloak true '
f"--foreman-keycloak-app-name 'foreman-openidc' "
f"--foreman-keycloak-realm '{settings.rhsso.realm}' ",
timeout=1000000,
assert (
module_target_sat.execute(
f'satellite-installer --foreman-keycloak true '
f"--foreman-keycloak-app-name 'foreman-openidc' "
f"--foreman-keycloak-realm '{settings.rhsso.realm}' ",
timeout=1000000,
).status
== 0
)
module_target_sat.execute('systemctl restart httpd')
assert module_target_sat.execute('systemctl restart httpd').status == 0


@pytest.fixture(scope='module')
Expand Down
4 changes: 3 additions & 1 deletion tests/foreman/destructive/test_ldap_authentication.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,9 @@ def test_session_expire_rhsso_idle_timeout(
session.rhsso_login.login(
{'username': settings.rhsso.rhsso_user, 'password': settings.rhsso.rhsso_password}
)
sleep(60)
sleep(
150
) # give the browser some time to actually logout, even though Satellite should terminate session after one minute
with pytest.raises(NavigationTriesExceeded) as error:
session.task.read_all(widget_names='current_user')['current_user']
assert error.typename == 'NavigationTriesExceeded'
Expand Down