URL: https://github.com/freeipa/freeipa/pull/3783
Author: stanislavlevin
Title: #3783: Migrate xunit-style setups to fixtures
Action: opened
PR body:
"""
This converts `setup*`/`teardown*` functions/methods to the
powerfull pytest fixtures:
```
The purpose of test fixtures is to provide a fixed baseline upon
which tests can reliably and repeatedly execute. pytest fixtures
offer dramatic improvements over the classic xUnit style of
setup/teardown functions:
- fixtures have explicit names and are activated by declaring their
use from test functions, modules, classes or whole projects.
- fixtures are implemented in a modular manner, as each fixture name
triggers a fixture function which can itself use other fixtures.
- fixture management scales from simple unit to complex functional
testing, allowing to parametrize fixtures and tests according to
configuration and component options, or to re-use fixtures across
function, class, module or whole test session scopes.
```
One of the transition patterns is as follows:
```diff
class TestFooBar(XMLRPC_test):
- @classmethod
- def setup_class(cls):
- super(TestFooBar, cls).setup_class()
+ @pytest.fixture(autouse=True, scope="class")
+ def foo_bar_setup(self, request, xmlrpc_setup):
+ cls = request.cls
cls.beforemethod()
- @classmethod
- def teardown_class(cls):
- cls.aftermethod()
- super(TestFooBar, cls).teardown_class()
+ def fin():
+ cls.aftermethod()
+ request.addfinalizer(fin)
```
To achieve predictable results for initialization and destroy of
Pytest fixtures, ones have to employ the fixtures' interdependencies.
This is the first part of the work to remove the mixing of test idioms in the
IPA test suite.
Related: https://pagure.io/freeipa/issue/7989
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3783/head:pr3783
git checkout pr3783
URL: https://github.com/freeipa/freeipa/pull/3349
Author: amore17
Title: #3349: ipatests: filter_users should be applied correctly if SSSD starts offline
Action: opened
PR body:
"""
Added tests which validates that filter_users is applied correctly
when SSSD starts in offline mode, which checks that no look up
should be in data provider and NCE/USER/ipa_domain/user should be
added to negative cache.
Related Tickets:
https://pagure.io/SSSD/sssd/issue/3983https://pagure.io/SSSD/sssd/issue/3978
Signed-off-by: Anuja More <amore(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3349/head:pr3349
git checkout pr3349
URL: https://github.com/freeipa/freeipa/pull/3811
Author: amore17
Title: #3811: ipatests: 'sss_ssh_authorizedkeys user' should return ssh key
Action: opened
PR body:
"""
Added regression tests which validates that when there is ssh key and certificate is added for IPA user then 'sss_ssh_authorizedkeys user' should return ssh key.
Related Ticket:
https://pagure.io/SSSD/sssd/issue/3937
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3811/head:pr3811
git checkout pr3811
URL: https://github.com/freeipa/freeipa/pull/3183
Author: tiran
Title: #3183: Require a SASL SSF of >= 56 on client side
Action: opened
PR body:
"""
SSF_MINX 56 level ensures data integrity and confidentiality for SASL
GSSAPI and SASL GSS SPNEGO connections. Although at least AES128 is enforced
pretty much everywhere, 56 is required.
The origianl commit 350954589774499d99bf87cb5631c664bb0707c4 added minimum
SSF on LDAP client and LDAP server. Some LDAP consumers like realmd are
not compatible with strong SSF yet.
Related: https://pagure.io/freeipa/issue/7140
Related: https://pagure.io/freeipa/issue/4580
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3183/head:pr3183
git checkout pr3183
URL: https://github.com/freeipa/freeipa/pull/2812
Author: tiran
Title: #2812: Require secure-binds for password login
Action: opened
PR body:
"""
nsslapd-require-secure-binds restricts password based simple binds to
secure connections. It does not prevent a careless user from
transmitting a password in plain text. But it makes it obvious that he
did something bad. Password based bind attempts over an insecure
connections are refused with:
Confidentiality required: Operation requires a secure connection
Secure connections are:
* LDAP connections on port 389 with STARTTLS
* LDAPS connections in port 636
* LDAPI connections to a local Unix sockets
Anonymous bind (simple_bind with empty DN and password) and GSSAPI
bind operations are not affected.
nsslapd-require-secure-binds is enabled after 389-DS is configured for
TLS/SSL.
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
**NOTE** The change may cause compatibility issues with applications that don't perform secure binds.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2812/head:pr2812
git checkout pr2812
URL: https://github.com/freeipa/freeipa/pull/3672
Author: simo5
Title: #3672: Make sure to have storage space for tag
Action: opened
PR body:
"""
ber_scanf expects a pointer to a ber_tag_t to return the tag pointed at
by "t", if that is not provided the pointer will be store in whatever
memory location is pointed by the stack at that time causeing a crash.
Note that this is effectively unused code because in ipa-kdb the only
party that can write a key_data structure to be stored is te kdb_driver
itself and we never encode these s2kparam data.
But we need to handle this for future proofing.
Fixes #8071
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3672/head:pr3672
git checkout pr3672