From a1da254d39465afc63645dfd7e985e05599a09cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@redhat.com>
Date: Tue, 22 Sep 2020 20:50:43 +0200
Subject: [PATCH] ipatests: kinit_as_user: collect kdcinfo.REALM on failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When requesting a tgt fails after a password reset, collecting:
/var/lib/sss/pubconf/kdcinfo.$REALM
will help determine how SSSD was selecting which KRB5KDC to use.

Fixes: https://pagure.io/freeipa/issue/8510
Signed-off-by: François Cami <fcami@redhat.com>
---
 ipatests/pytest_ipa/integration/tasks.py | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py
index fceac1b628..01e3952b8a 100755
--- a/ipatests/pytest_ipa/integration/tasks.py
+++ b/ipatests/pytest_ipa/integration/tasks.py
@@ -2003,10 +2003,24 @@ def run_command_as_user(host, user, command, *args, **kwargs):
 
 def kinit_as_user(host, user, password, krb5_trace=False):
     if krb5_trace:
-        host.run_command(
-            "KRB5_TRACE=/dev/stdout kinit %s" % user,
-            stdin_text='{0}\n'.format(password)
-        )
+        try:
+            host.run_command(
+                "KRB5_TRACE=/dev/stdout kinit %s" % user,
+                stdin_text='{0}\n'.format(password),
+                raiseonerr=False
+            )
+        except subprocess.CalledProcessError as e:
+            logger.info(
+                'Collecting kdcinfo log from: %s', host.hostname
+            )
+            kdcinfo = host.get_file_contents(
+                "/var/lib/sss/pubconf/kdcinfo.{}".format(host.realm)
+            )
+            logger.info(
+                'kdcinfo %s contains:\n%s', host.hostname, kdcinfo
+            )
+            raise e
+
     else:
         host.run_command(['kinit', user], stdin_text='{0}\n'.format(password))