banners
From Free IPA
Contents |
IPA v2
In-tree testing
This requires that you do a local install of IPA so you have a kerberos and LDAP infrastructure on your development machine.
You also need to configure IPA for your local installation. When running the server in-tree the server will use ~/.ipa/ instead of /etc/ipa to look for configuration files. You need to create ~/.ipa/default.conf. You can probably copy this from /etc/ipa/default.conf and tune as needed. Mine looks like:
[global] domain=example.com realm=EXAMPLE.COM basedn=dc=example,dc=com server=puma.example.com enable_ra=True #xmlrpc_uri=https://lion.example.com/ipa/xml #in_tree=True
In order for the certificate tests to pass you'll also need to crate ~/.ipa/alias. The easiest way to populate this is to grab the 3 NSS db files from /etc/httpd/alias and copy them ~/.ipa/alias. Copy /etc/httpd/alias/pwdfile.txt to ~/.ipa/alias/.pwd. Be sure to change ownership of these files too. That should do it.
# cp /etc/httpd/alias/*.db ~user/.ipa/alias # cp /etc/httpd/alias/pwdfile.txt ~user/.ipa/alias/.pwd # chown -R user ~user/.ipa/alias
You need to start with an admin ticket:
% kinit admin
In one window start the lite server. I like to start it in debug mode.
% ./lite-server -d
In another window do the tests:
% make test
You can run the test script directly by running:
% ./make-test
You can also use this to run specific tests. This can take one of two forms, both of which are equivalent. Here is how you would test the user plugin:
% ./make-test tests.test_xmlrpc.test_user_plugin
or
% ./make-test tests/test_xmlrpc/test_user_plugin.py
Note that some of the tests make certain assumptions about the data on the server. Some tests, for example, pull all entries and expect a certain number to be returned and may raise an error.
This is super-useful for general development too. You can use the lite-server to quickly test plugins within the source tree. The only trick is to run the in-tree ipa command and not the system one, so:
% ./ipa user-show admin
It will detect that it is in the source tree and use local files and not the ones installed in /usr/lib[64].
Remote testing
You can also test against an IPA installation on another machine, it just requires a bit more configuration.
You first need to update ~/.ipa/default.conf to point to the remote machine. My test machine is lion.example.com, here is my configuration:
[global] domain=example.com realm=EXAMPLE.COM basedn=dc=example,dc=com server=lion.example.com enable_ra=True xmlrpc_uri=https://lion.lion.com/ipa/xml in_tree=True
Next, you need to configure yourself to be in the realm on your test machine. The easiest way to do this is to grab the remote krb5.conf and use that:
% scp lion.example.com:/etc/krb5.conf lion-krb5.conf % export KRB5_CONFIG=`pwd`/lion-krb5.conf % kinit admin
Finally you need to trust the CA on the remote machine. You need to be root to do this.
# wget -O /tmp/lion.crt http://lion.example.com/ipa/config/ca.crt # certutil -A -d /etc/pki/nssdb -n "lion IPA CA" -t CT,CT, -a -i /tmp/lion.crt
Now you should be good-to-go to run the XML-RPC tests against a remote server.
UI testing
UI testing documentation is available on this page.
