Issue 49761 - Fix CI tests

Description:
* Update pytest markers
* Fix changelog test on EL8
* Fix race conditions in pwdPolicy_warning_test, pwdPolicy_attribute_test, rootdn_plugin_test
* Increase a timeout for check_ruv()
* Use appropriate default password storage scheme on older versions
* Remove nsUniqueId from the expected attributes if search is done on rootdse
* Add missing __init__.py for the test suites

Relates: https://pagure.io/389-ds-base/issue/49761

Reviewed by: spichugi (Thanks!)

dirsrvtests/tests/suites/auth_token/basic_auth_test.py

@@ -25,7 +25,7 @@ pytestmark = pytest.mark.tier1
 USER_PASSWORD = "password aouoaeu"
 TEST_KEY = "4PXhmtKG7iCdT9C49GoBdD92x5X1tvF3eW9bHq4ND2Q="
 
[email protected](not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")
[email protected](not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")
 def test_ldap_auth_token_config(topology):
     """ Test that we are able to configure the ldapssotoken backend with various types and states.
 
@@ -72,7 +72,7 @@ def test_ldap_auth_token_config(topology):
         topology.standalone.config.remove_all('nsslapd-ldapssotoken-secret')
 
 
[email protected](not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")
[email protected](not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")
 def test_ldap_auth_token_nsuser(topology):
     """
     Test that we can generate and authenticate with authentication tokens
@@ -141,7 +141,7 @@ def test_ldap_auth_token_nsuser(topology):
     with pytest.raises(ldap.INVALID_CREDENTIALS):
         user.authenticate_sso_token(token)
 
[email protected](not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")
[email protected](not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")
 def test_ldap_auth_token_disabled(topology):
     """ Assert when the feature is disabled that token operations are not able to progress
 
@@ -191,7 +191,7 @@ def test_ldap_auth_token_disabled(topology):
         user_account.authenticate_sso_token(token)
 
 
[email protected](not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")
[email protected](not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")
 def test_ldap_auth_token_directory_manager(topology):
     """ Test token auth with directory manager is denied
 
@@ -214,7 +214,7 @@ def test_ldap_auth_token_directory_manager(topology):
         dm.request_sso_token()
 
 ## test as anon (will fail)
[email protected](not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")
[email protected](not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")
 def test_ldap_auth_token_anonymous(topology):
     """ Test token auth with Anonymous is denied.
 

dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py

@@ -26,7 +26,7 @@ TEST_USER_PWD = 'all_attrs_test'
 TEST_PARAMS = [(DN_ROOT, False, [
                 'aci', 'createTimestamp', 'creatorsName',
                 'modifiersName', 'modifyTimestamp', 'namingContexts',
-                'nsBackendSuffix', 'nsUniqueId', 'subschemaSubentry',
+                'nsBackendSuffix', 'subschemaSubentry',
                 'supportedControl', 'supportedExtension',
                 'supportedFeatures', 'supportedLDAPVersion',
                 'supportedSASLMechanisms', 'vendorName', 'vendorVersion'
@@ -34,7 +34,7 @@ TEST_PARAMS = [(DN_ROOT, False, [
                (DN_ROOT, True, [
                 'createTimestamp', 'creatorsName',
                 'modifiersName', 'modifyTimestamp', 'namingContexts',
-                'nsBackendSuffix', 'nsUniqueId', 'subschemaSubentry',
+                'nsBackendSuffix', 'subschemaSubentry',
                 'supportedControl', 'supportedExtension',
                 'supportedFeatures', 'supportedLDAPVersion',
                 'supportedSASLMechanisms', 'vendorName', 'vendorVersion'
@@ -156,7 +156,9 @@ def test_search_basic(topology_st, create_user, user_aci, add_attr,
     entries = topology_st.standalone.search_s(search_suffix, ldap.SCOPE_BASE,
                                               '(objectclass=*)',
                                               search_filter)
-    found_attrs = entries[0].data.keys()
+    found_attrs = set(entries[0].data.keys())
+    if search_suffix == DN_ROOT and "nsUniqueId" in found_attrs:
+        found_attrs.remove("nsUniqueId")
 
     if add_attr == '*':
         assert set(expected_attrs) - set(found_attrs) == set()

dirsrvtests/tests/suites/fractional/__init__.py

@@ -0,0 +1,3 @@
+"""
+   :Requirement: 389-ds-base: Fractional replication
+"""

dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py

@@ -99,6 +99,7 @@ def test_pwd_reset(topology_st, create_user):
     # Reset user's password
     our_user = UserAccount(topology_st.standalone, TEST_USER_DN)
     our_user.replace('userpassword', PASSWORD)
+    time.sleep(.5)
 
     # Check that pwdReset is TRUE
     assert our_user.get_attr_val_utf8('pwdReset') == 'TRUE'
@@ -106,6 +107,7 @@ def test_pwd_reset(topology_st, create_user):
     # Bind as user and change its own password
     our_user.rebind(PASSWORD)
     our_user.replace('userpassword', PASSWORD)
+    time.sleep(.5)
 
     # Check that pwdReset is FALSE
     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
@@ -114,6 +116,9 @@ def test_pwd_reset(topology_st, create_user):
     # Reset password policy config
     topology_st.standalone.config.replace('passwordMustChange', 'off')
 
+    # Reset user's password
+    our_user.replace('userpassword', TEST_USER_PWD)
+
 
 @pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception',
                          [('on', 'off', ldap.UNWILLING_TO_PERFORM),
@@ -171,7 +176,7 @@ def test_change_pwd(topology_st, create_user, password_policy,
             user.reset_password('new_pass')
     except ldap.LDAPError as e:
         log.error('Failed to change userpassword for {}: error {}'.format(
-            TEST_USER_DN, e.message['info']))
+            TEST_USER_DN, e.args[0]['info']))
         raise e
     finally:
         log.info('Bind as DM')
@@ -245,7 +250,7 @@ def test_pwd_min_age(topology_st, create_user, password_policy):
         user.reset_password(TEST_USER_PWD)
     except ldap.LDAPError as e:
         log.error('Failed to change userpassword for {}: error {}'.format(
-            TEST_USER_DN, e.message['info']))
+            TEST_USER_DN, e.args[0]['info']))
         raise e
     finally:
         log.info('Bind as DM')

dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py

@@ -581,12 +581,15 @@ def test_password_expire_works(topology_st):
                         ('passwordExp', 'on'))
     user = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX, rdn=None).create_test_user()
     user.set('userPassword', 'anuj')
+    time.sleep(0.5)
     expire_time = user.get_attr_val_utf8('passwordExpirationTime')
     config.replace('passwordMaxAge', '172800')
     user.set('userPassword', 'borah')
+    time.sleep(0.5)
     expire_time2 = user.get_attr_val_utf8('passwordExpirationTime')
     config.replace('passwordMaxAge', '604800')
     user.set('userPassword', 'anujagaiin')
+    time.sleep(0.5)
     expire_time3 = user.get_attr_val_utf8('passwordExpirationTime')
     assert expire_time != expire_time2 != expire_time3
     config.replace('passwordExp', 'off')

dirsrvtests/tests/suites/password/pwp_test.py

@@ -15,11 +15,16 @@ from lib389.idm.user import UserAccounts, UserAccount
 from lib389._constants import DEFAULT_SUFFIX
 from lib389.config import Config
 from lib389.idm.group import Group
+from lib389.utils import ds_is_older
 import ldap
 import time
 
 pytestmark = pytest.mark.tier1
 
+if ds_is_older('1.4'):
+    DEFAULT_PASSWORD_STORAGE_SCHEME = 'SSHA512'
+else:
+    DEFAULT_PASSWORD_STORAGE_SCHEME = 'PBKDF2_SHA256'
 
 def _create_user(topo, uid, cn, uidNumber, userpassword):
     """
@@ -400,7 +405,7 @@ def test_expiration_date(topo, _fix_password):
     # Modify password Once
     user.replace('userPassword', 'secreter')
     time.sleep(1)
-    assert 'PBKDF2_SHA256' in user.get_attr_val_utf8('userPassword')
+    assert DEFAULT_PASSWORD_STORAGE_SCHEME in user.get_attr_val_utf8('userPassword')
     # Try to change the password with same one
     for _ in range(3):
         with pytest.raises(ldap.CONSTRAINT_VIOLATION):
@@ -508,4 +513,4 @@ def test_passwordlockout(topo, _fix_password):
 
 if __name__ == "__main__":
     CURRENT_FILE = os.path.realpath(__file__)
-    pytest.main("-s -v %s" % CURRENT_FILE)
+    pytest.main("-s -v %s" % CURRENT_FILE)

dirsrvtests/tests/suites/plugins/rootdn_plugin_test.py

@@ -643,7 +643,10 @@ def test_rootdn_config_validate(topology_st, rootdn_setup, rootdn_cleanup):
         plugin.apply_mods([(ldap.MOD_REPLACE, 'rootdn-deny-host', 'host.####.com')])
 
 
-def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup):
[email protected]
[email protected]
[email protected](ds_is_older('1.3.11', '1.4.3.5'), reason="May fail because of bz1807537")
+def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup, timeout=5):
     """Test denied IP feature with a wildcard
 
     :id: 73c74f62-9ac2-4bb6-8a63-bacc8d8bbf93
@@ -663,22 +666,33 @@ def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_clea
     log.info('Running test_rootdn_access_denied_ip_wildcard...')
 
     plugin.add_deny_ip('127.*')
-    time.sleep(.5)
 
-    # Bind as root DN - should fail
+    # Bind as Root DN - should fail
     uri = 'ldap://{}:{}'.format('127.0.0.1', topology_st.standalone.port)
-    with pytest.raises(ldap.UNWILLING_TO_PERFORM):
-        rootdn_bind(topology_st.standalone, uri=uri)
+    for i in range(0, timeout):
+        try:
+            rootdn_bind(topology_st.standalone, uri=uri)
+        except ldap.UNWILLING_TO_PERFORM:
+            break
+        else:
+            time.sleep(.5)
 
     # Change the denied IP so root DN succeeds
     plugin.apply_mods([(ldap.MOD_REPLACE, 'rootdn-deny-ip', '255.255.255.255')])
-    time.sleep(.5)
 
-    # Bind should succeed
-    rootdn_bind(topology_st.standalone, uri=uri)
+    # Bind as Root DN - should succeed
+    for i in range(0, timeout):
+        try:
+            rootdn_bind(topology_st.standalone, uri=uri)
+            break
+        except:
+            time.sleep(.5)
 
 
-def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup):
[email protected]
[email protected]
[email protected](ds_is_older('1.3.11', '1.4.3.5'), reason="May fail because of bz1807537")
+def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup, timeout=5):
     """Test allowed ip feature
 
     :id: c3e22c61-9ed2-4e89-8243-6ff686ecad9b
@@ -702,16 +716,25 @@ def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cle
     time.sleep(.5)
 
     # Bind as Root DN - should fail
-    uri = 'ldap://{}:{}'.format("127.0.0.1", topology_st.standalone.port)
-    with pytest.raises(ldap.UNWILLING_TO_PERFORM):
-        rootdn_bind(topology_st.standalone, uri=uri)
+    uri = 'ldap://{}:{}'.format('127.0.0.1', topology_st.standalone.port)
+    for i in range(0, timeout):
+        try:
+            rootdn_bind(topology_st.standalone, uri=uri)
+        except ldap.UNWILLING_TO_PERFORM:
+            break
+        else:
+            time.sleep(.5)
 
     # Allow localhost
     plugin.add_allow_ip('127.*')
-    time.sleep(.5)
 
-    # Bind should succeed
-    rootdn_bind(topology_st.standalone, uri=uri)
+    # Bind as Root DN - should succeed
+    for i in range(0, timeout):
+        try:
+            rootdn_bind(topology_st.standalone, uri=uri)
+            break
+        except:
+            time.sleep(.5)
 
 
 if __name__ == '__main__':

dirsrvtests/tests/suites/pwp_storage/storage_test.py

@@ -21,6 +21,7 @@ from lib389.idm.user import UserAccounts, UserAccount
 from lib389._constants import DEFAULT_SUFFIX
 from lib389.config import Config
 from lib389.password_plugins import PBKDF2Plugin, SSHA512Plugin
+from lib389.utils import ds_is_older
 
 pytestmark = pytest.mark.tier1
 
@@ -104,7 +105,7 @@ def test_check_two_scheme(topo):
            in UserAccount(topo.standalone, user.dn).get_attr_val_utf8('userpassword').lower()
     user.delete()
 
-
+@pytest.mark.skipif(ds_is_older('1.4'), reason="Not implemented")
 def test_check_pbkdf2_sha256(topo):
     """Check password scheme PBKDF2_SHA256.
 

dirsrvtests/tests/suites/replication/changelog_test.py

@@ -219,7 +219,7 @@ def remove_ldif_files_from_changelogdir(topo, extension):
                 log.info('Existing changelog %s file: %s removed' % (extension,changelog_file))
 
                 
[email protected](ds_is_older('1.3.10.1'), reason="bug bz1685059")
[email protected](ds_is_older('1.3.10.1', '1.4.3'), reason="bug bz1685059")
 @pytest.mark.bz1685059
 @pytest.mark.ds50498
 @pytest.mark.bz1769296
@@ -367,7 +367,7 @@ def test_dsconf_dump_changelog_files_removed(topo):
     # primary condition before executing the core goal of this case : management of generated files.
 
     log.info("Use dsconf dump-changelog with invalid parameters")
-    cmdline=['python', '/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', 'badpasswd', 'replication', 'dump-changelog']
+    cmdline=['/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', 'badpasswd', 'replication', 'dump-changelog']
     log.info('Command used : %s' % cmdline)
     proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE)
     msg = proc.communicate()
@@ -377,7 +377,7 @@ def test_dsconf_dump_changelog_files_removed(topo):
     # Now the core goal of the test case
     # Using dsconf replication changelog  without -l option
     log.info('Use dsconf replication changelog without -l option: no generated ldif files should be present in %s ' % changelog_dir)
-    cmdline=['python', '/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog']
+    cmdline=['/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog']
     log.info('Command used : %s' % cmdline)
     proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE)
     proc.communicate()
@@ -396,7 +396,7 @@ def test_dsconf_dump_changelog_files_removed(topo):
 
     # Using dsconf replication changelog  without -l option
     log.info('Use dsconf replication changelog with -l option: generated ldif files should be kept in %s ' % changelog_dir)
-    cmdline=['python', '/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog', '-l']
+    cmdline=['/usr/sbin/dsconf', instance_url, '-D', DN_DM, '-w', PASSWORD, 'replication', 'dump-changelog', '-l']
     log.info('Command used : %s' % cmdline)
     proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE)
     proc.communicate()

dirsrvtests/tests/suites/replication/cleanallruv_test.py

@@ -84,7 +84,7 @@ def check_ruvs(msg, topology_m4, m4rid):
         replica = replicas.get(DEFAULT_SUFFIX)
 
         count = 0
-        while not clean and count < 10:
+        while not clean and count < 20:
             ruv = replica.get_ruv()
             if m4rid in ruv._rids:
                 time.sleep(5)

dirsrvtests/tests/suites/rewriters/__init__.py

@@ -0,0 +1,3 @@
+"""
+   :Requirement: 389-ds-base: Rewriters
+"""

dirsrvtests/tests/suites/roles/__init__.py

@@ -0,0 +1,3 @@
+"""
+   :Requirement: 389-ds-base: Roles
+"""

dirsrvtests/tests/suites/sasl/allowed_mechs_test.py

@@ -10,6 +10,7 @@
 import pytest
 import os
 from lib389.topologies import topology_st
+from lib389.utils import ds_is_older
 
 pytestmark = pytest.mark.tier1
 
@@ -178,6 +179,7 @@ def test_basic_feature(topology_st):
 
 @pytest.mark.bz1816854
 @pytest.mark.ds50869
[email protected](ds_is_older('1.3.11', '1.4.3.6'), reason="May fail because of bz1816854")
 def test_config_set_few_mechs(topology_st):
     """Test that we can successfully set multiple values to nsslapd-allowed-sasl-mechanisms
 

dirsrvtests/tests/suites/setup_ds/remove_test.py

@@ -14,6 +14,7 @@ from lib389 import DirSrv
 from lib389.instance.remove import remove_ds_instance
 from lib389._constants import ReplicaRole
 from lib389.topologies import create_topology
+from lib389.utils import ds_is_older
 
 pytestmark = pytest.mark.tier0
 
@@ -31,7 +32,7 @@ def topology_st(request):
 
     return topology
 
-
+@pytest.mark.skipif(ds_is_older('1.4.3'), reason="Backend split, lib389 supports only cn=bdb,cn=config...")
 @pytest.mark.parametrize("simple_allocate", (True, False))
 def test_basic(topology_st, simple_allocate):
     """Check that all DS directories and systemd items were removed