diff --git a/python/samba/tests/dsdb_quiet_provision_tests.py b/python/samba/tests/dsdb_quiet_provision_tests.py new file mode 100644 index 00000000000..da642a7a94d --- /dev/null +++ b/python/samba/tests/dsdb_quiet_provision_tests.py @@ -0,0 +1,59 @@ +# Unix SMB/CIFS implementation. Tests for dsdb +# Copyright (C) Matthieu Patou 2010 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +"""These tests want to be run on a freshly provisioned domain that has +not been greatly modified by other tests (which at the time of writing +probably means 'chgdcpass'). + +Tests here should only read the database. + +This is to avoid flapping tests. +""" + +from samba.credentials import Credentials +from samba.samdb import SamDB +from samba.auth import system_session +from samba.tests import TestCase +import ldb +import samba + + +class DsdbQuietProvisionTests(TestCase): + + @classmethod + def setUpClass(cls): + super().setUpClass() + cls.lp = samba.tests.env_loadparm() + cls.creds = Credentials() + cls.creds.guess(cls.lp) + cls.session = system_session() + cls.samdb = SamDB(session_info=cls.session, + credentials=cls.creds, + lp=cls.lp) + + def test_dsdb_dn_gkdi_gmsa_root_keys_exist(self): + """In provision we set up a GKDI root key. + + There should always be at least one. + """ + dn = self.samdb.get_config_basedn() + dn.add_child("CN=Master Root Keys,CN=Group Key Distribution Service,CN=Services") + res = self.samdb.search(dn, + scope=ldb.SCOPE_SUBTREE, + expression="(objectClass = msKds-ProvRootKey)") + + self.assertGreater(len(res), 0) diff --git a/selftest/knownfail.d/gkdi-root-key-at-provision b/selftest/knownfail.d/gkdi-root-key-at-provision new file mode 100644 index 00000000000..9ef4f22fe4e --- /dev/null +++ b/selftest/knownfail.d/gkdi-root-key-at-provision @@ -0,0 +1 @@ +^samba.tests.dsdb_quiet_provision_tests.+test_dsdb_dn_gkdi_gmsa_root_keys_exist \ No newline at end of file diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index d70d7d56118..c7ecf46d25d 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -566,6 +566,10 @@ plantestsuite_loadlist("samba.tests.sddl_conditional_ace", for t in smbtorture4_testsuites("dns_internal."): plansmbtorture4testsuite(t, "ad_dc_default:local", '//$SERVER/whavever') +# These tests want to run on a barely changed fresh provision, before +# too much happens to this environment. +planpythontestsuite("chgdcpass:local", "samba.tests.dsdb_quiet_provision_tests") + # Local tests for t in smbtorture4_testsuites("dlz_bind9."): # The dlz_bind9 tests needs to look at the DNS database