From 463e5e73a27bb31e3549c9204efe20555b7cb8dd Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 1 Jun 2018 15:19:35 -0400
Subject: [PATCH] Use replace instead of add to set new default
ipaSELinuxUserMapOrder
The add was in effect replacing whatever data was already there
causing any custom order to be lost on each run of
ipa-server-upgrade.
https://pagure.io/freeipa/issue/6610
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
---
install/updates/50-ipaconfig.update | 2 +-
ipatests/test_integration/test_commands.py | 48 ++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+), 1 deletion(-)
create mode 100644 ipatests/test_integration/test_commands.py
diff --git a/install/updates/50-ipaconfig.update b/install/updates/50-ipaconfig.update
index 23d2919dbd976c34d9217fc31cca88a0df6c7f5b..18501cb7b8a87377a76bc53b7fe3c469c23e2d41 100644
--- a/install/updates/50-ipaconfig.update
+++ b/install/updates/50-ipaconfig.update
@@ -1,5 +1,5 @@
dn: cn=ipaConfig,cn=etc,$SUFFIX
-add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
+replace: ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023::ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
add:ipaUserObjectClasses: ipasshuser
remove:ipaConfigString:AllowLMhash
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
new file mode 100644
index 0000000000000000000000000000000000000000..b2c0d5c710c9810cfd74216983f793808f4cf3c4
--- /dev/null
+++ b/ipatests/test_integration/test_commands.py
@@ -0,0 +1,48 @@
+#
+# Copyright (C) 2018 FreeIPA Contributors see COPYING for license
+#
+"""Misc test for 'ipa' CLI regressions
+"""
+from __future__ import absolute_import
+
+from ipatests.test_integration.base import IntegrationTest
+
+
+class TestIPACommand(IntegrationTest):
+ """
+ A lot of commands can be executed against a single IPA installation
+ so provide a generic class to execute one-off commands that need to be
+ tested without having to fire up a full server to run one command.
+ """
+ topology = 'line'
+
+ def test_change_selinuxusermaporder(self):
+ """
+ An update file meant to ensure a more sane default was
+ overriding any customization done to the order.
+ """
+ maporder = "unconfined_u:s0-s0:c0.c1023"
+
+ # set a new default
+ result = self.master.run_command(
+ ["ipa", "config-mod",
+ "--ipaselinuxusermaporder={}".format(maporder)],
+ raiseonerr=False
+ )
+ assert result.returncode == 0
+
+ # apply the update
+ result = self.master.run_command(
+ ["ipa-server-upgrade"],
+ raiseonerr=False
+ )
+ assert result.returncode == 0
+
+ # ensure result is the same
+ result = self.master.run_command(
+ ["ipa", "config-show"],
+ raiseonerr=False
+ )
+ assert result.returncode == 0
+ assert "SELinux user map order: {}".format(
+ maporder) in result.stdout_text
--
2.14.4