From 3baae8d1bd0a0c4c707314524289e86e6ecbc0df Mon Sep 17 00:00:00 2001

From: Alexander Bokovoy <abokovoy@redhat.com>

Date: Mon, 14 Mar 2022 21:09:36 +0200

Subject: [PATCH] test_otp: do not use paramiko unless it is really needed

paramiko cannot be used in FIPS mode. We have few tests that import

generic methods from test_otp (add_token/del_token) and those tests fail

in FIPS mode due to unconditional 'import paramiko'.

Instead, move 'import paramiko' to the ssh_2f() helper which is not used

in FIPS mode (the whole SSH 2FA test is skipped then).

Related: https://pagure.io/freeipa/issue/9119

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

Reviewed-By: Francisco Trivino <ftrivino@redhat.com>

---

 ipatests/test_integration/test_otp.py | 3 ++-

 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipatests/test_integration/test_otp.py b/ipatests/test_integration/test_otp.py

index bec76d205bf37699483b65ebbc5613cbbb466bb4..04bef4626077e727654898b07a76acab4f1d5971 100644

--- a/ipatests/test_integration/test_otp.py

+++ b/ipatests/test_integration/test_otp.py

@@ -5,7 +5,6 @@

 """

 import base64

 import logging

-import paramiko

 import pytest

 import re

 import time

@@ -102,6 +101,8 @@ def ssh_2f(hostname, username, answers_dict, port=22):

             logger.info(

                 "Answer to ssh prompt is: '%s'", answers_dict[prmpt_str])

         return resp

+

+    import paramiko

     trans = paramiko.Transport((hostname, port))

     trans.connect()

     trans.auth_interactive(username, answer_handler)

-- 

2.34.1