DBG

cockpit-project · Dec 8, 2023 · 5a8455d · 5a8455d
1 parent 1c96d48
commit 5a8455d
Showing 1 changed file with 35 additions and 5 deletions.
diff --git a/test/verify/check-system-realms b/test/verify/check-system-realms
@@ -371,6 +371,10 @@ class CommonTests:
         with b.wait_timeout(300):
             b.wait_not_present("#realms-join-dialog")
         b.logout()
+
+        print(m.execute("chronyc tracking"))
+        print(self.machines["services"].execute("chronyc tracking"))
+
         m.execute('while ! id alice; do sleep 5; done', timeout=300)
 
         # alice's certificate was written by testClientCertAuthentication()
@@ -397,11 +401,16 @@ class CommonTests:
 
         def do_test(authopts, expected, not_expected=None, session_leader=None):
             m.start_cockpit(tls=True)
-            output = m.execute(['curl', '-ksS', '-D-', *authopts, 'https://localhost:9090/cockpit/login'])
-            for s in expected:
-                self.assertIn(s, output)
-            for s in (not_expected or []):
-                self.assertNotIn(s, output)
+
+            def try_auth():
+                output = m.execute(['curl', '-ksS', '-D-', *authopts, 'https://localhost:9090/cockpit/login'])
+                for s in expected:
+                    self.assertIn(s, output)
+                for s in (not_expected or []):
+                    self.assertNotIn(s, output)
+                return True
+
+            testlib.wait(try_auth, delay=5, tries=10)
 
             # sessions/users often hang around in State=closing for a long time, ignore these
             if session_leader:
@@ -427,6 +436,8 @@ class CommonTests:
 
         # from sssd
         self.allow_journal_messages("alice is not allowed to run sudo on x0.  This incident will be reported.")
+        # occasional intermediate error during password auth
+        self.allow_journal_messages("cockpit-session: user account access failed: 4 alice: System error")
 
         # cert auth should not be enabled by default
         do_test(alice_cert_key, ["HTTP/1.1 401 Authentication required", '"authorize"'])
@@ -472,6 +483,7 @@ class CommonTests:
             # earlier sssd just matches the certificate verbatim, without CA validation
             do_test(alice_cert_key, ['HTTP/1.1 200 OK', '"csrf-token"'])
         m.execute("mv /etc/sssd/pki/sssd_auth_ca_db.pem.valid /etc/sssd/pki/sssd_auth_ca_db.pem")
+        print(m.execute("chronyc tracking"))
 
 
 @testlib.skipOstree("No realmd available")
@@ -950,6 +962,24 @@ maprule = LDAP:(userCertificate={cert!base64})
     def testClientCertAuthentication6(self):
         self.testClientCertAuthentication()
 
+    def testClientCertAuthentication7(self):
+        self.testClientCertAuthentication()
+
+    def testClientCertAuthentication8(self):
+        self.testClientCertAuthentication()
+
+    def testClientCertAuthentication9(self):
+        self.testClientCertAuthentication()
+
+    def testClientCertAuthentication10(self):
+        self.testClientCertAuthentication()
+
+    def testClientCertAuthentication11(self):
+        self.testClientCertAuthentication()
+
+    def testClientCertAuthentication12(self):
+        self.testClientCertAuthentication()
+
 
 JOIN_SCRIPT = """
 set -ex