Skip to content

Commit

Permalink
Tests: Test transformation of bash-ldap-id-ldap-auth netgroup
Browse files Browse the repository at this point in the history
Test transformation of bash-ldap-id-ldap-auth netgroup
  • Loading branch information
aborah-sudo committed Oct 23, 2024
1 parent b928dbe commit 7834daa
Showing 1 changed file with 143 additions and 0 deletions.
143 changes: 143 additions & 0 deletions src/tests/system/tests/test_netgroups.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import pytest
from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.generic import GenericProvider
from sssd_test_framework.roles.ipa import IPA
from sssd_test_framework.topology import KnownTopologyGroup


Expand Down Expand Up @@ -108,3 +109,145 @@ def test_netgroups__add_remove_netgroup_member(client: Client, provider: Generic
assert len(result.members) == 1
assert "(-, user-1)" not in result.members
assert "(-, user-2)" in result.members


@pytest.mark.parametrize("Operation", ["Add", "Replace"])
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_netgroup__user_attribute_membernisnetgroup_uses_group_dn(
client: Client, provider: GenericProvider, Operation: str
):
"""
:title: User's 'memberNisNetgroup' attribute values are the DN of the group.
:setup:
1. Create users, groups.
2. Create a new netgroup called QAUsers and add a member (ng9000) to QAUsers
3. Create another netgroup named DEVUsers and add a member (ng9005) to DEVUsers
4. Modify the DEVUsers netgroup to replace its members with the members of QAUsers.
5. Start sssd
:steps:
1. Retrieve all members of the DEVUsers netgroup.
2. Confirm that the member directly added to DEVUsers is present.
3. Confirm that the member from QAUsers is now part of DEVUsers.
:expectedresults:
1. All members should be retrieved
2. Members directly added to DEVUsers is present.
3. Members from QAUsers is now part of DEVUsers.
:customerscenario: False
"""
if isinstance(provider, IPA):
pytest.skip(reason="Not for IPA povider")

for id in [9000, 9005]:
provider.user(f"ng{id}").add()

netgroup_qa = provider.netgroup("QAUsers").add()
netgroup_qa.add_member(host="testhost1", user="ng9000", domain="ldap.test")

netgroup_dev = provider.netgroup("DEVUsers").add()
netgroup_dev.add_member(host="testhost5", user="ng9005", domain="ldap.test")
if Operation == "Replace":
netgroup_dev.add_member(ng=netgroup_qa.dn)
else:
netgroup_dev.add_member(ng="QAUsers")
client.sssd.start()

member = client.tools.getent.netgroup("DEVUsers").members
assert "(testhost5, ng9005, ldap.test)" in member
assert "(testhost1, ng9000, ldap.test)" in member


@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_netgroup__lookup_nested_groups(client: Client, provider: GenericProvider):
"""
:title: Nesting netgroups and verifying user memberships using LDAP with sssd.
:setup:
1. Create users, groups.
2. Create QAUsers Netgroup and Add Member
3. Create DEVUsers Netgroup and Add Nested Netgroup
4. Add Members to DEVUsers
5. Add Circular Netgroup Nesting
6. Start sssd
:steps:
1. Retrieves all members of the "DEVUsers" group using the getent netgroup tool.
2. Verify that users from another group is also part of "DEVUsers".
3. Checks if a user who is not in any netgroup is part of "DEVUsers".
4. After the SSSD restart, it retrieves the members of "DEVUsers" again to ensure they are still intact.
:expectedresults:
1. All members of the "DEVUsers" group be there
2. Users from another group is also part of "DEVUsers".
3. User who is not in any netgroup is part of "DEVUsers".
4. After restart all members of the "DEVUsers" group be there
"""
if isinstance(provider, IPA):
pytest.skip(reason="Not for IPA povider")

for id in [9000, 9005, 9006]:
provider.user(f"ng{id}").add()

netgroup = provider.netgroup("QAUsers").add()
netgroup.add_member(host="testhost1", user="ng9000", domain="ldap.test")

nested_netgroup = provider.netgroup("DEVUsers").add()
nested_netgroup.add_member(ng=netgroup.dn)
nested_netgroup.add_member(host="testhost5", user="ng9005", domain="ldap.test")
nested_netgroup.add_member(user="ng9006")

netgroup.add_member(ng=nested_netgroup.dn)

client.sssd.start()

member = client.tools.getent.netgroup("DEVUsers").members
assert "(testhost1,ng9000,ldap.test)" in member
assert "(-,ng9006,)" in member
assert "(testhost5,ng9005,ldap.test)" in member

client.sssd.restart()

member = client.tools.getent.netgroup("DEVUsers").members
assert "(testhost1,ng9000,ldap.test)" in member
assert "(-,ng9006,)" in member
assert "(testhost5,ng9005,ldap.test)" in member


@pytest.mark.parametrize(
"user, domain, expected",
[("samplehost", "samplehost.domain.com", "(samplehost,-,samplehost.domain.com)"), ("ng9006", "", "(-,ng9006,)")],
)
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_netgroup__host_and_domain(client: Client, provider: GenericProvider, user: str, domain: str, expected: str):
"""
:title: Netgroup contains a member that only has a host and domain specified, but no associated user.
:setup:
1. Create users, groups.
2. Create QAUsers Netgroup and Add Member
3. Create DEVUsers Netgroup and Add Members
4. Start sssd
:steps:
1. Check whether the expected member is present in the DEVUsers netgroup.
:expectedresults:
1. Member is present in the DEVUsers netgroup.
:customerscenario: False
"""
if isinstance(provider, IPA):
pytest.skip(reason="Not for IPA povider")

for id in [9000, 9005]:
provider.user(f"ng{id}").add()

netgroup_qa = provider.netgroup("QAUsers").add()
netgroup_qa.add_member(host="testhost1", user="ng9000", domain="ldap.test")

netgroup_dev = provider.netgroup("DEVUsers").add()
netgroup_dev.add_member(host="testhost5", user="ng9005", domain="ldap.test")
if domain == "samplehost.domain.com":
netgroup_dev.add_member(host=user, domain=domain)
else:
netgroup_dev.add_member(user=user)

client.sssd.start()

member = client.tools.getent.netgroup("DEVUsers").members
assert expected in member

0 comments on commit 7834daa

Please sign in to comment.