Tests: Test transformation of bash-ldap-id-ldap-auth netgroup #7648
Conversation
There was a problem hiding this comment.
Why are you using a specially created function to run libc's group membership, when the framework already provides an automation to check this?
As an example test_netgroups__add_remove_netgroup_member uses client.tools.getent.netgroup("ng-2") to check the membership.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
aborah-sudo
force-pushed
the
netgroup
branch
5 times, most recently
from
f0c4c4e
to
50ad1c3
Compare
aborah-sudo
force-pushed
the
netgroup
branch
2 times, most recently
from
40b026b
to
a19c0cb
Compare
|
This is much better, but you resolved an issue that still needs to be resolved. These tests are specific to LDAP should go in test_ldap.py. Is there a reason why we cannot use the generic provider? We want to start using this for more coverage and reduce the amount of test cases. Not related to this PR, here is an example of using one test to cover the same scenario for AD/IPA/LDAP/Samba, 12 lines of code instead of copying the test case. https://github.com/SSSD/sssd/blob/master/src/tests/system/tests/test_failover.py I'll take a closer look later, all the checks need to be green before we merge, please resolve the ci failures, like the 'static code analysis' and the ci system tests. |
These are ldap specific tests. I have tries running them against GenericProvider but its failed . So moving them to _test_ldap.py |
aborah-sudo
force-pushed
the
netgroup
branch
8 times, most recently
from
78ca7f8
to
fe91a15
Compare
There was a problem hiding this comment.
I've consulted Sumit and although the netgroup functionality is provided, IPA's exposed interface is not the same as in LDAP or AD's environment. So I have an important question before I continue reviewing the code. Ultimately what do we want to test? Do we want to test that the high-level functionality works, or that the functionality of each provider works? According to the response, we can decide what to do with this PR.
The high-level functionality works |
| client.sssd.restart() | ||
|
|
||
| member = client.tools.getent.netgroup("nested_netgroup").members | ||
| assert "(testhost1,ng1,ldap.test)" in member | ||
| assert "(-,ng3,)" in member | ||
| assert "(testhost5,ng2,ldap.test)" in member |
There was a problem hiding this comment.
Why is this needed? Are you expecting some change may happen?
There was a problem hiding this comment.
No, this is assertion to make sure everything works
There was a problem hiding this comment.
What do you mean by everything? What is the exact use case you are trying to test?
There was a problem hiding this comment.
After sssd restart i want to make sure that Nesting netgroups works and i can remove that part if it does not make sense .
There was a problem hiding this comment.
IMO it doesn't. @danlavu what do you think? Does it make sense to check again the nesting groups after restarting sssd?
aborah-sudo
force-pushed
the
netgroup
branch
2 times, most recently
from
9b6e65b
to
bd1e66d
Compare
There was a problem hiding this comment.
Overall it looks good, mostly grammatical changes requested. I didn't go into why, the change, but if you would like to explain why moving forward I'm happy to do so or I can just provide the change.
There is one part of 'test_netgroup__lookup_nested_groups' that is out scope, thanks Anuj, good work.
| for id in [1, 2]: | ||
| provider.user(f"ng{id}").add() | ||
|
|
||
| netgroup_qa = provider.netgroup("QAUsers").add() |
There was a problem hiding this comment.
We should change the group names, it's more concise to call them "group" and "nested_group".
| """ | ||
| :title: Netgroup contains a member that has a host and domain specified. | ||
| :setup: | ||
| 1. Create users, groups. |
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| @pytest.mark.topology(KnownTopology.Samba) | ||
| def test_netgroup__host_and_domain(client: Client, provider: GenericProvider, user: str, domain: str, expected: str): |
There was a problem hiding this comment.
A more descriptive name, like
'test_netgroup__lookup_nested_groups_with_host_and_domain_values_present'
| """ | ||
| :title: Nesting netgroups and verifying user memberships using LDAP with sssd. | ||
| :setup: | ||
| 1. Create users, groups. |
| @pytest.mark.topology(KnownTopology.Samba) | ||
| def test_netgroup__lookup_nested_groups(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Nesting netgroups and verifying user memberships using LDAP with sssd. |
There was a problem hiding this comment.
'Looking up nested netgroups' is sufficient as the title.
| 5. Add Circular Netgroup Nesting to nested_netgroup | ||
| 6. Start sssd | ||
| :steps: | ||
| 1. Retrieves all members of the "nested_netgroup" group using the getent netgroup tool. |
There was a problem hiding this comment.
'Lookup nested_netgroup'
We can drop steps 2 and 3.
| 3. Checks if a user who is not in any netgroup is part of "nested_netgroup". | ||
| 4. After the SSSD restart, it retrieves the members of "nested_netgroup" again to ensure they still intact. | ||
| :expectedresults: | ||
| 1. All members of the "nested_netgroup" group be there |
There was a problem hiding this comment.
"Netgroup is found, and both netgroups and users are members"
We can drop all the other steps.
| """ | ||
| :title: User's 'memberNisNetgroup' attribute values are the DN of the group. | ||
| :setup: | ||
| 1. Create users, groups. |
There was a problem hiding this comment.
I made a lot of comments to the following test case, all of those comments apply here.
| """ | ||
| :title: User's 'memberNisNetgroup' attribute values are the DN of the group. | ||
| :setup: | ||
| 1. Create users, groups. |
There was a problem hiding this comment.
I made a lot of comments to the following test case, all of those comments apply here.
| client: Client, provider: GenericProvider, operation: str | ||
| ): | ||
| """ | ||
| :title: User's 'memberNisNetgroup' attribute values are the DN of the group. |
There was a problem hiding this comment.
Remove . from all titles and steps. Let's try and make it consistent.
aborah-sudo
force-pushed
the
netgroup
branch
from
bd1e66d
to
abc7d8e
Compare
| :setup: | ||
| 1. Create users and groups | ||
| 2. Create netgroups and add member | ||
| 3. Add Members to nested_netgroup |
| :setup: | ||
| 1. Create users and groups | ||
| 2. Create netgroups and add member | ||
| 3. Start sssd |
| :steps: | ||
| 1. Check whether the expected member is present in the nested_group netgroup | ||
| :expectedresults: | ||
| 1. Member is present in the nested_group netgroup |
There was a problem hiding this comment.
This is confusing, either
'Member is present in nested netgroup'
"Member is present in netgroup 'nested_netgroup'"
| 2. Create netgroups and add member | ||
| 3. Start sssd | ||
| :steps: | ||
| 1. Check whether the expected member is present in the nested_group netgroup |
There was a problem hiding this comment.
'Lookup netgroup', the extra wording is not necessary.
| 4. Make netgroup and nested_netgroup members of one another, looping the groups | ||
| 5. Start sssd | ||
| :steps: | ||
| 1. Lookup nested_netgroup |
There was a problem hiding this comment.
Let's keep names, in quotes,
- Lookup 'nested_netgroup'
| :setup: | ||
| 1. Create users and groups | ||
| 2. Create netgroups and add member | ||
| 3. Add Members to nested_netgroup |
There was a problem hiding this comment.
Quotes, if you are using the variable name.
- Add members to netgroup 'nested_netgroup'
or - Add members to nested netgroup
One specifies the actual group name and the other option is more general. I don't care which you choose, but I'd like to see it consistent through the file.
| 2. Create a new netgroup called group and add a member (ng1) to group | ||
| 3. Create another netgroup named nested_group and add a member (ng2) to nested_group | ||
| 4. Modify the nested_group to replace its members with the members of group | ||
| 5. Start sssd |
aborah-sudo
force-pushed
the
netgroup
branch
from
abc7d8e
to
2d7960d
Compare
| 2. Create netgroups and add member | ||
| 3. Start SSSD | ||
| :steps: | ||
| 1. Lookup netgroup |
There was a problem hiding this comment.
There is an extra space between the period and the text
aborah-sudo
force-pushed
the
netgroup
branch
2 times, most recently
from
84a504d
to
755b6e8
Compare
| 2. Create netgroups and add member | ||
| 3. Start SSSD | ||
| :steps: | ||
| 1. Lookup netgroup |
| :title: Netgroup contains a member that has a host and domain specified | ||
| :setup: | ||
| 1. Create users and groups | ||
| 2. Create netgroups and add member |
| :title: Looking up nested netgroups | ||
| :setup: | ||
| 1. Create users and groups | ||
| 2. Create netgroups and add member |
aborah-sudo
force-pushed
the
netgroup
branch
from
755b6e8
to
b217f20
Compare
Test transformation of bash-ldap-id-ldap-auth netgroup
aborah-sudo
force-pushed
the
netgroup
branch
from
b217f20
to
7eb8b21
Compare
Test transformation of bash-ldap-id-ldap-auth netgroup