URL: https://github.com/freeipa/freeipa/pull/3349 Author: amore17 Title: #3349: ipatests: filter_users should be applied correctly if SSSD starts offline Action: opened
PR body: """ Added tests which validates that filter_users is applied correctly when SSSD starts in offline mode, which checks that no look up should be in data provider and NCE/USER/ipa_domain/user should be added to negative cache. Related Tickets: https://pagure.io/SSSD/sssd/issue/3983 https://pagure.io/SSSD/sssd/issue/3978 Signed-off-by: Anuja More <am...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3349/head:pr3349 git checkout pr3349
From 6c8d5cdab3284bc74a9a3931a347cc29fd68ed9f Mon Sep 17 00:00:00 2001 From: Anuja More <am...@redhat.com> Date: Mon, 1 Jul 2019 12:45:51 +0530 Subject: [PATCH] ipatests: filter_users should be applied correctly if SSSD starts offline Added tests which validates that filter_users is applied correctly when SSSD starts in offline mode, which checks that no look up should be in data provider and NCE/USER/ipa_domain/user should be added to negative cache. Related Tickets: https://pagure.io/SSSD/sssd/issue/3983 https://pagure.io/SSSD/sssd/issue/3978 Signed-off-by: Anuja More <am...@redhat.com> --- ipatests/test_integration/test_trust.py | 63 +++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py index c591809aa3..35cce70cfe 100644 --- a/ipatests/test_integration/test_trust.py +++ b/ipatests/test_integration/test_trust.py @@ -176,6 +176,69 @@ def test_upn_user_authentication_in_nonposix_trust(self): self.master.run_command(['kinit', '-C', '-E', self.upn_principal], stdin_text=self.upn_password) + def test_filter_users(self): + """filter_users option is applied if SSSD starts offline. + + Regression test for https://pagure.io/SSSD/sssd/issue/3983 + https://pagure.io/SSSD/sssd/issue/3978 + + When there are users in filter_users for nss provider then no + look up should be in data provider and NCE/USER/ipa_domain/user + should be added to negative cache. + """ + + aduser = 'testuser@%s' % self.ad_domain + fakeuser = 'some_user@some.domain' + + exp_txt1 = b'Looking up [%s] in data provider' % fakeuser + exp_txt2 = b'Adding [NCE/USER/%s/@%s] to negative cache permanently'\ + % (self.master.domain.name, aduser) + exp_txt3 = b'NCE/USER/%s/%s] to negative cache permanently'\ + % (self.ad_domain, aduser) + + resolution = '%s:%s' % (self.ad_domain, self.master.domain.name) + self.master.run_command(['ipa', 'config-mod', + '--domain-resolution-order=%s' % resolution]) + + tasks.backup_file(self.master, paths.SSSD_CONF) + try: + domain = self.master.domain + tasks.modify_sssd_conf( + self.master, domain.name, + { + 'filter_users': '{0},{1}'.format(aduser, fakeuser) + }, + provider_subtype='nss' + ) + # starting sssd in offline mode + self.master.run_command(['ipactl', 'stop']) + tasks.clear_sssd_cache(self.master) + + log_file = '{0}/sssd_nss.log'.format(paths.VAR_LOG_SSSD_DIR) + logsize = len(self.master.get_file_contents(log_file)) + sssd_log1 = self.master.get_file_contents(log_file)[logsize:] + + assert exp_txt2 in sssd_log1 + + self.master.run_command(['ipactl', 'start']) + + list_domains = ['sssctl', 'domain-list'] + test_list = re.escape(self.ad_domain) + tasks.run_repeatedly(self.master, list_domains, + test=lambda x: re.search(test_list, x)) + + self.master.run_command(['id', aduser]) + result = self.master.run_command(['id', fakeuser], raiseonerr=False) + assert result.returncode == 1 + + sssd_log2 = self.master.get_file_contents(log_file)[logsize:] + assert exp_txt1 not in sssd_log2 + assert exp_txt3 in sssd_log2 + + finally: + tasks.restore_files(self.master) + tasks.clear_sssd_cache(self.master) + def test_remove_nonposix_trust(self): self.remove_trust(self.ad)
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
