URL: https://github.com/freeipa/freeipa/pull/4350 Author: wladich Title: #4350: [Backport][ipa-4-6] ipatests: add test for SSSD updating expired cache items Action: opened
PR body: """ This is a manual backport of #3955 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4350/head:pr4350 git checkout pr4350
From 71138b039873f4bb4448597d488b7443cfdae542 Mon Sep 17 00:00:00 2001 From: Sergey Orlov <sor...@redhat.com> Date: Mon, 9 Mar 2020 17:09:09 +0100 Subject: [PATCH 1/2] ipatests: add test for SSSD updating expired cache items New test checks that sssd updates expired cache values both for IPA domain and trusted AD domain. Related to: https://pagure.io/SSSD/sssd/issue/4012 --- ipatests/test_integration/test_sssd.py | 55 +++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py index b22c1b6fd4..164e2b33a8 100644 --- a/ipatests/test_integration/test_sssd.py +++ b/ipatests/test_integration/test_sssd.py @@ -7,6 +7,7 @@ from __future__ import absolute_import from contextlib import contextmanager +import re import ipaplatform import pytest @@ -26,9 +27,15 @@ class TestSSSDWithAdTrust(IntegrationTest): num_clients = 1 users = { + 'ipa': { + 'name': 'user1', + 'password': 'SecretUser1', + 'group': 'user1', + }, 'ad': { 'name_tmpl': 'testuser@{domain}', - 'password': 'Secret123' + 'password': 'Secret123', + 'group_tmpl': 'testgroup@{domain}', }, 'fakeuser': { 'name': 'some_user@some.domain' @@ -48,6 +55,11 @@ def install(cls, mh): cls.users['ad']['name'] = cls.users['ad']['name_tmpl'].format( domain=cls.ad.domain.name) + cls.users['ad']['group'] = cls.users['ad']['group_tmpl'].format( + domain=cls.ad.domain.name) + tasks.user_add(cls.master, cls.intermed_user) + tasks.create_active_user(cls.master, cls.ipa_user, + cls.ipa_user_password) @contextmanager def filter_user_setup(self, user): @@ -172,3 +184,44 @@ def test_external_group_paging(self): # reset to original limit tasks.ldapmodify_dm(master, ldap_query.format(limit=orig_limit)) sssd_conf_backup.restore() + + @pytest.mark.parametrize('user_origin', ['ipa', 'ad']) + def test_sssd_cache_refresh(self, user_origin): + """Check SSSD updates expired cache items for domain and its subdomains + + Regression test for https://pagure.io/SSSD/sssd/issue/4012 + """ + def get_cache_update_time(obj_kind, obj_name): + res = self.master.run_command( + ['sssctl', '{}-show'.format(obj_kind), obj_name]) + m = re.search(r'Cache entry last update time:\s+([^\n]+)', + res.stdout_text) + update_time = m.group(1).strip() + assert update_time + return update_time + + # by design, sssd does first update of expired records in 30 seconds + # since start + refresh_time = 30 + user = self.users[user_origin]['name'] + group = self.users[user_origin]['group'] + sssd_conf_backup = tasks.FileBackup(self.master, paths.SSSD_CONF) + try: + with tasks.remote_sssd_config(self.master) as sssd_conf: + sssd_conf.edit_domain( + self.master.domain, 'refresh_expired_interval', 1) + sssd_conf.edit_domain( + self.master.domain, 'entry_cache_timeout', 1) + tasks.clear_sssd_cache(self.master) + + start = time.time() + self.master.run_command(['id', user]) + user_update_time = get_cache_update_time('user', user) + group_update_time = get_cache_update_time('group', group) + time.sleep(start + refresh_time - time.time() + 5) + assert get_cache_update_time('user', user) != user_update_time + assert (get_cache_update_time('group', group) != + group_update_time) + finally: + sssd_conf_backup.restore() + tasks.clear_sssd_cache(self.master) From 29ad96fbe211b30775184a6a1858da173624cd94 Mon Sep 17 00:00:00 2001 From: Sergey Orlov <sor...@redhat.com> Date: Thu, 12 Mar 2020 12:04:12 +0100 Subject: [PATCH 2/2] temp commit --- .freeipa-pr-ci.yaml | 2 +- ipatests/prci_definitions/temp_commit.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b63..8065669008 120000 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 408e598453..e7f9993643 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -57,14 +57,14 @@ jobs: timeout: 1800 topology: *build - fedora-27/temp_commit: + fedora-27/test_sssd: requires: [fedora-27/build] priority: 50 job: - class: RunPytest + class: RunADTests args: build_url: '{fedora-27/build_url}' - test_suite: test_integration/test_REPLACEME.py + test_suite: test_integration/test_sssd.py template: *ci-master-f27 - timeout: 3600 - topology: *master_1repl_1client + timeout: 4800 + topology: *ad_master_2client
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
