URL: https://github.com/freeipa/freeipa/pull/409 Author: celestian Title: #409: ipatests: nested netgroups (intg) Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/409/head:pr409 git checkout pr409
From 756a7e0d173f6ce4c17e085523990199f894b8ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?= <pc...@redhat.com> Date: Mon, 23 Jan 2017 18:46:42 +0100 Subject: [PATCH] ipatests: nested netgroups (intg) Adds a test case for issue in SSSD that manifested in an inability to resolve nested membership in netgroups The test case tests for direct and indirect membership. https://fedorahosted.org/freeipa/ticket/6439 --- Contributors.txt | 1 + ipatests/test_integration/test_netgroup.py | 177 +++++++++++++++++++++++++++++ 2 files changed, 178 insertions(+) create mode 100644 ipatests/test_integration/test_netgroup.py diff --git a/Contributors.txt b/Contributors.txt index a003a3e..37fb531 100644 --- a/Contributors.txt +++ b/Contributors.txt @@ -98,6 +98,7 @@ Developers: Adam Young Jan Zelený Pavel Zůna + Petr Čech Documentation: Gabe Alford diff --git a/ipatests/test_integration/test_netgroup.py b/ipatests/test_integration/test_netgroup.py new file mode 100644 index 0000000..280c8f2 --- /dev/null +++ b/ipatests/test_integration/test_netgroup.py @@ -0,0 +1,177 @@ +# +# Copyright (C) 2015 FreeIPA Contributors see COPYING for license +# + +import pytest + +from ipatests.test_integration.base import IntegrationTest +from ipatests.test_integration.tasks import clear_sssd_cache + + +def get_test_data(): + + test_data = [] + + for i in range(1, 4): + data = { + 'user': { + 'login': 'testuser_{}'.format(i), + 'first': 'Test_{}'.format(i), + 'last': 'User_{}'.format(i), + }, + 'netgroup': 'testgroup_{}'.format(i), + 'nested_netgroup': 'testgroup_{}'.format(i-1) if i > 1 else '' + } + test_data.append(data) + + members = [d['user']['login'] for d in test_data] if test_data else [] + test_data[-1]['netgroup_nested_members'] = members + + return test_data + + +@pytest.fixture() +def three_netgroups(request): + + test_data = get_test_data() + + for d in test_data: + request.cls.master.run_command(['ipa', 'user-add', d['user']['login'], + '--first', d['user']['first'], + '--last', d['user']['last']], + raiseonerr=False) + + request.cls.master.run_command(['ipa', 'netgroup-add', d['netgroup']], + raiseonerr=False) + + user_opt = '--users={}'.format(d['user']['login']) + request.cls.master.run_command(['ipa', 'netgroup-add-member', user_opt, + d['netgroup']], raiseonerr=False) + + def teardown_three_netgroups(): + test_data = get_test_data() + for d in test_data: + request.cls.master.run_command(['ipa', 'user-del', + d['user']['login']], + raiseonerr=False) + + request.cls.master.run_command(['ipa', 'netgroup-del', + d['netgroup']], + raiseonerr=False) + + request.addfinalizer(teardown_three_netgroups) + + +class TestNetgroups(IntegrationTest): + """ + Test Netgroups + """ + + num_clients = 1 + topology = 'line' + + def check_users_in_netgroups(self): + """Check if users are in groups, no nested things""" + client = self.clients[0] + clear_sssd_cache(client) + + test_data = get_test_data() + for d in test_data: + result = client.run_command(['getent', 'passwd', + d['user']['login']], raiseonerr=False) + assert result.returncode == 0 + + user = '{} {}'.format(d['user']['first'], d['user']['last']) + assert user in result.stdout_text + + result = client.run_command(['getent', 'netgroup', + d['netgroup']], raiseonerr=False) + assert result.returncode == 0 + + netgroup = '(-,{},{})'.format(d['user']['login'], self.domain.name) + assert netgroup in result.stdout_text + + def check_nested_netgroup_hierarchy(self): + client = self.clients[0] + clear_sssd_cache(client) + + test_data = get_test_data() + for d in test_data: + result = client.run_command(['getent', 'netgroup', d['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + + for member in d['netgroup_nested_members']: + if not member: + continue + + netgroup = '(-,{},{})'.format(member, self.domain.name) + assert netgroup in result.stdout_text + + def prepare_nested_netgroup_hierarchy(self): + test_data = get_test_data() + for d in test_data: + if not d['nested_netgroup']: + continue + + netgroups_opt = '--netgroups={}'.format(d['nested_netgroup']) + self.master.run_command(['ipa', 'netgroup-add-member', + netgroups_opt, d['netgroup']]) + + def test_add_nested_netgroup(self, three_netgroups): + """Test of adding nested groups""" + self.check_users_in_netgroups() + self.prepare_nested_netgroup_hierarchy() + self.check_nested_netgroup_hierarchy() + + def test_remove_nested_netgroup(self, three_netgroups): + """Test of removing nested groups""" + client = self.clients[0] + test_data = get_test_data() + + trinity = ['(-,{},{})'.format(d['user']['login'], self.domain.name) + for d in test_data] + + self.check_users_in_netgroups() + self.prepare_nested_netgroup_hierarchy() + self.check_nested_netgroup_hierarchy() + + # Removing of testgroup_1 from testgroup_2 + netgroups_opt = '--netgroups={}'.format(test_data[0]['netgroup']) + result = self.master.run_command(['ipa', 'netgroup-remove-member', + netgroups_opt, + test_data[1]['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + clear_sssd_cache(client) + + result = client.run_command(['getent', 'netgroup', + test_data[1]['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + assert trinity[1] in result.stdout_text + + result = client.run_command(['getent', 'netgroup', + test_data[2]['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + assert trinity[0] not in result.stdout_text + assert trinity[1] in result.stdout_text + assert trinity[2] in result.stdout_text + + # Removing of testgroup_2 from testgroup_3 + netgroups_opt = '--netgroups={}'.format(test_data[1]['netgroup']) + result = self.master.run_command(['ipa', 'netgroup-remove-member', + netgroups_opt, + test_data[2]['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + clear_sssd_cache(client) + + result = client.run_command(['getent', 'netgroup', + test_data[2]['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + assert trinity[0] not in result.stdout_text + assert trinity[1] not in result.stdout_text + assert trinity[2] in result.stdout_text
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code