[Freeipa-devel] [freeipa PR#409][opened] ipatests: nested netgroups (intg)

Mon, 23 Jan 2017 10:09:13 -0800 

   URL: https://github.com/freeipa/freeipa/pull/409
Author: celestian
 Title: #409: ipatests: nested netgroups (intg)
Action: opened

PR body:
"""
Adds a test case for issue in SSSD that manifested in
an inability to resolve nested membership in netgroups

The test case tests for direct and indirect membership.

https://fedorahosted.org/freeipa/ticket/6439
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/409/head:pr409
git checkout pr409

From aa0707a093a70ecfba67872230b98af09ad67986 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= <pc...@redhat.com>
Date: Mon, 23 Jan 2017 18:46:42 +0100
Subject: [PATCH] ipatests: nested netgroups (intg)

Adds a test case for issue in SSSD that manifested in
an inability to resolve nested membership in netgroups

The test case tests for direct and indirect membership.

https://fedorahosted.org/freeipa/ticket/6439
---
 ipatests/test_integration/test_netgroup.py | 149 +++++++++++++++++++++++++++++
 1 file changed, 149 insertions(+)
 create mode 100644 ipatests/test_integration/test_netgroup.py

diff --git a/ipatests/test_integration/test_netgroup.py b/ipatests/test_integration/test_netgroup.py
new file mode 100644
index 0000000..371311b
--- /dev/null
+++ b/ipatests/test_integration/test_netgroup.py
@@ -0,0 +1,149 @@
+# Authors:
+#   Petr Čech <pc...@redhat.com>
+#
+# Copyright (C) 2017  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import print_function
+
+import pytest
+
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.test_integration.tasks import clear_sssd_cache
+
+
+@pytest.fixture()
+def three_netgroups(request):
+    for i in range(1, 4):
+        request.cls.master.run_command(['ipa', 'user-add',
+                                        'testuser%d' % i,
+                                        '--first', 'Test',
+                                        '--last', 'User%d' % i])
+
+        request.cls.master.run_command(['ipa', 'netgroup-add',
+                                        'test_netgroup%d' % i])
+
+        request.cls.master.run_command(['ipa', 'netgroup-add-member',
+                                        '--users=testuser%d' % i,
+                                        'test_netgroup%d' % i])
+
+    def teardown_three_netgroups():
+        for i in range(1, 4):
+            request.cls.master.run_command(['ipa', 'netgroup-del',
+                                            'test_netgroup%d' % i])
+        for i in range(1, 4):
+            request.cls.master.run_command(['ipa', 'user-del',
+                                            'testuser%d' % i])
+
+    request.addfinalizer(teardown_three_netgroups)
+
+
+class TestNetgroups(IntegrationTest):
+    """
+    Test Netgroups
+    """
+
+    num_clients = 1
+    topology = 'line'
+
+    @classmethod
+    def install(cls, mh):
+        super(TestNetgroups, cls).install(mh)
+
+        cls.client = cls.clients[0]
+        cls.clientname = cls.client.run_command(
+            ['hostname', '-s']).stdout_text.strip()
+
+        cls.domain = cls.get_domains()[0]
+
+    @classmethod
+    def uninstall(cls, mh):
+        super(TestNetgroups, cls).uninstall(mh)
+
+    def check_users_in_netgroups(self):
+        clear_sssd_cache(self.client)
+        for i in range(1, 4):
+            result = self.client.run_command(['getent', 'passwd',
+                                              'testuser%d' % i])
+            assert result.returncode == 0
+            assert 'Test User%d' % i in result.stdout_text
+
+            result = self.client.run_command(['getent', 'netgroup',
+                                              'test_netgroup%d' % i])
+            assert result.returncode == 0
+            assert '(-,testuser%d,%s)' % (i, self.domain.name) in result.stdout_text
+
+    def check_nested_netgroup_hierarchy(self):
+        clear_sssd_cache(self.client)
+        for i in range(1, 4):
+            result = self.client.run_command(['getent', 'netgroup',
+                                              'test_netgroup%d' % i])
+            assert result.returncode == 0
+            for j in range(1, i):
+                assert '(-,testuser%d,%s)' % (j, self.domain.name) in result.stdout_text
+
+    def prepare_nested_netgroup_hierarchy(self):
+        for i in range(1, 3):
+            self.master.run_command(['ipa', 'netgroup-add-member',
+                                     '--netgroups=test_netgroup%d' % i,
+                                     'test_netgroup%d' % (i + 1)])
+
+    def test_add_nested_netgroup(self, three_netgroups):
+        """Test of adding nested groups"""
+        self.check_users_in_netgroups()
+        self.prepare_nested_netgroup_hierarchy()
+        self.check_nested_netgroup_hierarchy()
+
+    def test_remove_nested_netgroup(self, three_netgroups):
+        """Test of removing nested groups"""
+        self.check_users_in_netgroups()
+        self.prepare_nested_netgroup_hierarchy()
+        self.check_nested_netgroup_hierarchy()
+
+        # Removing of test_netgroup1 from test_netgroup2
+        self.master.run_command(['ipa', 'netgroup-remove-member',
+                                 '--netgroups=test_netgroup1',
+                                 'test_netgroup2'])
+        clear_sssd_cache(self.client)
+
+        result = self.client.run_command(['getent', 'netgroup',
+                                          'test_netgroup2'])
+        assert result.returncode == 0
+        assert '(-,testuser2,%s)' % self.domain.name in result.stdout_text
+
+        result = self.client.run_command(['getent', 'netgroup',
+                                          'test_netgroup3'])
+        assert result.returncode == 0
+        assert '(-,testuser1,%s)' % self.domain.name not in result.stdout_text
+        assert '(-,testuser2,%s)' % self.domain.name in result.stdout_text
+        assert '(-,testuser3,%s)' % self.domain.name in result.stdout_text
+
+        # Removing of test_netgroup2 from test_netgroup3
+        self.master.run_command(['ipa', 'netgroup-remove-member',
+                                 '--netgroups=test_netgroup2',
+                                 'test_netgroup3'])
+        clear_sssd_cache(self.client)
+
+        result = self.client.run_command(['getent', 'netgroup',
+                                          'test_netgroup3'])
+        assert result.returncode == 0
+
+        result = self.client.run_command(['getent', 'netgroup',
+                                          'test_netgroup3'])
+        assert result.returncode == 0
+        assert '(-,testuser1,%s)' % self.domain.name not in result.stdout_text
+        assert '(-,testuser2,%s)' % self.domain.name not in result.stdout_text
+        assert '(-,testuser3,%s)' % self.domain.name in result.stdout_text

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to