URL: https://github.com/freeipa/freeipa/pull/409 Author: celestian Title: #409: ipatests: nested netgroups (intg) Action: opened
PR body: """ Adds a test case for issue in SSSD that manifested in an inability to resolve nested membership in netgroups The test case tests for direct and indirect membership. https://fedorahosted.org/freeipa/ticket/6439 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/409/head:pr409 git checkout pr409
From aa0707a093a70ecfba67872230b98af09ad67986 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?= <pc...@redhat.com> Date: Mon, 23 Jan 2017 18:46:42 +0100 Subject: [PATCH] ipatests: nested netgroups (intg) Adds a test case for issue in SSSD that manifested in an inability to resolve nested membership in netgroups The test case tests for direct and indirect membership. https://fedorahosted.org/freeipa/ticket/6439 --- ipatests/test_integration/test_netgroup.py | 149 +++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 ipatests/test_integration/test_netgroup.py diff --git a/ipatests/test_integration/test_netgroup.py b/ipatests/test_integration/test_netgroup.py new file mode 100644 index 0000000..371311b --- /dev/null +++ b/ipatests/test_integration/test_netgroup.py @@ -0,0 +1,149 @@ +# Authors: +# Petr Čech <pc...@redhat.com> +# +# Copyright (C) 2017 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from __future__ import print_function + +import pytest + +from ipatests.test_integration.base import IntegrationTest +from ipatests.test_integration.tasks import clear_sssd_cache + + +@pytest.fixture() +def three_netgroups(request): + for i in range(1, 4): + request.cls.master.run_command(['ipa', 'user-add', + 'testuser%d' % i, + '--first', 'Test', + '--last', 'User%d' % i]) + + request.cls.master.run_command(['ipa', 'netgroup-add', + 'test_netgroup%d' % i]) + + request.cls.master.run_command(['ipa', 'netgroup-add-member', + '--users=testuser%d' % i, + 'test_netgroup%d' % i]) + + def teardown_three_netgroups(): + for i in range(1, 4): + request.cls.master.run_command(['ipa', 'netgroup-del', + 'test_netgroup%d' % i]) + for i in range(1, 4): + request.cls.master.run_command(['ipa', 'user-del', + 'testuser%d' % i]) + + request.addfinalizer(teardown_three_netgroups) + + +class TestNetgroups(IntegrationTest): + """ + Test Netgroups + """ + + num_clients = 1 + topology = 'line' + + @classmethod + def install(cls, mh): + super(TestNetgroups, cls).install(mh) + + cls.client = cls.clients[0] + cls.clientname = cls.client.run_command( + ['hostname', '-s']).stdout_text.strip() + + cls.domain = cls.get_domains()[0] + + @classmethod + def uninstall(cls, mh): + super(TestNetgroups, cls).uninstall(mh) + + def check_users_in_netgroups(self): + clear_sssd_cache(self.client) + for i in range(1, 4): + result = self.client.run_command(['getent', 'passwd', + 'testuser%d' % i]) + assert result.returncode == 0 + assert 'Test User%d' % i in result.stdout_text + + result = self.client.run_command(['getent', 'netgroup', + 'test_netgroup%d' % i]) + assert result.returncode == 0 + assert '(-,testuser%d,%s)' % (i, self.domain.name) in result.stdout_text + + def check_nested_netgroup_hierarchy(self): + clear_sssd_cache(self.client) + for i in range(1, 4): + result = self.client.run_command(['getent', 'netgroup', + 'test_netgroup%d' % i]) + assert result.returncode == 0 + for j in range(1, i): + assert '(-,testuser%d,%s)' % (j, self.domain.name) in result.stdout_text + + def prepare_nested_netgroup_hierarchy(self): + for i in range(1, 3): + self.master.run_command(['ipa', 'netgroup-add-member', + '--netgroups=test_netgroup%d' % i, + 'test_netgroup%d' % (i + 1)]) + + def test_add_nested_netgroup(self, three_netgroups): + """Test of adding nested groups""" + self.check_users_in_netgroups() + self.prepare_nested_netgroup_hierarchy() + self.check_nested_netgroup_hierarchy() + + def test_remove_nested_netgroup(self, three_netgroups): + """Test of removing nested groups""" + self.check_users_in_netgroups() + self.prepare_nested_netgroup_hierarchy() + self.check_nested_netgroup_hierarchy() + + # Removing of test_netgroup1 from test_netgroup2 + self.master.run_command(['ipa', 'netgroup-remove-member', + '--netgroups=test_netgroup1', + 'test_netgroup2']) + clear_sssd_cache(self.client) + + result = self.client.run_command(['getent', 'netgroup', + 'test_netgroup2']) + assert result.returncode == 0 + assert '(-,testuser2,%s)' % self.domain.name in result.stdout_text + + result = self.client.run_command(['getent', 'netgroup', + 'test_netgroup3']) + assert result.returncode == 0 + assert '(-,testuser1,%s)' % self.domain.name not in result.stdout_text + assert '(-,testuser2,%s)' % self.domain.name in result.stdout_text + assert '(-,testuser3,%s)' % self.domain.name in result.stdout_text + + # Removing of test_netgroup2 from test_netgroup3 + self.master.run_command(['ipa', 'netgroup-remove-member', + '--netgroups=test_netgroup2', + 'test_netgroup3']) + clear_sssd_cache(self.client) + + result = self.client.run_command(['getent', 'netgroup', + 'test_netgroup3']) + assert result.returncode == 0 + + result = self.client.run_command(['getent', 'netgroup', + 'test_netgroup3']) + assert result.returncode == 0 + assert '(-,testuser1,%s)' % self.domain.name not in result.stdout_text + assert '(-,testuser2,%s)' % self.domain.name not in result.stdout_text + assert '(-,testuser3,%s)' % self.domain.name in result.stdout_text
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code