On (24/08/16 10:53), Petr Cech wrote:
>On 08/24/2016 09:15 AM, Lukas Slebodnik wrote:
>> On (22/08/16 16:39), Petr Cech wrote:
>> > On 08/19/2016 05:18 PM, Lukas Slebodnik wrote:
>> > > Thank you for test but I would appraciate a little bit simpler solution.
>> > > "memberNisNetgroup"(SYSDB_NETGROUP_MEMBER)
>> > > Your patch will append "memberNisNetgroup"(SYSDB_NETGROUP_MEMBER) to
>> > > missing
>> > > attributes if it is not in netgroup_attrs.
>> > >
>> > > However "memberNisNetgroup" and "originalMemberNisNetgroup" are
>> > > tightly coupled attributes in sysdb.
>> > > * the sysdb attributes "originalMemberNisNetgroup" contain the original
>> > > value from LDAP which can be name of netgroup of dn.
>> > > * the sysdb attributes "memberNisNetgroup" always contain shortname
>> > > used by sssd.
>> > > They are even the same if memberNisNetgroup in LDAP does not contain dn.
>> > > One is generated from other.
>> > >
>> > >
>> > > And function list_missing_attrs already find that
>> > > "originalMemberNisNetgroup"
>> > > is a missing attribute. Therefore if "originalMemberNisNetgroup"
>> > > is in missing attibutes list then we have to add there also
>> > > "memberNisNetgroup".
>> > >
>> > > e.g.
>> > > diff --git a/src/providers/ldap/sdap_async_netgroups.c
>> > > b/src/providers/ldap/sdap_async_netgroups.c
>> > > index df233d9..1fe40f5 100644
>> > > --- a/src/providers/ldap/sdap_async_netgroups.c
>> > > +++ b/src/providers/ldap/sdap_async_netgroups.c
>> > > @@ -138,6 +138,14 @@ static errno_t sdap_save_netgroup(TALLOC_CTX
>> > > *memctx,
>> > > goto fail;
>> > > }
>> > >
>> > > + if (string_in_list(SYSDB_ORIG_NETGROUP_MEMBER, missing, false)) {
>> > > + ret = add_string_to_list(attrs, SYSDB_NETGROUP_MEMBER,
>> > > &missing);
>> > > + if (ret != EOK) {
>> > > + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add string into
>> > > list\n");
>> > > + goto fail;
>> > > + }
>> > > + }
>> > > +
>> > > ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing,
>> > > dom->netgroup_timeout, now);
>> > > if (ret) goto fail;
>> > >
>> > > + some optional nice explanation/comment why :-)
>> >
>> > Hi Lukas,
>> >
>> > thanks. I tested your solution, it is valid. I have to agree it is
>> > simpler. I
>> > fixed my patch in this way.
>> >
>> >
>> > > > ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing,
>> > > > dom->netgroup_timeout, now);
>> > > > if (ret) goto fail;
>> > > > --
>> > > > 2.7.4
>> > > >
>> > >
>> > > BTW the same bug is also ipa_save_netgroup in
>> > > "src/providers/ipa/ipa_netgroups.c"
>> > > But sysdb_add_netgroup is called wit NULL for missing attrinbutes :-)
>> > >
>> > > Anyway sdap_save_netgroup and ipa_save_netgroup do almost the same
>> > > They just use different maps. You touched the netgroup related code.
>> > > So it would be good to do small refactoring and reuse ldap
>> > > sdap_save_netgroup in ipa_save_netgroup. So it would be good
>> > > If you could fix ticket #3117 in recent future. Because you still
>> > > remember
>> > > the netgroup related code in LDAP. (It's not a blocker for #2841)
>> > > It is just a recomendation :-)
>> >
>> > Right, I will take a look.
>> >
>> Thank you in advance.
>>
>> > From 25be35537e0d91af6939c3400340fe01cfb32ea7 Mon Sep 17 00:00:00 2001
>> > From: Petr Cech <[email protected]>
>> > Date: Fri, 22 Jul 2016 14:28:54 +0200
>> > Subject: [PATCH 1/3] LDAP: Fixing of removing netgroup from cache
>> >
>> > There were problem with local key which wasn't properly removed.
>> > This patch fixes it.
>> >
>> > Resolves:
>> > https://fedorahosted.org/sssd/ticket/2841
>> > ---
>> > src/providers/ldap/sdap_async_netgroups.c | 12 ++++++++++++
>> > 1 file changed, 12 insertions(+)
>> >
>> > diff --git a/src/providers/ldap/sdap_async_netgroups.c
>> > b/src/providers/ldap/sdap_async_netgroups.c
>> > index
>> > df233d956df70cfcb5f68bd2afc9e2a23c50c3bb..f36ea030414638ae2c778bc532fa09a0b69ed7de
>> > 100644
>> > --- a/src/providers/ldap/sdap_async_netgroups.c
>> > +++ b/src/providers/ldap/sdap_async_netgroups.c
>> > @@ -138,6 +138,18 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
>> > goto fail;
>> > }
>> >
>> > + /* We can get SYSDB_ORIG_NETGROUP_MEMBER, but not
>> > SYSDB_NETGROUP_MEMBER
>> > + * from LDAP. Thus we add SYSDB_NETGROUP_MEMBER to missing
>> > + * if SYSDB_ORIG_NETGROUP_MEMBER is in.
>> > + */
>> SYSDB_ORIG_NETGROUP_MEMBER is originalMemberNisNetgroup
>> and SYSDB_NETGROUP_MEMBER is memberNisNetgroup
>>
>> And we get memberNisNetgroup from LDAP but the vale us stored in
>> sysdb attribute originalMemberNisNetgroup. But it may contain
>> simple name or DN. That's the reason why we always translate/generate
>> simple name and store it in SYSDB_NETGROUP_MEMBER(memberNisNetgroup)
>> in sysdb which is internaly used for searching netgropus.
>>
>> So the comment is a little bit confusing. Because we cannot get
>> originalMemberNisNetgroup from LDAP.
>>
>>
>> > + if (string_in_list(SYSDB_ORIG_NETGROUP_MEMBER, missing, false)) {
>> > + ret = add_string_to_list(attrs, SYSDB_NETGROUP_MEMBER, &missing);
>> > + if (ret != EOK) {
>> > + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add string into
>> > list\n");
>> > + goto fail;
>> > + }
>> > + }
>> > +
>> > ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing,
>> > dom->netgroup_timeout, now);
>> > if (ret) goto fail;
>> > --
>> > 2.7.4
>> >
>>
>> > From 4ff31b600f01c810367756165500cfdb95f2be2b Mon Sep 17 00:00:00 2001
>> > From: Petr Cech <[email protected]>
>> > Date: Wed, 17 Aug 2016 14:01:09 +0200
>> > Subject: [PATCH 2/3] INTG: Adding support for netgroups to ldap_ent
>> >
>> > Resolves:
>> > https://fedorahosted.org/sssd/ticket/2841
>> > ---
>> > src/tests/intg/ldap_ent.py | 20 ++++++++++++++++++++
>> > 1 file changed, 20 insertions(+)
>> >
>> > diff --git a/src/tests/intg/ldap_ent.py b/src/tests/intg/ldap_ent.py
>> > index
>> > f8f2f7fe6977aec6fd704ad1c78a476a163a16f1..2bb93f8bf605876acfb273088944dcb121e67241
>> > 100644
>> > --- a/src/tests/intg/ldap_ent.py
>> > +++ b/src/tests/intg/ldap_ent.py
>> > @@ -87,6 +87,21 @@ def group_bis(base_dn, cn, gidNumber, member_uids=[],
>> > member_gids=[]):
>> > return ("cn=" + cn + ",ou=Groups," + base_dn, attr_list)
>> >
>> >
>> > +def netgroup(base_dn, cn, triples=(), members=()):
>> > + """
>> > + Generate an RFC2307bis netgroup add-modlist for passing to ldap.add*.
>> > + """
>> > + attr_list = [
>> > + ('objectClass', ['top', 'nisNetgroup'])
>> > + ]
>> > + member_list = []
>> You forgot to remove this unused aegument.
>> > + if len(triples) > 0:
>> > + attr_list.append(('nisNetgroupTriple', triples))
>> > + if len(members) > 0:
>> > + attr_list.append(('memberNisNetgroup', members))
>> When I was updating sssd_netgroup.py
>> I found out there is a simpler way for testing non-empty array :-)
>> if members:
>> attr_list.append(('memberNisNetgroup', members))
>>
>> > + return ("cn=" + cn + ",ou=Netgroups," + base_dn, attr_list)
>> > +
>> > +
>> > class List(list):
>> > """LDAP add-modlist list"""
>> >
>> > @@ -124,3 +139,8 @@ class List(list):
>> > self.append(group_bis(base_dn or self.base_dn,
>> > cn, gidNumber,
>> > member_uids, member_gids))
>> > +
>> > + def add_netgroup(self, cn, triples=(), members=(), base_dn=None):
>> > + """Add an RFC2307bis netgroup add-modlist."""
>> > + self.append(netgroup(base_dn or self.base_dn,
>> > + cn, triples, members))
>> > --
>> > 2.7.4
>> >
>>
>> > From ccb7aa90a1a63db0b13b60b92afeffc2325af50c Mon Sep 17 00:00:00 2001
>> > From: Petr Cech <[email protected]>
>> > Date: Wed, 17 Aug 2016 13:58:30 +0200
>> > Subject: [PATCH 3/3] INTG: Tests for ldap nested netgroups
>> >
>> > This patch adds tests on reproducer of t2841.
>> >
>> > Resolves:
>> > https://fedorahosted.org/sssd/ticket/2841
>> > ---
>> > src/tests/intg/Makefile.am | 1 +
>> > src/tests/intg/test_netgroup.py | 488
>> > ++++++++++++++++++++++++++++++++++++++++
>> > 2 files changed, 489 insertions(+)
>> > create mode 100644 src/tests/intg/test_netgroup.py
>> >
>> > diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
>> > index
>> > d73e4216310ccd1c90e6b7eb0a0e60068fc45bd5..75422a4417046116bec11a8a680fe2248e3afb69
>> > 100644
>> > --- a/src/tests/intg/Makefile.am
>> > +++ b/src/tests/intg/Makefile.am
>> > @@ -15,6 +15,7 @@ dist_noinst_DATA = \
>> > test_ldap.py \
>> > test_memory_cache.py \
>> > test_ts_cache.py \
>> > + test_netgroup.py \
>> > $(NULL)
>> >
>> > config.py: config.py.m4
>> > diff --git a/src/tests/intg/test_netgroup.py
>> > b/src/tests/intg/test_netgroup.py
>> > new file mode 100644
>> > index
>> > 0000000000000000000000000000000000000000..3c5dc6f3634ece0669f1748ccbd49b514eeb874f
>> > --- /dev/null
>> > +++ b/src/tests/intg/test_netgroup.py
>> > @@ -0,0 +1,488 @@
>> > +#
>> > +# Netgroup integration test
>> > +#
>> > +# Copyright (c) 2016 Red Hat, Inc.
>> > +# Author: Petr Cech <[email protected]>
>> > +#
>> > +# This is free software; you can redistribute it and/or modify it
>> > +# under the terms of the GNU General Public License as published by
>> > +# the Free Software Foundation; version 2 only
>> > +#
>> > +# This program is distributed in the hope that it will be useful, but
>> > +# WITHOUT ANY WARRANTY; without even the implied warranty of
>> > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>> > +# General Public License for more details.
>> > +#
>> > +# You should have received a copy of the GNU General Public License
>> > +# along with this program. If not, see <http://www.gnu.org/licenses/>.
>> > +#
>> > +
>> > +import os
>> > +import stat
>> > +import signal
>> > +import subprocess
>> > +import time
>> > +import ldap
>> > +import ldap.modlist
>> > +import pytest
>> > +
>> > +import config
>> > +import ds_openldap
>> > +import ldap_ent
>> > +from util import unindent
>> > +import sssd_netgroup as sssd_ntg
>> > +
>> > +LDAP_BASE_DN = "dc=example,dc=com"
>> > +
>> > +
>> > [email protected](scope="module")
>> > +def ds_inst(request):
>> > + """LDAP server instance fixture"""
>> > + ds_inst = ds_openldap.DSOpenLDAP(
>> > + config.PREFIX, 10389, LDAP_BASE_DN,
>> > + "cn=admin", "Secret123"
>> > + )
>> > +
>> > + try:
>> > + ds_inst.setup()
>> > + except:
>> > + ds_inst.teardown()
>> > + raise
>> > + request.addfinalizer(lambda: ds_inst.teardown())
>> You needn't use lambda if you do not plan
>> to use functions without arguments.
>> - request.addfinalizer(lambda: ds_inst.teardown())
>> + request.addfinalizer(ds_inst.teardown)
>>
>> > + return ds_inst
>> > +
>> > +
>> > [email protected](scope="module")
>> > +def ldap_conn(request, ds_inst):
>> > + """LDAP server connection fixture"""
>> > + ldap_conn = ds_inst.bind()
>> > + ldap_conn.ds_inst = ds_inst
>> > + request.addfinalizer(lambda: ldap_conn.unbind_s())
>> The same case here
>>
>> > + return ldap_conn
>> > +
>> > +
>> > +def create_ldap_entries(ldap_conn, ent_list=None):
>> > + """Add LDAP entries from ent_list"""
>> > + if ent_list is not None:
>> > + for entry in ent_list:
>> > + ldap_conn.add_s(entry[0], entry[1])
>> > +
>> > +
>> > +def cleanup_ldap_entries(ldap_conn, ent_list=None):
>> > + """Remove LDAP entries added by create_ldap_entries"""
>> > + if ent_list is None:
>> > + for ou in ("Users", "Groups", "Netgroups", "Services",
>> > "Policies"):
>> > + for entry in ldap_conn.search_s("ou=" + ou + "," +
>> > + ldap_conn.ds_inst.base_dn,
>> > + ldap.SCOPE_ONELEVEL,
>> > + attrlist=[]):
>> > + ldap_conn.delete_s(entry[0])
>> > + else:
>> > + for entry in ent_list:
>> > + ldap_conn.delete_s(entry[0])
>> > +
>> > +
>> > +def create_ldap_cleanup(request, ldap_conn, ent_list=None):
>> > + """Add teardown for removing all user/group LDAP entries"""
>> > + request.addfinalizer(lambda: cleanup_ldap_entries(ldap_conn,
>> > ent_list))
>> > +
>> > +
>> > +def create_ldap_fixture(request, ldap_conn, ent_list=None):
>> > + """Add LDAP entries and add teardown for removing them"""
>> > + create_ldap_entries(ldap_conn, ent_list)
>> > + create_ldap_cleanup(request, ldap_conn, ent_list)
>> > +
>> > +
>> > +SCHEMA_RFC2307_BIS = "rfc2307bis"
>> > +
>> > +
>> > +def format_basic_conf(ldap_conn, schema):
>> > + """Format a basic SSSD configuration"""
>> > + schema_conf = "ldap_schema = " + schema + "\n"
>> > + schema_conf += "ldap_group_object_class = groupOfNames\n"
>> > + return unindent("""\
>> > + [sssd]
>> > + domains = LDAP
>> > + services = nss
>> > +
>> > + [domain/LDAP]
>> > + {schema_conf}
>> > + id_provider = ldap
>> > + auth_provider = ldap
>> > + ldap_uri = {ldap_conn.ds_inst.ldap_url}
>> > + ldap_search_base = {ldap_conn.ds_inst.base_dn}
>> > + ldap_netgroup_search_base =
>> > ou=Netgroups,{ldap_conn.ds_inst.base_dn}
>> > + """).format(**locals())
>> > +
>> > +
>> > +def create_conf_file(contents):
>> > + """Create sssd.conf with specified contents"""
>> > + conf = open(config.CONF_PATH, "w")
>> > + conf.write(contents)
>> > + conf.close()
>> > + os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
>> > +
>> > +
>> > +def cleanup_conf_file():
>> > + """Remove sssd.conf, if it exists"""
>> > + if os.path.lexists(config.CONF_PATH):
>> > + os.unlink(config.CONF_PATH)
>> > +
>> > +
>> > +def create_conf_cleanup(request):
>> > + """Add teardown for removing sssd.conf"""
>> > + request.addfinalizer(cleanup_conf_file)
>> > +
>> > +
>> > +def create_conf_fixture(request, contents):
>> > + """
>> > + Create sssd.conf with specified contents and add teardown for
>> > removing it
>> > + """
>> > + create_conf_file(contents)
>> > + create_conf_cleanup(request)
>> > +
>> > +
>> > +def create_sssd_process():
>> > + """Start the SSSD process"""
>> > + if subprocess.call(["sssd", "-D", "-f"]) != 0:
>> > + raise Exception("sssd start failed")
>> > +
>> > +
>> > +def cleanup_sssd_process():
>> > + """Stop the SSSD process and remove its state"""
>> > + try:
>> > + pid_file = open(config.PIDFILE_PATH, "r")
>> > + pid = int(pid_file.read())
>> > + os.kill(pid, signal.SIGTERM)
>> > + while True:
>> > + try:
>> > + os.kill(pid, signal.SIGCONT)
>> > + except:
>> > + break
>> > + time.sleep(1)
>> > + except:
>> > + pass
>> > + for path in os.listdir(config.DB_PATH):
>> > + os.unlink(config.DB_PATH + "/" + path)
>> > + for path in os.listdir(config.MCACHE_PATH):
>> > + os.unlink(config.MCACHE_PATH + "/" + path)
>> > +
>> > +
>> > +def create_sssd_cleanup(request):
>> > + """Add teardown for stopping SSSD and removing its state"""
>> > + request.addfinalizer(cleanup_sssd_process)
>> > +
>> > +
>> > +def create_sssd_fixture(request):
>> > + """Start SSSD and add teardown for stopping it and removing its
>> > state"""
>> > + create_sssd_process()
>> > + create_sssd_cleanup(request)
>> > +
>> > +
>> > [email protected]
>> > +def add_empty_netgroup(request, ldap_conn):
>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>> > +
>> > + ent_list.add_netgroup("empty_netgroup")
>> > +
>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>> > + create_conf_fixture(request, conf)
>> > + create_sssd_fixture(request)
>> > + return None
>> > +
>> > +
>> > +def test_add_empty_netgroup(add_empty_netgroup):
>> > + """
>> > + Adding empty netgroup.
>> > + """
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("empty_netgroup")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == []
>> > +
>> > +
>> > [email protected]
>> > +def add_two_empty_netgroup(request, ldap_conn):
>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>> > +
>> > + ent_list.add_netgroup("empty_netgroup1")
>> > + ent_list.add_netgroup("empty_netgroup2")
>> > +
>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>> > + create_conf_fixture(request, conf)
>> > + create_sssd_fixture(request)
>> > + return None
>> > +
>> > +
>> > +def test_add_two_empty_netgroup(add_two_empty_netgroup):
>> > + """
>> > + Adding two empty netgroups.
>> > + """
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("empty_netgroup1")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == []
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("empty_netgroup2")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == []
>> > +
>> > +
>> If you wanted to test nested empty netgroups then
>> it is already covered in mixed_netgroup (by mixed_netgroup1 and
>> mixed_netgroup2)
>>
>> Otherwise this test-case is covered by previous test
>> test_add_empty_netgroup
>>
>> > [email protected]
>> > +def add_tripled_netgroup(request, ldap_conn):
>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>> > +
>> > + ent_list.add_netgroup("tripled_netgroup", ["(host,user,domain)"])
>> > +
>> > + ent_list.add_netgroup("adv_tripled_netgroup",
>> > ["(host1,user1,domain1)",
>> > +
>> > "(host2,user2,domain2)"])
>> > +
>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>> > + create_conf_fixture(request, conf)
>> > + create_sssd_fixture(request)
>> > + return None
>> > +
>> > +
>> > +def test_add_tripled_netgroup(add_tripled_netgroup):
>> > + """
>> > + Adding netgroup with triplet.
>> > + """
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("tripled_netgroup")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [("host", "user", "domain")]
>> > +
>> > + res, _, netgroups =
>> > sssd_ntg.get_sssd_netgroups("adv_tripled_netgroup")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert sorted(netgroups) == sorted([("host1", "user1", "domain1"),
>> > + ("host2", "user2", "domain2")])
>> > +
>> > +
>> > [email protected]
>> > +def add_mixed_netgroup(request, ldap_conn):
>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>> > +
>> > + ent_list.add_netgroup("mixed_netgroup1", [], [])
>>
>> > + ent_list.add_netgroup("mixed_netgroup2", [], ["mixed_netgroup1"])
>> > +
>> > + ent_list.add_netgroup("mixed_netgroup3", ["(host1,user1,domain1)"],
>> > [])
>> > + ent_list.add_netgroup("mixed_netgroup4",
>> > + ["(host2,user2,domain2)",
>> > "(host3,user3,domain3)"],
>> > + [])
>> You can remove empty list from previous 4 function invocations.
>> We can rely on default arguments. The same as in test_add_empty_netgroup
>>
>> > +
>> > + ent_list.add_netgroup("mixed_netgroup5",
>> > + ["(host4,user4,domain4)"],
>> > + ["mixed_netgroup1"])
>> > + ent_list.add_netgroup("mixed_netgroup6",
>> > + ["(host5,user5,domain5)"],
>> > + ["mixed_netgroup2"])
>> > +
>> > + ent_list.add_netgroup("mixed_netgroup7", [], ["mixed_netgroup3"])
>> > + ent_list.add_netgroup("mixed_netgroup8", [],
>> > + ["mixed_netgroup3", "mixed_netgroup4"])
>> > +
>> > + ent_list.add_netgroup("mixed_netgroup9",
>> > + ["(host6,user6,domain6)"],
>> > + ["mixed_netgroup3", "mixed_netgroup4"])
>> > +
>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>> > + create_conf_fixture(request, conf)
>> > + create_sssd_fixture(request)
>> > + return None
>> > +
>> > +
>> > +def test_add_mixed_netgroup(add_mixed_netgroup):
>> > + """
>> > + Adding many netgroups of different type.
>> > + """
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup1")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == []
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup2")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == []
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup3")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [("host1", "user1", "domain1")]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup4")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert sorted(netgroups) == sorted([("host2", "user2", "domain2"),
>> > + ("host3", "user3", "domain3")])
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup5")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [("host4", "user4", "domain4")]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup6")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [("host5", "user5", "domain5")]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup7")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [("host1", "user1", "domain1")]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup8")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert sorted(netgroups) == sorted([("host1", "user1", "domain1"),
>> > + ("host2", "user2", "domain2"),
>> > + ("host3", "user3", "domain3")])
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup9")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert sorted(netgroups) == sorted([("host1", "user1", "domain1"),
>> > + ("host2", "user2", "domain2"),
>> > + ("host3", "user3", "domain3"),
>> > + ("host6", "user6", "domain6")])
>> > +
>> > +
>> > [email protected]
>> > +def remove_step_by_step(request, ldap_conn):
>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>> > +
>> > + ent_list.add_netgroup("rm_empty_netgroup1", ["(host1,user1,domain1)"])
>> > + ent_list.add_netgroup("rm_empty_netgroup2",
>> > + ["(host2,user2,domain2)"],
>> > + ["rm_empty_netgroup1"])
>> > +
>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>> > + create_conf_fixture(request, conf)
>> > + create_sssd_fixture(request)
>> > + return ent_list
>> > +
>> > +
>> > +def test_remove_step_by_step(remove_step_by_step, ldap_conn):
>> > + """
>> > + Removing netgroups step by step.
>> > + """
>> > +
>> > + ent_list = remove_step_by_step
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup1")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [('host1', 'user1', 'domain1')]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup2")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert sorted(netgroups) == sorted([('host1', 'user1', 'domain1'),
>> > + ('host2', 'user2', 'domain2')])
>> > +
>> > + # removing of rm_empty_netgroup1
>> > + ldap_conn.delete_s(ent_list[0][0])
>> > + ent_list.remove(ent_list[0])
>> > +
>> > + if subprocess.call(["sss_cache", "-N"]) != 0:
>> > + raise Exception("sssd_cache failed")
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup1")
>> > + assert res == sssd_ntg.NssReturnCode.NOTFOUND
>> > + assert netgroups == []
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup2")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [('host2', 'user2', 'domain2')]
>> > +
>> > + # removing of rm_empty_netgroup2
>> > + ldap_conn.delete_s(ent_list[0][0])
>> > + ent_list.remove(ent_list[0])
>> > +
>> > + if subprocess.call(["sss_cache", "-N"]) != 0:
>> > + raise Exception("sssd_cache failed")
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup1")
>> > + assert res == sssd_ntg.NssReturnCode.NOTFOUND
>> > + assert netgroups == []
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup2")
>> > + assert res == sssd_ntg.NssReturnCode.NOTFOUND
>> > + assert netgroups == []
>> > +
>> > +
>> > [email protected]
>> > +def removing_nested_netgroups(request, ldap_conn):
>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>> > +
>> > + ent_list.add_netgroup("t2841_netgroup1", ["(host1,user1,domain1)"])
>> > + ent_list.add_netgroup("t2841_netgroup2", ["(host2,user2,domain2)"])
>> > + ent_list.add_netgroup("t2841_netgroup3", [],
>> > + ["t2841_netgroup1", "t2841_netgroup2"])
>> > +
>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>> > + create_conf_fixture(request, conf)
>> > + create_sssd_fixture(request)
>> > + return None
>> > +
>> > +
>> > +def test_removing_nested_netgroups(removing_nested_netgroups, ldap_conn):
>> > + """
>> > + Regression test for ticket 2841.
>> > + https://fedorahosted.org/sssd/ticket/2841
>> > + """
>> > +
>> > + netgroup_dn = 'cn=t2841_netgroup3,ou=Netgroups,dc=example,dc=com'
>> ^^^^^^^^^^^^^^^^^
>> It would be good to
>> use
>> ldap_conn.ds_inst.base_dn
>> So after changind base_dn test
>> will not fail
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup1")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [('host1', 'user1', 'domain1')]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup2")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [('host2', 'user2', 'domain2')]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup3")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert sorted(netgroups) == sorted([('host1', 'user1', 'domain1'),
>> > + ('host2', 'user2', 'domain2')])
>> > +
>> > + # removing of t2841_netgroup1 from t2841_netgroup3
>> > + old = {'memberNisNetgroup': ["t2841_netgroup1", "t2841_netgroup2"]}
>> > + new = {'memberNisNetgroup': ["t2841_netgroup2"]}
>> > +
>> > + ldif = ldap.modlist.modifyModlist(old, new)
>> > + ldap_conn.modify_s(netgroup_dn, ldif)
>> > +
>> > + if subprocess.call(["sss_cache", "-N"]) != 0:
>> > + raise Exception("sssd_cache failed")
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup1")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [('host1', 'user1', 'domain1')]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup2")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [('host2', 'user2', 'domain2')]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup3")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [('host2', 'user2', 'domain2')]
>> > +
>> > + # removing of t2841_netgroup2 from t2841_netgroup3
>> > + old = {'memberNisNetgroup': ["t2841_netgroup2"]}
>> > + new = {'memberNisNetgroup': []}
>> > +
>> > + ldif = ldap.modlist.modifyModlist(old, new)
>> > + ldap_conn.modify_s(netgroup_dn, ldif)
>> > +
>> > + if subprocess.call(["sss_cache", "-N"]) != 0:
>> > + raise Exception("sssd_cache failed")
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup1")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [('host1', 'user1', 'domain1')]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup2")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == [('host2', 'user2', 'domain2')]
>> > +
>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup3")
>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>> > + assert netgroups == []
>>
>>
>> LS
>
>Hi Lukas,
>
>thanks for review. I hope that I addressed all notes.
>New version is attached.
>
ACK
http://sssd-ci.duckdns.org/logs/job/52/28/summary.html
LS
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
