On (24/08/16 13:46), Lukas Slebodnik wrote:
>On (24/08/16 10:53), Petr Cech wrote:
>>On 08/24/2016 09:15 AM, Lukas Slebodnik wrote:
>>> On (22/08/16 16:39), Petr Cech wrote:
>>> > On 08/19/2016 05:18 PM, Lukas Slebodnik wrote:
>>> > > Thank you for test but I would appraciate a little bit simpler solution.
>>> > > "memberNisNetgroup"(SYSDB_NETGROUP_MEMBER)
>>> > > Your patch will append "memberNisNetgroup"(SYSDB_NETGROUP_MEMBER) to
>>> > > missing
>>> > > attributes if it is not in netgroup_attrs.
>>> > >
>>> > > However "memberNisNetgroup" and "originalMemberNisNetgroup" are
>>> > > tightly coupled attributes in sysdb.
>>> > > * the sysdb attributes "originalMemberNisNetgroup" contain the original
>>> > > value from LDAP which can be name of netgroup of dn.
>>> > > * the sysdb attributes "memberNisNetgroup" always contain shortname
>>> > > used by sssd.
>>> > > They are even the same if memberNisNetgroup in LDAP does not contain dn.
>>> > > One is generated from other.
>>> > >
>>> > >
>>> > > And function list_missing_attrs already find that
>>> > > "originalMemberNisNetgroup"
>>> > > is a missing attribute. Therefore if "originalMemberNisNetgroup"
>>> > > is in missing attibutes list then we have to add there also
>>> > > "memberNisNetgroup".
>>> > >
>>> > > e.g.
>>> > > diff --git a/src/providers/ldap/sdap_async_netgroups.c
>>> > > b/src/providers/ldap/sdap_async_netgroups.c
>>> > > index df233d9..1fe40f5 100644
>>> > > --- a/src/providers/ldap/sdap_async_netgroups.c
>>> > > +++ b/src/providers/ldap/sdap_async_netgroups.c
>>> > > @@ -138,6 +138,14 @@ static errno_t sdap_save_netgroup(TALLOC_CTX
>>> > > *memctx,
>>> > > goto fail;
>>> > > }
>>> > >
>>> > > + if (string_in_list(SYSDB_ORIG_NETGROUP_MEMBER, missing, false)) {
>>> > > + ret = add_string_to_list(attrs, SYSDB_NETGROUP_MEMBER,
>>> > > &missing);
>>> > > + if (ret != EOK) {
>>> > > + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add string into
>>> > > list\n");
>>> > > + goto fail;
>>> > > + }
>>> > > + }
>>> > > +
>>> > > ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing,
>>> > > dom->netgroup_timeout, now);
>>> > > if (ret) goto fail;
>>> > >
>>> > > + some optional nice explanation/comment why :-)
>>> >
>>> > Hi Lukas,
>>> >
>>> > thanks. I tested your solution, it is valid. I have to agree it is
>>> > simpler. I
>>> > fixed my patch in this way.
>>> >
>>> >
>>> > > > ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing,
>>> > > > dom->netgroup_timeout, now);
>>> > > > if (ret) goto fail;
>>> > > > --
>>> > > > 2.7.4
>>> > > >
>>> > >
>>> > > BTW the same bug is also ipa_save_netgroup in
>>> > > "src/providers/ipa/ipa_netgroups.c"
>>> > > But sysdb_add_netgroup is called wit NULL for missing attrinbutes :-)
>>> > >
>>> > > Anyway sdap_save_netgroup and ipa_save_netgroup do almost the same
>>> > > They just use different maps. You touched the netgroup related code.
>>> > > So it would be good to do small refactoring and reuse ldap
>>> > > sdap_save_netgroup in ipa_save_netgroup. So it would be good
>>> > > If you could fix ticket #3117 in recent future. Because you still
>>> > > remember
>>> > > the netgroup related code in LDAP. (It's not a blocker for #2841)
>>> > > It is just a recomendation :-)
>>> >
>>> > Right, I will take a look.
>>> >
>>> Thank you in advance.
>>>
>>> > From 25be35537e0d91af6939c3400340fe01cfb32ea7 Mon Sep 17 00:00:00 2001
>>> > From: Petr Cech <[email protected]>
>>> > Date: Fri, 22 Jul 2016 14:28:54 +0200
>>> > Subject: [PATCH 1/3] LDAP: Fixing of removing netgroup from cache
>>> >
>>> > There were problem with local key which wasn't properly removed.
>>> > This patch fixes it.
>>> >
>>> > Resolves:
>>> > https://fedorahosted.org/sssd/ticket/2841
>>> > ---
>>> > src/providers/ldap/sdap_async_netgroups.c | 12 ++++++++++++
>>> > 1 file changed, 12 insertions(+)
>>> >
>>> > diff --git a/src/providers/ldap/sdap_async_netgroups.c
>>> > b/src/providers/ldap/sdap_async_netgroups.c
>>> > index
>>> > df233d956df70cfcb5f68bd2afc9e2a23c50c3bb..f36ea030414638ae2c778bc532fa09a0b69ed7de
>>> > 100644
>>> > --- a/src/providers/ldap/sdap_async_netgroups.c
>>> > +++ b/src/providers/ldap/sdap_async_netgroups.c
>>> > @@ -138,6 +138,18 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
>>> > goto fail;
>>> > }
>>> >
>>> > + /* We can get SYSDB_ORIG_NETGROUP_MEMBER, but not
>>> > SYSDB_NETGROUP_MEMBER
>>> > + * from LDAP. Thus we add SYSDB_NETGROUP_MEMBER to missing
>>> > + * if SYSDB_ORIG_NETGROUP_MEMBER is in.
>>> > + */
>>> SYSDB_ORIG_NETGROUP_MEMBER is originalMemberNisNetgroup
>>> and SYSDB_NETGROUP_MEMBER is memberNisNetgroup
>>>
>>> And we get memberNisNetgroup from LDAP but the vale us stored in
>>> sysdb attribute originalMemberNisNetgroup. But it may contain
>>> simple name or DN. That's the reason why we always translate/generate
>>> simple name and store it in SYSDB_NETGROUP_MEMBER(memberNisNetgroup)
>>> in sysdb which is internaly used for searching netgropus.
>>>
>>> So the comment is a little bit confusing. Because we cannot get
>>> originalMemberNisNetgroup from LDAP.
>>>
>>>
>>> > + if (string_in_list(SYSDB_ORIG_NETGROUP_MEMBER, missing, false)) {
>>> > + ret = add_string_to_list(attrs, SYSDB_NETGROUP_MEMBER, &missing);
>>> > + if (ret != EOK) {
>>> > + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add string into
>>> > list\n");
>>> > + goto fail;
>>> > + }
>>> > + }
>>> > +
>>> > ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing,
>>> > dom->netgroup_timeout, now);
>>> > if (ret) goto fail;
>>> > --
>>> > 2.7.4
>>> >
>>>
>>> > From 4ff31b600f01c810367756165500cfdb95f2be2b Mon Sep 17 00:00:00 2001
>>> > From: Petr Cech <[email protected]>
>>> > Date: Wed, 17 Aug 2016 14:01:09 +0200
>>> > Subject: [PATCH 2/3] INTG: Adding support for netgroups to ldap_ent
>>> >
>>> > Resolves:
>>> > https://fedorahosted.org/sssd/ticket/2841
>>> > ---
>>> > src/tests/intg/ldap_ent.py | 20 ++++++++++++++++++++
>>> > 1 file changed, 20 insertions(+)
>>> >
>>> > diff --git a/src/tests/intg/ldap_ent.py b/src/tests/intg/ldap_ent.py
>>> > index
>>> > f8f2f7fe6977aec6fd704ad1c78a476a163a16f1..2bb93f8bf605876acfb273088944dcb121e67241
>>> > 100644
>>> > --- a/src/tests/intg/ldap_ent.py
>>> > +++ b/src/tests/intg/ldap_ent.py
>>> > @@ -87,6 +87,21 @@ def group_bis(base_dn, cn, gidNumber, member_uids=[],
>>> > member_gids=[]):
>>> > return ("cn=" + cn + ",ou=Groups," + base_dn, attr_list)
>>> >
>>> >
>>> > +def netgroup(base_dn, cn, triples=(), members=()):
>>> > + """
>>> > + Generate an RFC2307bis netgroup add-modlist for passing to ldap.add*.
>>> > + """
>>> > + attr_list = [
>>> > + ('objectClass', ['top', 'nisNetgroup'])
>>> > + ]
>>> > + member_list = []
>>> You forgot to remove this unused aegument.
>>> > + if len(triples) > 0:
>>> > + attr_list.append(('nisNetgroupTriple', triples))
>>> > + if len(members) > 0:
>>> > + attr_list.append(('memberNisNetgroup', members))
>>> When I was updating sssd_netgroup.py
>>> I found out there is a simpler way for testing non-empty array :-)
>>> if members:
>>> attr_list.append(('memberNisNetgroup', members))
>>>
>>> > + return ("cn=" + cn + ",ou=Netgroups," + base_dn, attr_list)
>>> > +
>>> > +
>>> > class List(list):
>>> > """LDAP add-modlist list"""
>>> >
>>> > @@ -124,3 +139,8 @@ class List(list):
>>> > self.append(group_bis(base_dn or self.base_dn,
>>> > cn, gidNumber,
>>> > member_uids, member_gids))
>>> > +
>>> > + def add_netgroup(self, cn, triples=(), members=(), base_dn=None):
>>> > + """Add an RFC2307bis netgroup add-modlist."""
>>> > + self.append(netgroup(base_dn or self.base_dn,
>>> > + cn, triples, members))
>>> > --
>>> > 2.7.4
>>> >
>>>
>>> > From ccb7aa90a1a63db0b13b60b92afeffc2325af50c Mon Sep 17 00:00:00 2001
>>> > From: Petr Cech <[email protected]>
>>> > Date: Wed, 17 Aug 2016 13:58:30 +0200
>>> > Subject: [PATCH 3/3] INTG: Tests for ldap nested netgroups
>>> >
>>> > This patch adds tests on reproducer of t2841.
>>> >
>>> > Resolves:
>>> > https://fedorahosted.org/sssd/ticket/2841
>>> > ---
>>> > src/tests/intg/Makefile.am | 1 +
>>> > src/tests/intg/test_netgroup.py | 488
>>> > ++++++++++++++++++++++++++++++++++++++++
>>> > 2 files changed, 489 insertions(+)
>>> > create mode 100644 src/tests/intg/test_netgroup.py
>>> >
>>> > diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
>>> > index
>>> > d73e4216310ccd1c90e6b7eb0a0e60068fc45bd5..75422a4417046116bec11a8a680fe2248e3afb69
>>> > 100644
>>> > --- a/src/tests/intg/Makefile.am
>>> > +++ b/src/tests/intg/Makefile.am
>>> > @@ -15,6 +15,7 @@ dist_noinst_DATA = \
>>> > test_ldap.py \
>>> > test_memory_cache.py \
>>> > test_ts_cache.py \
>>> > + test_netgroup.py \
>>> > $(NULL)
>>> >
>>> > config.py: config.py.m4
>>> > diff --git a/src/tests/intg/test_netgroup.py
>>> > b/src/tests/intg/test_netgroup.py
>>> > new file mode 100644
>>> > index
>>> > 0000000000000000000000000000000000000000..3c5dc6f3634ece0669f1748ccbd49b514eeb874f
>>> > --- /dev/null
>>> > +++ b/src/tests/intg/test_netgroup.py
>>> > @@ -0,0 +1,488 @@
>>> > +#
>>> > +# Netgroup integration test
>>> > +#
>>> > +# Copyright (c) 2016 Red Hat, Inc.
>>> > +# Author: Petr Cech <[email protected]>
>>> > +#
>>> > +# This is free software; you can redistribute it and/or modify it
>>> > +# under the terms of the GNU General Public License as published by
>>> > +# the Free Software Foundation; version 2 only
>>> > +#
>>> > +# This program is distributed in the hope that it will be useful, but
>>> > +# WITHOUT ANY WARRANTY; without even the implied warranty of
>>> > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>> > +# General Public License for more details.
>>> > +#
>>> > +# You should have received a copy of the GNU General Public License
>>> > +# along with this program. If not, see <http://www.gnu.org/licenses/>.
>>> > +#
>>> > +
>>> > +import os
>>> > +import stat
>>> > +import signal
>>> > +import subprocess
>>> > +import time
>>> > +import ldap
>>> > +import ldap.modlist
>>> > +import pytest
>>> > +
>>> > +import config
>>> > +import ds_openldap
>>> > +import ldap_ent
>>> > +from util import unindent
>>> > +import sssd_netgroup as sssd_ntg
>>> > +
>>> > +LDAP_BASE_DN = "dc=example,dc=com"
>>> > +
>>> > +
>>> > [email protected](scope="module")
>>> > +def ds_inst(request):
>>> > + """LDAP server instance fixture"""
>>> > + ds_inst = ds_openldap.DSOpenLDAP(
>>> > + config.PREFIX, 10389, LDAP_BASE_DN,
>>> > + "cn=admin", "Secret123"
>>> > + )
>>> > +
>>> > + try:
>>> > + ds_inst.setup()
>>> > + except:
>>> > + ds_inst.teardown()
>>> > + raise
>>> > + request.addfinalizer(lambda: ds_inst.teardown())
>>> You needn't use lambda if you do not plan
>>> to use functions without arguments.
>>> - request.addfinalizer(lambda: ds_inst.teardown())
>>> + request.addfinalizer(ds_inst.teardown)
>>>
>>> > + return ds_inst
>>> > +
>>> > +
>>> > [email protected](scope="module")
>>> > +def ldap_conn(request, ds_inst):
>>> > + """LDAP server connection fixture"""
>>> > + ldap_conn = ds_inst.bind()
>>> > + ldap_conn.ds_inst = ds_inst
>>> > + request.addfinalizer(lambda: ldap_conn.unbind_s())
>>> The same case here
>>>
>>> > + return ldap_conn
>>> > +
>>> > +
>>> > +def create_ldap_entries(ldap_conn, ent_list=None):
>>> > + """Add LDAP entries from ent_list"""
>>> > + if ent_list is not None:
>>> > + for entry in ent_list:
>>> > + ldap_conn.add_s(entry[0], entry[1])
>>> > +
>>> > +
>>> > +def cleanup_ldap_entries(ldap_conn, ent_list=None):
>>> > + """Remove LDAP entries added by create_ldap_entries"""
>>> > + if ent_list is None:
>>> > + for ou in ("Users", "Groups", "Netgroups", "Services",
>>> > "Policies"):
>>> > + for entry in ldap_conn.search_s("ou=" + ou + "," +
>>> > + ldap_conn.ds_inst.base_dn,
>>> > + ldap.SCOPE_ONELEVEL,
>>> > + attrlist=[]):
>>> > + ldap_conn.delete_s(entry[0])
>>> > + else:
>>> > + for entry in ent_list:
>>> > + ldap_conn.delete_s(entry[0])
>>> > +
>>> > +
>>> > +def create_ldap_cleanup(request, ldap_conn, ent_list=None):
>>> > + """Add teardown for removing all user/group LDAP entries"""
>>> > + request.addfinalizer(lambda: cleanup_ldap_entries(ldap_conn,
>>> > ent_list))
>>> > +
>>> > +
>>> > +def create_ldap_fixture(request, ldap_conn, ent_list=None):
>>> > + """Add LDAP entries and add teardown for removing them"""
>>> > + create_ldap_entries(ldap_conn, ent_list)
>>> > + create_ldap_cleanup(request, ldap_conn, ent_list)
>>> > +
>>> > +
>>> > +SCHEMA_RFC2307_BIS = "rfc2307bis"
>>> > +
>>> > +
>>> > +def format_basic_conf(ldap_conn, schema):
>>> > + """Format a basic SSSD configuration"""
>>> > + schema_conf = "ldap_schema = " + schema + "\n"
>>> > + schema_conf += "ldap_group_object_class = groupOfNames\n"
>>> > + return unindent("""\
>>> > + [sssd]
>>> > + domains = LDAP
>>> > + services = nss
>>> > +
>>> > + [domain/LDAP]
>>> > + {schema_conf}
>>> > + id_provider = ldap
>>> > + auth_provider = ldap
>>> > + ldap_uri = {ldap_conn.ds_inst.ldap_url}
>>> > + ldap_search_base = {ldap_conn.ds_inst.base_dn}
>>> > + ldap_netgroup_search_base =
>>> > ou=Netgroups,{ldap_conn.ds_inst.base_dn}
>>> > + """).format(**locals())
>>> > +
>>> > +
>>> > +def create_conf_file(contents):
>>> > + """Create sssd.conf with specified contents"""
>>> > + conf = open(config.CONF_PATH, "w")
>>> > + conf.write(contents)
>>> > + conf.close()
>>> > + os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
>>> > +
>>> > +
>>> > +def cleanup_conf_file():
>>> > + """Remove sssd.conf, if it exists"""
>>> > + if os.path.lexists(config.CONF_PATH):
>>> > + os.unlink(config.CONF_PATH)
>>> > +
>>> > +
>>> > +def create_conf_cleanup(request):
>>> > + """Add teardown for removing sssd.conf"""
>>> > + request.addfinalizer(cleanup_conf_file)
>>> > +
>>> > +
>>> > +def create_conf_fixture(request, contents):
>>> > + """
>>> > + Create sssd.conf with specified contents and add teardown for
>>> > removing it
>>> > + """
>>> > + create_conf_file(contents)
>>> > + create_conf_cleanup(request)
>>> > +
>>> > +
>>> > +def create_sssd_process():
>>> > + """Start the SSSD process"""
>>> > + if subprocess.call(["sssd", "-D", "-f"]) != 0:
>>> > + raise Exception("sssd start failed")
>>> > +
>>> > +
>>> > +def cleanup_sssd_process():
>>> > + """Stop the SSSD process and remove its state"""
>>> > + try:
>>> > + pid_file = open(config.PIDFILE_PATH, "r")
>>> > + pid = int(pid_file.read())
>>> > + os.kill(pid, signal.SIGTERM)
>>> > + while True:
>>> > + try:
>>> > + os.kill(pid, signal.SIGCONT)
>>> > + except:
>>> > + break
>>> > + time.sleep(1)
>>> > + except:
>>> > + pass
>>> > + for path in os.listdir(config.DB_PATH):
>>> > + os.unlink(config.DB_PATH + "/" + path)
>>> > + for path in os.listdir(config.MCACHE_PATH):
>>> > + os.unlink(config.MCACHE_PATH + "/" + path)
>>> > +
>>> > +
>>> > +def create_sssd_cleanup(request):
>>> > + """Add teardown for stopping SSSD and removing its state"""
>>> > + request.addfinalizer(cleanup_sssd_process)
>>> > +
>>> > +
>>> > +def create_sssd_fixture(request):
>>> > + """Start SSSD and add teardown for stopping it and removing its
>>> > state"""
>>> > + create_sssd_process()
>>> > + create_sssd_cleanup(request)
>>> > +
>>> > +
>>> > [email protected]
>>> > +def add_empty_netgroup(request, ldap_conn):
>>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>>> > +
>>> > + ent_list.add_netgroup("empty_netgroup")
>>> > +
>>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>>> > + create_conf_fixture(request, conf)
>>> > + create_sssd_fixture(request)
>>> > + return None
>>> > +
>>> > +
>>> > +def test_add_empty_netgroup(add_empty_netgroup):
>>> > + """
>>> > + Adding empty netgroup.
>>> > + """
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("empty_netgroup")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == []
>>> > +
>>> > +
>>> > [email protected]
>>> > +def add_two_empty_netgroup(request, ldap_conn):
>>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>>> > +
>>> > + ent_list.add_netgroup("empty_netgroup1")
>>> > + ent_list.add_netgroup("empty_netgroup2")
>>> > +
>>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>>> > + create_conf_fixture(request, conf)
>>> > + create_sssd_fixture(request)
>>> > + return None
>>> > +
>>> > +
>>> > +def test_add_two_empty_netgroup(add_two_empty_netgroup):
>>> > + """
>>> > + Adding two empty netgroups.
>>> > + """
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("empty_netgroup1")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == []
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("empty_netgroup2")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == []
>>> > +
>>> > +
>>> If you wanted to test nested empty netgroups then
>>> it is already covered in mixed_netgroup (by mixed_netgroup1 and
>>> mixed_netgroup2)
>>>
>>> Otherwise this test-case is covered by previous test
>>> test_add_empty_netgroup
>>>
>>> > [email protected]
>>> > +def add_tripled_netgroup(request, ldap_conn):
>>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>>> > +
>>> > + ent_list.add_netgroup("tripled_netgroup", ["(host,user,domain)"])
>>> > +
>>> > + ent_list.add_netgroup("adv_tripled_netgroup",
>>> > ["(host1,user1,domain1)",
>>> > +
>>> > "(host2,user2,domain2)"])
>>> > +
>>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>>> > + create_conf_fixture(request, conf)
>>> > + create_sssd_fixture(request)
>>> > + return None
>>> > +
>>> > +
>>> > +def test_add_tripled_netgroup(add_tripled_netgroup):
>>> > + """
>>> > + Adding netgroup with triplet.
>>> > + """
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("tripled_netgroup")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [("host", "user", "domain")]
>>> > +
>>> > + res, _, netgroups =
>>> > sssd_ntg.get_sssd_netgroups("adv_tripled_netgroup")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert sorted(netgroups) == sorted([("host1", "user1", "domain1"),
>>> > + ("host2", "user2", "domain2")])
>>> > +
>>> > +
>>> > [email protected]
>>> > +def add_mixed_netgroup(request, ldap_conn):
>>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>>> > +
>>> > + ent_list.add_netgroup("mixed_netgroup1", [], [])
>>>
>>> > + ent_list.add_netgroup("mixed_netgroup2", [], ["mixed_netgroup1"])
>>> > +
>>> > + ent_list.add_netgroup("mixed_netgroup3", ["(host1,user1,domain1)"],
>>> > [])
>>> > + ent_list.add_netgroup("mixed_netgroup4",
>>> > + ["(host2,user2,domain2)",
>>> > "(host3,user3,domain3)"],
>>> > + [])
>>> You can remove empty list from previous 4 function invocations.
>>> We can rely on default arguments. The same as in test_add_empty_netgroup
>>>
>>> > +
>>> > + ent_list.add_netgroup("mixed_netgroup5",
>>> > + ["(host4,user4,domain4)"],
>>> > + ["mixed_netgroup1"])
>>> > + ent_list.add_netgroup("mixed_netgroup6",
>>> > + ["(host5,user5,domain5)"],
>>> > + ["mixed_netgroup2"])
>>> > +
>>> > + ent_list.add_netgroup("mixed_netgroup7", [], ["mixed_netgroup3"])
>>> > + ent_list.add_netgroup("mixed_netgroup8", [],
>>> > + ["mixed_netgroup3", "mixed_netgroup4"])
>>> > +
>>> > + ent_list.add_netgroup("mixed_netgroup9",
>>> > + ["(host6,user6,domain6)"],
>>> > + ["mixed_netgroup3", "mixed_netgroup4"])
>>> > +
>>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>>> > + create_conf_fixture(request, conf)
>>> > + create_sssd_fixture(request)
>>> > + return None
>>> > +
>>> > +
>>> > +def test_add_mixed_netgroup(add_mixed_netgroup):
>>> > + """
>>> > + Adding many netgroups of different type.
>>> > + """
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup1")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == []
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup2")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == []
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup3")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [("host1", "user1", "domain1")]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup4")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert sorted(netgroups) == sorted([("host2", "user2", "domain2"),
>>> > + ("host3", "user3", "domain3")])
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup5")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [("host4", "user4", "domain4")]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup6")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [("host5", "user5", "domain5")]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup7")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [("host1", "user1", "domain1")]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup8")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert sorted(netgroups) == sorted([("host1", "user1", "domain1"),
>>> > + ("host2", "user2", "domain2"),
>>> > + ("host3", "user3", "domain3")])
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("mixed_netgroup9")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert sorted(netgroups) == sorted([("host1", "user1", "domain1"),
>>> > + ("host2", "user2", "domain2"),
>>> > + ("host3", "user3", "domain3"),
>>> > + ("host6", "user6", "domain6")])
>>> > +
>>> > +
>>> > [email protected]
>>> > +def remove_step_by_step(request, ldap_conn):
>>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>>> > +
>>> > + ent_list.add_netgroup("rm_empty_netgroup1",
>>> > ["(host1,user1,domain1)"])
>>> > + ent_list.add_netgroup("rm_empty_netgroup2",
>>> > + ["(host2,user2,domain2)"],
>>> > + ["rm_empty_netgroup1"])
>>> > +
>>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>>> > + create_conf_fixture(request, conf)
>>> > + create_sssd_fixture(request)
>>> > + return ent_list
>>> > +
>>> > +
>>> > +def test_remove_step_by_step(remove_step_by_step, ldap_conn):
>>> > + """
>>> > + Removing netgroups step by step.
>>> > + """
>>> > +
>>> > + ent_list = remove_step_by_step
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup1")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [('host1', 'user1', 'domain1')]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup2")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert sorted(netgroups) == sorted([('host1', 'user1', 'domain1'),
>>> > + ('host2', 'user2', 'domain2')])
>>> > +
>>> > + # removing of rm_empty_netgroup1
>>> > + ldap_conn.delete_s(ent_list[0][0])
>>> > + ent_list.remove(ent_list[0])
>>> > +
>>> > + if subprocess.call(["sss_cache", "-N"]) != 0:
>>> > + raise Exception("sssd_cache failed")
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup1")
>>> > + assert res == sssd_ntg.NssReturnCode.NOTFOUND
>>> > + assert netgroups == []
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup2")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [('host2', 'user2', 'domain2')]
>>> > +
>>> > + # removing of rm_empty_netgroup2
>>> > + ldap_conn.delete_s(ent_list[0][0])
>>> > + ent_list.remove(ent_list[0])
>>> > +
>>> > + if subprocess.call(["sss_cache", "-N"]) != 0:
>>> > + raise Exception("sssd_cache failed")
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup1")
>>> > + assert res == sssd_ntg.NssReturnCode.NOTFOUND
>>> > + assert netgroups == []
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("rm_empty_netgroup2")
>>> > + assert res == sssd_ntg.NssReturnCode.NOTFOUND
>>> > + assert netgroups == []
>>> > +
>>> > +
>>> > [email protected]
>>> > +def removing_nested_netgroups(request, ldap_conn):
>>> > + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
>>> > +
>>> > + ent_list.add_netgroup("t2841_netgroup1", ["(host1,user1,domain1)"])
>>> > + ent_list.add_netgroup("t2841_netgroup2", ["(host2,user2,domain2)"])
>>> > + ent_list.add_netgroup("t2841_netgroup3", [],
>>> > + ["t2841_netgroup1", "t2841_netgroup2"])
>>> > +
>>> > + create_ldap_fixture(request, ldap_conn, ent_list)
>>> > + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
>>> > + create_conf_fixture(request, conf)
>>> > + create_sssd_fixture(request)
>>> > + return None
>>> > +
>>> > +
>>> > +def test_removing_nested_netgroups(removing_nested_netgroups, ldap_conn):
>>> > + """
>>> > + Regression test for ticket 2841.
>>> > + https://fedorahosted.org/sssd/ticket/2841
>>> > + """
>>> > +
>>> > + netgroup_dn = 'cn=t2841_netgroup3,ou=Netgroups,dc=example,dc=com'
>>> ^^^^^^^^^^^^^^^^^
>>> It would be good to
>>> use
>>> ldap_conn.ds_inst.base_dn
>>> So after changind base_dn test
>>> will not fail
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup1")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [('host1', 'user1', 'domain1')]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup2")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [('host2', 'user2', 'domain2')]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup3")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert sorted(netgroups) == sorted([('host1', 'user1', 'domain1'),
>>> > + ('host2', 'user2', 'domain2')])
>>> > +
>>> > + # removing of t2841_netgroup1 from t2841_netgroup3
>>> > + old = {'memberNisNetgroup': ["t2841_netgroup1", "t2841_netgroup2"]}
>>> > + new = {'memberNisNetgroup': ["t2841_netgroup2"]}
>>> > +
>>> > + ldif = ldap.modlist.modifyModlist(old, new)
>>> > + ldap_conn.modify_s(netgroup_dn, ldif)
>>> > +
>>> > + if subprocess.call(["sss_cache", "-N"]) != 0:
>>> > + raise Exception("sssd_cache failed")
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup1")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [('host1', 'user1', 'domain1')]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup2")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [('host2', 'user2', 'domain2')]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup3")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [('host2', 'user2', 'domain2')]
>>> > +
>>> > + # removing of t2841_netgroup2 from t2841_netgroup3
>>> > + old = {'memberNisNetgroup': ["t2841_netgroup2"]}
>>> > + new = {'memberNisNetgroup': []}
>>> > +
>>> > + ldif = ldap.modlist.modifyModlist(old, new)
>>> > + ldap_conn.modify_s(netgroup_dn, ldif)
>>> > +
>>> > + if subprocess.call(["sss_cache", "-N"]) != 0:
>>> > + raise Exception("sssd_cache failed")
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup1")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [('host1', 'user1', 'domain1')]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup2")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == [('host2', 'user2', 'domain2')]
>>> > +
>>> > + res, _, netgroups = sssd_ntg.get_sssd_netgroups("t2841_netgroup3")
>>> > + assert res == sssd_ntg.NssReturnCode.SUCCESS
>>> > + assert netgroups == []
>>>
>>>
>>> LS
>>
>>Hi Lukas,
>>
>>thanks for review. I hope that I addressed all notes.
>>New version is attached.
>>
>ACK
>
>http://sssd-ci.duckdns.org/logs/job/52/28/summary.html
>
Thank you for patience with review.
master:
* 05457ed0e399aaacc919b7aacee5d8210e1c1072
* 1cba321946084231c220e9561487555671b944c3
* bf141e052a81b28ee0ad2f61ff8b4879e4faa13b
LS
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
