[SSSD] [sssd PR#228][opened] test_ldap.py: Add test for filter_{users,group}

[lslebodn]

   URL: https://github.com/SSSD/sssd/pull/228
Author: lslebodn
 Title: #228: test_ldap.py: Add test for filter_{users,group}
Action: opened

PR body:
"""
Test for:
https://pagure.io/SSSD/sssd/issue/3362

ATM it is expected to fail :-)
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/228/head:pr228
git checkout pr228

From f97550299fb0437457773340a0fe82431cc97e0a Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Wed, 5 Apr 2017 17:56:40 +0200
Subject: [PATCH] test_ldap.py: Add test for filter_{users,group}

Test for:
https://pagure.io/SSSD/sssd/issue/3362
---
 src/tests/intg/test_ldap.py | 96 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)

diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index 848cb41..ea7393f 100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -980,3 +980,99 @@ def rfc2307bis_no_nesting(request, ldap_conn):
 def test_zero_nesting_level(ldap_conn, rfc2307bis_no_nesting):
     ent.assert_group_by_name("group1",
                              dict(mem=ent.contains_only("user1")))
+
+
+@pytest.fixture
+def sanity_nss_filter(request, ldap_conn):
+    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+    ent_list.add_user("user1", 1001, 2001)
+    ent_list.add_user("user2", 1002, 2002)
+    ent_list.add_user("user3", 1003, 2003)
+
+    ent_list.add_group_bis("group1", 2001)
+    ent_list.add_group_bis("group2", 2002)
+    ent_list.add_group_bis("group3", 2003)
+
+    ent_list.add_group_bis("empty_group1", 2010)
+    ent_list.add_group_bis("empty_group2", 2011)
+
+    ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
+    ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"])
+    ent_list.add_group_bis("group_two_empty_groups", 2014,
+                           [], ["empty_group1", "empty_group2"])
+    ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
+    ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
+    ent_list.add_group_bis("group_one_user_group", 2017,
+                           [], ["one_user_group1"])
+    ent_list.add_group_bis("group_two_user_group", 2018,
+                           [], ["two_user_group"])
+    ent_list.add_group_bis("group_two_one_user_groups", 2019,
+                           [], ["one_user_group1", "one_user_group2"])
+
+    create_ldap_fixture(request, ldap_conn, ent_list)
+    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
+        unindent("""
+            [nss]
+            filter_users = user2
+            filter_groups = group_two_one_user_groups
+        """).format(**locals())
+    create_conf_fixture(request, conf)
+    create_sssd_fixture(request)
+    return None
+
+
+def test_nss_filters(ldap_conn, sanity_nss_filter):
+    passwd_pattern = expected_list_to_name_dict([
+        dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
+             dir='/home/user1', shell='/bin/bash'),
+        dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
+             dir='/home/user3', shell='/bin/bash')
+    ])
+
+    # test filtered user
+    ent.assert_each_passwd_by_name(passwd_pattern)
+    with pytest.raises(KeyError):
+        pwd.getpwnam("user2")
+    with pytest.raises(KeyError):
+        pwd.getpwuid(1002)
+
+    group_pattern = expected_list_to_name_dict([
+        dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
+        dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
+        dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
+        dict(name='empty_group1', passwd='*', gid=2010,
+             mem=ent.contains_only()),
+        dict(name='empty_group2', passwd='*', gid=2011,
+             mem=ent.contains_only()),
+        dict(name='two_user_group', passwd='*', gid=2012,
+             mem=ent.contains_only("user1")),
+        dict(name='group_empty_group', passwd='*', gid=2013,
+             mem=ent.contains_only()),
+        dict(name='group_two_empty_groups', passwd='*', gid=2014,
+             mem=ent.contains_only()),
+        dict(name='one_user_group1', passwd='*', gid=2015,
+             mem=ent.contains_only("user1")),
+        dict(name='one_user_group2', passwd='*', gid=2016,
+             mem=ent.contains_only()),
+        dict(name='group_one_user_group', passwd='*', gid=2017,
+             mem=ent.contains_only("user1")),
+        dict(name='group_two_user_group', passwd='*', gid=2018,
+             mem=ent.contains_only("user1")),
+    ])
+
+    # test filtered group
+    ent.assert_each_group_by_name(group_pattern)
+    with pytest.raises(KeyError):
+        grp.getgrnam("group_two_one_user_groups")
+    with pytest.raises(KeyError):
+        grp.getgrgid(2019)
+
+    # test non-existing user/group
+    with pytest.raises(KeyError):
+        pwd.getpwnam("non_existent_user")
+    with pytest.raises(KeyError):
+        pwd.getpwuid(9)
+    with pytest.raises(KeyError):
+        grp.getgrnam("non_existent_group")
+    with pytest.raises(KeyError):
+        grp.getgrgid(14)

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org