URL: https://github.com/SSSD/sssd/pull/680
Author: mrniranjan
Title: #680: pytest: Add test case for Expired sudo rule
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/680/head:pr680
git checkout pr680
From 8cddf199d93b5c5e9898cda260524facfe854725 Mon Sep 17 00:00:00 2001
From: "Niranjan M.R" <mrniran...@redhat.com>
Date: Tue, 16 Oct 2018 14:00:30 +0530
Subject: [PATCH 1/6] pytest/sudo: Modify fixture to restore sssd.conf
Modify set_case_sensitive_false fixture to restore sssd.conf
back to the original sssd.conf after running test_case_senitivity
test case.
Signed-off-by: Niranjan M.R <mrniran...@redhat.com>
---
src/tests/multihost/basic/conftest.py | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py
index 0d3b831bea..376a3b415b 100644
--- a/src/tests/multihost/basic/conftest.py
+++ b/src/tests/multihost/basic/conftest.py
@@ -15,6 +15,7 @@
import os
import tempfile
import ldap
+import time
def pytest_namespace():
@@ -193,8 +194,10 @@ def create_casesensitive_posix_user(session_multihost):
@pytest.fixture
-def set_case_sensitive_false(session_multihost):
+def set_case_sensitive_false(session_multihost, request):
""" Set case_sensitive to false in sssd domain section """
+ bkup_sssd = 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig'
+ session_multihost.master[0].run_command(bkup_sssd)
session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf',
'/tmp/sssd.conf')
sssdconfig = ConfigParser.SafeConfigParser()
@@ -208,6 +211,14 @@ def set_case_sensitive_false(session_multihost):
'/etc/sssd/sssd.conf')
session_multihost.master[0].service_sssd('restart')
+ def restore_sssd():
+ """ Restore sssd.conf """
+ restore_sssd = 'cp -f /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf'
+ session_multihost.master[0].run_command(restore_sssd)
+ session_multihost.master[0].service_sssd('restart')
+ time.sleep(5)
+ request.addfinalizer(restore_sssd)
+
@pytest.fixture
def enable_files_domain(session_multihost):
From f8926ab5817696c8825b5a8d2388a002266b1e56 Mon Sep 17 00:00:00 2001
From: "Niranjan M.R" <mrniran...@redhat.com>
Date: Tue, 16 Oct 2018 16:31:25 +0530
Subject: [PATCH 2/6] pytest/sudo: Rename create_sudorule to
case_sensitive_sudorule
Add del_sudo_rule function to delete the sudo rules
after test_sensitivity completes
Signed-off-by: Niranjan M.R <mrniran...@redhat.com>
---
src/tests/multihost/basic/conftest.py | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py
index 376a3b415b..cfc35d527a 100644
--- a/src/tests/multihost/basic/conftest.py
+++ b/src/tests/multihost/basic/conftest.py
@@ -254,10 +254,10 @@ def teardown_files_domain_users():
@pytest.fixture
-def create_sudorule(session_multihost, create_casesensitive_posix_user):
+def case_sensitive_sudorule(session_multihost,
+ create_casesensitive_posix_user,
+ request):
""" Create posix user and groups """
- # pylint: disable=unused-argument
- _pytest_fixtures = [create_casesensitive_posix_user]
ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
ds_rootdn = 'cn=Directory Manager'
ds_rootpw = 'Secret123'
@@ -280,6 +280,17 @@ def create_sudorule(session_multihost, create_casesensitive_posix_user):
except LdapException:
pytest.fail("Failed to add sudo rule %s" % rule_dn2)
+ def del_sensitive_sudo_rule():
+ """ Delete sudo rule """
+ (ret, _) = ldap_inst.del_dn(rule_dn1)
+ assert ret == 'Success'
+ (ret, _) = ldap_inst.del_dn(rule_dn2)
+ assert ret == 'Success'
+ (ret, _) = ldap_inst.del_dn(sudo_ou)
+ assert ret == 'Success'
+ time.sleep(5)
+ request.addfinalizer(del_sensitive_sudo_rule)
+
@pytest.fixture
def enable_sss_sudo_nsswitch(session_multihost, tmpdir, request):
From 2e2240c2e3d7dc9be0f85a746855b20390aaa6c0 Mon Sep 17 00:00:00 2001
From: "Niranjan M.R" <mrniran...@redhat.com>
Date: Tue, 16 Oct 2018 16:35:43 +0530
Subject: [PATCH 3/6] pytest/sudo: call case_sensitive_sudorule fixture instead
of create_sudorule
Signed-off-by: Niranjan M.R <mrniran...@redhat.com>
---
src/tests/multihost/basic/test_sudo.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/tests/multihost/basic/test_sudo.py b/src/tests/multihost/basic/test_sudo.py
index ecf41ffb1a..af9b7a8e87 100644
--- a/src/tests/multihost/basic/test_sudo.py
+++ b/src/tests/multihost/basic/test_sudo.py
@@ -6,12 +6,12 @@
class TestSanitySudo(object):
""" Basic Sanity Test cases for sudo service in sssd """
- def test_case_senitivity(self, multihost, create_sudorule,
+ def test_case_senitivity(self, multihost, case_sensitive_sudorule,
enable_sss_sudo_nsswitch,
set_case_sensitive_false):
""" Verify case sensitivity in sudo responder """
# pylint: disable=unused-argument
- _pytest_fixtures = [create_sudorule, enable_sss_sudo_nsswitch,
+ _pytest_fixtures = [case_sensitive_sudorule, enable_sss_sudo_nsswitch,
set_case_sensitive_false]
try:
ssh = SSHClient(multihost.master[0].sys_hostname,
From 604876b498bd53d30f8eac36331b3cc538643854 Mon Sep 17 00:00:00 2001
From: "Niranjan M.R" <mrniran...@redhat.com>
Date: Tue, 16 Oct 2018 16:45:31 +0530
Subject: [PATCH 4/6] pytest/sudo: Add 2 fixtures set_entry_cache_timeout and
generic_sudorule
set_entry_cache_timeout: this fixture adds entry_cache_timeout
to domain sections of sssd.conf.
generic_sudorule: Adds a generic sudo rule to access /usr/bin/less
Signed-off-by: Niranjan M.R <mrniran...@redhat.com>
---
src/tests/multihost/basic/conftest.py | 54 +++++++++++++++++++++++++++
1 file changed, 54 insertions(+)
diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py
index cfc35d527a..94b58f7a4e 100644
--- a/src/tests/multihost/basic/conftest.py
+++ b/src/tests/multihost/basic/conftest.py
@@ -220,6 +220,60 @@ def restore_sssd():
request.addfinalizer(restore_sssd)
+@pytest.fixture
+def set_entry_cache_timeout(session_multihost, request):
+ """ Set case_sensitive to false in sssd domain section """
+ bkup_sssd = 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig'
+ session_multihost.master[0].run_command(bkup_sssd)
+ session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf',
+ '/tmp/sssd.conf')
+ sssdconfig = ConfigParser.ConfigParser()
+ sssdconfig.read('/tmp/sssd.conf')
+ domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST')
+ if domain_section in sssdconfig.sections():
+ sssdconfig.set(domain_section, 'entry_cache_sudo_timeout', '30')
+ with open('/tmp/sssd.conf', "w") as sssconf:
+ sssdconfig.write(sssconf)
+ session_multihost.master[0].transport.put_file('/tmp/sssd.conf',
+ '/etc/sssd/sssd.conf')
+ session_multihost.master[0].service_sssd('restart')
+
+ def restore_sssd():
+ """ Restore sssd.conf """
+ restore_sssd = 'cp -f /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf'
+ session_multihost.master[0].run_command(restore_sssd)
+ session_multihost.master[0].service_sssd('restart')
+ time.sleep(5)
+ request.addfinalizer(restore_sssd)
+
+
+@pytest.fixture
+def generic_sudorule(session_multihost, request):
+ """ Create a generic sudo rule """
+ ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
+ ds_rootdn = 'cn=Directory Manager'
+ ds_rootpw = 'Secret123'
+ ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
+ ldap_inst.org_unit('sudoers', 'dc=example,dc=test')
+ sudo_ou = 'ou=sudoers,dc=example,dc=test'
+ rule_dn1 = "%s,%s" % ('cn=lessrule', sudo_ou)
+ sudo_options = ["!requiretty", "!authenticate"]
+ try:
+ ldap_inst.add_sudo_rule(rule_dn1, 'ALL',
+ '/usr/bin/less', 'foo1',
+ sudo_options)
+ except LdapException:
+ pytest.fail("Failed to add sudo rule %s" % rule_dn1)
+
+ def del_sudo_rule():
+ """ Delete sudo rule """
+ (ret, _) = ldap_inst.del_dn(rule_dn1)
+ assert ret == 'Success'
+ (ret, _) = ldap_inst.del_dn(sudo_ou)
+ assert ret == 'Success'
+ request.addfinalizer(del_sudo_rule)
+
+
@pytest.fixture
def enable_files_domain(session_multihost):
"""
From 7cff0800c0dade5259d064266a485c7f86c63785 Mon Sep 17 00:00:00 2001
From: "Niranjan M.R" <mrniran...@redhat.com>
Date: Tue, 16 Oct 2018 18:33:24 +0530
Subject: [PATCH 5/6] pytest/sudo: Add Testcase: sssd crashes when refreshing
expired sudo rules.
Signed-off-by: Niranjan M.R <mrniran...@redhat.com>
---
src/tests/multihost/basic/test_sudo.py | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/src/tests/multihost/basic/test_sudo.py b/src/tests/multihost/basic/test_sudo.py
index af9b7a8e87..065319b1c4 100644
--- a/src/tests/multihost/basic/test_sudo.py
+++ b/src/tests/multihost/basic/test_sudo.py
@@ -2,6 +2,7 @@
from sssd.testlib.common.utils import SSHClient
import paramiko
import pytest
+import time
class TestSanitySudo(object):
@@ -29,3 +30,27 @@ def test_case_senitivity(self, multihost, case_sensitive_sudorule,
assert '/usr/bin/less\n' in result
assert '/usr/bin/more\n' in result
ssh.close()
+
+ def test_refresh_expired_rule(self, multihost,
+ enable_sss_sudo_nsswitch,
+ generic_sudorule,
+ set_entry_cache_timeout):
+ """ Verify refreshing expired sudo rules doesn't crash sssd_sudo """
+ # pylint: disable=unused-argument
+ _pytest_fixtures = [enable_sss_sudo_nsswitch, generic_sudorule,
+ set_entry_cache_timeout]
+ try:
+ ssh = SSHClient(multihost.master[0].sys_hostname,
+ username='foo1', password='Secret123')
+ except paramiko.ssh_exception.AuthenticationException:
+ pytest.fail("%s failed to login" % 'foo1')
+ else:
+ print("Executing %s command as %s user" % ('sudo -l', 'foo1'))
+ (_, _, exit_status) = ssh.execute_cmd('sudo -l')
+ assert exit_status == 0
+ time.sleep(30)
+ if exit_status != 0:
+ journalctl_cmd = 'journalctl -x -n 100 --no-pager'
+ multihost.master[0].run_command(journalctl_cmd)
+ pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1'))
+ ssh.close()
From c323e90c951e71318e03188332c9fc922fe190e5 Mon Sep 17 00:00:00 2001
From: "Niranjan M.R" <mrniran...@redhat.com>
Date: Tue, 16 Oct 2018 19:42:15 +0530
Subject: [PATCH 6/6] pytest: use ConfigParser() instead of SafeConfigParser()
fix the warnings of SafeConfigParser being deprectated.
Signed-off-by: Niranjan M.R <mrniran...@redhat.com>
---
src/tests/multihost/basic/conftest.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py
index 94b58f7a4e..d7e0851700 100644
--- a/src/tests/multihost/basic/conftest.py
+++ b/src/tests/multihost/basic/conftest.py
@@ -102,7 +102,7 @@ def setup_sssd(session_multihost, request):
ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
krb5_server = session_multihost.master[0].sys_hostname
cacert_loc = '/etc/openldap/cacerts/cacert.pem'
- sssdConfig = ConfigParser.SafeConfigParser()
+ sssdConfig = ConfigParser.ConfigParser()
sssdConfig.optionxform = str
sssdConfig.add_section('sssd')
sssdConfig.set('sssd', 'domains', 'EXAMPLE.TEST')
@@ -200,7 +200,7 @@ def set_case_sensitive_false(session_multihost, request):
session_multihost.master[0].run_command(bkup_sssd)
session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf',
'/tmp/sssd.conf')
- sssdconfig = ConfigParser.SafeConfigParser()
+ sssdconfig = ConfigParser.ConfigParser()
sssdconfig.read('/tmp/sssd.conf')
domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST')
if domain_section in sssdconfig.sections():
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
