URL: https://github.com/SSSD/sssd/pull/5755 Author: aborah-sudo Title: #5755: Tests: support subid ranges managed by FreeIPA Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5755/head:pr5755 git checkout pr5755
From cb35bb2ef93a61c65147f2f8a5e05eda759f2d8f Mon Sep 17 00:00:00 2001 From: Anuj Borah <abo...@redhat.com> Date: Thu, 19 Aug 2021 14:19:26 +0530 Subject: [PATCH] Tests: support subid ranges managed by FreeIPA issue: https://github.com/SSSD/sssd/issues/5197 bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1803943 --- src/tests/multihost/ipa/conftest.py | 86 ++++++++++++- .../multihost/ipa/data/list_subid_ranges.c | 46 +++++++ src/tests/multihost/ipa/test_subid_ranges.py | 117 ++++++++++++++++++ 3 files changed, 248 insertions(+), 1 deletion(-) create mode 100644 src/tests/multihost/ipa/data/list_subid_ranges.c create mode 100644 src/tests/multihost/ipa/test_subid_ranges.py diff --git a/src/tests/multihost/ipa/conftest.py b/src/tests/multihost/ipa/conftest.py index f65ae765d3..99233a028e 100644 --- a/src/tests/multihost/ipa/conftest.py +++ b/src/tests/multihost/ipa/conftest.py @@ -16,12 +16,13 @@ from sssd.testlib.ipa.utils import ipaTools from sssd.testlib.common.utils import ADOperations from sssd.testlib.common.paths import SSSD_DEFAULT_CONF +from sssd.testlib.common.utils import SSHClient def pytest_configure(): """ Namespace hook to add below dict in the pytest namespace """ pytest.num_masters = 1 - pytest.num_ad = 1 + pytest.num_ad = 0 pytest.num_atomic = 0 pytest.num_replicas = 0 pytest.num_clients = 1 @@ -165,6 +166,89 @@ def restoresssdconf(): # ==================== Class Scoped Fixtures ================ +@pytest.fixture(scope='class') +def environment_setup(session_multihost, request): + """ + Install necessary packages + """ + """ + pre_version = "sed -rn 's/.*([0-9])\.[0-9].*/\\1/p' /etc/redhat-release" + client = session_multihost.client[0] + if "Red Hat" in client.run_command("cat /etc/redhat-release").stdout_text: + version = [int(i) for i + in client.run_command(pre_version).stdout_text.split() + if i.isdigit()][0] + if version >= 9: + client.run_command("yum " + "--enablerepo=rhel-CRB install" + " -y shadow-utils*") + """ + client = session_multihost.client[0] + client.run_command("yum install -y shadow-utils*") + client.run_command("yum install -y shadow-utils-subid-devel") + client.run_command("yum install -y gcc") + with pytest.raises(subprocess.CalledProcessError): + client.run_command(f"grep subid /etc/nsswitch.conf") + client.transport.put_file(os.getcwd() + + '/src/tests/multihost/ipa/data/list_subid_ranges.c', + '/tmp/list_subid_ranges.c') + client.run_command("gcc /tmp/list_subid_ranges.c" + " -lsubid -o /tmp/list_subid_ranges") + + def remove(): + """ Remove file """ + for file in ['list_subid_ranges', 'list_subid_ranges.c']: + client.run_command(f"rm -vf /tmp/{file}") + + request.addfinalizer(remove) + + +@pytest.fixture(scope='class') +def subid_generate(session_multihost, request): + user = "admin" + test_password = "Secret123" + ssh1 = SSHClient(session_multihost.client[0].sys_hostname, + username=user, password=test_password) + (result, result1, exit_status) = ssh1.execute_cmd('kinit', + stdin=test_password) + assert exit_status == 0 + (result, result1, exit_status) = ssh1.exec_command('klist') + assert user in str(result1.read()) + (result, result1, exit_status) = ssh1.exec_command(f"ipa " + f" subid-generate" + f" --owner={user}") + ssh1.close() + + +@pytest.fixture(scope='class') +def bkp_cnfig_for_subid_files(session_multihost, request): + """ Back up """ + session_multihost.client[0].run_command("cp -vf " + "/etc/subuid " + "/tmp/subuid_bkp") + session_multihost.client[0].run_command("cp -vf " + "/etc/subgid " + "/tmp/subgid_bkp") + session_multihost.client[0].run_command("cp -vf " + "/etc/nsswitch.conf " + "/tmp/nsswitch.conf_bkp") + session_multihost.client[0].run_command("echo 'subid: sss' " + ">> /etc/nsswitch.conf") + + def restore(): + """ Restore """ + session_multihost.client[0].run_command("mv -vf " + "/tmp/subuid_bkp " + "/etc/subuid") + session_multihost.client[0].run_command("mv -vf " + "/tmp/subgid_bkp " + "/etc/subgid") + session_multihost.client[0].run_command("mv -vf " + "/tmp/nsswitch.conf_bkp " + "/etc/nsswitch.conf") + request.addfinalizer(restore) + + @pytest.fixture(scope="class") def default_ipa_users(session_multihost, request): """ Create IPA Users foobar0 to foobar9 """ diff --git a/src/tests/multihost/ipa/data/list_subid_ranges.c b/src/tests/multihost/ipa/data/list_subid_ranges.c new file mode 100644 index 0000000000..05d2e8f048 --- /dev/null +++ b/src/tests/multihost/ipa/data/list_subid_ranges.c @@ -0,0 +1,46 @@ + +#include <stdio.h> +#include <string.h> +#include "shadow/subid.h" +#include "stdlib.h" + +const char *Prog; +FILE *shadow_logfd = NULL; + +void usage(void) +{ + fprintf(stderr, "Usage: %s [-g] user\n", Prog); + fprintf(stderr, " list subuid ranges for user\n"); + fprintf(stderr, " pass -g to list subgid ranges\n"); + exit(EXIT_FAILURE); +} + +int main(int argc, char *argv[]) +{ + int i, count=0; + struct subid_range *ranges; + const char *owner; + + Prog = argv[0]; + shadow_logfd = stderr; + if (argc < 2) + usage(); + owner = argv[1]; + if (argc == 3 && strcmp(argv[1], "-g") == 0) { + owner = argv[2]; + count = get_subgid_ranges(owner, &ranges); + } else if (argc == 2 && strcmp(argv[1], "-h") == 0) { + usage(); + } else { + count = get_subuid_ranges(owner, &ranges); + } + if (!ranges) { + fprintf(stderr, "Error fetching ranges\n"); + exit(1); + } + for (i = 0; i < count; i++) { + printf("%d: %s %lu %lu\n", i, owner, + ranges[i].start, ranges[i].count); + } + return 0; +} diff --git a/src/tests/multihost/ipa/test_subid_ranges.py b/src/tests/multihost/ipa/test_subid_ranges.py new file mode 100644 index 0000000000..a8d7a2e138 --- /dev/null +++ b/src/tests/multihost/ipa/test_subid_ranges.py @@ -0,0 +1,117 @@ +""" Automation of IPA bugs """ + +import pytest +import subprocess +import time +import os +from sssd.testlib.common.utils import SSHClient + + +test_password = "Secret123" +user = 'admin' + + +def execute_cmd(multihost, command): + """ Execute command on client """ + cmd = multihost.client[0].run_command(command) + return cmd + + +@pytest.mark.usefixtures('environment_setup', + 'subid_generate', + 'bkp_cnfig_for_subid_files',) +@pytest.mark.tier1 +class TestSubid(object): + """ + This is for ipa bugs automation + """ + def test_subid_feature(self, multihost): + """ + :Title: support subid ranges managed by FreeIPA + :id: 50bcdc28-00c8-11ec-bef4-845cf3eff344 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1803943 + :steps: + 1. Generate subid for user admin + 2. Test newuidmap command + 3. Test newgidmap command + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + """ + ssh1 = SSHClient(multihost.client[0].sys_hostname, + username=user, password=test_password) + (result, result1, exit_status) = ssh1.exec_command(f"ipa " + f"subid-find" + f" --owner " + f"{user}") + user_details = result1.readlines() + uid_start = int(user_details[5].split(': ')[1].split('\n')[0]) + uid_range = int(user_details[6].split(': ')[1].split('\n')[0]) + gid_start = int(user_details[7].split(': ')[1].split('\n')[0]) + gid_range = int(user_details[8].split(': ')[1].split('\n')[0]) + (results1, results2, results3) = ssh1.exec_command("unshare" + " -U bash" + " -c 'echo" + " $$ > " + "/tmp/unshare.pid;" + " sleep 100'") + time.sleep(2) + proces_id = [int(i) + for i in + execute_cmd(multihost, + "cat /tmp/unshare.pid").stdout_text.split() + if i.isdigit()][0] + uid = 0 + count = 1 + ssh1.exec_command(f"newuidmap {proces_id} {uid} {uid_start} {count}") + ssh1.exec_command(f"newgidmap {proces_id} {uid} {gid_start} {count}") + result = execute_cmd(multihost, f"cat /proc/{proces_id}/uid_map") + assert str(uid) in result.stdout_text + assert str(uid_start) in result.stdout_text + assert str(count) in result.stdout_text + result = execute_cmd(multihost, f"cat /proc/{proces_id}/gid_map") + assert str(uid) in result.stdout_text + assert str(gid_start) in result.stdout_text + assert str(count) in result.stdout_text + multihost.client[0].run_command(f'kill -9 {proces_id}') + ssh1.close() + + def test_list_subid_ranges(self, multihost): + """ + :Title: support subid ranges managed by FreeIPA + :id: 4ab33f84-00c8-11ec-ad91-845cf3eff344 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1803943 + :steps: + 1. Configure subid: sss on /etc/nsswitch.conf + 2. Test list_subid_ranges command + 3. Test list_subid_ranges -g command + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + """ + ssh1 = SSHClient(multihost.client[0].sys_hostname, + username=user, password=test_password) + (result, result1, exit_status) = ssh1.execute_cmd('kinit', + stdin=test_password) + assert exit_status == 0 + (result, result1, exit_status) = ssh1.exec_command('klist') + assert user in str(result1.read()) + (result, result1, exit_status) = ssh1.exec_command(f"ipa subid-find" + f" --owner " + f"{user}") + user_details = result1.readlines() + uid_start = int(user_details[5].split(': ')[1].split('\n')[0]) + uid_range = int(user_details[6].split(': ')[1].split('\n')[0]) + gid_start = int(user_details[7].split(': ')[1].split('\n')[0]) + gid_range = int(user_details[8].split(': ')[1].split('\n')[0]) + cmd = multihost.client[0].run_command(f"cd /tmp/; " + f"./list_subid_ranges " + f"{user}") + assert f"{user} {uid_start} {uid_range}" in cmd.stdout_text + cmd = multihost.client[0].run_command(f"cd /tmp/;" + f" ./list_subid_ranges" + f" -g {user}") + assert f"{user} {gid_start} {gid_range}" in cmd.stdout_text + ssh1.close()
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
