URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792
From f51dc36ef2080d6a039018e7432ab8977b57c4df Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar <sgade...@sgadekar.pnq.csb> Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 37 +++++++++++-- src/tests/multihost/alltests/test_sudo.py | 66 +++++++++++++++++++++-- 2 files changed, 94 insertions(+), 9 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..d7f34b7c24 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,11 +424,38 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): + """ Configure basic sudo parameters in sssd.conf """ + tools = sssdTools(session_multihost.client[0]) + session_multihost.client[0].service_sssd('stop') + tools.remove_sss_cache('/var/lib/sss/db/') + tools.remove_sss_cache('/var/log/sssd') + ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}' + section = "sssd" + sssd_params = {'services': 'nss, pam, sudo'} + tools.sssd_conf(section, sssd_params) + sudo_base = f'ou=sudoers,{ds_suffix}' + params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} + domain_section = 'domain/{ds_instance_name}' + tools.sssd_conf(domain_section, params, action='update') + ret = session_multihost.client[0].service_sssd('start') + + def restore_sssd_conf(): + """ Restore sssd.conf """ + services = 'nss, pam' + sssd_params = {'services': services} + tools.sssd_conf('sssd', sssd_params) + tools.sssd_conf(domain_section, params, action='delete') + request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - sudo_ou = 'ou=sudoers, %s' % ds_suffix + ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}' + sudo_ou = f'ou=sudoers,{ds_suffix}' ds_rootdn = 'cn=Directory Manager' ds_rootpw = 'Secret123' ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) @@ -439,12 +466,12 @@ def sudo_rule(session_multihost, request): sudo_options = ["!requiretty", "!authenticate"] sudo_cmd = '/usr/bin/head' sudo_user = 'foo1' - rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) + rule_dn = f'cn={sudo_cmd},{sudo_ou}' try: ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', sudo_user, sudo_options) except LdapException: - pytest.fail("Failed to add sudo rule %s" % rule_dn) + pytest.fail(f"Failed to add sudo rule {rule_dn}") else: extra_user = 'foo2' add_extra = [(ldap.MOD_ADD, 'sudoUser', @@ -454,7 +481,7 @@ def sudo_rule(session_multihost, request): def del_sudo_rule(): """ Delete sudo rule """ - rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) + rule_dn = f'cn={sudo_cmd},{sudo_ou}' (_, _) = ldap_inst.del_dn(rule_dn) (ret, _) = ldap_inst.del_dn(sudo_ou) assert ret == 'Success' diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..90981e2317 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + + @pytest.mark.tier2 + def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): + """ + :title: sudo: improve sudo full and smart refresh timeouts + :id: 3860d1b9-28fc-4d44-9537-caf28ab033c8 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505 + :customerscenario: True + :steps: + 1. Edit sssdconfig and specify sssd smart, full timeout option + 2. Restart sssd with cleared logs and cache + 3. Wait for 40 seconds + 4. Parse logs and confirm sudo full refresh and smart refresh + timeout are not running at same time + 5. If sudo full refresh and smart refresh timer are scheduled at + same time then smart refresh is rescheduled to the next cycle + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed + """ + tools = sssdTools(multihost.client[0]) multihost.client[0].service_sssd('stop') - params = {'ldap_sudo_full_refresh_interval': '25', - 'ldap_sudo_smart_refresh_interval': '15', - 'ldap_sudo_random_offset': '5'} - tools.sssd_conf(domain_section, params, action='delete') + tools.remove_sss_cache('/var/lib/sss/db') + tools.remove_sss_cache('/var/log/sssd') + params = {'ldap_sudo_full_refresh_interval': '10', + 'ldap_sudo_random_offset': '0', + 'ldap_sudo_smart_refresh_interval': '5'} + domain_section = f'domain/{ds_instance_name}' + tools.sssd_conf(domain_section, params, action='update') multihost.client[0].service_sssd('start') + time.sleep(40) + logfile = f'/var/log/sssd/sssd_{ds_instance_name}.log' + tmout_ptrn = f"(SUDO.*Refresh.*executing)" + rschdl_ptrn = f"(SUDO.*Refresh.*rescheduling)" + regex_tmout = re.compile("%s" % tmout_ptrn) + rgx_rs_tstmp = re.compile("%s" % rschdl_ptrn) + full_rfsh_tstmp = [] + smrt_rfsh_tstmp = [] + rschdl_tstmp = [] + log = multihost.client[0].get_file_contents(logfile).decode('utf-8') + for line in log.split('\n'): + if (regex_tmout.findall(line)): + dt_time = line.split('):')[0] + tstmp = dt_time.split()[1] + ref_type = line.split()[7] + if ref_type == 'Smart': + smrt_rfsh_tstmp.append(tstmp) + elif ref_type == 'Full': + full_rfsh_tstmp.append(tstmp) + if (rgx_rs_tstmp.findall(line)): + dt_time = line.split('):')[0] + tstmp = dt_time.split()[1] + rschdl_tstmp.append(tstmp) + for tm_stamp in full_rfsh_tstmp: + if tm_stamp in smrt_rfsh_tstmp: + assert tm_stamp in rschdl_tstmp + else: + assert tm_stamp not in smrt_rfsh_tstmp
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
