URL: https://github.com/SSSD/sssd/pull/5880 Author: dparmar18 Title: #5880: Automation code for bug 2013294/1992973/2013379 Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5880/head:pr5880 git checkout pr5880
From 24ca63bde9d377f070fe465800eb6bcdaab5d87f Mon Sep 17 00:00:00 2001 From: Dhairya Parmar <dpar...@dparmar.pnq.csb> Date: Wed, 17 Nov 2021 15:18:14 +0530 Subject: [PATCH 1/2] added test_0007_getent_admproxy() in test_misc.py --- src/tests/multihost/alltests/test_misc.py | 45 +++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/src/tests/multihost/alltests/test_misc.py b/src/tests/multihost/alltests/test_misc.py index 3575799dce..48bdc1ca64 100644 --- a/src/tests/multihost/alltests/test_misc.py +++ b/src/tests/multihost/alltests/test_misc.py @@ -353,3 +353,48 @@ def test_0006_getent_group(self, multihost, assert "group-2@example1:*:20002:user-2@example1," \ "user-4@example1,user-6@example1," \ "user-8@example1" in cmd.stdout_text + + @pytest.mark.tier1 + def test_0007_getent_admproxy(self, multihost, backupsssdconf): + """ + :title: 'getent passwd adm@proxy' doesn't + return anything when 'cache_first = True' option is used with + nss i.e. lookup with the fully-qualified name of a user or + group will fail if the requested object is not already in the + cache. + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2013294 + :id: 9ff64ee0-255d-46ac-bf0a-b022eaad463e + :customerscenario: false + :steps: + 1. Configure SSSD with nss having cache_first = True. + 2. restart SSSD with empty cache. + 3. Check 'getent passwd adm@proxy' output. + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. 'getent passwd adm@proxy' should return identity lookup + of user adm. + """ + getent_admproxy = "getent passwd adm@proxy" + tools = sssdTools(multihost.client[0]) + section = "sssd" + section_params = {"domains": "proxy", "services": "nss"} + tools.sssd_conf(section, section_params, action="update") + section = "domain/proxy" + section_params = {"id_provider": "proxy", "proxy_lib_name": "files", + 'auth_provider': "none"} + tools.sssd_conf(section, section_params, action="update") + section = "nss" + section_params = {"cache_first": "True"} + tools.sssd_conf(section, section_params, action="update") + tools.clear_sssd_cache(start=True) + cache_first_true = multihost.client[0].run_command(getent_admproxy, + raiseonerr=False) + assert cache_first_true.returncode == 0, "Bug 2013294/1992973/2013379" + section = "nss" + section_params = {"cache_first": "True"} + tools.sssd_conf(section, section_params, action="delete") + tools.clear_sssd_cache(start=True) + cache_first_false = multihost.client[0].run_command(getent_admproxy, + raiseonerr=False) + assert cache_first_false.returncode == 0 From 60c0186c250844a4fc2d9d02c081d4d8072f8f0b Mon Sep 17 00:00:00 2001 From: Dhairya Parmar <dpar...@dparmar.pnq.csb> Date: Thu, 18 Nov 2021 12:09:49 +0530 Subject: [PATCH 2/2] TEST: Lookup with fully-qualified name with 'cache_first = True' Explanation - If the 'cache_first = True' option is used with the nss responder a lookup with the fully-qualified name of a user or group will fail if the requested object is not already in the cache. - With earlier versions of sssd, using 'cache_first = True' in nss section of sssd.conf, the lookup of a user or a group would return nothing, for e.g. 'getent passwd adm@proxy' would just return to bash prompt and 'echo $?' would return exit code 2. - The same works when 'cache_first = True' is not used. - With latest rpm version sssd-2.6.1-1.el8, this issue has been fixed and this test is intended to support it. Now, with 'cache_first = True' or without 'cache_first = True', 'getent passwd adm@proxy' always returns the indentity of adm. Verifies Issue: https://github.com/SSSD/sssd/issues/5744 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2013294 --- src/tests/multihost/alltests/test_misc.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/tests/multihost/alltests/test_misc.py b/src/tests/multihost/alltests/test_misc.py index 48bdc1ca64..f241800272 100644 --- a/src/tests/multihost/alltests/test_misc.py +++ b/src/tests/multihost/alltests/test_misc.py @@ -354,12 +354,12 @@ def test_0006_getent_group(self, multihost, "user-4@example1,user-6@example1," \ "user-8@example1" in cmd.stdout_text - @pytest.mark.tier1 + @pytest.mark.tier1_2 def test_0007_getent_admproxy(self, multihost, backupsssdconf): """ - :title: 'getent passwd adm@proxy' doesn't - return anything when 'cache_first = True' option is used with - nss i.e. lookup with the fully-qualified name of a user or + :title: 'getent passwd adm@proxy' doesn't return anything when + 'cache_first = True' option is used with nss. + :description: Lookup with the fully-qualified name of a user or group will fail if the requested object is not already in the cache. :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2013294 @@ -373,7 +373,7 @@ def test_0007_getent_admproxy(self, multihost, backupsssdconf): 1. Should succeed 2. Should succeed 3. 'getent passwd adm@proxy' should return identity lookup - of user adm. + of user adm. """ getent_admproxy = "getent passwd adm@proxy" tools = sssdTools(multihost.client[0])
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure