URL: https://github.com/SSSD/sssd/pull/5892 Author: jakub-vavra-cz Title: #5892: Tests: Add a test for BZ2004406 Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5892/head:pr5892 git checkout pr5892
From ea3a30f612dd2112e29b6599461e71af3a9a1014 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jva...@redhat.com> Date: Fri, 26 Nov 2021 07:24:15 +0100 Subject: [PATCH] Tests: Add a test for BZ2004406 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2004406 Verifies: MR#5791 --- src/tests/multihost/ipa/test_adtrust.py | 55 +++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py index 3f2fc66c1b..6eb5435b09 100644 --- a/src/tests/multihost/ipa/test_adtrust.py +++ b/src/tests/multihost/ipa/test_adtrust.py @@ -6,6 +6,7 @@ :upstream: yes """ +import random import re import time import pytest @@ -379,3 +380,57 @@ def test_nss_get_by_name_with_private_group(self, multihost): assert cmd_adm.returncode == 0, 'Something wrong with setup!' assert cmd_usr.returncode == 0, \ f"pysss_nss_idmap.getsidbyname for {username} failed" + + @staticmethod + def test_idview_override_group(multihost, create_aduser_group): + """ + :title: IPA clients fail to resolve override group names + :id: 7a0dc871-fdad-4c07-9d07-a092baa83178 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2004406 + :description: Overriding both user and group names and ids in + an idview for user and group from AD results in error in sssd + when running id command. + :steps: + 1. ID views to override AD groupname and gid . + 2. ID view to override AD username, uid and gid. + 3. Run an "id" command for the override user on IPA + client + :expectedresults: + 1. View with an override is created. + 2. User override is added to the view. + 3. Id command succeeds, group override is visible. + """ + (aduser, adgroup) = create_aduser_group + domain = multihost.ad[0].domainname + ipa_client = sssdTools(multihost.client[0]) + ipa_client.clear_sssd_cache() + ad_user_fqdn = '%s@%s' % (aduser, domain) + view = f'prygl_trust_view_{random.randint(9999, 999999)}' + create_view = f'ipa idview-add {view}' + multihost.master[0].run_command(create_view, raiseonerr=False) + + create_grp_override = f'ipa idoverridegroup-add {view} ' \ + f'{adgroup}@{domain} --group-name "borci" ' \ + f'--gid=987654' + multihost.master[0].run_command(create_grp_override, raiseonerr=False) + + create_user_override = f'ipa idoverrideuser-add {view} ' \ + f'{ad_user_fqdn} --login ferko ' \ + f'--uid=50001 --gidnumber=50000' + multihost.master[0].run_command(create_user_override, raiseonerr=False) + # apply the view on client + apply_view = f"ipa idview-apply {view} " \ + f"--hosts={multihost.client[0].sys_hostname}" + multihost.master[0].run_command(apply_view, raiseonerr=False) + + ipa_client.clear_sssd_cache() + time.sleep(5) + + id_cmd = f'id ferko@{domain}' + cmd = multihost.client[0].run_command(id_cmd, raiseonerr=False) + delete_id_view = f'ipa idview-del {view}' + multihost.master[0].run_command(delete_id_view) + ipa_client.clear_sssd_cache() + assert cmd.returncode == 0, f"User {aduser} was not found." + assert "borci" in cmd.stdout_text, "Group name was not overridden." + assert "987654" in cmd.stdout_text, "Group id was not overridden."
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
