URL: https://github.com/SSSD/sssd/pull/5899
Author: sidecontrol
Title: #5899: Adding multidomain test cases for bz2013297 and bz2018432
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5899/head:pr5899
git checkout pr5899
From 79d9b980d9a07335456c7d0df03fb658cb069732 Mon Sep 17 00:00:00 2001
From: Dan Lavu <dl...@redhat.com>
Date: Fri, 3 Dec 2021 06:29:34 -0500
Subject: [PATCH] Adding multidomain test cases for bz2013297 and bz2018432
Add multidomain pytest suite
- bz2013297 and bz2018432
- this tset suite will provision 5 AD servers, parent, 2 childs, tree
another forest
Signed-off-by: Dan Lavu <dl...@redhat.com>
---
src/tests/multihost/admultidomain/conftest.py | 165 +++++++++++++++++
src/tests/multihost/admultidomain/mhc.yaml | 62 +++++++
src/tests/multihost/admultidomain/pytest.ini | 6 +
src/tests/multihost/admultidomain/readme.rst | 45 +++++
.../admultidomain/test_multidomain.py | 174 ++++++++++++++++++
.../multihost/sssd/testlib/common/qe_class.py | 14 +-
6 files changed, 464 insertions(+), 2 deletions(-)
create mode 100644 src/tests/multihost/admultidomain/conftest.py
create mode 100644 src/tests/multihost/admultidomain/mhc.yaml
create mode 100644 src/tests/multihost/admultidomain/pytest.ini
create mode 100644 src/tests/multihost/admultidomain/readme.rst
create mode 100644 src/tests/multihost/admultidomain/test_multidomain.py
diff --git a/src/tests/multihost/admultidomain/conftest.py b/src/tests/multihost/admultidomain/conftest.py
new file mode 100644
index 0000000000..9af075ac51
--- /dev/null
+++ b/src/tests/multihost/admultidomain/conftest.py
@@ -0,0 +1,165 @@
+
+""" Common AD Fixtures """
+from __future__ import print_function
+import random
+import subprocess
+import time
+import pytest
+import ldap
+import os
+import posixpath
+import pathlib
+# pylint: disable=unused-import
+from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF
+from sssd.testlib.common.qe_class import session_multihost
+from sssd.testlib.common.qe_class import create_testdir
+from sssd.testlib.common.exceptions import SSSDException
+from sssd.testlib.common.utils import ADOperations
+from sssd.testlib.common.exceptions import LdapException
+from sssd.testlib.common.samba import sambaTools
+from sssd.testlib.common.utils import sssdTools
+
+
+def pytest_configure():
+ """ Namespace hook, Adds below dict to pytest namespace """
+ pytest.num_masters = 0
+ pytest.num_ad = 4
+ pytest.num_atomic = 0
+ pytest.num_replicas = 0
+ pytest.num_clients = 1
+ pytest.num_others = 0
+
+
+# ######## Function scoped Fixtures ####################
+@pytest.fixture(scope="function")
+def adjoin(session_multihost, request):
+ """ Join to AD using net ads command """
+ ad_realm = session_multihost.ad[0].realm
+ ad_ip = session_multihost.ad[0].ip
+ ad_host = session_multihost.ad[0].sys_hostname
+ client_ad = sssdTools(session_multihost.client[0], session_multihost.ad[0])
+ client_ad.update_resolv_conf(session_multihost.ad[0])
+ client_ad.clear_sssd_cache()
+ client_ad.systemsssdauth(ad_realm, ad_host)
+ client_ad.disjoin_ad()
+ client_ad.create_kdcinfo(ad_realm, ad_ip)
+ kinit = f'kinit Administrator@{ad_realm}'
+ ad_password = session_multihost.ad[0].ssh_password
+ try:
+ session_multihost.client[0].run_command(kinit, stdin_text=ad_password)
+ except subprocess.CalledProcessError:
+ pytest.fail("kinit failed")
+
+ def _join(membersw=None):
+ """ Join AD """
+ if membersw == 'samba':
+ client_ad.join_ad(ad_realm, ad_password, mem_sw='samba')
+ else:
+ client_ad.join_ad(ad_realm, ad_password)
+
+ def adleave():
+ """ Disjoin AD """
+ client_ad.disjoin_ad()
+ remove_keytab = 'rm -f /etc/krb5.keytab'
+ kdestroy_cmd = 'kdestroy -A'
+ session_multihost.client[0].run_command(kdestroy_cmd)
+ session_multihost.client[0].run_command(remove_keytab)
+ request.addfinalizer(adleave)
+ return _join
+
+
+@pytest.fixture(scope="function")
+def adchildjoin(session_multihost, request):
+ """ Join to AD using net ads command """
+ ad_realm = session_multihost.ad[1].realm
+ ad_ip = session_multihost.ad[1].ip
+ client_ad = sssdTools(session_multihost.client[0], session_multihost.ad[1])
+ client_ad.disjoin_ad()
+ client_ad.create_kdcinfo(ad_realm, ad_ip)
+ kinit = "kinit Administrator@%s" % ad_realm
+ ad_password = session_multihost.ad[1].ssh_password
+ try:
+ session_multihost.client[0].run_command(kinit, stdin_text=ad_password)
+ except subprocess.CalledProcessError:
+ pytest.fail("kinit failed")
+
+ def _join(membersw=None):
+ """ Join AD """
+ if membersw == 'samba':
+ client_ad.join_ad(ad_realm, ad_password, mem_sw='samba')
+ else:
+ client_ad.join_ad(ad_realm, ad_password)
+
+ def adleave():
+ """ Disjoin AD """
+ client_ad.disjoin_ad()
+ remove_keytab = 'rm -f /etc/krb5.keytab'
+ kdestroy_cmd = 'kdestroy -A'
+ session_multihost.client[0].run_command(kdestroy_cmd)
+ session_multihost.client[0].run_command(remove_keytab)
+ request.addfinalizer(adleave)
+ return _join
+
+
+@pytest.fixture(scope='function')
+def backupsssdconf(session_multihost, request):
+ """ Backup and restore sssd.conf """
+ bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF,
+ SSSD_DEFAULT_CONF)
+ session_multihost.client[0].run_command(bkup)
+ session_multihost.client[0].service_sssd('stop')
+
+ def restoresssdconf():
+ """ Restore sssd.conf """
+ restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF)
+ session_multihost.client[0].run_command(restore)
+ request.addfinalizer(restoresssdconf)
+
+
+# ############## class scoped Fixtures ##############################
+@pytest.fixture(scope="class")
+def multihost(session_multihost, request):
+ """ Multihost fixture to be used by tests
+ :param obj session_multihost: multihost object
+ :return obj session_multihost: return multihost object
+ :Exceptions: None
+ """
+ if hasattr(request.cls(), 'class_setup'):
+ request.cls().class_setup(session_multihost)
+ request.addfinalizer(
+ lambda: request.cls().class_teardown(session_multihost))
+ return session_multihost
+
+
+@pytest.fixture(scope="class")
+def clear_sssd_cache(session_multihost):
+ """ Clear sssd cache """
+ client = sssdTools(session_multihost.client[0])
+ client.clear_sssd_cache()
+
+
+# ################### Session scoped fixtures #########################
+@pytest.fixture(scope="session", autouse=True)
+def setup_session(request, session_multihost):
+ """ Setup Session """
+ client = sssdTools(session_multihost.client[0])
+ realm = session_multihost.ad[1].realm
+ ad_host = session_multihost.ad[1].sys_hostname
+ try:
+ master = sssdTools(session_multihost.master[0])
+ except IndexError:
+ pass
+ else:
+ master.server_install_pkgs()
+ master.update_resolv_conf(session_multihost.ad[1].ip)
+ client.client_install_pkgs()
+ client.update_resolv_conf(session_multihost.ad[1].ip)
+ client.clear_sssd_cache()
+ client.systemsssdauth(realm, ad_host)
+
+ def teardown_session():
+ """ Teardown session """
+ session_multihost.client[0].service_sssd('stop')
+ remove_sssd_conf = 'rm -f /etc/sssd/sssd.conf'
+ session_multihost.client[0].run_command(remove_sssd_conf)
+ request.addfinalizer(teardown_session)
diff --git a/src/tests/multihost/admultidomain/mhc.yaml b/src/tests/multihost/admultidomain/mhc.yaml
new file mode 100644
index 0000000000..97597332a7
--- /dev/null
+++ b/src/tests/multihost/admultidomain/mhc.yaml
@@ -0,0 +1,62 @@
+ad_admin_name: Administrator
+ad_admin_password: Secret123
+ad_hostname: ad1-wr53
+ad_ip: 10.0.107.55
+ad_sub_domain: child1-wr53.domain-wr53.com
+ad_sub_hostname: ad3-wr53
+ad_sub_ip: 10.0.104.122
+ad_top_domain: domain-wr53.com
+admin_name: admin
+admin_password: Secret.123
+dirman_dn: cn=Directory Manager
+dirman_password: Secret.123
+dns_forwarder: 10.11.5.19
+domains:
+- hosts:
+ - external_hostname: ci-vm-10-0-106-255.hosted.upshift.rdu2.redhat.com
+ ip: 10.0.106.255
+ name: hostname1
+ role: client
+ name: domain.com
+ type: sssd
+- hosts:
+ - external_hostname: ci-vm-10-0-107-55.hosted.upshift.rdu2.redhat.com
+ host_type: windows
+ ip: 10.0.107.55
+ name: ad1-wr53
+ password: Secret123
+ role: ad
+ username: Administrator
+ name: domain-wr53.com
+ type: ad
+- hosts:
+ - external_hostname: ci-vm-10-0-104-122.hosted.upshift.rdu2.redhat.com
+ host_type: windows
+ ip: 10.0.104.122
+ name: ad2-wr53
+ password: Secret123
+ role: ad
+ username: Administrator
+ name: child-wr53.domain-wr53.com
+ type: ad
+- hosts:
+ - external_hostname: ci-vm-10-0-104-82.hosted.upshift.rdu2.redhat.com
+ host_type: windows
+ ip: 10.0.104.82
+ name: ad3-wr53
+ password: Secret123
+ role: ad
+ username: Administrator
+ name: child1-wr53.domain-wr53.com
+ type: ad
+- hosts:
+ - external_hostname: ci-vm-10-0-105-168.hosted.upshift.rdu2.redhat.com
+ host_type: windows
+ ip: 10.0.105.168
+ name: ad4-wr53
+ password: Secret123
+ role: ad
+ username: Administrator
+ name: tdomain-wr53.com
+ type: ad
+ssh_key_filename: ~/.ssh/idmci_rsa
diff --git a/src/tests/multihost/admultidomain/pytest.ini b/src/tests/multihost/admultidomain/pytest.ini
new file mode 100644
index 0000000000..704a0b1400
--- /dev/null
+++ b/src/tests/multihost/admultidomain/pytest.ini
@@ -0,0 +1,6 @@
+[pytest]
+markers =
+ admultidomain: Multidomain tests with multiple domains
+ tier1: All tier1 test cases
+ tier2: All tier2 test cases
+ tier3: All tier3 test cases
diff --git a/src/tests/multihost/admultidomain/readme.rst b/src/tests/multihost/admultidomain/readme.rst
new file mode 100644
index 0000000000..819f52b13c
--- /dev/null
+++ b/src/tests/multihost/admultidomain/readme.rst
@@ -0,0 +1,45 @@
+AD Multidomain Provider Test Suite
+======================
+
+This directory contains automation for SSSD AD Provider
+Multi-domain tests.
+
+Fixtures
+========
+
+
+session
+*******
+
+* setup_session: This fixtures does the following tasks:
+
+
+ * Install common required packages like
+ * Updated /etc/resolv.conf with Windows IP Address
+ * Clear sssd cache
+ * Configure system to use sssd authentication
+
+
+* teardown_session: This is not a fixtures but a teardown of ``setup_session``
+
+ * Restores resolv.conf
+ * Stop sssd service
+ * remove sssd.conf
+
+
+class
+*****
+
+* multihost: This fixture returns multihost object. Also using builtin request
+ fixture we pass ``class_setup`` and ``class_teardown``. If the test suite defines
+ class_setup and class_teardown functions, multihost object will be available
+ to execute any remote functions.
+
+* clear_sssd_cache: Stops sssd service. Removes cache files from
+ ``/var/lib/sss/db`` and starts sssd service. Sleeps for 10 seconds.
+
+* joinad: Join the system to Windows AD using realm with membercli-software
+ being adcli.
+
+* joinad: Join the system to Windows AD using realm with membercli-software
+ being adcli.
diff --git a/src/tests/multihost/admultidomain/test_multidomain.py b/src/tests/multihost/admultidomain/test_multidomain.py
new file mode 100644
index 0000000000..b93cb10bfe
--- /dev/null
+++ b/src/tests/multihost/admultidomain/test_multidomain.py
@@ -0,0 +1,174 @@
+""" AD-Provider AD Parameters tests ported from bash
+
+:requirement: ad_parameters
+:casecomponent: sssd
+:subsystemteam: sst_idm_sssd
+:upstream: yes
+"""
+import tempfile
+import pytest
+
+from sssd.testlib.common.utils import sssdTools
+from sssd.testlib.common.utils import SSSDException
+from sssd.testlib.common.utils import ADOperations
+
+
+@pytest.fixture(scope="class")
+def change_client_hostname(session_multihost, request):
+ """ Change client hostname to a truncated version in the AD domain"""
+ cmd = session_multihost.client[0].run_command(
+ 'hostname', raiseonerr=False)
+ old_hostname = cmd.stdout_text.rstrip()
+ ad_domain = session_multihost.ad[0].domainname
+ session_multihost.client[0].run_command(
+ f'hostname client.{ad_domain}', raiseonerr=False)
+
+ def restore():
+ """ Restore hostname """
+ session_multihost.client[0].run_command(
+ f'hostname {old_hostname}',
+ raiseonerr=False
+ )
+ request.addfinalizer(restore)
+
+
+@pytest.mark.tier1
+@pytest.mark.admultidomain
+@pytest.mark.usefixtures("change_client_hostname")
+class TestADMultiDomain(object):
+
+ @staticmethod
+ def test_0001_bz2013297(multihost, adchildjoin):
+ """
+ :title: IDM-SSSD-TC: ad_provider: forests: disabled root ad domain
+ causes subdomains to be marked offline
+ :id:
+ :setup:
+ 1. Configure parent and child domain
+ 2. Join client to child domain
+ 3. ad_enabled_domains is not configured
+ 4. ad_enabled_domains to contain only the child domain
+ :steps:
+ 1. Lookup user from child domain
+ 2. Lookup user from parent domain
+ 3. Change ad_enabled_domains parameter
+ 4. Lookup user from child domain
+ 5. Lookup user from parent domain
+ :expectedresults:
+ 1. Parent user is found
+ 2. Child user is found
+ 3. Parent user is not found
+ 4. Child user is found
+ :customerscenario: True
+ """
+ adchildjoin(membersw='adcli')
+ ad_domain = multihost.ad[0].domainname
+ ad_child_domain = multihost.ad[1].domainname
+
+ # Configure sssd
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[1])
+ client.backup_sssd_conf()
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'ad_domain': ad_child_domain,
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+
+ # Search for the user in root domain
+ parent_cmd = multihost.client[0].run_command(
+ f'getent passwd user1@{ad_domain}',
+ raiseonerr=False
+ )
+ # Search for the user in child domain
+ child_cmd = multihost.client[0].run_command(
+ f'getent passwd child_user1@{ad_child_domain}',
+ raiseonerr=False
+ )
+
+ client.restore_sssd_conf()
+ client.clear_sssd_cache()
+
+ # Evaluate test results
+ assert parent_cmd.returncode == 0
+ assert child_cmd.returncode == 0
+
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'ad_domain': ad_child_domain,
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True',
+ 'ad_enabled_domains': ad_child_domain
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+
+ # Search for the user in root domain
+ parent_cmd = multihost.client[0].run_command(
+ f'getent passwd user1@{ad_domain}',
+ raiseonerr=False
+ )
+ # Search for the user in child domain
+ child_cmd = multihost.client[0].run_command(
+ f'getent passwd child_user1@{ad_child_domain}',
+ raiseonerr=False
+ )
+
+ client.restore_sssd_conf()
+ client.clear_sssd_cache()
+
+ # Evaluate test results
+ assert parent_cmd.returncode == 2
+ assert child_cmd.returncode == 0
+
+ @staticmethod
+ def test_0002_bz2018432(multihost, adjoin):
+ """
+ :title: IDM-SSSD-TC: ad_provider: forests: based SSSD adds more AD
+ domains than it should based on the configuration file
+ :id:
+ :setup:
+ 1. Configure several domains, this suite contains 4 trusted domains
+ 2. Join client to parent domain
+ :steps:
+ 1. Perform sssctl domain-list
+ :expectedresults:
+ 1. Only trusted domains listed
+ :customerscenario: True
+ """
+ adjoin(membersw='adcli')
+ ad_domain = multihost.ad[0].domainname
+ ad_child_domain = multihost.ad[1].domainname
+ ad_child1_domain = multihost.ad[2].domainname
+ ad_tree_domain = multihost.ad[3].domainname
+
+ # Configure sssd
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ client.backup_sssd_conf()
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'ad_domain': ad_domain,
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True'
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+ # List domains
+ domain_list_cmd = multihost.client[0].run_command(
+ 'sssctl domain-list', raiseonerr=False)
+ ad_count = len(multihost.ad)
+
+ assert str(ad_domain) \
+ and str(ad_child_domain) \
+ and str(ad_child1_domain) \
+ and str(ad_tree_domain) \
+ in domain_list_cmd.stdout_text
+
+ assert len(domain_list_cmd.stdout_text.split('\n'))-2 == ad_count
diff --git a/src/tests/multihost/sssd/testlib/common/qe_class.py b/src/tests/multihost/sssd/testlib/common/qe_class.py
index 61df8eba3c..813301886d 100644
--- a/src/tests/multihost/sssd/testlib/common/qe_class.py
+++ b/src/tests/multihost/sssd/testlib/common/qe_class.py
@@ -54,6 +54,13 @@ def get_logger(self, name):
log.addHandler(handler)
return log
+ def filter(self, descriptions):
+ """
+ Override default behavior to not filter hosts, so that it can work
+ with dynamic topologies.
+ """
+ return
+
class QeBaseHost(pytest_multihost.host.BaseHost):
"""QeBaseHost subclass of multihost plugin BaseHost class."""
@@ -338,8 +345,11 @@ def session_multihost(request):
mh.others = mh.domain.hosts_by_role('other')
if pytest.num_ad > 0:
- mh.domain_ad = mh.config.domains[1]
- mh.ad = mh.domain_ad.hosts_by_role('ad')
+ mh.ad = []
+ for i in range(1, pytest.num_ad+1):
+ print(i)
+ print(mh.config.domains[i].hosts_by_role('ad'))
+ mh.ad.extend(mh.config.domains[i].hosts_by_role('ad'))
yield mh
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
