-
Notifications
You must be signed in to change notification settings - Fork 247
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
These tests are ported from downstream bash Signed-off-by: Dan Lavu <[email protected]>
- Loading branch information
Dan Lavu
committed
Jun 14, 2023
1 parent
69f93bf
commit 499422e
Showing
1 changed file
with
263 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,263 @@ | ||
| from __future__ import annotations | ||
|
|
||
| import pytest | ||
| from sssd_test_framework.roles.client import Client | ||
| from sssd_test_framework.roles.generic import GenericProvider | ||
| from sssd_test_framework.topology import KnownTopology | ||
|
|
||
|
|
||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| @pytest.mark.topology(KnownTopology.Samba) | ||
| @pytest.mark.topology(KnownTopology.IPA) | ||
| def test_local_overrides__user(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Local override user account | ||
| :setup: | ||
| 1. Create posix user "user1" with posix attributes defined | ||
| 2. Start SSSD | ||
| :steps: | ||
| 1. Override "user1" to "o-user1" | ||
| 2. Authenticate as "user1", short and fully qualified name | ||
| 3. Authenticate as "o-user1", short and fully qualified name | ||
| 4. Override posix attributes for "o-user1" | ||
| 5. Search for user override | ||
| 6. Delete override | ||
| :expectedresults: | ||
| 1. User local override is created | ||
| 2. Authentication successful for both short and fully qualified name | ||
| 3. Authentication successful for both short and fully qualified name | ||
| 4. Local override posix attribute updated | ||
| 5. Local override "o-user1" found | ||
| 6. Local override is deleted | ||
| :customerscenario: False | ||
| """ | ||
| provider.user("user1").add( | ||
| uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" | ||
| ) | ||
| client.sssd.start() | ||
| client.sss_override.user("user1").add(name="o-user1") | ||
| client.sssd.restart() | ||
|
|
||
| assert client.auth.ssh.password("user1", "Secret123") | ||
| assert client.auth.ssh.password("o-user1", "Secret123") | ||
| assert client.auth.ssh.password(f"user1@{client.sssd.default_domain}", "Secret123") | ||
| assert client.auth.ssh.password(f"o-user1@{client.sssd.default_domain}", "Secret123") | ||
|
|
||
| result = client.tools.getent.passwd("user1") | ||
| assert result.uid == 999011 | ||
| assert result.gid == 999011 | ||
| client.sss_override.user("user1").modify(name="o-user1", uid=999999, gid=888888, home="/home/o-user1") | ||
| client.sssd.restart() | ||
|
|
||
| result = client.tools.getent.passwd("user1") | ||
| assert result.uid == 999011 | ||
| assert result.gid == 999011 | ||
| assert result.home == "/home/o-user1" | ||
|
|
||
| client.sss_override.user("user1").delete() | ||
| assert not client.sss_override.user("user1").get() | ||
| assert not client.tools.getent.passwd("user1") | ||
|
|
||
|
|
||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| @pytest.mark.topology(KnownTopology.Samba) | ||
| @pytest.mark.topology(KnownTopology.IPA) | ||
| def test_local_overrides__group(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Locally override group | ||
| :setup: | ||
| 1. Create group "group1" with posix attributes defined | ||
| 2. Start SSSD | ||
| :steps: | ||
| 1. Override "group1" to "o-group1" | ||
| 2. Search for group override | ||
| 3. Override posix attributes for "o-group1" | ||
| 4. Search for group override | ||
| 5. Delete override | ||
| :expectedresults: | ||
| 1. Group local override is created | ||
| 2. Local override for "o-group1" found | ||
| 3. Local override posix attribute updated | ||
| 4. Local override "o-group1" found | ||
| 5. Local override is deleted | ||
| :customerscenario: False | ||
| """ | ||
| provider.group("group1").add(gid=999999) | ||
| client.sssd.start() | ||
| client.sss_override.group("group1").add(name="o-group1") | ||
| client.sssd.restart() | ||
|
|
||
| assert client.tools.getent.group("group1") | ||
| assert client.tools.getent.group("o-group1") | ||
| assert client.tools.getent.group("group1").gid != 888888 | ||
| client.sss_override.group("group1").modify(gid=888888) | ||
| client.sssd.restart() | ||
| assert client.tools.getent.group("group1").gid == 888888 | ||
|
|
||
| client.sss_override.group("group1").delete() | ||
| assert not client.sss_override.group("group1").get() | ||
| assert not client.tools.getent.group("o-group1") | ||
|
|
||
|
|
||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| @pytest.mark.topology(KnownTopology.Samba) | ||
| @pytest.mark.topology(KnownTopology.IPA) | ||
| def test_local_overrides__root_user(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Local override root user | ||
| :setup: | ||
| 1. Start SSSD | ||
| :steps: | ||
| 1. Create local override "root" for the user1 user | ||
| :expectedresults: | ||
| 1. Local override is created but the root user contents are not modified | ||
| :customerscenario: False | ||
| """ | ||
| provider.user("user1").add( | ||
| uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" | ||
| ) | ||
| client.sssd.start() | ||
| client.sss_override.user("user1").add(name="root", uid=999022, gid=999022) | ||
| client.sssd.restart() | ||
|
|
||
| assert client.tools.getent.passwd("root").uid == 0 | ||
| assert client.tools.getent.passwd("root").gid == 0 | ||
|
|
||
| client.sss_override.user("user1").delete() | ||
|
|
||
|
|
||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| @pytest.mark.topology(KnownTopology.Samba) | ||
| @pytest.mark.topology(KnownTopology.IPA) | ||
| def test_local_overrides__nested(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Local override the local override | ||
| :setup: | ||
| 1. Create posix user "user1" with posix attributes defined | ||
| 2. Start SSSD | ||
| :steps: | ||
| 1. Override "user1" to "o-user1" | ||
| 2. Override "o-user1" to "lo-user1" | ||
| 3. Authenticate as "user1", short and fully qualified name | ||
| 4. Authenticate as "o-user1", short and fully qualified name | ||
| 5. Authenticate as "lo-user1", short and fully qualified name | ||
| 6. Search for user local overrides | ||
| :expectedresults: | ||
| 1. User local override is created | ||
| 2. Nested user local override is created | ||
| 3. Authentication successful for both short and fully qualified name | ||
| 4. Authentication successful for both short and fully qualified name | ||
| 5. Authentication successful for both short and fully qualified name | ||
| 6. Local overrides is found for all users | ||
| :customerscenario: False | ||
| """ | ||
| provider.user("user1").add( | ||
| uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" | ||
| ) | ||
| client.sssd.start() | ||
| client.sss_override.user("user1").add(name="o-user1") | ||
| client.sssd.restart() | ||
| client.sss_override.user("o-user1").add(name="lo-user1") | ||
| assert client.auth.ssh.password("user1", "Secret123") | ||
| assert client.auth.ssh.password("o-user1", "Secret123") | ||
| assert client.auth.ssh.password("lo-user1", "Secret123") | ||
| assert client.auth.ssh.password(f"user1@{client.sssd.default_domain}", "Secret123") | ||
| assert client.auth.ssh.password(f"o-user1@{client.sssd.default_domain}", "Secret123") | ||
| assert client.auth.ssh.password(f"lo-user1@{client.sssd.default_domain}", "Secret123") | ||
|
|
||
| client.sss_override.user("user1").delete() | ||
|
|
||
|
|
||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| @pytest.mark.topology(KnownTopology.Samba) | ||
| @pytest.mark.topology(KnownTopology.IPA) | ||
| def test_local_overrides__import_export(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Import and export local override data to and from a file | ||
| :setup: | ||
| 1. Create posix user "user1" with posix attributes defined | ||
| 2. Start SSSD | ||
| :steps: | ||
| 1. Override user "user1" to "o-user1" and group "group1" to "o-group1" | ||
| 2. Search for overrides | ||
| 3. Export user and group local overrides data to a file | ||
| 4. Delete overrides | ||
| 5. Import user and group local overrides data | ||
| 6. Search for user and group local overrides | ||
| :expectedresults: | ||
| 1. User local override is created | ||
| 2. User local overrides is found | ||
| 3. Local overrides data is exported to a file | ||
| 4. Local override is deleted | ||
| 5. Local override data is imported from file | ||
| 6. Local overrides are found | ||
| :customerscenario: False | ||
| """ | ||
|
|
||
| provider.user("user1").add( | ||
| uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" | ||
| ) | ||
| provider.group("group1").add(gid=999999) | ||
| client.sssd.start() | ||
| client.sss_override.user("user1").add(name="o-user1") | ||
| client.sssd.restart() | ||
| client.sss_override.group("group1").add(name="o-group1") | ||
|
|
||
| # local_override.user().backup() exports all user data | ||
| client.sss_override.user("user1").backup() | ||
| client.sss_override.group("group1").backup() | ||
| client.sss_override.user("user1").delete() | ||
| client.sss_override.group("group1").delete() | ||
| assert not client.sss_override.user("user1").get() | ||
| assert not client.sss_override.group("group1").get() | ||
|
|
||
| client.sss_override.user("user1").restore() | ||
| client.sss_override.group("group1").restore() | ||
|
|
||
| assert client.sss_override.user("user1").get(["name"]) == {"name": ["o-user1"]} | ||
| assert client.sss_override.group("group1").get(["name"]) == {"name": ["o-group1"]} | ||
|
|
||
| client.sss_override.user("user1").delete() | ||
| client.sss_override.group("group1").delete() | ||
|
|
||
|
|
||
| @pytest.mark.ticket(bz=2757) | ||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| @pytest.mark.topology(KnownTopology.Samba) | ||
| @pytest.mark.topology(KnownTopology.IPA) | ||
| def test_local_overrides__fqn_true(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Local overrides with use_fully_qualified_names = True | ||
| :setup: | ||
| 1. Create posix user "user1" with posix attributes defined | ||
| 2. Edit SSSD configuration and set "use_fully_qualified_names" = True | ||
| 3. Start SSSD | ||
| :steps: | ||
| 1. Override "user1" to "o-user1" | ||
| 2. Authenticate as "user1", only the fully qualified name | ||
| 3. Authenticate as "o-user1", only the fully qualified name | ||
| :expectedresults: | ||
| 1. User local override is created | ||
| 2. Authentication successful | ||
| 3. Authentication successful | ||
| :customerscenario: False | ||
| """ | ||
| provider.user("user1").add( | ||
| uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" | ||
| ) | ||
| client.sssd.domain["use_fully_qualified_names"] = "True" | ||
| client.sssd.start() | ||
| client.sss_override.user(f"user1@{client.sssd.default_domain}").add(name="o-user1") | ||
| client.sssd.restart() | ||
| assert client.auth.ssh.password("user1", "Secret123") != 0 | ||
| assert client.auth.ssh.password("o-user1", "Secret123") != 0 | ||
| assert client.auth.ssh.password(f"user1@{client.sssd.default_domain}", "Secret123") | ||
| assert client.auth.ssh.password(f"o-user1@{client.sssd.default_domain}", "Secret123") | ||
|
|
||
| client.sss_override.user("user1").delete() |