-
Notifications
You must be signed in to change notification settings - Fork 247
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Dan Lavu <[email protected]>
- Loading branch information
Dan Lavu
committed
May 5, 2023
1 parent
265f6e0
commit 6684892
Showing
1 changed file
with
250 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,250 @@ | ||
| from __future__ import annotations | ||
|
|
||
| import pytest | ||
| from sssd_test_framework.roles.client import Client | ||
| from sssd_test_framework.roles.generic import GenericProvider | ||
| from sssd_test_framework.topology import KnownTopology | ||
|
|
||
|
|
||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| def test_overrides__user(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Local override user account | ||
| :setup: | ||
| 1. Create posix user "user1" with posix attributes defined | ||
| 2. Start SSSD | ||
| :steps: | ||
| 1. Search for overrides | ||
| 2. Override "user1" to "o-user1" | ||
| 3. Authenticate as "user1", short and fully qualified name | ||
| 4. Authenticate as "o-user1", short and fully qualified name | ||
| 5. Override posix attributes for "o-user1" | ||
| 6. Search for user override | ||
| 7. Delete override | ||
| :expectedresults: | ||
| 1. No local overrides found | ||
| 2. User local override is created | ||
| 3. Authentication successful for both short and fully qualified name | ||
| 4. Authentication successful for both short and fully qualified name | ||
| 5. Local override posix attribute updated | ||
| 6. Local override "o-user1" found | ||
| 7. Local override is deleted | ||
| :customerscenario: False | ||
| """ | ||
| provider.user("user1").add( | ||
| uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123") | ||
| client.sssd.start() | ||
| assert client.ssh("user1", "Secret123") | ||
| sss_override = client.override.user("user1") | ||
|
|
||
| sss_override.add(name="o-user1") | ||
| client.sssd.restart() | ||
| assert client.ssh("user1", "Secret123") | ||
| assert client.ssh("o-user1", "Secret123") | ||
| assert client.ssh(f"user1@{client.sssd.domain}", "Secret123") | ||
| assert client.ssh(f"o-user1@{client.sssd.domain}", "Secret123") | ||
|
|
||
| assert 999999 != client.tools.getent.passwd("user1").uid | ||
| assert 888888 != client.tools.getent.passwd("user1").gid | ||
| sss_override.modify(name="o-user1", uid=999999, gid=888888, home="/home/o-user1") | ||
| assert 999999 == client.tools.getent.passwd("user1").uid | ||
| assert 888888 == client.tools.getent.passwd("user1").gid | ||
| assert "/home/o-user1" == client.tools.getent.passwd("user1").home | ||
|
|
||
| sss_override.delete() | ||
| assert sss_override.get() == {} | ||
|
|
||
|
|
||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| def test_overrides__group(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Locally override group | ||
| :setup: | ||
| 1. Create group "group1" with posix attributes defined | ||
| 2. Start SSSD | ||
| :steps: | ||
| 1. Search for overrides | ||
| 2. Override "group1" to "o-group1" | ||
| 3. Search for group override | ||
| 4. Override posix attributes for "o-group1" | ||
| 5. Search for group override | ||
| 6. Delete override | ||
| :expectedresults: | ||
| 1. No local overrides found | ||
| 2. Group local override is created | ||
| 3. Local override for "o-group1" found | ||
| 4. Local override posix attribute updated | ||
| 5. Local override "o-group1" found | ||
| 6. Local override is deleted | ||
| :customerscenario: False | ||
| """ | ||
|
|
||
| provider.group("group1").add(gid=999999) | ||
|
|
||
| client.sssd.start() | ||
| sss_override = client.override.group("group1") | ||
| sss_override.add(name="o-group1") | ||
| client.sssd.restart() | ||
|
|
||
| assert client.tools.getent.group("group1") | ||
| assert client.tools.getent.group("o-group1") | ||
| assert 888888 != client.tools.getent.group("group1").gid | ||
| sss_override.modify(gid=888888) | ||
| assert 888888 == client.tools.getent.group("group1").gid | ||
|
|
||
| sss_override.delete() | ||
| assert sss_override.get() == {} | ||
|
|
||
|
|
||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| def test_overrides__root_user(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Local override root user | ||
| :setup: | ||
| 1. Start SSSD | ||
| :steps: | ||
| 1. Create local override "o-root" for the root user | ||
| :expectedresults: | ||
| 1. Fails to create override for root user | ||
| :customerscenario: False | ||
| """ | ||
| client.sssd.start() | ||
|
|
||
| output = client.host.ssh.run("sss_override user-add root -n o-root", raise_on_error=False) | ||
| assert output.rc is not 0 | ||
| client.sssd.restart() | ||
|
|
||
|
|
||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| def test_overrides__nested(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Local override the local override | ||
| :setup: | ||
| 1. Create posix user "user1" with posix attributes defined | ||
| 2. Start SSSD | ||
| :steps: | ||
| 1. Search for overrides | ||
| 2. Override "user1" to "o-user1" | ||
| 3. Override "o-user1" to "lo-user1" | ||
| 4. Authenticate as "user1", short and fully qualified name | ||
| 5. Authenticate as "o-user1", short and fully qualified name | ||
| 6. Authenticate as "lo-user1", short and fully qualified name | ||
| 7. Search for user local overrides | ||
| :expectedresults: | ||
| 1. No local overrides found | ||
| 2. User local override is created | ||
| 3. Nested user local override is created | ||
| 4. Authentication successful for both short and fully qualified name | ||
| 5. Authentication successful for both short and fully qualified name | ||
| 6. Authentication successful for both short and fully qualified name | ||
| 7. Local overrides is found for all users | ||
| :customerscenario: False | ||
| """ | ||
| provider.user("user1").add( | ||
| uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123") | ||
| client.sssd.start() | ||
| assert client.ssh("user1", "Secret123") | ||
| client.override.user("user1").add(name="o-user1") | ||
| client.sssd.restart() | ||
| sss_override = client.override.user("user1") | ||
| sss_override.add(name="lo-user1") | ||
| client.sssd.restart() | ||
| assert client.ssh("user1", "Secret123") | ||
| assert client.ssh("o-user1", "Secret123") | ||
| assert client.ssh("lo-user1", "Secret123") | ||
| assert client.ssh(f"user1@{client.sssd.domain}", "Secret123") | ||
| assert client.ssh(f"o-user1@{client.sssd.domain}", "Secret123") | ||
| assert client.ssh(f"lo-user1@{client.sssd.domain}", "Secret123") | ||
|
|
||
| sss_override.delete() | ||
| assert sss_override.get() == {} | ||
|
|
||
|
|
||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| def test_overrides__import_export(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Export and import local overrides | ||
| :setup: | ||
| 1. Create posix user "user1" with posix attributes defined | ||
| 2. Start SSSD | ||
| :steps: | ||
| 1. Search for overrides | ||
| 2. Override user "user1" to "o-user1" | ||
| 3. Authenticate as "user1", short and fully qualified name | ||
| 4. Search for overrides | ||
| 5. Export user local overrides data to a file | ||
| 6. Delete override | ||
| 7. Authenticate as "user1", short and fully qualified name | ||
| 8. Import user local overrides data | ||
| 9. Search for user local overrides | ||
| 10. Authenticate as "user1", short and fully qualified name | ||
| :expectedresults: | ||
| 1. No local overrides found | ||
| 2. User local override is created | ||
| 3. Authentication successful for both short and fully qualified name | ||
| 4. User local overrides is found | ||
| 5. Local overrides data is exported to a file | ||
| 6. Local override is deleted | ||
| 7. Authentication fails | ||
| 8. Local override data is imported from file | ||
| 9. Local override is found | ||
| 10. Authentication successful for both short and fully qualified name | ||
| :customerscenario: False | ||
| """ | ||
| pass | ||
|
|
||
|
|
||
| @pytest.mark.ticket(bz=2757) | ||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| def test_overrides__fqdn_true(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: Local overrides with use_fully_qualified_names = True | ||
| :setup: | ||
| 1. Create posix user "user1" with posix attributes defined | ||
| 2. Edit SSSD configuration and set "use_fully_qualified_names" = True | ||
| 3. Start SSSD | ||
| :steps: | ||
| 1. Search for overrides | ||
| 2. Override "user1" to "o-user1" | ||
| 3. Authenticate as "user1", only the fully qualified name | ||
| 4. Authenticate as "o-user1", only the fully qualified name | ||
| :expectedresults: | ||
| 1. No local overrides found | ||
| 2. User local override is created | ||
| 3. Authentication successful | ||
| 4. Authentication successful | ||
| :customerscenario: False | ||
| """ | ||
| pass | ||
|
|
||
|
|
||
| @pytest.mark.ticket(bz=2790) | ||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| @pytest.mark.topology(KnownTopology.AD) | ||
| def test_overrides__user_alias(client: Client, provider: GenericProvider): | ||
| """ | ||
| :title: | ||
| :setup: | ||
| 1. Create posix user "user1" with posix attributes defined | ||
| 2. Edit SSSD configuration and set "use_fully_qualified_names" = True | ||
| 3. Start SSSD | ||
| :steps: | ||
| 1. Search for overrides | ||
| 2. Override "user1" to "o-user1" | ||
| 3. Authenticate as "user1", only the fully qualified name | ||
| 4. Authenticate as "o-user1", only the fully qualified name | ||
| :expectedresults: | ||
| 1. No local overrides found | ||
| 2. User local override is created | ||
| 3. Authentication successful | ||
| 4. Authentication successful | ||
| :customerscenario: False | ||
| """ | ||
| pass |