Skip to content

Commit

Permalink
Adding sss_override tests
Browse files Browse the repository at this point in the history 
These tests are ported from downstream bash

Signed-off-by: Dan Lavu <[email protected]>
  • Loading branch information
Dan Lavu committed May 25, 2023
1 parent 69f93bf commit 6ed82d0
Showing 1 changed file with 235 additions and 0 deletions.
235 changes: 235 additions & 0 deletions src/tests/system/tests/test_local_overrides.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,235 @@
from __future__ import annotations

import pytest
from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.generic import GenericProvider
from sssd_test_framework.topology import KnownTopology


@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.topology(KnownTopology.AD)
def test_local_overrides__user(client: Client, provider: GenericProvider):
"""
:title: Local override user account
:setup:
1. Create posix user "user1" with posix attributes defined
2. Start SSSD
:steps:
1. Override "user1" to "o-user1"
2. Authenticate as "user1", short and fully qualified name
3. Authenticate as "o-user1", short and fully qualified name
4. Override posix attributes for "o-user1"
5. Search for user override
6. Delete override
:expectedresults:
1. User local override is created
2. Authentication successful for both short and fully qualified name
3. Authentication successful for both short and fully qualified name
4. Local override posix attribute updated
5. Local override "o-user1" found
6. Local override is deleted
:customerscenario: False
"""
provider.user("user1").add(
uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123")
client.local_override.user("user1").add(name="o-user1")
client.sssd.restart()

assert client.ssh("user1", "Secret123")
assert client.ssh("o-user1", "Secret123")
assert client.ssh(f"user1@{client.sssd.domain}", "Secret123")
assert client.ssh(f"o-user1@{client.sssd.domain}", "Secret123")

assert client.tools.getent.passwd("user1").uid != 999999
assert client.tools.getent.passwd("user1").gid != 888888
client.local_override.user("user1").modify(name="o-user1", uid=999999, gid=888888, home="/home/o-user1")
assert client.tools.getent.passwd("user1").uid == 999999
assert client.tools.getent.passwd("user1").gid == 888888
assert client.tools.getent.passwd("user1").home == "/home/o-user1"

client.local_override.user("user1").delete()
assert client.local_override.user("user1").get() == {}


@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.topology(KnownTopology.AD)
def test_local_overrides__group(client: Client, provider: GenericProvider):
"""
:title: Locally override group
:setup:
1. Create group "group1" with posix attributes defined
2. Start SSSD
:steps:
1. Override "group1" to "o-group1"
2. Search for group override
3. Override posix attributes for "o-group1"
4. Search for group override
5. Delete override
:expectedresults:
1. Group local override is created
2. Local override for "o-group1" found
3. Local override posix attribute updated
4. Local override "o-group1" found
5. Local override is deleted
:customerscenario: False
"""
provider.group("group1").add(gid=999999)
client.sssd.start()

client.local_override.group("group1").add(name="o-group1")
client.sssd.restart()

assert client.tools.getent.group("group1")
assert client.tools.getent.group("o-group1")
assert client.tools.getent.group("group1").gid != 888888
client.local_override.group("group1").modify(gid=888888)
assert client.tools.getent.group("group1").gid == 888888

client.local_override.group("group1").delete()
assert client.local_override.group("group1").get() == {}


@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.topology(KnownTopology.AD)
def test_local_overrides__root_user(client: Client, provider: GenericProvider):
"""
:title: Local override root user
:setup:
1. Start SSSD
:steps:
1. Create local override "root" for the user1 user
:expectedresults:
1. Local override is created but the root user contents are not modified
:customerscenario: False
"""
provider.user("user1").add(
uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123")
client.sssd.restart()

client.local_override.user("user1").add(name="root", uid=999022, gid=999022)
assert client.tools.getent.passwd("root").uid == 0
assert client.tools.getent.passwd("root").gid == 0

client.local_override.user("user1").delete()


@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.topology(KnownTopology.AD)
def test_local_overrides__nested(client: Client, provider: GenericProvider):
"""
:title: Local override the local override
:setup:
1. Create posix user "user1" with posix attributes defined
2. Start SSSD
:steps:
1. Override "user1" to "o-user1"
2. Override "o-user1" to "lo-user1"
3. Authenticate as "user1", short and fully qualified name
4. Authenticate as "o-user1", short and fully qualified name
5. Authenticate as "lo-user1", short and fully qualified name
6. Search for user local overrides
:expectedresults:
1. User local override is created
2. Nested user local override is created
3. Authentication successful for both short and fully qualified name
4. Authentication successful for both short and fully qualified name
5. Authentication successful for both short and fully qualified name
6. Local overrides is found for all users
:customerscenario: False
"""
provider.user("user1").add(
uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123")
client.sssd.restart()
client.local_override.user("user1").add(name="o-user1")
client.local_override.user("o-user1").add(name="lo-user1")
assert client.ssh("user1", "Secret123")
assert client.ssh("o-user1", "Secret123")
assert client.ssh("lo-user1", "Secret123")
assert client.ssh(f"user1@{client.sssd.domain}", "Secret123")
assert client.ssh(f"o-user1@{client.sssd.domain}", "Secret123")
assert client.ssh(f"lo-user1@{client.sssd.domain}", "Secret123")

client.local_override.user("user1").delete()


@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.topology(KnownTopology.AD)
def test_local_overrides__import_export(client: Client, provider: GenericProvider):
"""
:title: Import and export local override data to and from a file
:setup:
1. Create posix user "user1" with posix attributes defined
2. Start SSSD
:steps:
1. Override user "user1" to "o-user1" and group "group1" to "o-group1"
2. Search for overrides
3. Export user and group local overrides data to a file
4. Delete overrides
5. Import user and group local overrides data
6. Search for user and group local overrides
:expectedresults:
1. User local override is created
2. User local overrides is found
3. Local overrides data is exported to a file
4. Local override is deleted
5. Local override data is imported from file
6. Local overrides are found
:customerscenario: False
"""

provider.user("user1").add(
uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123")
provider.group("group1").add(gid=999999)
client.local_override.user("user1").add(name="o-user1")
client.local_override.group("group1").add(name="o-group1")
client.sssd.restart()

# local_override.user().backup() exports all user data
client.local_override.user("user1").backup()
client.local_override.group("group1").backup()
client.local_override.user("user1").delete()
client.local_override.group("group1").delete()
assert client.local_override.user("user1").get() == {}
assert client.local_override.group("group1").get() == {}

client.local_override.user("user1").restore()
client.local_override.group("group1").restore()
assert client.local_override.user("user1").get(["name"]) == {"name": ["o-user1"]}
assert client.local_override.group("group1").get(["name"]) == {"name": ["o-group1"]}

client.local_override.user("user1").delete()
client.local_override.group("group1").delete()


@pytest.mark.ticket(bz=2757)
@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.topology(KnownTopology.AD)
def test_local_overrides__fqn_true(client: Client, provider: GenericProvider):
"""
:title: Local overrides with use_fully_qualified_names = True
:setup:
1. Create posix user "user1" with posix attributes defined
2. Edit SSSD configuration and set "use_fully_qualified_names" = True
3. Start SSSD
:steps:
1. Override "user1" to "o-user1"
2. Authenticate as "user1", only the fully qualified name
3. Authenticate as "o-user1", only the fully qualified name
:expectedresults:
1. User local override is created
2. Authentication successful
3. Authentication successful
:customerscenario: False
"""
provider.user("user1").add(
uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123")
client.sssd.domain["use_fully_qualified_names"] = "True"
client.local_override.user(f"user1@{client.sssd.domain}").add(name="o-user1")
client.sssd.restart()
assert client.ssh("user1", "Secret123") is not 0
assert client.ssh("o-user1", "Secret123") is not 0
assert client.ssh(f"user1@{client.sssd.domain}", "Secret123")
assert client.ssh(f"o-user1@{client.sssd.domain}", "Secret123")

client.local_override.user("user1").delete()

0 comments on commit 6ed82d0

Please sign in to comment.