Skip to content

Commit

Permalink
Tests: Test transformation of bash-ldap-id-ldap-auth netgroup
Browse files Browse the repository at this point in the history
Test transformation of bash-ldap-id-ldap-auth netgroup
  • Loading branch information
aborah-sudo committed Oct 18, 2024
1 parent 263cb2e commit a19c0cb
Showing 1 changed file with 145 additions and 1 deletion.
146 changes: 145 additions & 1 deletion src/tests/system/tests/test_netgroups.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,21 @@
import pytest
from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.generic import GenericProvider
from sssd_test_framework.topology import KnownTopologyGroup
from sssd_test_framework.roles.ldap import LDAP
from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup


def create_users(ldap: LDAP):
"""
Creates users/groups needed for this test script.
"""
ou_people = ldap.ou("People").add()
ou_group = ldap.ou("groups").add()
ldap.ou("Netgroup").add()

for id in [9000, 9001, 9002, 9003, 9004, 9005, 9006, 9007, 9008, 9009, 9010]:
ldap.user(f"ng{id}", basedn=ou_people).add()
ldap.user(f"ng{id}", basedn=ou_group).add()


@pytest.mark.importance("medium")
Expand Down Expand Up @@ -108,3 +122,133 @@ def test_netgroups__add_remove_netgroup_member(client: Client, provider: Generic
assert len(result.members) == 1
assert "(-, user-1)" not in result.members
assert "(-, user-2)" in result.members


@pytest.mark.parametrize("Operation", ["Add", "Replace"])
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopology.LDAP)
def test_netgroup__add_dn_membernisnetgroup(client: Client, ldap: LDAP, Operation: str):
"""
:title: SSSD processes 'memberNisNetgroup' attribute is the DN of a group.
:setup:
1. Create users, groups and start sssd.
2. Create a new netgroup called QAUsers and add a member (ng9000) to QAUsers
3. Create another netgroup named DEVUsers and add a member (ng9005) to DEVUsers
4. Modify the DEVUsers netgroup to replace its members with the members of QAUsers.
5. Start sssd
:steps:
1. Retrieve all members of the DEVUsers netgroup.
2. Confirm that the member directly added to DEVUsers is present.
3. Confirm that the member from QAUsers is now part of DEVUsers.
:expectedresults:
1. All members should be retrieved
2. Tuple (testhost5, ng9005, ldap.test) is present as a direct member of "DEVUsers".
3. Tuple (testhost1, ng9000, ldap.test) is also present.
:customerscenario: False
"""
ou = ldap.ou("Netgroup")
create_users(ldap)

qa_users = ldap.netgroup("QAUsers", basedn=ou).add()
qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test")

dev_users = ldap.netgroup("DEVUsers", basedn=ou).add()
dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test")
if Operation == "Replace":
ldap.ldap.modify(dev_users.dn, replace={"memberNisNetgroup": qa_users.dn})
else:
ldap.ldap.modify(dev_users.dn, add={"memberNisNetgroup": "QAUsers"})
client.sssd.start()

member = client.tools.getent.netgroup("DEVUsers").members
assert "(testhost5, ng9005, ldap.test)" in member
assert "(testhost1, ng9000, ldap.test)" in member


@pytest.mark.parametrize("user, domain, expected", [("samplehost", "samplehost.domain.com",
"(samplehost,-,samplehost.domain.com)"),
("ng9006", "", "(-,ng9006,)")])
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopology.LDAP)
def test_netgroup__host_and_domain(client: Client, ldap: LDAP, user: str, domain: str, expected: str):
"""
:title: Netgroup contains a member that only has a host and domain specified, but no associated user.
:setup:
1. Create users, groups.
2. Create QAUsers Netgroup and Add Member
3. Create DEVUsers Netgroup and Add Members
4. Start sssd
:steps:
1. Check that the tuple is part of the group
:expectedresults:
1. The tuple is part of the group
:customerscenario: False
"""
ou = ldap.ou("Netgroup")
create_users(ldap)

qa_users = ldap.netgroup("QAUsers", basedn=ou).add()
qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test")

dev_users = ldap.netgroup("DEVUsers", basedn=ou).add()
dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test")
if domain == "samplehost.domain.com":
dev_users.add_member(host=user, domain=domain)
else:
dev_users.add_member(user=user)

client.sssd.start()

member = client.tools.getent.netgroup("DEVUsers").members
assert expected in member


@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopology.LDAP)
def test_netgroup__with_nested_loop(client: Client, ldap: LDAP):
"""
:title: Create and manages nested LDAP netgroups and tests their behavior.
:setup:
1. Create users, groups.
2. Create QAUsers Netgroup and Add Member
3. Create DEVUsers Netgroup and Add Nested Netgroup
4. Add Members to DEVUsers
5. Add Circular Netgroup Nesting
6. Start sssd
:steps:
1. Retrieves all members of the "DEVUsers" group using the getent netgroup tool.
2. Check for ng9000: Verifies that ng9000 (from QAUsers) is also part of "DEVUsers".
3. Checks if a user random (who is not in any netgroup) is part of "DEVUsers".
4. After the SSSD restart, it retrieves the members of "DEVUsers" again to ensure they are still intact.
:expectedresults:
1. All members of the "DEVUsers" group be there
2. ng9000 (from QAUsers) is also part of "DEVUsers"
3. random (who is not in any netgroup) is not part of "DEVUsers".
4. All members of the "DEVUsers" group be there
"""
ou = ldap.ou("Netgroup")
create_users(ldap)

qa_users = ldap.netgroup("QAUsers", basedn=ou).add()
qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test")

dev_users = ldap.netgroup("DEVUsers", basedn=ou).add()
ldap.ldap.modify(dev_users.dn, add={"memberNisNetgroup": qa_users.dn})
dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test")
dev_users.add_member(user="ng9006")

ldap.ldap.modify(qa_users.dn, add={"memberNisNetgroup": dev_users.dn})

client.sssd.start()

member = client.tools.getent.netgroup("DEVUsers").members
assert "(testhost1,ng9000,ldap.test)" in member
assert "(-,ng9006,)" in member
assert "(testhost5,ng9005,ldap.test)" in member

client.sssd.restart()

member = client.tools.getent.netgroup("DEVUsers").members
assert "(testhost1,ng9000,ldap.test)" in member
assert "(-,ng9006,)" in member
assert "(testhost5,ng9005,ldap.test)" in member

0 comments on commit a19c0cb

Please sign in to comment.