Tests: Test transformation of bash-ldap-id-ldap-auth netgroup

Test transformation of bash-ldap-id-ldap-auth netgroup
SSSD · Oct 23, 2024 · 2f12780 · 2f12780
1 parent b928dbe
commit 2f12780
Showing 1 changed file with 143 additions and 0 deletions.
diff --git a/src/tests/system/tests/test_netgroups.py b/src/tests/system/tests/test_netgroups.py
@@ -9,6 +9,7 @@
 import pytest
 from sssd_test_framework.roles.client import Client
 from sssd_test_framework.roles.generic import GenericProvider
+from sssd_test_framework.roles.ipa import IPA
 from sssd_test_framework.topology import KnownTopologyGroup
 
 
@@ -108,3 +109,145 @@ def test_netgroups__add_remove_netgroup_member(client: Client, provider: Generic
     assert len(result.members) == 1
     assert "(-, user-1)" not in result.members
     assert "(-, user-2)" in result.members
+
+
+@pytest.mark.parametrize("Operation", ["Add", "Replace"])
+@pytest.mark.importance("low")
+@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
+def test_netgroup__user_attribute_membernisnetgroup_uses_group_dn(
+    client: Client, provider: GenericProvider, Operation: str
+):
+    """
+    :title: User's 'memberNisNetgroup' attribute values are the DN of the group.
+    :setup:
+        1. Create users, groups.
+        2. Create a new netgroup called QAUsers and add a member (ng9000) to QAUsers
+        3. Create another netgroup named DEVUsers and add a member (ng9005) to DEVUsers
+        4. Modify the DEVUsers netgroup to replace its members with the members of QAUsers.
+        5. Start sssd
+    :steps:
+        1. Retrieve all members of the DEVUsers netgroup.
+        2. Confirm that the member directly added to DEVUsers is present.
+        3. Confirm that the member from QAUsers is now part of DEVUsers.
+    :expectedresults:
+        1. All members should be retrieved
+        2. Members directly added to DEVUsers is present.
+        3. Members from QAUsers is now part of DEVUsers.
+    :customerscenario: False
+    """
+    if isinstance(provider, IPA):
+        pytest.skip(reason="Not for IPA povider")
+
+    for id in [9000, 9005]:
+        provider.user(f"ng{id}").add()
+
+    netgroup_qa = provider.netgroup("QAUsers").add()
+    netgroup_qa.add_member(host="testhost1", user="ng9000", domain="ldap.test")
+
+    netgroup_dev = provider.netgroup("DEVUsers").add()
+    netgroup_dev.add_member(host="testhost5", user="ng9005", domain="ldap.test")
+    if Operation == "Replace":
+        netgroup_dev.add_member(ng=netgroup_qa.dn)
+    else:
+        netgroup_dev.add_member(ng="QAUsers")
+    client.sssd.start()
+
+    member = client.tools.getent.netgroup("DEVUsers").members
+    assert "(testhost5, ng9005, ldap.test)" in member
+    assert "(testhost1, ng9000, ldap.test)" in member
+
+
+@pytest.mark.importance("low")
+@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
+def test_netgroup__lookup_nested_groups(client: Client, provider: GenericProvider):
+    """
+    :title: Nesting netgroups and verifying user memberships using LDAP with sssd.
+    :setup:
+        1. Create users, groups.
+        2. Create netgroup named netgroup and Add Member
+        3. Create another netgroup named nested_netgroup
+        4. Add Members to nested_netgroup
+        5. Add Circular Netgroup Nesting to nested_netgroup
+        6. Start sssd
+    :steps:
+        1. Retrieves all members of the "nested_netgroup" group using the getent netgroup tool.
+        2. Verify that users from another group is also part of "nested_netgroup".
+        3. Checks if a user who is not in any netgroup is part of "nested_netgroup".
+        4. After the SSSD restart, it retrieves the members of "nested_netgroup" again to ensure they still intact.
+    :expectedresults:
+        1. All members of the "nested_netgroup" group be there
+        2. Users from another group is also part of "nested_netgroup".
+        3. User who is not in any netgroup is part of "nested_netgroup".
+        4. After restart all members of the "nested_netgroup" group be there
+    """
+    if isinstance(provider, IPA):
+        pytest.skip(reason="Not for IPA povider")
+
+    for id in [9000, 9005, 9006]:
+        provider.user(f"ng{id}").add()
+
+    netgroup = provider.netgroup("netgroup").add()
+    netgroup.add_member(host="testhost1", user="ng9000", domain="ldap.test")
+
+    nested_netgroup = provider.netgroup("nested_netgroup").add()
+    nested_netgroup.add_member(ng=netgroup.dn)
+    nested_netgroup.add_member(host="testhost5", user="ng9005", domain="ldap.test")
+    nested_netgroup.add_member(user="ng9006")
+
+    netgroup.add_member(ng=nested_netgroup.dn)
+
+    client.sssd.start()
+
+    member = client.tools.getent.netgroup("nested_netgroup").members
+    assert "(testhost1,ng9000,ldap.test)" in member
+    assert "(-,ng9006,)" in member
+    assert "(testhost5,ng9005,ldap.test)" in member
+
+    client.sssd.restart()
+
+    member = client.tools.getent.netgroup("nested_netgroup").members
+    assert "(testhost1,ng9000,ldap.test)" in member
+    assert "(-,ng9006,)" in member
+    assert "(testhost5,ng9005,ldap.test)" in member
+
+
+@pytest.mark.parametrize(
+    "user, domain, expected",
+    [("host", "host.ldap.test", "(host,-,host.ldap.test)"), ("ng9006", "", "(-,ng9006,)")],
+)
+@pytest.mark.importance("low")
+@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
+def test_netgroup__host_and_domain(client: Client, provider: GenericProvider, user: str, domain: str, expected: str):
+    """
+    :title: Netgroup contains a member that only has a host and domain specified, but no associated user.
+    :setup:
+        1. Create users, groups.
+        2. Create QAUsers Netgroup and Add Member
+        3. Create DEVUsers Netgroup and Add Members
+        4. Start sssd
+    :steps:
+        1.  Check whether the expected member is present in the DEVUsers netgroup.
+    :expectedresults:
+        1. Member is present in the DEVUsers netgroup.
+    :customerscenario: False
+    """
+    if isinstance(provider, IPA):
+        pytest.skip(reason="Not for IPA povider")
+
+    for id in [9000, 9005]:
+        provider.user(f"ng{id}").add()
+
+    netgroup_qa = provider.netgroup("QAUsers").add()
+    netgroup_qa.add_member(host="testhost1", user="ng9000", domain="ldap.test")
+
+    netgroup_dev = provider.netgroup("DEVUsers").add()
+    netgroup_dev.add_member(host="testhost5", user="ng9005", domain="ldap.test")
+    if domain == "host.ldap.test":
+        netgroup_dev.add_member(host=user, domain=domain)
+    else:
+        netgroup_dev.add_member(user=user)
+
+    client.sssd.start()
+
+    member = client.tools.getent.netgroup("DEVUsers").members
+    assert expected in member