From 2f12780982558e32640094b87de35b208907058d Mon Sep 17 00:00:00 2001 From: aborah-sudo Date: Wed, 16 Oct 2024 09:09:11 +0530 Subject: [PATCH] Tests: Test transformation of bash-ldap-id-ldap-auth netgroup Test transformation of bash-ldap-id-ldap-auth netgroup --- src/tests/system/tests/test_netgroups.py | 143 +++++++++++++++++++++++ 1 file changed, 143 insertions(+) diff --git a/src/tests/system/tests/test_netgroups.py b/src/tests/system/tests/test_netgroups.py index 87ebafd21f2..e3318393fe4 100644 --- a/src/tests/system/tests/test_netgroups.py +++ b/src/tests/system/tests/test_netgroups.py @@ -9,6 +9,7 @@ import pytest from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.ipa import IPA from sssd_test_framework.topology import KnownTopologyGroup @@ -108,3 +109,145 @@ def test_netgroups__add_remove_netgroup_member(client: Client, provider: Generic assert len(result.members) == 1 assert "(-, user-1)" not in result.members assert "(-, user-2)" in result.members + + +@pytest.mark.parametrize("Operation", ["Add", "Replace"]) +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_netgroup__user_attribute_membernisnetgroup_uses_group_dn( + client: Client, provider: GenericProvider, Operation: str +): + """ + :title: User's 'memberNisNetgroup' attribute values are the DN of the group. + :setup: + 1. Create users, groups. + 2. Create a new netgroup called QAUsers and add a member (ng9000) to QAUsers + 3. Create another netgroup named DEVUsers and add a member (ng9005) to DEVUsers + 4. Modify the DEVUsers netgroup to replace its members with the members of QAUsers. + 5. Start sssd + :steps: + 1. Retrieve all members of the DEVUsers netgroup. + 2. Confirm that the member directly added to DEVUsers is present. + 3. Confirm that the member from QAUsers is now part of DEVUsers. + :expectedresults: + 1. All members should be retrieved + 2. Members directly added to DEVUsers is present. + 3. Members from QAUsers is now part of DEVUsers. + :customerscenario: False + """ + if isinstance(provider, IPA): + pytest.skip(reason="Not for IPA povider") + + for id in [9000, 9005]: + provider.user(f"ng{id}").add() + + netgroup_qa = provider.netgroup("QAUsers").add() + netgroup_qa.add_member(host="testhost1", user="ng9000", domain="ldap.test") + + netgroup_dev = provider.netgroup("DEVUsers").add() + netgroup_dev.add_member(host="testhost5", user="ng9005", domain="ldap.test") + if Operation == "Replace": + netgroup_dev.add_member(ng=netgroup_qa.dn) + else: + netgroup_dev.add_member(ng="QAUsers") + client.sssd.start() + + member = client.tools.getent.netgroup("DEVUsers").members + assert "(testhost5, ng9005, ldap.test)" in member + assert "(testhost1, ng9000, ldap.test)" in member + + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_netgroup__lookup_nested_groups(client: Client, provider: GenericProvider): + """ + :title: Nesting netgroups and verifying user memberships using LDAP with sssd. + :setup: + 1. Create users, groups. + 2. Create netgroup named netgroup and Add Member + 3. Create another netgroup named nested_netgroup + 4. Add Members to nested_netgroup + 5. Add Circular Netgroup Nesting to nested_netgroup + 6. Start sssd + :steps: + 1. Retrieves all members of the "nested_netgroup" group using the getent netgroup tool. + 2. Verify that users from another group is also part of "nested_netgroup". + 3. Checks if a user who is not in any netgroup is part of "nested_netgroup". + 4. After the SSSD restart, it retrieves the members of "nested_netgroup" again to ensure they still intact. + :expectedresults: + 1. All members of the "nested_netgroup" group be there + 2. Users from another group is also part of "nested_netgroup". + 3. User who is not in any netgroup is part of "nested_netgroup". + 4. After restart all members of the "nested_netgroup" group be there + """ + if isinstance(provider, IPA): + pytest.skip(reason="Not for IPA povider") + + for id in [9000, 9005, 9006]: + provider.user(f"ng{id}").add() + + netgroup = provider.netgroup("netgroup").add() + netgroup.add_member(host="testhost1", user="ng9000", domain="ldap.test") + + nested_netgroup = provider.netgroup("nested_netgroup").add() + nested_netgroup.add_member(ng=netgroup.dn) + nested_netgroup.add_member(host="testhost5", user="ng9005", domain="ldap.test") + nested_netgroup.add_member(user="ng9006") + + netgroup.add_member(ng=nested_netgroup.dn) + + client.sssd.start() + + member = client.tools.getent.netgroup("nested_netgroup").members + assert "(testhost1,ng9000,ldap.test)" in member + assert "(-,ng9006,)" in member + assert "(testhost5,ng9005,ldap.test)" in member + + client.sssd.restart() + + member = client.tools.getent.netgroup("nested_netgroup").members + assert "(testhost1,ng9000,ldap.test)" in member + assert "(-,ng9006,)" in member + assert "(testhost5,ng9005,ldap.test)" in member + + +@pytest.mark.parametrize( + "user, domain, expected", + [("host", "host.ldap.test", "(host,-,host.ldap.test)"), ("ng9006", "", "(-,ng9006,)")], +) +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_netgroup__host_and_domain(client: Client, provider: GenericProvider, user: str, domain: str, expected: str): + """ + :title: Netgroup contains a member that only has a host and domain specified, but no associated user. + :setup: + 1. Create users, groups. + 2. Create QAUsers Netgroup and Add Member + 3. Create DEVUsers Netgroup and Add Members + 4. Start sssd + :steps: + 1. Check whether the expected member is present in the DEVUsers netgroup. + :expectedresults: + 1. Member is present in the DEVUsers netgroup. + :customerscenario: False + """ + if isinstance(provider, IPA): + pytest.skip(reason="Not for IPA povider") + + for id in [9000, 9005]: + provider.user(f"ng{id}").add() + + netgroup_qa = provider.netgroup("QAUsers").add() + netgroup_qa.add_member(host="testhost1", user="ng9000", domain="ldap.test") + + netgroup_dev = provider.netgroup("DEVUsers").add() + netgroup_dev.add_member(host="testhost5", user="ng9005", domain="ldap.test") + if domain == "host.ldap.test": + netgroup_dev.add_member(host=user, domain=domain) + else: + netgroup_dev.add_member(user=user) + + client.sssd.start() + + member = client.tools.getent.netgroup("DEVUsers").members + assert expected in member