From 82e04858f772606bd6e02c8ae6feee8e31387677 Mon Sep 17 00:00:00 2001 From: aborah-sudo Date: Wed, 16 Oct 2024 09:09:11 +0530 Subject: [PATCH] Tests: Test transformation of bash-ldap-id-ldap-auth netgroup Test transformation of bash-ldap-id-ldap-auth netgroup --- src/tests/system/tests/test_netgroups.py | 218 ++++++++++++++++++++++- 1 file changed, 217 insertions(+), 1 deletion(-) diff --git a/src/tests/system/tests/test_netgroups.py b/src/tests/system/tests/test_netgroups.py index 87ebafd21f2..1ed7a3ed60e 100644 --- a/src/tests/system/tests/test_netgroups.py +++ b/src/tests/system/tests/test_netgroups.py @@ -6,10 +6,26 @@ from __future__ import annotations +import time + import pytest from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.generic import GenericProvider -from sssd_test_framework.topology import KnownTopologyGroup +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup + + +def create_users(ldap: LDAP): + """ + Creates users/groups needed for this test script. + """ + ou_people = ldap.ou("People").add() + ou_group = ldap.ou("groups").add() + ldap.ou("Netgroup").add() + + for id in [9000, 9001, 9002, 9003, 9004, 9005, 9006, 9007, 9008, 9009, 9010]: + ldap.user(f"ng{id}", basedn=ou_people).add() + ldap.user(f"ng{id}", basedn=ou_group).add() @pytest.mark.importance("medium") @@ -108,3 +124,203 @@ def test_netgroups__add_remove_netgroup_member(client: Client, provider: Generic assert len(result.members) == 1 assert "(-, user-1)" not in result.members assert "(-, user-2)" in result.members + + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopology.LDAP) +def test_netgroup__netgroup_nisnetgrouptriple(client: Client, ldap: LDAP): + """ + :title: Netgroup with nisNetgroupTriple + :setup: + 1. Create users, groups and start sssd. + :steps: + 1. Check nisNetgroupTriple contains members as added in the test. + :expectedresults: + 1. NisNetgroupTriple should contain members as added in the test. + :customerscenario: False + """ + ou = ldap.ou("Netgroup") + create_users(ldap) + + qa_users = ldap.netgroup("QAUsers", basedn=ou).add() + qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test") + + client.sssd.start() + + assert "(testhost1, ng9000, ldap.test)" in client.tools.getent.netgroup("QAUsers").members + + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopology.LDAP) +def test_netgroup__membernisnetgroup(client: Client, ldap: LDAP): + """ + :title: Add more complex LDAP netgroup structure by nesting one netgroup within another. + :setup: + 1. Create users, groups and start sssd. + :steps: + 1. Check that (testhost5, ng9005, ldap.test) is present as a direct member of "DEVUsers". + 2. Check that (testhost1, ng9000, ldap.test) is also present, + even though this tuple was added to "QAUsers", not "DEVUsers". + This confirms that the nested group membership is working correctly + (since "QAUsers" is nested within "DEVUsers"). + :expectedresults: + 1. (testhost5, ng9005, ldap.test) is present as a direct member of "DEVUsers". + 2. (testhost1, ng9000, ldap.test) is present as a direct member of "DEVUsers". + """ + ou = ldap.ou("Netgroup") + create_users(ldap) + + qa_users = ldap.netgroup("QAUsers", basedn=ou).add() + qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test") + + dev_users = ldap.netgroup("DEVUsers", basedn=ou).add() + dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test") + ldap.ldap.modify(dev_users.dn, add={"memberNisNetgroup": "QAUsers"}) + + client.sssd.start() + + member = client.tools.getent.netgroup("DEVUsers").members + assert "(testhost5, ng9005, ldap.test)" in member + assert "(testhost1, ng9000, ldap.test)" in member + + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopology.LDAP) +def test_netgroup__add_dn_membernisnetgroup(client: Client, ldap: LDAP): + """ + :title: Adding dn to memberNisNetgroup + :setup: + 1. Create users, groups and start sssd. + :steps: + 1. Check that the tuple (testhost5, ng9005, ldap.test) is present as a direct member of "DEVUsers". + 2. Check that the tuple (testhost1, ng9000, ldap.test) is also present. + Since "QAUsers" is now referenced as part of "DEVUsers", its members + (like ng9000 on testhost1) are inherited by "DEVUsers". + :expectedresults: + 1. Tuple (testhost5, ng9005, ldap.test) is present as a direct member of "DEVUsers". + 2. Tuple (testhost1, ng9000, ldap.test) is also present. + :customerscenario: False + """ + ou = ldap.ou("Netgroup") + create_users(ldap) + + qa_users = ldap.netgroup("QAUsers", basedn=ou).add() + qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test") + + dev_users = ldap.netgroup("DEVUsers", basedn=ou).add() + dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test") + ldap.ldap.modify(dev_users.dn, replace={"memberNisNetgroup": qa_users.dn}) + + client.sssd.dom("test")["entry_cache_timeout"] = "60" + client.sssd.start() + + member = client.tools.getent.netgroup("DEVUsers").members + assert "(testhost5, ng9005, ldap.test)" in member + assert "(testhost1, ng9000, ldap.test)" in member + + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopology.LDAP) +def test_netgroup__different_syntax(client: Client, ldap: LDAP): + """ + :title: Using different syntax for nisNetgroupTriple + :setup: + 1. Create users, groups and start sssd. + :steps: + 1. Check that the user ng9006 appears in the group members list, represented as the tuple (-,ng9006,). + :expectedresults: + 1. The user ng9006 appears in the group members list + :customerscenario: False + """ + ou = ldap.ou("Netgroup") + create_users(ldap) + + qa_users = ldap.netgroup("QAUsers", basedn=ou).add() + qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test") + + dev_users = ldap.netgroup("DEVUsers", basedn=ou).add() + dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test") + dev_users.add_member(user="ng9006") + + client.sssd.dom("test")["entry_cache_timeout"] = "60" + client.sssd.start() + + member = client.tools.getent.netgroup("DEVUsers").members + assert "(-,ng9006,)" in member + + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopology.LDAP) +def test_netgroup__host_and_domain(client: Client, ldap: LDAP): + """ + :title: A scenario where an LDAP netgroup contains a member that + only has a host and domain specified, but no associated user. + :setup: + 1. Check that the tuple (samplehost, -, samplehost.domain.com) is part of the group + :expectedresults: + 1. The tuple (samplehost, -, samplehost.domain.com) is part of the group + :customerscenario: False + """ + ou = ldap.ou("Netgroup") + create_users(ldap) + + qa_users = ldap.netgroup("QAUsers", basedn=ou).add() + qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test") + + dev_users = ldap.netgroup("DEVUsers", basedn=ou).add() + dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test") + dev_users.add_member(host="samplehost", domain="samplehost.domain.com") + + client.sssd.dom("test")["entry_cache_timeout"] = "60" + client.sssd.start() + + member = client.tools.getent.netgroup("DEVUsers").members + assert "(samplehost,-,samplehost.domain.com)" in member + + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopology.LDAP) +def test_netgroup__with_nested_loop(client: Client, ldap: LDAP): + """ + :title: Create and manages nested LDAP netgroups and tests their behavior + through several scenarios involving caching, membership queries, and restarts of the SSSD service. + :setup: + 1. Create users, groups and start sssd. + :steps: + 1. Retrieves all members of the "DEVUsers" group using the getent netgroup tool. + 2. Check for ng9000: Verifies that ng9000 (from QAUsers) is also part of "DEVUsers". + 3. Checks if a user random (who is not in any netgroup) is part of "DEVUsers". + 4. After the SSSD restart, it retrieves the members of "DEVUsers" again to ensure they are still intact. + :expectedresults: + 1. All members of the "DEVUsers" group be there + 2. ng9000 (from QAUsers) is also part of "DEVUsers" + 3. random (who is not in any netgroup) is not part of "DEVUsers". + 4. All members of the "DEVUsers" group be there + """ + ou = ldap.ou("Netgroup") + create_users(ldap) + + qa_users = ldap.netgroup("QAUsers", basedn=ou).add() + qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test") + + dev_users = ldap.netgroup("DEVUsers", basedn=ou).add() + ldap.ldap.modify(dev_users.dn, add={"memberNisNetgroup": qa_users.dn}) + dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test") + dev_users.add_member(user="ng9006") + + ldap.ldap.modify(qa_users.dn, add={"memberNisNetgroup": dev_users.dn}) + + client.sssd.dom("test")["entry_cache_timeout"] = "60" + client.sssd.start() + + member = client.tools.getent.netgroup("DEVUsers").members + assert "(testhost1,ng9000,ldap.test)" in member + assert "(-,ng9006,)" in member + assert "(testhost5,ng9005,ldap.test)" in member + + client.sssd.restart() + + member = client.tools.getent.netgroup("DEVUsers").members + assert "(testhost1,ng9000,ldap.test)" in member + assert "(-,ng9006,)" in member + assert "(testhost5,ng9005,ldap.test)" in member