Skip to content

Commit

Permalink
Tests: Test transformation of bash-ldap-id-ldap-auth netgroup
Browse files Browse the repository at this point in the history 
Test transformation of bash-ldap-id-ldap-auth netgroup
  • Loading branch information
@aborah-sudo
aborah-sudo committed Oct 23, 2024
1 parent b928dbe commit dd3ad88
Showing 1 changed file with 144 additions and 0 deletions.
144 changes: 144 additions & 0 deletions src/tests/system/tests/test_ldap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,19 @@
from sssd_test_framework.topology import KnownTopology


def create_users(ldap: LDAP):
"""
Creates users/groups needed for this test script.
"""
ou_people = ldap.ou("People").add()
ou_group = ldap.ou("groups").add()
ldap.ou("Netgroup").add()

for id in [9000, 9001, 9002, 9003, 9004, 9005, 9006, 9007, 9008, 9009, 9010]:
ldap.user(f"ng{id}", basedn=ou_people).add()
ldap.user(f"ng{id}", basedn=ou_group).add()


@pytest.mark.ticket(bz=[795044, 1695574])
@pytest.mark.importance("critical")
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify", "exop_force"])
Expand Down Expand Up @@ -502,3 +515,134 @@ def test_ldap__password_change_no_grace_logins_left(

rc, _, _, _ = client.auth.parametrize(method).password_with_output("user1", "Secret123")
assert rc == expected, err_msg


@pytest.mark.parametrize("Operation", ["Add", "Replace"])
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopology.LDAP)
def test_netgroup__user_attribute_membernisnetgroup_uses_group_dn(client: Client, ldap: LDAP, Operation: str):
"""
:title: User's 'memberNisNetgroup' attribute values are the DN of the group.
:setup:
1. Create users, groups.
2. Create a new netgroup called QAUsers and add a member (ng9000) to QAUsers
3. Create another netgroup named DEVUsers and add a member (ng9005) to DEVUsers
4. Modify the DEVUsers netgroup to replace its members with the members of QAUsers.
5. Start sssd
:steps:
1. Retrieve all members of the DEVUsers netgroup.
2. Confirm that the member directly added to DEVUsers is present.
3. Confirm that the member from QAUsers is now part of DEVUsers.
:expectedresults:
1. All members should be retrieved
2. Members directly added to DEVUsers is present.
3. Members from QAUsers is now part of DEVUsers.
:customerscenario: False
"""
for id in [9000, 9005]:
ldap.user(f"ng{id}").add()

qa_users = ldap.netgroup("QAUsers").add()
qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test")

dev_users = ldap.netgroup("DEVUsers").add()
dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test")
if Operation == "Replace":
ldap.ldap.modify(dev_users.dn, replace={"memberNisNetgroup": qa_users.dn})
else:
ldap.ldap.modify(dev_users.dn, add={"memberNisNetgroup": "QAUsers"})
client.sssd.start()

member = client.tools.getent.netgroup("DEVUsers").members
assert "(testhost5, ng9005, ldap.test)" in member
assert "(testhost1, ng9000, ldap.test)" in member


@pytest.mark.parametrize(
"user, domain, expected",
[("samplehost", "samplehost.domain.com", "(samplehost,-,samplehost.domain.com)"), ("ng9006", "", "(-,ng9006,)")],
)
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopology.LDAP)
def test_netgroup__host_and_domain(client: Client, ldap: LDAP, user: str, domain: str, expected: str):
"""
:title: Netgroup contains a member that only has a host and domain specified, but no associated user.
:setup:
1. Create users, groups.
2. Create QAUsers Netgroup and Add Member
3. Create DEVUsers Netgroup and Add Members
4. Start sssd
:steps:
1. Check whether the expected member is present in the DEVUsers netgroup.
:expectedresults:
1. Member is present in the DEVUsers netgroup.
:customerscenario: False
"""
for id in [9000, 9005]:
ldap.user(f"ng{id}").add()

qa_users = ldap.netgroup("QAUsers").add()
qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test")

dev_users = ldap.netgroup("DEVUsers").add()
dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test")
if domain == "samplehost.domain.com":
dev_users.add_member(host=user, domain=domain)
else:
dev_users.add_member(user=user)

client.sssd.start()

member = client.tools.getent.netgroup("DEVUsers").members
assert expected in member


@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopology.LDAP)
def test_netgroup__lookup_nested_groups(client: Client, ldap: LDAP):
"""
:title: Nesting netgroups and verifying user memberships using LDAP with sssd.
:setup:
1. Create users, groups.
2. Create QAUsers Netgroup and Add Member
3. Create DEVUsers Netgroup and Add Nested Netgroup
4. Add Members to DEVUsers
5. Add Circular Netgroup Nesting
6. Start sssd
:steps:
1. Retrieves all members of the "DEVUsers" group using the getent netgroup tool.
2. Verify that users from another group is also part of "DEVUsers".
3. Checks if a user who is not in any netgroup is part of "DEVUsers".
4. After the SSSD restart, it retrieves the members of "DEVUsers" again to ensure they are still intact.
:expectedresults:
1. All members of the "DEVUsers" group be there
2. Users from another group is also part of "DEVUsers".
3. User who is not in any netgroup is part of "DEVUsers".
4. After restart all members of the "DEVUsers" group be there
"""
for id in [9000, 9005, 9006]:
ldap.user(f"ng{id}").add()

qa_users = ldap.netgroup("QAUsers").add()
qa_users.add_member(host="testhost1", user="ng9000", domain="ldap.test")

dev_users = ldap.netgroup("DEVUsers").add()
ldap.ldap.modify(dev_users.dn, add={"memberNisNetgroup": qa_users.dn})
dev_users.add_member(host="testhost5", user="ng9005", domain="ldap.test")
dev_users.add_member(user="ng9006")

ldap.ldap.modify(qa_users.dn, add={"memberNisNetgroup": dev_users.dn})

client.sssd.start()

member = client.tools.getent.netgroup("DEVUsers").members
assert "(testhost1,ng9000,ldap.test)" in member
assert "(-,ng9006,)" in member
assert "(testhost5,ng9005,ldap.test)" in member

client.sssd.restart()

member = client.tools.getent.netgroup("DEVUsers").members
assert "(testhost1,ng9000,ldap.test)" in member
assert "(-,ng9006,)" in member
assert "(testhost5,ng9005,ldap.test)" in member

0 comments on commit dd3ad88

Please sign in to comment.