Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests: Add support for IPA IPA Trust #7517

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Tests: Add support for IPA IPA Trust #7517

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions src/tests/system/mhc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,13 @@ domains:
krb5_server: kdc.test
krb5_kpasswd: kdc.test
krb5_realm: TEST

- id: ipa2
hosts:
- hostname: master2.ipa2.test
role: ipa
config:
client:
ipa_domain: ipa2.test
krb5_keytab: /enrollment/ipa2.test.keytab
ldap_krb5_keytab: /enrollment/ipa2.test.keytab
62 changes: 60 additions & 2 deletions src/tests/system/tests/test_ipa_trusts.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,15 @@
from __future__ import annotations

import pytest
from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.generic import GenericADProvider
from sssd_test_framework.roles.ipa import IPA
from sssd_test_framework.topology import KnownTopologyGroup
from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup


@pytest.mark.importance("low")
@pytest.mark.ticket(jira="RHEL-3925", gh=6942)
@pytest.mark.topology(KnownTopologyGroup.IPATrust)
@pytest.mark.topology(KnownTopologyGroup.IPATrustAD)
def test_ipa_trusts__lookup_group_without_sid(ipa: IPA, trusted: GenericADProvider):
"""
:title: Subdomain stays online if IPA group is missing SID
Expand Down Expand Up @@ -60,3 +61,60 @@ def test_ipa_trusts__lookup_group_without_sid(ipa: IPA, trusted: GenericADProvid
status = ipa.sssctl.domain_status(trusted.domain, online=True)
assert "online status: offline" not in status.stdout.lower(), "AD domain went offline!"
assert "online status: online" in status.stdout.lower(), "AD domain was not online!"


@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyIPATrust)
def test_ipa_trusts__ipa_master_lookup_trusted_user(ipa: IPA, trusted: IPA):
"""
:title: Basic IPA-IPA Trust lookup on IPA server
:setup:
1. Restart SSSD and clear cache on IPA server
:steps:
1. Resolve trusted domain admin user
:expectedresults:
1. User is resolved
:customerscenario: True
"""
ipa.sssd.clear(db=True, memcache=True, logs=True)
ipa.sssd.restart()

# Resolve user
username = trusted.admin_fqn

id_user = ipa.tools.id(username)
assert id_user is not None
assert id_user.user.name == username


@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopology.IPATrustIPA)
def test_ipa_trusts__lookup_trusted_user(client: Client, ipa: IPA, trusted: IPA):
"""
:title: Basic IPA-IPA Trust lookup on IPA client
:setup:
1. Restart SSSD and clear cache on IPA client
:steps:
1. Resolve trusted admin user
2. Resolve group "admins@trusteddomain"
:expectedresults:
1. User is resolved
2. Group is resolved
:customerscenario: True
"""
client.sssd.clear(db=True, memcache=True, logs=True)
client.sssd.restart()

# Resolve user
username = trusted.admin_fqn

id_user = client.tools.id(username)
assert id_user is not None
assert id_user.user.name == username

# Resolve group
groupname = trusted.fqn("admins")

getent_group = client.tools.getent.group(groupname)
assert getent_group is not None
assert getent_group.name == groupname
Loading