[Freeipa-devel] [freeipa PR#4265][opened] [Backport][ipa-4-6] ipatests: SSSD should fetch external groups without any limit.

Thu, 20 Feb 2020 01:59:36 -0800 

   URL: https://github.com/freeipa/freeipa/pull/4265
Author: amore17
 Title: #4265: [Backport][ipa-4-6] ipatests: SSSD should fetch external groups 
without any limit.
Action: opened

PR body:
"""
This is manual back-port of : #4077
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4265/head:pr4265
git checkout pr4265

From 6754dfe45b9510f71f013ab6dda84df3329f8404 Mon Sep 17 00:00:00 2001
From: Anuja More <am...@redhat.com>
Date: Tue, 24 Dec 2019 16:42:46 +0530
Subject: [PATCH 1/3] ipatests: SSSD should fetch external groups without any
 limit.

When there are more external groups than default limit, then
SSSD should fetch all groups.

Related : https://pagure.io/SSSD/sssd/issue/4058

Signed-off-by: Anuja More <am...@redhat.com>
---
 ipatests/test_integration/test_sssd.py | 53 ++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py
index 91c0d0329b..e39db28e91 100644
--- a/ipatests/test_integration/test_sssd.py
+++ b/ipatests/test_integration/test_sssd.py
@@ -10,10 +10,12 @@
 
 import ipaplatform
 import pytest
+import textwrap
 
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.pytest_ipa.integration import tasks
 from ipaplatform.paths import paths
+from ipapython.dn import DN
 
 
 class TestSSSDWithAdTrust(IntegrationTest):
@@ -113,3 +115,54 @@ def test_extdom_group(self):
             client_conf_backup.restore()
             tasks.clear_sssd_cache(self.master)
             tasks.clear_sssd_cache(client)
+
+    def test_external_group_paging(self):
+        """SSSD should fetch external groups without any limit.
+
+        Regression test for https://pagure.io/SSSD/sssd/issue/4058
+        1: Add external groups more than limit.
+        2: Run the command id adu...@addomain.com
+        3: sssd should retrieve all the external groups.
+        """
+        new_limit = 50
+        master = self.master
+        conn = master.ldap_connect()
+        dn = DN(('cn', 'config'))
+        entry = conn.get_entry(dn)  # pylint: disable=no-member
+        orig_limit = entry.single_value.get('nsslapd-sizelimit')
+        ldap_query = textwrap.dedent("""
+            dn: cn=config
+            changetype: modify
+            replace: nsslapd-sizelimit
+            nsslapd-sizelimit: {limit}
+        """)
+        tasks.ldapmodify_dm(master, ldap_query.format(limit=new_limit))
+        sssd_conf_backup = tasks.FileBackup(self.master, paths.SSSD_CONF)
+        ldap_page_size = new_limit - 1
+        group_count = new_limit + 2
+        # default ldap_page_size is '1000', adding workaround as
+        # ldap_page_size < nsslapd-sizelimit in sssd.conf
+        # Related issue : https://pagure.io/389-ds-base/issue/50888
+        with tasks.remote_ini_file(self.master, paths.SSSD_CONF) as sssd_conf:
+            domain_section = 'domain/{}'.format(self.master.domain.name)
+            sssd_conf.set(domain_section, 'ldap_page_size', ldap_page_size)
+        tasks.clear_sssd_cache(master)
+        tasks.kinit_admin(master)
+        for i in range(group_count):
+            master.run_command(['ipa', 'group-add', '--external',
+                                'ext-ipatest{0}'.format(i)])
+        try:
+            log_file = '{0}/sssd_{1}.log'.format(
+                paths.VAR_LOG_SSSD_DIR, master.domain.name)
+            group_entry = b'[%d] external groups found' % group_count
+            logsize = tasks.get_logsize(master, log_file)
+            master.run_command(['id', self.users['ad']['name']])
+            sssd_logs = master.get_file_contents(log_file)[logsize:]
+            assert group_entry in sssd_logs
+        finally:
+            for i in range(group_count):
+                master.run_command(['ipa', 'group-del',
+                                    'ext-ipatest{0}'.format(i)])
+            # reset to original limit
+            tasks.ldapmodify_dm(master, ldap_query.format(limit=orig_limit))
+            sssd_conf_backup.restore()

From 90fe402cebd6195695af480fd8bce0cfd5ae03e0 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Thu, 3 Jan 2019 20:56:39 +0100
Subject: [PATCH 2/3] Cherry-picked only ldapmodify_dm()

---
 ipatests/pytest_ipa/integration/tasks.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py
index ee7bb24e86..48a7624715 100755
--- a/ipatests/pytest_ipa/integration/tasks.py
+++ b/ipatests/pytest_ipa/integration/tasks.py
@@ -1827,3 +1827,21 @@ def get_logsize(host, logfile):
     """ get current logsize"""
     logsize = len(host.get_file_contents(logfile))
     return logsize
+
+
+def ldapmodify_dm(host, ldif_text, **kwargs):
+    """Run ldapmodify as Directory Manager
+
+    :param host: host object
+    :param ldif_text: ldif string
+    :param kwargs: additional keyword arguments to run_command()
+    :return: result object
+    """
+    # no hard-coded hostname, let ldapmodify pick up the host from ldap.conf.
+    args = [
+        'ldapmodify',
+        '-x',
+        '-D', str(host.config.dirman_dn),  # pylint: disable=no-member
+        '-w', host.config.dirman_password
+    ]
+    return host.run_command(args, stdin_text=ldif_text, **kwargs)

From 73681249f5d6a5d23ccff5b2c11b248e219959a6 Mon Sep 17 00:00:00 2001
From: Anuja More <am...@redhat.com>
Date: Thu, 20 Feb 2020 15:00:08 +0530
Subject: [PATCH 3/3] temp_commit

---
 .freeipa-pr-ci.yaml                        |  2 +-
 ipatests/prci_definitions/temp_commit.yaml | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index abcf8c5b63..8065669008 120000
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -1 +1 @@
-ipatests/prci_definitions/gating.yaml
\ No newline at end of file
+ipatests/prci_definitions/temp_commit.yaml
\ No newline at end of file
diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml
index 408e598453..303790663e 100644
--- a/ipatests/prci_definitions/temp_commit.yaml
+++ b/ipatests/prci_definitions/temp_commit.yaml
@@ -57,14 +57,14 @@ jobs:
         timeout: 1800
         topology: *build
 
-  fedora-27/temp_commit:
+  fedora-27/test_sssd:
     requires: [fedora-27/build]
     priority: 50
     job:
-      class: RunPytest
+      class: RunADTests
       args:
         build_url: '{fedora-27/build_url}'
-        test_suite: test_integration/test_REPLACEME.py
+        test_suite: test_integration/test_sssd.py
         template: *ci-master-f27
-        timeout: 3600
-        topology: *master_1repl_1client
+        timeout: 4800
+        topology: *ad_master_2client
\ No newline at end of file

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

Reply via email to