URL: https://github.com/freeipa/freeipa/pull/4891 Author: amore17 Title: #4891: [Backport][ipa-4-8] Test that override_gid is working for subdomain Action: opened
PR body: """ This is manual back-port of #4838 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4891/head:pr4891 git checkout pr4891
From 7b22caf7c19144f9ae136e1a3723ed1d06721767 Mon Sep 17 00:00:00 2001 From: Anuja More <am...@redhat.com> Date: Fri, 19 Jun 2020 12:51:17 +0530 Subject: [PATCH 1/3] ipatests : Test to verify override_gid works with subdomain. When override_gid is set in sssd.conf in IPA domain section Then it should also work for subdomain. Related: https://pagure.io/SSSD/sssd/issue/4061 Signed-off-by: Anuja More <am...@redhat.com> --- ipatests/test_integration/test_sssd.py | 28 ++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py index ad70c1d1c7..1e3ee775e0 100644 --- a/ipatests/test_integration/test_sssd.py +++ b/ipatests/test_integration/test_sssd.py @@ -481,6 +481,34 @@ def test_subdomain_lookup_with_certmaprule_containing_dn(self): for text in verify_in_stdout: assert text in second_res.stdout_text + @contextmanager + def override_gid_setup(self, gid): + sssd_conf_backup = tasks.FileBackup(self.master, paths.SSSD_CONF) + try: + with tasks.remote_sssd_config(self.master) as sssd_conf: + sssd_conf.edit_domain(self.master.domain, + 'override_gid', gid) + tasks.clear_sssd_cache(self.master) + yield + finally: + sssd_conf_backup.restore() + tasks.clear_sssd_cache(self.master) + + def test_override_gid_subdomain(self): + """Test that override_gid is working for subdomain + + This is a regression test for sssd bug: + https://pagure.io/SSSD/sssd/issue/4061 + """ + tasks.clear_sssd_cache(self.master) + user = self.users['child_ad']['name'] + gid = 10264 + # verify the user can be retrieved initially + self.master.run_command(['id', user]) + with self.override_gid_setup(gid): + test_gid = self.master.run_command(['id', user]) + assert 'gid={id}'.format(id=gid) in test_gid.stdout_text + class TestNestedMembers(IntegrationTest): num_clients = 1 From dabf0516e87e320a5c1685177741125b08bc6b2d Mon Sep 17 00:00:00 2001 From: Anuja More <am...@redhat.com> Date: Fri, 19 Jun 2020 13:19:11 +0530 Subject: [PATCH 2/3] ipatests: xfail test with older versions of sssd Related to: https://pagure.io/SSSD/sssd/issue/4061 Signed-off-by: Anuja More <am...@redhat.com> --- ipatests/test_integration/test_sssd.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py index 1e3ee775e0..cfbb30fec5 100644 --- a/ipatests/test_integration/test_sssd.py +++ b/ipatests/test_integration/test_sssd.py @@ -507,7 +507,10 @@ def test_override_gid_subdomain(self): self.master.run_command(['id', user]) with self.override_gid_setup(gid): test_gid = self.master.run_command(['id', user]) - assert 'gid={id}'.format(id=gid) in test_gid.stdout_text + sssd_version = tasks.get_sssd_version(self.master) + with xfail_context(sssd_version < tasks.parse_version('2.3.0'), + 'https://pagure.io/SSSD/sssd/issue/4061'): + assert 'gid={id}'.format(id=gid) in test_gid.stdout_text class TestNestedMembers(IntegrationTest): From 8f50d51bcff304729f3e1edd63fb81ea9c978fbc Mon Sep 17 00:00:00 2001 From: Anuja More <am...@redhat.com> Date: Thu, 25 Jun 2020 12:15:13 +0530 Subject: [PATCH 3/3] ipatests: cleanup in test_subdomain_lookup_with_certmaprule_containing_dn As tests was failing <= fedora31 Thus removed certmap-rule in cleanup as subdomain lookup fails when certmaprule contains DN. Related: https://pagure.io/SSSD/sssd/issue/3721 Signed-off-by: Anuja More <am...@redhat.com> --- ipatests/test_integration/test_sssd.py | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py index cfbb30fec5..5391433e3b 100644 --- a/ipatests/test_integration/test_sssd.py +++ b/ipatests/test_integration/test_sssd.py @@ -471,15 +471,19 @@ def test_subdomain_lookup_with_certmaprule_containing_dn(self): "--matchrule='<ISSUER>{}'".format(cert_subject), "--domain={}".format(self.master.domain.name) ]) - tasks.clear_sssd_cache(self.master) - - # verify the user can be retrieved after the certmaprule is added - second_res = self.master.run_command(['id', self.users['ad']['name']]) - - assert first_res.stdout_text == second_res.stdout_text - verify_in_stdout = ['gid', 'uid', 'groups', self.users['ad']['name']] - for text in verify_in_stdout: - assert text in second_res.stdout_text + try: + tasks.clear_sssd_cache(self.master) + # verify the user can be retrieved after the certmaprule is added + second_res = self.master.run_command( + ['id', self.users['ad']['name']]) + assert first_res.stdout_text == second_res.stdout_text + verify_in_stdout = ['gid', 'uid', 'groups', + self.users['ad']['name']] + for text in verify_in_stdout: + assert text in second_res.stdout_text + finally: + self.master.run_command( + ['ipa', 'certmaprule-del', "'{}'".format(cert_subject)]) @contextmanager def override_gid_setup(self, gid):
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
